CCi5 is honored to present "Watching the Watchers"; this updated eye-opening presentation is primarily told from the intruder’s perspective, providing a state-of-the-union style examination of the challenges facing IT Security today. Topics covered include risk reduction, policy implementation, systems configuration and other areas of interest that should appeal to both the technical audience as well as the executive leadership.The presentation has been built to provide an understanding of both technical considerations as well as the business, fiduciary and legal responsibility within organizations. We will review several topics including business awareness to the security climate in today’s world, accountability within an organization for the actions of Information Security practices and understanding the technical and theoretical path that the intruders are taking in the future and other.Risk reduction will be introduced throughout the discussion as the barometer many organizations use to gauge the initiatives that are undertaken as part of an Information Security program. We will look to assess the impact of both technical and policy based solutions giving examples, as well as case studies and real world examples of where ideas have both worked and fallen on the rocks.We will touch upon regulatory with the aim being is to provide an oversight into the main initiatives companies are facing today. We will be discussing both the theory as well as practical applications of both technical and policy based solutions that businesses are challenged with implementing. As with both risk and regulatory sections of the presentation, the goal is to provide insight into the potential business impact of security within the enterprise through examples and case studies.We will examine how foreign governments, organized crime, motivated computer hackers and competitors are just a small fraction of the threats facing companies today and we will review what is being done to try and combat this offensive both domestically as well as within the greater global community.

Speaker Bio
Chris Roberts, co-founder and president of CCi5, heads a team of cyber security professionals specializing in assessment and forensic investigation. He brings a wealth of knowledge, technical expertise, leadership and analytical skills gained from seventeen years experience in information technology. With a focus on information security, his professional experience includes roles as Information Security Officer and Director of Engineering and Architecture for a large retail firm, CTO and Technical Architect for a counterintelligence firm and leader of IT Security Architecture Project Management for a major international retailer. Mr. Roberts’ background in security assessment and vulnerability testing includes penetration testing, compromise investigation, analysis and documentation. He has developed and implemented company-wide information security awareness programs and frequently speaks and gives presentations on topical security issues. He is an active member of the Systems Administration and Network Security (SANS) organization and an active participant in the Open Web Application Security Project (OWASP) community. He currently serves as a member of ISSC and as a FBI business liaison. His credentials include: CISSP, CCIE and MCT. Chris was educated in the United Kingdom.

Presented by: Chris Roberts, CEO & Founder, CCi5 Inc.

Securing the information assets of an enterprise has never been so important or so complicated. The past several years have seen a significant increase in the number of security threats and vulnerabilities and significant advancements in attack methodologies with new tools, techniques, and attack vectors being released on a weekly basis. This lively, interactive discussion will review the latest in current vulnerabilities and tools for ensuring security. In this presentation, attendees will learn about the latest attacks, tools, and techniques employed by today’s hackers, as well as countermeasures that can help protect against these attacks.

Among the topics of discussion:

• Password security
• Google hacking (data mining)
• Exploit and attack frameworks
• Wireless insecurities (WEP and WPA cracking)
• Application attacks from Information Gathering to SQL Injection
• Physical security (key bumping)
• VoIP hacking and games
• RFID cloning and threats
• Ideas and resources for combating vulnerabilities

Presented By: Accuvant, Inc.

Modern Internet content is becoming more and more user driven. People no longer look to static pages for information, they rely on blogs and forums. They get their information real-time from Twitter and Facebook. They share information through Slashdot and Digg. They entertain themselves through YouTube. It goes on. As the content mechanisms change, so do the threats. Learn how to protect yourself from new attacks as the threat environment adapts and seizes opportunity in the world of Web 2.0.

Presented By: MX Logic

Misguided efforts, poor prioritization, obsessive paranoia and outright lies from self proclaimed “experts” can create a toxic soup of trouble derailing your information security and compliance efforts. In this presentation, 15-year information security veteran Andrew Plato will discuss common mistakes, missteps and myths that can lead to bad decisions, insecure systems and unintended consequences. Plato will also show how to do things the right way, and become a Superhero for your IT team.

Topics include:

• Immature technologies to avoid
• Compliance myths
• Lies vendors tell
• Which battles are worth fighting
• Why exotic threats and complex attacks present little practical risk

Presented By: Anitian Enterprise Security

The war on battling vulnerabilities has become a daunting process over the years including the record high exploits released in 2008. This presentation illustrates how attackers are automating the process of launching exploits to compromise workstations, servers, network devices and telephones. Live demonstrations of the latest exploits, attack methods, and most popular target devices will be included. This session will educate attendees on the latest techniques while also providing visualization on how IT Managers can perform their own penetration testing on any system/device.

This presentation will cover the following:

• Remote attack
• Client Attack/Email Harvesting/Custom Trojan
• Phone spoofing, PBX and Phone cracks
• Content Scanning
• Voice Morphing & Recording
• Analysis & Best Practices

Presented By: SAINT Corporation

Today companies must find ways to achieve business priorities, while cutting costs and doing more with existing staff. That means the value of IT must be strategic and flexible to give their company the business agility to take advantage of new priorities and opportunities as rapid change occurs. This presentation will address how the different approaches to Desktop delivery make IT more strategic and flexible. Attendees of this session will learn about different industries that have implemented a variety of Desktop delivery methods including: VDI, terminal services, hosted desktops, Desktop OS, Application Streaming and BYOC. These solutions have helped companies achieve such business priorities as: Reducing non-essential spends; addressing IT security and BC initiatives; flexible IT to support business changes; and Leveraging the Cloud while reaping Green IT benefits.

Presented By: Citrix Systems, Inc.

The web has become the key vector for online attacks. Yet the vast majority of businesses are unprotected against today’s modern web-based malware. Hackers have developed an array of new tricks and methods to compromise your security and your data. Today’s rapidly evolving web threats and the instant exploitation of any vulnerability by malware authors means that it is simply not enough for businesses to protect their email and endpoint systems.

Presented By: Sophos, Inc.

In this presentation, INX will break down the technical language and the benefits of Cloud Computing. This term is being used by multiple manufacturers that align product solutions but fail to address the benefits and consolidate the message for non-technical executives outside IT. During this presentation, INX will help “demystify” Cloud Computing by providing a common set of language, terms defining the practical application and OPEX saving benefits. Upon conclusion, attendees will be able to have a coherent discussion with other members of their management and IT teams exploring the potential of Cloud Computing services appropriate for their business addressing the following topics:

• What is the basic definition and architecture of Cloud Computing services, both Internal and External to your organization
• Current Cloud offerings and challenges (concerns re: services levels, privacy, compliance, data ownership and data mobility)
• “Into the Cloud” or how to prepare your environment to leverage Cloud Services creating an internal/external/hybrid “Infrastructure as a Service”

Presented By: INX

Best Practices for IP Telephony Architecture

Designing for the most reliable, resilient and survivable VoIP telephony architecture while maintaining security and usability. This session will discuss the pitfalls and address the best practices among different infrastructure and architectural design scenarios to ensure your VoIP system can stand up to the expected, and unexpected, outages and network failures that plague every telephony environment.

Presented By: Structured Communications & ShoreTel

Imagine if you could run applications up to 100 times faster over your WAN; reduce network traffic by up to 95% and collaborate anywhere as if you were in the same room. You can. Riverbed is the only complete WDS solution that is the fabric that ties your IT infrastructure together. Only Riverbed can help you get LAN-like performance just about anywhere… from remote offices to mobile workers to data center operations. Consolidate IT. Cut bandwidth costs, and improve backup and replication. Attend this session and learn more.

Presented By: Structured Communications & Riverbed Technology

Is the recession having an effect on your bottom line? Do you need to scale back your operation today but want to be prepared for rapid growth? Are you looking at either cutting costs or pushing to increase productivity? Does your business need to change the way it works to survive in the future? This session will address ideas on what businesses can do with their current network infrastructure to better support their businesses needs today and into the future. We will discuss a variety of ways companies are using technology to meet their business needs today by better utilizing their budget dollars and leaving a multitude of options for the future. We will present a case study showing how clients can move from traditional network infrastructure to a fully integrated network in the local area and across the country. We will show how to deliver the network infrastructure needed to support today’s complex data applications.

Presented By: tw telecom

A discussion with Plaid Pantry on the solution, selection process, and drivers that cost-effectively assisted with compliance efforts. Combining managed security and software-as-a-service offerings from TierPoint, Plaid Pantry was able to improve security operations and compliance for corporate and store locations. Receive insight into delivering multiple security technologies, centralizing and correlating logs, alerting and reporting throughout your organization’s systems and infrastructure. Hear first hand from Plaid Pantry’s IT Manager regarding the business drivers, testing, and experiences that occurred to make a final purchase decision.

Presented By: TierPoint

Details of this presentation will be announced soon.

Presented By: Xiologix LLC

Join Imperva for this discussion that will include: Simple and Advanced Attack Vectors, and the countermeasures you can implement.

Presented By: Accuvant & Imperva

Logs, if utilized to their full capacity, can reduce significant costs for organizations. Just as you might have seen an increase in speeding tickets lately, a cash-strapped government is taking the route of audits whether it is traffic or regulatory compliance. To add to the complexity, resources in your organization are probably shrinking and your boss expects you to get more out of less. Attend this presentation to learn:

• How can you utilize logs to improve IT operations, security posture and regulatory compliance in your organization
• What are your peers doing to keep pace with rising threats in cyberspace
• What are some of the simplest ways to start saving, today
• What is Security Information and Event Management (SIEM)
• How to achieve high 3 digit ROI with under 3 month payback using 3 simple SIEM/Log Management use cases

Presented By:Accuvant & ArcSight

Details of this presentation will be announced soon.

Presented By: Xiologix LLC

Deduplication technology has changed the economics of storage to help you build a reliable, efficient, and cost-effective data protection architecture. Enterprises of all sizes are using deduplication storage to reduce backup costs and simplify data recovery.

Learn about five areas where you can leverage the power of deduplication in your environment:

• Backup and Recovery (By Application such as Oracle and Exchange or by Environment such as NAS and VMware)
• Disaster Recovery
• Tape Consolidation
• Remote Site Replication
• Archiving & Compliance

Presented By: Data Domain

Customers want application virtualization technologies that do not restrict applications to one presentation format or another, ThinApp enables the same virtual application to be streamed from a network, presented from a terminal server, delivered to USB stick (e.g., for a contract worker), or delivered through standard software delivery tools with little to no integration required. ThinApp also helps IT administrators manage applications that do not run as well in shared-user environments such as Microsoft Terminal Server. By creating a separate instance with its own private sandbox, each application runs in the context of each user session without having to be modified; if a user “breaks” the application, other users are not impacted.

Traditional application packaging and delivery tools are fraught with application and operating system conflicts, which lead to a “brittle” desktop environment. ThinApp eliminates these conflicts and securely packages applications for delivery to physical and virtual desktops throughout the extended enterprise. The result is an application delivery solution which lets IT administrators define their technology roadmaps based on their business needs rather than being constrained by application limitations. This session is an in-depth discussion of ThinApp’s features, benefits and use-case considerations. The presenter will also demonstrate several enterprise applications which have been packaged with ThinApp.

Presented By: IVOXY Consulting

Learn how to leverage today’s technologies to protect and recover your organizations data.

Presented By: FusionStorm & EMC Corporation

This session is an open discussion around current data center trends including Cloud Computing, Network Convergence, Data Security and Virtualization and how these trends will impact the data centers of today and tomorrow. Among the subjects covered in this presentation:

• Cloud Definitions and Foundations
• Storage/Networking Protocols and Next Gen Data centers
• Virtual Machines in the Data Center
• Encryption and Data Protection

Presented By: FusionStorm & Brocade

Details of this presentation will be announced soon.

Presented By: TBA