Jump to

Day One
Day Two

Tuesday, September 26


8:00am

Registration and Breakfast

9:05am

Opening Remarks

Host:
Diana Kelley, Chief Security Advisor, SecurityCurve

9:10am

Next Generation Infrastructure and Preventing Next Generation Attacks

John Morello is a former F500 CISO turned CTO and Enterprise Information guardian. In this talk John looks at the next generation of infrastructure that is all the rage in cloud: Microservices, SaaS delivery, Containers, Kubernetes and the big ones.... Artificial Intelligence and the Internet of Things. While the F500 are readily looking to adapt these technologies, the brightest and worst of the dark world are pacing ahead to use these technologies to deliver attack strategies with unprecedented sophistication and speed? What should you be looking for? What is your defense plan when a threat vectors use AI? Join us to learn more.
Speaker:
John Morello
Chief Technology Officer, Twistlock

9:30am

The Cybersecurity Landscape

Speaker:
Patrick Morley
President & CEO, Carbon Black
Moderated By:
AJ Dellinger, Technology Reporter, International Business Times/Newsweek

9:50am

Android's Balance Between Openness and Security

The Google engineers who built Android at some point made a decision to forgo the lock-down strategy Apple applied to iOS in order to make the mobile operating system more customizable and flexible. Over a billion active users later, how's that working out? Don't miss this session on the current and future state of Android security.
Speaker:
Adrian Ludwig
Android Security, Google
Moderated By:
Jonathan Vanian, Writer, Fortune

10:10am

Warning: What You Need to Know About the Security Workforce Crisis

Organizations of all types and sizes are facing constantly increasing cybersecurity threats, from phishing to ransomware. Security operations are working overtime to defend their data and mitigate the increasing risks of our connected world. Is the lack of trained security personnel the biggest vulnerability?
Speaker:
Candace Worley
Vice President and Chief Technical Strategist, McAfee
Moderated By:
Seth Rosenblatt, Editor, The Parallax

10:30am

Morning Networking Break

10:45

Validate Your Security is Working and You’re Getting Value

Apply strategies to continuously validate your security controls across endpoint, network and cloud. Through various use cases and live attack demonstrations, develop your own security control validation and configuration assurance strategy that is automated and scalable. Prove your security effectiveness and realize max value from your security investments.
Speaker:
Brian Contos
CISO & Chief Security Strategist, Verodin

11:30

Insights from a Major Breach - What does a CISO do?

Bob shares with us practical insights from his career, once arriving at a company that revealed a major breach just as he sat at his new desk for the first time. Learn how CISOs prepare for the inevitable. Which strategies during and after a breach work and which ones don't? Getting the company prepared, including the board and hear his experience working with law enforcement. This is a real-life spy story, hear details when much of the news got drowned out by Russia-related news.
Speaker:
Bob Lord
CISO, Independant
Moderated By:
Seth Rosenblatt, Editor, The Parallax

11:50am

Why High Velocity of Change is the Only Way to Keep Things Secure

Learn how Uber thinks about connected car security.
Speaker:
Moderated By:
Aarti Shahani, Technology Reporter, NPR

12:10pm

Securing One of the World's Most Valuable Companies

At GE, Nasrin is responsible for all aspects of cyber security strategy and operations for GE products and enterprise, including incident response, threat intelligence, security services, architecture, commercial OT security, and regulatory & compliance. In this session, hear what's keeping her up at night.
Speaker:
Nasrin Rezai
Global Chief Information & Product Security Officer, GE
Moderated By:
Stacey Higginbotham, Editor, SKT Labs

12:30pm

New Startup Company Launch

There are lots of startups launching in the security space but few as promising as Manish Gupta's stealth startup. Be here to learn about this new company firsthand.
Speaker:
Manish Gupta
Co-founder & CEO, ShiftLeft

12:35pm

Securing the Internet of Things in all its Glory

While consumers rejoice in today’s IoT world where every device is connected - from refrigerators to medical devices and cars - for businesses, the “Internet of Things” can quickly turn into the “Internet of Threats.” IoT security has become an issue of high concern at the government level, but what measures can a business take to prevent security breaches at the device level before disaster strikes?
Speakers:
Pritesh Parekh
Chief Security Officer, Zuora

Adam Ely
Vice President and Deputy CISO, Walmart

Kevin Walker
Security CTSO, Engineering, Juniper
Moderated By:
Stacey Higginbotham, Editor, SKT Labs

12:55pm

Lunch Break

1:55pm

Bring the Fight Back to Your Security Team

A record breaking four billion personal records were stolen by hackers in 2016, with no signs of stopping. While the parade of headlines indicates we’re losing this war, it’s time to turn the tides on attackers and gain control. An equal balance between people, processes and technology is the secret to success, though each category comes with its own set of challenges and intricacies. Learn how the best minds in the industry and government are combatting bad actors through training and recruitment of new talent, using behavior analytics and AI to hunt for emerging threats, and implementing policies and processes that are most impactful. This panel of private industry and FBI cyber veterans has a unique perspective on tackling the evolving threats of today and the future.
Speakers:
Colin Estep
Chief Security Officer, Sift Security

Jason Truppi
Director of Endpoint Detection and Response, Tanium, Inc.

Sameer Bhalotra
CEO, StackRox
Moderated By:
Jesse Goldhammer, Associate Dean, UC Berkeley

2:15pm

Business Resilience Through Understanding Cyber Risk Properly

The old adage goes "You cannot manage what you cannot measure". Well for Cyber, lets try "Don't think about managing what you don't even understand". Blunt but true. Businesses has evolved since the Tulip bubble of the 1600's to learn to assess and manage complex risk as part of the business process. In the last 5 years we have seen the shift of Cyber security from IT Depts as a technical function to one of operational risk mitigation to the board level. But there is a fundamental flaw in our F500 boardrooms as recent high profile news events have demonstrated - our executives still do not understand the risk of cyber, how to asses possible risk and more importantly how to plan for the *business risk* of cyber let alone respond with resilience. In this talk, we have the Global Business lead for McKinsey share some insights into how we corporate America can learn to understand Cyber risk properly.
Speaker:
Dayne Myers
Solution Leader, Cyber Solutions, McKinsey
Moderated By:
Mahendra Ramsinghani, Founder, Secure Octane

2:35pm

Hacking the Wetware: How One Noob Compromised a Cybersecurity Company with Social Engineering

Social Engineering (SE) is one of the most severe threats to security and privacy because anyone can do it - even a noob. This talk outlines real-world SE examples, and seemingly innocuous information that could compromise a company. Learn the methods SEs use to mine data and exploit behavior to own targets, and how women are uniquely skilled as SEs - from a 2016 DEFCON SE Capture the Flag winner.
Speaker:
Rachel Tobac
Social Engineering Capture the Flag (SECTF) 2nd Place Winner, DEF CON 24

2:45pm

How Virtualization Could Transform Security

Can virtualization technology help companies get a better return on their security investment by closing the architectural gap between application data and infrastructure? VMware thinks security should be something that's built into your development process, rather than bolted on later.
Speaker:
Tom Corn
SVP, Security Products, VMware
Moderated By:
Jonathan Vanian, Writer, Fortune

3:05pm

AI-based Autonomous Response: Are Humans Ready?

Cyber security is quickly becoming an arms race — machines fighting machines on the battleground of corporate networks. Algorithms against algorithms. Artificial intelligence-based cyber defense can not only detect threats as they emerge but also autonomously respond to attacks in real time. As the shortage of trained cyber analysts worsens, the future of security seems to be automatic. But are humans ready to accept the actions machines would take to neutralize threats? In this presentation, Nicole discusses lessons learned and explores several use-cases in which autonomous response technology augmented human security teams.
Speaker:
Nicole Eagan
CEO, Darktrace
Moderated By:
Blair Frank, Staff Writer, VentureBeat

3:20pm

Widespread Targeted Attacks: the Dawn of a New Era

In the world of information security, the attackers’ advantage is getting ever-stronger. Companies and other organizations have growing attack surfaces (driven largely by device proliferation, including the internet of things, mobility, automation and artificial intelligence, and infrastructure as a service), while the barriers to entry to creating and deploying sophisticated cyber weapons continue to fall.
Speaker:
Nathaniel Fick
CEO, Endgame
Moderated By:
Hannah Kuchler, San Francisco Correspondent, Financial Times

3:35pm

Security at the Point of the Spear

Rapid change is happening in every sector of the technology industry. The security industry is not the exception to the rule, it is the poster child for the rule. In the enterprises of today and tomorrow, security professionals have to secure and audit a mix of hosted servers, BYOD systems and cloud based applications. Many individuals are tasked with securing systems. The details of putting the pieces together as well generating the reports and metrics to effectively monitor and assess security is often lacking. This talk analyzes the evolving strategy and tools that security leaders utilize at various prominent Silicon Valley/Bay Area companies to orchestrate as well as automate their security solutions.
Speaker:
Jimmy Sanders
Information Security, Netflix DVD
Moderated By:
Demetrios "Laz" Lazarikos, Founder, CEO and Thought Leader, Blue Lava

3:50pm

Bugs In The Cloud: Why Finding Security Holes In Cloud Applications Is Everyone's Job

Software bugs that compromise security are probably inevitable (for now), so finding them quickly and understanding how to plug the hole has never been more important in a fast-moving world. This is especially true for cloud-based applications, as veteran CEO Marten Mickos knows so well.
Speaker:
Marten Mickos
CEO, HackerOne
Moderated By:
Stacey Higginbotham, Editor, SKT Labs

4:05pm

Closing Remarks

Host:
Diana Kelley, Chief Security Advisor, SecurityCurve

4:10pm

Networking Reception

Wednesday, September 27


8:30am

Registration and Breakfast

8:50am

Opening Remarks

Host:
Diana Kelley, Chief Security Advisor, SecurityCurve

8:55am

Help Wanted: The Coming Security Skills Gap

There is a scary shortage of qualified information security professionals - a 1 million-person gap in jobs available to cybersecurity experts and the people available to fill them, according to Structure Security adviser Jay Leek of Blackstone. How will CISOs plan for this shortage?
Speaker:
Patrick Heim
Operating Partner & CISO, ClearSky
Moderated By:
Sean Martin, Editor-in-Chief, ITSPmagazine

9:15am

Breach and Attack Simulation- Making Threat Actors Work For You

Speakers:
Ayal Yogev
VP Product Management, SafeBreach

Glen Jones
Senior Director, Visa Risk Products, Visa
Moderated By:
Joe Franscella, Contributing Writer, DevOps.com

9:35am

Automating Application Security

Speakers:
Mike Kail
Chief Technology Officer, Cybric

Caroline Wong
Vice President of Security Strategy, Cobalt

John Morello
Chief Technology Officer, Twistlock
Moderated By:
AJ Dellinger, Technology Reporter, International Business Times/Newsweek

10:00am

Corelight: Enterprise grade solutions from the creators of Bro

Corelight co-founder Vern Paxson created Bro in 1995 to monitor large academic networks. For over 20 years it’s been used by the intelligence community, the defense department, nuclear weapons labs, and research universities but has gone largely undiscovered by enterprises. Until now. Learn how Corelight can bring rich and actionable network data to your security team to help understand and prevent cyber attacks.
Speaker:
Vincent Stoffer
Director of Customer Solutions, Corelight

10:10am

Security across AT&Ts massive networks

Learn how Melissa Arnoldi is defining and executing on AT&Ts technology development strategy goals of delivering projects faster, re-architecting apps to platforms, and imbedding security and resiliency into software platforms infrastructure and operations.
Speaker:
Melissa Arnoldi
Senior Executive Vice President, AT&T Technology and Operations, AT&T
Moderated By:
Stacey Higginbotham, Editor, SKT Labs

10:30am

Morning Networking Break

10:45am

Enabling Threat Hunting

Modern security teams must bring together the people, process and technology to enable Threat Hunting. Detect and Alert strategies need to be revamped to shift from reactive forms of incident response to proactive threat hunting. Join Carbon Black as you learn how to enable your hunt.
Speaker:
Rick McElroy
Security Strategist, Carbon Black

10:45am

Shift Left to Fuel Innovation

Business transformation initiatives are speeding development and distributing applications to the cloud. Mike Kail will discuss strategies to integrate and automate code and application security across development for faster application delivery. The session will discuss tackling the cultural challenges between DevOps and Security and the right technology approach.
Speaker:
Mike Kail
CTO, Cybric

11:30am

Opacity to Clarity: Driving Security Across Your Third Party Ecosystem

Digitization is invading all aspects of business, government and daily living. Now more than ever, security must be addressed pervasively--we must know who is touching, viewing or altering our digital devices and information.
Speaker:
Edna Conway
Chief Security Officer, Global Value Chain, Cisco
Moderated By:
Jonathan Vanian, Writer, Fortune

11:50am

Funding The Future Of Security Innovation

In this session, a panel of venture capitalists will discuss which areas of security are ripe for new thinking from scrappy startups, and the opportunities that smart founders are chasing right now.
Speakers:
Asheem Chandna
Partner, Greylock Partners

Charles Beeler
General Partner, Rally Ventures

Alex Doll
Founder and Managing Member, Ten Eleven Ventures

Yoav Andrew Leitersdorf
Managing Partner, YL Ventures
Moderated By:
AJ Dellinger, Technology Reporter, International Business Times/Newsweek

12:10

Why AI has a leg up on IoT security

The stronger the systems of defense become, the harder nefarious attackers work to find a way into a system. In this continuous race to stay ahead of attacks and protect connected devices a full system approach to security is needed. Unlike IoT where security holes are everywhere, with the AI boom on the near horizon it is an opportunity to prevent rather than respond to threats. We will discuss trade offs on integrating security from the earliest building blocks in a device through the hardware, connectivity and to the cloud.
Speaker:
Marc Canel
VP, Security Systems and Strategy, ARM
Moderated By:
Stacey Higginbotham, Editor, SKT Labs

12:30

Why Outside Feedback Makes Your Engineering Team Stronger

What happens to engineers the first time some random kid 8,000 miles away hacks their stuff as a part of their bug bounty? Ashish Gupta, CEO of Bugcrowd, will talk about why it makes sense to outsource the creation of the "oh shit" moment, and watch your engineering team become a blue team.
Speaker:
Ashish Gupta
CEO, Bugcrowd
Moderated By:
Dino Boukouris, Director & Founding Member, Momentum Partners

12:45pm

The Evolution of the CISO

Learn why today's CISOs are increasingly adopting a risk-based approach to security.
Speaker:
David Mahon
VP & Chief Security Officer, CenturyLink, Inc.
Moderated By:
Jonathan Vanian, Writer, Fortune

1:00pm

Lunch Break

2:00pm

Steps Government Officials Must Take to Protect Their Agencies

This talk will focus on securing the government cloud, and steps government officials must take to protect their agencies. What many government network defenders have forgotten is that security in a cloud environment is a shared responsibility. The cloud provider secures the internet and physical infrastructure, but the cloud customer is responsible for protecting its own data. FedRAMP and third-party certifications assure that the cloud provider is doing its part, but it’s up to customers to ensure they're working to prevent, detect and respond to cyber adversaries during the attack lifecycle.
Speaker:
John Davis
Federal CSO, Palo Alto Networks
Moderated By:
Sean Martin, Editor-in-Chief, ITSPmagazine

2:20pm

Are You More Secure in the Cloud?

Speaker:
Rob Sadowski
Trust & Security Marketing Lead, Google Cloud
Moderated By:
Jim Daly, Contributing Writer/Editor, Conde Nast

2:40pm

The Problem in Enterprise Security

The problem in enterprise security is not about building more and better mousetraps. The delivery model is fundamentally challenged. How security is trialed, purchased, distributed, managed, and updated is ineffective in today’s threat environment involving millions of data points, and far too burdensome on security teams.
Speaker:
Scott Chasin
CEO and Co-Founder, ProtectWise
Moderated By:
AJ Dellinger, Technology Reporter, International Business Times/Newsweek

3:00pm

Building a Successful Agile InfoSec Program for Today’s Digital Business

Three time veteran CISO Demetrios Lazarikos (Laz) will present InfoSec strategies that are working with organizations interested in growing their programs to support Continuous Integration and Agile environments while protecting the company brand and adopting emerging technologies. Laz’ experience in these areas have been recognized globally by his peers and industry analysts. During this session, Laz will share successful strategies with you providing real world case studies and approaches that are embraced by practitioners and regulators. Laz will also share materials and data that work in creating meaningful dashboards and metrics to use for reporting to the board of directors, executive staff, and engineering teams.
Speaker:
Demetrios "Laz" Lazarikos
Founder, CEO and Thought Leader, Blue Lava
Moderated By:
Sean Martin, Editor-in-Chief, ITSPmagazine

3:20pm

Is AI/Machine Learning Eating Cyber Security?

Machine learning has percolated into the cyber security industry in recent times. In this session we discuss why this is occurring in cyber and explore ideas, opportunities and challenges.
Speaker:
Rahul Kashyap
SVP, Chief Product Officer, Cylance
Moderated By:
William Lin, Vice President & Founding Investor, Trident Capital Cybersecurity

3:40pm

Taking Care of Business: How to focus on the foundations of cyber without losing traction in emerging technologies

Speaker:
Diana Kelley
Chief Security Advisor, SecurityCurve

3:55pm

Closing Remarks

Host:
Diana Kelley, Chief Security Advisor, SecurityCurve