|
SC Congress New York 2011
Program
Nov. 16, 2011
Metropolitan Pavilion, New York City
|
| 8:30 a.m. - 9:30 a.m. |
Registration |
| 9:30 a.m. - 10:10 a.m. |
Session 1: 2011 - The year of the breach
Hear a panel of security experts discuss from headline experience best practices in proactive risk management to stay ahead of what is increasingly an asymmetric threat.
Moderator: Illena Armstrong, editor-in-chief, SC Magazine
- Gene Fredriksen, global Information security officer, Tyco
- Pedro Cordero, assistant section Chief, cyber Division, FBI
- Jeffrey Brown, global program manager, GE Capital
|
| 10:15 a.m. - 10:55 a.m. |
Session 2: Running on empty
As cliché as it sounds, doing more with less has become a reality. So in an industry where risk is never completely mitigated, trained professionals are increasingly harder to find and budgets are becoming more sparse each quarter - what do you do to survive?
Moderator: Dan Kaplan, executive editor, SC Magazine
- Mark Clancey, CISO, Depository Trust & Clearing Corporation (DTCC)
- Andrew Stravitz, director of information security, Barnes & Noble.com
- Stan Trepetin, VP Information Security, HSBC
|
| 11:00 a.m. - 12:00 p.m. |
Exhibit floor opens - coffee served |
| 12:00 p.m. - 1:00 p.m. |
Keynote lunch: The new cybersecurity domain:
Your worst day is a quiet day
Interactive discussion about what you don't know you don't know, and why answering this powerful question is critical to the evolution of your organization and your role in the executive suite. Dialogue will focus on moving your organization and practices from one designed around a reactionary services to one that is proactive and preemptive allowing you to answer: Today I enabled the business by.....
Moderator: Eric Green, program director, SC World Congress
- Rich Baich, principal, Deloitte & Touche LLP
- Dan Srebnick, associate commissioner, New York City Department of Information Technology and Telecommunications; & NYC chief information security officer
|
| 1:00 p.m. -1:30p.m. |
Sponsored sessions: Three tracks |
| |
Track 1
How to secure a moving target
We explore the fundamental failings of endpoint security that continue to turn most internet users (corporate and private) into easy prey for cybercriminals. Data from 3.0 million users of Secunia PSI provide a unique insight into the dynamics and exposure of endpoint systems.
- Stefan Frei, research analyst director, Secunia
|
Track 2
Bypassing IPS devices with advanced evasion techniques
Recent security breaches have made headlines - from RSA to NASDAQ to Google - leaving many organizations wondering if they will be next. One new way of attacking networks is advanced evasion techniques (AETs), which combine new methods of disguise with already-known evasion techniques and can circumvent virtually any network security solution. The number of AETs and their possible combinations are almost limitless, so they can easily bypass even cutting-edge IPS technologies. Is your IPS solution vulnerable? Join Stonesoft for this presentation and live demo session to find out.
- Kim Lassila, senior solutions architect, Stonesoft
|
Track 3
Cloud storage's hazy security lining
Cloud storage is emerging as a popular option for consumers to backup, archive and access digital goods in the workplace, thanks to brand-name tech firms that have entered the business. However, it is crucial for companies to formulate strategies to keep personal and confidential corporate information secure. This session will look at security challenges associated with cloud storage and how an enterprise can protect data with flexible encryption
- David Schwartzberg, Sr. Security Engineer, Sophos
|
| 1:30 p.m. - 2:10 p.m. |
Session 3: Consumerizing, mobilizing and policyizing your workforce
Life was easy when it was just BlackBerry on the network as smartphones. iPhone and Android devices have changed all of that - and brought a good deal of risk with them. Best practices in rolling out a mobile strategy will be discussed, such as: Who needs to be part of the discussions to help map out requirements? How can you address the risk of personal smartphones on your network? What are the real risks of applications? How widespread are uses of the devices in enterprises?
Moderator: Greg Masters, managing editor, SC Magazine
- Linda Cooper Angles, corporate information security & governance officer, Guardian Life Insurance
- Lt. Col. Matthew Dosmann, U.S. Army's Mobile Electronic Device Working Group
- Michael Scovetta, director of advanced technology, CBS Corp.
|
| 2:10 p.m. - 2:30 p.m. |
Coffee break on expo floor |
| 2:30 p.m. - 3:10 p.m. |
Keynote:The evolution of cyber threats and
public policy to address them
In the past two years, we have seen a paradigmatic shift in the nature of the cyber threats industry is facing. We are now well beyond the days of hackers, breaches and perimeter defense. Today, the sort of ultra-sophisticated, multidimensional attacks that were confined to governments and the defense industrial base just a few years ago are in evidence far more broadly. Modern attacks are well organized, well funded, very sophisticated and probably state-supported. Attackers will successfully compromise any system they target. This does not mean we have no defense, but that we need to rethink defense - both at an enterprise and government level. Some enterprises and some policy-makers are realizing this advanced threat will require a new, more collaborative and incentive-based approach to cyber defense. However, some are, unfortunately, clinging to outdated models that could do more harm than good.
Moderator: Illena Armstrong, editor-in-chief, SC Magazine
- Larry Clinton, president, Internet Security Alliance (ISA)
|
3:15 p.m. -
3:55 p.m. |
Sponsored session:
|
| |
Track 1
Dealing with the dark side of social media and collaboration
It seems like everyone from the president downwards wants to make use of social media. However, traditional security measures are no match for today's modern social collaboration tools. Many legitimate applications use evasive techniques, such as port hopping, protocol tunneling and encryption. Aside from the obvious hazard of malware entering the network, many government departments are in danger of not monitoring what goes out. This session covers the risks of social technology and how to mitigate them.
- Joanna Belbey, social media and compliance specialist, Actiance
|
4:00 p.m. -
4:40 p.m. |
Session 4: Understanding the threat landscape and latest vectors of attack
Hear from a panel of public and private sector experts from the Multi-State ISAC (MS-ISAC) as to where they see the latest threats and vectors of attack based on a great deal of research and collaboration. At the same time, make yourself and your concerns and thoughts heard as the panel does live polling of the audience to create an even more interactive and productive session.
Moderator: Angela Moscaritolo, senior reporter, SC Magazine
- John Otero, assistant professor, St. John's University
- Ron Plesco, CEO, National Cyber-Forensics & Training Alliance
- Lena Smart, CSO, New York Power Authority
|
4:45 p.m. -
5:25 p.m. |
Keynote: Securing your security workforce:
Efficiency and knowledge in hiring smart
Finding the right pros for the right positions has become increasingly problematic in the security space. The National Initiative for Cybersecurity Education (NICE) is doing much research in this area to help define those roles. It is literally deconstructing the security workforce in order to help our educational institutions and CISOs in organizations and government agencies. This will go a long way in helping organizations understand what they need to recruit for - and organize the roles they have - but, NICE is all about the public/private partnership and is and will be looking for support and feedback.
Moderator: Eric Green, program director, SC World Congress
- Ernest L. McDuffie, lead for the National Initiative for Cybersecurity Education (NICE), United States Department of Commerce (DoC), National Institute of Standards and Technology (NIST)
|
| 5:30 p.m. - 6:30 p.m. |
Closing cocktail - expo floor |