CCi5 is honored to present "Watching the Watchers"; this updated eye-opening presentation is primarily told from the intruder’s perspective, providing a state-of-the-union style examination of the challenges facing IT Security today. Topics covered include risk reduction, policy implementation, systems configuration and other areas of interest that should appeal to both the technical audience as well as the executive leadership.The presentation has been built to provide an understanding of both technical considerations as well as the business, fiduciary and legal responsibility within organizations. We will review several topics including business awareness to the security climate in today’s world, accountability within an organization for the actions of Information Security practices and understanding the technical and theoretical path that the intruders are taking in the future and other.Risk reduction will be introduced throughout the discussion as the barometer many organizations use to gauge the initiatives that are undertaken as part of an Information Security program. We will look to assess the impact of both technical and policy based solutions giving examples, as well as case studies and real world examples of where ideas have both worked and fallen on the rocks.We will touch upon regulatory with the aim being is to provide an oversight into the main initiatives companies are facing today. We will be discussing both the theory as well as practical applications of both technical and policy based solutions that businesses are challenged with implementing. As with both risk and regulatory sections of the presentation, the goal is to provide insight into the potential business impact of security within the enterprise through examples and case studies.We will examine how foreign governments, organized crime, motivated computer hackers and competitors are just a small fraction of the threats facing companies today and we will review what is being done to try and combat this offensive both domestically as well as within the greater global community.

Speaker Bio
Chris Roberts, co-founder and president of CCi5, heads a team of cyber security professionals specializing in assessment and forensic investigation. He brings a wealth of knowledge, technical expertise, leadership and analytical skills gained from seventeen years experience in information technology. With a focus on information security, his professional experience includes roles as Information Security Officer and Director of Engineering and Architecture for a large retail firm, CTO and Technical Architect for a counterintelligence firm and leader of IT Security Architecture Project Management for a major international retailer. Mr. Roberts’ background in security assessment and vulnerability testing includes penetration testing, compromise investigation, analysis and documentation. He has developed and implemented company-wide information security awareness programs and frequently speaks and gives presentations on topical security issues. He is an active member of the Systems Administration and Network Security (SANS) organization and an active participant in the Open Web Application Security Project (OWASP) community. He currently serves as a member of ISSC and as a FBI business liaison. His credentials include: CISSP, CCIE and MCT. Chris was educated in the United Kingdom.

Presented by: Chris Roberts, CEO & Founder, CCi5 Inc.

Application security tops the list of concerns for many corporate security programs. With multiple solutions available in the market and each vendor touting that their solution(s) identifies all of the vulnerabilities under the sun, executives and security personnel are left confused about which solution will meet the needs of their security program and ensure the security of the data these applications interact with.

This talk will discuss the major application vulnerability classes and testing solutions that are designed to identify those issues, from static code analysis, to black-box vulnerability scanners, to comprehensive gray-box analysis, and from configuration vulnerabilities to programming errors to logic vulnerabilities. Included will be an in-depth dialogue on web application vulnerabilities and the capabilities of the various tools, methodologies and solutions to identify those vulnerabilities; ranging from ones that are easily identifiable, those that are difficult to uncover, to the culprits that will never surface through certain testing processes.

Presented by: Accuvant

The war on battling vulnerabilities has become a daunting process over the years including the record high exploits released in 2008. This presentation illustrates how attackers are automating the process of launching exploits to compromise workstations, servers, network devices and telephones. Live demonstrations of the latest exploits, attack methods, and most popular target devices will be included. This session will educate attendees on the latest techniques while also providing visualization on how IT Managers can perform their own penetration testing on any system/device.

This presentation will also address the following:

• Remote Attacks
• Email Harvesting & Trojan Attacks
• Phone Spoofing, PBX and Phone Cracks
• Content Scanning
• Voice Morphing & Recording
• Analysis & Best Practices for Combating Threats

Presented By: SAINT Corporation

Download Presentation

Many customers have moved down the virtualization path in pursuit of consolidation opportunities. Most have not matured their environments to deal with these new challenges. Learn how to automate, standardize move to a business ready model. Transcending consolidation to now dealing with VM sprawl, lack of end-to-end utilization visibility, systems continuity assurance, and lack of compliance and risk mitigation.

• Virtualization maturity defined
• Dealing with spiraling service complexity and changes
• Splintered visibility across technology domains requiring specialized knowledge
• Limited policies or standardization

Presented By: Hewlett Packard / Lewan & Associates

Download Presentation

Cybercrime is increasingly sophisticated as cybercriminals become increasingly linked to organized crime, generating large amounts of illicit revenues. The days of high profile outbreaks and massive network worms have given way to stealthy, sophisticated blended attacks that steak data to be used for profit. Cybercrime is a multi-billion dollar industry that isn’t slowing down because of the global economy. In this session, Trend Micro will explain the new techniques used by cybercriminals, profile some of the more recent attacks like Conficker and finally explain how in-the-cloud protection networks can help fight these criminals.

Presented By: Trend Micro

You know you need it. You know they need. How do you make them know they need it? Come hear Paul Herbka, a lively and entertaining presenter, share how to increase security in your personal and professional lives and reduce your overall risk of identity theft.

Free or inexpensive! Those are great words to describe the types of methods, tools, tips and products that will be shared to help you gain end-user understanding and use of security awareness in the workplace.

Identity Theft: Truth and Consequences - Learn the truth behind identity theft, what works, and what doesn’t. Come hear stories, learn ways to reduce your risk, and get the truth about all the marketing hype from someone who was a victim. Bring your questions to this information-packed presentation. Let’s have fun!

Presented By: Information Systems Security Association - Denver Chapter

Download Presentation

This session will discuss deduplication technology as applied in today’s enterprise backup environment. Areas to consider when making the transition from legacy backup solutions to next generation deduplication solutions are presented, as well as the pitfalls to avoid. Key ROI areas that drive realized time and cost benefits are detailed. Hardware based solutions are contrasted with software based, hardware agnostics, solutions and their respective impact on data lifecycle management. This session will have particular emphasis on the advantages of next generation software-based deduplication solutions. Real-world case studies are offered to illustrate deployments and realized results.

Presented By: dataStor

Today companies must find ways to achieve business priorities, while cutting costs and doing more with existing staff. That means the value of IT must be strategic and flexible to give their company the business agility to take advantage of new priorities and opportunities as rapid change occurs. This presentation will address how the different approaches to Desktop delivery make IT more strategic and flexible. Attendees of this session will learn about different industries that have implemented a variety of Desktop delivery methods including: VDI, terminal services, hosted desktops, Desktop OS, Application Streaming and BYOC. These solutions have helped companies achieve such business priorities as: Reducing non-essential spends; addressing IT security and BC initiatives; flexible IT to support business changes; and Leveraging the Cloud while reaping Green IT benefits.

Presented By: Citrix Systems

Details of this presentation will be announced soon.

Presented By: TBA

Discussion will focus on why application security is such an urgent and pervasive problem. The key issues will be outlined preventing most IT executives from moving forward with their application security programs even though they know they need to do more. In addition, a maturity model will be shared that provides a step by step guide for building an application security program while demonstrating how to overcome the most common challenges like too few experts, shrinking budgets, a burgeoning number of web applications, and the need for a quick return on investment.

• Provide common security policy definitions
• Automate security testing
• Centralized permissions control and web access to security information

Presented By: Hewlett Packard / Lewan & Associates

Deduplication technology has changed the economics of storage to help you build a reliable, efficient, and cost-effective data protection architecture. Enterprises of all sizes are using deduplication storage to reduce backup costs and simplify data recovery.

In this presentation, attendees will learn various ways they can leverage the power of deduplication in their environment. Among the possible applications to be discussed are:

• Backup and Recovery (by application or by environment)
• Disaster Recovery
• Tape Consolidation
• Remote Site Replication
• Archiving & Compliance

Presented By: Data Domain

Network security attacks can devastate an organization by crippling systems, stopping productivity and causing the company to pay extreme fines if confidential information is pilfered. Prepare to discuss social networks, botnets, data loss prevention plus other malicious wild things, and how to keep your valuable employees, systems and data safe.

Presented By: WatchGuard Technologies

Application exploit are on the rise. And yet industry experts are reporting that most organizations are still not adequately keeping up with security patches for their operating systems, much less their applications. One of the most effective ways to protect against application exploits is to implement security patches within 48 hours of release across your entire organization. Sound impossible? Join us for this discussion on patch management best practices, industry benchmarks, recent analyst reports, and ROI metrics to help "sell" the project to upper management. We'll also explore some of the pitfalls that may be preventing you from achieving your patch management and application security goals.

Presented By: BigFix

Today's enterprise is taking advantage of a number of key technologies to drive their collaboration and communications strategies. Adoption of new technologies like Cloud computing, Telepresence and Web based collaboration enable business to be much more efficient than ever before with the network playing an increasingly important role. Not simply a matter of "bigger pipes", the network needs to deliver an enhanced "Quality of Experience" for the enterprise to realize the true business advantage. Couple that with the demand for additional security solutions, the network is more and more critical to the Enterprise data needs. When the application is enabled by the network, the result is an empowered employee driving efficiencies around the business and getting the needed results for the enterprise.

Presented By: tw telecom

For Organizations looking to substantially reduce the cost of litigation and gain control over vast amounts of circulating, unstructured content– there’s eDiscovery. This session will address how to take control of litigation, file collection, file processing, and most importantly… how to gain wisdom, knowledge and profitability from the expansion of collected data. The discussion will be aimed at security professionals, those concerned with the ever changing regulations and those that want control over their own data.

Presented By: FusionStorm

Achieving the benefits promised by VMware data center virtualization requires choosing the right storage solution. In this presentation we will review the various storage options available and discuss why NFS shared storage is a better choice than the conventional wisdom of using a Fibre Channel (FC) or iSCSI SAN. We will also debunk persistent myths that may deter you from considering NFS for your VMware deployment.

Presented By: BlueArc