This presentation will share some candid thoughts resulting from nearly 15 years practicing information security, focusing on the way modern security leaders think, process information, and solve problems. It will cover strategies that work, don't work, and ideas for evolving the state of any information security program in step with emerging trends.

Speaker Bio
Joel Scambray is co-founder and CEO of Consciere, provider of strategic security advisory services. He has assisted companies ranging from newly minted startups to members of the Fortune 50 address information security challenges and opportunities for over a dozen years.

Joel's background includes roles as an executive, technical consultant, and entrepreneur. He has been a Senior Director at Microsoft Corporation, where he led Microsoft's online services security efforts for three years before joining the Windows platform and services division to focus on security technology architecture. Joel also co-founded security software and services startup Foundstone Inc. and helped lead it to acquisition by McAfee for $86M. In 2007, he helped lead US-based Leviathan Security from start-up to well-recognized boutique security consultancy. He previously held positions as a Manager for Ernst & Young, security columnist for Microsoft TechNet, Editor at Large for InfoWorld Magazine, and Director of IT for a major commercial real estate firm.
Joel is widely recognized as co-author of Hacking Exposed: Network Security Secrets & Solutions, the international best-selling computer security book that first appeared in 1999. He is also lead author of the Hacking Exposed: Windows and Hacking Exposed: Web Applications series.

Joel brings deep experience in technology, IT operations security, and consulting to clients ranging from small startups to the world's largest enterprises. He has spoken widely on information security at forums including Black Hat, I-4, and The Asia Europe Meeting (ASEM), as well as organizations including IANS, CERT, The Computer Security Institute (CSI), ISSA, ISACA, SANS, private corporations, and government agencies such as the Korean Information Security Agency (KISA), FBI, and the RCMP.
Joel holds a BS from the University of California at Davis, a MA from UCLA, and he is a Certified Information Systems Security Professional (CISSP).

Presented by: Joel Scambray, CEO, Consciere, & Co-Author, "Hacking Exposed"

The war on battling vulnerabilities has become a daunting process over the years including the record high exploits released in 2009 in addition to meeting regulatory compliances such as PCI. This presentation illustrates methodologies, best practices and visualizations on implementing a distributed vulnerability management program. The goal of this talk is to educate one on the latest automated techniques for delegating and managing the greatest threat to corporate networks today – known vulnerabilities. This demonstration is using PCI requirements as a model example.
The audience will leave the presentation with the following:
• Vulnerability & Exploits: A clear understanding of both threats and attacks and how subsets are measured by PCI.
• SMB Vulnerability Program: Examples of recommended vulnerability management practices for the small and medium business.
• Enterprise / MSSP Vulnerability Program: Taking the basics from the SMB vulnerability program and into implementation stages of Enterprise / MSSP architecture distributed environments.
• PCI Requirements – 5.x, 6.6, 11.x: Sample customer snap shots on how these specific requirements are being met with the tools and skill sets you have available.
• Expanding the Vulnerability Scanner: Identification of vulnerabilities is a small feature of the power of what a scanner can deliver. This section provides examples and reports for analyzing other relevant security / IT components on the network to get the most value from your technology. Examples include Content Scanning, Web Application Assessments, Software Inventory, Phishing Assessments, Social Engineering and more.

Presented By: SAINT

Everyone is subject to regulatory compliance. Regulations requiring organizations to protect personally identifying information and other sensitive information are pervasive. Some industries, like health care, have very restrictive mandates and serious penalties. Beginning with SB 1386, organizations doing business with California residents are required to protect PII.

In this session, we will help you organize your thinking about the regulations to which your organization is subject. We will help you understand how to win internal support to bolster compliance efforts. We will then deal with the practical steps and best practices for achieving compliance. We will survey manual and automated approaches to performing a risk assessment, remediating shortcomings, and monitoring compliance on a regular basis.

Presented By: The Vantage Group

Misguided efforts, poor prioritization, obsessive paranoia and outright lies from self proclaimed "experts" can create a toxic soup of trouble derailing your information security and compliance efforts. In this presentation, 15-year information security veteran Andrew Plato will discuss common mistakes, missteps and myths that can lead to bad decisions, insecure systems and unintended consequences. Plato will also show how to do things the right way, and become a Superhero for your IT team.
Topics include
Immature technologies to avoid
Compliance myths
Lies vendors tell
Which battles are worth fighting
Why exotic threats and complex attacks present little practical risk

Presented By: Anitian Enterprise Security

Sensitive information such as intellectual property, trade secrets, financial records, personal data and customer credit card information are some of the most important assets to enterprise organizations. Yet, while most organizations adequately protect against external threats - they lack a strategy for understanding, managing, and protecting information assets from leaving their organization. Data Loss Prevention is a term that refers to systems that identify, monitor and protect data that is (a) in Use, (b) In Motion and (c) at Rest. The system is designed to detect and prevent unauthorized use and unauthorized transmission of confidential information. So, how do companies enforce better business practices in the handling of sensitive data? By taking a holistic approach that ensures robust data lifecycle management and validation of expected data inventories using data discovery in preparation for a successful DLP product installation. Join us as we address the following topics and more: Are you confident that your employees are following company policies and procedures? How are you ensuring that your corporate assets are being protected against both internal and external threats? What would it cost you if an employee lost one laptop

Presented By: Accuvant

Details of this presentation will be announced soon.

Presented By: McAfee

Nexus will present on the prevailing technologies that enterprise IT environments will need to consider when taking their “Silo Infrastructure” to a “Cloud”. Companies will face many challenges when taking the journey to cloud computing and will need to consider consolidation of data center footprint and the collapsing of connectivity. Nexus will discuss the ways, technologies and expertise that we can bring to bear while working with customers to create their individual reference architectures. There are many related IT operations like; virtualization, security, backups, disaster recovery, replication, compliance and application business continuance that Nexus can assist their customers in addressing as they build out their business plan for their future & cloud prepared IT environments.

Presented By: Nexus IS

While virtualization is a game-changing technology, it also introduces complexity. Don't let this complexity stand in your way. Learn what steps you can take today to successfully migrate towards the virtual data center of tomorrow.

Come away with actionable tips on how to:

• Build an end-to-end architecture for your data center—from the business application platform to the networks and disk that support those applications
• Discern which new trends and technologies are here to stay (and which are not!) and what factors you should examine as you develop your data center strategy
• Evolve (at your own pace!) towards a dynamic virtual data center: consolidated servers; consolidated, optimized storage; virtualized servers, storage, and networks; on-demand architecture; converged networks
• Simplify the deployment and management of IT infrastructure and applications, with decreased costs, improved utilization, increased business agility, and reduced risk

Presented By: Datalink

Many states are now requiring that all organizations to make “Enhanced “911 service available to all”. What does this mean to an organization that just deployed Voice Over IP with Unified Communications? How does this affect both the technical and legal ramifications behind E911 compliance? This discussion explores current and pending legislation in California, and other States, and how to protect against the explosion of litigation surrounding Enhanced 911 services.

Presented By: FusionStorm

In today’s corporate environment there are many threats and regulations organizations are confronted with. During the RSA track “Addressing Enterprise Compliance Needs” you will learn how RSA assists their clients with understanding their risk exposures, how to correlate a vast amount of data into meaningful information which then can be leveraged to align Business Policies with Information Control

Presented By: RSA

In the current economic climate, organizations in virtually every industry sector must tighten their belts and do more with less. Nowhere is this pain felt more acutely than in IT departments, where capital budgets are coming under closer scrutiny than ever before. Regardless of economic conditions, IT directors must still protect critical network assets from continually evolving threats, comply with an increasing number of regulatory mandates, and support and maintain emerging technology solutions. Historically, organizations have invested in many point solutions in an attempt to mitigate specific IT risks. Some adopted first-generation Security Intelligence offerings that integrated log, threat, and compliance management solutions. But many found them expensive and complex to deploy and operate. Moving forward, organizations need to look at ways to capitalize on their existing investments and integrate the value from the information that these solutions already provide. This presentation examines the following challenges: • Eliminating cost and complexity of first-generation Security Intelligence products • Improving operational efficiency while lowering overall costs • Optimizing efficiency of IT staff • Reducing financial risk from network security breaches • Supporting future growth • Extracting real value, immediate benefits and a rapid return on investment”

Presented By: Q1 Labs

Network security attacks can devastate an organization by crippling systems, stopping productivity and causing the company to pay extreme fines if confidential information is pilfered. Prepare to discuss social networks, botnets, data loss prevention plus other malicious wild things, and how to keep your valuable employees, systems and data safe.

Presented By: WatchGuard Technologies

Application exploit are on the rise. And yet industry experts are reporting that most organizations are still not adequately keeping up with security patches for their operating systems, much less their applications. One of the most effective ways to protect against application exploits is to implement security patches within 48 hours of release across your entire organization. Sound impossible? Join us for this discussion on patch management best practices, industry benchmarks, recent analyst reports, and ROI metrics to help "sell" the project to upper management. We'll also explore some of the pitfalls that may be preventing you from achieving your patch management and application security goals.

Presented By: BigFix

Today's enterprise is taking advantage of a number of key technologies to drive their collaboration and communications strategies. Adoption of new technologies like Cloud computing, Telepresence and Web based collaboration enable business to be much more efficient than ever before with the network playing an increasingly important role. Not simply a matter of "bigger pipes", the network needs to deliver an enhanced "Quality of Experience" for the enterprise to realize the true business advantage. Couple that with the demand for additional security solutions, the network is more and more critical to the Enterprise data needs. When the application is enabled by the network, the result is an empowered employee driving efficiencies around the business and getting the needed results for the enterprise.

Presented By: tw telecom

For Organizations looking to substantially reduce the cost of litigation and gain control over vast amounts of circulating, unstructured content– there’s eDiscovery. This session will address how to take control of litigation, file collection, file processing, and most importantly… how to gain wisdom, knowledge and profitability from the expansion of collected data. The discussion will be aimed at security professionals, those concerned with the ever changing regulations and those that want control over their own data.

Presented By: FusionStorm

Achieving the benefits promised by VMware data center virtualization requires choosing the right storage solution. In this presentation we will review the various storage options available and discuss why NFS shared storage is a better choice than the conventional wisdom of using a Fibre Channel (FC) or iSCSI SAN. We will also debunk persistent myths that may deter you from considering NFS for your VMware deployment.

Presented By: BlueArc