Interop is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Schedule Builder

View, browse, and sort the ever-growing list of sessions by pass type, track, and format. With this Schedule Builder, you can build your schedule in advance and access it during the show via export or with the mobile app, once live. For your schedule to sync properly with the mobile app, be sure to login to Schedule Builder with the same email address you used to register for Interop 2019.

Sessions do fill up and seating is first come, first serve, so arrive early to sessions that you would like to attend. Please note that adding a session into your agenda does NOT guarantee you a seat to the session.

Security Pro Summit

Tim Wilson (Co-Founder and Editor-in-Chief, Dark Reading)

Doug Lhotka (Cybersecurity Architect, IBM)

Cindi Carter (VP and CSO, Mede Analytics)

Yaron Levi (Research Fellow, Cloud Security Alliance)

Shandon Lewis (Senior Web Application Penetration Tester, Backward Logic)

John Sawyer (Director of Services, Red Team, IOActive, Inc.)

Maxine Holt (Research Director, Ovum)

Derek Manky (Chief of Security Insights and Global Threat Alliance, Fortinet)

Jessica Bair (Senior Manager, Advanced Threat Solution, Cisco Systems Inc.)

Etan Lightstone (VP of Product Design, ShiftLeft)

Jasdeep Singh (Security Engineer, AT&T)

Location: Montego C

Date: Tuesday, May 21

Time: 9:00am - 5:00pm

Pass type: All Access, Summits & Workshops - Get your pass now!

Track/Topic: Security

Format: Summit

Vault Recording: TBD

AT&T

If you're an experienced security professional looking for advanced education, the Security Pro Summit produced by the editors of Dark Reading provides a deep dive into cybersecurity threats and the latest methods for detecting and responding to them. At the Security Pro Summit, attendees will go beyond cybersecurity basics to learn about emerging vulnerabilities and exploits as well as practical, usable methods for detecting and responding to online attacks in an enterprise. Attendees will not only gain insight from top experts on the latest threats and potential security flaws but also will find out how security teams can handle these critical issues and learn about tools and best practices they need to mitigate them.

No Silver Bullet: Cybersecurity in the Cognitive Era
Doug Lhotka (Cybersecurity Architect, IBM)
It's no surprise that our organizations are under attack by industrialized threats from highly skilled adversaries. At same time, we're drowning in information, facing a growing skills shortage, and often dealing with security infrastructures from the dark ages. It's no wonder that the industry is looking for the latest magic bullet, and cognitive security is now the king of the hype curve. We'll talk about the threats in more detail, the growing migration from compliance to risk-focused security, and how security is fundamentally an information management problem. We'll investigate how cognitive technology is being applied in real organizations today and try to get beyond the marketing and hype to understand this fundamental shift coming our way.

Lightning Talk 1: Security Without the Seams (Presented by AT&T)
Jasdeep Singh (Security Engineer, AT&T)
The evolution of cybercrime coupled with digitalization makes cybersecurity a business problem. Dispersed networks, increased data, disparate technologies and complex security operations present cybercriminals with gaps or “seams” in organizations’ security postures. Fighting this requires a coordinated and collaborative approach that seamlessly orchestrates people, process and technology.

Flash War: Tapering and Accelerating Attack Chain
Derek Manky (Chief of Security Insights and Global Threats Alliance, Fortinet)
Every day, online attackers are discovering new ways to penetrate enterprise environments. In this session, a top cybersecurity researcher offers insight into the current threat environment – including details on specific groups of threat actors – as well as details on the latest exploits and threats. Attendees will get a look at some of the attackers and exploits that are hitting enterprises today, including some that you may not have seen yet.

Cover Your aaS With DevSecOps
Cindi Carter (CSO of Mede Analytics) & Yaron Levi (Research Fellow, Cloud Security Alliance)
A decade into the cloud era, organizations are rapidly creating digital businesses by blurring the digital and physical worlds and creating interactions among people, businesses, and intelligent "things." If security struggled to keep up before, many fear that in the digital age security will never catch up. In this era where the lines are blurred, and development and operations are fused together, security must become the third leg of that stool not as a requirement but as a first-class cultural component. In this talk, security practitioners will share their story about building security into DevOps, making it part of the culture for an organization with 3,500 developers globally who didn't want to have anything to do with security.

Tracking Ransomware: Using Behavior to Find New Threats
Jessica Bair (Senior Manager, Advanced Threat Solutions, Cisco Systems Inc.)
*Please bring your own laptop*

This hands-on lab will be an interactive session on the latest ransomware trends as well as how to defend your enterprise against this threat. Attendees will understand how ransomware operates, the attack vectors, and the commonalities between variants. They will learn the skills to find and track new ransomware with dynamic analysis of behavior.

Table Discussion
Interactive conversations about current threats, moderated by experts and protected by the Chatham House Rule.

Four Ways to Identify Microservices Leaking Critical Data
Etan Lightstone (VP of Product Design, ShiftLeft)
The fastest-growing problem in application security is data leakage. The adoption of microservices, combined with increasingly shorter development cycles, means that understanding how critical data flows into, within, and out of an application is more complex than ever. While microservice architectures have increased efficiency in innumerable ways, they can also silo developer knowledge such that understanding how every other service handles data, and what each service defines as sensitive, is incredibly difficult. Yet, despite the name, traditional data loss preventions (DLP) approaches provide little help to developers. How can developers identify data leakages in the applications they build? And how can this be accomplished for every version of every microservice in every release?

Getting the Most Out of Penetration Testing and Red Teaming
John Sawyer (Head of Red Teaming, IOActive)
If you're an enterprise security pro, you understand the value of testing your defenses as an attacker would. But exactly what methods should you use, and what defenses should you test? When should you employ third parties to do the testing, and when should you up the ante and employ full-scale red teaming? Most importantly, how should your organization evaluate the results from pen testers and red teamers, and what steps should you take to remediate the newly discovered vulnerabilities and shore up your defenses? In this session, a top expert on pen testing and red teaming will provide answers to these questions and help you to recognize the advantages and pitfalls associated with security testing.

Vulnerabilities in Web Applications That Are Often Overlooked
Shandon Lewis (Senior Web App Pen Tester, Backward Logic)
In this session, a top researcher will demonstrate how "low-severity" web application bugs can actually be far more significant than realized. Attendees will see actual instances of these vulnerabilities and learn how they can be exploited to attack enterprise data.

Balancing Digital Transformation and Data Privacy
Maxine Holt (Research Director, Ovum)
Digital transformation initiatives have enabled many enterprises to revolutionize parts of their business. Customers and citizens receive better service, with middle- and back-office functions operating with increasing efficiency. However, such projects have also resulted in even more data being created. In a world where data privacy is increasingly legislated and expected, how can enterprises balance the seemingly conflicting data privacy controls with digital transformation projects?

Presentation Files

Interop_2019Carter_LeviCover_your__aaS_with_DevSecOps.pdf
shiftleft_interop_2019_v3.pptx
Holt_Balancing_Digital_Transformation_and_Data_Privacy.pptx
Manky_Flash_War.pdf
INT19_PPT_Tracking_Ransomware__Bair.pdf