The Security Pro Summit


Ron Gula (Founder, Gula Tech Adventures)

Fred Kwong (CISO, Delta Dental Plan Association)

Derek Manky (Global Security Strategist, Fortinet)

Westley McDuffie (Security Evangelist, IBM)

Rich Mogull (Analyst and CEO, Securosis)

Sara Peters (Senior Editor, Dark Reading)

Roselle Safran (Former SOC Chief at the White House)

John Sawyer (Associate Director of Services, IOActive, Inc.)

Eric Scales (Director of Security Consulting Services, Mandiant, a FireEye Company)

Location: Grand Ballroom G

Date: Tuesday, May 1

Time: 9:00am - 5:00pm

Pass Type: All Access, Summits & Workshops

Format: Summit

Track: Security

Audience: Intermediate

Vault Recording: TBD

Audience Level: Intermediate

Note: an RSVP is required for Workshops & Summits. Please RSVP by making your selections in your registration account.

A full-day event for IT security professionals to learn and share about the latest threats and data defense practices

Produced by the editors of Dark Reading and led by some of the cybersecurity industry’s top experts and speakers, the Security Pro Summit is an opportunity for IT security professionals to take a deeper dive into cybersecurity threats and defense, learning and sharing on the latest methods for detecting and responding to new threats. At the Security Pro Summit, attendees will go beyond cybersecurity basics to learn about emerging vulnerabilities and exploits, as well as practical, usable methods for detecting and responding to online attacks in an enterprise. Attendees will not only gain insight from top experts on the latest threats and potential security flaws, but also will get insight on how security teams can handle these critical issues, and the tools and best practices they need to mitigate them.


8-9am Breakfast

9-9:30am: CISO Keynote: The Security Department’s Toughest Challenges (And Tips On How to Hack Them)
Fred Kwong
For most organizations, IT security is a moving target. As threats change, risks change – and so do the priorities of the information security department. In this tone-setting session, a top CISO offers a look at some of the newest and toughest challenges faced by today’s infosecurity teams, and provides some specific recommendations on how to handle them.

9:30-9:45am: Lightning Talk 1

9:45-10:30am: New Threats and Vulnerabilities Your Enterprise Should Worry About
Derek Manky

Every day, online attackers are discovering new vulnerabilities that they can use to penetrate your systems, and new exploits that take advantage of these vulnerabilities. In this session, a top cybersecurity researcher offers an overview of some of the newest and most critical vulnerabilities that have been discovered in recent months, as well as details on the latest exploits and threats. Attendees will get a look at some of the emerging exploits that are hitting enterprises today – and some that you may not have seen yet.

10:45-11:30am: Detecting and Analyzing Behavior In Online Attacks
Roselle Safran

As more and more cyber attacks bypass traditional, signature-based defenses, a question arises: How do you know when you’ve been compromised? In this informative session, a top expert offers a look at the steps you can take to identify targeted and sophisticated attacks by analyzing the behavior of your attackers – or the malware they are using. You’ll get advice on how to identify zero-day attacks, how to read indicators of compromise (IoCs), and how to recognize specific behavior that may indicate an intruder’s activity.

11:30am-12pm: Table Discussions
Interactive conversations about current threats, moderated by experts and protected by the Chatham House Rule

12-1pm: Lunch

1:00-1:45pm: Incident Response and Security Operations – What Works (And What Doesn’t)
Eric Scales

Incident response (IR) has become a standard operating procedure in most enterprise security departments – but not every organization implements IR in the same way. In this revealing session, a top expert offers a look at the key elements of IR, as well as security operations, and provides insight on the practices that work best – and those that may not work at all.

1:45-2:30pm: Managing Security In the Clouds – And Other Hair-Raising Service Provider Tales
Rich Mogull
Over the last few years, enterprises have placed an increasing amount of critical data – and an increasing amount of faith – in cloud services. But recent compromises in the news suggest that cloud services may be susceptible to online attack, and that some cloud service providers may not be ready to respond. In this session, a cloud security expert offers a look at the pitfalls and vulnerabilities associated with cloud applications and services – and some advice on how to protect your organization’s data as it moves into the cloud.

2:30-2:45pm: Break

2:45-3:30: Using Offensive Security Tactics to Improve Enterprise Defense
John Sawyer

Sometimes, the best defense is a good offense. In this session, attendees will get an overview of how they can use free and open-source hacking tools to help identify potential vulnerabilities, gain insight on attacker methods, and improve their overall cyber defense strategy.

3:30-4:15pm: Where Cybersecurity Strategy (Risk Management) and Practical Deployment Meet
Westley McDuffie
A risk-based security strategy is in great demand for all organizations, but how do you formulate a risk approach that works effectively in a practical deployment? Are there practical examples of how to implement risk-based strategies, and methods for using them to stop the wide array of threats facing the organization? Where do you start, and what tools and customized frameworks can help you to move beyond compliance to risk-based strategy that your management understands and supports? In this session, you’ll get advice on how to turn risk-based theories and strategies into a practical reality.

4:30-5:00pm: Closing Keynote: The Changing Cybersecurity Landscape
Ron Gula
Keeping up with current threats seems challenge enough – but what will the future bring? In this thought-provoking keynote, an innovative security thinker will offer a look at today’s security landscape and what current trends might mean for the long-term future of data defense.

Presentation Files