Rock Stars of Cybersecurity Agenda

 

Morning Session: 8:30 a.m. – 12:30 p.m.

Security Frameworks, Strategies, & Mitigation Efforts: Will They Lower Your Risk?

Peter Allor

Peter Allor

Cyber Security Strategist - Federal
IBM

Governments worldwide are looking to secure not only their environments, and include critical infrastructures and the private sector supply chains that keep government domains operating. Needed is a focused approach on how to secure these entities via risk-management processes for business operations and moving Information Technology away from traditional best-of-breed point product approaches used to offset new attacks and vulnerabilities. This non-regulatory approach differs from traditional compliance checklists and helps focus on the strategy of the business, transforming security from a 'Doctor No' blocking to a security posture enabling business operations. I will discuss how security professionals can lead the business to a more secure process.

Strengthening the Security Ecosystem

Peter Fonash

Peter Fonash

Chief Technology Officer
US Department of Homeland Security

Strengthening the security and resilience of the cyber ecosystem requires reducing the number of vulnerabilities and the ability to automatically mitigate attack methodologies. A general consensus has been forming in the cybersecurity community that cybersecurity defenses must become more automated, less reactive, more distributed, and better informed. There have been a number of ongoing activities to enable automated collective action to strengthen the resilience and security of the cyber ecosystem in the face of the advanced cyber threat. These activities support a range of automated collective actions, including the sharing of indicators and information, the selection of courses of action, and the coordination of responses. This presentation will discuss the role of DHS in cybersecurity, summarize existing programs to improve cybersecurity, discuss cybersecurity challenges and then present initiatives to meet those challenges.

The Value of A Connected Architecture: Defending Against Targeted Campaigns

Brian Kenyon

Brian Kenyon

Vice President and Chief Technical Strategist
McAfee, a division of Intel Security

Brian Kenyon will expose the findings of ongoing research into sophisticated advanced persistent threat campaigns. Brian will discuss how the intelligence from these attacks can be utilized to make an enterprise's defenses stronger and more elastic to persistent threats. Join Brian as he breaks down the observed and derived intelligence from this campaign and demonstrates how multiple technologies can take defensive action on the date.

What Really Matters About Information

Spencer Mott

Spencer Mott
Chief Information Security Officer
Amgen

More details soon

Lunch

Panel Discussion: 2:00 p.m. – 3:00 p.m.

Is the Goal to Find a Cure, Prevention, or Both?

Joshua Greenbaum

Joshua Greenbaum (moderator)

Principal
Enterprise Applications Consulting

The problems that have created the need for increased cybersecurity have often been compared to a chronic illness that continuously mutates as it plagues businesses and consumers alike. And like chronic illnesses of all kinds, the question of focusing on prevention or cure looms large in the debate about what is to be done about cybersecurity. This panel will discuss what these two very different routes mean, and what needs to be done by consumers, businesses, Internet providers, and government and nongovernment agencies in order to provide appropriate levels of safety and security at home and at work.
Tim Helming

Tim Helming

Director of Product Management
DomainTools

 
Gus Hunt

Gus Hunt

Former CTO
CIA

 
Will Hurley

Will Hurley

Co-founder
Chaotic Moon Studios

 
David Rockvam

David Rockvam

Vice President
Entrust

 

 

Afternoon Session: 3:00 p.m. – 5:30 p.m.

Scaling a Software Security Initiative: Lessons from the BSIMM

Gary McGraw

Gary McGraw

Chief Technology Officer
Cigital

Learn important lessons in scaling software security touchpoints, and making them work efficiently and effectively in a global software security initiative. The talk will focus on the top three touchpoints—code review with a static analysis tool, architectural risk analysis, and penetration testing—discussing the tools, technology, people, and processes for each. The issues will be addressed head on, using examples from the 70+ Building Security in Maturity Model (BSIMM) firms and many years of real-world experience. (Firms in the BSIMM include, Adobe, Aon, Bank of America, Box, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, F-Secure, Fannie Mae, Fidelity, Google, Intel, Intuit, JPMorgan Chase & Co., Mashery, McKesson, Microsoft, Nokia, Nokia Siemens Networks, QUALCOMM, Rackspace, Salesforce, Sallie Mae, SAP, Scripps Networks, Sony Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Visa, VMware, Wells Fargo, and Zynga.)

Building Security into Payment Systems and Applications

Sarath Geethakumar

Sarath Geethakumar
Senior Director – Global Information Security
VISA

Rapid technology changes are forcing payment systems and solutions to constantly evolve. With global mobile adoption now at 91 percent, interconnected consumer devices and applications must perform faster and handle more complex and more critical functionalities. This evolution not only paves way for new and improved solutions but also makes them lucrative and easy targets for attackers. Security as a development afterthought is not a scalable or secure approach for supporting this rapidly evolving ecosystem. Security is no stronger than its weakest link. Hence, building security into development methodologies ensures that even the weakest links can be secured in a timely and cost-effective manner. This presentation explores how to build security into applications to ensure better, reliable, and scalable solutions. Secure software development, when tailored to integrate into new and evolving agile methodologies, ensures a better and more secure software assurance model as opposed to traditional post-development assurance approaches. 

Security 2020: Predictable, Flexible, and Preemptive

Brett Wahlin

Brett Wahlin
Chief Information Security Officer
HP

Hardly a day goes by without yet another report of a security breach or cyberattack: they are increasing constantly in frequency, ferocity, and stealth. And they can result in significant loss of revenues and reputation for organizations and even destabilize governments. Brett Wahlin will deconstruct the current security paradigm vis-a-vis today's business risk-centric environments, articulate the precept of a predictive behavior-based capability, and, round it off with in-use discussion on HP's security solutions. He will end with a Q&A session aimed at answering your security concerns and apprehensions.

Cocktail Reception: 5:30 p.m. – 7:00 p.m.