Loading…

Welcome to ISSA LA Tenth Annual Information Security Summit. We will have great training opportunities and amazing speakers. 

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, May 2
 

8:00am

Training 1-day: Essential Defensive Strategies with Kevin Cardwell
Title
Essential Defensive Strategies
Description
In the Essential Defensive Strategies you will learn the concept of “thinking like a hacker” to defend from the types of attacks that are commonly conducted against the IT corporate networks as well as industrial control networks. You will learn powerful methods to analyze the risk of both the IT and corporate network. Once your foundation has been set you will look at the best practices recommendations when it comes to reducing the attack surface. You will learn a systematic process of intrusion and malware analysis.
Class requirements
Hardware
– At least 25 GB of free space
– Laptop with a minimum of 4 GB RAM
– USB access allowed
Software
– Virtualization software installed (VMWare and/or VirtualBox)
– Administrative privileges on the system


Speakers
avatar for KEVIN Cardwell

KEVIN Cardwell

President, CESI
Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate atcompromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways... Read More →


Wednesday May 2, 2018 8:00am - 5:00pm
HIRO ROOM

8:00am

Training 2-days: IoT Embedded Security, Reverse Engineering, and Beyond
Title:
IoT Embedded Security, Reverse Engineering, and Beyond

Author and Trainer: 
Aaron Guzman is a security consultant serving as the Head of Automotive & IoT with Aon’s Cyber Solutions Group in Los Angeles. Mr. Guzman has spoke at several word-wide conferences which include: DEF CON, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, 44Con, AusCERT as well as several regional BSides events. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), a Technical Editor, and Co-Author of "IoT Penetration Testing Cookbook" with Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and several others. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on Twitter at @scriptingxss  

Description:
In light of the uprising spike in IoT botnets impacting critical infrastructures around the world, purchasing products that claim to be “secure" captivate our curiosity and skepticism. With so much fud, snake oil, and self proclaimed secure features, it’s become our due diligence to verify these claims. Come learn how you can debunk IoT firmware security controls by trying, before buying. 
The IoT embedded security and reverse engineering training is designed to help bring IT and information security professionals up to speed on testing IoT systems, employing proactive controls, and addressing challenges of building security into embedded devices. Hands on demonstrations and labs will be given throughout the course to maximize real world practicality. Upon completion of the two day course, participants will learn the following:  

- How to identify vulnerabilities in medical devices, industrial control system devices, consumer IoT, and automotive
- Understand IoT botnet exploitation techniques that impact critical infrastructures and how to apply appropriate mitigating controls
- Understand embedded security testing methodology, techniques, and tools
- Firmware reverse engineering, emulation, and binary exploitation
- Understand embedded system design constraints that pose security risks
- How to perform a threat model exercise for embedded devices
- Connected vehicle embedded security considerations
- Identify and apply best practices, as well as techniques for integrating security into the development lifecycle
- Identify and create backdoors into ARM and MIPS based firmware
- Understand security controls for Embedded, Linux, Embedded Windows, and real time operating systems (RTOS) platforms 

Course Prerequisites:
– Familiarity with a Linux operating system
– Admin Rights to Computer….If you do not have install rights no problem as we will work in pairs for the labs.
 
Hardware:
– At least 25 GB of free space
– Laptop with a minimum of 4 GB RAM
– USB access allowed
 
Software:
– Virtualization software installed (VMWare and/or VirtualBox)
– At the start of the class, we will share a virtual machine which will have all the tools and labs preconfigured for the training.

Speakers
avatar for Aaron Guzman

Aaron Guzman

Head of IoT, Aon
Aaron Guzman is a Director with Aon’s Cyber Solutions group, also serving as Head of Automotive & IoT Testing. Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. Mr. Guzman has extensive public speaking experience delivering... Read More →


Wednesday May 2, 2018 8:00am - 5:00pm
Salon 6 (Mezzanine)

8:00am

Training 2-days: The OWASP Application Security Verification Standard 3.1
Title
The OWASP Application Security Verification Standard 3.1

Description
This 2-day training will help software developers, security professionals and other software professionals learn about BUILDING AND TESTING SECURE WEB APPLICATIONS AND WEBSERVICES. We’ll cover over a dozen security categories and over 200 individual web security requirements from Cross-Site Scripting (XSS) to SQL injection. Our goal is to both cover a wide variety of requirements that make up secure web and webservice software and also dive deeply into some of the more critical and obscure requirements.

About ASVS
The OWASP Application Security Verification Standard (ASVS) provides a basis for testing web application security controls and also provides developers with a list of requirements for secure development. For more information on the OWASP ASVS project please visit https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

Equipment Needed
A basic laptop to write and take notes will be helpful.

About the Instructor
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is also a frequent speaker on secure software practices, is a member of the JavaOne rockstar speaker community and is the author of “Iron-Clad Java: Building Secure Web Applications” from McGraw-Hill and Oracle Press.Jim also volunteers for the OWASP foundation where he helps build application security standards and other documentation. For more information, seehttp://www.linkedin.com/in/jmanico.

Speakers
avatar for Jim Manico

Jim Manico

Founder, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences andBitDiscovery. Jim is a frequent speaker on secure software practices, is a member... Read More →


Wednesday May 2, 2018 8:00am - 5:00pm
Mandarin (Mezzanine)
 
Thursday, May 3
 

7:50am

Training 1-day: So You Want to Run a Secure Service on AWS?
Learn how to secure your AWS environment.
Areas within AWS that will be covered:
1. The 3 Layers in AWS
2. Security Constructs in AWS
3. What does an ideal architecture look like
4. How do I build it
5. How do I maintain/monitor it
6. How do I break it

Students will have the opportunity to learn about core services and the security concerns with each while chatting with security engineers at Netflix.  In the end, students will walk away with a better understanding of AWS and a multi-account AWS environment.

Students need to come with a laptop and a brand new AWS account that they have root access to.

Speakers
avatar for William Bengston

William Bengston

Senior Security Engineer, Netflix
Will Bengtson is senior security engineer at Netflix focused on security operations and tooling.  Prior to Netflix, Bengtson led security at a healthcare data analytics startup, consulted across various industries in the private sector, and spent many years in the Department of Defense... Read More →


Thursday May 3, 2018 7:50am - 3:50pm
Sierra Suite

7:50am

Training 1-day: Using CyberOps Deception to Protect the Network
No matter how much “security” is put in place, the reality is we are running our data on protocols that were developed many years ago when the Internet was small and as a result of this, these protocols are based on the principle of trust; therefore, to truly defend we need to modify these protocols. The concept is, if the protocols can be changed then the result of this will be frustration and confusion for the adversary.

In this training, the advanced defensive concepts will be explored and the power of using deceptionat different layers of the network. The attacker depends on information that is gathered during their surveillance, and with deception we change the network at layer 2-4 and the result of this is the attacker’s collected data is no longer valid and useless for them, this requires the attacker to start the information gathering process over again. In a robust defensive solution, the network can change multiple times based on the classification of the threat, and each time it changes, the attacker is lost and has to start the recon process over again. These concepts change the game and put the defender in control! After this training you will be able to deploy deceptive tactics and frustrate even the elite hackers.

Class requirements
Hardware
– At least 25 GB of free space
– Laptop with a minimum of 4 GB RAM
– USB access allowed
Software
– Virtualization software installed (VMWare and/or VirtualBox)
– Administrative privileges on the system

Speakers
avatar for KEVIN Cardwell

KEVIN Cardwell

President, CESI
Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate atcompromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways... Read More →


Thursday May 3, 2018 7:50am - 3:50pm
HIRO ROOM

7:50am

Training 2-days: Embedded Security, IoT, and Reverse Engineering 101
Title:
Embedded Security and Reverse Engineering 101

Author and Trainer: 
Aaron Guzman is a Principal Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. Mr. Guzman has spoken at several word-wide conferences which include: DEF CON, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, 44Con, AusCERT as well as several regional BSides events. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), a Technical Editor, and currently writing an IoT Pentesting Cookbook for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and several others. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community.

Description:
Embedded security training is designed to provide embedded application security best practices, employing proactive controls, testing of embedded IoT systems, and address the challenges of building security into embedded devices.  This course is suited for embedded systems engineers, software developers, and security professionals. Hands on demonstrations and labs will be given throughout the course. Upon completion of the two day course, trainees will learn the following:
– How to identify vulnerabilities in embedded devices
– Understand the embedded security testing methodology, techniques, and tools
– Firmware reverse engineering, emulation and binary exploitation
– Connected vehicle embedded security considerations
– Understand embedded system design constraints that pose security risks
– How to perform a threat model exercise for embedded devices
– Learn defensive practices to protect embedded applications
– Identify and apply best practices, as well as techniques for integrating security into the development lifecycle
 
Course Prerequisites:
– Familiarity with a Linux operating system
– Familiarity with a real time operating system (RTOS)
– Admin Rights to Computer….If you do not have install rights no problem as we will work in pairs for the labs.
 
Hardware:
– At least 25 GB of free space
– Laptop with a minimum of 4 GB RAM
– USB access allowed
 
Software:
– Virtualization software installed (VMWare and/or VirtualBox)
– Administrative privileges on the system
– At the start of the class, we will share a virtual machine which will have all the tools and labs preconfigured for the training.


Speakers
avatar for Aaron Guzman

Aaron Guzman

Head of IoT, Aon
Aaron Guzman is a Director with Aon’s Cyber Solutions group, also serving as Head of Automotive & IoT Testing. Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. Mr. Guzman has extensive public speaking experience delivering... Read More →


Thursday May 3, 2018 7:50am - 3:50pm
Salon 6 (Mezzanine)

7:50am

Training 2-days: The OWASP Application Security Verification Standard 3.1
Title
The OWASP Application Security Verification Standard 3.1

Description
This 2-day training will help software developers, security professionals and other software professionals learn about BUILDING AND TESTING SECURE WEB APPLICATIONS AND WEBSERVICES. We’ll cover over a dozen security categories and over 200 individual web security requirements from Cross-Site Scripting (XSS) to SQL injection. Our goal is to both cover a wide variety of requirements that make up secure web and webservice software and also dive deeply into some of the more critical and obscure requirements.

About ASVS
The OWASP Application Security Verification Standard (ASVS) provides a basis for testing web application security controls and also provides developers with a list of requirements for secure development. For more information on the OWASP ASVS project please visit https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

Equipment Needed
A basic laptop to write and take notes will be helpful.

About the Instructor
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is also a frequent speaker on secure software practices, is a member of the JavaOne rockstar speaker community and is the author of “Iron-Clad Java: Building Secure Web Applications” from McGraw-Hill and Oracle Press.Jim also volunteers for the OWASP foundation where he helps build application security standards and other documentation. For more information, seehttp://www.linkedin.com/in/jmanico.

Speakers
avatar for Jim Manico

Jim Manico

Founder, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences andBitDiscovery. Jim is a frequent speaker on secure software practices, is a member... Read More →


Thursday May 3, 2018 7:50am - 3:50pm
Mandarin (Mezzanine)

11:30am

CISO Innovation Shipyard Alliance Technology Forum Showcase and Luncheon
Bringing together CISO's and Cyber Security Leaders to discuss the current cyber threats facing their organizations, and the role emerging technologies can help to combat them.

11:30-11:45 Registration
11:45-12:30 Lunch – Introduction to the Innovation Shipyard Alliance Concept
C-level gathering with a twist. The ability to talk freely and candidly about innovative technology. Discussions must be constructive. Sit at tables with C-levels and senior technologists who are interested in innovative technology in your specific area of technology.
12:30pm – 1:05pm Keynote Speaker – Bridging Management and Technology as Companys Embrace Innovation
As we find fewer and fewer borders with more and more IoT, how do we control, audit and assess risk in these environments? How can new innovative technology assist?
1:05-1:15pm Networking Break
1:15-2:00pm Innovation Showcase -
Four emerging technology companies will be presenting for review. Each company will give their best executive pitch about what makes them the new trending innovative technology
2:00-2:30pm Innovation Technology Panel
What do our Innovation Showcasers see companies struggling with and how do you fill that gap? What do CISOs and CIOs need to do to get support for new security technology? Why has your ship been able to take off like Elan Musk’s Tesla with RocketMan on board? Why should they get on board? Are you faster? More efficient? A better technology?
2:30-2:45pm Networking Break
2:45-3:15pm Progressive CISOs/C-level Innovation Panel
Discuss the real-life challenges they have faced/heard with new technology in their environments. Ask questions about how they would embrace innovative technologies and sell it to their boards
3:15-3:30pm Synopsis
Executive Summary takeaways, survey participant gift: This is where we share key memory retention points about the technologies that have been shared. Showcasers will raffle of some cool prizes.
[Note: Students are allowed to volunteer and participate to help seed the future. Who knows, these soon to be grads in technology may need an internship and you as a Showcaser or C-level may need some young minds. It’s a way of giving back to our community.]

Thursday May 3, 2018 11:30am - 3:50pm
Club Room

4:00pm

Empower Cyber Security Leadership Through Emotional Intelligence
Empower Cyber Security Leadership Through Emotional Intelligence
Research clearly shows that a person can have the best training in the world, a sharp, analytical mind and an endless supply of smart ideas, but they still will not make a great leader without a high Emotional Intelligence (EI). This holds especially true for information and cyber security professionals. Harnessing Emotional Intelligence is vital to ensuring effective communication between InfoSec executives and their security teams as well as communication between security executives, stakeholders, teammates, lines of business leaders, customers, and their board of directors. Strong working relationships and interpersonal skills are the keys to success in every area of human activity, especially for a cyber security professional to enhance their leadership skills and bring out the best in their teams. Join Marci McCarthy as she discusses how to best utilize Emotional Intelligence to get ahead, learn how to be authentic to yourself, how to shape your conversations as a thought leader, and how to improve confidence and professionalism.

Speakers
avatar for Marci McCarthy

Marci McCarthy

CEO and President, T.E.N.
Marci McCarthy is currently the CEO and President of T.E.N., an information security executive networking and relationship marketing firm. McCarthy has more than 20 years of business management and entrepreneurial experience, including founding T.E.N.’s flagship program, the Information... Read More →


Thursday May 3, 2018 4:00pm - 4:50pm
Club Room

4:00pm

Capture The Flag How-To and Competition sponsored by the Women in Security Forum
New to InfoSec? Master AppSec engineer? Come test your skills against your fellow engineers in security (and maybe pick up a couple new skills along the way). We will begin with a short class on the basics of secure coding and the types of vulnerabilities you'll be able to hunt. Next, you'll show who runs the leaderboard with an old fashioned capture the flag competition. This class is designed to accommodate all levels of skill and experience. Even if you’re not the competitive type and you’re just a little bit curious, please register and come poke at our app.

This course is part of the Summit X Women in Security Forum, but all are welcome to attend.

Speakers
avatar for Samantha Davison

Samantha Davison

Security Engineering Manager, Snapchat
Samantha Davison is a Security Engineering Manager at Snap Inc. where she combats spam and abuse, designs security products, and leads security education and awareness efforts for employees and users. Before Snap, Samantha designed and implemented security awareness programs at Uber... Read More →
avatar for Alex Levinson

Alex Levinson

Senior Security Engineer, Uber
Alex is Senior Security Engineer at Uber. He has technical security proficiency across multiple domains - security, operations, and software development. Alex is a frequent speaker at RSA, BSides, PFIC, HICSS, and he is actively engaged in the security industry. Alex has strong... Read More →


Thursday May 3, 2018 4:00pm - 5:50pm
HIRO ROOM

5:00pm

Panel Discussion: Building Personal Brand & Visibility in Cyber Security
Panel Discussion: Building Personal Brand & Visibility in Cyber Security
In order to be successful in any business, you need to have a distinct personal brand that allows you to stand out from the crowd. This means articulating a clear and concise statement of who you are, acting on that branding consistently. Personal branding has become a necessity for security and technology professionals. Career opportunities in information security have become more dynamic than ever before. Security executives are now seeing more interest from their boards and a strong cybersecurity program is now a necessity for companies in all industries. Moreover, with the industry now facing a significant skill shortage, the ability to make a positive impact and first impression can give those looking to break into or move up in the world of InfoSec a strong advantage. Join our panel as we discuss the value of creating a strong personal brand through, social media building, power networking, and opportunities to continue improving your skills and talents as an information security professional.

Moderators
avatar for Marci McCarthy

Marci McCarthy

CEO and President, T.E.N.
Marci McCarthy is currently the CEO and President of T.E.N., an information security executive networking and relationship marketing firm. McCarthy has more than 20 years of business management and entrepreneurial experience, including founding T.E.N.’s flagship program, the Information... Read More →

Speakers
avatar for Debbie Christofferson

Debbie Christofferson

Information Security Consultant, Sapphire-Security Services LLC
Debbie Christofferson - Information Security Consultant, Sapphire-Security Services LLCFortune 500 Enterprise Wide Information Security Manager experienced across the US, Europe and Asia.  Strategic security leader and consultant with broad comprehensive security and risk management... Read More →
avatar for Julie Yoo Jin

Julie Yoo Jin

Vice President, Payment Security & Governance, Live Nation
Julie is the Vice President of Payment Security & Governance for Live Nation Entertainment, the world’s leading producer and promoter of live entertainment and the parent company of Ticketmaster and the House of Blues. Julie joined Live Nation in January 2013 and is responsible... Read More →
avatar for Sandra Lambert

Sandra Lambert

CEO, Lambert & Associates
SANDRA M. LAMBERT is the CEO of Lambert & Associates, LLC, where she specializes in cybersecurity and business continuity consulting, with clients worldwide (http://www.lambert-associates.com). Prior to consulting, she worked at Citibank and Security Pacific Bank as the Director of... Read More →
avatar for Jennifer Sunshine Steffens

Jennifer Sunshine Steffens

CEO, IOActive
Jennifer Sunshine Steffens is the Chief Executive Officer of IOActive, a global consulting firm dedicated to making the world a safer place. She spearheads IOActive’s global business operations, drives the company’s strategic vision and leads IOActive’s team of world-renowned... Read More →


Thursday May 3, 2018 5:00pm - 5:50pm
Club Room

6:00pm

 
Friday, May 4
 

7:30am

8:10am

Welcome Address: Richard Greenberg
Speakers
avatar for Richard Greenberg

Richard Greenberg

Global Board of Directors, OWASP
Richard Greenberg, CISSP, AppSec California C0-Chair, is a well-known Cyber Security Leader and Evangelist, CISO, Advisor, and speaker.Richard brings over 30 years of management experience and has been a strategic and thought leader in IT and Information Security. His Project Management... Read More →


Friday May 4, 2018 8:10am - 8:25am
Ballrooms A-D

8:30am

Opening Keynote - Do we need a "Geneva Convention" for cyberspace?
For all of its tremendous power, the US appears to have face-planted in the 2016 election, and is probably about to repeat that in 2018. So, what - other than spend a lot of money making face-prints - are we going to do?

Speakers
avatar for Marcus Ranum

Marcus Ranum

Renowned Network and Security Expert
Marcus J. Ranum is a world-renowned expert on security system design and implementation. Ranum is a pioneer in security technology who was one of the early innovators in firewall, VPN, and intrusion detection systems. He has been involved in every level of operations of a security... Read More →


Friday May 4, 2018 8:30am - 9:20am
Ballrooms A-D

9:20am

9:30am

Break - Vendor Expo
Friday May 4, 2018 9:30am - 10:00am
Sierra Foyer

10:00am

Incorporating Security Practices into Business Processes
Speakers
avatar for Ira Winkler

Ira Winkler

President, Secure Mentem
Ira Winkler, CISSP is President of Secure Mentem and author of Advanced Persistent Security. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations... Read More →


Friday May 4, 2018 10:00am - 10:50am
Club Room

10:00am

HIPAA, OCR, Breaches, Audits and YOU
HIPAA, OCR, Breaches, Audits and YOU!
This talk will cover:
  • Recent guidance from OCR
  • A broad overview of the HITECH Audit program
  • Latest statistics on breaches reported to OCR
  • Lessons learned from recent settlement agreement cases and continuing enforcement issues, including Risk Analysis and Risk Management



Speakers
avatar for Yun-kyung Lee

Yun-kyung Lee

Deputy Regional Manager, HHS/OCR
Yun-kyung (Peggy) Lee is the Deputy Regional Manager in the Pacific Region of the U.S Department of Health and Human Services, Office for Civil Rights (OCR).  Ms. Lee began as an Investigator at OCR in 2003 conducting investigations and recommending resolution of complaints alleging... Read More →


Friday May 4, 2018 10:00am - 10:50am
Ballroom C

10:00am

Security Champions: How to Build an Alliance with Developers
Are you responsible for more than just AppSec? What do you do when you have more teams to support than security experts? How can you make security champions out of dissenters in the development team?
 
There just aren’t enough security experts to go around. You have to support the multitude of Agile and DevOps teams that are making production software changes anywhere from once a month to several times a day. The lack of resources coupled with the ever increasing responsibilities can make you feel like a rogue warrior in the battle against cybercrime. What’s a security professional to do? Whether you are a team of one or five, there aren’t enough hours in the day, and even if there was more budget, good luck finding enough security professionals. What if I told you that through careful selection and good training it is possible to build your own army from the very people who own the development process?
 
What you will learn:
 
1. Who to recruit as security champions
2. How to train these champions in productive application security
3. How to measure success
4. How to build a scalable security program
5. What to expect from champions (responsibilities)

Speakers
avatar for Chris Eng

Chris Eng

VP Research, Veracode
Chris Eng is vice president of research at Veracode, where he leads the team responsible for integrating security expertise into Veracode’s core product offerings. Prior to Veracode, he was technical director at Symantec (formerly @stake) and an engineer at the National Security... Read More →


Friday May 4, 2018 10:00am - 10:50am
Ballroom A

10:00am

Threat Intelligence - Denial, Deception, and Human Manipulation
Deception, distortion, dishonesty are core to adversary actions. Are you susceptible to these actions? Our adversaries use these methods to purposefully manipulate our data and manage our perceptions. The talk covers past methods deception used against adversaries, threat intelligence and how data can be perceived differently, methods to manipulate your particular bias, as well as denial, deception, and cyber dirty tricks. This discussion engages the audience to actively participate in the discussion.

Speakers
avatar for Jeff Bardin

Jeff Bardin

Treadstone71, Chief Intelligence Officer
Jeff Bardin is the Chief Intel Officer for Treadstone 71. In 2007, he was awarded the RSA Conference Award for Excellence in the Field of Security Practices. His team also won the 2007 SC Magazine Award – Best Security Team. Bardin served in the USAF as a cryptologic linguist and... Read More →


Friday May 4, 2018 10:00am - 10:50am
Ballroom B

11:00am

Time Travel Hacking
Humans became the most dominant species by being persistence hunters – we simply hunted our prey to the point of exhaustion. Unfortunately, a certain class of adversaries have a virtually unlimited amount of time and resources… to hunt you until they overtake you. The indiscretions of your company’s past are coming back to haunt you. We’re collectively being hunted by an adversary that can outspend and outsmart us. We have nowhere to run, and nowhere to hide. Our only hope is to be ready, be nimble, and be willing to sacrifice a limb if necessary to save the body. To explore this increasingly dangerous problem, we’re going to have to go back in time. Buckle up! It’s going to be bumpy.

Speakers
avatar for Robert Hansen (rsnake)

Robert Hansen (rsnake)

CTO, Bit Discovery
Robert Hansen became the CTO of Bit Discovery after his company OutsideIntel was acquired. Mr. Hansen has worked for Digital Island, Exodus Communications and Cable & Wireless beginning as a Sr. Security Architect and eventually leading managed security services product management... Read More →


Friday May 4, 2018 11:00am - 11:50am
Club Room

11:00am

Tick Tock and Knock Knock - The Science and the Art of Responding to an Incident
"Tick Tock and knock knock". That's the sound of time ticking away and a myriad of parties looking for answers during a cyber incident. If the combination of technical fact finding, coordination, executives asking questions, and the pressure to figure out legal notification requirements aren't enough, throw in the fact that external parties and regulators want quick and accurate answers.  This session will discuss the science and the art of responding to an incident from both the technical and legal perspectives, how collaboration is crucial and where organizations have come out better than before after such crisis.

Speakers
avatar for William Dixon

William Dixon

Associate Managing Director, Kroll Cyber Security
Bill Dixon is an Associate Managing Director in Kroll’s Cyber Security and Investigations practice in the Los Angeles office. Bill is an experienced information security services executive, who over a 16-year career, has served in both technical and client management roles with... Read More →
avatar for Jennifer Rathburn

Jennifer Rathburn

Partner, Foley & Ladner LLP
Jennifer L. Rathburn is a partner with Foley & Lardner LLP. Ms. Rathburn focuses her practice on counseling clients on data protection programs, data incident management, breach response and recovery, monetization of data, and other privacy and security issues. She is one of the founders... Read More →


Friday May 4, 2018 11:00am - 11:50am
Ballroom C

11:00am

The Big Picture in Cyber: The New Global Competitive Model
T. Casey Fleming serves as Chief Executive Officer for BLACKOPS Partners Corporation, the leading intelligence, think tank, strategy, and cybersecurity advisors to senior leadership of the world’s largest organizations. Mr. Fleming is widely recognized as a top thought-leader, leading expert and keynote speaker on cybersecurity, intelligence, strategy, national security, and asymmetrical hybrid warfare. He advises top leadership of business, government, the military, The White House, and Congress. He is co-author of SPECTRE, the breakthrough asymmetrical warfare exercise. The Cybersecurity Excellence Awards recently named him Cybersecurity Professional of the Year. Mr. Fleming built and led global organizations for IBM Corporation, Deloitte Consulting, and Good Technology. He served as founding managing director of IBM’s highly successful Cyber division, now IBM Security. Mr. Fleming received his Bachelor of Science degree from Texas A&M University and has participated in executive programs with Harvard Business School, The Wharton School, and IBM Corporation.

BLACKOPS Partners Corporation
Website: www.blackopspartners.com
Email: cfleming@blackopspartners.com

Speakers
avatar for Casey Fleming

Casey Fleming

CEO, BLACKOPS Partners
T. Casey Fleming serves as Chief Executive Officer for BLACKOPS Partners Corporation, the leading intelligence, think tank, strategy, and cybersecurity advisors to senior leadership of the world’s largest organizations. Mr. Fleming is widely recognized as a top thought-leader, leading... Read More →


Friday May 4, 2018 11:00am - 11:50am
Ballroom A

11:00am

Not Your Server, But Still Your Code
Serious attention is being paid to Serverless and Functions as a Service (FaaS), enough so to warrant some introspection from a security practitioner's perspective. This talk examines the shift from traditional security to cloud and serverless security models. Get prepared to see how security professionals can prepare for a business culture that encourages breaking down silos and democratizing security across the organization.
The idea of FaaS does not fundamentally differ from traditional cloud compute resources with
regards to the impacts of a successful attack. However, the risk directly imposed on the organization is heavily reduced and primarily focuses on development defined code and configurations.
In this talk we examine ...
As security practitioners we need to accept that learning some aspect of development is as important as understanding what an IP is.
First we’ll need to define, contextualize, and visualize the terminology from a security perspective:
  • Agile to DevOps progression
    • DevSecOps, Rugged DevOps
  • CI/CD
  • Microservice
  • Build Automation
  • Containers
  • Pipelines
    • Abstract of SDLC pipeline
    • Typical SDLC pipeline (FOSS)
    • Security centric DevOps pipeline (FOSS/Service)
There’s a high likelihood that your organization is either considering or is currently adopting some aspect of the DevOps culture and possibly testing services on serverless types of technologies. What can you as either a practicing security professional or an interested stakeholder do to prepare for a business culture that encourages breaking down silos and democratizing security across the organization. One of the greatest benefits of all of this is the ubiquity of REST API’s and web services. Traditionally breaking into or practicing security required deep understanding of network level protocols, tools like Nmap, metasploit, etc.. DevOps can be viewed as operations getting a table at previously development driven conversations. The newest approach is DevSecOps, Rugged DevOps, InfraOps, or some other term we’ve yet to settle on in the industry. However, these terms are the best way of saying that security finally has a place at the table and many of us realize we weren’t all that prepared for it. What can you do to get prepared and how can you provide impact in an environment that never seems to stop changing.

Speakers
avatar for Cody Wood

Cody Wood

Signal Sciences
After eight years in mining operations (non-crypto, because apparently that's a necessary distinction in 2018) Cody Wood set out for Houston, TX to attend a .NET programming bootcamp. After getting kicked out of the bootcamp he found infosec more specifically AppSec. Having spent... Read More →


Friday May 4, 2018 11:00am - 11:50am
Ballroom B

12:00pm

CIO/CISO Panel
Moderators
avatar for Richard Greenberg

Richard Greenberg

Global Board of Directors, OWASP
Richard Greenberg, CISSP, AppSec California C0-Chair, is a well-known Cyber Security Leader and Evangelist, CISO, Advisor, and speaker.Richard brings over 30 years of management experience and has been a strategic and thought leader in IT and Information Security. His Project Management... Read More →

Speakers
avatar for Gunter Ollman

Gunter Ollman

CTO Security, Cloud & Enterprise, Microsoft
Gunter Ollmann serves as CTO for Security and helps oversee the cross-pillar strategy for the Cloud and Enterprise Security groups. He has nearly three decades of information security experience in an array of cyber security consulting and research roles. Before joining Microsoft... Read More →
avatar for Edward Pagett

Edward Pagett

Chief Security Strategist, SecureMindset
Edward PagettChief Security Strategist - SecureMindsetEd has more than 25 years of executive experience in information security, risk management, and information technology. Ed previously served as Chief Information Security Officer of MAXIMUS, Chief Security Officer of Black Knight... Read More →
avatar for Steve Pomush

Steve Pomush

Director of IT, American Homes 4 Rent
Steve is an accomplished senior IT Executive with 30 years of proven ability to facilitate corporate success through leadership of technology operations and initiatives. His expertise includes information security, IT infrastructure, program management, and application development... Read More →
avatar for Alex Wood

Alex Wood

VP, Information Security, CISO, Pulte Group
Alex Wood has over 18 years of experience in Information Security and more than 22 year years in IT. Alex is the CISO for Pulte Financial Services and has managed security programs and services at several major companies in different verticals. In addition to his day job, Alex has... Read More →


Friday May 4, 2018 12:00pm - 12:50pm
Club Room

12:00pm

Building a Secure SDLC using OWASP ASVS
Derek Fisher, Application Security Manager with Cerner Corporation, will share with us how he achieved buy-in from upper management and the Applications Development team at Cerner to implement the OWASP Application Security Verification Standard (ASVS), ASVS provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development, to help protect applications with PHI.

Speakers
avatar for Derek Fisher

Derek Fisher

Application Security Manager, Cerner Corporation
Derek Fisher has spent 20 years in both hardware and software engineering. He has spent the last 5 years in an Enterprise Security role as an architect and manager where his team provides security services to Cerner's development organization. These services include vulnerability... Read More →


Friday May 4, 2018 12:00pm - 12:50pm
Ballroom C

12:00pm

Women in Security Panel: Future Trends in Cyber Security
The 2017 Global Information Security Workforce Study: Women in Cybersecurity, found that the cybersecurity industry is composed of only 11% women globally and 14% in North America.  Unfortunately, these numbers haven’t changed much since the previous survey in 2013.  Outside of being a women and diversity issue, this is also problematic for any business that wants to improve their approach to technology and security.  Research has shown that diverse teams produce more innovative ideas and smarter solutions, and is overall better for a company’s bottom line.  Join our panelists as they discuss how they are applying their areas of technical expertise to the cybersecurity field and share their vision of what some of the future trends and technical challenges might be.

Moderators
avatar for Sandra Lambert

Sandra Lambert

CEO, Lambert & Associates
SANDRA M. LAMBERT is the CEO of Lambert & Associates, LLC, where she specializes in cybersecurity and business continuity consulting, with clients worldwide (http://www.lambert-associates.com). Prior to consulting, she worked at Citibank and Security Pacific Bank as the Director of... Read More →

Speakers
avatar for Hala Al-Adwan

Hala Al-Adwan

VP of Technology, Signal Sciences Corp.
Despite a wildly successful high school acting career in Jordan, Hala found her passion for technology in her first C++ class at UCLA. She has over 15 years of experience as a technology executive, having built, scaled and advised engineering organizations at both small startups and... Read More →
avatar for Shannon Lietz

Shannon Lietz

Director, DevSecOps, Intuit Inc.
Shannon Lietz is an award-winning innovator with over two decades of experience pursuing advancedsecurity defenses and next generation security solutions.  Ms. Lietz is currently the DevSecOps Leaderfor Intuit where she is responsible for setting and driving the company’s security... Read More →
avatar for Tammy Moskites

Tammy Moskites

Managing Director, Sr. Security Executive, Accenture
Tammy has 30 years of experience and is noted by her peers to be a results-driven and passionate executive leader with expertise envisioning and leading Information Security, Cyber Security and Technology focused organizations. Tammy is currently working for Accenture as Managing... Read More →
avatar for Chenxi Wang, Ph.D.

Chenxi Wang, Ph.D.

General Partner, Rain Capital
Dr. Chenxi Wang is ,Managing General Partner at Rain Capital.  Chenxi built an illustrious career at Forrester Research, Intel Security, and CipherCloud. At Forrester, Chenxi covered mobile, cloud, and enterprise security, and wrote many hard hitting research papers. At Intel Security... Read More →
avatar for Jennifer Sunshine Steffens

Jennifer Sunshine Steffens

CEO, IOActive
Jennifer Sunshine Steffens is the Chief Executive Officer of IOActive, a global consulting firm dedicated to making the world a safer place. She spearheads IOActive’s global business operations, drives the company’s strategic vision and leads IOActive’s team of world-renowned... Read More →


Friday May 4, 2018 12:00pm - 12:50pm
Ballroom A

12:00pm

Change the Game: Deception as a Defense
No matter how much “security” is put in place, the reality is we are running our data on protocols that were developed many years ago when the Internet was small and as a result of this, these protocols are based on the principle of trust; therefore, to truly defend we need to modify these protocols. The concept is, if the protocols can be changed then the result of this will be frustration and confusion for the adversary. In this presentation advanced defensive concepts will be explored and the power of using deception at different layers of the network. The attacker depends on information that is gathered during their surveillance, and with deception we change the network at layer 2-4 and the result of this is the attacker’s collected data is no longer valid and useless for them, this requires the attacker to start the information gathering process over again. In a robust defensive solution, the network can change multiple times based on the classification of the threat, and each time it changes, the attacker is lost and has to start the recon process over again. These concepts change the game and put the defender in control! 

Speakers
avatar for KEVIN Cardwell

KEVIN Cardwell

President, CESI
Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate atcompromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways... Read More →


Friday May 4, 2018 12:00pm - 12:50pm
Ballroom B

12:50pm

12:50pm

12:50pm

12:50pm

1:10pm

Turning Up The Heat On Business Associate Contracting & Risk Management
Health care providers, health plans, health care clearinghouses and their businesses should reassess the adequacy of their current business associate contracts and risk management practices after the Office of Civil Rights (OCR) over the past year nailed both covered entity, Center for Children's Digestive Health (CCDH) and, for the first time, its business associate, FileFax for breaches of HIPAA’s business associate agreement and other privacy and security requirements.  Under the first HIPAA Resolution agreement announced by OCR with a business associate, OCR required the now bankrupt FileFax to pay a $100,000 penalty after having previously collected $31,000 from CCDH for its breaches of the HIPAA in its dealings with FileFax.  Coupled with widespread publicity over investigations and fallout resulting from the breach, compromise or misuse of personal health or consumer information held or accessed by third party business partners, the FileFax and CCDH resolution agreements send a strong signal that other covered entities and their business associates need to reevaluate and tighten their compliance, contracts and risk management practices.  Attorney Cynthia Marcotte Stamer, an attorney nationally recognized for her work, publications and leadership on health care and other privacy and data security compliance and risk management, will discuss these developments and provide tips to help for helping  privacy and security professionals strengthen their business associate agreements and compliance and risk management practices.  

Speakers
avatar for Cynthia Marcotte Stamer, Esq.

Cynthia Marcotte Stamer, Esq.

Management Attorney/Managing Shareholder, Cynthia Marcotte Stamer, P.C.
Cynthia Marcotte Stamer is a  Texas-based lawyer, health industry consultant, author, educator and policy advocate, valued nationally and internationally for her more than 30 years’ leading edge legal, policy and operations work helping health care and managed care providers and... Read More →


Friday May 4, 2018 1:10pm - 1:40pm
Ballroom C

1:10pm

CISO Lunch Roundtable Discussions
Join us as we break into discussion groups on four separate pressing topics. Choose your topic and join your peers, as you learn about and share successes and issues.
Topics include:  

Smart voice activated assistant devices in the work setting.
Whether it is working from home or at the office, if there is a smart speaker near, it is listening. I see an issue with a smart speaker recording a conversation and indexing it into big data - that big data is owned by a competitor who also is a content provider.

Compliance Fatigue 
A state of chronic fatigue induced by having to constantly maintain compliance with the ever-increasing variety of rules, regulations and processes created by middle management bureaucrats in both public and private organizations.

Managing Third-Party Risk
The world is becoming a riskier place and the interconnectedness of business relationships requires a greater level of risk management sophistication. Regulation brings a new level of complexity. Organizations heavily rely on third parties in order to improve profitability, decrease costs, speed up time to market, and to increase competitive advantage. Organizations have established sound programs to manage third party risks.

Innovative and New Security Technologies
The world has continued to expand digitally and open up an array of innovative and useful activities one can do online or via their mobile devices. While making these activities more secure has traditionally created more friction to a user’s experience, it doesn’t have to be that way. There are innovations occurring in security that allow these activities to achieve a great user experience while also achieving strong security. Come share in a discussion on some of these innovative and new security technologies that are creating a more frictionless yet secure online and mobile user experience.



Moderators
avatar for Cheryl Santor

Cheryl Santor

Information Security Manager (retired), Metropolitan Water District of Southern California
Information Security Professional recently retired from Metropolitan Water District of So. CA. Security specialist with over 28 years experience in Financial and Critical Infrastructure organizations. Active member of ISACA, ISSA, FBI Infragard working with these organizations to... Read More →

Speakers
avatar for Scott Hennon

Scott Hennon

SVP, Chief Information Security Officer, East West Bank
Scott Hennon, Senior Vice President, Deputy Chief Information Security Officer Scott is the Senior Vice President and Deputy Chief Information Security Officer at East West Bank. In his role, Scott provides leadership and guidance for safeguarding private sensitive information against... Read More →
avatar for Dan Meacham

Dan Meacham

Cyber Security and Compliance Officer, Legendary Entertainment
avatar for David Son

David Son

Director, AT&T
David managed DIRECTV’s IT Compliance and Risk Management program from IT SOX, PCI DSS, Private Data Governance, Cloud Governance and 3rd Party Assurance Programs since joining DIRECTV in 1999.  David has been involved in merger and acquistion process of DIRECTV by AT&T and currently... Read More →
avatar for Mike Villegas

Mike Villegas

Senior Vice President, K3DES LLC
Miguel (Mike) O. Villegas is a Senior Vice President for K3DES LLC. He performs and QA’s PCI-DSS and PA-DSS assessments for K3DES clients. He also manages the K3DES ISO/IEC 27002:2015 program. Mike was previously Director of Information Security at Newegg, Inc. for five years. Mike... Read More →


Friday May 4, 2018 1:10pm - 2:00pm
Club Room

1:45pm

Healthcare Security and Privacy Lunch Panel Discussion
Moderators
avatar for Cynthia Marcotte Stamer, Esq.

Cynthia Marcotte Stamer, Esq.

Management Attorney/Managing Shareholder, Cynthia Marcotte Stamer, P.C.
Cynthia Marcotte Stamer is a  Texas-based lawyer, health industry consultant, author, educator and policy advocate, valued nationally and internationally for her more than 30 years’ leading edge legal, policy and operations work helping health care and managed care providers and... Read More →

Speakers
avatar for Duncan  L. McKellar, Jr., MD

Duncan L. McKellar, Jr., MD

Orthopedic Surgeon, Baylor Scott & White Orthopedics - Carrollton
Dr. Duncan L. McKellar is an orthopedic surgeon who practices medicine at the largest not-for-profit healthcare system in Texas and one of the largest in the United States, Baylor Scott & White Healthcare.  He also serves as Medical Director of the Joint Wellness Program at Baylor... Read More →
avatar for Vicki Wool, MD MPH

Vicki Wool, MD MPH

Physician, Family Medicine, Private Practice
Dr. Wooll is Board Certified in Family Medicine and has been in independent practice since 2006.  She remains committed to staying involved in multiple advocacy activities at national, state and local levels focusing on health care access and reform. Dr. Wooll is Secretary & Co-Vice... Read More →


Friday May 4, 2018 1:45pm - 2:50pm
Ballroom C

2:00pm

CISO Roundtable Presentations
Hear the take-aways and lessons learned from all four discussion groups:
  • Compliance Fatigue: When you balance compliance with risk, invariably compliance wins! This is a fact of doing business. Compliance fatigue is a state of chronic fatigue induced by having to constantly maintain compliance with the ever-increasing variety of rules, regulations, and processes created by middle management bureaucrats in both public and private organizations. We are all faced with SOX, GLBA, HIPAA, PCI, NYCRR Part 500, DFARS, NIST SP 800-53, NIST SP 800-171, GDPR, including other laws and regulations by industry, such as financial services, federal contractors, public utilities, and many more. How does an enterprise keep up? How can an enterprise manage the compliance challenge? How can an enterprise ease the burden of non-compliance or worse yet the inevitable response to a breach? This discussion will compare the challenges all organizations have based on internal policies, federal and state regulations, and more recently international mandates that require cybersecurity compliance at an ever-increasing cost.
  • Achieving Frictionless Security in a Digital World: The world has continued to expand digitally and open up an array of innovative and useful activities one can do online or via their mobile devices. While making these activities more secure has traditionally created more friction to a user’s experience, it doesn’t have to be that way. There are innovations occurring in security that allow these activities to achieve a great user experience while also achieving strong security. Come share in a discussion on some of these innovative and new security technologies that are creating a more frictionless yet secure online and mobile user experience.

Moderators
avatar for Cheryl Santor

Cheryl Santor

Information Security Manager (retired), Metropolitan Water District of Southern California
Information Security Professional recently retired from Metropolitan Water District of So. CA. Security specialist with over 28 years experience in Financial and Critical Infrastructure organizations. Active member of ISACA, ISSA, FBI Infragard working with these organizations to... Read More →

Speakers
avatar for Scott Hennon

Scott Hennon

SVP, Chief Information Security Officer, East West Bank
Scott Hennon, Senior Vice President, Deputy Chief Information Security Officer Scott is the Senior Vice President and Deputy Chief Information Security Officer at East West Bank. In his role, Scott provides leadership and guidance for safeguarding private sensitive information against... Read More →
avatar for Dan Meacham

Dan Meacham

Cyber Security and Compliance Officer, Legendary Entertainment
avatar for David Son

David Son

Director, AT&T
David managed DIRECTV’s IT Compliance and Risk Management program from IT SOX, PCI DSS, Private Data Governance, Cloud Governance and 3rd Party Assurance Programs since joining DIRECTV in 1999.  David has been involved in merger and acquistion process of DIRECTV by AT&T and currently... Read More →
avatar for Mike Villegas

Mike Villegas

Senior Vice President, K3DES LLC
Miguel (Mike) O. Villegas is a Senior Vice President for K3DES LLC. He performs and QA’s PCI-DSS and PA-DSS assessments for K3DES clients. He also manages the K3DES ISO/IEC 27002:2015 program. Mike was previously Director of Information Security at Newegg, Inc. for five years. Mike... Read More →


Friday May 4, 2018 2:00pm - 2:50pm
Club Room

2:00pm

Forcepoint: Human Centric Cybersecurity
The traditional threat-centric approach to cybersecurity has done little to slow adversaries. There is an inherent weakness in this approach.
Come learn how a human-centric approach can help security teams make better decisions as we will explore how an effective data security system should cut through the noise of alerts and provide early warning signals to prevent threats. Cybersecurity that integrates existing capabilities, like DLP and UEBA, for risk-adaptive protection that is tailored to the identity and intent of the individual user and continuously adjusts as behavior changes.

Speakers
avatar for Shan Zhou

Shan Zhou

Senior Director of Strategic Accounts, Forcepoint
Shan Zhou is an 18-year veteran of applying cyber defense solutions to enable business success. Shan has worked with innovative category leaders in the areas of data protection, advanced threat protection, and cloud transformation. Prior to joining Forcepoint, Shan held various leadership... Read More →


Friday May 4, 2018 2:00pm - 2:50pm
Ballroom A

2:00pm

TrendMicro: The Evolution of Ransomware and How To Protect Your Organization
Ransomware has been a huge talking point over the last year or so with the large scale Wannacry and Petya outbreaks that caused significant damage worldwide. The strains that are now being seen show that cybercriminals are becoming more sophisticated in order to try and bypass security controls in order to encrypt files and extort organizations for financial gain. Unfortunately, Ransomware can enter an organization through many vectors; including via email spam, phishing attacks, or malicious web downloads making it difficult to defend against. There is no silver bullet when it comes to Ransomware so you need a multi-layered approach, prioritized for the best risk mitigation.

Speakers
avatar for Keith Tarantino

Keith Tarantino

Sr. Sales Engineer, TrendMicro
Keith Tarantino has over 20 years' experience in the computer industry, with the majority of experience focused on cybersecurity and IT governance. He has significant enterprise-level experience in multiple industries working in both technical and management positions. He holds an... Read More →


Friday May 4, 2018 2:00pm - 2:50pm
Ballroom B

2:00pm

Vendor Spotlight Talk
Friday May 4, 2018 2:00pm - 2:50pm
Ballroom D

3:00pm

Wisdom of the Cyber (S)Ages
The remarkable wisdom within our cybersecurity fellowship is not often recognized outside of the technology community in which we work and live on a daily basis. In reality however, the collective intellect of security professionals spans a variety of vocations, crafts, and trades and contributes to a magical diversity of thinking. This talk will take us on a journey through the ideas, thoughts, and prophesies of some of the smartest people in the cybersecurity industry today.

Speakers
avatar for Mark Weatherford

Mark Weatherford

Global Information Security Strategist, Booking Holdings
Mark Weatherford is an internationally recognized cybersecurity professional. He is currently SVP & Chief Cybersecurity Strategist at vArmour and his former roles include: Principal, The Chertoff Group Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security... Read More →


Friday May 4, 2018 3:00pm - 3:50pm
Club Room

3:00pm

Healthcare CISO Panel
Moderators
avatar for Richard Greenberg

Richard Greenberg

Global Board of Directors, OWASP
Richard Greenberg, CISSP, AppSec California C0-Chair, is a well-known Cyber Security Leader and Evangelist, CISO, Advisor, and speaker.Richard brings over 30 years of management experience and has been a strategic and thought leader in IT and Information Security. His Project Management... Read More →

Speakers
avatar for Adam Brand

Adam Brand

Director – Security and Privacy, Protiviti
Adam has more than 18 years of experience in information technology and security. He is a Director with Protiviti, where he leads the medical device security practice, helping device manufacturers build in and validate security controls, and helping healthcare providers manage the... Read More →
avatar for Chris Joerg

Chris Joerg

Chief Information Security Officer, Cedars Sinai
Chris Joerg is the Chief Information Security Officer for Cedars-Sinai Health System. Joerg has worked for two decades as an information security industry expert with a record of developing, running and improving information security strategy, organizations and infrastructure. Most... Read More →
avatar for Jerry Sto. Tomas

Jerry Sto. Tomas

Chief Information Security Officer, Apria Healthcare
Jerry Sto. Tomas is the Chief Information Security Officer for Apria Healthcare, a leading provider of home respiratory services and medical equipment including oxygen therapy, inhalation therapies, sleep apnea treatment, and negative pressure wound therapy.  As the CISO, he is responsible... Read More →
avatar for Marnie Wilking

Marnie Wilking

Global Head of Security Risk Management, Wayfair
Marnie Wilking has directed Information Security and Operational Risk Programs for more than 15 years, providing a unique set of skills and experience to manage operational risks and improve risk management among diverse businesses. She is currently Chief Information Security Officer... Read More →


Friday May 4, 2018 3:00pm - 3:50pm
Ballroom C

3:00pm

Law Enforcement Panel
The law enforcement panel will discuss and provide suggestions on working with law enforcement during a cyber incident, effective tactics in mitigating ransomware with additional topics including Dark Net operations, crypto currencies, business email compromise and incident response.

Speakers
avatar for Marc Beaart

Marc Beaart

Assistant Head Deputy, Los Angeles District Attorney’s Office, Cyber Crime Division
Marc Beaart, a prosecutor with twenty-one years in the Los Angeles County District Attorney’s Office, is currently assigned to the Cyber Crime Division as the assistant head deputy. Before his current assignment, he served in several assignments including Compton, Central Trials... Read More →
avatar for Peter Hish

Peter Hish

Sergeant, Los Angeles County Sheriff's Department
Sergeant Hish is a 19-year veteran of the Los Angeles County Sheriff's Department.  Before his career with the Sheriff's Department he served six years with the United States Army.  During his tenure with the Army, Sergeant Hish was deployed to the Middle East in support of Operation... Read More →
avatar for Randy McNary

Randy McNary

Sr. Investigator, Los Angeles District Attorney’s Office, Cyber Crime Investigations
avatar for John C. Weller

John C. Weller

Prosecutor, District Attorney’s Office - Cyber Crime Division
John C. Weller earned his B.A from U.C. Berkeley and his Juris Doctor from Loyola Law School in Los Angeles. Weller has been a prosecutor with the Los Angeles County District Attorney’s Office for over ten years. He is currently assigned to the Cyber Crime Division. This is a specialized... Read More →


Friday May 4, 2018 3:00pm - 3:50pm
Ballroom A

3:00pm

Using Behavioral Science to Secure Your Organization
For decades security awareness programs have been based on the assumption that employees don’t
know the correct course of action and with the right training, they will start performing more securely.
However, this approach has not proven to be effective. A second dimension needs to be considered in
security behavior change: motivation.  This talk will explore how and when to motivate employees to
security action. It will also discuss how to “surf” motivation generated by both predictable and
unpredictable security events to drive security behavior change in a workforce.  Finally, this talk will
explain how to measure changes in employees’ security behaviors and how practitioners can create
meaningful metrics.

Speakers
avatar for Masha Sedova

Masha Sedova

Co-Founder, Elevate Security
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the Co-Founder of Elevate Security delivering a behavioral-science based platform that can measure, motivate, and educate... Read More →


Friday May 4, 2018 3:00pm - 3:50pm
Ballroom B

4:00pm

Trust and the Economics of Insecurity
Trust is the cornerstone of the digital economy.  In this talk Malcolm will cover what is needed to generate trust.  He will also cover where we are at broadly in providing that trust.  He will cover todays reality with data from the World Economic Forum and the Edelman trust report as well as other data sources.  Malcolm will also explain the economic principle of efficiency and how our current approach to information security is not only economically inefficient but is not adding to the trust we so badly need.  He will also explore the traditional mindset of trading off risk vs shareholder value.  He will also explore the mindset of controls impact business velocity.   He will share real world non security related stories on the right approach to controls has shown we can do both and do them well.  He will also share non security examples of where organizations have made trade-offs with substantial societal impacts both positive and negative.  He will provide insights from these stories and bring perspectives from others in the world to draw lessons that that will be valuable to CISOs and their teams. 


Speakers
avatar for Malcolm Harkins

Malcolm Harkins

Chief Security & Trust Officer, Cylance
Malcolm Harkins is the Chief Security and Trust Officer at Cylance reporting to the CEO and is responsible for enabling business growth through trusted infrastructure, systems, and business processes. He has direct organizational responsibility for information risk, security, and... Read More →


Friday May 4, 2018 4:00pm - 4:50pm
Club Room

4:00pm

Healthcare Risk Management Panel
Moderators
avatar for Scott King

Scott King

Sr Director, Strategic Advisory Services, Rapid7
Scott King is the Senior Director, Security Advisory Services for Rapid7. Scott has over 20 years of professional work experience in the IT and cybersecurity fields. He started his career as a network and systems engineer in the midst of the Silicon Valley dot com boom of the 90’s... Read More →

Speakers
avatar for Pablo Coste

Pablo Coste

Information Security Engineer, CynergisTek, Inc.
Life Hacker. Cyber Security Engineer, Network Architect. Good at building and breaking things.
avatar for Glen Day

Glen Day

Principal, Ernst & Young LLP
Glen Day is a Principal with Ernst & Young LLP and is the America’s Information Governance Leader. Previously, he was the Cyber Security Leader for Technology and Healthcare. He is a recognized thought leader in both intellectual property (IP) protection and HIPAA healthcare regulations... Read More →
avatar for Nate Howe

Nate Howe

CISO, UT Dallas
Nate Howe began his professional career in IT Audit, serving organizations including Arthur Andersen, Nasdaq, and Ameriquest Mortgage. Nate served Western Federal Credit Union as VP of Risk Management, leading information security, internal audit, insurance, physical security, and... Read More →


Friday May 4, 2018 4:00pm - 4:50pm
Ballroom C

4:00pm

Bringing AppSec Into Focus with the OWASP Top Ten(s) and ASVS
Some people are under the misconception that if they follow the OWASP top 10 that they will have secure applications. But in reality the OWASP Top Ten (and other top ten lists) are just a bare minimum for the sake of entry-level awareness. A more comprehensive understanding of Application Security is needed. This talk with review the OWASP Top Ten and the OWASP Top Ten Proactive Controls and compare them to a more comprehensive standard: the OWASP Application Security Verification Standard (ASVS). OWASP's ASVS contains over 150 requirements that can provide a basis for testing web application technical security controls and also provide developers with a list of requirements for secure development in a fashion with much more nuance and detail than a top ten list!

Speakers
avatar for Jim Manico

Jim Manico

Founder, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences andBitDiscovery. Jim is a frequent speaker on secure software practices, is a member... Read More →


Friday May 4, 2018 4:00pm - 4:50pm
Ballroom A

4:00pm

The Perimeter Has Been Shattered: Attacking and Defending Mobility and IoT on the Enterprise Network
Mobility and the Internet of Things (IoT) have disrupted the corporate enterprise network on the scale that PCs disrupted mainframes in the 1980s.  Yet most enterprises continue to approach security as if though there is still a hard perimeter with nothing but corporate-owned end points running against internal applications. Mobility, however, means employee-owned end points connecting over public carrier networks to cloud applications.  Traditional perimeter security simply doesn’t address this.
From mobile-based phishing to Bluetooth-based attacks, mobile and IoT have fundamentally changed the threat landscape. In this talk we will look at the modern threat landscape, the security controls currently available on the market (such as mobile threat defense and mobile application management), and provide real world examples of how they fall short under simulated attack. Finally, we will look at practical ways to improve enterprise security around mobile and IoT as well as cause the defensive products to evolve to be more robust. 


Speakers
avatar for Georgia Weidman

Georgia Weidman

Founder, Bulb Securites
Shevirah founder and CTO Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has... Read More →


Friday May 4, 2018 4:00pm - 4:50pm
Ballroom B

4:50pm

Vendor Expo
Friday May 4, 2018 4:50pm - 5:30pm
Sierra Foyer

5:30pm

Incorporating Security Practices into Business Processes
When people fail from a security perspective, everyone seems to blame the users. Part of the consistent failing is that organizations expect users to do their job, and somehow know what security to implement into the process on their own. This presentation will talk about how to build security behaviors into organizational policies and procedures and therefore practice.

Speakers
avatar for Ira Winkler

Ira Winkler

President, Secure Mentem
Ira Winkler, CISSP is President of Secure Mentem and author of Advanced Persistent Security. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations... Read More →


Friday May 4, 2018 5:30pm - 5:45pm
Ballrooms A-D

5:45pm

Closing Keynote: Robert Herjavec - Fast, Forward, and Focused
Technology is constantly transforming, creating new possibilities and risks in the business world. Dynamic IT entrepreneur and Founder & CEO of Herjavec Group, Robert Herjavec, will explore evolving technology trends, and the rising cyber security threats we face personally and professionally on a daily basis. He will reveal a few secrets from inside the Shark Tank and inspire anyone willing to keep up in a fast moving world.

Speakers
avatar for Robert Herjavec

Robert Herjavec

President, Herjavec Group
Robert Herjavec is a dynamic entrepreneur and a leading Shark on ABC’s Shark Tank. Born in Eastern Europe, he arrived to North America on a boat with his parents after escaping Communism in the former Yugoslavia. From delivering newspapers, and waiting tables, to launching a computer... Read More →


Friday May 4, 2018 5:45pm - 6:40pm
Ballroom A-D

6:40pm

Closing Reception and Raffle Drawings
Join us under the stars as we close out a great conference with food and drinks. Lots of cool raffle prizes will be raffled off. You could be a winner!

Friday May 4, 2018 6:40pm - 9:00pm
Universal City Hilton Courtyard