CISO Summit

Black Hat USA 2015 CISO Summit will take place on Tuesday, August 4 in the Four Season Acacia Ballroom—one day prior to the start of the Black Hat USA 2015 Briefings. This exclusive, invitation-only gathering is a new program intended to give CISOs and other InfoSec executives more practical insight into the latest security trends and technologies and enterprise best practices. Those who attend the CISO Summit will also be granted admission to an evening reception – where you’ll have a chance to relax and network with fellow Summit participants.

Due to overwhelming response, registration for the CISO Summit is now closed.


07:00 – 17:00 CISO Summit VIP Registration, Four Seasons, Acacia Ballroom
07:30 – 08:30 Breakfast, Four Seasons, Acacia Ballroom
08:30 – 08:45 CISO Summit Welcome and Introductions
  • Brian Gillooly, Co-Chair, Black Hat CISO Summit
  • Jeff Moss, Founder of Black Hat & DEF CON
08:45 – 09:30 Keynote
Hope Amongst The Rubble: What Comes Next For Information Security?
  • Presented by: Dan Kaminsky, Chief Scientist and Founder, White Ops
09:30 – 10:30 Black Hat Conference Briefings Preview & Highlights
  • Moderator: Kelly Jackson Higgins, Executive Editor, Dark Reading
  • Panelists: Jeremiah Grossman, Founder, WhiteHat Security; Alex Stamos, CSO, Facebook; Robert Stratton, General Partner, MACH37; Chris Wysopal, Co-Founder and CTO, Veracode
10:30 – 11:00 CISO Spotlight
Topic: Best Practices: Securing the Mobile World
  • Featured Speaker: Stacey Halota, CISO, Graham Holdings Co.
11:00 – 11:30 Break
11:30 – 12:00 CISO Spotlight
Topic: Best Practices: Measuring and Balancing Risk
  • Featured Speaker: Arlan McMillan, CISO, United Airlines
12:00 – 13:00 CISO Summit Luncheon, Four Seasons, Acacia Ballroom
13:00 – 14:30 FOCUS: The Next-Generation CISO and Security Landscape
13:00 – 13:45 Session 1
Topic: The CISO in 2016 – A Panel Discussion
  • Moderator: John Johnson, John Deere, Global Security Strategist
  • Panelists: Waqas Akkawi, CISO, SIRVA Worldwide; Phil Gardner, Founder and CEO, IANS; Alex Hutton, VP Information Security, Zions Bancorporation; Kevin Novak, CISO, Northern Trust
13:45 – 14:30 Session 2
Topic: Exploring and Expanding the Security Talent Pool
  • Presented by: Cory Scott, Director, Information Security, LinkedIn
  • Featured Speaker: Thomas Ptacek, Partner, Starfighter
14:30 – 14:45 Break
14:45 – 16:15 FOCUS: National Security and the Private Sector
14:45 – 15:30 Session 3
Topic: Improving Cybersecurity through Public/Private R&D Cooperation
  • Moderator: Timothy Wilson, Editor-in-Chief, Dark Reading
  • Panelists: Doug Maughan, Director, Cyber Security Division, DHS; Barry Suskind, Senior Director, Infrastructure Security, FINRA; Bob Stratton, General Partner, MACH37; Paul Kurtz, CEO, TruSTAR
15:30 – 16:15 Session 4
Topic: Thinking Strategically about Digital Security
  • Featured Speaker: Richard Bejtlich, Chief Security Strategist, FireEye, and Senior Fellow, The Brookings Institution
16:15 – 16:30 Session 5
Topic: Behind the Headlines: Geo-Political Insights
  • Moderator: Timothy Wilson, Editor, Dark Reading
  • Featured Speaker: Rod Beckstrom, Founding Director of the U.S. National Cybersecurity Center and Chairman of the Global Council on the Future of the Internet
16:30 – 17:15 Closing Keynote
Topic: Defeating the Cyber Adversary: A ‘Whole-of-Nation’ Approach
  • Presented by: Donald J. Good, Deputy Assistant Director, Cyber Division, FBI
17:15 Key Takeaways and Closing Remarks
17:20 – 18:30 CISO Summit Reception, Four Seasons, Acacia Ballroom

Premium Sponsor

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 7,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, Accuvant, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, InfoSys, NTT, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information please visit qualys.com.

Philippe Courtot, Chairman and CEO

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor's Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. He is a member of the board of directors for StopBadware.org, and in 2012, he launched the Trustworthy Internet Movement, a nonprofit, vendor-neutral organization committed to resolving the problems of Internet security, privacy and reliability.

Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign's payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe's direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991. In 1986, as CEO of Thomson CGR Medical, a medical imaging company, Philippe received the Benjamin Franklin award for his role in the creation of a nationwide advertising campaign promoting the life-saving benefits of mammography. Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a master’s degree in physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987.

Amer Deeba, Vice President of Corporate Development and Strategic Alliances

Responsible for corporate development, strategic alliances and global accounts, Amer has a proven track record of driving company growth in fast-moving technology fields. Amer previously served as the Chief Marketing Officer for Qualys for thirteen years and led the corporate and product marketing functions. Before joining Qualys, Amer served as the General Manager for the Payment Services Division at VeriSign where he contributed to establishing VeriSign as a leader in online payments processing 40% of all credit card transactions across the Internet. Amer came to VeriSign through its acquisition of online payments pioneer Signio, where he was Director of Product Marketing. Amer’s other experiences include five years at Adobe where he led the development of Web-enabling PDF and a variety of technical and management positions at Verity and Amdahl. Amer holds Master’s and Bachelor’s degrees in Computer Science.

Wolfgang Kandek, Chief Technical Officer

As the CTO for Qualys, Wolfgang is responsible for product direction and all operational aspects of the Qualys platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany.

Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog.

Sumedh Thakar, Chief Product Officer

As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.

A long time advocate of the SaaS model and cloud computing, Sumedh worked at Intacct, a cloud-based financial and accounting software provider, before working at Qualys. Previous to Intacct, Sumedh worked at Northwest Airlines to develop complex algorithms for yield and revenue management for their backend reservation system.

Sumedh is active in the PCI and security community working closely with the PCI Council on the development and enhancement of PCI DSS. He co-authored "PCI Compliance for Dummies," an easy-to-read guide designed to educate merchant organizations about PCI. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.

Earl Porter, Vice President of Americas Sales

With more than 20 years of senior leadership experience, Earl manages the company's field operations for the Americas. Prior to joining Qualys, Earl held a variety of technical and management roles with Microsoft, Transamerica Reinsurance and Trustwave. Over the years Earl has spoken at numerous industry conferences and has held a variety of technical certifications. Earl holds a Bachelors of Business Administration from the University of Oklahoma and a Masters of Business Administration from the McColl School of Business at Queens University.

Foundation Sponsor

FireEye protects the most valuable assets in the world from those who have them in their sights. Our combination of technology, intelligence, and expertise combined with the most aggressive “boots on the ground” helps eliminate the impact of security breaches. We find and stop attackers at every stage of an incursion. With FireEye, you’ll detect attacks as they happen. You’ll understand the risk these attacks pose to your most valued assets. And you’ll have the resources to quickly respond and resolve security incidents. The FireEye Global Defense Community includes more than 2,200 customers across more than 60 countries, including more than 130 companies in the Fortune 500.

Kevin Mandia, President

Kevin Mandia is the President of FireEye, a global cyber security company that protects organizations from cyber attacks. FireEye’s customers include over 200 of the Fortune 500 and major government organizations around the world. As President, Kevin helps organizations prepare for and respond to cyber attacks. His experience gained serving on the front lines of major cyber security incidents is routinely requested by corporate directors, executives, and government officials who face serious cyber security challenges.

Prior to serving as FireEye’s President, Kevin founded Mandiant Corporation and served as CEO for 10 years. As CEO, Kevin grew a profitable, self-funded organization to approximately 500 employees and over $100M in revenue. FireEye acquired Mandiant for approximately $1 billion.

Kevin began his career in the United States Air Force. He served as a computer security officer in the 7th Communications Group at the Pentagon, and later as a special agent in the Air Force Office of Special Investigations (AFOSI), where he worked as a cybercrime investigator.

In the private sector, Kevin served as a director in the security consulting divisions of Sytex (Lockheed Martin) and Foundstone (McAfee). In these roles, he helped organizations address information security challenges including incident response, computer forensics, law enforcement support, counterintelligence and litigation support.

Kevin has co-authored two books on responding to security breaches, Incident Response: Performing Computer Forensics (McGraw-Hill, 2003) and Incident Response: Investigating Computer Crime (McGraw-Hill, 2001). He provides regular commentary and analysis on cyber security issues for national print and broadcast media, including NBC News, CBS, NPR, Fox News, CNN the New York Times and the Wall Street Journal and has been profiled on the cover of Fortune magazine. He has testified as an expert in U.S. federal court, and has also provided testimony in hearings before the U.S. House and Senate intelligence committees. In 2013, Kevin was recognized by Foreign Policy as a Leading Global Thinker.

Kevin has taught advanced graduate classes on cyber security at both the George Washington University and Carnegie Mellon University. He has also developed specialized cyber security curricula for organizations including the Federal Bureau of Investigation, the United States Attorney’s Office, United States Secret Service, the United States Air Force and other U.S. government agencies.

Kevin holds a bachelor of science in computer science from Lafayette College and a master of science degree in forensic science from the George Washington University. He completed the three-year Harvard Business School Owner/President Management Program in February of 2013. In 2011, Mr. Mandia was named Ernst & Young Entrepreneur of the Year for the Greater Washington area.

Richard Bejtlich, Chief Security Strategist

Richard Bejtlich is Chief Security Strategist at FireEye, and was Mandiant's Chief Security Officer when FireEye acquired Mandiant in 2013. He is a nonresident senior fellow at the Brookings Institution and an advisor to Threat Stack, Sqrrl, and Critical Stack. He is pursuing a Master/Doctor of Philosophy in War Studies at King's College London. He was previously Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. His fourth book is "The Practice of Network Security Monitoring" (nostarch.com/nsm). He also writes for his blog (taosecurity.blogspot.com) and Twitter (@taosecurity).

Josh Goldfarb, VP, CTO

Josh (Twitter: @ananalytical) is an experienced information security analyst with over a decade of experience building, operating, and running Security Operations Centers (SOCs). Josh currently serves as VP, CTO - Americas at FireEye. Until its acquisition by FireEye, Josh served as Chief Security Officer for nPulse Technologies. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh’s blogging and public speaking appearances, he is also a regular contributor to DarkReading, SecurityWeek, SC Magazine UK, and The Business Journals.

Event Sponsors

CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and services. CrowdStrike Falcon enables customers to prevent damage from targeted attacks, detect and attribute advanced malware and adversary activity in real time, and effortlessly search all endpoints, reducing overall incident response time.

CrowdStrike customers include some of the largest blue chip companies in the financial services, energy, oil & gas, telecommunications, retail, and technology sectors, along with some of the largest and most sophisticated government agencies worldwide.

To learn more, please visit crowdstrike.com.

Stroz Friedberg’s Incident Response, Digital Forensics, and Security Science experts help organizations defend, respond and advance with certainty. Whether assessing and securing networks, conducting forensic investigations, or countering a data breach— part of our risk management approach is to seek truth so clients can gain assurance while propelling forward.

Veracode’s cloud-based service is a simpler and more scalable approach to reduce application-layer risk across your entire global software infrastructure -- including web, mobile and third-party applications -- without hiring more consultants or installing more servers and tools. With Veracode's smart approach to application security, you can drive your innovations to market faster -- without sacrificing security in the process.