Loading…
This event has ended. Visit the official site or create your own event on Sched.
Welcome to The Eighth Annual Information Security Summit presented by ISSA Los Angeles
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, May 19
 

9:00am

Training - Enterprise Threat Intelligence Workshop

A significant number of security leaders are looking for ways to cut through the hype and realize value from threat intelligence to give them an advantage over security threats. The reality is that without adopting a program approach based on requirements-derived strategy, these benefits may never be realized, and what’s worse the effort may create significant additional gaps in security posture.

To address this, the Optiv Solutions R&D organization has developed an approach to operationalizing threat intelligence capabilities based off leading practices from over 100 enterprise companies across an array of market verticals and maturities.

This workshop takes the attendee through a condensed walk-through of the threat intelligence program strategy development model. We discuss the model, applicability and focus. The attendees are given the process and tools to start smart with stakeholders, requirements and building towards capabilities with supporting resources and execution tasks. We will talk through, and work through live examples, various use-cases across different industry verticals and use your real-life examples to leave the attendee with a more in-depth understanding of what it takes to create a threat intelligence strategy and then execute on that strategy in a calculated, measurable and scalable way.


Speakers
avatar for Rafal Los

Rafal Los

Managing Director, Solutions Research & Development, Optiv Inc
Rafal is the Managing Director, Solutions Research & Development at Optiv Inc. where he brings a blend of pragmatism and thought leadership in his approach to enterprise information security. As managing director, solutions research and development at Optiv, Los helps organizations build mature, defensible and operationally efficient security programs. Leveraging over 15 years of technical, consulting and management skills his team... Read More →


Thursday May 19, 2016 9:00am - 1:00pm
Mandarin Suite

9:00am

Training - Application Security for Managers

The major cause of web insecurity is insecure software development practices. This highly intensive and interactive course provides essential application security training for web application, webservice and mobile software developers and architects. Jim’s classes are a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications.

Students will learn how to code secure web solutions via defense-based code samples. As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development.

Students should bring a basic laptop, tablet or smart phone that can read a PDF. The courseware will be distributed digitally.

Topics:

  • HTTP Basics, SQL Injection
  • Authentication
  • XSS Defense, CSP
  • Access Control
  • Cross Site Request Forgery
  • Applied Crypto Basics
  • App Layer Intrusion Detection
  • Webservice/Mobile Security
  • Applied SSL

Speakers
avatar for Jim Manico

Jim Manico

Founder, Secure Coding Instructor, Manicode Security
Jim is the founder of Manicode Security where he trains software developers on secure coding and security engineering. Jim is a frequent speaker on secure software practices and is a member of the Java-One Rock Star speaker community. Jim is a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization  | and is the author of "Iron-Clad Java: Building Secure Web Applications" from... Read More →


Thursday May 19, 2016 9:00am - 5:00pm
Sierra Suite

9:00am

Training - Information Security Management Boot Camp for IT Professionals

Information security has become part of every IT professional’s job. Hackers are constantly trying to compromise your networks, steal sensitive data, and overwhelm your systems. Adding to the security management challenge, users are demanding to work from anywhere on any device.

Designed for both in-house IT staff and IT vendors, ISSA-LA’s Information Security Management Boot Camp combines practical advice with sound security management insight.

In this Boot Camp, our expert team of information security instructors will cover such topics as

  • Information Security Management: Goals, Objectives and Critical Success Factors
  • Information Security Frameworks: ISO, NIST, etc
  • Vendor Security: What buyers need to require/ What vendors should provide
  • Securing the IT Infrastructure: Strategies, Standards, Architectures, Tools, Maintenance
  • Application Security, including Websites & Internet-Facing Applications
  • Network Change Control
  • Logging & Review, including SIEM
  • Incident Readiness & Response
  • Information Continuity
  • Access Control & Identity Management
  • Encryption
  • Security Documentation
  • BYOD Management
  • Working Collaboratively with the C-Suite
  • Advancing Your Career: Information Security Certifications

Speakers
avatar for Mikhael Felker

Mikhael Felker

Non-Profit/Education and Internet organization, seeing first hand the variance in information security culture and program maturity. Mikhael received his MS in Information Security Policy and Management from Carnegie Mellon University and BS in Computer Science from UCLA. His written work of 50+ publications has been featured in Forbes, ACM, IEEE Security & Privacy, ISACA Journal, ISSA Journal, case studies, and a number of online... Read More →


Thursday May 19, 2016 9:00am - 5:00pm
Hiro Room

9:00am

Training - Real World Red Team Attacks

The days of exploiting MS08-067, encoding with Shikata Ga Nai, and blindly scanning are gone.  Both Blackhat hackers and pentesters alike have shifted to using more advanced techniques to bypass AV, implement a smaller footprint to evade SIEM detection, and continually stay persistent to devastate enterprise networks.  If you are looking to take your craft to the next level, this is the primer course for you.

Written and taught by the author of “The Hacker Playbook” series, Peter Kim will take you through an immensely hands-on experience to replicate real world attacks without even running a single vulnerability scanner.  In this hands-on experience, you will take on the role of a malicious Blackhat attacker and infiltrate your way into a corporate network.  The onsite lab will emulate a real network using only modern operating systems.

Student Requirements:

  • Should have an intermediate understanding of Windows and Linux
  • Some experience with penetration testing techniques and tools (Metasploit)

Students will be required to provide their own computer with the following specifications:

  • Laptop with administrator access
  • Laptop with wireless/network connection
  • Laptop capable of running two virtual machines simultaneously using either VMware Workstation or Player or Fusion (for OS X)
  • Laptop with 30GB of free disk space

What Students will be provided with:

  • USB Stick with Custom VM Image
  • Custom code for exploitation/lateral movement
  • Course documentation
  • Free signed copy of The Hacker Playbook 2!

Speakers

Thursday May 19, 2016 9:00am - 5:00pm
Club Room

3:30pm

Applying Threat Intelligence to Improve Security Awareness Programs
Security awareness programs should improve user security-related behaviors by providing information. However, as experience shows, most awareness programs are not very effective against actual attacks. Threat intelligence is the process of understanding potential and ongoing attacks to more effectively prevent, detect and react to those attacks. By applying threat intelligence to security awareness programs, programs become immediately relevant and better engage employees. This presentation discusses what makes for good threat intelligence and security awareness programs individually, and how to combine them. Case studies, including thwarting the Syrian Electronic Army, are discussed. 

Learning Objectives
Understand how to create an effective security awareness program.
Understand the threat intelligence process and information to expect from an effective program.

Know how to incorporate threat intelligence into security awareness programs to make the programs more engaging and more effective.

Speakers
avatar for Araceli Treu Gomes

Araceli Treu Gomes

Subject Matter Expert-Intelligence and Investigations, The Irari Report
Araceli Treu Gomes is Co-host of The Irari Report and serves as a Cybersecurity Strategist and Subject Matter Expert, counseling global organizations on preventing advanced attacks. Previously, she held technical and leadership positions, including Strategic Security Advisor for a Fortune 100 company, Engineering Director at a large defense contractor, Deputy CSO for a multinational financial services organization, and Chief Security and... Read More →
avatar for Ira Winkler

Ira Winkler

President, Secure Mentem
Ira Winkler, CISSP, is President of Secure Mentem and Co-host of The Irari Report. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the world, investigating crimes against them and telling them how to... Read More →


Thursday May 19, 2016 3:30pm - 5:30pm
Mandarin Suite

6:00pm

Opening Reception
Join us as we Officially open the ISSA-LA Summit 8 with a fun evening of food and drink on a large outdoor patio with stone campfire pits where you can roast their own s’mores or just hang out by the fire. Inside is a large, oval-shaped bar and their signature mechanical bull for you to test your abilities.



Thursday May 19, 2016 6:00pm - 9:00pm
Saddle Ranch Chop House 1000 Universal Studios Boulevard, Universal City, CA 91608
 
Friday, May 20
 

7:30am

8:10am

Welcome Address
Welcome to the Eighth Annual ISSA-LA Security Summit!

Speakers
avatar for Richard Greenberg

Richard Greenberg

President, ISSA-LA
Richard Greenberg, CISSP, is the President of both the OWASP and ISSA Los Angeles Chapters and is the Information Security Officer for the Los Angeles County Department of Public Health. He brings over 25 years of management experience and has been a strategic and thought leader in IT and Information Security for both the private and public sectors. His Project Management, Security Management and Operations, and Policy and Compliance experience... Read More →


Friday May 20, 2016 8:10am - 8:20am
Ballroom B-D

8:20am

Diamond Sponsor Greeting - Ensilo
Friday May 20, 2016 8:20am - 8:25am
Ballroom B-D

8:25am

Diamond Sponsor Greeting - Comodo
Friday May 20, 2016 8:25am - 8:30am
Ballroom B-D

8:30am

Keynote
Infosec Survival skills - The demands on infosec and technology professionals often seem overwhelming, this talk discusses ways to maximize your ability to thrive in the high-stress, high-demand environment of technology and security.   Building on lessons learned from stress and burnout research and other research this talk looks at the other side, how people avoid getting into trouble and sustain high efficiency and satisfaction. Topics range from defining issues and challenges, to identifying potential trouble, to day-to-day advice for being content and productive.

Speakers
avatar for Tenable Network Security

Tenable Network Security

Recruiting, Tenable Network Security
At Tenable, we are all about innovation, creativity and purpose, with a passion for designing solutions that change people’s lives and make a difference in the world. Network security is one of the world’s fastest growing fields, and our fresh ideas and proven products are revolutionizing the industry. We have big plans for continued global growth in 2016 and beyond, and we are looking for people who are creative, adaptable and... Read More →


Friday May 20, 2016 8:30am - 9:20am
Ballroom B-D

9:20am

Sponsor Expo and Break
Speakers

Friday May 20, 2016 9:20am - 10:00am
Sierra Foyer

9:20am

Capture the Flag/The Challenge Room
Think you are good at lock-picking? Do you have skills in a CTF competition? This event will consist of a variety of challenges and will test a variety of skills. Some subjects might include but are not limited to: physical security (including lock picking), web, reversing, and forensics.

The Challenge Room is an all day open event where attendees of the conference are invited to an open event where you can stop by at any time and solve various challenges and accumulate points throughout the day. There will be challenges for all skill levels so don't be intimidated! Everyone will learn something so we encourage you to stop by and try a few challenges. 

Challenges might include but are not limited to: physical security, web, reversing, and forensic. 

What is required:You must bring your laptop to connect to the challenge network. We will be giving you hints on what open and free tools you can download once you arrive and try a challenge.

Format: This is an open event where people can enter at any time throughout the event.

Prizes will be awarded at the conclusion of the Summit 
Speakers
avatar for Stephan Chenette

Stephan Chenette

CEO and Founder, AttackIQ, Inc.
Stephan Chenette is the CEO and founder of AttackIQ, Inc. Stephan and his team develop, innovate and analyze adversarial modelling and automated security control validation to create real-world test scenarios that allow customers to make informed decisions about the RIO of their existing security posture. We help answer the question: "How secure am I?". Previous to founding AttackIQ, Stephan was the director of research at IOActive, head... Read More →


Friday May 20, 2016 9:20am - 4:00pm
Hiro Room

9:50am

Executive Forum Panel for Businesses

This stimulating panel discussion will address the value of establishing and formalizing an information security program (Program) that includes cyber security, specifically for the protection of an organization’s crown jewels, which is your data.  Your data translates into personally identifiable information (PII), protected health information (PHI), Payment Card Industry (PCI), and numerous other regulated information.   

A panel of experienced Chief Information Security Officers (CISO) will discuss a full range of topics in terms of a Program’s value, challenges, and caveats that is comprised of people, processes, and technologies.  

Additionally, the discussions will focus on development of a Program and its subprograms to mitigate risks to an organization’s “crown jewels”; regardless, if public, private, or non-profit sector.  To name a few of these subprograms that will be discussed are: security assessments/audits, security awareness, risk management, and incident response management.

This session is beneficial to those who are in the talk phase as well as those who have formalized a Program. 


Moderators
avatar for Tom Drucker

Tom Drucker

Tom serves as a trusted advisor and a business consultant to owners, professional partnerships and leaders of every kind of business. He helps his clients solve problems, whether with people or with business results. Tom’s work is unique because he integrates the principles of positive psychology with the methods of process improvement. This combination enables him to make measurable changes in business performance. | | Lasting change... Read More →

Speakers
avatar for Timothy Lee

Timothy Lee

CISO, City of Los Angeles
Timothy Lee is the Chief Information Security Officer at the City of Los Angeles. He is responsible for overall cybersecurity policies and initiatives for America’s second largest city. One of those initiatives is the City’s first Integrated Security Operations Center (ISOC), which won several awards including Center for Digital Government’s 2015 Cybersecurity Leadership and Innovation Award. His work affects all 40 City of... Read More →
avatar for William Perry

William Perry

CISO, California State University System
Mr. Perry holds an MBA and has over 25 years of experience in the field of information technology and security.  He now serves as the Chief Information Security Officer for the California State University system.  The California State University System, which employs roughly 45,000 faculty and staff, is the largest public higher education institution in the world serving nearly 500,000 students at 23 campus throughout... Read More →
avatar for Robert Pittman

Robert Pittman

CISO, County of Los Angeles
Dr. Pittman is the County of Los Angeles (County) Chief Information Security Officer (CISO), appointed by the Board of Supervisors’ in 2008 with over 36 years of Information Technology experience – the majority in the information security practice.  He oversees 34 major County departments with a workforce that exceeds 103,000 employees, a budget of $27.2 billion, and thirty-four line of businesses.     In... Read More →


Friday May 20, 2016 9:50am - 10:50am
Ballroom D

10:00am

InfoSec’s Credibility Crisis is also our Biggest Opportunity

 Anyone who has been in Information Security for any length of time knows the difficultly of getting people to listen — the frustrating challenge in convincing people to take security seriously. In the enterprise, every single InfoSec budget dollar is painfully scrutinized. Every security decision resisted. Many feel that no matter what InfoSec pros say or do, those they’re responsible for protecting prefer to wait for something bad to happen first. In the meantime InfoSec laments how no one listens, and when an incident eventually does happen, it will ambulance chase and cry “told you so!”

 

Maybe the resistance is warranted though. Maybe after the world spends $75 billion annually on InfoSec, only to see the hacks large and small continue on, become more damaging, and threat actors more brazen, people are justifiably skeptical of our value. In the eyes of many, InfoSec at best is seen as a necessary evil. InfoSec’s performance (or lack thereof) and this skepticism is why we now see billions of dollars flowing toward cyber-insurance premiums to cover breach costs, dollars NOT going directly toward preventing break-ins. This is a wake-up call and clear signal that InfoSec is in the midst of an credibility crisis, a crisis that puts everyone at risk.

 

It also doesn’t help when the websites of security certification providers are laced with malware, when popular security software packages such as anti-virus are riddled with vulnerabilities that make customers less safe, or when major incident response vendors themselves suffer their own data breaches. Our work is too important to continue with the status quo. We need to turn things around, and as such, InfoSec has an important choice to make. InfoSec can either choose to continue pointing fingers, complaining about the same things over and over year after year, or as an industry we can take responsibility and do something about it.

 

First and foremost, we must find ways to improve InfoSec’s credibility and measurably prove its worth. One way to do that, a way that stands above all others, is for security vendors to contractually guarantee that their products and services will perform as advertised. Guarantees like we see and expect from every other major industry in the world. InfoSec is an incredibly confusing space, littered with snake-oil and charlatans, so when security vendors are willing to provide guarantees and SLAs, it builds trust that differentiates them like nothing else can. Security guarantees are the biggest opportunity for every security practitioner and vendor to make a real difference and everyone needs to get involved.

 


Speakers
avatar for Jeremiah Grossman

Jeremiah Grossman

Founder & CEO
World-Renowned Professional Hacker. Brazilian Jiu-Jitsu Black Belt. Published Author. Influential Blogger. Off-Road Race Driver.  Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. And since Jeremiah earned a Brazilian Jiu-Jitsu black belt, the media has described him as "the embodiment of converged IT and physical security.&rdquo... Read More →


Friday May 20, 2016 10:00am - 10:50am
Ballroom A

10:00am

Computer Virus-antivirus Co-evolution
Over the past twenty-five years, computer malware (viruses, worms, targeted attacks, etc.) and anti-malware software have engaged in a complex dance - a co-evolution -  with the black-hats inventing ever more creative infection and evasion techniques, and the white-hats responding in-kind with ever-more innovative defenses. In this talk, Mr. Nachenberg will provide a fascinating historical glimpse into this co-evolution, discussing the major attack and counter-attack trends of the past twenty-five years in technical detail.

Speakers
avatar for Carey Nachenberg

Carey Nachenberg

VP, Fellow and Chief Architect, Symantec
Carey Nachenberg, Vice President, Fellow and Chief Architect of Symantec's office of the CTO, has been an innovator at Symantec for the past twenty years. As Chief Architect, Carey drives the technical strategy for all of Symantec's core security technologies and security content. He has led the design and development of Symantec's core antimalware, intrusion prevention and reputation-based security technologies; his... Read More →


Friday May 20, 2016 10:00am - 10:50am
Ballroom B

10:00am

Cyber Risk Leadership: Essential leadership lessons for the 21st century CISO
Ever wonder how to create lasting commitment from your employees and for yourself?  How to get your teams to stay engaged battling thru the challenges we see day in and day out.   In this talk, I will explore how logic leads to reason and how emotion leads to action. I will go through my personal journey exploring both the cycle of risk and sharing lessons from my +25 years managing people and leading teams. I will explore what gifted strategic thinkers do as well as what gifted curators of commitment do to inspire purpose, passion, and persistence to achieve hard but worthy goals.  I will cover the laws of leadership and my 9 box of controls that should guide our approach to overcome the challenges we face.  The summary will be the 21 items I have learned through my time as a risk and security leader.

Speakers
avatar for Malcolm Harkins

Malcolm Harkins

Chief Security & Trust Officer, Cylance
Malcolm is the Global Chief Information Security Officer for Cylance, Inc. Previously he was the vice president and Chief Security and Privacy Officer (CSPO) at Intel Corporation.   In this role Malcolm was responsible for managing the risk, controls, privacy, security, and other related compliance activities for all of Intel’s information assets, products and services.  Malcolm is a frequent speaker at Industry... Read More →


Friday May 20, 2016 10:00am - 10:50am
Club Room

10:00am

Tapping Big Data for Healthcare

We are seeing incredible increases in the amount of data we are all regularly creating and collecting about patients and medicine. Are we taking advantage of this vast amount of information to properly predict outcomes, appropriately treat patients, and maximize our operations?

Big Data use in healthcare has a huge potential to change the way we conduct business. Today it is already being tapped to help find cures for diseases, prolong life, predict epidemics, and improve care. What are some important factors that you need to evaluate and how should you start changing the way you think to utilize the vast amounts of information you already have?


Speakers
avatar for Duane Decouteau

Duane Decouteau

Senior Technologist, Edmond Scientific
Duane DeCouteau currently leads development efforts in the Department of Veterans Affairs (VA), Veterans Health Administration’s (VHA) Emerging Health Technologies Advancement Center (EHTAC), which focuses on the security and privacy needs of our Veterans. Most recently Mr. DeCouteau led the efforts on an advanced technology demonstration of the Office of the National Coordinator for Health Information Technology (ONC) Data Segmentation... Read More →
avatar for Brynn Mow

Brynn Mow

Owner and CEO, Jericho Systems Corporation
Owner and CEO Brynn Mow established Jericho Systems Corporation in Dallas, Texas in 2002. Jericho is the leading developer of sophisticated content filtering and data security solutions and the pioneer of Attribute Based Access Control (ABAC) with Data Labeling and Data Segmentation (DLDS™) technology. The company has contributed to 9 International Standards for security and privacy – it holds multiple United States patents, including... Read More →


Friday May 20, 2016 10:00am - 10:50am
Ballroom C

11:00am

Rethink Systems Security with Containers

Containers are gaining traction with the IT and developer communities. The use of container technologies not only empowers DevOps initiatives but also brings fundamental changes to information and application security. We show in this session security innovations leveraging the use of containers and how containers enable a way to bridge the gap between runtime security and application inspection. The most effective containers are stateless - the content of the containers remains unchanged throughout its lifetime. Instead of updating it, one would simply kill the old container and start a new one.

 

This transient nature of containers has far-reaching implications to security. First, we demonstrate that by container image analysis and deep inspection of the set up files, one can accurately predict the runtime behavior of the container, down to its system calls, communications, and process behavior patterns. We show that one can use image analysis and other dev-time "bread crumbs" to build runtime profiles of containers and detect communications, process, and even memory anomalies automatically. We demonstrate that this approach leads to much more accurate anomaly detection than traditional runtime security and will fundamentally change how runtime protection of applications is achieved. We also show performance metrics taken with production-scale deployments.

 


Speakers
avatar for Chenxi Wang

Chenxi Wang

Chief Strategy Officer, Twistlock
Dr. Chenxi Wang is Chief Strategy Officer of Twistlock. She is responsible for corporate strategy and marketing. Dr. Wang joins Twistlock from Ciphercloud, another successful Silicon Valley startup. Prior to that, Chenxi built an illustrious career at Forrester Research and Intel Security. At Forrester, Chenxi covered mobile, cloud, and enterprise security, and wrote many hard hitting research papers. At Intel Security, she led the ubiquity... Read More →


Friday May 20, 2016 11:00am - 11:50am
Ballroom A

11:00am

We Lost the Battle Against Intrusions — Are We Left to Raise Our Hands in Defeat?

Enterprises are pouring billions of dollars into preventing threat actors from infiltrating the organization. Yet, the rising level of breaches shows that dedicated threat actors will penetrate the organization. Perhaps then the problem is not a technological one, but is rather one of strategy in dealing with cyber-threats?

In this session, we’ll propose a new defense approach. This strategy assumes that the environment is already compromised and focuses on preventing the real risk to the enterprise: the actual exfiltration and hijacking of data. We’ll show how adopting such a strategy enables organizations to streamline security and align with the business operations as they investigate and remediate a threat.
This session will discuss:

·        New and effective strategies to combat today’s advanced threats;
·        Removing the OpEx associated with security solutions;
·        Real-life cases of successful enterprises challenging their security status quo.


Speakers
avatar for Roy Katmor

Roy Katmor

Co-Founder & CEO, enSilo
Roy Katmor is the CEO of enSilo. Roy is a 10-year seasoned product manager and security market strategist, combining strong technical knowledge with proven sales and marketing skills. Prior to enSilo, Roy led Akamai’s security strategy. Before that, he managed Imperva’s data security products and architecture management. Additionally, Roy held various product management and R&D leading roles at several international public and... Read More →


Friday May 20, 2016 11:00am - 11:50am
Ballroom B

11:00am

The Castaway’s Guide to Threat Intelligence and Information Sharing
The interrelated nature of essentially every business creates a connected and dependent organism that cannot operate in isolation.  However, many information security organizations continue to navigate the treacherous seas of the global threat landscape from their own island of solitude.  Much change is occurring in the realm of information sharing, whether it be at the highest level of our nation’s government through the passage of congressional bills like CISA, or at the most atomic levels of automated technical threat details.  

This session will break down what’s happening in the world of Information Sharing, evaluating benefits and the business value of sharing constructs as well as the threat intelligence market.  From strategic decision support to tactical threat mitigation, let’s move past the message in a bottle approach and breakdown the pros and cons to escape our islands of isolation.

Speakers
avatar for Brian A. Engle

Brian A. Engle

Executive Director, Retail Cyber Intelligence Sharing Center
Brian Engle serves as the Executive Director of the Retail Cyber Intelligence Sharing Center (R-CISC), the resource supporting the retail and consumer products, goods and services industries for sharing cybersecurity information and intelligence.  The R-CISC, and its operation of the Retail and Commercial Services Information Sharing and Analysis Center (RCS-ISAC), create a trusted environment for robust collaboration for its members... Read More →


Friday May 20, 2016 11:00am - 11:50am
Club Room

11:00am

Cyber Security Law Enforcement Panel
We will explore one of the biggest threats to your company/organization, and what you can do about it to protect your information. Business Email Compromise (BEC), is becoming a huge problem, particularly in Los Angeles. Essentially, a criminal masquerades as a CEO, and via Email, demands that the actual CFO wire funds unknowingly to the criminal. It costs LA County businesses at least three million a month in losses.

In addition, other threats, including ransomware, will be discussed. Ransomware is rapidly becoming a worrisome trend on the threat landscape.


You won't want to miss this panel of experts from the FBI, the Los Angeles County District Attorney’s High Technology Crime Division, and the Los Angeles County District Attorney's Bureau of Investigation Cyber Investigation Response Team, as they share crucial inside information with you.

Moderators
avatar for Richard Greenberg

Richard Greenberg

President, ISSA-LA
Richard Greenberg, CISSP, is the President of both the OWASP and ISSA Los Angeles Chapters and is the Information Security Officer for the Los Angeles County Department of Public Health. He brings over 25 years of management experience and has been a strategic and thought leader in IT and Information Security for both the private and public sectors. His Project Management, Security Management and Operations, and Policy and Compliance experience... Read More →

Speakers
DB

Dave Babcock

SENIOR INVESTIGATOR, Los Angeles County DA
Dave is currently assigned to the Los Angeles County District Attorney’s Cyber Investigation Response Team (CIRT) and is a member of the United States Secret Service Los Angeles Electronic Crimes Task Force. His unit investigates cyber-crimes and attacks, intellectual property thefts, and network intrusions against Los Angeles County government networks and technology assets. In his current assignment Dave has been the lead investigator... Read More →
JF

Justin Feffer

Superviser, Los Angeles County District Attorney's Bureau of Investigation Cyber Investigation Response Team (CIRT)
Sergeant Justin Feffer supervises the Los Angeles County District Attorney's Bureau of Investigation Cyber Investigation Response Team (CIRT).  He has been assigned to the Los Angeles Electronic Crimes Task Force (LAECTF) since 2004.  He has instructed thousands of law enforcement officers, prosecutors and public officials throughout the United States and internationally in cyber security, cyber crime and high technology threats. Justin... Read More →
WK

Warren Kato

Deputy District Attorney, Los Angeles County DA
Warren Kato has been a Deputy District Attorney for the Los Angeles County District Attorney’s Office for 16 years.  He has been assigned for the past 6 years to the High Technology Crime Division and Southern California High Tech Task Force, where he has vertically prosecuted high tech identity theft crimes in conjunction with local and federal agencies.  He was previously assigned to the Hardcore Gang Division where he... Read More →
MS

Michael Sohn

Supervisory Special Agent, FBI
Supervisory Special Agent (SSA) Michael Sohn is currently leading a squad at the FBI Los Angeles Field Division that is responsible for investigating computer and high-technology crimes involving national security matters.   His investigative experience includes cyber terrorism, Advanced Persistent Threat (APT), and various criminal computer intrusion matters.  Prior to his employment with the FBI, he worked as a Cyber... Read More →


Friday May 20, 2016 11:00am - 11:50am
Ballroom D

11:00am

Telemedicine & Other Remote Healthcare Privacy, Security & Quality

Telemedicine and other mobile or remote health care assessment, monitoring, diagnosis or treatment increasingly are accepted as offering a host of exciting new opportunities for providing health care examinations, monitoring, or other health care treatments, consultations monitoring, and other health care services as a supplement or alternative to face-to-face health care. 

However, successful design, deployment and delivery of these telemedicine and other remote health care services requires health care providers, health plans, and their technology partners to properly understand and manage a complicated host of e-prescribing and other medical practice, technical, privacy and data security, reimbursement, quality and other operational challenges. 

A distinguished panel will share discuss key challenges and share insights on strategies for designing and using telemedicine and other mobile and remote care technologies and practices to deliver or support the delivery of effective telemedicine and other remote health care services while managing healthcare privacy, security and quality and delivering financially viable, quality healthcare in accordance with medical legal and ethical standards.

 


Moderators
avatar for Cynthia Marcotte Stamer

Cynthia Marcotte Stamer

Repeatedly recognized among the “Top Rated Healthcare Lawyers and “Labor & Employment Lawyers” by LexisNexis® Martindale-Hubbell® list of Top Rated Lawyers, Past Chair of the American Bar Association (ABA) Health Law Section Managed Care & Insurance Interest Group and former Vice Chair of its eHealth, Privacy & Security Interest Group, Vice Chair of the ABA International Section Life Sciences Committee... Read More →

Speakers
avatar for Powell Hamilton

Powell Hamilton

Chief Information Security Officer, Scripps Health
| Powell Hamilton has over 25 years’ experience in information technology and management. As a recognized leader known for crafting technology solutions and framing strategic vision, Powell offers a unique blend of executive acumen, team-building, and IT solutions development creativity. Today, Powell is employed at Scripps Healthcare Network as the Chief Information Security Officer. Scripps is a private, nonprofit, integrated health... Read More →
avatar for Marcy Zwelling-Aamot

Marcy Zwelling-Aamot

Marcy Zwelling-Aamot, M.D. is a respected member of the California medical community and a prominent voice in the crusade to improve the broken healthcare system. Dr. Zwelling-Aamot is a quadruple board-certified physician, a notable achievement even among the best doctors in the nation. Marcy graduated with honors from Wellesley College and studied medicine at New York University Medical School where she graduated at the top of her class. Dr... Read More →


Friday May 20, 2016 11:00am - 11:50am
Ballroom C

11:50am

11:50am

11:50am

Private CISO Lunch Roundtable Discussions and Sponsor Expo
Join us in break-out groups as we discuss and share experiences on these important topics: 

1) What an Incident Response Capability Program Looks Like and What Tools / Resources / and Documents are Used
2) The Qualities of an Effective CISO
3)  Identity and Access Management
4) The latest trends in attacks, including the rise of ransomware and weaponized Office documents. 

Moderators
avatar for Scott Hennon

Scott Hennon

Senior Vice President, Deputy CISO, East West Bank
Scott Hennon, Senior Vice President, Deputy Chief Information Security Officer Scott is the Senior Vice President and Deputy Chief Information Security Officer at East West Bank. In his role, Scott provides leadership and guidance for safeguarding private sensitive information against accidental or unauthorized modification, destruction or disclosure. Scott also, in collaboration with other key Enterprise IT Risk Management team members, plans... Read More →
avatar for Matthew Lehman

Matthew Lehman

Matt is the Chief Information Security Officer and Head of Infrastructure Architecture at Cetera Financial Group.  In his role he is responsible for security governance and operations as well as overall technology governance and leadership.  In addition, Matt advises several start-ups where he provides product, security, and technology guidance. | Matt’s career spans 27 years where he has served in a variety of security and... Read More →
avatar for Dan Meacham

Dan Meacham

Cyber Security and Compliance Officer, Legendary Entertainment
A highly accomplished information security leader with 15+ years of experience protecting information assets, risk management, incident management, and compliance management, Mr. Meacham is recognized as a top contributor to the information security community through support and advisory board membership at the University of Dallas, Texas A & M University, UCLA Extensions, and VHA. Mr. Meacham’s enterprise-wide security and risk... Read More →
avatar for Miguel (Mike) O. Villegas

Miguel (Mike) O. Villegas

Miguel (Mike) O. Villegas is a Vice President for K3DES LLC.  He performs and QA’s PCI-DSS and PA-DSS assessments for K3DES clients.  He also manages the K3DES  ISO/IEC 27001:2005 program.  Mike was previously Director of Information Security at Newegg, Inc. for five years. Mike currently a Contributing Writer for SearchSecurity-TechTarget. Mike has over 30 years of Information Systems security and IT audit... Read More →

Friday May 20, 2016 11:50am - 1:20pm
Club Room

11:50am

12:15pm

Executive Forum Lunch Presentation: Phishing Dark Waters – Where the River Meets the Sea
Phishing has become the most highly employed and successful social engineering attack
vector in recent history. Even smaller organizations that have traditionally been safe
have become targets as we’ve become more connected as a world. If you have
information, someone wants it.

Do you really understand a phishing attack? Do you know how to prepare yourself and
educate your people? Phish are often designed to cast a wide net, but it only takes one
person to compromise your company. The days of the simple 419 phish have given way
to breaches that combine convincing pretexts and multiple attack vectors. The modern
attacker understands influence, manipulation, and the use of spellcheck.

Join me as I discuss the offensive and defensive sides of this deceptively complex form
of social engineering. I’ll look at some of the most common techniques employed by
attackers to gain an understanding of how a phishing campaign is put together and why
they succeed. You don’t need a psychologist to understand why a particular phish is
effective, but it helps to have insight into the things that make people click.

I’ll also outline what you can do to protect your organization. Learn how to incorporate
all of this information into a phishing program that provides immediate feedback on the
health of your organization and a concrete path to demonstrate improved security.
Although it’s only one part of an overall security awareness program, phishing is an area
that we can no longer afford to view as a nuisance.

At the end of this presentation, I hope to leave you with an understanding how phish are built, why they work, and what to do to defend yourself. You have something that someone else wants. See that they don’t get it.

Speakers
avatar for Michele Fincher

Michele Fincher

Chief Operating Officer, Social-Engineer, Inc.
Michele Fincher is the Chief Influencing Agent of Social-Engineer, LLC, possessing over 20 years experience as a behavioral scientist, researcher, and information security professional. Her diverse background has helped solidify Social-Engineer, LLC’s place as the premier social engineering consulting firm. As a US Air Force officer, Michele’s assignments included the USAF Academy, where she was a National Board Certified... Read More →


Friday May 20, 2016 12:15pm - 1:05pm
Ballroom D

12:15pm

Healthcare Lunch Panel Discussion: Ebola, Zika, & Other Pandemic Preparation and Response

The spread of Ebola, tuberculosis, Avian, Swine or other deadly flu viruses, measles, Zika Virus, Yellow Fever and a host of other contagious diseases with pandemic potential to the US have uncovered serious gaps in the U.S understanding and preparedness to respond to and manage pandemic and other public health emergencies. 

We will start with a short multimedia "Dark Winter" game senario.  This is a game that members of Congress played in 2001 to grasp in a very graphic way using big data to determine how pandemics can start small and explode into uncontrollable magnitudes very quickly.

We will then present some of the operational response planning and deployment needs that are likely to hit major cities like Los Angeles, London, etc.

Having lay the groundwork, we will then discuss the delicate balance between security/privacy vs. Stategic. We will explore the management of the dynamic and processes that would be brought into play in connection with the investigation and control of the response to the crisis, while at the same time maintaining both the security of PHI and other sensitive communications and activities necessary to prevent mass panic and other concerns.


Moderators
avatar for Cynthia Marcotte Stamer

Cynthia Marcotte Stamer

Repeatedly recognized among the “Top Rated Healthcare Lawyers and “Labor & Employment Lawyers” by LexisNexis® Martindale-Hubbell® list of Top Rated Lawyers, Past Chair of the American Bar Association (ABA) Health Law Section Managed Care & Insurance Interest Group and former Vice Chair of its eHealth, Privacy & Security Interest Group, Vice Chair of the ABA International Section Life Sciences Committee... Read More →

Speakers
avatar for Ronald Dorler

Ronald Dorler

President, TGF Macaw Soft US
Ronald Dorler is the President of TGF Macaw Soft US, specializing in medical software. Mr. Dorler has over thirty years experience in the Communications and Law Enforcement fields, specializing in encryption.
PE

Paul Eaton

Consultant, American Biomedical Group, Inc
Mr. Eaton is a retired senior Naval Intelligence officer serving in afloat staffs and in Washington, DC in multiple capacities in military and national intelligence.  He has more than 40 years of professional experience in the functional design; systems engineering; system architecture; development and management of surveillance and data collection systems; and information processing and information technology systems with... Read More →
avatar for James K. Burgess III

James K. Burgess III

President, American Biomedical Group, Inc (ABGI)
James K. Burgess III is the founder and President of American Biomedical Group, Inc (ABGI). Mr. Burgess is a bio-chemistry graduate of West Virginia University with degrees in biomedical engineering technology and electronics engineering technology from Forest Park College in Saint Louis, MO. He has over 40 years experience in the Healthcare industry including his work with ABGI as a Department of Defense contractor maintaining the... Read More →
JB

James Burgess IV

Software Developer, American Biomedical Group, Inc.
James K Burgess IV graduated from the University of Arizona with a degree in graphic design, digital and media arts. He has over 15 years experience designing and developing websites and web based applications across multiple industries. Most recently, Mr. Burgess lead a team to develop AllTraq, a realtime location system that uses RFID tags and ultra wideband frequency to track and monitor equipment, staff, patients and refrigerated... Read More →


Friday May 20, 2016 12:15pm - 1:30pm
Ballroom C

1:05pm

Executive Forum Lunch Presentation: The Surprising Secrets of the Best-Run Security Programs
Speakers
avatar for Steve Hunt

Steve Hunt

Steve Hunt is an executive strategist with expertise in information security,  | physical security, confidential information protection, critical infrastructure  | protection, technology, risk management and regulatory compliance. He was  | inducted into the ISSA Hall of Fame for his achievements in information  | security and, CSO [Chief Security Officer] Magazine presented him with the  | “Industry... Read More →


Friday May 20, 2016 1:05pm - 1:25pm
Ballroom D

1:10pm

Report From the ISSA International President
Join Andrea Hoy, ISSA International President, as she provides an update of activities going on at ISSA. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

Speakers
avatar for Andrea Hoy

Andrea Hoy

President/Founder & Virtual CISO/CRO, A.Hoy & Associates
Created the first CISO Bootcamp to train and mentor Information Security professionals on corporate politics and finance issues, as well as information security planning and "how to be a CISO". | Coined the term "Virtual CISO" and was the first Virtual CISO in the industry to provide Fortune 20 CISO/CSO services to small businesses to large enterprises needing high level strategic and governance, risk, compliance expertise either as 1) staff... Read More →


Friday May 20, 2016 1:10pm - 1:20pm
Ballroom A

1:20pm

Current CIA Employment Opportunities
Ever wonder about a career move as a part of the CIA? Come hear about current CIA employment opportunities.

Speakers
MH

Maya H.

Recruiter, Central Intelligence Agency
Maya H. is a recruiter for the CIA’s Directorate of Operations Hiring Division’s Outreach and Special Hiring Branch


Friday May 20, 2016 1:20pm - 1:30pm
Ballroom A

1:20pm

Report from the ISSA Int'l President [CISO Forum]
Join Andrea Hoy, ISSA International President, as she provides an update of activities going on at ISSA. The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

Speakers
avatar for Andrea Hoy

Andrea Hoy

President/Founder & Virtual CISO/CRO, A.Hoy & Associates
Created the first CISO Bootcamp to train and mentor Information Security professionals on corporate politics and finance issues, as well as information security planning and "how to be a CISO". | Coined the term "Virtual CISO" and was the first Virtual CISO in the industry to provide Fortune 20 CISO/CSO services to small businesses to large enterprises needing high level strategic and governance, risk, compliance expertise either as 1) staff... Read More →


Friday May 20, 2016 1:20pm - 1:30pm
Club Room

1:30pm

Losing Battles, Winning Wars — Active Defense Rebooted

When it comes to intrusions and breaches, most security teams take a short-game view. This means that they look at events as discrete and individual and focus efforts on short-term goals. While not universally detrimental, this view does harm the overall security of an organization in the "long game”.  Additionally, “active defense” has been hopelessly confused by marketing hype even though its meaning is powerful to security’s operational goals.  

 

This talk focuses on how enterprise security defenders can adjust their mindset, refocus, and beat adversaries by leveraging active defense over the long game. The basis of this talk is the extensive research done in support of the threat intelligence solution blueprint, a comprehensive guide to understanding, architecting, operationalizing and maturing a pragmatic threat intelligence program. 

 


Speakers
avatar for Rafal Los

Rafal Los

Managing Director, Solutions Research & Development, Optiv Inc
Rafal is the Managing Director, Solutions Research & Development at Optiv Inc. where he brings a blend of pragmatism and thought leadership in his approach to enterprise information security. As managing director, solutions research and development at Optiv, Los helps organizations build mature, defensible and operationally efficient security programs. Leveraging over 15 years of technical, consulting and management skills his team... Read More →


Friday May 20, 2016 1:30pm - 2:20pm
Ballroom A

1:30pm

Women in Security Panel

“SaaSy” Service of  Security

Security as a Service (SaaS) implies automation, the Service of Security suggests collaboration, involvement and experience.

Please join our session and share in the journeys that our established, globally recognized professionals have paved. This open and honest dialogue will discuss:

·        Our panelist’s entry into the Information / Cyber Profession

·        How the industry and profession has changed over the past two decades, (What were the tipping points?)

·        How we have changed with the cyber evolution, both professionally and personally

·        What can we expect in the next 5-10 years and “WHY”

·        Highlight milestones, challenges, discoveries (“When to pull the plug or plunge forward”)

·        Cultivate interest for those desiring to expand their horizons in the cyber arena, where to go and how to get there (“When you love the work you do, but feel alone”)


Moderators
avatar for Pamela Fusco

Pamela Fusco

Founding Partner, Gid Grid
Pamela Fusco, has accumulated 29 plus years of experience as an information security professional and internationally recognized industry expert.  Her background and expertise expand globally encompassing numerous facets of enterprise business, defense, intelligence, privacy, academia, forensics and international relations. Pamela has resided on the U.S. Presidential White House Inaugural Staff, and held positions as Chief Security... Read More →

Speakers
avatar for Stephanie Douglas

Stephanie Douglas

Senior Advisor, Safety and Security, RANE (Risk Assistance Network and Exchange)
Stephanie Douglas serves as Senior Advisor, Safety and Security for RANE (Risk Assistance Network and Exchange). Utilizing her law enforcement and intelligence | background in government as well as her private sector experience, Ms. Douglas | works with clients to provide counsel and direction on enterprise wide security and | risk issues. | Her previous positions include Senior Director of Corporate Security, Pacific Gas and | Electric... Read More →
avatar for Andrea Hoy

Andrea Hoy

President/Founder & Virtual CISO/CRO, A.Hoy & Associates
Created the first CISO Bootcamp to train and mentor Information Security professionals on corporate politics and finance issues, as well as information security planning and "how to be a CISO". | Coined the term "Virtual CISO" and was the first Virtual CISO in the industry to provide Fortune 20 CISO/CSO services to small businesses to large enterprises needing high level strategic and governance, risk, compliance expertise either as 1) staff... Read More →
avatar for Cheryl Santor

Cheryl Santor

Information Security Manager, Metropolitan Water District of So. CA
Cheryl Santor, CGEIT, CISM, CISSP, CISA - Information Security Manager for Metropolitan Water District of Southern California.  With over 28 years of Information Technology experience with the first part of her career spent in the financial field.  Cheryl has experience with every aspect of Information Technology.  Associating with Metropolitan thirteen years ago has exposed her to SCADA and Process Control Systems bringing a new... Read More →
avatar for Chenxi Wang

Chenxi Wang

Chief Strategy Officer, Twistlock
Dr. Chenxi Wang is Chief Strategy Officer of Twistlock. She is responsible for corporate strategy and marketing. Dr. Wang joins Twistlock from Ciphercloud, another successful Silicon Valley startup. Prior to that, Chenxi built an illustrious career at Forrester Research and Intel Security. At Forrester, Chenxi covered mobile, cloud, and enterprise security, and wrote many hard hitting research papers. At Intel Security, she led the ubiquity... Read More →


Friday May 20, 2016 1:30pm - 2:20pm
Ballroom B

1:30pm

Continuous Security Control Validation Through Attack Modelling
The Average company deploys over 75 distinct security technologies into their organization, but how do you know if those technologies are working correctly? How do you know if those technologies are the right defensive measure against today's attacks? In this presentation we will review the importance of attack modelling against your security infrastructure, so that you can validate current and potentially new security technologies within your organization. We will review how to createuseful risk and maturity metrics that can be translated from your security team to the board room and in the end truly improve your holistic security posture.

Speakers
avatar for Stephan Chenette

Stephan Chenette

CEO and Founder, AttackIQ, Inc.
Stephan Chenette is the CEO and founder of AttackIQ, Inc. Stephan and his team develop, innovate and analyze adversarial modelling and automated security control validation to create real-world test scenarios that allow customers to make informed decisions about the RIO of their existing security posture. We help answer the question: "How secure am I?". Previous to founding AttackIQ, Stephan was the director of research at IOActive, head... Read More →


Friday May 20, 2016 1:30pm - 2:20pm
Club Room

1:30pm

Panel Discussion: Protecting Your Data as You Migrate to the Cloud
The number of threat factors impacting today’s enterprises is over whelming and with many companies being understaffed and underfunded makes them ill-prepared to address sophisticated attacks.   Couple this with regulatory mandates which requires the securing and protection of your clients’ private information.  To meet these challenges, you need a new way of thinking to address these threats.  In this session, we will discuss how a “community approach” using cloud can reduce your threat exposure while meeting your business’ stakeholder expectations. 

Moderators
avatar for Peter Renner

Peter Renner

Enterprise Technology Strategist, Microsoft
Peter Renner is the Enterprise Technology Strategist for Microsoft’s Healthcare Account Technology Unit, based in Irvine, CA. In his role, Peter is responsible for developing the strategy and overseeing the implementation of secure, compliant, and reliable Enterprise Data Center solutions through leveraging Private, Public and Hybrid Clouds.  | | Prior to Microsoft, Peter held various roles ranging from Enterprise Architect to... Read More →

Speakers
avatar for Nicole Chandler

Nicole Chandler

Nicole Chandler is an Information Services & Technology Professional with a strong focus on HealthCare solutions employed by Precision Diagnostics in San Diego, CA. As a Solutions Architect she has lead the implementation of a customized laboratory information management system (LIMS), a fully integrated healthcare billing software platform and worked on the team responsible for the migration from on premise IT infrastructure to Azure Cloud... Read More →
avatar for Jim Richardson

Jim Richardson

Founder & CEO, Finchloom
Jim Richardson stands at the forefront of the fastest moving technology industry trend: cloud services. He’s spent the past seven years evangelizing an industry-wide shift to the cloud and has helped position Microsoft as a leader in the commercial public cloud space. | A calculated risk-taker with deep tech industry knowledge, Jim has championed cloud services to his enterprise and SMB customers. Jim is recognized for designing... Read More →
avatar for Hector Rodriguez

Hector Rodriguez

National Director, HLS STU, Microsoft U.S. Public Sector Health & Life Sciences
Hector Rodriguez is the National Director and CTO for Microsoft’s US Health & Life Sciences Industry group.   As a member of Microsoft’s Healthcare leadership team, Hector focuses on the development and deployment of “go to market” Health IT solutions, security and compliance, devices and overall industry strategy. His team works with healthcare customers and partners to drive Health IT as a strategic... Read More →


Friday May 20, 2016 1:30pm - 2:20pm
Ballroom C-D

2:30pm

Building Security into Your Websites

"Let's be positive."

The Beatles once sang, "I've got to admit it's getting better, a little better all the time, because it can't get more worse" and that applies directly to the field application security. The successes in building security into common application development frameworks is remarkable and has, in some ways, made secure coding less of an effort for the developer.

 

While much needs to be done in this area, there are many very positive examples of security characteristics built correctly into frameworks and emerging standards. This talk with bring the "positive Hawaiian vibe" to ISSA and highlight that things really are getting better in AppSec - all time - if you look in the right places.


Speakers
avatar for Jim Manico

Jim Manico

Founder, Secure Coding Instructor, Manicode Security
Jim is the founder of Manicode Security where he trains software developers on secure coding and security engineering. Jim is a frequent speaker on secure software practices and is a member of the Java-One Rock Star speaker community. Jim is a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization  | and is the author of "Iron-Clad Java: Building Secure Web Applications" from... Read More →


Friday May 20, 2016 2:30pm - 3:20pm
Ballroom A

2:30pm

Default Deny in Today’s Default Allow World
How’s your security posture these days? Good? Bad? Invincible? If it’s based on a Default Allow platform, which, sadly is all too common, your security posture is far from invincible. The standard Default Allow posture can’t hope to keep up with the flood of malware being created every day. In contrast, a Default Deny posture provides total protection against all zero-day threats, but historically this has come with end-user experience, productivity, or workflow issues. John Peterson, VP and General Manager of Comodo’s Enterprise products will discuss Comodo’s revolutionary Default Deny Platform and with its next generation Default Deny posture Comodo completely protects your environment without compromising end-user experience, productivity, or workflow.

Speakers
avatar for John Peterson

John Peterson

Vice President & General Manager, Comodo
With a deep history and career in cybersecurity, John is responsible for shaping the enterprise product roadmap for the company, along with the execution of the company’s product marketing strategy. John works across the leadership, engineering, sales and marketing teams within Comodo to integrate the product strategy and ensure the success of all product lines in the enterprise market. Before joining Comodo in 2015, John led Sales... Read More →


Friday May 20, 2016 2:30pm - 3:20pm
Ballroom B

2:30pm

The Inevitable Path to the Cloud
As the world-wide cyber-threat environment continues to evolve, organizations need to begin thinking differently about information security and the protection of their infrastructure. Specifically, the evolution from perimeter-centric, hardware based environments to virtualized data centers and the cloud.  As IT organizations are driven to transition their CapEx investments to OpEx spending, the economic efficiencies of virtualization through SaaS, IaaS and PaaS, provide a rational path to those goals.  From a security perspective however, security models that don’t sufficiently address workload and application-aware segmentation, lateral traffic visibility, and network-based threat detection of on-premises data center and public cloud-based environments leave a huge gap in the overall security posture. This talk will provide CIO's and CISO's struggling with decisions about migration to the cloud with some thoughts about how the cloud can be the catalyst that improves security while also reducing costs and technology footprint.

Speakers
avatar for Mark Weatherford

Mark Weatherford

SVP, Chief Cybersecurity Strategist, vArmour
SVP, Chief Cybersecurity Strategist at vArmour, former DHS First Deputy Under Secretary for Cybersecurity, and the former first CISO of California.


Friday May 20, 2016 2:30pm - 3:20pm
Club Room

2:30pm

Panel Discussion: Strategic Operational Risk Planning & Response
Learn how your company/organization can develop an overall cyber security plan and strategy. Are you adequately assessing your cyber security risk and addressing remediation of deficiencies identified? These are key activities to counter the advanced threats and minimize loss of your valuable information.

Moderators
avatar for Andrew J. Ward

Andrew J. Ward

Andy is currently working with Ridge Global Services on the overall development and execution of a strategy.  The objective of RGS is to provide end to end cyber security capabilities.   | | RGS provides the following capabilities to companies in the area of Cyber Security:    Development of overall cyber security planning and strategy for organizations Assist companies with their cyber security risk... Read More →

Speakers
avatar for Ben Cotton

Ben Cotton

Ben Cotton is the CEO of CyTech Services, a Ridge Global affiliated company. He provides clients with security assessments of information systems, computer forensics and electronic discovery. Ben uses the skills he gained from his extensive military service experience in special operations to meet the needs of government and commercial clients. He leads incident response and litigation support engagements. Ben founded CyTech as he was preparing... Read More →
avatar for Michael O'Hare

Michael O'Hare

BDO Alliance, USA, Executive Director – Retired
Mike has more than 33 years of experience in providing tax consulting services to a wide range of clients in a variety of industries.  Throughout his career he has served as the managing partner for six BDO offices, was a member of the Firm’s Board of Directors, and played active roles on the Firm’s Risk Management, Partner and Employee Compensation Committees. In 1999, Mike joined the BDO Alliance Team and became the... Read More →


Friday May 20, 2016 2:30pm - 3:20pm
Ballroom C-D

3:20pm

4:00pm

Panel: Privacy vs Security; Apple and the FBI
This topic is being discussed all over Twitter and Social media. There are many facets to this, and much misinformation. Come here the experts as they explain what is really going on, discuss this hot issue and defend their viewpoints.

Moderators
avatar for Richard Greenberg

Richard Greenberg

President, ISSA-LA
Richard Greenberg, CISSP, is the President of both the OWASP and ISSA Los Angeles Chapters and is the Information Security Officer for the Los Angeles County Department of Public Health. He brings over 25 years of management experience and has been a strategic and thought leader in IT and Information Security for both the private and public sectors. His Project Management, Security Management and Operations, and Policy and Compliance experience... Read More →

Speakers
avatar for Peter Bibring

Peter Bibring

Director of Police Practices & Senior Staff Attorn, ACLU of Southern California
Peter Bibring (@PeterBibring) is a senior staff attorney at the ACLU of Southern California and director of police practices for the ACLU of California. He joined ACLU SoCal as a staff attorney in 2006. Peter works on a wide range of police-related issues, including race and bias in policing, gang injunctions, excessive force, search and seizure, police interference with First Amendment rights, national security, civilian oversight, and... Read More →
avatar for Andrew Crocker

Andrew Crocker

Staff Attorney, Electronic Frontier Foundation
Andrew is a staff attorney for the Electronic Frontier Foundation. He focuses on EFF’s national security and privacy docket, as well as the Coders' Rights Project. While in law school, Andrew worked at the Berkman Center for Internet and Society, the American Civil Liberties Union’s Speech, Privacy, and Technology Project, and the Center for Democracy and Technology. He received his undergraduate and law degrees from Harvard... Read More →
GF

Gary Fagan

Chief Deputy District Attorney, San Bernardino County
Gary Fagan started as a San Bernardino County Deputy District Attorney in December 1977. Since 2008 he has been the Chief Deputy District Attorney for the Specialized Prosecutions Division of the District Attorney’s office, overseeing the Appellate, Asset Forfeiture, Child Abduction, Consumer and Environmental Protection, Conviction Review, Electronic Intercept, Insurance Fraud, Real Estate Fraud, Welfare Fraud, Sexually Violent... Read More →
avatar for Ronald Raether, Jr.

Ronald Raether, Jr.

Partner, Troutman Sanders
Ron Raether is a partner in the Cybersecurity, Information Governance and Privacy, and Financial Services Litigation practices at Troutman Sanders. Ron is known as the interpreter between the business and information technology, guiding both parties to the best result. In this role, Ron has assisted companies in navigating federal and state privacy laws for almost twenty years. Ron's experience with technology‑related issues, including data... Read More →


Friday May 20, 2016 4:00pm - 4:50pm
Ballroom B-D

4:50pm

Closing Keynote
Speakers
avatar for Cory Doctorow

Cory Doctorow

Special Consultant, Electronic Frontier Foundation
Cory Doctorow (craphound.com) is a science fiction novelist, blogger and technology activist. He is the co-editor of the popular weblog Boing Boing (boingboing.net), and a contributor to The Guardian, Publishers Weekly, Wired, and many other newspapers, magazines and websites. He is a special consultant to the Electronic Frontier Foundation (eff.org), a non-profit civil liberties group that defends freedom in technology law, policy, standards and... Read More →


Friday May 20, 2016 4:50pm - 5:40pm
Ballroom B-D

5:40pm