|
|
Seminar & Session Descriptions
| Tuesday, March 11th |
8:30am-Noon |
Drive Encription Forum, Part 1 (sponsored by Trusted Computing Group) Organizers: Dave Kreft, National Security Agency; Michael Willett, Seagate Technology; Tom Coughlin, Coughlin Associates
Chairperson: Marc Farley, BuildingStorage
“An April [2007} survey by Forrester Research of 200 enterprise security professionals showed that stepping up encryption is the top short-term data-security initiative.”
— Network World, November 2007
Session Description:
Banks, utilities, government agencies, educational institutions, stockbrokers, and many other organizations all have reported lost or exposed disk drives, flash drives, and tapes. Drives were often unencrypted, allowing anyone ready access to their contents. With identity theft becoming a major issue and public concern rising, drive, storage, software, and system manufacturers have looked for ways to ensure that virtually all data-at-rest is encrypted automatically. This forum considers a variety of issues related to trusted storage, including pre-boot authentication, key management, encryption methods, and new federal standards for data-at-rest encryption. It includes panels and breakout sessions aimed at exploring all aspects of drive encryption, including its cost and effects on system performance.
|
8:30-8:40am |
Introduction and Overview
Tom Coughlin, President, Coughlin Associates
|
8:40-9:10am |
Trusted Storage and Pre-Boot Authentication: A Tutorial including a Solution for the Princeton Coldbook DRAM Attack Vector
Michael Kummer, Architect, SECUDE IT Security
|
9:10-9:40am |
Key Management: The Key to Secure Storage
Walt Hubis, Software Architect, LSI
|
9:40-10:10am |
Trusted Storage 101: Protecting Data at Rest
Michael Willett, Seagate Technology
|
10:10-10:30am |
Break
|
|
10:30-11:00am
|
Drive Encryption and Key Management in the Data Center
Gordon Arnold, Tivoli Product Manager and STSM Software Architect, IBM Tivoli Software
|
11:00am-Noon |
Top Ten Things You Need to Know About Drive Encryption Today
Chairperson: Tom Coughlin, Coughlin Associates
Panelists:
Craig Rawlings, Director of Marketing, Kilopass Technology
Bill Mabon, Product Manager, SafeNet
Christine Knibloe, Tape Drive Firmware Engineer, IBM
Gary Drossel, VP of Product Planning, Silicon Systems
Scott Renegar, Credant Technologies
|
|
About the Organizers:
Tom Coughlin is President of Coughlin Associates, a data storage consulting firm specializing in data storage components, systems, and software
used in consumer electronic, enterprise, and entertainment applications. He is the author of a new book, Digital Storage in Consumer Electronics: The Essential Guide, on these subjects. Coughlin has over 20 years of industrial experience in data storage engineering, product development, program management, and market and technology assessment at such companies as 3M, Polaroid, Seagate Technology, Maxtor, Micropolis, Nashua Computer Products, Ampex and SyQuest. Tom has over 50 articles, reports, and technical presentations to his credit and 6 granted patents. He is an Adjunct Professor at Santa Clara University and the organizer of the annual Storage Visions Conference, which focuses on data storage and the digital content value chain.
Michael Willett is a Research Staff Member with Seagate Technology, exploring future projects in security and privacy as well as serving on several external standards bodies, including the Trusted Computing Group (TCG). Within TCG, he is co-chairman of the Storage Work Group. Willett is also chair of the Privacy Framework Project of the International Security, Trust, and Privacy Alliance, developing an operational framework for converting the fair information practices into privacy services and mechanisms. He has previous experience as a university professor and with IBM, Fiderus, and Wave Systems. Michael received his bachelor's degree from the United States Air Force Academy and masters and doctoral degrees in mathematics from North Carolina State University
Dave Kreft has served in a variety of technical and leadership positions during his twenty five years with the National Security Agency. He is presently an Engineering Leader in the Agency’s Information Assurance Directorate and is spearheading efforts to team with industry and integrate robust security features into commercial data storage devices. His contributions to national security, outstanding productivity, and innovative technical solutions have
been recognized by the Director of NSA, the Secretary of Defense, and the Director of Central Intelligence. Dave received his BS degree in electrical engineering from the University of Maryland.
|
8:30am-Noon
|
Windows Security Forum, Part 1 Organizer: Dorian Cougias, NetFrontiers; Rob Peglar, Xiotech
Session Description:
Is Windows your greatest security threat? Do you dread the infamous monthly Patch Tuesday? How will Vista affect your installation’s security? The Windows Security Forum will describe how to best protect your data in the Windows environment. It will include discussions of the new US government Federal Desktop Core Configuration (FDCC), Vista security, peripheral security, the principle of least privilege, and patch management. It will include breakout sessions where you can describe your concerns and work with others to provide guidelines and develop best practices.
Intended Audience:
IT/IS/DP managers, CIOs, security managers and professionals, CSOs, CFOs, business decisionmakers, data center managers and engineers, database administrators, storage specialists, marketing and engineering managers, systems analysts and integrators, consultants, systems engineers and managers, hardware and software developers, and security specialists.
|
8:30-8:40am |
Introduction
Dorian Cougias, CEO, NetFrontiers
|
|
8:40-9:10am
|
Full Spectrum Data Protection
Rob Peglar, VP of Technology, Xiotech
|
|
9:10-9:40am
|
US Federal Government Standards for Windows Data Security
Dorian Cougias, CEO, NetFrontiers
|
|
9:40-10:10am
|
Advanced Threat Protection for the Endpoint
George Myers, Symantec
|
|
10:10-10:30am
|
Break
|
|
10:30-11:00am
|
Vista—Bitlocker Implementation Best Practices
Ned Curic, Strategic Security Advisor, Microsoft
|
11:00am-Noon |
Top Ten Things You Need to Know about Windows Security Now
Chairperson: TBD
Panelists:
Rob Peglar, Xiotech
George Myers, Symantec
Russ Dietz, HiFn
Nancee Melby, Shavlik
|
|
About the Organizers:
Dorian Cougias is the CEO of Network Frontiers where he is the continual vision behind all research, writing, and content development. His past experiences include being CIO of the world’s largest advertising agency, True North Communications, and the world’s leading advertising agency, Fallon McElligott. Dorian has authored nine books on information technology, including the award winning The Backup Book. He has lectured to hundreds of classes, written hundreds of articles, hosted many webinars, and is an expert on disaster recovery and systems continuity.
Rob Peglar is Vice President, Technology for Xiotech Corporation. A 30-year industry veteran and published author, he has global responsibility for the shaping of strategic vision, emerging technologies, defining future offering portfolios including business and technology requirements, product planning, and industry/customer liaison. He currently serves as Chair of the SNIA Tutorials, as Board member of the Green Storage Initiative, and as Secretary/Treasurer of the Blade Systems Alliance. He has extensive experience in storage virtualization, information risk management, archiving strategy, disaster avoidance and compliance, and distributed cluster storage architectures, and is a sought-after speaker and panelist at leading storage and networking-related seminars and conferences worldwide. Peglar has previous experience with StorageTek, Control Data, and ETA Systems. He holds a B.S. in Computer Science from Washington University (St Louis, MO).
|
8:30am-Noon
|
Virtualization Security Forum, Part 1 Organizer: Greg Ness, Blue Lane Technologies
“Virtual servers are prone to the same attacks that plague physical servers, as well as new threats that exploit weaknesses in hypervisor technology, experts warn.”
— Denise Dubie, Network World, 11/26/07
Session Description:
Organizations are moving quickly to tap the power of virtualization, which produces greater IT flexibility and major cost savings. But how does virtualization affect system security? How does one protect data on virtual machines that may be transient in nature? What happens if the physical machine fails or is removed from the system? Does your security hardware and software know about virtual machines at all? The forum will describe the effects of a virtual infrastructure on security. It will include discussions of data protection, moving and managing data, storage and file virtualization, physical failures, asset maintenance, backup and recovery, business continuity and disaster recovery, security controls, partitioning and isolation, network security, auditing and securing of servers, and availability. It will include breakout sessions where you can describe your concerns and work with others to develop guidelines and best practices.
|
8:30-8:40am |
Introduction
Greg Ness, VP of Marketing, Blue Lane Technologies
|
8:40-9:10am |
Virtualization Security: New Realities, Challenges, and Opportunities
Greg Ness, VP of Marketing, Blue Lane Technologies
|
9:10-9:40am |
Security and Virtualization
Alan Kessler, CEO, Attune Systems
|
9:40-10:10am |
Data Protection and Disaster Recovery in a Virtual Environment
Marc Farley, Dell
|
10:10-10:30am |
Break
|
10:30-11:00am |
How to Audit and Secure VMware ESX Servers
Brian Cote, Ecora Software
|
|
11:00-Noon
|
Top Ten Things You Need to Know About Virtualization Security Today
Chairperson: Robert Swanson, DeltaMax
Panelists:
Michael Berman, CTO, Catbird
Brian Milas, Courion
Greg Ness, blue Lane Technologies
Alan Kessler, Attune Systems
Bryan Cote, Ecora Software
|
|
About the Organizer:
Greg Ness is the Vice President of Marketing at Blue Lane Technologies, a developer of security solutions for virtual and physical data centers. He was previously a marketing executive at Juniper Networks, Redline Networks, IntruVert Networks, ShoreTel, Visa International, and Verizon. Ness has over 19 years of integrated marketing communications experience, managing advertising, analyst and press relations, lead generation, messaging, positioning and programs for large and growth companies. He was a company spokesperson for Verizon for nine years, where he won an "Award of Excellence" for marketing program innovation. Mr. Ness earned a Bachelor's Degree from Reed College and a Master's Degree from The University of Texas at Austin.
|
|
1:00-5:00pm
|
Drive Encription Forum, Part 2 (sponsored by Trusted Computing Group) Organizers: Tom Coughlin, Coughlin Associates; Dave Kreft, NSA; Michael Willett, Seagate Technology
Chairperson: TBD
“An April [2007} survey by Forrester Research of 200 enterprise security professionals showed that stepping up encryption is the top short-term data-security initiative.”
— Network World, November 2007
Session Description:
Banks, utilities, government agencies, educational institutions, stockbrokers, and many other organizations all have reported lost or exposed disk drives, flash drives, and tapes. Drives were often unencrypted, allowing anyone ready access to their contents. With identity theft becoming a major issue and public concern rising, drive, storage, software, and system manufacturers have looked for ways to ensure that virtually all data-at-rest is encrypted automatically. This forum considers a variety of issues related to trusted storage, including pre-boot authentication, key management, encryption methods, and new federal standards for data-at-rest encryption. It includes panels and breakout sessions aimed at exploring all aspects of drive encryption, including its cost and effects on system performance.
|
1:00-1:30pm |
Overcoming the Scrambled Eggs Dilemma: How to Encrypt Data and Keep Processes Whole
Gretchen Hellman, Senior Director of Marketing, Vormetric
|
1:30-2:00pm |
Federal Data-at-Rest Initiative
Joseph Belsanti, WinMagic
|
2:00-2:30pm |
CSI: FDE (Full-Disk Encryption)
Lark Allen, Wave Systems
|
|
2:30-2:50pm
|
Break
|
|
2:50-3:20pm
|
Securing Data in an SSD
Scott Shadley, Senior Director of SSD Product Marketing, STEC
|
|
3:20-3:50pm
|
Securing Data on Optical Drives
Bill Almon, CEO, Dataplay
|
|
3:50-4:30pm
|
Breakout Sessions on
Drive Encryption
Leader: Robert Thibadeau, Seagate Technology
Key Management
Leader: Walt Hubis, LSI
Flash Drives
Leader: Gary Drossel, Silicon Systems
|
|
4:30-5:00pm
|
Reports from Breakouts and Final Question and Answer Panel
Chairperson: Michael Willett, Seagate Technology
|
|
About the Organizers:
Tom Coughlin is President of Coughlin Associates, a data storage consulting firm specializing in data storage components, systems, and software
used in consumer electronic, enterprise, and entertainment applications. He is the author of a new book, Digital Storage in Consumer Electronics: The Essential Guide, on these subjects. Coughlin has over 20 years of industrial experience in data storage engineering, product development, program management, and market and technology assessment at such companies as 3M, Polaroid, Seagate Technology, Maxtor, Micropolis, Nashua Computer Products, Ampex and SyQuest. Tom has over 50 articles, reports, and technical presentations to his credit and 6 granted patents. He is an Adjunct Professor at Santa Clara University and the organizer of the annual Storage Visions Conference , which focuses on data storage and the digital content value chain.
Michael Willett is a Research Staff Member with Seagate Technology, exploring future projects in security and privacy as well as serving on several external standards bodies, including the Trusted Computing Group (TCG). Within TCG, he is co-chairman of the Storage Work Group. Willett is also chair of the Privacy Framework Project of the International Security, Trust, and Privacy Alliance, developing an operational framework for converting the fair information practices into privacy services and mechanisms. He has previous experience as a university professor and with IBM, Fiderus, and Wave Systems. Michael received his bachelor's degree from the United States Air Force Academy and masters and doctoral degrees in mathematics from North Carolina State University
Dave Kreft has served in a variety of technical and leadership positions during his twenty five years with the National Security Agency. He is presently an Engineering Leader in the Agency’s Information Assurance Directorate and is spearheading efforts to team with industry and integrate robust security features into commercial data storage devices. His contributions to national security, outstanding productivity, and innovative technical solutions have
been recognized by the Director of NSA, the Secretary of Defense, and the Director of Central Intelligence. Dave received his BS degree in electrical engineering from the University of Maryland.
|
|
1:00-5:00pm
|
Windows Security Forum, Part 2 Organizer: Dorian Cougias, NetFrontiers; Rob Peglar, Xiotech
Session Description:
Is Windows your greatest security threat? Do you dread the infamous monthly Patch Tuesday? How will Vista affect your installation’s security? The Windows Security Forum will describe how to best protect your data in the Windows environment. It will include discussions of the new US government Federal Desktop Core Configuration (FDCC), Vista security, peripheral security, the principle of least privilege, and patch management. It will include breakout sessions where you can describe your concerns and work with others to provide guidelines and develop best practices.
Intended Audience:
IT/IS/DP managers, CIOs, security managers and professionals, CSOs, CFOs, business decisionmakers, data center managers and engineers, database administrators, storage specialists, marketing and engineering managers, systems analysts and integrators, consultants, systems engineers and managers, hardware and software developers, and security specialists.
|
|
1:00-1:30pm
|
Beyond the PC—Securing Your Networked Peripherals
Larry Kovnat, , Product Security Program Manager, Xerox
|
|
1:30-2:00pm
|
Advanced Threat Protection for the Endpoint
George Myers, Symantec
|
|
2:00-2:30pm
|
Why '#@%?& Solutions" Are Not an Obscene Concept
Nancee Melby, Shavlik
|
|
2:30-2:50pm
|
Break
|
|
2:50-3:20pm
|
Data Reduction and Security for Microsoft DPM
Russell Dietz, HiFn
|
| |
|
|
3:20-4:10pm
|
Breakout Session
Windows Security Standards
Leader: Dorian Cougias, NetFrontiers
Vista Security
Leaders: Ned Curic, Microsoft and Scott Renegar, Credant Technologies
Windows Security Patching
Leader: Nancee Melby, Shavlik
|
|
4:10-5:00pm
|
Breakout Session Reports
Final Question/Answer panel
Chairperson: Dorian Cougias, NetFrontiers
Panelists:
Ned Curic, Microsoft
Nancee Melby, Shavlik
Larry Kovnat, Xerox
George Myers, Symantec
Lance Litchfield, FusionStorm
|
4:45-5:00pm |
Conclusion and Evaluations
|
|
About the Organizers:
Dorian Cougias is the CEO of Network Frontiers where he is the continual vision behind all research, writing, and content development. His past experiences include being CIO of the world’s largest advertising agency, True North Communications, and the world’s leading advertising agency, Fallon McElligott. Dorian has authored nine books on information technology, including the award winning The Backup Book. He has lectured to hundreds of classes, written hundreds of articles, hosted many webinars, and is an expert on disaster recovery and systems continuity.
Rob Peglar is Vice President, Technology for Xiotech Corporation. A 30-year industry veteran and published author, he has global responsibility for the shaping of strategic vision, emerging technologies, defining future offering portfolios including business and technology requirements, product planning, and industry/customer liaison. He currently serves as Chair of the SNIA Tutorials, as Board member of the Green Storage Initiative, and as Secretary/Treasurer of the Blade Systems Alliance. He has extensive experience in storage virtualization, information risk management, archiving strategy, disaster avoidance and compliance, and distributed cluster storage architectures, and is a sought-after speaker and panelist at leading storage and networking-related seminars and conferences worldwide. Peglar has previous experience with StorageTek, Control Data, and ETA Systems. He holds a B.S. in Computer Science from Washington University (St Louis, MO).
|
|
1:00-5:00pm
|
Virtualization Security Forum, Part 2 Organizer: Greg Ness, Blue Lane Technologies
“Virtual servers are prone to the same attacks that plague physical servers, as well as new threats that exploit weaknesses in hypervisor technology, experts warn.”
– Denise Dubie, Network World, 11/26/07
Session Description:
Organizations are moving quickly to tap the power of virtualization, which produces greater IT flexibility and major cost savings. But how does virtualization affect system security? How does one protect data on virtual machines that may be transient in nature? What happens if the physical machine fails or is removed from the system? Does your security hardware and software know about virtual machines at all? The forum will describe the effects of a virtual infrastructure on security. It will include discussions of data protection, moving and managing data, storage and file virtualization, physical failures, asset maintenance, backup and recovery, business continuity and disaster recovery, security controls, partitioning and isolation, network security, auditing and securing of servers, and availability. It will include breakout sessions where you can describe your concerns and work with others to develop guidelines and best practices.
|
1:00-1:30pm |
All Your Eggs in a Velvet-Lined Steel Basket
Drew Meyer, Product Marketing Manager, NetApp/Store Vault
|
1:30-2:00pm |
Next Standard for Virtual Server Availability
Jerry Melnick, CTO, Marathon Technologies
|
2:00-2:30pm |
Making Backup Simple - An Appliance Approach to Implementing VMware Consolidated Backup
Ellen Rome, VP of Sales and Marketing, STORserver
|
2:30-2:50pm |
Break
|
2:50-3:20pm |
How to Secure and Gain Visibility into Virtual Networks
Hezi Moore, Reflex Security
|
|
3:20-4:00pm
|
Breakout Sessions
Modifying Existing Security Systems
Leader: Michael Berman,CTO, Catbird
Managing VMware Security
Leader: Brian Milas, Courion
Business Continuity and Disaster Recovery
Leader: Andrew Gilman, Dell
|
|
4:00-5:00pm
|
Breakout Session Reports, final question and answer panel
Chairperson: Greg Ness, Blue Lane Technologies
Panelists:
Michael Berman, Catbird
Brian Milas, Courion
Marc Farley, Dell
Jerry Melnick, Marathon Technologies
Hezi Moore, Reflex Security
|
|
About the Organizer:
Greg Ness is the Vice President of Marketing at Blue Lane Technologies, a developer of security solutions for virtual and physical data centers. He was previously a marketing executive at Juniper Networks, Redline Networks, IntruVert Networks, ShoreTel, Visa International, and Verizon. Ness has over 19 years of integrated marketing communications experience, managing advertising, analyst and press relations, lead generation, messaging, positioning and programs for large and growth companies. He was a company spokesperson for Verizon for nine years, where he won an "Award of Excellence" for marketing program innovation. Mr. Ness earned a Bachelor's Degree from Reed College and a Master's Degree from The University of Texas at Austin.
|
|
|
OPEN - Welcoming Reception and Issues Roundtable on How to Prevent Data Breaches Chairperson: Bob Jueneman, Spryus
Panelists:
Todd Graham, RSA
Andres Kohn, ProofPoint
Subra Kumaraswamy, Sun Microsystems
Eric Madison, aBrevity
Tom Bennett, Raytheon Oakley Systems
Garret Grajek, Multi-Factor Authentication
Richard Moulds, nCipher
Possible questions for discussion:
1. What is the best way to avoid privacy violations (and being in the news)?
2. How do you balance between access and security?
3. How can you achieve compliance at reasonable cost?
4. How do you keep the good guys in — and the bad guys out?
5. Where has all the data gone — How do you control copies?
6. How dan you best meet legal requirements for data protection?
7. When should data be encrypted — and when not?
8. How can you best achieve a reasonable level of data protection?
9. Data is everywhere — so how do you protect it?
10. Can you stop data from heading out the door?
|
| Wednesday, March 12th |
|
8:30-9:00am
|
OPEN - Keynote 1: Why Data Protection Programs Fail Speaker: Amit Yoran, NetWitness
Introducer: Tom Coughlin, Coughlin Associates
Abstract: Why Data Protection Programs Fail:
In spite of ongoing investments and many standards and regulations, cyberspace continues to observe security program failures. These range from the spectacular to ones that hardly even see the light of day. Former DHS cybersecurity czar Amit Yoran describes why data protection programs continue to fail. He also provides a vision for what public and private organizations should be doing to prevent such failures in the future.Objectives:
- Understand the actual causes of data protection program failures, using case studies from both public agencies and private companies.
- Explore the deficiencies in current program approaches that lead to these failures, including technology limitations, incorrect prioritizing, and process gaps.
- Design a forward thinking approach to avoid future data protection failures and ensure the protection of consumer and citizen data and critical infrastructure.
About the Speaker:
Amit Yoran is the Chairman and CEO of NetWitness, the leading provider of next-generation network monitoring solutions. He was previously the Director of the National Cyber Security Division of the US Department of Homeland Security. He also served as CEO and advisor to In-Q-Tel, the venture capital arm of the CIA. Mr. Yoran was the co-founder of Riptech, the market leading managed security services company. He served as its CEO until Symantec acquired it in 2002. He served as an officer in the United States Air Force in the Department of Defense’s Computer Emergency Response Team. Mr. Yoran has also served on the boards of such security technology companies as Guardium, Trust Digital, Digital Sandbox, Guidance Software, and Cyota. He received an MS degree from George Washington University and a BS degree from the United States Military Academy at West
|
|
|
Tutorial T1A: Developing a Data Protection Plan for Your Organization Organizer: Satya Sachdeva, HP
Instructors:
Session Description
Data protection has become a major issue in an era in which data is the lifeblood of every organization. Data protection is essential to prevent loss of customer trust, and avoid leaks, breaches, and violations of regulations while still keeping data highly available. Smart organizations are beginning to take comprehensive measures to secure sensitive data and use them as a differentiator to gain and retain customers. The problem of data protection spans the lifecycle of data – from the time it is created until it is backed up, archived, or discarded. This seminar will focus on basic approaches to developing a comprehensive data protection plan, including the making of a business case, business continuity and disaster recovery, networking aspects, and IT management. Breakout sessions will allow participants a chance to ask questions and develop major conclusions, best practices, and issues to be resolved.
|
|
9:00-9:30am
|
Introduction to Developing Your Data Protection Plan
Satya Sachdeva, Senior Principal, HP
|
|
9:30-10:00am
|
Developing a Business Case for Enterprise Data Protection
Kevin Bocek, Senior Manager of Product Marketing, PGP
|
10:00-10:15am |
Break
|
10:15-10:45am |
Seven Steps to More Effective Information Security
Dave Drab, Principal of Information and Content Services, Xerox Global Services
|
10:45-11:15am |
Data Protection: Fitting the Pieces of the Puzzle Together
David Hill, Principal, Mesabi Group
|
11:15-11:45am |
Data Protection... It's Not Your Father's DR
Dan Bailey, Principal Solutions Architect and Roz Schulman, Director of Data Protection, Hitachi Data Systems
|
11:45am-Noon |
Question and Answer Panel (with morning speakers)
Chairperson: TBD
Panelists:
TBD
|
|
About the Organizer:
Satya Sachdeva is a senior principal with Hewlett-Packard. He has more than 25 years experience in building strategic solutions in the area of business intelligence, data mining, and customer relationship management for the manufacturing, insurance, finance, and banking industries. Satya has spoken at many conferences and authored papers on metadata and enterprise application integration for industry journals. He holds an MBA from Northwestern University’s Kellogg Graduate School of Business.
|
|
9:00am-Noon
|
Tutorial T1B: Mobile Security Chairperson: George Symons, Yosemite Technologies
Instructors:
Integrated Devices for Mobile Security
Kevin Ford, Yoggie Security Systems
Mobile Security Development
Janne Uusilehto, Nokia
Is the Only Way to Secure a Mobile Device to Power It Off?
Mikko Varpiola, Codenomicon
Secure Mobile Access to Identity Protection Services
Stuart Vaeth, Diversinet
Protecting All Endpoint Data on Any Device: Laptop, Removable Media, and Mobile Device
John Albertoli, Credant Technologies
|
9:00-10:15am
|
OPEN - Session 101: Knock, Knock, Who's There? Authentication Methods and Identity Management Chairperson: Tom Gray, Orrick
Paper Presenters:
Fingerprint-Based Authentication Solutions
Vance Bjorn, Digital Persona
Solving the Password Security Dilemma
Terence Spies, Voltage Security
Identity-Centric Architecture
Doron Grinstein, BitKOO
Prove Identity! How Biometrics Is Taking Data Protection to the Next Level
John Petze, Privaris
Open Source Approach to Strong Authentication
Siddharth Bajaj, Verisign/OATH
|
10:30am-Noon |
OPEN - Session 102: Botnets, Zero-Day Threats, and Other Things that Go Bump in the Night. Threats and How to Manage Them Chairperson: Marc Maiffret, Invenio Security
Paper Presenters:
Putting an End to Data Leakage by Botnet
Michael Staggs, FireEye
Dr. Strangelog or How I learned to Stop Attacks and Protect My Data
Adrian Lane, IPLocks
Anatomy of a Database Attack
Aaron Ingram, Application Security
Yes, Even an SSL/VPN is Not Secure
Jason Hart, CryptoCard
|
2:00-2:30pm |
OPEN - Keynote 2: Keeping Consumer Data Safe and Sound Speaker: Rick D'Angona, Experian
Introducer: Vijay Ahuja, Cipher Solutions
Abstract: Keeping Consumer Data Safe and Sound
Everyone is concerned about the large number of reported data leaks (over 200,000,000 records according to the Privacy Rights Clearinghouse). Large leaks such as the TJX episode have cost organizations millions, and have led to extensive investigations and a large amount of legislation around the world. What can installations do to protect themselves in a complex environment with threats that are constantly changing and evolving? A sound set of controls is an excellent beginning. And a policy of continuous review and updating is essential to keep security up-to-date.
About the Speaker:
Rick D’Angona is Chief Information Security Officer for Experian Americas. Rick has overall responsibility for information security strategies across Experian business units. He works to bridge the gap between the technical aspects of information security and executive management by providing guidance on best practice compliance controls as a way to support corporate objectives. He presents to Experian audiences around the United States and collaborates with the Experian UK team to continually improve the application of information security principles to the rapidly changing business environment. Rick was a featured speaker at the 5th World Consumer Credit Reporting Conference held in Capetown, South Africa in October, 2006.
Rick joined Experian in January 2005 after serving as Vice President of Corporate Information Security at State Street Corporation where his responsibilities included governing the implementation of security controls for the world’s largest custodian of mutual funds. Prior to joining State Street he was Director of Online Brokerage for Fidelity Investments, responsible for enhancing the electronic distribution channels to increase sales revenues and minimize costs. He was involved in all aspects of the process including targeted marketing campaigns, regulatory compliance and print/mail fulfillment. Rick has more than 25 years experience in information systems management, application development and design and is now meeting the significant challenge of providing security solutions for Experian.
|
2:30-5:00pm |
Tutorial T1A (cont.): Making Your Data Protection Plan Work - Part II Organizer: Satya Sachdeva, HP
Session Description:
Data protection has become a major issue in an era in which data is the lifeblood of every organization. Data protection is essential to prevent loss of customer trust, and avoid leaks, breaches, and violations of regulations while still keeping data highly available. Smart organizations are beginning to take comprehensive measures to secure sensitive data and use them as a differentiator to gain and retain customers. The problem of data protection spans the lifecycle of data – from the time it is created until it is backed up, archived, or discarded. This seminar will focus on basic approaches to developing a comprehensive data protection plan, including the making of a business case, business continuity and disaster recovery, networking aspects, and IT management. Breakout sessions will allow participants a chance to ask questions and develop major conclusions, best practices, and issues to be resolved.
Instructors:
|
2:30-3:00pm |
Local and Remote Data Protection: Leveraging the Latest Backup and Data Replication Techniques
Jim Russ, Nth Generation Computing
|
3:00-3:30pm |
Mobile User Data Protection — From Obstacles to Best Practices
George Symons, Yosemite Technologies
|
3:30-4:00pm |
Case Study of a Major Protection Initiative
Subra Kumaraswamy and Brennan Baybeck, Sun Microsystems
|
4:00-4:30pm |
Breakout Sessions
Data Protection Methods
Leader: David Hill, Mesabi Group
Security Management
Leaders: Subra Kumaraswamy, Director of Information Security, and Brennan Baybeck, Sun Microsystems
Threat Analysis
Leader Jim Szafranski, VP of Product Management, FiberLink Communications
|
4:30-5:00pm |
Breakout Session Reports, Questions and Answers, and Evaluations
Chairperson: Satya Sachdeva, HP
Panelists:
Subra Kumaraswamy, Sun Microsystems
Brennan Baybeck, Sun Microsystems
Jim Szafranski, FiberLink
Jim Russ, Nth Generation Computing
David Hill, Mesabi Group
|
|
About the Organizer:
Satya Sachdeva is a senior principal with Hewlett-Packard. He has more than 25 years experience in building strategic solutions in the area of business intelligence, data mining, and customer relationship management for the manufacturing, insurance, finance, and banking industries. Satya has spoken at many conferences and authored papers on metadata and enterprise application integration for industry journals. He holds an MBA from Northwestern University’s Kellogg Graduate School of Business.
|
|
2:30-5:00pm
|
Tutorial T2B - Email Security Organizer: Vijay Ahuja, Cipher Solutions
Session Description:
Email is among the fastest growing aspects of every organization’s computer facility. It has become essential for most workers – how else would you communicate? Furthermore, most people now use it as an “in-basket”, holding things they haven’t yet been able to deal with or don’t know how to handle. Obviously, organizations want to secure their email to eliminate spam and other malware, avoid unauthorized access, and prevent information leakage. But that is only part of the issue. Email also has to be available 24/7 and retained without any loss. Furthermore, legal authorities require it be kept like any other business correspondence. This seminar will describe what is available for email security, what threats exist and how to combat them, how email security relates to general messaging security, how to control storage and administrative costs, how to achieve regulatory compliance, and how to provide for high availability and disaster recovery for email. It will include case studies and specific recommendations for handling Microsoft Exchange.
Intended Audience:
IT managers, CIOs, storage administrators, security managers, CSOs, CFOs, business decisionmakers, database administrators, storage specialists, marketing and engineering managers, systems analysts and integrators, consultants, systems engineers and managers, security specialists, product marketing and development engineers, product managers, and hardware and software designers.
Instructors:
The Integration of Disaster Recovery and Email Archive
Paul D'Arcy, VP of Marketing, MessageOne
Assuring 24/7 High Availability and Disaster Recovery for Email
Steve Lewis, CEO, Teneros
Messaging Security for the Triple Threat IP Environment
Andrew Graydon, Borderware Technologies
The Evolution from E-Mail to Web-Borne Threats
Sam Masiello, MX Logic
|
2:30-3:45pm |
OPEN - Session 103: What a Tangled Web We Weave! Protecting Your Internet and Web Applications Chairperson: Mark Edmead, MTE Advisors
Paper Presenters:
Top Website Vulnerabilities: Trends, Business Effects, How to Fight Them
They Ford, WhiteHat Security
Information Protection Services
Brian Reagan, IBM
Into the Eye of the Storm - an End-to-End Analysis of the Storm Worm
Patrick Peterson, IronPort (Cisco)
Making Your Network Content Aware
Ed Morrissey, Global Velocity
The Essential Element of a Data Loss Prevention (DLP) System
Uzi Yair, GTB Technologies
|
4:00-5:15pm |
OPEN - Session 104: Stop that Leak! Keeping Your Data from Leaking Away Chairperson: Marc Farley, Dell
Paper Presenters:
Information Security at the Endpoint: Content Loss Prevention Perspective
Todd Graham, RSA Data Security Group
A MultiLayered Approach to Prevent Data Leakage
Ulf Mattsson, Protegrity
Preventing Data Loss - Best Practices of Leading Edge Companies
Bruce Snell, McAfee
An Enterprise Approach to Endpoint Data
Brad Zehring, GuardianEdge Technolgies
Data Protection: Recent Evolution and Future Progression
Mike McGurkin, Vericept
|
|
5:00-7:00pm
|
OPEN - Industry Receptions and Awards |
7:00-8:30pm |
OPEN - Beer, Pizza and Chat with the Experts Organizer: Lenice Gregory, GuardianApps
Expert Table Leaders:
Backup and Restore
Eric Herzog, VP of Marketing, Asempra Technologies
Archiving
Craig Mullins, Corporate Technologiest, NEON Enterprise Software
Security as a Service
Sekar Swaminathan, MegaPath
Virtual Storage
Don Fautt, Director of Software Marketing, LSI
Information Assurance
James Ross, Systems Security Engineer, Boeing
Disaster Recovery
Dan Bailey, Principal Sulutions Architect, and Ros Schulman, Director of Data Protection, HDS
Virtualization Security
Feliciano Rivera, SecuWare
Data Protection for SMBs
Mike Stolz, StorMagic
Mobile Security
Jim Szafranski, Fiberlink
Session Description:
This session will give attendees a chance to discuss a wide variety of subjects in an informal atmosphere and ask questions of experts in specific areas. Table subjects will include backup and restore, storage systems, archiving, legal regulations, laptop security, security as a service, biometrics, virtual storage, information assurance, and disaster recovery. Attendees are welcome to move from table to table during the session, increasing their exposure to different subjects. Beer, wine, soft drinks, and pizza will be served to promote informality and encourage networking. Emphasis will be on frequently asked questions, best practices, hints and warnings, major issues, and key products and standards.
Intended Audience:
IT/IS/DP managers, CIOs, security managers and professionals, CSOs, CFOs, data center managers and engineers, network managers and engineers, database administrators, storage specialists, marketing and engineering managers, system analysts and integrators, consultants, system engineers and managers, hardware and software developers, and security specialists.
About the Organizers:
Lenice Gregory is Vice-President at Guardian Applications. As the company’s principal researcher, co-founder, and analyst, Lenice has been a driving force for human resource and payroll security in corporate environments. She also keeps the company up to date on privacy standards, develops new business strategies, and manages the company’s Consulting Practice. She has previous experience as a Management Consultant with United HealthCare. She has an MS in Behavioral Services from Eastern Michigan University and a Master’s Certificate in Healthcare Management from St. Thomas University.
Tony Nadalin is an IBM Distinguished Engineer and Chief Security Architect for Tivoli Software. He is responsible for security infrastructure design and development across IBM’s Tivoli and Lotus divisions. He has driven the company’s security strategy on the systems management level, making security a pervasive component to today’s enterprise infrastructure. Tony has authored more than 30 technical journal and conferences articles, and he has published two books on Java security and the Internet.
|
| Thursday, March 13th |
8:30-10:00am
|
Session 201: Lions and Tigers and Bears, Oh My! The Latest Threats and How to Thwart Them Chairperson: Fred Villella, System Defenses
Panelists:
Eugene Schultz, High Tower Software
Kevin Nixon, Datacastle
Phil Ruggieri, Cyber Operations
John Bianco, Infiniti Systems
Christopher LeClerc, LISKA Biometry
Mike McGurkin, Vericept
|
8:30-10:00am |
 OPEN - Session 202: Venture Capital in the Computer Security Industry (including a 1-page business plan) Contest Organizer: Nathan Joyner, Pacific Ridge Capital
Moderator: Vikram Karnaker, Manager, Corporate Development, STEC
Lead Consultant: Sara Rauchwerger, Managing Partner, BG Strategy
Session Description:
The global IT security market is over $5 billion dollars with a growth rate of about 15% annually. Areas such as security appliances, intrusion detection systems, and anti-spam are growing even faster. Clearly such a large, expanding market leads to many venture opportunities. This session will explore the role of venture capital in this market and what VCs are looking for in funding both startups and existing companies. It will include presentations by the three top finishers in the business plan contest, a question-and-answer panel, and awarding of prizes.
Panelists:
Juan-Antonio Carballo, Argon Ventures
Daniel Docter, Intel Capital
Darius Sankey, Zone Ventures (a Draper affiliate)
Igor Sill, Geneva Ventures
Jawad Ansari, Corporate Metrix Investments
The business plan contest allows anyone to enter a 1-page plan related to computer security (hardware, software, peripherals, accessories, services, or systems).
|
8:30-8:40am
|
Introduction
Vikram Karnaker, STEC
|
|
8:40-9:10am
|
Contest Winners' Presentation of Business Plans
|
|
9:10-9:20am
|
Break
|
|
9:20-9:50am
|
Question and Answer Panel
Panelists:
Juan-Antonio Carballo, Argon Venture Partners
Daniel Docter, Intel Capital
Darius Sankey, Zone Ventures (a Draper affiliate)
|
|
9:50-10:00am
|
Awards and Photo Opportunities
|
About the Organizer, Moderator and Lead Consultant:
Nathan Joyner is the Vice President of Technology at Pacific Ridge Capital, an investment banking company focused on underserved emerging growth/middle-market companies and institutional investors. He has previous experience at Intel where he led product launches and served global customers for PC and server related products. He received an MBA from USC and a BSEE from Washington State University.
Vikram Karnaker is a Manager in the Corporate Development Group at STEC, a maker of high-reliability memory and storage solutions. He has previous experience as an investment banker at Peter J. Solomon. He received his B.A. in mathematics from the University of Pennsylvania.
Sara Rauchwerger is a business consultant with BG Strategy. She has given presentations all over the world on how to make winning proposals.
|
10:00-11:00am |
OPEN - Special Plenary Session: Security Star Contest Chairperson: Kevin Nixon, Datacastle
Organizers: Kevin Nixon, Director of Security Business Strategy & Product Marketing, Datacastle and Marc Maiffret, President, Invenio Security
Session Description:
Who will be the 2008 Security Star? Inquiring minds want to know — and will find out at the end of the final round. The selected finalists will give 10-minute presentations on:
- What I predict will be the top security challenge of 2008,
- How I think installations can meet this challenge,
- Why I am specially qualified to be the 2008 Security Star.
Intended Audience:
The audience will then select the winner, who will receive the grand prize of a tasteless plaque and $1,000 cash (which can be donated to charity if the winner can only accept glory). In the case of ties, the chairperson will break them. All decisions are final, and no instant replay will be allowed. No fairness rules apply, and techniques learned from machine politics, rotten boroughs, packed caucuses, and rigged spontaneous demonstrations are all just fine. However, we do not allow musical instruments, large animals (such as elephants), or firearms (sorry, Second Amendment does not apply here!). Fruit and vegetables, cream pies, dead octopi, beachballs, dead or live fish, and other projectiles must be obtained from hotel catering. Participants are welcome to:
- Pack the audience with their supporters,
- Have their supporters cheer wildly at every word (but you don’t get any extra presenting time, so you may want to limit this),
- Display professional homemade signs like the ones seen at political conventions and football games,
- Invite their bodyguards, camp followers, Mafia friends, paparazzi, sycophants, booth babes, agents, spokespeople, and whoever else they can find.
Panelists:
Michael Willett, Senior Director/Security, Seagate TEchnology
Jim Covington, CISSP, Wireless Technology Company
Russ Dietz, CTO, Hifn
Rob Peglar, VP of Technical Solutions, Xiotech
Grecthen Hellman, Senior Director of Marketing, Vormetric
Jason Fass, Manager of Product Marketing, IronPort (a Cisco business unit)
Kurt Johnson, VP of Corporate Development, Courion
Satya Sachdeva, Senior Principal, HP
Bill Reed, General Partner, BusinessLaunch
Bob Jueneman, Chief Scientist, SPYRUS
Sean Moshir, CEO, CellTrust
The session will end with a photo opportunity, so all contestants should come dressed as inappropriately as possible. We may not offer the notoriety of a Survivor, an American Idol, or Donald Trump’s apprentice, but we can surely have just as bad taste!
About the Organizers:
Kevin Nixon has over 25 years experience in MIS design and development, Information Security, Business Continuity & Disaster Recovery and US and European Regulatory Compliance. He joined Datacastle in January 2008 as the Director of Security BGusiness Strategy & Product Marketing. Kevin was responsible for public policy review and compliance analysis. He educates corporate management and staff on pending and existing technology legislation relevant to client employees, customers, partners, and vendors. In his role, KEvin has testified before the Republican High Tech Task Force, Chairmen of the Senate Armed Services Committee & the Chairman of the House Ways and Means Committee and several infrastructure security boards.
Marc Maiffret is Founder and CEO of Invenio Security, a security consulting and training company. He was previously the CTO and co-founder of eEye Digital Security, a leading developer of security software for both home and business use. Maiffret was a driving force behind the vision and continuous innovation of eEye’s product development and vulnerability research efforts. Long regarded as a security expert and thought leader in vulnerability research, Maiffret started as an independent researcher and discovered some of the first remote Microsoft vulnerabilities in 1999. He also co-discovered and named the first Microsoft Worm (CodeRed), and testified before the United States Congress on topics ranging from cybersecurity to critical infrastructure. Maiffret has been featured on the cover of many security publications, has been cited in mainstream media such as MTV, CBS Evening, Los Angeles times, New York Times, and USA Today, and was featured in People Magazine’s Special 30th Anniversary Issue.
About the Chairperson:
Mary Jander is the Site Editor for Light Reading’s Byte and Switch Website, a CMP business. She was previous Senior Editor for Light Reading and has spent 18 years reporting and writing on information technology. She was on the senior editorial team of Data Communications magazine for 9 years. She is the co-author of a book on service-level management. Mary holds a Bachelor’s in English and Business from City University of New York.
|
11:00am-Noon
|
Session 203: The Users Talk Back Chairperson: Rosalind Conway, PricewaterhouseCoopers
Panelists:
Don McCall, Dell
Jim Covington, Wirelesws Technology Comapany
Shirley Alvitre, Experian
About the Chairperson:
Rosalind Conway is a Director in the Performance Improvement Technology practice with over 10 years of financial services experience. She serves as the financial services regulatory specialist for records management engagements; and advises complex financial services clients on regulatory matters, including Sarbanes-Oxley (SOX), SEC and NASD (FINRA) regulations. Formerly, Rosalind supervised the liquidation of all failed insurance companies domiciled in Texas and licensed nationwide where she had responsibility of the records management program and the establishment of the record retention policies and procedures for some 240 million records. Rosalind is also a former federal bank examiner where she identified discriminatory lending practices (i.e., redlining) in the US, investigated money laundering allegations and performed risk-based capital and residential and commercial loan portfolio analyses.
|
|
2:00-2:50pm
|
OPEN - Session 204: Jeepers! It's the Cops (and the Lawyers)! New Regulations and Requirements Chairperson: François Gilbert, IT Law Group
Panelists:
The Impact of FRCP Legal Discovery on IT
Bill Reed, BusinessLaunch Technical Consulting
IT and Legal Working Hand in Hand
John Gormally, Symantec
Safeguarding Confidential Data and Intellectual Property
Theresa Sutton, Orrick
|
3:00-3:50pm
|
Session 205: Your Most Intimate Secrets Exposed! The Human Factor in Security Breaches Chairperson: Mari Frank, Mari Frank, Esq
Panelists:
Cindy Stamer, Grant Phillips and Murray
Ron Williams, Talon Companies
James Koenig, Pricewaterhouse Coopers
Thomas Gray, Orrick
|
4:00-5:00pm |
OPEN - Session 206: Top Ten Things You Should Know About Data Protection Today Chairperson: Marty Foltyn, BitSprings Systems
Panelists:
Kevin O'Neil, CYVA Research
Luther Martin, Voltage Security
Nir Zuk, Palo Alto Networks
Jeff Prince, ConSentry Networks
|
|
