The Security Confab 2012

The Security Confab 2012 Speakers and Sessions

Here’s What the Future of Security Looks Like

Simply building deeper cyber moats and higher cyber walls will not afford the protection CSOs need to safeguard their mobile-device extended networks. The future is a trusted cloud, purpose built to provide both security and performance that offers the best in traditional firewalls and virus protections but also provides constant monitoring and assigns trust factor scores on-demand and in real time. Learn more about the future of security in this session.

Can Information Security Survive?
Malcolm Harkins, CISO, Intel Corporation

This is the question facing organizations of all sizes, and for some the answer is changing the mission and scope of their IT security initiatives. In this session Malcolm will discuss Intel’s new “Protect to Enable” information security strategy. Malcolm will examine the challenges of balancing Intel’s business needs and growth, with managing and mitigating risks in enterprise security — and will focus on strategies for any company interested in bringing employee-owned devices into the IT environment

How to Deal with a Global Regulatory Landscape: A Methodology for CSOs

Global companies face compliance with a slew of global privacy and data protection laws.  The challenge is further magnified when some laws conflict with one another. For example, companies are required to protect certain kinds of information, thus requiring them to deploy tools to identify the information, yet this very action may be in violation of another set of laws.  Join us for this session as we discuss an approach to navigate through some of these conflicting laws in order to protect the enterprise while simultaneously meeting global regulatory requirements.

The Big Lie: Vulnerabilities vs. Exploits
Brad Arkin, Senior Director, Security, Adobe Systems

The big lie perpetuated by software security vendors is that improving the security quality of your code will eventually get you to a "good enough" level of security.  The reality is that non-trivial software will always have non-trivial bugs, many of which will have interesting security characteristics for bad guys.  I will dazzle you with real world data that shows the only tactic that works is raising the cost of exploit creation or reducing the value of exploits once created.

Go Phish: A New Paradigm
Curtis KS Levinson, Cyber Defense Subject Matter Expert, North Atlantic Treaty Organization (NATO) Chief Security Officer (CSO/CISO) and Director of Information Assurance Qwest Government Services, Inc. A CenturyLink Company

Today's phishing and spearfishing attacks for seemingly trusted domains are stretching the capabilities of automated solutions and in some cases, defy automated/product based security solutions.  This presentation discusses the problem, potential business process re-engineering, appropriate security safeguards and recovery options.

Strategies for Securing an Uncertain Future

How do you design a security strategy for a world of continuous technological surprise?  This session will explore the three key ingredients that need to be baked in to any successful security strategy.  Join us and gather forward looking ideas for mitigating insider threats, cyber espionage, cyber criminals, and more.

A Tale of Two Theories
Dennis Devlin, AVP, Information Security and Compliance Services, The George Washington University
Historically, Fortune 500 companies and higher-education institutions have approached information security differently. Higher education was one of the earliest adopters of IP-based network computing and the ARPANET, and has always favored an open approach to encourage learning, teaching and scholarship.  Their model began as “allow by default and deny by exception.” Fortune 500 companies entered the Internet era after the Morris worm, malware and electronic fraud had already occurred.  From the very start, their model was “deny by default and allow by exception.” Over the past two decades, the two models have converged, and each camp has learned from the other.  At the same time, universities have been dealing with bleeding edge BYOD (bring your own device) programs, mobile technologies, flat networks with demarcations at the edge, telecommuting, distance learning, and customer communities that change every semester.  This session will trace how we got to where we are today, the lessons we have learned along the way, and how models tried and tested by higher education can be useful for the Fortune 500 too. 
Bring Your Own Device Programs: Avoiding Pitfalls and Developing Policies

Bring-your-own-device programs are the new craze, fueled by user demands for versatile and popular devices, along with perceived cost-savings by CFOs. But the common pitfalls when implementing these programs are emerging. In this session, get expert advice on how to develop an effective BYOD policy and how to identify often overlooked issues.

Weather Vane or Security Leader?  Adapting Our Leadership Direction for Security of the Future
Sean Cordero, President, Cloudwatchmen

The role of the CSO is changing.  Control over the data we are to protect is being lost, yet our scope is expanding and responsibilities remain the same. How can our security programs succeed when we’re faced with this fundamental shift in how our businesses operate? This talk provides an overview of how our role will continue to evolve -- and provides an action plan on how we can position ourselves as security leaders of the future in the face of uncertainty.

Deadbolts Are Dead: the Legal Implications of Security in a Wireless Cloud Environment

As information becomes the most valuable asset in our economy, and the repositories of that asset are de-linked from any physical location through wireless client devices and cloud based server and storage, notions of security tied to a particular device and/or place are becoming extinct.  This session will focus on legal considerations of securing information as it moves about in the new reality. In particular, we will explore those areas where the law has fallen behind this reality, and those areas in which the law is trying to adapt.  Key areas of consideration include: notions of jurisdiction; data security laws; how California and Massachusetts changed the world; challenges auditing a virtual data center; risk allocation; contracting with service providers; and insurance challenges.

Using Social Media to Help Protect the Enterprise!

Social media tools can quickly drive opinion and be a motivating force in changing behavior. Can't these same tools be used to help protect the enterprise from risk and significantly improve education and awareness?  Find out how in this session.

Consumerization: The Good, the Bad and the Ugly
Jeff Lolley, Director of Information Security and Privacy, Hogan Lovells

Consumerization is inevitable and those that ignore it now are destined for sleepless nights.  For most of us, we’re already living it -- whether we know it or not.  In this session, we’ll explore the evolving security landscape and how consumerization is playing a major role going forward.

The Future of Risk Management

Risk, opportunity and reward are critical to business success. Every CEO, CFO and COO knows that. If that's so, why don't we see robust risk management programs? When will see them? What will they look like? In this session, we’ll take a look at a forward looking model to create a robust program.