Sandra Toms LaPedis. Area Vice President and General Manager of RSA Conference, is responsible for the global promotion and successful execution for the conference, which includes content, strategy, logistics, industry relations, brand extensions and partnerships.
Download <8:32>
Herbert “Hugh” Thompson, Ph.D, Chief Security Strategist, People Security
Abstract: Internet security guru and author Dr. Herbert "Hugh" Thompson has seen it all - hacked voting machines, airline computer insecurities, e-commerce vulnerabilities and cell phone exploits. For the fourth year running, Thompson brings a lifetime of security expertise and a wide-eyed enthusiasm to "The Hugh Thompson Show" at this year's RSA Conference. Become part of the action as Thompson takes center stage, interviewing some very special. His guests this year include Craig Newmark, founder and customer service rep, craigslist, Bob Sullivan, Technology Writer, MSNBC.com, and Steve Wozniak, Co-Founder, Apple Computer, Inc. and Chief Scientist, Fusion-io
Herbert (Hugh) Thompson is Chief Security Strategist at People Security and a world-renown expert on application security. He has co-authored several books on the topic and has written more than 80 academic and industrial publications on security. In 2006, he was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine and was featured (along with Harri Hursti) in "Hacking Democracy", the Emmy-nominated HBO documentary on e-voting vulnerabilities. He is also an adjunct professor at Columbia University in New York where he teaches courses on computer security.
Download <11:10>
Francis de Souza, Senior Vice President, Enterprise Security Group, Symantec
Sponsor Case Studies track
Abstract: Protecting information is more complex than ever. The professionalism of today's targeted attacks is complicated by the actions of internal employees - malicious or well meaning. The result is the need for a well structured IT security strategy that enables customers to protect their information. This session will explore the causes of data breach and how to prevent the loss of critical information.
Francis deSouza is Senior Vice President of the Enterprise Security Group at Symantec. He leads engineering, product management, field enablement, business development, and operations. deSouza joined Symantec through the company’s acquisition of IMlogic in February 2006. At IMlogic, he was Founder and Chief Executive Officer, building the company into a recognized leader in the rapidly growing market for instant messaging security.
Download <9:35>
Dave Hansen, Corporate Senior Vice President and General Manager, CA Security Business Unit
Keynote Session
Abstract: Cloud computing and collaboration technologies are changing the way we communicate and do business. As technology changes, security must also evolve. Cloud computing and collaboration technologies give us an opportunity to create a more secure environment based on strong identities, data privacy and compliance management. Join Dave Hansen, General Manager of CA’s Security Business Unit, to discuss how to embrace collaboration tools and the cloud to create a safe and secure environment.
Dave Hansen is Corporate SVP and GM of CA’s Security and Compliance Business Unit. In this role he is charged with growing CA’s security, information governance, and IT governance, risk and compliance business. He and his team help deliver the products, services and partnerships required to meet customer needs for strategic, enterprise level security, risk and compliance management. Previously, Dave was CA’s CIO and was responsible for global IT strategy, applications development and the global CA infrastructure, IT compliance and CA’s international IT organization.
Download <6:20>
National Cyber Security Alliance mission is to empower and support digital citizens to use the Internet securely and safely, protecting themselves and the cyber infrastructure.
On a regular basis, the NCSA presents a K-12 Baseline Study that looks the state of cyberethics, cybersafety, and cybersecurity training in our nation's schools. This week, the National Cyber Security Alliance released its 2010 study.
Read more details from NCSA's site.
Michael Kaiser joined the National Cyber Security Alliance as its Executive Director in 2008. As NCSA’s chief executive, Mr. Kaiser engages diverse constituencies—business, government, other non-profit organizations—in NCSA’s broad public education and outreach efforts to strengthen the nation’s cyber infrastructure, including leadership of NCSA’s premier outreach and awareness campaign, National Cyber Security Awareness Month. NCSA builds efforts through public private partnerships that address cyber security issues for home users (parents and children), K-12 and higher education, and small business.
Download <8:18>
Phil Dunkelberger, President & CEO, PGP Corporation
Keynote
Abstract: Cloud based services have changed the IT landscape and attackers are paying attention. Multi-tenant architectures housing data from multiple sources make clouds attractive targets. Even though they've been around, cloud architectures have not yet been subjected to rigorous peer review from the security community. Providers are building platforms on proprietary technologies, leaving customers unable to independently assess the security posture. This session will look at the evolution of cloud computing and evaluate what needs to be done to ensure its security and survival.
Phil Dunkelberger is the President and CEO of PGP Corporation. Previous positions include CEO of PGP Inc., the original PGP startup, VP of Sales at Symantec, COO of Vantive Corp. and CEO of Embark. Mr. Dunkelberger also serves as the Chairman of TechAmerica's Cybersecurity CxO Council and on the TechNet CEO Cybersecurity Task Force. Dunkelberger has a BA in Political Science from Westmont College.
Download <6:25>
James Christiansen Chief Information Security Officer, Evantix
Jim Anderson, Executive Consultant, Emagiend Security LLC
Professional Development track
Abstract: Many a talented CISO has wilted before the fire of the budget cycle, frustrated for lack of a persuasive business case. We will look at key ingredients of a business case for any element of info security within a large enterprise. The objections will be flushed out and neutralized, the needed alliances will be forged, and success will be in your sights. Attendees will leave with a template they will find useful as they craft business cases for the key elements of their info security programs.
Prior to joining Evantix, James Christiansen was CISO for Experian Americas. James had the overall responsibility for information security. James joined Experian after serving as CISO for General Motors where his responsibilities included worldwide implementation of security plan for the largest financial (GMAC) and the largest manufacturing corporation in the world. Prior to joining GM he was SVP of Information Security for Visa International, responsible for their worldwide information security program.
James M. Anderson’s 30+ year career focuses on leading edge information risk management issues. Anderson is Executive Consultant for Emagined Security, Inc., where he has served clients such as Visa, Chevron, Elan Pharmaceuticals, Experian and many others. Anderson has served as VP, Global Info Security Svcs for Visa and CISO for Lexis-Nexis. Anderson served as VP Info Security Engineering for Morgan Stanley. He is a CISSP, CISM and CGEIT with an MBA from the Univ. of Chicago.
Download <18:36>
Matthew Gardiner, Director of Product Marketing, CA Inc.
Business of Security Track
Abstract: Traditionally the only organizations that have directly made money in the security market are vendors of various security products and providers of services. The buyers of security have used it primarily to mitigate risk, reduce costs, and ease regulatory compliance, but not to capture new revenue. However, times are changing. This session will review the emerging security enabled new business opportunities as well as discuss why they might and might not flourish.
Matthew Gardiner is a Director of Product Marketing at CA and is a recognized industry leader in the security management, IAM, and cloud security markets. He is published, blogs, and is interviewed regularly in leading industry media on a wide range of security-related topics. Mr Gardiner is a member of the Liberty Alliance and the Kantara Initiative Board of Trustees. Mr. Gardiner has a BSEE from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management.
Download <6:49>
Dawn Cappelli, Technical Manager, Threat and Incident Management, CERT
Randy Trzeciak, Senior Member of the Technical Staff, Carnegie Mellon University
Governance, Risk and Compliance Track
Abstract: With more logging and monitoring tools available, detecting illicit insider activity should be easy. However, most insiders commit fraud, theft, IT sabotage, or espionage using authorized access and performing the same online actions that they perform every day, making it difficult to identify malicious activity. This session will present practical strategies to configure and implement tools based on eight years of research, hundreds of cases, insider threat assessments, and workshops.
Dawn Cappelli is Technical Manager of CERT’s Threat and Incident Management team at Carnegie Mellon’s Software Engineering Institute. Her team assists organizations in improving their security posture and incident response capability by researching threat areas; developing assessment methods; and providing information for preventing, detecting, and responding to illicit activity. Before joining CMU in 1988 she worked for Westinghouse as a software engineer developing nuclear power systems.
Randy Trzeciak is a senior member of the technical staff at CERT and Insider Threat Team Lead, focusing on threat analysis and modeling; assessments and training. He has 19 years experience in software engineering, database design / development, project management and information security. He is an adjunct professor at Carnegie Mellon’s Heinz College, and holds a MS in Management from the University of Maryland, a BS in Management Information Systems and a BA in Business Administration.
View the Presentation <8:23>
Shannon Kellogg, Director, Government Relations, EMC Corporation
Policy & Government Track
Abstract: This session will feature senior security experts and professionals and focus on major proposed, or recently passed, legislation in the U.S. that can impact government and industry in multiple ways. Importantly, the session won’t just focus on what approaches and proposals are out there in the legislation, but will also debate some of the possible outcomes of such legislation and how the various proposals and new laws could impact your work as a security professional.
Download <6:43>
Arthur Coviello, Jr
Executive Vice President, EMC Corporation & President, RSA, The Security Division of EMC
Keynote Session
Chris Young, Senior Vice President, RSA, The Security Division of EMC discusses Art Coviello's keynote address for RSA Conference 2010.
Organizations are firmly on the path to cloud computing and will not be deterred by the compounded challenges of compliance, data protection and risk management in virtual environments. Small businesses and multi-nationals, local governments and sophisticated agencies are relying on this industry to not only deliver security services through the cloud but to ensure levels of protection in the cloud that meet and surpass that of physical environments. Collectively, we’ve got what it takes. Game on.
Arthur Coviello, Jr
Executive Vice President, EMC Corporation & President, RSA, The Security Division of EMC
Art Coviello is responsible for RSA’s strategy and day-to-day operations as it delivers EMC’s global vision of information-centric security. He joined RSA Security Inc. as CEO in 1995 growing revenue from $25 million in 1995 to more than half a billion when acquired by EMC. A recognized industry leader,
Mr. Coviello plays a key role in several national cyber-security initiatives. Mr. Coviello also serves on the Board of Directors of Crossbeam Systems and EnerNOC.
Chris Young
As Senior Vice President at RSA, The Security Division of EMC, Mr. Young is responsible for strategy, products, engineering and delivery across all of RSA's Identity and Access Assurance, Security Information and Event Management, and Data Security solutions.
As a leading expert in topics related to information-centric security, Mr. Young has spoken at numerous industry events including FORTUNE Brainstorm: TECH, Gartner IT Security Summit, Burton Catalyst, RSA Conference (U.S., Europe and Japan), BITS Authentication Forum, Digital ID World, and others. Prior to joining RSA, Mr. Young was vice president of safety and security premium services for America Online, Inc. (AOL). While at AOL, Mr. Young launched and managed several services including AOL Passcode and McAfee VirusScan Online - some of the most successful premium offerings in AOL's history.
Download <8:16>
Mischel Kwon, VP of Public Sector Security Solutions, RSA, The Security Division of EMC
Governance, Risk & Compliance Track
Abstract: Has your security effort become more talk, less technical? Is your organization drowning in security control audit? Are your architecture and lifecycle management strategies dictated by compliance instead of defense? Is your audit clean, yet your system is compromised? This panel will address the balance of security controls and compliance with real technical security.
Mischel Kwon is responsible for leading RSA's Security Consulting Services practice. While focusing on the public sector, she also will provide private sector customers and global organizations strategic, technical and policy assistance in building, defending, identifying, and remediating their critical infrastructures against cyber threats, attacks and vulnerabilities. Prior to joining RSA, Kwon was the Director for the United States Computer Emergency Readiness Team (US-CERT).
Download <6:22>
Bryan Sullivan- Senior Security Program Manager, Microsoft Corporation
Katie Moussouris- Senior Security Strategist, Microsoft Corporation
Applications and Development Track
Tools are an integral piece of any successful security program, especially Microsoft’s SDL. The SDL requires the use of tools not only to find vulnerabilities, but also to track them and prevent them from occurring in the first place. In this session, we will demonstrate some of the new SDL tools Microsoft has released over the last year and explore the SDL strategy for developing future game-changing security automation technology.
Bryan Sullivan is a Security Program Manager on the Security Development Lifecycle (SDL) team at Microsoft. He is a frequent speaker at industry events, including RSA Conference, Black Hat and BlueHat. Sullivan is also a published author on web application security topics. His first book, "Ajax Security" was published by Addison-Wesley in 2007.
Katie Moussouris is a Senior Security Strategist in the Security Development Lifecycle (SDL) team. Moussouris founded the Microsoft Vulnerability Research Program (MSVR), extending the focus of Microsoft’s security vulnerability research to third party software. Moussouris also founded the Symantec Vulnerability Research Program. Moussouris has been an application penetration tester, uncovering serious vulnerabilities before they could be widely exploited by hooligans and criminals for fun or profit.
View the Presentation <8:25>
Michael Kaiser, Executive Director, National Cyber Security Alliance, and Shannon Kellogg, the new NCSA Chairman, talk about plans for NCSA, a national public-private partnership to educate users on information security practices, for 2010. They also speak about their plans for RSA Conference 2010, March 1-5.
Michael Kaiser joined the National Cyber Security Alliance as its Executive Director in 2008. As NCSA’s chief executive, Mr. Kaiser engages diverse constituencies—business, government, other non-profit organizations—in NCSA’s broad public education and outreach efforts to strengthen the nation’s cyber infrastructure, including leadership of NCSA’s premier outreach and awareness campaign, National Cyber Security Awareness Month. NCSA builds efforts through public private partnerships that address cyber security issues for home users (parents and children), K-12 and higher education, and small business.
Shannon Kellogg is Director of Information Security Policy, Office of Government Relations at EMC Corporation. Prior to EMC's September 2006 acquisition of RSA Security, he was Director of Government & Industry Affairs at RSA. Shannon is Chairman of NCSA, an initiative that he helped to establish earlier this decade and has been a member of the Board of Directors since February 2004. He is also serving as Chairman of TechAmerica's Information Security Committee. Before joining EMC and RSA, Kellogg was the global Director of Information Security Policy at the Business Software Alliance, and also was Vice President of Information Security Policy & Programs at the Information Technology Association of America.
Download <9:38>
Andrew Jaquith, Senior Analyst, Forrester Research
Hot Topics Track
Abstract: Nearly everyone agrees the prospect of non-company-owned devices and software changes the security posture of their organizations, but responses vary: clamp down, tolerate on a case-by-case basis, or embrace. This panel will discuss why - and more importantly, how - "consumerized IT" need not be completely terrifying. Panelists will share experiences with their in-house programs, describe their revised security strategies, and offer practical tips on how to provide a secure work environment.
Andrew Jaquith serves Security & Risk professionals, covering client and data security topics including anti-malware, data leak prevention, encryption and mobile security. Prior to Forrester, he cofounded @stake, Inc., a security consulting pioneer. Jaquith is a top-rated RSA speaker whose research has been featured CIO, CSO, and the IEEE Journal of Security & Privacy. He is the author of the 2007 Addison-Wesley Professional book, "Security Metrics: Replacing Fear, Uncertainty and Doubt."
Download <8:03>
Jeff Bardin
VP, Chief Security Officer, ITSolutions
Research Revealed Track
A follow on to the highly rated (4.7) Jihad Me This from RSA 2009, Hacker, Cracker, Salafi, Spy examines Jihadi advances in the use of Web 2.0 technologies expanding to Facebook, Twitter, YouTube and other online media. How do we counter an enemy who uses our technologies and tools against us? How do we learn from their expert use of what we have created? Jihadis use our technology in their virtual tools using methods of deception. What are we doing to combat the expansion of this activity?
Jeff Bardin has held Top Secret clearances while working for the U.S. Government (USAF/NSA) and also served as an Armored Scout Platoon Leader. Bardin was awarded the 2007 RSA Conference award for Excellence in the Field of Security Practices. The Bardin-led security team from Hanover Insurance also won the 2007 SC Magazine Award for Best Security Team. He holds CISSP, CISM and NSA IAM certifications, a B.A. in Middle East Studies and Arabic Language and an M.S. in Information Assurance.
View Online | Download < 8:51 >
Al Zollar, General Manager, IBM Tivoli Software
Keynote Session
Abstract: On the smart planet - where important systems of the world become more instrumented and interconnected, it is the organizations that have learned to effectively manage security risk – that have endured and prospered. In this session Al Zollar, general manager IBM, will share a vision of the future of security on the Smart Planet, breakthroughs in security technology, and provide session participants a tool they can use to simplify the complexity of their work efforts. Please join him for “Welcome to the Decade of Smart Security”.
Al Zollar, general manager of IBM Tivoli Software, is responsible for the strategic direction and ongoing operations for the Tivoli brand, which manages today’s dynamic infrastructures, giving customers the ability to manage resources and risks, optimize human capital and manage service levels and business processes. Since joining IBM in 1977 as a systems engineer trainee, Al has held several high-level positions, including serving as general manager for eServer iSeries, Lotus and IBM's Network Computing Software Division.
Download <10:43>
Security demands on applications continue to grow. Today’s isolated application access silos create challenges for developers and IT to solve these issues. The advent of cloud-based and SOA software is likely to amplify these challenges. Learn how to use the interoperable claims architecture based on the Identity Metasystem vision to simplify user access to applications and services. Kim Cameron, Microsoft, updates his highly rated session from RSA Conference 2009.
Kim Cameron, Distinguished Engineer, Microsoft Corporation
Kim Cameron is Chief Architect of Identity in the Connected Systems Division at Microsoft, where he works on the evolution of Active Directory, Federation Services, Identity Lifecycle Manager, CardSpace and Microsoft's other Identity Metasystem products. Kim joined Microsoft in 1999 when it bought the ZOOMIT Corporation. As VP of Technology at ZOOMIT, he had invented metadirectory technology and built the first shipping product. Before that, he led ZOOMIT's development team in producing a range of SMTP, X.400, X.500, and PKI products. He grew up in Canada, attending King's College at Dalhousie University and Université de Montréal. He has won a number of industry awards, including Digital Identity World's Innovation Award (2005) and Network Computing's Top 25 Technology Drivers Award.
View the Webcast <50:41>
Mark Risher, Sr. Director of Product Management, Yahoo! Inc.
Hackers and Threats Track
Abstract: Like all Web-based email providers, Yahoo! must contend with attempts to use fraudulently-obtained accounts for abusive purposes. In this session, Yahoo!’s “Spam Czar”, Mark Risher, and its Director of Anti-Spam Engineering, Vish Ramarao, will discuss how the company used the Apache Hadoop grid computing platform to detect and mitigate these attacks, and provide stories of the intricate cat-and-mouse games played with these insidious spammers.
As Senior Director of Product Management for Yahoo! Mail, Mark Risher leads product development for the infrastructure, anti-spam, and delivery systems of the one of the world’s leading Web mail services, with 300 million global users. Also known as Yahoo’s “Spam Czar,” Risher coordinates R&D efforts across Yahoo! to wage war on spam and cyber abuse. In addition to technology solutions, Risher works on researching emerging spam trends and developing cutting edge spam-fighting technology.
Watch the Presentation < 8:26 >
Hot Topic Track
Researchers, vendors and customers all have a role to play in the Responsible Disclosure debate. But what responsibilities do each of these groups owe the others? Does a researcher owe the consumer anything? Do software consumers owe researchers support? What are the vendor's responsibility to both groups. Join us to ask representatives from all three groups say what they believe their own responsibilities to be and how they should be responsible.
Moderator: Martin McKeay, Blogger, Podcaster, Network Security Blog
Martin McKeay is a CISSP and QSA with over a decade's experience in security. He is a well known expert on the Payment Card Industry Data Security Standards. McKeay is also the host of the Network Security Blog and Podcast. He has spoken at RSA and written for several industry magazines, such as Computerworld and (In)Secure.
Panelists: Security Researchers
Steve Dispensa, CTO & Co-Founder, PhoneFactor
Steve Dispensa is CTO & Co-Founder of PhoneFactor, a multi-award winning two-factor authentication service that utilizes a device users already have – their phone. Prior to co-founding PhoneFactor, Steve created Midwest Networking Associates, and then was the Director of Systems Architecture within Sprint’s Broadband Wireless Group. Steve received his degree from the University of Missouri at Kansas City, Is Cisco CCIE #5444, and has been recognized five times as a Microsoft MVP.
HD Moore, Chief Architect, The Metasploit Project
HD is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development.
Panelists: Vendors
Katie Moussouris, Senior Security Strategist, Microsoft Corporation
Katie Moussouris is a Senior Security Strategist in the Security Development Lifecycle (SDL) team. Moussouris founded the Microsoft Vulnerability Research Program (MSVR), extending the focus of Microsoft’s security vulnerability research to third party software. Moussouris also founded the Symantec Vulnerability Research Program. Moussouris has been an application penetration tester, uncovering serious vulnerabilities before they could be widely exploited by hooligans and criminals for fun or profit.
Brad Arkin, Director of Product Security and Privacy, Adobe Systems Incorporated
Brad Arkin is the Director of Product Security and Privacy at Adobe. In his role, Brad leads the Adobe Secure Software Engineering Team (ASSET) responsible for ensuring Adobe's products are designed, engineered and validated using security best practices, as well as the Product Security Incident Response Team (PSIRT) dedicated to responding to and communicating about security issues. Prior to joining Adobe, Brad held management positions at StepNexus, Symantec, @Stake and Cigital. He is currently a board member of SAFECode, the Software Assurance Forum for Excellence in Code. Brad holds a BS in computer science from the College of William and Mary, an MS in computer science from George Washington University, and an MBA from Columbia University and London Business School.
Panelists: Enterprise
Tim Stanley, CISO, Continental Airlines
Tim Stanley is the Chief Information Security Officer for Continental Airlines and is responsible for execution of CO's enterprise-wide IT security strategy and driving implementation of security related programs within each business unit. Tim is also responsible for implementation of corporate IT security and control policies and standards, as well as ensuring that appropriate tools and metrics are in place to allow for monitoring, measurement and control of risk as it relates to IT security.
Michael Barrett, Chief Information Security Officer, VP Information Risk Management, PayPal
Michael Barrett is the Chief Information Security Officer for PayPal. In this role, he is responsible for ensuring the security of PayPal’s 78 million active accounts worldwide. He oversees the information systems and services that protect the integrity and confidentiality of PayPal customer and employee information. Barrett was twice named one of the 50 most powerful people in networking by Network World magazine and was listed as one of ITSecurity.com’s top influencers in infosec.
Interviews
Martin McKeay and Steve Dispensa
Download <8:51>
Martin McKeay and Katie Moussouris
Download <4:25>
Martin McKeay and Tim Stanley
Download <5:14>
Patrick Peterson, Cisco Fellow & Chief Security Researcher, Cisco Systems Inc.
Henry Stern, Senior Security Researcher, Cisco Systems, Inc.
Hackers and Threats Track
Abstract: We have captured and observed five of the most dangerous botnet families. In this session, using demonstrations, packet captures and video, we unravel their technical operations: malware infection, botnet command & control, botnet size and how their weaknesses enable extermination. We will follow the money to unravel business models, criminal actors, relationships and profits.
Patrick Peterson joined IronPort Systems in 2000 and defined IronPort’s email security appliances and invented IronPort’s SenderBase, the industry’s first reputation service. In 2008, after Cisco’s acquisition of IronPort, Peterson became a Cisco Fellow, a position that is reserved for individuals whose technical contribution has made a material impact not only within Cisco, but also in the industry as a whole.
Henry Stern joined IronPort Systems in 2006 as one of the original engineers responsible for IronPort Anti-Spam (TM), the industry’s most accurate anti-spam filter, and invented IronPort’s Multidimensional Pattern Recognition (TM) technology for combatting image threats. Stern has been involved in the anti-spam community since 2003, serving as a committer for the Apache SpamAssassin project and a contributor to both the SURBL and URIBL spam domain name blocklists.
Download <7:36>
Mike Gentile, Managing Partner, Coastline Consulting Services, Inc.
Ron Collette, CIO, Clarient, Inc.
Professional Development Track
Abstract: As the security profession matures, one thing is becoming very clear: Being good at security has little to do with being successful in security. This interactive session will explore the 5 essential non-security skills that successful security leaders, and their teams, possess, leverage, and employ to ensure security success. From practical techniques to harvest a team with these skills, to using them in day to day situations, this session will provide real-world advice from the trenches.
Ron Collette is the CIO for Clarient (Nasdaq:CLRT) in Aliso Viejo, CA, and speaks regularly both internationally and domestically. He has a monthly article on Computer Economics and is a contributing research analyst for their major surveys and studies. Additionally, Collette co-authored 'The CISO Handbook: A Practical Guide To Securing Your Company,' and 'CISO Soft Skills,' both published by CRC Press.
Mike Gentile is a Managing Partner with Coastline Consulting Services, Inc. and the Senior Editor of CISOHandbook.com, both in San Clemente, CA. He is a recognized speaker, researcher, and innovator in the field of information security. Additionally, Gentile co-authored 'The CISO Handbook: A Practical Guide To Securing Your Company', and ‘CISO Soft Skills’ both published by CRC Press.
Download <10:45>
Thomas Smedinghoff, Partner, Wildman Harrold
Jane Winn, Professor of Law, University of Washington
Law Track
Abstract: User-Oriented identity management (IdM) systems are challenging Enterprise-Oriented IdM Systems by putting end-users in control of how their personally identifiable information is used. This session will compare the privacy, security, and liability issues raised by these two models; describe legal, business and technical strategies to mitigate those risks; and examine the emergence of “hybrid” IdM Systems to overcome the limitations of both models.
Thomas J. Smedinghoff is partner in the Privacy & Data Security Law practice at Wildman, Harrold, Allen & Dixon LLP. He is internationally recognized for addressing legal issues regarding e-transactions & information security. He is a member of the US Delegation to the UN Commission on International Trade Law, co-chair of the American Bar Association Federated Identity Management Task Force, and author of the book: INFORMATION SECURITY LAW: THE EMERGING STANDARD FOR CORPORATE COMPLIANCE (2008)
Jane Winn is the Charles Stone Professor of Law and director of the Law, Technology & Arts Group at University of Washington. She is co-author of THE LAW OF ELECTRONIC COMMERCE (4th ed. 2009) and focuses on information security, identity management and electronic contracting law. She has taught information security law to lawyers and law students since 2004. She is a member of the EU ICT Standards Board and co-chair of the American Bar Association Federated Identity Management Task Force.
Watch the presentation <8:57>
Richard Howard
Intelligence Director, VeriSign iDefense
Industry Experts track
Richard Howard will discuss current cyber security trends identified in 2009 and manifesting in 2010 from Cyber Crime, Cyber War, Cyber Espionage and Cyber Terrorism. He will then look to the horizon to identify some potential Cyber Security Disruptors; ideas or technologies coming down the pike that will fundamentally change how the security community protects its enterprise and its customers.
Rick is responsible for the intelligence gathering efforts at iDefense. He is a US Army veteran and spent the last two years of his career as the Army's Computer Emergency Response Team Chief (ACERT). Mr. Howard holds a Master of Science degree in computer science from the Naval Postgraduate School and an engineering degree from the US Military Academy. He most recently contributed as an Executive Editor to VeriSign’s first book: “Cyber Fraud: Tactics, Techniques and Procedures.”
Download <6:56>
Jeremiah Grossman- Founder and CTO, WhiteHat Security
Jacob West- Director of Security Research, Fortify Software
Applications and Development Track
Abstract: One of the only guarantees in life is that the first time you analyze a piece of software for security vulnerabilities, you're going to find them. Whether you’re using static or dynamic analysis, prioritizing defects for remediation can strain any organization. This session will demonstrate methods for integrating analysis techniques and show how a combined approach gives better results.
Jeremiah Grossman, Founder and CTO, WhiteHat Security, is a world-renowned Web security expert. A co-founder of the Web Application Security Consortium (WASC), he was named to InfoWorld’s Top 25 CTOs in 2007 and is often quoted in major publications. He is credited with the discovery of many cutting-edge attack and defensive techniques, and is an influential blogger who offers insight and encourages open dialogue regarding research and vulnerability trends.
Jacob West is Director of Security Research at Fortify Software where his team is responsible for building security knowledge into products and overseeing the discovery and categorization of security issues identified by the company’s products. Prior to Fortify, West contributed to the development of MOPS, a static analysis tool used to discover security vulnerabilities in C programs. West and colleague Brian Chess recently published a book, “Secure Programming with Static Analysis.”
Download <10:08>
Dr. Peter Warren Singer
Senior fellow and director of the 21st Century Defense Initiative, Brookings Institution
Keynote Session
What happens when science fiction becomes battlefield reality? An amazing revolution is taking place on the battlefield, starting to change not just how wars are fought, but also the politics, economics, laws, and ethics that surround war itself. This upheaval is already afoot -- remote-controlled drones take out terrorists in Afghanistan, while the number of unmanned systems on the ground in Iraq has gone from zero to 12,000 over the last five years.
Listen to P.W. Singer's interview on NPR's OnPoint.
Dr. Peter Warren Singer is the youngest scholar named Senior Fellow in Brookings's 90-year history. CNN named him to their "New Guard" List of the Next Generation of Newsmakers, Foreign Policy magazine named him among the world’s top 100 global thinkers, and Financial Times named Wired for War as a book of the year. Singer is a columnist on defense issues for the Washington Examiner, and, in his personal capacity, served as coordinator of the Obama-08 campaign’s defense policy task force.
Speakers:
Shannon Kellogg, Director of Information Security Policy, Office of Government Relations, EMC Corporation
Adam Rak, Senior Director of Public Affairs, Symantec
Shannon Kellogg is Director of Information Security Policy, Office of Government Relations at EMC Corporation. Prior to EMC's September 2006 acquisition of RSA Security, he was Director of Government & Industry Affairs at RSA. Shannon is Chairman of the National Cyber Security Alliance, a national public-private partnership to educate users on information security practices, an initiative that he helped to establish earlier this decade and has been a member of the Board of Directors since February 2004. He is also serving as Chairman of TechAmerica’s Information Security Committee. Before joining EMC and RSA, Kellogg was the global Director of Information Security Policy at the Business Software Alliance, and also was Vice President of Information Security Policy & Programs at the Information Technology Association of America.
Adam Rak is the Senior Director of Public Affairs at Symantec. In this role, he has global responsibility for managing Symantec’s relationships with government officials and overseeing the company’s worldwide public policy agenda. In addition, he is responsible for the management of Symantec’s corporate philanthropy, community relations and corporate social responsibility programs. Adam is a recent past Chair of the Business Software Alliance’s Policy Council and he also helped found the Cyber Security Industry Alliance the only CEO led public policy and advocacy group exclusively focuses on cyber security issues. Prior to joining Symantec, Adam worked in Washington, DC as a legislative aide for former Congresswoman Barbara Kennelly. Adam also worked at TechNet, as the State Public Policy Director and managed the California Public Policy Committee comprised of a number of the nation’s largest technology companies.
Download <13:43>
Philippe Courtot, Chairman and Chief Executive Officer, Qualys, Inc.
Keynote
Abstract: Cloud computing is the nom du jour of an exciting new computing model the entire hi-tech industry is now flocking to adopt at all levels including infrastructure, software and applications. It is here to stay, drastically changing the IT industry as we know it. At the same time we see the sophistication of the attacks on the rise, threatening all of us and potentially impeding progress in the cloud. Join Qualys’ CEO Philippe Courtot as he discusses the future of cloud computing and what we as an industry need to do in order to effectively secure it and make it more resilient against cyber risks.
Philippe Courtot has a history of building innovative companies and transforming them into industry leaders. Philippe received the SC Magazine Editor's Award for bringing on demand technology to network security and for co-founding the CSO Interchange, a forum for sharing information in the security industry. Before Qualys, Philippe was the Chairman and CEO of Signio, President and CEO of Verity and President and CEO of cc:Mail. He holds a Masters Degree in Physics from the University of Paris.
Download <6:50 >
Wumaierjiang Simayi
on
Webcast: State of SSL on the Internet
sage rage
on
Podcast: Follow the Digital Trail: Using Forensics to Identify Attackers and Malware Authors
Jeff Bardin
on
RR-106: Hacker, Cracker, Salafi, Spy- (Jihad Me This Redux) - PK Session
Osama Kamal
on
RR-106: Hacker, Cracker, Salafi, Spy- (Jihad Me This Redux) - PK Session
patrick lao
on
HT2-302: Botnets Gone Wild! Captured, Observed, Unraveled, Exterminated
Registration (Toll Free): 1-866-397-5093
Toll (outside of U.S.): 1-801-932-1717
