Executive Summit

Executives from Global 2000 corporations and Federal agencies are invited to attend a full day of high-level discussions about topics unique to Black Hat.

Due to overwhelming response, registration for the Executive Summit is now closed

Program Outline

07:00 – 15:00 Executive Summit VIP Registration
08:00 – 08:45 Executive Summit Breakfast, South Seas F
08:45 – 09:30 Executive Summit Welcome and Introductions
  • John Janowiak, President, International Engineering Consortium
  • Jeff Moss, Founder, Black Hat and DEF CON
09:30 – 10:00 Breakout Session 1
  • Topic 1A: Challenges in mobility - access all data always, everywhere
    • Discussion leader: Stefano Zanero, Politecnico di Milano
  • Topic 1B: Is there an insider threat…or is everything insider today?
    • Discussion leader: Philippe Courtot, Chairman and CEO, Qualys, Inc.
  • Topic 1C: Business opportunities - making lemonade
    • Discussion leader: Alex Stamos, CSO, Yahoo!
  • Topic 1D: Social Engineering - is it really the biggest threat?
    • Discussion leader: Christopher Hadnagy, Chief Human Hacker, Social-Engineer, Inc.
10:00 – 10:15 Readouts from Session 1
10:15 – 10:30 Break
10:30 – 11:15 Featured Speaker for Session 2
  • Speaker: Phyllis Schneck, Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD), , Department of Homeland Security
11:15 – 11:45 Breakout Session 2
  • Topic 2A: Hunting bugs - how do you SDLC?
    • Discussion leader: Jeremiah Grossman, CTO, WhiteHat Security
  • Topic 2B: The value of automated vs. manual source analysis
    • Discussion leader: Chris Wysopal, CTO, Veracode
  • Topic 2C: Role of regulation in protection - Continuous Diagnostic Monitoring (CDM), PCI, and more
    • Discussion leader: Davi Ottenheimer, Senior Director of Trust, EMC
  • Topic 2D: Bug bounties and full disclosure as public safety
    • Discussion leader: Robert Hansen, Director, Product Management, WhiteHat Security
  • Topic 2E: What to do when you are a target - nation states and organized crime
    • Discussion leader: leaders: Danil Kerimi, Director, ICT Industry, World Economic Forum; Jane Lute, President & CEO, Council on CyberSecurity; John Villasenor, Professor, Electrical Engineering and Public Policy, UCLA and Senior Fellow, Brookings Institution
11:45 – 12:00 Readouts from Session 2
12:00 – 13:00 Executive Summit Luncheon, South Seas F
13:00 – 13:45 Featured Speaker for Session 3
  • Speaker: Rod Beckstrom, Chief Security Advisor, Samsung
13:45 – 14:15 Breakout Session 3
  • Topic 3A: If the net balkanizes - future of cloud and data localization
    • Discussion leader: Rod Beckstrom, Chief Security Advisor, Samsung
  • Topic 3B: Internet governance and confidence building measures
    • Discussion leader: Tony Sager, Chief Technologist, The Council on CyberSecurity
  • Topic 3C: Defending against the ever growing DDoS threat
    • Discussion leader: Christofer Hoff, VP of Strategy and Planning, Juniper Networks
  • Topic 3D: DNSSEC, IPv6, RPKI, DANE, and the technology of the future
    • Discussion leader: Paul Vixie, CEO, Farsight Security, Inc.
  • Topic 3E: Business opportunities with enhanced trust
    • Discussion leader: Michael Newborn, CSO, Bloomberg BNA
  • Topic 3F: Attribution and legal remedies
    • Discussion leader: Adam Shostack, Principal Program Manager, Microsoft
14:15 – 14:45 Readouts from Session 3
14:45 – 15:00 Break
15:00 – 15:45 Featured Speaker for Session 4
  • Paul Vixie, CEO, Farsight Security, Inc.
15:45 – 16:15 Breakout Session 4
  • Topic 4A: Incident response: who is in charge and where does the buck stop?
    • Discussion leader: Sherry Ryan, CISO, Juniper Networks
  • Topic 4B: Legal privilege - how to best deploy the legal team
    • Discussion leader: Bryan Cunningham, Cunningham Levy LLP
  • Topic 4C: Secure communications during an incident - how to make sure the bad guys aren't watching you
    • Discussion leader: John Johnson, Chief Security Architect, John Deere
  • Topic 4D: How can we better assess the impact of cyber threats for businesses?
    • Discussion leaders: Elena Kvochko, Manager, IT Industry, World Economic Forum USA; Adam Firestone, President and General Manager, Kaspersky Government Security Solutions
  • Topic 4E: Report security to your board of directors and keep your job
    • Discussion leader: Paul Proctor, VP & Distinguished Analyst, Gartner
16:15 – 16:30 Readout Session 4
16:30 – 17:00 Executive Summit Closing Remarks
  • Jeff Moss, Founder, Black Hat and DEF CON
  • John Janowiak, President, International Engineering Consortium
17:00 – 18:30 Executive Summit Reception, South Seas F

Premium Sponsor

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 6,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and Web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the CloudSecurityAlliance (CSA).

For more information, please visit www.qualys.com.

Philippe Courtot, Chairman and CEO

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor's Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. He is a member of the board of directors for StopBadware.org, and in 2012, he launched the Trustworthy Internet Movement, a nonprofit, vendor-neutral organization committed to resolving the problems of Internet security, privacy and reliability.

Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign's payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe's direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991. In 1986, as CEO of Thomson CGR Medical, a medical imaging company, Philippe received the Benjamin Franklin award for his role in the creation of a nationwide advertising campaign promoting the life-saving benefits of mammography. Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a master’s degree in physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987.

Wolfgang Kandek, CTO

As the CTO for Qualys, Wolfgang is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany.

Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog.

Jonathan Trull, CISO

As the CISO for Qualys, Jonathan is responsible for working with Qualys’ growing customer base to develop and share security best practices, researching real world threats and collaborating on how to address them. Before joining Qualys, Jonathan was the CISO for the State of Colorado, where he oversaw the information security operations for 17 executive branch departments, encompassing approximately 26,000 employees and 150,000 systems. In cooperation with federal and state partners, Jonathan formed the State’s first Cyber Crime Task Force, which is charged with conducting criminal investigations into computer crimes, developing and sharing cyber intelligence, and working with local government and private sector partners to increase cyber resiliency. Jonathan is a Certified Information Systems Auditor, Offensive Security Certified Professional, and holds a master’s degree from the University of North Texas. He is a frequent speaker at security events such as RSA and Gartner and was recently named by the SANS Institute as one of the 2013 People Who Made a Difference in Cyber Security. Jonathan also serves his country as a cyber warrior in the U.S. Navy Reserves.

Event Sponsors

Stroz Friedberg’s Incident Response, Digital Forensics, and Security Science experts help organizations defend, respond and advance with certainty. Whether assessing and securing networks, conducting forensic investigations, or countering a data breach— part of our risk management approach is to seek truth so clients can gain assurance while propelling forward. www.strozfriedberg.com

Veracode’s cloud-based service is a simpler and more scalable approach to reduce application-layer risk across your entire global software infrastructure -- including web, mobile and third-party applications -- without hiring more consultants or installing more servers and tools. With Veracode's smart approach to application security, you can drive your innovations to market faster -- without sacrificing security in the process.