September 26 - 27 • South San Francisco
The Future of Security
In a hyper-connected world, the health of the digital economy depends more than ever on the security tactics and strategies that protect our networks. Structure Security will highlight the best practices that security professionals are using to protect some of the world’s largest companies and institutions, and examine the future of security products, services, and the threats that aim to take them down.
Day 1 - Tuesday, September 27
Registration and Breakfast
The State of Information Security in 2016Art Coviello will kick off Structure Security with an overview of the current security landscape, including new threats, solutions, and best practices for information security professionals and developers.
Art Coviello, Venture Partner, Rally Ventures
How Machine Learning Will Keep Us SecureMachine learning is helping produce breakthroughs in almost every area of computing, and it's helping play defense as well. What has machine learning allowed security professionals to accomplish with new products, and what's to come as these systems become more sophisticated?
Stuart McClure, CEO, Cylance
Robert Hackett, Reporter, Fortune Magazine
Building a Successful Agile InfoSec Program for Today’s Digital BusinessThree time veteran CISO Demetrios Lazarikos (Laz) will present InfoSec strategies that are working with organizations interested in growing their programs to support Continuous Integration and Agile environments while protecting the company brand and adopting emerging technologies. Laz’ experience in these areas have been recognized globally by his peers and industry analysts. During this session, Laz will share successful strategies with you providing real world case studies and approaches that are embraced by practitioners and regulators. Laz will also share materials and data that work in creating meaningful dashboards and metrics to use for reporting to the board of directors, executive staff, and engineering teams.
Laz Lazarikos, Three Time CISO, InfoSec Thought Leader
Sean Martin, CISSP | Editor-in-Chief, ITSPmagazine
Security Challenges That Keep CIOs Up At NightSome of the biggest and most successful companies in the world depend on RSA's products and services for protection. Niloofar Howe, RSA's Chief Strategy Officer, is charged with making sure her company is responding to the needs of those customers by anticipating the next threat.
Niloofar Howe, Chief Strategy Officer, RSA
Paul Roberts, Founder and Editor in Chief, The Security of Things Forum, The Security Ledger
Morning Break Sponsored By TenEleven Ventures
Structure Talk: Synchronoss – Keeping Your Edge Secure – Main StageThe future of our mobile lives relies on not compromising between Security and Productivity, regardless of where you are working. Synchronoss partnered with Goldman Sachs to optimize the mobile user's experience. This session will highlight trends, experiences and solutions and will focus on Mobile Productivity, Data Protection and Identity Management.
Jay Chitnis, Head of Marketing, Enterprise, Synchronoss
Structure Talk: Citrix – Secure Mobility and Authentication For Highly Regulated Environments Including Government, Healthcare, and Financial Services – Cypress RoomHighly regulated environments including government, healthcare and financial services require strong mobile security that meets regulatory compliance and minimizes risks to critical data. Join this session to understand mobile security risks and how to protect data on the device with either device or application level controls; secure data sent in transit over public networks; and keep information stored in the cloud protected. Hear an Aviation industry case study to learn how these security measures have been successfully implemented.
Nivedita Ojha, Senior Director of Product Management, Citrix
Help Wanted: The Coming Security Skills GapThere is a scary shortage of qualified information security professionals - a 1 million-person gap in jobs available to cybersecurity experts and the people available to fill them, according to Structure Security adviser Jay Leek of Blackstone. How will CISOs plan for this shortage?
Jay Leek, Managing Director, ClearSky Security
Larry Dignan, Editor in Chief, ZDNet; Editorial Director, TechRepublic , CBS Interactive
Security is a Team Sport, Right?For too long, technology product development groups and information security groups at many companies have battled over how to ascribe resources and requirements: each battling for their own interests: delivery speed versus functionality versus increased security. Diana Kelley of IBM will explain why this standoff has made us less secure, and why it has broader implications for sharing information outside of companies.
Diana Kelley, Executive Security Advisor, IBM
What the Secret Service Can Teach Us about CybersecuritySince the Secret Service began protecting the President full time in 1906, only seven attackers have reached the President. From a cybersecurity defender’s perspective, the President is the ultimate high-value asset—incredibly important, but impossible to lock away in a sealed vault. But despite the similarity, the cybersecurity industry record is nowhere close to the Secret Service’s record. This talk will focus on what cybersecurity experts can learn from the Secret Service’s approach.
Nathaniel Gleicher, Head of Cybersecurity Strategy, Illumio
Spotlight on Digital Shadows
Alastair Paterson, Founder and CEO, Digital Shadows
Fighting Code with CodeSecurity experts are just starting to realize how advanced machine learning techniques and artificial intelligence research can help secure our networks. A panel of experts will discuss the progress so far and the challenges that remain in this session.
Kevin Mahaffey, Co-Founder and CTO, Lookout
Carson Sweet, Co-Founder and CTO, CloudPassage
Mark Terenzoni, CEO, Sqrrl
Jonathan Vanian, Writer, Fortune
Lunch Break Sponsored By Twistlock
Structure Talk: Distil Networks – Are Bot Operators Eating Your Lunch? – Main StageHigh risk lessons from the OWASP Top 20 automated threats. A new way to think about Web Security.
Edward Roberts, Director Product Marketing, Distil Networks
Structure Talk: Bugcrowd – State of Bug Bounty: The Evolution of Pentesting to Crowdsourced Security – Cypress Room2015 saw unprecedented participation in crowdsourced security programs, as big technology vendors like Google, Facebook and Tesla embraced bug bounty programs. Across the board, bug bounties saw a sharp rise in both popularity and accessibility. This session will outline the findings from a four year report observing these trends.
Leif Dreizler, Senior Security Engineer, Bugcrowd
Firewalls, Botnets, Intrusion Detection: Security at the FBIThe FBI doesn't just investigate major cyberattacks on behalf of U.S. businesses - it's on the business end of those attacks itself more often than you might think. FBI CISO Arlette Hart must balance the need to keep the FBI's work under wraps while unlocking the flexibility and cost-savings that modern cloud services provide, and that's not an easy job.
Arlette Hart, CISO, FBI
Aarti Shahani, Technology Reporter, NPR
Spotlight on Verodin
Christopher Key, CEO & Co-Founder, Verodin
Securing the Future of Workplace CollaborationSlack, the hottest workplace collaboration app on the market is also likely to be one of the hottest targets for hackers over the next few years. How do you keep a unicorn -- and its fast-growing customer base -- safe?
Geoff Belknap, CSO, Slack
Seth Rosenblatt, Editor, The Parallax
Defining What It Means To Be TrustedLots of hardware and security vendors like to talk about a "trusted computing base," but what do they really mean? Taking a page from other successful industry standard-setting processes, Marc Canel of ARM, Alex Gantman of Qualcomm, and Steve Grobman of Intel Security will discuss why the security industry needs to settle on a definition of what it means to have trusted hardware.
Marc Canel, VP, Security Systems and Strategy, ARM
Alex Gantman, VP, Product Service Engineering, Qualcomm
Steve Grobman, CTO, Intel Security
Special Announcement – Wandera
To Secure It, Open It UpJust as open-source software revolutionized enterprise software and allowed hundreds of startups to thrive, so too will open-source security products allow businesses to get best-in-class security without breaking the bank. A panel of Silicon Valley's finest engineers will discuss the inevitability of open-source security.
Nick Anderson, Security Engineer, Facebook
Hudson Thrift, Security Operations Lead, Uber
Leigh Honeywell, Security Response Manager, Slack
Prima Virani, Security Engineer, Pandora
Robert McMillan, Reporter, The Wall Street Journal
Closing Day One
3:55 PM - 5:30
Day 2 - Wednesday, September 28
Registration and Breakfast
Opening Day Two
Why Outside Feedback Makes Your Engineering Team StrongerWhat happens to engineers the first time some random kid 8,000 miles away hacks their stuff as a part of their bug bounty? Casey Ellis, founder of Bugcrowd, will talk about why it makes sense to outsource the creation of the "oh shit" moment, and watch your engineering team become a blue team.
Casey Ellis, Founder and CEO, Bugcrowd
John Stauffacher, Security Advisor, Caffeinated Networks
IT + OT: The Key to Securing the Industrial IoTAs the Industrial Internet expands, so too will the number of vulnerabilities within critical infrastructure. Join Wurldtech VP of Engineering Tom Le for a discussion on the convergence of IT and OT security and learn how you can combine the two disciplines to better protect data, information and assets at every level within your Industrial IoT stack.
Tom Le, Executive Director of Cyber, GE Digital Wurldtech
To Map Your Virtualized Network, Test, Test, TestAs the internet of things and the increasing use of virtualization start putting demands on our core internet infrastructure the likes of which we've never seen, keeping these vital links secure becomes even more important. Ixia provides security services to some of the most widely used communication networks in the world, and CEO Bethany Mayer will explain the types of threats those customers are facing.
Bethany Mayer, President and CEO, Ixia
Spotlight on Twistlock
Ben Bernstein, CEO, Twistlock
Funding The Future Of Security InnovationIn this session, a panel of venture capitalists will discuss which areas of security are ripe for new thinking from scrappy startups, and the opportunities that smart founders are chasing right now.
Asheem Chandna, Partner, Greylock Partners
Alex Doll, Founder and Managing Member, Ten Eleven Venture
Theresia Gouw, Co-Founder and Managing Partner, Aspect Ventures
Charles Beeler, General Partner, Rally Ventures
Structure Talk: Level 3 Communications – Enterprise Security Trends, Challenges and Solutions – Main StageIncreasing enterprise adoption of cloud-based systems & applications have enabled a significant boom in organizational efficiency, streamlined collaborative access to critical information and reduced in-house IT expenditure. However, distributed information systems are substantially more challenging to secure, highlighting the increasing vulnerability of critical enterprise information amid today’s dynamic threat landscape
Michael Renshaw, Senior Director, Security, Level 3 Communications
Structure Talk: Wandera – Cheap Wi-Fi Hacks & IoT Attacks: How to Cash in and Win Using Small Chips – Cypress RoomBig things come in small packages. Believe it or not, hackers can now insert tiny IoT chips into USB chargers to capture your personal data. Interested in learning more? Join us.
Dan Cuddeford, Director of Sales Engineering, Wandera
Android's Balance Between Openness and SecurityThe Google engineers who built Android at some point made a decision to forgo the lock-down strategy Apple applied to iOS in order to make the mobile operating system more customizable and flexible. Over a billion active users later, how's that working out? Don't miss this session on the current and future state of Android security.
Adrian Ludwig, Android Security, Google
Dylan Tweney, Founder and President, Tweney Media
Preparing For The Security Tsunami of the Internet of ThingsAs billions of devices come online, new security models will have to be developed. Scott Montgomery of Intel will walk us through some promising candidates for securing the internet of things.
Scott A. Montgomery, VP and Chief Technical Strategist, Intel Security
Security in an Innovation CultureAtlassian’s security team doesn’t do sign-offs or checkpoints before software goes out the door. It launches top secret end-to-end attacks against its own Executive Team and staff, without informing its monitoring teams. It believes “people are still the best detectives,” (rather than technology), and has found that their ability to detect what may be amiss improves the more security scenarios they experience. “Pre-built” communications are at the ready for specific types of threats. From creating a fake Atlassian website that sought to have end users install a remote access tool to sending out an email, purportedly from the Chief People Officer, that included people’s performance ratings, the security group is continually creating innovative scenarios to test weaknesses in incident reporting, user education and its own intelligence capabilities, among other things, using those results to close the gaps. What other lessons can you apply to your own organization?
Craig Davies, Head of Security, Atlassian
Jeff Roberts, Reporter, Fortune
Are The Demands On High-Profile Product Development Teams Making Us Less Secure?The breakneck pace of modern technology development coupled with the pressures of high-profile tech product development groups often forces companies to ship first and ask questions later. That can be problematic. Is the current state of cybersecurity the fault of the broader technology industry?
Bob Lord, CISO, Yahoo
The Once And Future Password: Should We Perfect It, Or Find Something New?Managing modern passwords for home and work is complicated even if you're one of the few who use password management software. But even those systems have flaws: are there realistic solutions for replacing passwords?
Jessy Irwin, Security Evangelist , 1Password
Stacy Stubblefield, Co-founder and VP of Product Strategy, TeleSign
Biz Carson, Reporter, Business Insider
Lunch Break Sponsored By IntSights Cyber Intelligence
Structure Talk: Darktrace – The Machine Fights Back: Self-Defending Networks Are Here – Main StageCyber defense has become an arms race. Automated attacks that use artificial intelligence to hide inside networks and emulate user behaviors are difficult to spot. This session will examine how threats like ransomware are caught and discuss the future of information security – self-defending systems based on unsupervised machine learning.
Nicole Eagan, CEO, Darktrace
Structure Talk: Trusted Computing Group – A Short Introduction to TPMs For Security in the Container World – Cypress RoomTrusting your containers requires trust in the systems your containers run on. Trusted computing makes it possible for computers to prove what they’ve booted, making it practical for clusters to verify that systems haven’t been compromised. See how Trusted Computing is extended to individual containers beyond boot security.
Matthew Garrett, Principal Security Software Engineer , CoreOS
To Discover The Future, Understand The PresentWhen the some of the world's largest companies are coming to you for security advice, you learn a lot about what buyers really want, what security vendors really want to sell, and where those two come together. Dan Burns, CEO of Optiv, understands the modern security market from a very compelling vantage point.
Dan Burns, CEO, Optiv
Robert Hackett, Reporter, Fortune Magazine
Identity Management: They Are Who We Thought They WereIn a world of distributed cloud applications, managing employee identity is a huge issue for many corporations. Okta thinks it has found the answer, and it's raised over $200 million to beat legacy players to the punch.
Todd McKinnon, Co-Founder and CEO, Okta
Networking SecuritySecurity is an issue through every part of the internet, including the most fundamental part: the backbone networks that carry data around the world. A panel of experts on networking security will discuss the current threat landscape and ways that our networking providers are help keeping our data safe.
Bugs In The Cloud: Why Finding Security Holes In Cloud Applications Is Everyone's JobSoftware bugs that compromise security are probably inevitable (for now), so finding them quickly and understanding how to plug the hole has never been more important in a fast-moving world. This is especially true for cloud-based applications, as veteran CEO Marten Mickos knows so well.
Marten Mickos, CEO, HackerOne
Seth Rosenblatt, Editor, The Parallax
How Virtualization Could Transform SecurityCan virtualization technology help companies get a better return on their security investment by closing the architectural gap between application data and infrastructure? VMware thinks security should be something that's built into your development process, rather than bolted on later.
Tom Corn, SVP, Security Products, VMware
Why Your Greatest Asset Is Your Weakest LinkPeople are the most valuable part of your organization -- and they are a huge security risk as well. While education and training are important, so too are other ways of saving people from themselves, which Area1 Security founder and CEO Oren Falkowitz will discuss in this session.
Oren Falkowitz, CEO, Area 1 Security
Jeff Roberts, Reporter, Fortune
Containing Containers: Security In The Post-VM WorldContainer-based software development trends are the talk of the cloud computing consortium, and security remains one of the biggest issues for those consider adopting containers in their organizations. CoreOS CEO Alex Polvi will explain how container security works, and why it's so important.
Alex Polvi, CEO, CoreOS
Kevin McLaughlin, Reporter, The Information