Schedule

Track One

Track Two

Track Three

Track Four

Time

Business

Governance & Compliance

Technology

Career

In the current challenging economic cycle, business is constantly challenged to reduce cost, improve operational efficiency, increase agility of IT developers and business users and enhance collaboration with suppliers, customers and partners. To that end business has embraced emerging technologies including cloud services, social networks, mobile technologies and new approaches such as bring your own computer to work. Historically, information security has been seen as a business inhibitor and a necessary but inconvenient weight. In this track you can learn about how businesses need to rethink their priorities, establish a roadmap to enable business while combating new threats, both inside and outside an enterprise, that drive up risks. Participants in this track will identify the business impact of the security challenges and responses in these changing times.

With the growing number of industry-specific, U.S. and international laws and regulations, how are information security leaders to ensure that their organizations and operations remain in compliance? Methodologies, frameworks, and tools are emerging that can aid in managing the myriad of challenges across governance, risk, and compliance. Join us for an educational and thought-provoking program presented by senior information security practitioners from leading organizations who offer their leadership and practical insights from their experiences. We invite information security professionals, privacy officers, risk managers, compliance officers and auditors to these sessions.

The technology track is focused on applied technology, how leading edge companies determine their critical technology needs and develop the business case to get their projects approved, funded, and moving forward. Proactive technologies to battle hidden malware, Advanced Persistent Threats (APT), and web applications attacks are presented and analyzed. And the need for Cloud Computing focused security technologies and methods are discussed. Typical participants are CISO/CSO, directors, senior technologists, project leaders and front-line practitioners.

As we recover from one of the worst economic storms in recent history, fresh and seasoned individuals alike are looking to re-establish their careers and make sure that they are equipped with right tools and techniques to better prepare themselves. The sessions in this track will present useful skills as well as expert opinions and suggestions for planning, managing, and assessing your career goals and strategy. A mix of individual presentations and panel discussions will cover a broad range of topics such as impact of cloud security and multi-sourcing on in-demand skills and importance of an advanced degree as well as certifications in Bay Area Infosec jobs. We will also have a networking expert share some easy but effective techniques to make new connections that are relevant to your networking strategy.

Whether you are a fresh graduate or an experienced security professional, if you are thinking about re-launching or fine-tuning your career and are interested in learning what CISOs and recruiters are looking for, you'll have a lot to gain from this track.

7:30-8:30 AM

Registration & Breakfast

8:30-8:45 AM

Introductions

8:45-9:45 AM

KEYNOTE

Working While In The Eye Of The Storm

Mark Weatherford: Chief Information Security Officer, State of California

Abstract:

“Information technology in California is changing and along with it, the approach to securing the vast amount of information on businesses and citizens held by the state. In this talk, Mark Weatherford will talk about the challenges faced by government to overcome historical inertia and the approach they have taken to begin creating efficiencies that result in more comprehensive security across the state enterprise landscape. In a time of shrinking budgets and growing security requirements, creativity is the name of the game.”

9:45-10:15 AM

Break: Sponsor Exhibition

10:15-11:15 AM

Agile Security Strategy for Enterprise

Speaker:

Yvonne Wilson, Oracle Security Solution Architect, Oracle

Abstract:

This talk will discuss the challenges and trends impacting enterprise security (such as outsourcing, social networking, etc) and a strategy for how to address them in an agile fashion. The talk will address the strategic principles in building a business strategy, business benefits and recommendations in building a roadmap

Managing Disparate Security & Privacy Requirements

Speaker:

Dorian J. Cougias, Founder & Lead Analyst, Network Frontiers LLC

Abstract:

The challenges organizations face in staying abreast of the multitude of compliance requirements and regulatory controls are enormous. The Unified Compliance Framework (UCF) harmonizes controls across hundreds of different regulations, where organizations can comply once and attest to many different requirements, including PCI, Sarbanes-Oxley, HIPAA, CobiT, and NIST. This session will enlighten attendees about the UCF, why it’s a good idea, where and how it can be applied to information security and privacy requirements.

Choosing Technology Investments and Gaining Project Approval

Speaker:

Gail Coury, Vice President Risk Management, Oracle

Abstract:

Organizations need to evaluate complex risks and determine effective solutions for their most important security imperatives. Security managers need to present project solutions effectively to Senior Management to get needed technologies and projects funded. This session will looks at how a senior technology leader at Oracle helps their organization accomplish the following:

• Identify critical risks and determine technology solutions needed

• Choose effective technologies to meet current and the anticipated future technology needs based on foreseeable and unforeseen risks.

• Best ways to build an effective business case that Senior Management will approve for both current and future technologies

Professional Networking for Engineering Professionals

Speaker:

Jeff Richardson, Chief Transformational Engineer, Empowered Alliances

Abstract:

This interactive Secrets of Successful Networking workshop will demonstrate a more effective strategy for meeting key individuals that can add value to you and your project. This workshop will provide you with tools and techniques along with a customizable process that will generate immediate results. His fun and engaging workshop approach will rejuvenate your perspective on the value of the networking as a tool for solving difficult problems and allow you to create a more effective strategy for accelerated job search or improved project performance.

Workshop Objectives:

•Evaluate the impact of new networking principles on your networking activities

•Understand key components of an effective networking strategy

11:15AM- 12:15PM

Why Business Should Care About Cloud and Identity 2.0

Moderator:

Subra Kumaraswamy, Cloud/Identity Strategist, eBay

Co-Speakers:

• Liam Lynch, Chief Security Strategist, eBay

• Slawek Ligier, VP of Consumer authentication, VeriSign

Abstract:

Cloud computing offers organizations new options for scalable, cost-effective, and flexible IT, but to gain the full benefits of cloud-based services, enterprises have to establish a trust model and processes, rethink identity lifecycle, and extend their IT security beyond their own perimeters to manage risks in cloud. Enterprises must also consider establishing a trusted front door to the cloud: one that provides security assurance, governance, control, and reliable performance. Identity in cloud – Identity 2.0 - can enable business, improve operational efficiency and can provide effective controls for security and compliance management. To that end, today’s agile enterprise need agile identity and cloud risk management framework. The talk will focus on the attributes of Identity 2.0, roadmap and options for business to get started. Audience will gain awareness on the approach and business benefits of Identity 2.0.

The GRC Landscape

Moderator:

Scott Wright, CTO, The GRMC Group

Panelists:

• Michelle Nix, Director, IT Risk Management, McKesson

• Vincent Campitelli, McKesson

• Jeff Melvin, VP Sales, Agiliance

• Margo Donahue, Agiliance

Abstract:

The landscape of GRC has evolved over the past few years, where GRC tools and processes, previously only for the largest of organizations, are now becoming available and useful to smaller sized companies. Attendees will gain knowledge of the current state of GRC tools and processes and be able to understand better and evaluate applicability for their organization.

Proactive Defense: Technologies to Overcome Hidden Threats

Moderator:

Eugene Schultz, CTO Emagined Security

Panelists:

• John Harrison, Group Product Manager, Symantec

• Ashar Aziz, CEO, FireEye

• Al Huizenga, Director of Product Mgmt., Mykonos Software

• Rich Cummings, CTO, HBGary

Abstract:

Current threats are increasingly hidden and sophisticated, making them nearly impossible to detect before being exploited by determined attackers. Web application attacks are based on the exploitation of business logic and software vulnerabilities. Stealthy attackers patiently introspect web applications to find attack vectors to exploit. Advanced Persistent Threats (APT) are multi-phased and sustained over long periods of time; attackers use a variety of difficult to trace techniques embedding themselves within IT environments. Once embedded, they open callback channels to steal data while simultaneously covering their tracks. Attendees will learn the incentives and goals of sophisticated attackers, their attack methodologies, and new technologies that can used to proactively battle the growing threat.

Planning For and Managing Your Career Growth

Moderator:

Mark Kadrich CEO, Trusted Computing Consortium

Panelists:

• Jim Carr, Teacher, UC Santa Cruz Extension

• Dave Tyson, CISO, PG&E

• Dana Wyne, Business Development Manager, Modis

Abstract:

Q&A covering various questions pertaining to preparing, re-educating, and fine tuning one’s career. Relevant and contrasting perspectives will be presented by successful and highly respected individuals. Topics covered will include but not limited to impact of cloud acceptance on security skills in demand, multi-sourcing - nightmare or a boon for CISO’s, Education and certification trends and their correlation to hiring stats, tips to achieve your career goals/getting hired and in addition we will also have a live job fair for those hiring and seeking new opportunities at the end of this session.

12:15-1:30 PM

Lunch & Sponsor Exhibition

1:30 – 2:15 PM

KEYNOTE

The Measure of Professional Identity

Brandon Dunlap: Managing Director of Research, Brightfly

As security practitioners, we are all well aware of the privacy concerns associated with social networking sites, but like any other risk, you need to balance it against the upside. Your personal brand is your most valuable professional asset. Savvy security professionals treat it as an investment. An investment, that if properly managed, can far exceed your expectations in returns. Social media tools, from Facebook to LinkedIn, can be fantastic points of leverage in managing your professional identity as well as providing a rich and diverse knowledge pool to draw upon. Join Brightfly's Managing Director of Research, Brandon Dunlap, as he shows you the value of your peer network and how, through the stewardship of your personal brand, you can use it as a force multiplier for your security program.

2:15 – 3:15 PM

KEYNOTE PANEL

CSO Panel: They’re In, Get Over It – Revising Your Core Strategy

Moderator: Jacques R. Francoeur, Sr. Dir., Identity and Information Assurance, Commercial Business Services, SAIC, and Executive Director, The CSO Council

Panelists:

• Gary Terrell, Chief Information Security Officer, Adobe

• Leslie Lambert, Chief Information Security Officer, Juniper

• John Wang, Security Architect, NASA

Recent, advanced malware attacks such as Operation Aurora and new regulatory imperatives such as the Healthcare Reform Act are driving a paradigm shift in information security. Many CISOs must reluctantly acknowledge that malicious hackers may be accessing their organization's core systems, crossing the line of inappropriate use, and potentially creating states of "constant compromise." Well seasoned Chief Security Officers from leading organizations will be explaining how there is a paradigm shift in information security, shifting primary defense strategies from an "Outside In" to an "Inside Out" based approach.

3:15-3:30 PM

Break: Sponsor Exhibition

3:30-4:30 PM

Malware and Fraud – Trends, Challenges and Mitigations for Business

Speaker:

David Hahn, Intuit

Abstract:

Internet users are constantly threatened and attacked by the Cyber criminals exploiting sophisticated technology flaws and social engineering techniques. Innovative techniques leveraging malware and phishing are constantly invented to seek new ways of translating the credulity of computer users into their own financial gain. Financial frauds on the Internet are amplified by the velocity of the attack and the size of the financial transaction. This trend has cornered users and business forcing them into a situation where they constantly have to take precautions in order to protect their privacy and their system’s integrity. This talk will focus on the trends in financial frauds and what business needs to know to protect their users, reputation, intellectual property and mitigate losses from the targeted and sophisticated attacks.

Prepare Now for the Coming Flood of PCI

Speaker:

Evan Tegethoff, Solutions Architect, Accuvant

Steve Shead, Compliance Manager, CafePress

Abstract:

While PCI DSS compliance is not a new phenomenon, the coming flood of requirements and controls that will be faced by Level 2 PCI organizations will likely be overwhelming if they are not understood and planned for today. Opportunities exist to do-it-yourself or to bring partners onboard to assist in the transfer of PCI risk for your organization. Attendees will further understand the current state of PCI DSS compliance and what the near future holds for Level 2 PCI organizations, plus gain awareness of which partners are available and how to engage them.

Cloud Computing: Creating Trusted Cloud Environments

Moderator:

Archie Reed, Chief Technologist for Cloud Security, HP

Panelists:

Nils Puhlmann, CSO, Zynga

Gary Terrell, CISO, Adobe Systems

Liam Lynch, Chief Security Strategist, eBay

Abstract:

The concentration of vast computing resources in shared environments with Cloud Computing offers economies of scale and significant cost savings, while presenting a bigger, more attractive target to potential attackers. Adoption of the cloud is constrained by fundamental security concerns for data in terms of information privacy, confidentiality, and integrity. To fully realize the benefits of Cloud Computing, we must be able to securely manage multi-vendor, cloud-based services and effectively deal with the potential for security vulnerabilities. Enterprises need to be able to trust the security, policies, and processes of cloud-based services. Attendees will learn of key technology challenges with cloud security, and discuss ways create and manage trusted cloud computing environments.

Renaissance Security Pro Techniques for Today's Privacy and Security Challenges

Speaker:

JJ Thompson, Principal, Rook Consulting

Abstract:

Modern technologies, cultural norms and new business practices create an exponentially different set of challenges than our industry has experienced even a decade ago. The speaker packs a semester’s worth of information and insights into a single session, packaging interdisciplinary (psychology, finance, security, and social media) skills to help attendees become "renaissance" security professionals. These skills have helped public and private industry professionals maintain a competitive advantage while addressing the emerging threat vectors (such as social engineering combined with bot-net distributed payloads) that have created challenges for maintaining effective privacy, compliance and security programs.

4:30-6:00 PM

Networking Reception: Sponsor Exhibition -

Raffle prizes drawn at 5 PM