2:45pmKEYNOTE: "Hacking Evolved: The New Cognitive Style of Information Security"

This presentation will share some candid thoughts resulting from nearly 15 years practicing information security, focusing on the way modern security leaders think, process information, and solve problems. It will cover strategies that work, don't work, and ideas for evolving the state of any information security  program in step with emerging trends.

Speaker Bio
Joel Scambray is co-founder and CEO of Consciere, provider of strategic security advisory services. He has assisted companies ranging from newly minted startups to members of the Fortune 50 address information security challenges and opportunities for over a dozen years.

Joel’s background includes roles as an executive, technical consultant, and entrepreneur. He has been a Senior Director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co-founded security software and services startup Foundstone Inc. and helped lead it to acquisition by McAfee for $86M. In 2007, he helped lead US-based Leviathan Security from start-up to well-recognized boutique security consultancy. He previously held positions as a Manager for Ernst & Young, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and Director of IT for a major commercial real estate firm.
Joel is widely recognized as co-author of Hacking Exposed: Network Security Secrets & Solutions, the international best-selling computer security book that first appeared in 1999. He is also lead author of the Hacking Exposed: Windows and Hacking Exposed: Web Applications series.

Joel brings deep experience in technology, IT operations security, and consulting to clients ranging from small startups to the world’s largest enterprises. He has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including IANS, CERT, The Computer Security Institute (CSI), ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP.
Joel holds a BS from the University of California at Davis, a MA from UCLA, and he is a Certified Information Systems Security Professional (CISSP).

Presented by: Joel Scambray, CEO, Consciere, & Co-Author, "Hacking Exposed"

9:30am Current Threats and Countermeasures - 2010

Securing the information assets of an enterprise has never been so important or so complicated. The past several years have seen a significant increase in the number of security threats and vulnerabilities and significant advancements in attack methodologies with new tools, techniques, and attack vectors being released on a weekly basis.

Join Accuvant for a lively, interactive discussion to review the latest in current vulnerabilities and tools for ensuring security. Through presentation and live demonstration, attendees will learn about the latest attacks, tools, and techniques employed by today’s hackers, as well as countermeasures that can help protect against these attacks.

Topics of discussion to include:

- Identity Theft
- Security Pitfalls of Social Networking
- Google Hacking
- Exploit & Attack Frameworks
- Physical Security (key bumping/RFID cloning)
- Ideas & Resources for Combating Vulnerabilities

Presented by: Accuvant

10:20am 10 Technology Trends You Can't Ignore for 2010-2012

• Virtualization
• Data Deluge
• Energy & Green IT
• Consumerization
• & Social Networks
• Unified Communications
• Complex Resource Tracking
• Mobile & Wireless
• System Density
• Mashups & Portals
• Cloud Computing

Presented by: Xiologix

11:10am Worst. Security. Ever.

Misguided efforts, poor prioritization, obsessive paranoia and outright lies from self proclaimed "experts" can create a toxic soup of trouble derailing your information security and compliance efforts. In this presentation, 15-year information security veteran Andrew Plato will discuss common mistakes, missteps and myths that can lead to bad decisions, insecure systems and unintended consequences. Plato will also show how to do things the right way, and become a Superhero for your IT team.

Presented by: Anitian Enterprise Security

1:00pm Optimizing for Virtual Machine Recovery

Virtual machine technology provides opportunities to optimize data and application recovery operations, but there are little known pitfalls every administrator should know about as they plan their backup and DR strategies.  This presentation will review those pitfalls and discuss solution options.

Presented by: InMage Systems

1:50pm Implementing a Vulnerability Management Program

The war on battling vulnerabilities has become a daunting process over the years including the record high exploits released in 2009 in addition to meeting regulatory compliances such as PCI. This presentation illustrates methodologies, best practices and visualizations on implementing a distributed vulnerability management program. The goal of this talk is to educate one on the latest automated techniques for delegating and managing the greatest threat to corporate networks today – known vulnerabilities. This demonstration is using PCI requirements as a model example.
The audience will leave the presentation with the following:
• Vulnerability & Exploits: A clear understanding of both threats and attacks and how subsets are measured by PCI.
• SMB Vulnerability Program: Examples of recommended vulnerability management practices for the small and medium business.
• Enterprise / MSSP Vulnerability Program: Taking the basics from the SMB vulnerability program and into implementation stages of Enterprise / MSSP architecture distributed environments.
• PCI Requirements – 5.x, 6.6, 11.x: Sample customer snap shots on how these specific requirements are being met with the tools and skill sets you have available.
• Expanding the Vulnerability Scanner: Identification of vulnerabilities is a small feature of the power of what a scanner can deliver. This section provides examples and reports for analyzing other relevant security / IT components on the network to get the most value from your technology. Examples include Content Scanning, Web Application Assessments, Software Inventory, Phishing Assessments, Social Engineering and more.

Presented by: SAINT Corporation

9:30am Making Wi-Fi Suck Less

• An education on the recently ratified 300 Mbps 802.11n WiFi technology.
• Where the puck is going regarding WiFi in the enterprise.
• Share a number of interesting use-cases for WiFi.
• A brief overview of the Ruckus ZoneFlex indoor/outdoor 802.11ngba dual-band enterprise WiFi solution.
  Presented by: Tice Electric
  

10:20am Accelerate Your Journey to the Full Virtualized Data Center

Virtualization has changed the game in the data center. It enables organizations to increase utilization, deploy applications faster, and reduce energy consumption – but most of all save money. While the benefits of virtualization are clear, the longer term journey toward a fully virtualized data center and beyond has remained less clear – until now.

VMware, Cisco and EMC have created a joint vision for the future of IT – one that combines a fully virtualized data center with external cloud computing resources to deliver what is being called a ‘private cloud’. As an EMC Velocity partner, FusionStorm can give you access to this new approach and help you formulate a longer-term virtualization strategy.

Attend this exclusive event and learn how to:

• Deploy virtualization across your network, infrastructure and applications to provide the maximum return on your technology investment

• Leverage virtualization to turn your IT infrastructure into a low-cost, high performing, and flexible service

• Develop a secure environment that allows your data and applications to travel between the virtualized data center and the external cloud to reduce costs and leverage a shared resource model

• Understand which resources should be provisioned in the virtualized data center vs. the external cloud

Presented by: FusionStorm

11:10am Continued from 10:20am : Accelerate Your Journey to the Full Virtualized Center

Virtualization has changed the game in the data center. It enables organizations to increase utilization, deploy applications faster, and reduce energy consumption – but most of all save money. While the benefits of virtualization are clear, the longer term journey toward a fully virtualized data center and beyond has remained less clear – until now.

VMware, Cisco and EMC have created a joint vision for the future of IT – one that combines a fully virtualized data center with external cloud computing resources to deliver what is being called a ‘private cloud’. As an EMC Velocity partner, FusionStorm can give you access to this new approach and help you formulate a longer-term virtualization strategy.

Attend this exclusive event and learn how to:

• Deploy virtualization across your network, infrastructure and applications to provide the maximum return on your technology investment

• Leverage virtualization to turn your IT infrastructure into a low-cost, high performing, and flexible service

• Develop a secure environment that allows your data and applications to travel between the virtualized data center and the external cloud to reduce costs and leverage a shared resource model

• Understand which resources should be provisioned in the virtualized data center vs. the external cloud

Presented by: FusionStorm

1:00pm Planning Your Defense Against The Top Security Threats

Network security attacks can devastate an organization by crippling systems, stopping productivity and causing the company to pay extreme fines if confidential information is pilfered.  Prepare to discuss social networks, botnets, data loss prevention plus other malicious wild things, and how to keep your valuable employees, systems and data safe.

Presented by: Watchguard Technologies

1:50pm Practically Virtual: Virtual Desktop Technology & How to Plan for Deployment

IVOXY Consulting, the Northwest's premier data availability consultancy, will be presenting an overview of desktop virtualization technology and deployment strategies. Alec Taylor, a senior consultant with IVOXY, will discuss virtual desktop technologies that speed deployment and blur the line between the physical and virtual end-user experience. He will share sample use-case requirements, proofs-of-concept, common misconceptions and pitfalls, planning and project strategies. Attendees will be taken-through a real-world virtual desktop assessment, planning, design and best-practices project. IVOXY will share their experience in how to build a successful virtual desktop deployment. Attendees will be given electronic copies of IVOXY's "Building Success Into the Virtual Desktop" best-practices guide.

Presented by: IVOXY Consulting

9:30am Demystifying the Cloud –Building Infrastructure as a Service (IaaS)

An introductory overview of building an internal or private cloud computing platform that incorporates a holistic virtualized “Infrastructure as a Service (Iaas)”
With years of experience in building some of the largest private cloud architectures, INX’s Al Kari will outline concepts and technologies that enabled the evolution of cloud computing and an overall industry roadmap, as well as a consolidated approach to the basic building blocks and components in the virtual IT infrastructure, including Next Generation Server Platforms, Hypervisors Software, 10GB Unified Fabric Networking Interconnect and a Shared Storage Backend.
At the end of this presentation, participants will walk away with an understanding of what cloud computing is, what it does and what options are available today for an IT environment of any size to move forward with a cloud/virtualization initiative to take advantage of this service model’s financial, management and operational benefits.

Presented by: INX

10:20am Patch Management : The Foundation of Application Security

Application exploit are on the rise. And yet industry experts are reporting that most organizations are still not adequately keeping up with security patches for their operating systems, much less their applications. One of the most effective ways to protect against application exploits is to implement security patches within 48 hours of release across your entire organization. Sound impossible? Join us for this discussion on patch management best practices, industry benchmarks, recent analyst reports, and ROI metrics to help "sell" the project to upper management. We'll also explore some of the pitfalls that may be preventing you from achieving your patch management and application security goals.

Presented by: Accuvant, Inc & BigFix

11:10am An Introduction to Storage Economics - Enabling Economically Superior Storage Architecture

Understanding all of the costs associated with storage allows us to develop a baseline for Total Cost of Ownership (TCO), per Terabyte, per year.  Then we can apply technology, process and procedure to reduce the TCO per Terabyte per year, delivering an Economically Superior Storage Architecture.

Presented by: Structured

1:00pm Why Virtualization Doesn't Work - How can you ensure that it will for you?

Successful Virtual Desktops and Virtual Infrastructure Deployments Have Something In Common - Unified Storage!  A discussion on the best practices for unified storage in a virtual infrastructure.

Presented by: IVOXY Consulting

1:50pm Unlock the Power of the Dynamic Web

Dynamic, interactive Web 2.0 technologies have transformed the Web into a core business application platform.  However, along with Web 2.0 comes new risk.  Social networking applications are in high demand, but contain a mix of valuable, inappropriate, and even dangerous content that cannot be handled by traditional URL filtering solutions.  Advanced threats like Aurora easily circumvent antivirus solutions.  Interactive Web applications like Web mail, blogs, and social networking dramatically increase the risk of confidential data loss.   In this session, we will analyze these Web security challenges and others like them.  Then, using detailed examples and case studies, we will show how Secure Web Gateway technologies can be used to implement security best practices that enable broad business use of the dynamic Web – without the risk.

Presented by: Accuvant, Inc & Websense

9:30am The Strategic Data Center: Best Practices in Considering Colocation as an Option, and The Selection of Potential Providers

Owing to the relative abundance of data center services and providers, and the clever use of marketing, data center services have come to be largely viewed as a commoditized resource by the IT marketplace.
This presentation makes the argument that data centers are not a commodity, and in fact should be considered as a strategic resource for virtually any IT organization, because the choice of data center and colocation provider has the potential for the greatest impact (either positive or negative) to the platforms  and applications hosted in the data center.

To that end, the presentation goes on to examine best practices in the procurement of strategic data center resources, from the standpoint of colocation and provider evaluation.

Topics:
Introduction
What You Need to Know
Contract
Understanding the relationship of power to space
Understanding Your Power Requirements
Putting the ‘Tier System’ into context
Vendor Evaluation
Lifecycle Strategy
Maintenance Best Practices
Understanding General Maintenance-Window Management
Contract Negotiation
Hidden Charges
Best Practices for Power and Cooling Service Level Agreements (SLAs)

Presented by: FORTRUST

10:20am Virtual Desktop & Application Delivery Strategies

This presentation will discuss the various business drivers and considerations organizations should be aware and why desktop virtualization is the ideal technology to improve efficiency and minimize security threats.  Grant Asplund, Executive Director, Business Development for Structured will present the market drivers and conditions, key considerations, real savings experienced by actual users of desktop virtualization and how you can get started realizing the benefits of deploying desktop virtualization.

Presented by: Structured

11:10am Maximizing Enterprise Communications Design to Support BC/DR

The session will compare networking alternatives ranging from private line, Ethernet, to private MPLS solutions to help you evaluate which is best for your WAN design to maximize BC/DR for your business.  Explore the many alternatives available today to meet your specific application needs and business goals; and what businesses can do with current network infrastructure to better support their business needs today and into the future.  We will discuss a variety of ways to better utilize budget dollars and design options for the future.  We will present a case study showing how clients can move from traditional network infrastructure to a fully integrated network in the local area and across the country.  You will leave this session better knowing how to create the network infrastructure needed to support today's complex data applications for BC/DR.

Presented by: tw telecom

1:00pm Right Sizing Data De-Duplication Technology

The next evolutionary step in backup technology has widely been regarded to be deduplication. The benefits are tangible and extremely practical: eliminating duplicate data in secondary storage archives can slash costs, streamline management tasks and minimize the bandwidth required to replicate data. In short, deduplication improves efficiency and saves money.

Each vendor lays claim to having the best approach to data deduplication, leaving customers to determine which factors are most important to their business. Companies must consider a number of key factors in order to select a data deduplication solution that actually delivers cost-effective, high-performance and scalable long-term data storage.

In this technical session we hope to assist customers with this task by showing them how to:

1.            Address the Principal Issue
2.            Assimilation with current environments
3.            Capacity planning
4.            Assess vendor capabilities
5.            Impacts on performance and scalability

Presented by: Xiologix

1:50pm Next-Gen Security Intelligence : Real Value, Immediate Benefits, Rapid ROI

In the current economic climate, organizations in virtually every industry sector must tighten their belts and do more with less. Nowhere is this pain felt more acutely than in IT departments, where capital budgets are coming under closer scrutiny than ever before. Regardless of economic conditions, IT directors must still protect critical network assets from continually evolving threats, comply with an increasing number of regulatory mandates, and support and maintain emerging technology solutions.

Historically, organizations have invested in many point solutions in an attempt to mitigate specific IT risks. Some adopted first-generation Security Intelligence offerings that integrated log, threat, and compliance management solutions. But many found them expensive and complex to deploy and operate. Moving forward, organizations need to look at ways to capitalize on their existing investments and integrate the value from the information that these solutions already provide.

This presentation examines the following challenges:
• Eliminating cost and complexity of first-generation Security Intelligence products
• Improving operational efficiency while lowering overall costs
• Optimizing efficiency of IT staff
• Reducing financial risk from network security breaches
• Supporting future growth
• Extracting real value, immediate benefits and a rapid return on investment

Presented by: Q1 Labs