Interop Las Vegas logo

Interop InfoSec & Risk Management Track

The threat of cyber security breaches and compromises has become one of business’ greatest – and most unpredictable – risk factors. Understanding your attackers – their motivations, their methods of operation, and the exploits they create – is crucial to developing the right defenses and to measuring the risk that your organization faces.

The InfoSec and Risk Management Track offers a comprehensive look at the current threats posed by cyber attackers, the security vulnerabilities they exploit, and the potential impact of these attacks on your organization. Attendees will get firsthand descriptions of the latest exploits targeted at the enterprise, and recommendations on how to mitigate them. Attendees will also receive some common-sense guidance on how to quantify and measure the cyber risks they face – and how to use that risk measurement to build an IT security strategy that is both effective and affordable for the business. Attendees will get firsthand descriptions of the latest exploits targeted at the enterprise, and recommendations on how to mitigate them. They will also get a look at potential vulnerabilities and security issues created by today’s newest technologies – including mobile, cloud, and Internet of things – as well as a peek at next-generation security solutions.

TRACK SPONSORS

Featured InfoSec & Risk Management Sessions


A CISO's Perspective: Measuring and Communicating Information Security Progress
Information Security is clearly a hot topic. It is top-of-mind not only for CISOs and CIOs, but also CFOs, CEOs and BODs. Many CISOs today no longer have to beg for resources and help. In fact, offers for additional funding from executive leadership are coming at times without asking. So how does a CISO know when he/she has sufficient funding? Is it ever OK for a CISO to not accept additional budget? CISOs need to be able to demonstrate how well information security risk is being managed. It is only then can they effectively understand and communicate to various stakeholders when they need more resources or when resources are being optimally managed. Being able to have this conversation is what differentiates CISOs. By communicating information security risk in a structured and non-technical manner, CISOs become thought leaders within their organizations - impacting not only security but also business strategy. Learn how Caterpillar uses a strategy, a capability maturity model, and a program management office to prioritize investments, communicate progress, and ensure alignment for its 5-year Information Security Transformation.
Speaker: Mike Zachman - CIA, CISM, CGEIT -Deputy CISO, Caterpillar Inc.

Debate: Where are the Weakest Links in Cyber Security?
Security experts and vendors often spur fear and concern by stating that a particular vulnerability is the “weakest link” in enterprise security defense. The problem is that the “weakest link” differs depending on who’s talking. This makes life confusing for enterprise security professionals, who must prioritize their activities and seek to build comprehensive defenses. In this debate, a panel of experts will discuss the most troublesome vulnerabilities among enterprise defenses and choose the “weakest links,” aiding attendees to prioritize their upcoming security projects. Potential arguments could be made for: Insider threats, end users, applications, cloud vulnerabilities, mobile/endpoint devices, targeted/sophisticated attacks, next-generation malware, or other threats/vulnerabilities. Which should be the enterprise’s greatest concerns? You will hear the argument.
Moderator: Tim Wilson, Editor, Dark Reading
Panelists:
-Adam Ghetti, CEO, Ionic Security 
-Eric Green, SVP, Business Development, Mobile Active Defense 
-Jason Straight, Senior Vice President, Chief Privacy Officer, UnitedLex 
-Robert Ragan, Senior Security Associate, Bishop Fox

Ending the Tyranny of Expensive Security Tools: A New Hope
A long time ago, in a galaxy far far away, AV was invented. Then firewalls and IDS and SIEM and NAC and DLP and on and on. With all these products, it seems like a career in information security is really more about managing tools than defeating a galactic empire of hackers and miscreants. But like the Rebel Alliance, you can take back your enterprise, because many of our existing monitoring systems and network devices also have security functionality. Moreover, there are many excellent open source applications that work just as well as commercial ones.
Speaker: Michele Chubirka, Senior Security Architect, Postmodern Security 

Featured InfoSec & Risk Management Workshops


Go Hack Yourself: Offensive Security Tools for Enterprise Defenders
Offensive security tools aren’t just for penetration testers. Enterprise defenders can take advantage of the same tools and techniques to identify weaknesses in their networks and the humans contained within. Need to find your exposed vulnerabilities and get them fixed before the bad guys exploit them? Want to clean up the low-hanging fruit before a pen test so you can focus on more realistic, targeted threat scenarios? This class is a hands-on immersion in offensive security tools including tools like nmap, Metasploit, Arachni, recon-ng, and Phishing Frenzy. Participants will be provided a virtual machine pre-loaded with tools to use throughout the class. The focus will be on imparting practical skills that students will be able to apply immediately upon returning to work.
Instructor: John Sawyer, Senior Security Analyst, InGuardians
Visit our agenda for workshop requirements.
*Please note: This workshop is limited to the first 100 people who have pre-registered in registration.

Integrating Risk and Security Into Your Organization’s DNA
Risk management practices and security controls are often perceived of as burdens or roadblocks by end users and executives. The goal of this workshop is to help you change those attitudes so that individuals don’t just comply with risk and security practices, but instinctively integrate them into everyday business activities. Adapting an organization’s DNA to effectively integrate risk and security requires a fundamental shift from authoritative and consequence-oriented approaches to consultative and benefit-oriented ones.  Instead of focusing on protecting the organization and its constituents from themselves, risk and security professionals will learn to empower individuals with information and insights to make business-appropriate decisions. This will ultimately make risk and security a business enabler instead of a roadblock to success. Topics will include information risk profiles, threat and vulnerability analysis, approaches to culture change, and risk and security considerations for the information supply chain.  Interactive discussions, examples, and cross-industry case studies will be presented throughout the workshop.
Instructor
John Pironti, President, IP Architects, LLC

How to Register


The following passes will get you access to the Interop program:

Track Chair


John Pironti

President

IP Architects, LLC

John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. John has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). John frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.

Tim Wilson

Editor-in-Chief and Co-Founder

Dark Reading.com

Tim Wilson is editor-in-chief and co-founder of Dark Reading.com, the IT industry’s most widely-read online community for computer security. In this role, Wilson is responsible for managing the site, assigning and editing much of the content, and writing breaking news stories. Wilson also directs the content behind Dark Reading's webcasts, digital issues, and the Dark Reading University program, and is a contributor to UBM’s Black Hat and Interop events. Wilson has been recognized three times as one of the top cybersecurity journalists in the U.S. in voting among his peers held by the SANS Institute. In 2011, Wilson was named one of the 50 Most Powerful Voices in Security in research conducted by SYS-CON Media. Prior to joining Dark Reading.com, Wilson was the business editor for Network Computing, one of the industry’s leading communities on IT infrastructure and networking. A veteran of the IT industry, Wilson has spent 20 years as a journalist, including eight years as a top editor and reporter for CMP Media’s InternetWeek (originally called Communications Week). As executive editor of DataTrends Publications Inc., a newsletter publisher, Wilson founded four industry newsletters on the subject of data communications, edited several others, and wrote a half-dozen books on the topic. Wilson also has served as an industry analyst with two globally-recognized IT consulting firms: Decisys Inc. (now part of Gartner) and Enterprise Management Associates.