Rock Stars of Cybersecurity Agenda

 

Morning Session: 8:30 a.m. – 12:30 p.m.

Security Frameworks, Strategies, & Mitigation Efforts: Will They Lower Your Risk?

Peter Allor

Peter Allor

Cyber Security Strategist - Federal
IBM

Governments worldwide are looking to secure not only their environments, and include critical infrastructures and the private sector supply chains that keep government domains operating. Needed is a focused approach on how to secure these entities via risk-management processes for business operations and moving Information Technology away from traditional best-of-breed point product approaches used to offset new attacks and vulnerabilities. This non-regulatory approach differs from traditional compliance checklists and helps focus on the strategy of the business, transforming security from a 'Doctor No' blocking to a security posture enabling business operations. I will discuss how security professionals can lead the business to a more secure process.

Strengthening the Security Ecosystem

Peter Fonash

Peter Fonash

Chief Technology Officer
US Department of Homeland Security

Strengthening the security and resilience of the cyber ecosystem requires reducing the number of vulnerabilities and the ability to automatically mitigate attack methodologies. A general consensus has been forming in the cybersecurity community that cybersecurity defenses must become more automated, less reactive, more distributed, and better informed. There have been a number of ongoing activities to enable automated collective action to strengthen the resilience and security of the cyber ecosystem in the face of the advanced cyber threat. These activities support a range of automated collective actions, including the sharing of indicators and information, the selection of courses of action, and the coordination of responses. This presentation will discuss the role of DHS in cybersecurity, summarize existing programs to improve cybersecurity, discuss cybersecurity challenges and then present initiatives to meet those challenges.

Cyber Defense: 7 Sins of Security

Peder Jungck

Peder Jungck

Vice President and Chief Technology Officer
BAE

For more than 20 years, our community has expanded a growing set of assumptions around IT Security guiding organizational decision making. As we enter the era of cybersecurity, we can only advance if we recognize where we have made poor assumptions and change our frame of reference. The discussion will highlight examples and lessons learned framed around seven sins of the IT security mindset that shift in the face of the modern cyber adversaries. Operating in a high-threat cyber environment can be successful, however, only a different mindset can achieve the cost-effective and enduring results.

Strengthening the Security Ecosystem

Spencer Mott

Spencer Mott
Chief Information Security Officer
Amgen

More details soon

Lunch

Panel Discussion: 2:00 p.m. – 3:00 p.m.

Is the Goal to Find a Cure, Prevention, or Both?

Joshua Greenbaum

Joshua Greenbaum (moderator)

Principal
Enterprise Applications Consulting

The problems that have created the need for increased cybersecurity have often been compared to a chronic illness that continuously mutates as it plagues businesses and consumers alike. And like chronic illnesses of all kinds, the question of focusing on prevention or cure looms large in the debate about what is to be done about cybersecurity. This panel will discuss what these two very different routes mean, and what needs to be done by consumers, businesses, Internet providers, and government and nongovernment agencies in order to provide appropriate levels of safety and security at home and at work.

 

David Rockvam

David Rockvam

Vice President Product Management & Marketing Communications
Entrust

 

Will Hurley

Will Hurley

Co-founder
Chaotic Moon Studios

 

 

Lunch

Afternoon Session: 3:00 p.m. – 5:30 p.m.

Scaling a Software Security Initiative: Lessons from the BSIMM

Gary McGraw

Gary McGraw

Chief Technology Officer
Cigital

Learn important lessons in scaling software security touchpoints, and making them work efficiently and effectively in a global software security initiative. The talk will focus on the top three touchpoints—code review with a static analysis tool, architectural risk analysis, and penetration testing—discussing the tools, technology, people, and processes for each. The issues will be addressed head on, using examples from the 70+ Building Security in Maturity Model (BSIMM) firms and many years of real-world experience. (Firms in the BSIMM include, Adobe, Aon, Bank of America, Box, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, F-Secure, Fannie Mae, Fidelity, Google, Intel, Intuit, JPMorgan Chase & Co., Mashery, McKesson, Microsoft, Nokia, Nokia Siemens Networks, QUALCOMM, Rackspace, Salesforce, Sallie Mae, SAP, Scripps Networks, Sony Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Visa, VMware, Wells Fargo, and Zynga.)

Building Security into Payment Systems and Applications

Sarath Geethakumar

Sarath Geethakumar
Senior Director – Global Information Security
VISA

Rapid technology changes are forcing payment systems and solutions to constantly evolve. With global mobile adoption now at 91 percent, interconnected consumer devices and applications must perform faster and handle more complex and more critical functionalities. This evolution not only paves way for new and improved solutions but also makes them lucrative and easy targets for attackers. Security as a development afterthought is not a scalable or secure approach for supporting this rapidly evolving ecosystem. Security is no stronger than its weakest link. Hence, building security into development methodologies ensures that even the weakest links can be secured in a timely and cost-effective manner. This presentation explores how to build security into applications to ensure better, reliable, and scalable solutions. Secure software development, when tailored to integrate into new and evolving agile methodologies, ensures a better and more secure software assurance model as opposed to traditional post-development assurance approaches. 

Security 2020: Predictable, Sensible, and Preemptive

Brett Wahlin

Brett Wahlin
Chief Information Security Officer
HP

Hardly a day goes by without yet another report of a security breach or cyberattack: they are increasing constantly in frequency, ferocity, and stealth. And they can result in significant loss of revenues and reputation for organizations and even destabilize governments. Brett Wahlin will deconstruct the current security paradigm vis-a-vis today's business risk-centric environments, articulate the precept of a predictive behavior-based capability, and, round it off with in-use discussion on HP's security solutions. He will end with a Q&A session aimed at answering your security concerns and apprehensions.

Cocktail Reception: 5:30 p.m. – 7:00 p.m.

Register Now - Need link