Session #3230 -Cloud Security: Securing Your Public Cloud Infrastructure
Tuesday, September 13, 2016 1:45 PM - 3:00 PM Increasingly, security professionals must be able to securely migrate workloads to cloud providers like AWS. However, properly securing IaaS platforms involves much more than simply migrating physical servers to virtual instances. Today's dev teams are building cloud-native applications using IaaS services and APIs into which host-based security tools and network scanners have little to no visibility. To successfully defend IaaS infrastructure, security teams need to understand the security implications of "infrastructure as code" and the importance of protecting the IaaS console and management plane. Speakers: Tim Prendergast, CISSP®, CEO, Evident.io Anthony Freed, Director of Corporate Communications, Evident.io Dave Lewis, CISSP®, Board of Directors, (ISC)² Adrian Sanabria, Senior Security Analyst, 451 Research
Session #2232 -Professional Development: Hiring, Building, and Retaining Top Security Talent
Monday, September 12, 2016 1:45 PM - 3:00 PM Recent studies show that there is a significant shortage of information security expertise in the industry today. This is becoming a significant challenge as most organizations are looking to expand their security staff in 2016. As demand for information security expertise pushes salaries higher, challenges emerge with recruiting and retaining the best people. This session will discuss the skills gap across the industry and discuss areas that managers should consider when developing their teams. We'll also cover how to creating a climate and culture that retains top talent, how to recruit new talent to build out your teams and creative ways to grow your own talent and build a pipeline of future information security gurus.
Speakers: Deidre Diamond, Founder and CEO, Cyber Security Network David Shearer, CEO, (ISC)² Kevin Flanagan, CISSP®, CISSP-ISSMP®, Director, North American Technical Consulting, RSA Anne Saita, Editor in Chief, (ISC)²
Session #4232 - Mobile: Malware Activity in Mobile Networks
Wednesday, September 14, 2016 1:45 PM - 2:45 PM This presentation explores the malware that is currently active on the mobile network. It will leverage infection data from network-based malware detection systems deployed in mobile carriers covering more than 100 million mobile devices around the globe. It starts with a review of real-world malware statistics for mobile devices, including the infection rate, the type of malware involved and the types of devices that are infected. It then provides an in-depth analysis of specific malware infections, including details on what the malware does, its command and control infrastructure, how it is monetized, the impact on the network and user, and a demonstration of the malware involved. Speaker: Kevin McNamee, CISSP®, Director, Nokia
Session #4235 - People Centric Security: Your Next CISO Should be a Lawyer
Wednesday, September 14, 2016 1:45 PM - 2:45 PM Chief information security officers have traditionally come from the IT sector and have a technical background. Occasionally, a CISO has come from the business side, which hasn't worked very well. Every year, more laws and regulations appear that affect cybersecurity. The traditional CISO simply is not equipped to understand, let alone apply them. One solution is to hire a law firm, but these are expensive and are reactive, not proactive. This presentation suggests a better approach is to name a lawyer as CISO. Lawyers, by training, tend to consider worst-case scenarios and therefore are in a unique position to establish a preventive approach. Speaker: Bruce deGrazia, CISSP®, Program Chair, University of Maryland University College
View all of the 2016 Sessions here!