Keynote
Title: Compliance: An Assault on Reason
Speaker: Chris Nickerson
Abstract: You have done ISO/ PCI/ HIPAA /SOX/FISMA <insert EU Compliance Audits>, 10 Pentests, 20 Vulnerability Assessments, Code Review, App Testing and enough paperwork to feed the fire all winter long… but what did it get you. It got you a huge bill and a hardware stable of all of the latest security products. So now what? Are you safe? Will the Millions you spent on Hardware, Software and Compliance protect you from the “Bad Guys?” You may never know… but at least the marketing says it “Should.” Even if it DOES its job, will it protect your business? The answer: Not likely! For much too long, tests have tested physical assets and ignored the thing that matters most…. YOUR BUSINESS. This session will discuss how we can change the paradigm. Throw away the # of addresses, the compliance reg, the book of what IT “thinks” is important and let’s get to work on testing the BUSINESSES ability to survive an attack. We will review how to evaluate what DOES matter and show you what the “Bad Guys” are actually looking for when they break in. At the end, it is about protecting the special sauce that makes your company unique. You can’t pay a fine for being “Non-Compliant” if you have already been HACKED OUT OF BUSINESS.
List of Breakout Sessions
Technical Track
- Title: Low Tech Hacking – More Ways That I Broke Into Their Buildings
Speaker: Jack Wiles (Penetration Team Leader & President, The Training Co.)
Abstract: During the magical and fun session, Jack will share more of his Social Engineering tips, tricks and possible vulnerabilities. Low Tech Hacking is also the title for Jack’s upcoming book being published by Syngress/Elsevier. Our own (soon to be Mrs.) JJ will be one of Jack’s Contributing Authors in this, his 5th book relating to security. This session will also be one of his non-PowerPoint sessions with a lot of fun hands-on training going on. We may even take another of Jack’s magical trips to a casino during the session.
- Title: Mobile Security – Attacks at Every Layer
Speaker: Tyler Shields (Senior Security Researcher, Veracode)
Abstract: This talk will define a mobile security stack that can be used in analysis of mobile devices in your enterprise. What does the mobile security stack look like? Where does the REAL risk lie and how do we begin to quantify that risk level? What are the notable differences between the mobile device security landscape and that of the enterprise PC? A brief history of mobile security, detailing attacks at every level of the stack, will be discussed in an effort to formalize where the most common attacks come from and where the majority of risk is being generated.
- Title: Wireless Networks – How hard can it be?
Speaker: Chad Nusbaum (Senior Network Engineer, CAD)
Abstract: This session will discuss setting goals for a successful wireless network. We will look at wireless security, an overview of 802.11 b/g/n, benefits for a 2.4GHz and 5GHz network, discussion on dBm and how it can impact the wireless network performance and expectations, and RF interference.
- Title: Blue Coat Learning Lab
Speakers: Jason Leon (Network Engineer, CAD) & Brenda King (Sales Specialist, CAD)
Abstract: In this lab, we will demonstrate the ProxySG and PacketShaper. We’ll show how to apply policies to traffic based on user authentication with the ProxySG; with the PacketShaper, we will demonstrate how to shape traffic by category. In addition, we will have reporting features turned on for both devices to demonstrate the detailed reporting available.
- Title: UTM and IPS Technologies
Speakers: Tim Killian (Regional Director- Mid Atlantic, HP) & Jeremy Howerton (HP)
Abstract: We will demonstrate both UTM and IPS technologies and discuss the advantages/disadvantages of each. To keep things fun, this session will also include a live attack demo in which various attacks will be launched using a Backtrack Live CD (a freely available, open-source collection of penetration testing tools).
- Title: Pen Testing Remix
Speaker: Ryan Linn (Information Security Engineer, SAS)
Abstract: Have you seen any of the previous Hot Topics attack scenarios? This set of demonstrations is going to detail what’s new with some of the tools that you have become familiar with. Come see how to streamline Metasploit use with Armitage, managing the data output with Dradis, and how using these tools can help improve your company’s security posture. Whether you are corporate security, a network engineer, sys admin, or you just like to see what the bad guys can do, this presentation will help you understand some of the updates to these popular attack tools and how to get started working with them on your own.
Hands-on Labs
Learn more about the hands-on labs.
- HP Networking – Network Management & Hardening the Network
- Meru Networks – Wireless Solutions
Vendor Track
- Title: Defining Mobile Device Security with Juniper Networks Junos Pulse Mobile Security Suite
Speaker: Gared Casey (Senior Partner Account Manager – Carolinas, Juniper)
Abstract: Rapidly growing demands by employees for smartphone access to corporate networks creates a complex enterprise security problem. While the easy access to networks provided by smartphones can improve employee productivity, unprotected devices can lead to loss or theft of valuable confidential data, and can even cause compliance or legal problems. Security threats to smartphones can also mean loss or theft of personal financial information, credit card data, and confidential identity or other files, for consumers.The Junos Pulse Mobile Security Suite is a comprehensive solution that includes smartphone security, management, and control. It protects smartphones from viruses, malware, loss, theft, physical compromise, and other threats, and delivers robust remote device management tools for administrators.
- Title: What’s Really Going on in your Network and Compliance Via Email
Speaker: Mark Holobach (Enterprise Southeast Systems Engineer, SonicWALL)
Abstract: Come see how SonicWALL allows you to visualize what is going across your network and how to control those pesky applications taking up your bandwidth. Along with that aspect of the network, see how SonicWALL’s email can help you meet compliancy.
- Title: Best Practices with 802.1X, NAC and Bradford’s Network SentryTM
Speaker: John Sheedy (Technical Marketing Manager, Bradford Networks)
Abstract: Whether or not you’ve deployed 802.1X in your network, your organization will benefit from a comprehensive NAC solution. Bradford’s Network Sentry platform delivers traditional NAC functions like authentication, endpoint compliance validation and access policy enforcement, in addition to advanced capabilities including device profiling and sponsored guest management. Best of all, Network Sentry integrates with the network and security infrastructure you have in place today, allowing you to get more out of investments you’ve already made. Learn how a combination of 802.1X, NAC, and the advanced features of Network Sentry can help you achieve network-wide security, control, and visibility.
- Title: HP Networking – The Next Generation
Speakers: George Kassos (Solutions Architect, HP Networking) and Reggie E. Johnson (Systems Engineer, HP Networking)
Abstract: In this session you will learn about the new HP Networking vision and integrated HP/3Com portfolio. Industry is at an inflection point. The days of sacrificing business innovation due to the limitations and expense of the network are over. Now, clients can harness the power of convergence, along with an advanced network fabric from edge to core, to fuel competitive advantage today and into the future. The current networking paradigm lacks choice and is based on legacy, proprietary technology that is too complex, rigid and extremely costly. This has throttled innovation in client IT environments and inhibited business change. Starting today, HP is challenging the status quo with new networking technology that delivers:- Twice the performance
- Half the energy consumption
- 100% interoperability through open standards
- Multi-vendor, single pane of glass management
- Up to 65% lower total cost of ownership
- And none of the vendor lock in
- Title: The Converged Infrastructure – Reality or Marketing Hype?
Speaker: Shawn Craig (Product Sales Specialist – HP Networking, Synnex)
Abstract: Shawn Craig breaks down the pieces of HP’s Converged Infrastructure strategy to show how companies of all sizes can utilize this methodology to increase productivity and reduce costs. The Converged Infrastructure is a unique methodology designed to reduce the IT sprawl that results from different systems supporting too many different applications, connected in different ways and managed by different teams, tools and processes. By implementing a CI strategy, companies can utilize HP technology to seamlessly orchestrate servers, storage, software and networking and automate many IT tasks thereby reducing administrative overhead allowing IT resources to focus on innovation.
- Title: WiFi Explosion: Is Wireless becoming the new Edge?
Speaker: Robert Crisp (Sr. VP of Systems Engineering, Meru Networks)
Abstract: There is an explosion of wireless devices across all verticals in the work environment and Robert Crisp sheds some light on the need to prepare and adapt to a changing edge landscape. Don’t let the proliferation of tablets and smart phones in the work environment become a burden to support. Join Meru Networks in talking about how to prepare your wireless network to support edge applications for more users and more devices per user with next generation technology. If your wireless network is hard to support now, it ain’t gettin’ easier later!
