Schedule Builder

View, browse and sort the ever-growing list of sessions by pass type, track, and format. With this Session Scheduler, you can build your schedule in advance and access it during the show via export or with the Mobile App, once live.

Sessions do fill up and seating is first come, first serve, so arrive early to sessions that you would like to attend. Please note that adding a session into your agenda does NOT guarantee you a seat to the session.

Security Pro Summit

Tim Wilson (Co-Founder and Editor-in-Chief, Dark Reading)

Doug Lhotka (Cybersecurity Architect, IBM)

Cindi Carter (CSO, Mede Analytics)

Yaron Levi (Research Fellow, Cloud Security Alliance)

Chetan Conikee (CTO and Co-Founder, ShiftLeft)

Shandon Lewis (Senior Web Application Penetration Tester, Backward Logic)

John Sawyer (Director of Services, Red Team, IOActive, Inc.)

Maxine Holt (Research Director, Ovum)

Derek Manky (Chief of Security Insights and Gobal Threat Alliance, Fortinet)

Jessica Bair (Senior Manager, Advanced Threat Solution, Cisco Systems Inc.)

Date: Tuesday, May 21

Time: 9:00am - 5:00pm

Pass type: All Access, Summits & Workshops - Get your pass now!

Track/Topic: Security

Format: Summit

Vault Recording: TBD

If you're an experienced security professional looking for advanced education, the Security Pro Summit produced by the editors of Dark Reading provides a deep dive into cybersecurity threats and the latest methods for detecting and responding to them. At the Security Pro Summit, attendees will go beyond cybersecurity basics to learn about emerging vulnerabilities and exploits, as well as practical, usable methods for detecting and responding to online attacks in an enterprise. Attendees will not only gain insight from top experts on the latest threats and potential security flaws but also will get insight into how security teams can handle these critical issues and learn about tools and best practices they need to mitigate them.

No Silver Bullet: Cybersecurity in the Cognitive Era
Doug Lhotka (Cybersecurity Architect, IBM)
It's no surprise that our organizations are under attack by industrialized threats from highly skilled adversaries. At same time we're drowning in information, facing a growing skills shortage, and often dealing with security infrastructures from the dark ages. It's no wonder that the industry is looking for the latest magic bullet, and Cognitive security is now the king of the hype curve. We'll talk about the threats in more detail, the growing migration from compliance to risk-focused security, and how security is fundamentally an information management problem. We'll investigate how cognitive technology is being applied in real organizations today, and try to get beyond the marketing and hype to understand this fundamental shift coming our way.

Who Are Your Attackers? A Look at Current Threat Actors and Exploits
Derek Manky (Chief of Security Insights and Global Threats Alliance, Fortinet)
Every day, online attackers are discovering new ways to penetrate enterprise environments. In this session, a top cybersecurity researcher offers insight on the current threat environment -- including details on specific groups of threat actors -- as well as details on the latest exploits and threats. Attendees will get a look at some of the attackers and exploits that are hitting enterprises today, including some that you may not have seen yet.

Cover Your aaS With DevSecOps
Cindi Carter (CSO of Mede Analytics) & Yaron Levi (Research Fellow, Cloud Security Alliance)
A decade into the cloud era, organizations are rapidly creating Digital Businesses by blurring the digital and physical worlds and creating interactions between people, businesses and intelligent "things". If security struggled to keep up before, many fear that in the digital age security will never catch up. In this era where the lines are blurred, and Dev & Ops are fused together, Security must become the 3rd leg of that stool not as a requirement but as a first-class cultural component. In this talk, security practitioners will share their story about building security into DevOps, making it part of the culture for an organization with 3500 developers globally who didn’t want to have anything to do with security.

Tracking Ransomware: Using Behavior to Find New Threats
Jessica Bair (Senior Manager, Advanced Threat Solutions, Cisco Systems Inc.)
*Please bring your own laptop*

This hands-on lab will be an interactive session on the latest ransomware trends, as well as how to defend your enterprise against this threat. Attendees will understand how ransomware operates, what are the attack vectors and what are the commonalities between variants. They will learn the skills to find and track new ransomware with dynamic analysis of behavior.

Table Discussion
Interactive conversations about current threats, moderated by experts and protected by the Chatham House Rule

Four Ways to Identify Microservices Leaking Critical Data
Chetan Conikee (CTO and Co-Founder, ShiftLeft)
The fastest growing problem in application security is data leakage. The adoption of microservices, combined with increasingly shorter development cycles, means that understanding how critical data flows into, within, and out of an application is more complex than ever. While microservice architectures have increased efficiency in innumerable ways, they can also silo developer knowledge such that understanding how every other service handles data, and what each service defines as sensitive, is incredibly difficult. Yet, despite the name, traditional Data Loss Prevention (DLP) approaches provide little help to developers. How can developers identify data leakages in the applications they build? And how can it be accomplished for every version of every microservice in every release?

Getting the Most Out of Penetration Testing and Red Teaming
John Sawyer (Head of Red Teaming, IOActive)
If you’re an enterprise security pro, you understand the value of testing your defenses as an attacker would. But exactly what methods should you use, and what defenses should you test? When should you employ third parties to do the testing, and when should you up the ante and employ full-scale red-teaming? Most importantly, how should your organization evaluate the results from pen testers and red teamers, and what steps should you take to remediate the newly-discovered vulnerabilities and shore up your defenses? In this session, a top expert on pen testing and red-teaming will provide answers to these questions, and help you to recognize the advantages and pitfalls associated with security testing.

Vulnerabilities in Web Applications That Are Often Overlooked
Shandon Lewis (Senior Web App Pen Tester, Backward Logic)
In this session, a top researcher will demonstrate how 'low severity' web application bugs can actually be far more significant than realized. Attendees will see actual instances of these vulnerabilities, and how they can be exploited to attack enterprise data.

Balancing Digital Transformation and Data Privacy
Maxine Holt (Research Director, Ovum)
Digital transformation initiatives have enabled many enterprises to revolutionize parts of their business. Customers and citizens receive better service, with middle- and back-office functions operating with increasing efficiency. However, such projects have also resulted in even more data being created. In a world where data privacy is increasingly legislated and expected, how can enterprises balance the seemingly conflicting data privacy controls with digital transformation projects?