HomeAgenda DetailsSpeaker RosterVenue & HotelExpo DetailsRegistration Details

Monday, March 23

10:00 AM - 11:00 AM
G1 How to Stop Insider Threat
Jonathan Cogley CEO, Thycotic
What kinds of trusted insiders have access to privileged account credentials
How many breaches, both internal and external, are related to privileged credentials
How to protect privileged account credentials used on your network and in cloud services

11:15 AM - 12:15 PM
G2 Improving Your Intrusion Detection Controls Through Pen Testing
Jerod Brennen CISSP, CTO & Principal Security Consultant, Jacadis
Overview of the Penetration Testing Execution Standard (PTES)
Walkthrough of the penetration testing process, from pre-engagement interactions to reporting
Review of effective pen testing techniques
Survey of pen testing tools, both open source and commercial
Ideas for how to prepare a business case for pen testing to present to leadership

1:30 PM – 2:30 PM
G3 Security Data Science: From Theory to Reality
Jay Jacobs, Security Data Scientist, Cybersecurity Research & Innovation, Verizon Enterprise Solutions
Bob Rudis, Security Data Scientist, Cybersecurity Research & Innovation, Verizon Enterprise Solutions
Data Science is all about people, supported by technology
Many lessons can be learned with the right mindset and freely available software
Visualizing data can be quick and easy and provide a lot of insight
Statistics can help avoid many common mistakes and missteps
The basic concepts of machine learning and how it will open up possibilities

3:15 PM – 4:15 PM
G4 In Memory of Barnaby Jack: Why Medical Device Makers Don’t Get InfoSec
Ben Rothke, CISSP, Information Security Manager, Wyndham Worldwide Corp.
Overview of Barnaby Jack’s groundbreaking work
How medical device makers are often oblivious to infosec and privacy
How we got to where we insecurely are
Real-world horror stories (including one manufacturer who thought they knew it all after an hour with an expert)
Why things will get worse before they get better
What it takes to make IMD secure and safe

Tuesday, March 24

8:30 AM – 9:45 AM
G5 The Seven Secrets of Social Engineering  CASE STUDY
Steve Hunt, CPP, CISSP, Principal Analyst, SecurityCurrent
Keys to sneaking in to your own office
Techniques like pre-texts, social engineering, lock and alarm bypassing, targeted telephone calls, and even disguises
How measuring improvement reduces risk
How to make physical security fun for the whole company

10:00 AM – 11:00 AM
G6 Identity Management and Authentication: Patterns and Use Cases
Jahan Moreh, Chief Security Architect, Michigan Group, Inc.
The evolution of identity management and the latest trends
Evaluate business demands and whether cloud-based identity management solutions are appropriate for specific use cases
Assess identity providers and their role in the overall identity management process
Choose identity federation patterns that can help address specific use cases

2:00 PM – 3:00 PM
G7 Three Practices to Cut Costs, Increase Security, and Pass Assessments 
Jennifer Minella, VP of Engineering and Consulting CISO, Carolina Advanced Digital, Inc.
The Gates (Access control for people and data)
    oAccess rights and network segmentation
The Lost and Found (Undocumented assets)
    oFinding data stores, network devices, and switches
    oKnowing your environment 
The Kaizen (Upkeep of people and systems)
    oPersonnel and resource limitations
    oMaintenance and upkeep

3:30 PM – 4:30 PM
G8 From IT Audit to IT: Moving to the Dark Side - Work with Sith Lords and Still Remain a Jedi 
Ruperto MacQuhae, AM IT Program Manager, DHL Express
What translates, and is effective, from IT audit to IT practitioners and vice versa
Key elements that give you credibility as IT audit
Apply audit and assessment techniques to program management processes
Security considerations that regularly take a back seat
Bridge the gap between IT security, IT audit and IT practitioners

Wednesday, March 25

9:45 AM – 10:45 AM
G9 Be Quick or Be Vulnerable: Security and Agile Development
James Jardine, Principal Consultant, Secure Ideas
Kevin Johnson, CEO, Secure Ideas
Explore how security testing and remediation can be done within any agile or fast iteration development process
See real-life issues uncovered during pen tests
Learn solution sets to assess the security of applications
Understand how to better support rapid development and deployment

11:00 AM – 12:00 PM
G10 Mitigating the Pass-the-Hash Exploit by Identity, Network and Privilege Redesign
Philip Lieberman, President and CEO, Lieberman Software
Zero-day vulnerabilities and implications
APTs and Pass-the-Hash: how do they work
Architectural changes to minimize intrusion losses
Removing passwords, keys, certificates from users via bastions/RemoteApp
Automatic rotation of passwords and other cryptographic elements
Top-notch training. Compelling speakers. Meaningful interactions.
Register for the 2015 Infosec Conference
Join the conversation using #InfoSecWorld
Contact Us

Registration/General Inquiries:
Customer Service
(508) 879-7999 ext. 501
[email protected]

Speaking Opportunities:
Katherine Teitler
Director of Content Development 
[email protected] or (508) 532-3624

Exhibit Sales:
Vendors A-L
CJ Oliveri
Director of Sales, Conference Division
[email protected] or (508) 532-3609

Vendors M-Z
Howard Weinman
Director of Sales, Conference Division
[email protected] or (508) 532-3652