infosec 2012 program

sponsored by:

#infosec2012

welcome to infosec 2012INFOSEC 2012

Like many successful events, InfoSec is made possible through collaborationand hard work. This year, ISSA and the Nashville Technology Council (NTC)came together to plan and deliver one of the leading security summits in thecountry. The event committee works tirelessly to make this event special thisyear and every year.

If you are visiting this area, we hope you enjoy the metropolitan Nashvilleregion. If you call Nashville home, like many of us, we hope you will continue to support the NTC in our mission to enhance the technology community through professional and economic development efforts, and organically growing the next generation technology work force.

Here at the NTC, we strive daily to make the technology community and thosewho rely on it more successful. Our programs and initiatives range from the free downtown Wi-Fi network to the event you are attending today, InfoSec - one of the country’s leading regional security conferences. In the last few years, the NTC has grown to more than 410 member companies representing a workforce of 30,000+ information technology professionals. We have also welcomed several new technology companies to the region and continued to see overall growth in the regions tech community. Nashville is truly a destination for corporate headquarters and start up companies alike.

Security, privacy, and networking (physical and professional) are cornerstonesof today’s strategies for businesses, educational institutions and governmentorganizations of all sizes. Security and privacy can no longer be after thoughtsor ignored all together. Organizations must strengthen governance andprotection of their data, systems and technology resources. That’s why InfoSec is so important. We believe today will be a fantastic opportunity to continue the dialogue to enhance your organization’s strategy and execution of these duties.

Welcome to InfoSec. We know it will be a worthwhile experience.

Liza Lowery Massey, President & CEONashville Technology Council

a message from the nashville technology council

Welcome to the 12th annual information security event co-sponsored by theNashville Technology Council and the Middle TN chapter of the InformationSystems Security Association. Our continued goal is to increase the quality and value of the conference by taking attendee feedback from prior conferences and looking at additional ways to improve the event. We hope you enjoy the conference and recognize the hard work of the Planning Committee and other conference volunteers.

Based on last year’s success, we again have three keynote speakers, andI believe you will agree that their combined experience and notoriety in thesecurity industry are second to none for any conference. In addition, weexpanded the format and scope of the Capture the Flag competition and added a fifth track for our breakout sessions. We also provide many opportunities to interact with the best security vendors in the industry.

Thank you to Prosys Information Systems and their partner Palo Alto, thePlatinum sponsor for this year’s InfoSec conference. We also appreciate all the other sponsors and exhibitors for their continued support of this event. Please take advantage of the expo time and exposure to our trusted part-ners and their industry expertise.

This year’s conference will be attended by over 400 information securityprofessional, many from Middle Tennessee with others traveling from aroundthe Southeast. Several networking opportunities are built into today’s agenda whether it be during breakout sessions, over lunch, or at the end of day at the reception.

Welcome again and thank you for joining us for what we hope will be the most successful InfoSec conference to date. Please take a couple of minutes to complete the survey you will receive via email following the con-ference so we can make 2013 even better.

Jeff Cobb, PresidentMiddle TN ISSA Chapter

welcome to infosec 2012INFOSEC 2012

a message from the issa

issa.org

ISSA (Information Systems Security Association) is the preeminent organization representing the interests of the Infosec program and offers tremendous value, useful resources, and significant professional networking in a truly global industry organization. For a nominal fee, you join a global community of more than 13,000 ISSA members in over 100 chapters located in over 25 countries.

Here are just a few of the tangible benefits that accompany your ISSA membership:

1. Professional/Peer Networking • Local chapter meetings and events through http://www.issa-midtn.org

• Online discussion forums and e-mail listserv

• Committee and board involvement

2. Continuing Education & Professional Development • Chapter events, speakers, seminars, workshops

• National and regional conference discounts

• Online Learning Center and educational webcasts

• Low cost Continuing Professional Education (CPE)

3. Career Growth & Marketability • Speaking and writing opportunities

• Access to online security opportunities

• Forums for introduction to industry leaders and peers

4. Discounts on Industry Tools & Events • Educational courses, conferences and symposia

• Books, study guides, and magazines

INFOSEC 2012

issa.org membership benefits

General Membership: $95 per year, plus $35 local Middle TN chapter duesMembership for particular individual responsible for IS functions

Corporate/Organizational Membership: $115 per year, plus chapter duesMembership belongs to company, transferable to another individual

Student Membership: $30 per year, plus chapter dues. Membership for full-time students of accredited institution.

Middle TN ISSA Officers

President: Jeff Cobb ([email protected])

Vice-President: William Crank ([email protected])

Treasurer: Mark Burnette ([email protected])

Secretary: Kyle Duke ([email protected])

Membership Director: Philip Armbrust ([email protected])

Sponsorship Director: Bill Dieringer ([email protected])

Programs Director: Jason Barnett ([email protected])

Certification Director: Michael Johnson ([email protected])

Newsletter/Media Director: Susan Richards ([email protected])

Community Outreach Director: Marcie Angle ([email protected])

Webmaster: Marc Sammons ([email protected])

issa.orgINFOSEC 2012

issa.org membership levels

nashville technology council

ABOUT US

The Nashville Technology Council, a non-profit organization, is devoted tohelping the Middle Tennessee technology community succeed. Membershipis open to technology companies, technology employers, service providers,educational institutions, and non-profit companies interested in supporting thegrowth of the technology community in Middle Tennessee.

Since its formation in 1999, the NTC’s membership has grown to more than 410organizations throughout Middle Tennessee. New programs and events such astechnology roundtables, educational initiatives, annual technology conferences,a technology job bank and other activities are designed to foster Nashville’stechnology industry.

We hope you will help lead our effort by contributing your ideas and support!

VisionTo be recognized worldwide as a leading technology community.

MissionTo help the Middle Tennessee technology community succeed.

The Nashville Technology Council Brand PromiseWe will lead in education, innovation, exposure, and connections to thetechnology community.

Our Values* Do the Right Things* Do Things Right* Deliver Great Service* Help One Another* Exceed Member Expectations* Be Innovative in our Thinking* Grow Community

www.technologycouncil.com

INFOSEC 2012

about the nashville technology council

BOARD MEMBERS:

Scott Blanchette, CIO, Vanguard Health Systems • Tony Bradshaw, CIO, Dave Ramsey/ Lampo Group • Rich Brown, Director, Level 3 Communications • Michael Burcham, CEO, Entrepreneur Center • Melinda Curran, President, RCG • Mark Davison, VP, IT, Delek (Mapco) • Kyle Duke, CISO, HealthSpring • Cory Edwards,Director, Comcast • Drew Fassett, VP, Peak 10 • Kim Ferguson, Chair, Brentwood/ Cool Springs Chamber • Jeff Fields, CIO, SERVPRO • Kent Fourman, CIO, Permanent General Companies • Vic Gatto, Partner, Solidus • Mark Gilliam, CIO,Ardent Health • Travis Gregg, Co-Founder /Principal, Trinisys • David Hanna, Executive, Microsoft • Valerie Hayes, Director, Deloitte • Nicholas Holland, Founder, CentreSource • Greg Huddleston, Manager, IBM • Todd Joseph, CIO, Comdata • John Kepley, President and CEO, Teknetex • Matt Largen, Director, Williamson County ECD • Alison Lynch, Director, Nashville Chamber of Commerce • Katherine McElroy, Partner, C3 Consulting • Connie McGee, VP, Airstrip Technologies • Kristin McGraner, Executive Director, STEM Prep Academy • Brian Moyer, President, TN HIMSS • Kate O’Neill, Founder/ CEO, [meta]marketer • Glenn Perdue, Life Science Tennessee • Christopher Rand, Partner, Tristar Technology Ventures • Ray Ritz, Director, CIBER • Peter Rousos, Director, Economic and New Business Development, Vanderbilt • Gary Seay, CIO, CHS • Jamie Smith, Director IT, Nissan • Will Weaver, Chairman, Emma, Inc. • Mike Wesolowski, Executive, HP • Stephanie Woodard-Majors, COO, Zycron • Steve Yazell, VP/ GM, tw telecom

nashville technology councilINFOSEC 2012

2012 - 2013 ntc board of directors

CHAIR:

Chris Sloan, Partner, Baker Donelson

CHAIR ELECT:

David Klements, President & CEP, Qualifacts

SECRETARY:

Glenn Acree, Professor, Mathematics, Belmont University

PRESENT

ignitepalo alto networksignite conference 2012

Wynn Las VegasNovember 12–14, 2012paloaltonetworks.com

thank you to our sponsorsINFOSEC 2012

PLATINUM SPONSOR

GOLD SPONSORS

PRESENT

ignitepalo alto networksignite conference 2012

Wynn Las VegasNovember 12–14, 2012paloaltonetworks.com

thank you to our sponsorsINFOSEC 2012

thank you to our lunch sponsor

thank you to our breakfast sponsor

thank you to our reception sponsor

thank you to our capture the flag sponsor

thank you to our bag sponsor

thank you to our snack/beverage sponsor

thank you to our future workforce sponsor

SILVER SPONSORS

INFOSEC 2012

SILVER SPONSORS

EXHIBITOR SPONSORS

Prof. Howard Schmidtformer Cyber-Security Coordinator of the Obama Administration (2009- 2012)

“New Technologies, New Threats and New Business Opportunities: Strategies for Protecting Your Data and Systems“

Howard A. Schmidt has had a long distinguished career in defense, law enforcement, and corporate security spanning more than 40 years. He brings together talents in business, defense, intelligence, law enforcement, privacy, academia and international relations through his distinguished career. Most recently, Mr Schmidt served as Special Assistant to the President and the Cybersecurity Coordinator for the federal government from 2009 to 2012. In this role Mr. Schmidt was responsible for coordinating interagency cyber security policy development and implementation and for coordinating engagement with federal, state, local, international, and private sector cyber security partners.Previously, Mr. Schmidt was the President and CEO of the Information Security Forum (ISF). Before ISF, he served as Vice President and Chief Information Security Officer and Chief Security Strategist for eBay Inc. He also served as Chief Security Strategist for the US-CERT Partners Program for the Department of Homeland Security.Before eBay, he served as the Vice Chair of the President’s Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House. Prior to the White House, Howard was Chief Security Officer for Microsoft Corp., where his duties included Chief Information Security Officer, Chief Security Officer, and forming and directing the Trustworthy Computing Security Strategies Group.Before Microsoft, Mr. Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI) Computer Forensics Lab and Computer Crime and Information Warfare Division. While there, he established the first dedicated computer forensics lab in the government and was responsible for Criminal and Counter Intelligence investigations against Department of Defense systems.Before AFOSI, Mr. Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team. He is recognized as one of the pioneers in the field of computer forensics and computer evidence collection. Before working at the FBI, Mr. Schmidt was a city police officer from 1983 to 1994 for the Chandler Police Department in Arizona. Mr. Schmidt served with the U.S. Air Force in various roles from 1967 to 1983, both in active duty and in the civil service. He had served in the Arizona Air National Guard as computer communications specialist from 1989 until 1998, when he transferred to the U.S. Army Reserves

INFOSEC 2012

KEYNOTE SPEAKERS

INFOSEC 2012

KEYNOTE SPEAKERSas a Special Agent, Criminal Investigation Division. where he served until 2010 with the computer crime investigations unit at CID HQ.Mr. Schmidt also served as the international president of the nonprofit Information Systems Security Association (ISSA) and was the co-founder and first president of the Information Technology Information Sharing and Analysis Center (IT-ISAC). He was the Vice-Chair of the Board of Directors for (ISC)2 and Security Strategist for the Board. He is a former executive board member of the International Organization of Computer Evidence, and served as the co-chairman of the Federal Computer Investigations Committee. He is a member of the American Academy of Forensic Scientists. He had served as a board member for the Cyber Crime Advisory Board of the National White Collar Crime Center.He served as an augmented member to the President Clinton’s Committee of Advisors on Science and Technology (PCAST) in the formation of an Institute for Information Infrastructure Protection (I3P). He has testified before congressional committees, written books on cybersecurity, and received numerous awards, including the CSO Magazine ‘‘Compass Award,’’ Baseline Magazine’s ‘‘The 50 Most Influential People in Business IT,’’ and the Federal 100 Award, to name just a few. Mr. Schmidt has been a member of the Information Security Privacy Advisory Board (ISPAB). He has also been a member of the Permanent Stakeholders Group (PSG) for the European Network Information Security Agency (ENISA). He was a member of the High Level Experts Group (HLEG) for the ITU and the Global Cyber-security Agenda (GCA).Mr. Schmidt holds a bachelor’s degree in business administration (BSBA) and a master’s degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters. Howard was an Adjunct Professor at GA Tech, GTISC, Professor of Research at Idaho State University and Adjunct Distinguished Fel-low with Carnegie Mellon’s CyLab and a Distinguished Fellow of the Ponemon Privacy Institute. Howard is a Ham Radio operator (W7HAS), a private pilot, outdoorsman and an avid Harley- Davidson rider. He is married to Raemarie J. Schmidt, a forensic scientist and researcher and instructor in the field of computer forensics.

Rick DakinCEO and Cofounder, Coalfire“Maintaining Compliance in a Post-Firewall World”Mr. Rick Dakin is the CEO, Co-Founder and Chief Security Strategist for Coalfire providing strategic management IT security program guidance for the firm and its clients. He has more than 25 years of experience in senior management with leading IT firms. Mr. Dakin combines an in-depth knowledge of IT controls with a comprehensive understanding of organizational needs and the rapidly emerging legislation affecting IT security. After serving in the U.S. Army following graduation from the

U.S. Military Academy at West Point, Mr. Dakin began his management career at United Technology Corporation. Prior to co-founding Coalfire, he was President of Centera Information Systems, a leading eCommerce and systems integration firm with clients throughout North America, Europe and Asia. Mr. Dakin guided the sale of Centera to a global application service provider, where he assumed the role of President.

He is a past president of the FBI’s InfraGard program, Denver chapter, and a member of a committee hosted by the U.S. Secret Service and organized by the Joint Council on Information Age Crime.

Mr. Dakin is recognized nationally as a leader in IT risk management and information security solutions for regulated market sectors. He presents regularly to regional and national audiences on IT security solutions meeting privacy and confidentiality requirements for legislation covering financial services, healthcare, government and public corporations.

Scott BorgChief Economist of the U.S. Cyber Consequences Unit“The New Field of Cyber Security”Scott Borg is the Director (CEO) and Chief Economist of the U.S. Cyber Consequences Unit (US-CCU), an independent, non-profit research institute that advises the U.S. government and critical infrastructure industries on the strategic and economic consequences of possible cyber-attacks. He is widely regarded as the leading authority on the economics of cyber security, as well as certain technical topics. He has done pioneering research on the possible impact of cyber attacks on critical infrastructure industries and on the implications of cyber attacks for defense policy. In collaboration with John Bumgarner, he wrote The US-CCU Cyber-Security Check List, a practical tool used by security professionals in over eighty countries. He also wrote the soon-to-be-released ISA Guidelines for Securing the Electronics Supply Chain, a comprehensive reference document. He has commented frequently on cyber security for major broadcast networks, including CNN, CBS, NPR, and the BBC, and has been a guest lecturer at Harvard, Yale, Columbia, and other leading universi-ties. He was a member of the Commission on Cybersecurity for the 44th Presidency and has served on many other advisory bodies. His record for anticipating new cyber-security developments since 2002 is probably unequaled. He publicly predicted Stuxnet, for example, including all of its main features and its exact target, fourteen months before it was discovered. In collaboration with his US-CCU colleagues, he has recently begun offering courses in cyber threat analysis, cyber consequence analysis, and cyber vulnerability analysis, demonstrating how to quantify all of the main factors needed to determine cyber risks.

INFOSEC 2012

KEYNOTE SPEAKERS

bluecoat.com/noboundaries

From desktop to laptop to mobile device,Blue Coat Security is your best defense against global web and malware threats.Keep moving forward. We’ve got your back.


INFOSEC 2012

KEYNOTE SPEAKERS

bluecoat.com/noboundaries



INFOSEC 2012

SPEAKER BIOS

Dave Shackleford, SVP of Research and CTO at IANS, DefCon speaker, and a SANS analyst“10 Things Security Teams Need to Know about Cloud Security”Dave Shackleford is the Senior Vice President of Research and the Chief Technology Officer at IANS. Dave is a SANS analyst, instructor and course author, as well as a GIAC technical director. Dave previously was the founder and principal consultant with Voodoo Security, and has consulted with hundreds of organizations in the areas of security, regulatory compliance and network architecture and engineering. Dave is a former QSA with several years’ experience performing PCI assessments. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Chris Bream, Manager, Mandiant“Tales From The Dark Side”Chris Bream is a Manager at Mandiant located in its San Francisco, CA office. He has 10 years of IT experience with the previous eight focused on information security. After joining Mandiant, he was responsible for coordinating activities for Mandiant’s managed services clients, helping support the evolution of managed services and acting as a liaison to clients of Mandiant’s MCIRT®. After his time with MCIRT®, Chris joined Mandiant’s consulting arm, acting as engagement lead on multiple incident response and proactive engagements. He also operates Mandiant’s Intelligent Response®(MIR) product to identify indicators of compromise in client networks. He currently leads Mandiant’s consulting team in the San Francisco Office.

Mr. Bream’s work has exposed him to attacks at a variety of customers across multiple industries including the Defense Industrial Base (DIB), Manufacturing, Energy Technology, and Media/Entertainment. He has worked closely with organizations to monitor their networks on an ongoing basis, provide intelligence on compromises, identify new compromises, and support incident response activities from advanced threats.

David Damato, Manager, Mandiant“Tales From The Dark Side”David is a Director at Mandiant and has over a decade of experience in performing and directing professional consulting services. David’s experience includes enterprise incident response, incident remediation, and information security assessments. Over the past three years, David has guided 24 organizations through complex investigations and remediation

9:55 - 10:45 am • BREAKOUT SESSION 1

INFOSEC 2012

SPEAKER BIOSactivities associated with advanced, targeted intrusions. The scope of such enterprise investigations ranged from thousands to hundreds of thousands of endpoints and has included a wide variety of industries. Prior to joining Manidant, David worked at Raytheon and PricewaterhouseCoopers, where he designed secure networks and assessed the security of customer networks, respectively. David enjoys drawing on his IT operations, proactive, and investigative experience to develop practical security solutions to limit the size, scope, and frequency of significant network intrusions.

George Tubin, Senior Security Strategist,Trusteer“In the Crosshairs: How Cybercriminals Target the Enterprise”George Tubin is the Senior Security Strategist for Trusteer where he heads the thought leadership program to advance online and mobile banking adoption and safety, and apply best practices in fighting advanced malware to enterprise threat protection. With over 25 years in the banking and high-technology industries, his areas of expertise include consumer online and mobile banking, online fraud and identity theft prevention, and enterprise fraud management strategies.

George was most recently a senior research director with the leading financial services research firm TowerGroup where he delivered thought leadership and insights to leading financial services institutions, technology providers, and consultancies on business strategies, technologies, and market trends in retail, Internet and mobile banking, and fraud management. Prior to Tower-Group, George was a senior consultant with ADS Financial Services Solutions, providing information technology strategy consulting to top-tier US banks. He also held several positions at BayBank, BankBoston, and Fleet (now Bank of America), including director of e-commerce planning and development and vice president of planning and analysis for the consumer and small business banking divisions.

George is frequently quoted in industry periodicals, and his comments have appeared in such publications as The Wall Street Journal, Newsweek, CIO Magazine, American Banker, Bank Technology News, CNN Money Online, and Bank Systems and Technology. George received an MBA from Babson College and holds a Bachelor of Science degree in industrial engineering and operations research from the University of Massachusetts, Amherst.

Paul Griggs, Assessment Services Manager, Cadre“How To Perform an Internal Penetration Test using Open SourceTools”With over 20 years in the Information Technology industry, Paul’s has a very broad range of security, audit, and assessment experience. Paul has performed many audit and assessment engagements for many Fortune 500 companies across all industry sectors. Technically focused, Paul’s experience across a wide range of technologies allows him to communicate effectively at all levels from network operations to risk and executive management.

Application SecurityJason Gunnoe, State of Tennessee

Hands On Session

INFOSEC 2012

SPEAKER BIOS

Ray Wagner, Ph.D., Managing Vice President, Gartner“Top Security Trends and Takeaways for 2012 and 2013”Ray Wagner, Ph.D., is managing vice president of the secure business enablement group, which is part of the Information Security and Privacy research organization of Gartner Research. Mr. Wagner focuses on a wide range of security issues, including identity and access management, Web services security, public-key infrastructures, digital rights management, the information security organization, and information security issues within emerging technologies. Mr. Wagner has taught information and network security at Vanderbilt University and computer science at Dartmouth College. He is a veteran of information security startups in secure identity management systems, PKI-based information security infrastructures, secure remote access and digital rights management technology for healthcare enterprises and the music and entertainment industries.

Rafal Los, Chief Security Evangelist, HP“Assessing Your Organization’s Cloud Presence – A Practical How-To”Rafal Los, Chief Security Evangelist for Hewlett-Packard Software, combines nearly 15 years of subject-matter expertise in information security with a critical business risk management perspective. From technical research to building and implementing enterprise application security programs, Rafal has a track record with organizations of diverse sizes and verticals, and is a featured speaker at events around the globe, and has presented at events produced by OWASP, ISSA, Black Hat, and SANS among many others. He stays active in the community by writing, speaking and contributing research, representing HP in OWASP, the Cloud Security Alliance and other industry groups. His blog, Following the White Rabbit, with his unique perspective on security and risk management has amassed a following from his industry peers, business professionals, and even the media and can be found at http://hp.com/go/white-rabbit.

Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization’s security and risk-management strategy internally and externally. Rafal prides himself on being able to add a ‘tint of corporate realism’ to information security.

11:00- 11:50 am • BREAKOUT SESSION 2

Security can’t stand stillUsers want access from every point of contact. From mobile devices, across platforms, in every environment. Our solutions reduce risk, simplify compliance and make it possible for users on the move to innovate wherever they are.

+ FIND OUT how CA Technologies can help you accelerate, transform and secure your IT by visiting ca.com/secure-IT

Copyright © 2012 CA. All rights reserved.

ca_standstill_infosec.indd 1 8/29/12 10:39 AM

INFOSEC 2012

SPEAKER BIOS

Tom Kellermann, Vice President of Cyber Security, Trend Micro “Advanced Persistent Response”Tom Kellermann is the Vice President of Cyber Security for Trend Micro. Within this role he is a trusted advisor for Cybersecurity and is responsible for analysis of emerging cybersecurity threats and relevant defensive technologies, strategic partnerships and government affairs. Mr. Kellermann served as a Commissioner on The Commission on Cyber Security for the 44th Presidency and serves on the board of the National Cyber Security Alliance http://staysafeonline.org/ , The International Cyber Security Protection Alliance (ICSPA), and the National Board of Information Security Examiners Panel for Penetration Testing. Mr. Kellermann is a Professor at American University’s School of International Service and is a Certified Information Security Manager (CISM).

Formally holding the position as Chief Technology Officer at AirPatrol Corporation, Mr. Kellermann spent five years as Vice President of Security Awareness for Core Security. Previously, he was the Senior Data Risk Management Specialist for the World Bank Treasury Security Team, where Mr. Kellermann was responsible for internal cyber-intelligence and policy and for advising central banks around the world about their cyber-risk posture and layered security architectures. He co-authored the book “E-safety and Soundness: Securing Finance in a New Age.”

Security can’t stand stillUsers want access from every point of contact. From mobile devices, across platforms, in every environment. Our solutions reduce risk, simplify compliance and make it possible for users on the move to innovate wherever they are.

+ FIND OUT how CA Technologies can help you accelerate, transform and secure your IT by visiting ca.com/secure-IT

Copyright © 2012 CA. All rights reserved.

ca_standstill_infosec.indd 1 8/29/12 10:39 AM

INFOSEC 2012

Wade Williamson, Senior Security Analyst, Palo Alto“Breaking the Lifecycle of the Modern Threat”Wade Williamson has extensive industry experience in intrusion prevention, secure mobility, and both wired and wireless networking. Prior to joining Palo Alto Networks, he led the product management team at AirMagnet, Inc., including the company’s flagship wireless IPS solution. He has spoken at more than 50 IT security events worldwide, and has been a steady and active researcher of new threats and techniques used to compromise enterprise networks and mobile end-users. He also brings well-rounded experience from silicon-valley visionaries Netscape and Sun Microsystems. As an expert in the field, he leads Palo Alto Networks’ threat review series, which provides analysis and best-practices in response to the latest industry threats. Additionally, he has been an ongoing contributor to Security Week coveringthe topic of modern malware.

Matthew Webb, Senior Consultant, Ingenuity Associates

“How To Develop a LightWeight Breach Notification Response Plan”Matthew, who has nearly 12 years of leadership experience in IT and information security, is helping to continually evolve a security practice that has quickly garnered the attention of IT and business leaders throughout the southeast. After many years with private and public enterprises, Matthew has been able to build a unique and extensive background in security and regulatory compliance where he applies his capabilities as an industry leader and consultant.

Prior to joining Ingenuity, Matthew has served in a variety of IT roles. In his most recent position, he was Senior Consulting Engineer in Information Security for a large Fortune 100 healthcare company based in Nashville. HIs responsibilities ranged from systems security audits with an emphasis onregulatory requirements to project initiatives where his systems and critical thinking abilities enabled him to effectively build and implement a disciplined approach to self audits for PCI compliance as well as establishing a Breach Notification process to address response times and improve the accuracy of those who were impacted.

Matthew’s technical background has also made him effective in several Threat and Vulnerability Management scenarios. Whether profiling application characteristics using behavior based NetFlow data or executing on standard incident response plans for digital forensics and e-Evidence collectionMatthew has shown that both his technical and leadership skills are indispensable in a variety of situations.

Matthew has found himself helping to advance Ingenuity’s security practice through advising IT and business executives on the value of using a process driven approach to perform detailed requirements gathering and technology selection. Recent consulting engagements have found Matthew planning,

SPEAKER BIOS

SPEAKER BIOSorganizing and managing multiple datacenter migrations, enhancing disaster recovery for local clients along with developing strategic direction for enterprise Business Intelligence deployments

Over the course of his career, Matthew has earned several professional certifications, established himself as an expert in several areas of legal and regulatory compliance and now finds more demands on his time to present and teach on information security in a process driven environment.

Rohyt Belani, CEO, PhishMe

“Spear Phishing: The Truth Behind APTs”Prior to starting PhishMe, Rohyt has served as Managing Director at Mandiant, Principal Consultant at Foundstone, and Researcher at the Software Engineering Institute. He is also an Adjunct Professor at Carnegie Mellon University. He is a contributing author for Osborne’s Hack Notes – Network Security, as well as Addison Wesley’s Extrusion Detection: Security Monitoring for Internal Intrusions. Rohyt is a regular speaker at various industry conferences including Black Hat, OWASP, Hack in the Box, InfoSec World, and several forums catering to the FBI, US Secret Service, and US Military. He has written technical articles and columns for online publications like Securityfocus and SC magazine, and has been interviewed by CNBC, CNN, BBC, Forbes magazine, eWeek, and other mainstream media. Rohyt holds a Bachelor of Engineering degree from Bombay University, and a Master of Science from Carnegie Mellon University.

INFOSEC 2012

INFOSEC 2012

SPEAKER BIOS

Ken Swain, Senior Manager, LBMC“Mobile Security: Present and Future”Ken Swain is a Senior Manager, LBMC Security Services division. Previously an engagement manager and senior security engineer at Hewlett-Packard, Ken brings over 12 years of experience assisting clients with all aspects of their security needs. His areas of expertise include Security incident and event management, application security, mobile security, network monitoring, system configuration management, network and system hardening and penetration testing. Ken’s certifications include Certified Information Systems Security Professional (CISSP), Microsoft Certified Systems Engineer (MCSE), and Microsoft Certified Trainer (MCT).

Michael Groskop, Director of Web Application Security, Radware

“The Web Application Security Challenge – Protecting Your Applications and Data in an Insecure World”Michael Groskop is the Director of Web Application Security at Radware, a leader in application delivery and security solutions that assures the availability, performance, and resilience of business-critical applications for over 10,000 enterprises and carriers worldwide.

Michael joined Radware in 2009 where he leads the Web Application Security offering. He has more than 16 year in the software development industry with more than 10 years developing security products. Prior to joining Radware, he was one of the innovators of the Web Application Firewall technologies working for Kavado and Protegrity as a Director of Product Development managing the research and development of . Michael holds a B.Sc. degree in computer Engineering and an MBA from the Technion, Israeli Institute of Technology.

Jonathan Sander, Director of IAM Business Development, Quest

“Using IAM to protect you from APTs and Auditors”Jonathan has been a senior member of Quest’s team since 1999. Working with both the security and performance management product lines, he has designed, architected, and implemented solutions for the largest and smallest customers Quest has. When the Quest One Identity Solution was launched, Jonathan took the position as its chief evangelist. Now he directs all business development efforts for the growing IAM solution, working with partners, channels and building programs to raise awareness. Previous to Quest, Jonathan was a presales consultant at Platinum Technology focusing on the security, access control and SSO solutions. Jonathan graduated from FordhamUniversity in 1996 with a degree in Philosophy.

2:00 - 2:50 pm • BREAKOUT SESSION 3

INFOSEC 2012

SPEAKER BIOS

Bart Hopper, Information Security Analyst, Volunteer Corporate Credit Union

“Hunting Evil – How to Eradicate Malware on your Network”Bart Hopper, CISSP, CISM, CRISC is an information security analyst at a Nashville financial services company. He was previously a network engineer for a insurance third party administrator.

Franklin Witter, Senior Principal Security Strategist, Symantec

“Threat Landscape Trends and Protection Strategies”Franklin Witter is an accomplished information security practitioner working in IT across multiple industries for 15 years and over a decade with his primary focus on security for large enterprise and service provider infrastructure. At Symantec, Franklin is responsible for security strategy and direction, industry trends, threat landscape, best practices as well as trusted advisor to security executives, senior management and executives of our customers across the Southeast. He is an extension of Symantec’s CTO Office and works closely with the Business Unit Executives to focus on the real-world IT security challenges our customer face to drive Symantec’s overall security direction. Professional experience includes management of IT/IS, consulting and business development teams, information security strategy and architecture, information systems integration, information risk assessment and management, teaching, and project management from concept through implementation.

Franklin joined the Security Strategist organization after leading the national strategic services team for over 18 months. Engaging with our top clients, Franklin took a leadership role throughout the business lifecycle to perform business development, engagement management, and security program analysis for strategic initiatives. During this time he also held a leadership role in the development and deployment of the Symantec Security Program Assessment (SSPA), the Symantec Security Management Model (SSMM), and the Symantec Mobile Security Framework.

Franklin comes to Symantec via the @stake acquisition where he started as a Principal Consultant for the Southeast region and ultimately moved up to the Consulting Services Technical Lead. While with @stake, Franklin was responsible for managing internal and external project teams on complex architecture projects involving business leaders, technical experts, and end users. These projects included risk analysis, penetration testing, network and system vulnerability assessment, secure architecture design, software selection, system hardening, policy/procedure development, incident response and security awareness training.

Franklin holds an MBA from Auburn University and a BS in Liberal Arts from Southwest Baptist University. He also holds CISSP Certification from ISC2 and CISM certification from ISACA. In 2009, Franklin won the ISACA Geographic Excellence Award for North America.

INFOSEC 2011SECURITY (R)EVOLUTION SPEAKER BIOS

Kurt Roemer, Chief Security Strategist, Citrix Systems“Mobile Security and Enterprise Management for the Cloud Era”As Chief Security Strategist for Citrix Systems, Kurt Roemer leads the security, compliance, risk and privacy strategies for Citrix products. As a member of the Citrix CTO Office, Mr. Roemer drives ideation, innovation and technical direction for products and solutions that advance business productivity while ensuring information governance. An information services veteran with more than 20 years experience, Mr Roemer’s credentials include the Certified Information Systems Security Professional (CISSP) designation, he served as Commissioner for the US public-sector CLOUD2 initiative, and he led efforts to develop the PCI Security Standards Council Virtualization Guidance Information Supplement for the payment card industry while serving on the Board of Advisors. Mr Roemer regularly contributes his expertise on security-related topics in global online, print and broadcast media.

Betsy Woudenberg, Chief Cyber Officer and Co-Founder, IntelligenceArts“China, Cyber, and SCADA”Betsy Woudenberg, is the Chief Cyber Officer and Co-Founder of IntelligenceArts (IA). Ms Woudenberg teaches U.S. and international audiences about SCADA security based on her own experience studying these systems for U.S. Intelligence. As a former CIA case officer, her approach to this topic considers not just the technology but also the people who attack, defend, and operate SCADA systems. Her SCADA presentations and engaging style are extremely popular with audiences including CIA, NSA, the Department of Defense, the Department of Energy, FBI, INFRAGARD, and more.

Ms. Woudenberg is co-founder of IntelligenceArts, LLC, a consulting firm providing Intelligence community expertise to public and private sector clients. Betsy is a graduate of Stanford University.

Bill Dean, Director of Computer Forensics, Sword & Shield“Detecting Advanced Threats” Bill Dean, Sword & Shield’s director of forensics and security assessments, has more than 14 years of experience in the technical field in roles, such as: programmer, systems support, enterprise systems design and engineering, virtualization, digital forensics, and information security.

In 2005, he was recognized as the primary architect for an Intel virtualization/server consolidation project and was awarded Network World’s “Enterprise All Star” and “InfoWorld’s Top 100 Projects.” Since that time Bill has focused his career on the specialties of systems security, electronic discovery, digital foren-sics, and incident response. He served as the technical expert and provided

3:00 - 3:50 pm • BREAKOUT SESSION 4

SPEAKER BIOSINFOSEC 2012

SPEAKER BIOSFederal Court testimony in the 7th largest eDiscovery case in 2007.He is a Certified Penetration Testing Specialist, Certified Computer Examiner, GIAC Certified Incident Handler (GCIH), a GIAC Certified Forensic Analyst (GCFA), AccessData Certified Examiner, and an active member of the International Society for Forensic Computer Examiners.

Michael Johnson, Manager, Security Strategy and Compliance Team, CHS “How to Increase Effectiveness of Security Teams”Michael Johnson is currently the manager of the Security Strategy and Compliance team at Community Health Systems. With over 12 years of Fortune 200 IS experience, Michael has managed regulatory concerns, threat and vulnerability management, incident response, security architecture and engineering. Michael currently manages a team of 17 engineers responsible for the protection of a 100,000+ device network. The team’s accomplishments include development of an event correlation system responsible for metrics reporting and device compliance. During Michael’s career, he has achieved several industry standard certifications including CCNP, MCSE, and CWNA.

Brenton Warner, Manager, IS Security Identity Management, CHS“How to Increase Effectiveness of Security Teams”Brenton Warner is currently the manager of the Information Systems Security Identity Management team at Community Health Systems. With nearly 10 years of experience in IT and Information Security and a B.S. in Computer Engineer from Middle Tennessee State University, Brenton is a recognized and capable leader with the ability to identify, communicate, and drive wide scale enterprise Security solutions. Most recently, he has served as the chief architect and technical lead for an Identity and Access Management solution serving over 150,000 active users across 29 states utilizing over 240 custom developed integrations with clinical and financial systems. This technology has reduced user access provisioning from days to minutes while streamlin-ing regulatory compliance. Paired with Single Sign On technology simplifying the user logon experience through RFID technology, the solution is regarded as a significant clinician satisfier. The IdM team at CHS has been awarded the ISE Southeast Project of the Year Award for 2011 and was a finalist in the subsequent ISE North America Project of the Year category for their work in Identity Management.

INFOSEC 2012

SPEAKER BIOS

Brian Hicks, Motivational Speaker/Author “The TinderBox Tapes”“Creating Dynamic, Creative Leaders in a Time Crunched World”With an onstage energy that’s been called “an adrenaline rush,” Brian Hicks is quickly becoming a sought-after speaker across the country. Known for his unique ability to deliver a challenging message in a humorous way, he’s been labeled “Part Billy Graham, part Bill Cosby.”

After 20 years with Fortune 500 insurer Aflac, he retired in 2009, at age 40, to become an inspirational author, speaker and training consultant. Brian calls himself a Personal Development Advocate, emphasizing that when we grow individually, our businesses grow exponentially. He combines personal stories with little known anecdotes about historical figures like Thomas Edison and John Wesley to inspire audiences to get astounding results at home and work every day.

His first inspirational novel, The Tinderbox Tapes, is written in the tradition ofAndy Andrews and the late Og Mandino. It tells the story of Michael Turner,whose father gave him 6 audio tapes just before his terminal illness took hislife. Twenty-five years later, Mike is about to listen to them for the first time. In so doing, he will learn that a life he’s called “a swing & a miss” doesn’t have to stay that way, and he’ll discover the secret of success isn’t a secret after all.

Brian’s motivational sales column, Selling Benefits, appears each month in Benefits Selling Magazine, and he is the opening keynote at this year’s Benefits Selling Expo in San Antonio. He lives outside of Nashville, Tennessee with his wife and 3 boys. www.brian-hicks.com

GET EMPOWERED WITH THE KNOWLEDGE ANDEXPERTISE TO GET HIPAA-HITECH COMPLIANT

Governance and Oversight

Risk Management

Risk Analysis

Compliance Assessments

Meaningful Use

Policies & Procedures

Remediation Plans

Workshops & Training

On-Demand Consulting

Managed Compliance Services

www.clearwatercompliance.com800.704.3394

HIPAA Simplified by ExpertsTM

Ad_TechCouncil_Layout 1 8/31/12 1:27 PM Page 1

SESSION ABSTRACTS

“New Technologies, New Threats and New Business Opportunities: Strategies for Protecting Your Data and Systems” • Howard Schmidt, former Cyber- Security Coordinator of the Obama AdministrationJust as technology changes quickly so do the threats. Prof. Howard Schmidt, former Cyber Security White House Advisor will talk about true strategies, new protections and things to consider when faced with the constant changes. Success can be achieved by looking at security from end to end. Development, deployment and IT operations need to have security and privacy built in from the beginning. The role of Governments and private sector will be discussed as Cyber Security has significant international implications for us all”

“Maintaining Compliance in a Post-Firewall World” • Rick Dakin, CoalfireA few short years ago, the firewall, while not the whole security solution, was a cornerstone of enterprise security. Surrounding sensitive data with a safe, hardened perimeter was the definition of information security. Firewalls are still essential to a sound security practice.


SESSION ABSTRACTS

However, the consumerization of IT has enabled users to store company data on service provider platforms like Google and Dropbox without consideration of IT governance. Firewalls are being bypassed and company risk assessment programs are not yet effectively considering the impact of the migration to the cloud.

Find out why current controls may not be adequate to fully secure mobile devices. And how risk mitigation steps can dramatically reduce claims of negligence in allowing mobile-device access to sensitive data and critical systems.

“The New Field of Cyber Security” • Scott Borg, Chief Economist of the U.S. Cyber Consequences UnitCyber security is a field perpetually in crisis. The current crisis, however, is different. It is going to force the whole field to be redefined. It will be necessary, not just to move beyond signatures and perimeter defense, but also to move beyond the current focus on technical vulnerabilities. The cyber-security profession will need to take a much broader view of its problems and apply a much wider range of solutions. Doing this, while remaining clear headed and technically grounded, will require a new conceptual framework. This talk will show what this new framework needs to look like.

GET EMPOWERED WITH THE KNOWLEDGE ANDEXPERTISE TO GET HIPAA-HITECH COMPLIANT

Governance and Oversight

Risk Management

Risk Analysis

Compliance Assessments

Meaningful Use

Policies & Procedures

Remediation Plans

Workshops & Training

On-Demand Consulting

Managed Compliance Services

www.clearwatercompliance.com800.704.3394

HIPAA Simplified by ExpertsTM

Ad_TechCouncil_Layout 1 8/31/12 1:27 PM Page 1

INFOSEC 2012

“10 Things Security Teams Need to Know About Cloud Security” • Dave ShacklefordMore and more organizations are moving data, systems, and applications into cloud service provider (CSP) environments all the time. The reasons for this are many – cost, efficiency, improved operations, features, and many more. However, security teams are still trying to figure this whole “cloud” thing out. What are the biggest issues? How do we assess CSP environments? What are the most important questions to ask? What technologies are emerging to help us? These questions and more plague security teams every day.

In this presentation, Dave will discuss ten key points that all security teams should understand about cloud infrastructure and security. Attendees will walk away with:

• Ten concrete areas of cloud security focus, with takeaways from each.• Ideas for how to improve cloud security assessment and audit programs.• Technologies that should be evaluated now and in the near future for solving cloud security challenges.• Examples of what other organizations are doing to address these challenges.

“Tales from the Dark Side” • Chris Bream & David Damato, MandiantOver the past several years, Mandiant has responded to over a hundred targeted attacks, at a variety of organizations. The majority of these organizations were all subject to security audits and regularly performed various security assessments based on industry leading practices. Despite the benefit of such audits and security assessments, these organizations are frequently compromised by targeted threats, often evading detection for months and years. This presentation will touch on why current security assessment methodologies have not been more effective in assessing organizations’ exposure to targeted attacks. The presentation will focus on common tactics employed by targeted threats along with techniques used by other organizations to more effectively assess an environment’s exposure to tactics associated with targeted attackers.

“In the Crosshairs: How Cybercriminals Target the Enterprise” • George Tubin, TrusteerIncreased workforce mobility, Bring-Your-Own-Device (BYOD), and desktop virtualization initiatives have dramatically expanded the risk of advanced threats to enterprise assets. Using a variety of techniques, advanced malware is targeting client applications to access sensitive business data. This session will discuss the three phases of the cyber-attack life-cycle and how they are carried out. The speaker will cover:

Infection, including spear-phishing and drive-by-download attacks Evasion, from polymorphic variants to memory-resident threats Data theft, including key loggers, screen grabbers, and other extrusion techniques

The speaker will also present best practices for protecting enterprise applications and data from “under the radar” malware that can evade traditional security controls.

SESSION ABSTRACTS

INFOSEC 2012

SESSION ABSTRACTS

“How To Perform an Internal Penetration Test using Open Source Tools” • Paul Griggs, CadrePerforming a penetration test is not something a typical IT professional does every day. How does it work? How does a penetration test differ from a vulnerability assessment? And just what makes a successful penetration test?

Join Paul Griggs of Cadre Information Security in a discussion of “How To Perform A Penetration Test Using Open Source Tools”, and learn how to discover, enumerate, evaluate, and penetrate a network. By using Open Source tools, a penetration test doesn’t have to break the bank. By looking at your network the way online criminals do, you can identify additional control opportunities that can show an honest business benefit.

Mark Fulford - [email protected]

LBMC SECURITY & RISK SERVICESA SERVICE OF LATTIMORE BLACK MORGAN & CAIN PC

How Secure Are You?

Thomas Lewis - [email protected]

By utilizing LBMC Security & Risk Services, companies have the confidence that they are safeguarding themselves against potentially embarrassing and costly problems. Whether your business already has an information security process in place or you are working toward securing your environment, LBMC provides a full array of security & risk services designed to help protect you, your employees and your clients.

Security Services Offerings:Assessment ServicesDesign and Implementation ServicesCompliance (PCI, HIPAA, etc.)Managed Services (IDS/IPS and SIEM Log Management)


SESSION ABSTRACTS

“Top Security Trends and Takeaways for 2012 and 2013” • Ray Wagner, GartnerWith continuing trends in cloud, consumerization, mobility and the next big thing, the way IT is delivered is changing. Each brings new threats and breaks old security processes. Here we review the top 2012-2013 security hot topics to map the trends. Key Issues:

• What social, business and technology trends lead to increased threat to businesses?• What security technologies and processes will provide the hightest return on investment over the next 5 years?• How can businesses balance protecting customer data with the need to increase revenue?

The content for this session is instructional/tutorial in nature, with time for Q&A/Discussion at the end.

“Assessing Your Organization’s Cloud Presence – A Practical How-To” • Rafal Los, HPToday’s enterprise is entangled in the cloud in many different ways. Whether your employees bring their own cloud to work, or your developers push prototype applications into the cloud, or your corporate IT strategy calls for a hybrid public/private cloud approach – you’re invested in the cloud. Where are your biggest risks? Is your enterprise security and risk management strategy keeping up with what cloud brings in? The talk focuses on bringing your security and risk policies up-to-date to provide at least an audit-level assessment of your cloud risks, across your enterprise portfolio or users, services and systems.

“Advanced Persistent Response” • Tom Kellermann, Trend MicroTom Kellermann, Vice President of Cybersecurity for Trend Micro and former member of the Commission on Cybersecurity for the 44th President will depict the evolution of the cyber threat landscape in 2012. His presentation will discuss the evolution of the underground economy in cyberspace, specifically illustrating the tactics which are being utilized to colonize our digital ecosystems and the correspondent risk management strategies which should be adopted in order to manage the scourge of advanced persistent threats.

“Breaking the Lifecycle of the Modern Threat” • Wade Williamson, ProSys/ Palo AltoNetwork attacks are becoming both more sophisticated and more common, with all types of enterprises and all types of information being targeted by attackers. In this presentation we will shine light on the lifecycle of a modern network attack, investigate real-world examples and discuss best practices required to find and stop threats both known and unknown in the enterprise.

INFOSEC 2012

SESSION ABSTRACTS“Developing a Lightweight Breach Notification Process” • Matthew Webb, Ingenuity AssociatesBreach response can be a very stressful and challenging experience for most organizations. Responding effectively requires not only a disciplined response plan; including method(s) to identify impacted individuals, to communicate the event and ultimately address whatever caused the breach. Additionally, knowing when a response is required, demands research along with communications across many levels of an organization.

This presentation will describe essential steps to establish awareness and understanding of having a Breach Notification plan; key relationships needed and actions necessary to effectively respond to a breach scenario. Takeaways from this “How To” presentation will include a framework from which to gauge current response capabilities as well as establishing a road-map for further process enhancements. This framework will help you answer questions like, “What constitutes a breach?” and “What plans do we have in effect today?” The goal is to provide you with enough guidance that you have the foundational building blocks to establish your own process in case a breach occurs within your organization.

-‐

INFOSEC 2012

SESSION ABSTRACTS

“Spear Phishing: The Truth Behind APTs“ • Rohyt Belani, PhishMeToday, phishing is a key component in a “hackers” repertoire. It has been used to hijack online brokerage accounts to aid pump n’ dump stock scams, compromise government networks, sabotage defense contracts, steal proprietary information on oil contracts worth billions, and break into the world’s largest technology companies to compromise their intellectual property. During this talk, I will present the techniques used by attackers to execute these attacks, and real-world cases that my team have responded to that will provide perspective on the impact. I will then discuss countermeasures that have been proven to be effective.

“Mobile Security: Present and Future” • Ken Swain, LBMCMobile devices are one of the fastest-growing computing segments today. This growth coupled with a current “bring your own device” (BYOD) model that is preferred by many companies can impose additional risk to the enterprise. Several techniques and technologies have arisen to help deal with the current threats. While some of these are effective, they are not always necessary to achieve the desired level of security. With good policies, planning, and willingness to plan for a future state you can achieve a higher level of security at a lower-cost. Ending in a stateless security model that can be applied to more than just mobile and increase productivity, efficiency and result in a lower cost of ownership.

INFOSEC 2012

SESSION ABSTRACTS

“The Web Application Security Challenge – Protecting Your Applications and Data in an Insecure World” • Michael Groskop, RadwareWhile some web application attack vectors such as SQL injection and XSS are familiar and often discussed, the spectrum of attack vectors is significantly wider. By analyzing the web application attack trends and statistical information, we will get familiar with the web application security challenges and identify the more relevant requirements to your environment.

Modern Web Application Firewalls can offer a cost effective solution to the enterprise security challenges and compliance needs, offer a short time to security, and provide a path for implementing centralized web application security management. On the other hand some inhibitors such as fear of Business Impacts on the Applications and cost of implementation and ongoing maintenance should be considered as well.

In Security, like in many other domains, Priorities Make Things Happen. Prioritizing our needs and requirements will help us choosing the right solution for our current environment and address future growth and scalability needs.

“Using IAM to protect you from APTs and Auditors” • Jonathan Sander, QuestIdentity and Access Management (IAM) is the practice of making sure the right people have the right access to the right applications and data using the right means at the right times. What is the definition of “right”? Well, that’s where the real world meets IAM head on. We’ll discuss how using IAM you can ensure that you are depriving would be APT attacks of their typical easy to exploit attack vectors. We’ll also look at how visibility is the best side benefit you get to properly done IAM, and how that visibility can make the auditors your friends in getting the business to take on their proper role in the access governance and security process.

“Hunting Evil – How to Eradicate Malware on your Network” • Bart Hopper, Volunteer Corporate Credit UnionThis talk will discuss actively following attacker exploit chains to capture malware for analysis. Actively pursuing malware will allow an accurate assessment of risk, assist with the development of counter measures, and allow the discovery of ‘indicators of compromise’ for incident response. Areas covered will include understanding attacker’s evasion and obfuscation techniques, collection of malware, and a discussion of deobfuscation/analysis tools and techniques.

“Threat Landscape Trends and Protection Strategies” • Franklin Witter, SymantecSymantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 64.6 million attack sensors and records thousands of events per second. This network monitors attack activity in more than 200 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services and Norton consumer products, and other third-party data sources.

INFOSEC 2012

SESSION ABSTRACTS

In addition, Symantec maintains one of the world’s most comprehensive vulnerability data-bases, currently consisting of more than 47,662 recorded vulnerabilities (spanning more than two decades) from over 15,967 vendors representing over 40,006 products. These resources give Symantec’s analysts and strategists unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam.

In this session we will examine the current trends Symantec has identified through its analysis and discuss the essential strategies enterprises should implement to secure their systems effectively now and into the future.

“Mobile Security and Enterprise Management for the Cloud Era” • Kurt Roemer, Citrix SystemsHow do enterprises securely enable highly mobile and BYO devices while maintaining data governance? Enterprise IT managers are watching their boundaries erode while simultaneously being attacked with increasing innovation and having to answer to complex regulations. To further add to the pain, the business is saying “yes” to consumer-grade devices, BYO, cloud computing and other initiatives that cause a decrease in control – but an increase in productivity.

To get a grip on the wheel of chaos, new technology and tactics must be mastered. This session will focus on:

• How to support BYO initiatives and consumer-grade devices, Android and IOS• The role of Mobile Application Management (MAM) and Mobile Device Management (MDM)• The Application Delivery Controller as a cloud controller• Citrix solutions for mobility and cloud: Receiver, CloudGateway and NetScaler

“China, Cyber and SCADA” • Betsy Woudenberg, Intelligence ArtsIn this session, Betsy Woudenberg will lead an examination of China’s interests in U.S. energy, from state-sponsored economic espionage to the threat of penetration of our industrial control systems. Woudenberg, a former CIA officer, connects a series of recent Chinese cyber intrusion sets to the driving forces in China’s energy development, and then reviews China’s strategic military interests and how U.S. critical infrastructure could become a target for penetration.

“Detecting Advanced Threats” • Bill Dean, Sword & ShieldFor years, organizations were instructed to protect the perimeter from attackers. After many high-profile breaches, we are now being told that we are likely already breached and must detect the attackers that are already inside. This presentation will discuss methods and tools to detect and disrupt attackers that are already inside our networks.

“How to Increase Effectiveness of Security Teams” • Michael Johnson & Brenton Warner, CHSBrenton Warner and Michael Johnson will discuss the ongoing evolution of the Information Security team at Community Health Systems, a leading provider of general hospital healthcare

Protecting the world’s information.Cloud. Virtual. Mobile.

Today, we have more information than ever before and more ways to access it, process it, share it, and benefit from it. From tablets to cloud computing, from smartphones to virtualized data centers, from helping you defend your organization against advanced threats and data leaks to simplifying backup and ensuring 24x7 availability, Symantec helps protect your information no matter where it resides.

Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.

INFOSEC 2012

SESSION ABSTRACTSservices based in Franklin, Tennessee. Topics include regulatory compliance, foundational security controls, threat and vulnerability management, and identity and access management. Key focus areas outline the value of maintaining transparency and visibility, gathering buy-in through metrics-based reporting, tips for setting clear expectations with customers, and demonstrating progress with executive management. CHS Information Security accomplishes goals by enhancing commercial solutions through in-house devel-opment and demonstrates a third alternative to buy versus build. The how-to presentation provides real world examples utilized by Brenton and Michael’s teams to transform, grow, and protect the business.

“Creating Dynamic, Creative Leaders in a Time Crunched World” • Brian Hicks, Author, The Tinderbox TapesIn IT and Information Security we need dynamic, problem-solving leaders that thrive at work (and home) but its difficult to invest the time or even know what tools to provide employees to help enhance their leadership skills when fires require fighting on a daily basis. Its also difficult to know how to invest in others and do so in the way they are most receptive. This frank discussion will provide listeners some of the soft skills tools they need in order to equip themselves and their employees to develop creative strategies to solving difficult problems and investing themselves meaningfully in those around them to develop tomorrow’s IT and Security leaders.

Protecting the world’s information.Cloud. Virtual. Mobile.

Today, we have more information than ever before and more ways to access it, process it, share it, and benefit from it. From tablets to cloud computing, from smartphones to virtualized data centers, from helping you defend your organization against advanced threats and data leaks to simplifying backup and ensuring 24x7 availability, Symantec helps protect your information no matter where it resides.

Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.

SPONSOR INFO

Peak 10 is a managed services company with world-class data centers. It delivers scalable, economical and reliable solutions for hosting and managing complex information technology infrastructure. The company’s expert team embraces the industry’s evolving technologies by adopting and tailoring solutions such as virtualization and cloud-based services as part of its robust managed services offering. Its strong customer focus, financial stability, geographic diversity and technical strength attracts market-leading companies such as LendingTree, Global Knowledge, Carnival Cruise Lines, Pergo, Healthways and Churchill Downs. Peak 10 is SSAE 16 audited and helps companies meet the requirements of various regulatory compliance acts such as Sarbanes-Oxley (SOX), HIPAA, PCI and Gramm-Leach-Bliley (GLBA).

Peak 10’s customers enjoy the accessibility of a local provider and the security of geographically diverse organization; the personal relationship of a small company and the resources of a large organization; the expertise and performance of a national player and the trust and attention of a local partner. Simply stated, Peak 10 clients receive outstanding service, without sacrifice.

Peak 10 is in growth mode and has the financial strength and positive investor vision to pursue opportunistic expansions pertaining to geography and services. The company’s primary financial partner, Welsh Carson, has private equity and investment banking expertise with extensive experience in the information technology and communications industries.www.peak10.com

Level 3 Communications, Inc. (NASDAQ: LVLT) is a premier international provider of fiber-based communications services. Our converged voice, video and data solutions serve enterprise, content, government and wholesale customers leveraging a reliable and secure network. We focus on understanding customers’ challenges, providing relevant solutions, and delivering superior service. Learn more: www.level3.com

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. We are relentlessly focused on constantly finding new ways to keep our customers safe.

INFOSEC 2012

SPONSOR INFO

ProSys successfully brings together customized IT solutions and comprehensive engineering expertise, coupled with proprietary technology applications and best-in-class products to offer solutions tailored to meet your organization’s unique business requirements. We assess, design, acquire, implement and support your IT hardware and software solutions.

Palo Alto Networks has pioneered the next generation of network security with our innovative platform that allows you to secure your network and safely enable the increasingly complex and rapidly growing number of applications running on your networks. At the core of this platform is our Next-Generation Firewall which delivers visibility and control over application, users, and content within the firewall using a highly optimized hardware and software architecture. This platform uniquely offers you the ability to identify, control, and safely enable applications while at the same time inspecting all content for all threats all the time. These capabilities are combined with superior performance compared to traditional approaches, including those found in a UTM or software blade approach. Our approach allows you to simplify your net-work security infrastructure and to eliminate the need for a variety of stand-alone and bolt-on security devices. Our platform can address a broad range of your network security requirements, ranging from the data center to the enterprise perimeter to the far edges of the network, which includes branch offices and mobile devices.

INFOSEC 2012

platinum sponsor

gold sponsors

CA Technologies is an IT security and management software and solutions company with expertise across all IT environments—from mainframe and physical to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies’ innovative security products and services enable organizations to protect their key systems, applications, and information, as well as to enable continued business growth and customer loyalty.

SPONSOR INFOINFOSEC 2012

gold sponsors

Cadre is a network and information security solutions provider that serves large and medium sized firms. Widely recognized as a pioneer in the security industry, Cadre delivers value through superior customer service, advanced engineering and a resolute focus on design, assessment, installation, training and support of information security systems. All over the world, clients rely on Cadre to provide guidance and technical expertise on compliance, controlling technical risks, and achieving security goals. www.cadre.net 888-TO-CADRE

© 2012 Quest Software Inc. Quest, the Quest Software logo and Simplicity at Work are trademarks of Quest Software, Inc. For a complete list of Quest trademarks visit http://www.quest.com/legal/trademarks.aspx. ADW-InfoSec2012-Quarter-EH . All other names mentioned herein may be trademarks of their respective owners.

QUEST ONE SIMPLIFIES YOUR COMPLIANCE & SECURITY• Control & Audit Superuser Access• Streamline Access Governance through Automation• Delegate & Secure Active Directory Identity Administration• Report on Critical IT Infrastructure for Compliance• Deploy Affordable Two-Factor Authentication

Charter Business® provides a full range of advanced broadband services and solutions to business organizations, including Charter Business Internet, Charter Business Phone and Charter Business TV in Digital entertainment programming.

Clearwater Compliance has one purpose: to help your organization become and remain compliant with HIPAA-HITECH security, privacy, and data breach regulations through industry leading tools, software, and professional services.

LBMC Security & Risk Services works with clients to help them identify, measure and manage security risks in their business environment while reducing the operational overhead associated with a security program. Whether the need is a fully coordinated security solution, guidance and direction on making well-informed LBMC Security & Risk Services works with clients to help them identify, measure and manage security risks in their business environment while reducing the operational overhead associated with a security program. Whether the need is a fully coordinated security solution, guidance and direction on making well-informed decisions about se-

INFOSEC 2012

© 2012 Quest Software Inc. Quest, the Quest Software logo and Simplicity at Work are trademarks of Quest Software, Inc. For a complete list of Quest trademarks visit http://www.quest.com/legal/trademarks.aspx. ADW-InfoSec2012-Quarter-EH . All other names mentioned herein may be trademarks of their respective owners.

QUEST ONE SIMPLIFIES YOUR COMPLIANCE & SECURITY• Control & Audit Superuser Access• Streamline Access Governance through Automation• Delegate & Secure Active Directory Identity Administration• Report on Critical IT Infrastructure for Compliance• Deploy Affordable Two-Factor Authentication

Established in 1987, Quest Software (Nasdaq: QSFT) provides simple and innovative IT management solutions that enable more than 100,000 global customers to save time and money across physical and virtual environments. Quest products solve complex IT challenges ranging from database management, data protection, identity and access management, monitoring, user workspace management to Windows management.

SPONSOR INFO

Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain busi-ness continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.

SPONSOR INFOINFOSEC 2011SECURITY (R)EVOLUTION

INFOSEC 2012

SPONSOR INFO

Trend Micro Incorporated creates a world safe for exchanging digital information with its Internet content security and threat management solutions. A pioneer in server security with over 20 years’ experience, we deliver server and cloud-based security that stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge – from the Internet.

gold sponsors

Trusteer is the leading provider of endpoint cybercrime prevention solutions that protect against financial fraud and data breaches. Hundreds of organizations and online banking providers, and millions of end users rely on Trusteer to protect their computers and mobile devices from online threats that are invisible to legacy security solutions. www.trusteer.com.

silver sponsors

Accuvant is the only research driven information security partner delivering alignment between IT security and business objectives, clarity to complex security challenges and confidence in enterprise security decisions.

Symantec is a global leader in providing security, storage and systems management solutions to help our customers – from consumers and small businesses to the largest global organizations – secure and manage their information-driven world against more risks at more points, more completely and efficiently. Our software and services protect completely, in ways that can be easily managed and with controls that can be enforced automatically – enabling confidence wherever information is used or stored. www.symantec.com

INFOSEC 2012

SPONSOR INFO

Ciber is a global IT consulting company with 7,000 consultants in North America, Europe and Asia/Pacific, and approximately $1 billion in annual revenue.

silver sponsors

We believe that your work and your personal life are not mutually exclusive.This belief inspires us to build solutions that enable a seamless continuum to give you the shortest distance between work and life.

GCA Technology Services offers a broad range of identity and access management services including integration and consulting. GCA has formed partnerships with the leading technology providers and has invested in a world- class staff to deliver complete business solutions in Tennessee and across the United States.

At HP we don’t just believe in the power of technology. We believe in the power of people when technology works for them. To help you create. To make the digital tangible. To harness the power of human information. At HP we work to make what you do matter even more.

Through world-class solutions that address risk across the enterprise, IBM Security Services enables organizations to build a strong security posture that helps reduce costs, improve service, manage risk, and enable innovation. For more information on how to address today’s biggest risks please visit us at www.ibm.com/services/security

SPONSOR INFOINFOSEC 2011SECURITY (R)EVOLUTION

INFOSEC 2012

SPONSOR INFO

EMC Corporation (NYSE: EMC) is the world’s leading developer and provider of information infrastructure technology and solutions that enable organizations of all sizes to transform the way they compete and create value from their information. Information about EMC’s products and services can be found at www.EMC.com.

silver sponsors

Imation Mobile Security provides solutions that address the demands of the mobile workforce, for enterprise and government organizations, that are easy to use, easy to deploy and easy to manage, while also providing a broad set of security options able to meet varying customer requirements. Secure, deploy, and manage. With Imation, you can do it all.

INFOSEC 2012

SPONSOR INFO

Sword & Shield provides network security assessments, security risk and compliance analysis and forensic investigations, along with best-of breed security products. EventTracker is a leading provider of SIEM and log management solutions which offer security, operational, and regulatory compliance monitoring. Together, they are your partners for a simplified SIEM solution.

silver sponsors

2ST.net has been serving clients since 1998, providing them with a range of services to assist them in deciphering the increasingly complex landscape of Information Technology products and services related to Network Infrastructure, Information Security and Business Processes. Our ability to develop a single source solution from product selection to full-on implementation and project oversight whether it be a trial lab or an enterprise wide deployment on a global scale, 2ST.net has proven itself to be a ‘trusted advisor’ to a large number of IT groups. Office Number: 615.656.8428 Website: www.2ST.net

United Data Technologies (UDT) named one of the 50 fastest growing IT firms in the U.S. by Everything Channel a leading provider of high-performance technology solutions in the Southeast and Mid-West United States. We design, build, deliver and service innovative IT solutions that integrate and elevate your current systems with the latest technology. At UDT, our mission is to be the resource of choice for our clients’ technology needs. Website: www.udtonline.com

thank you to all our sponsors who make

this event possible.

INFOSEC 20119.15.11

sponsored by:

INFOSEC 2012

INFOSEC 20119.15.11

infosec 2012 program

Documents

technology community

technology resources

years infosec conference

new technology companies

event committee

regional security conferences

leading security summits

best security vendors