Schedule
DAY 1 (5 November)
Registration | Shawn Theatre Foyer
Breakfast | Nobel Lounge
Tenable.sc Vulnerability Management
Tenable.io Vulnerability Management
Tenable.sc Advanced Scanning and Reporting
Lunch | GA Restaurant, Hotel Lobby
DAY 2 (6 November)
Breakfast | Nobel Lounge
Registration | Shawn Theatre Foyer
Welcome and opening remarks: David Cummins, Vice President of EMEA Sales, Tenable | Shaw Theatre
Keynote: Amit Yoran, Chairman and Chief Executive Officer, Tenable | Shaw Theatre
Keynote: Ofer Ben-David, Chief Product Officer, Tenable | Shaw Theatre
Fireside Chat: Jennifer Johnson, Chief Marketing Officer, Tenable and Simon Kellow, Lead Consultant for a large London council.
Refreshment break and networking | Nobel lounge
Track A - Illuminating Insights: Assessment Maturity | Nobel Suite 1
Track B - Scaling End-to-End Vulnerability Management: From No Staff to Global Enterprise | Nobel Suite 2
Track A - Security Programme Success — Building Modern Enterprise Solutions Together | Nobel Suite 1
Track B - The Journey: A Consultant’s Overview of How Different Companies Scan Assets | Nobel Suite 2
Track A - The Evolution of Vulnerability Disclosure | Nobel Suite 1
Track B - Vulnerability Remediation Using Predictive Prioritization | Nobel Suite 2
Track A - Exploit Kits and Risk to the Enterprise — What You Need to Know | Nobel Suite 1
Track B - Know Your Certificates — Customise Scanners for Corporate-wide SSL/TLS Monitoring | Nobel Suite 2
Lunch | GA Restaurant, Hotel Lobby
Track A - Security @ Machine Speed | Nobel Suite 1
Track B - Persistent Vulnerabilities and Their Causes | Nobel Suite 2
Track A - How Lucrative is Cybercrime? | Nobel Suite 1
Track B - The Data Science Behind the Cyber Exposure Score | Nobel Suite 2
Track A - How to Win Friends and Remediate Vulnerabilities | Nobel Suite 1
Track B - Reducing Cybersecurity Cost and Risk Through Compliance Automation | Nobel Suite 2
Tenable University (5 November)
Tenable.sc Vulnerability Management
In this introductory course for Tenable.sc (formerly SecurityCenter) participants will learn to create scans for vulnerability data acquisition and use analysis tools and asset lists for basic data analysis. Participants will become familiar with Predictive Prioritization by utilising the Vulnerability Priority Rating (VPR), learning about reporting options available and performing basic report creation and report dissemination. Hands-on exercises related to the discussed topics will be performed throughout the class in a lab environment.
Session Details
- 9:00AM - 9:45AM | Introduction to Tenable.sc
- 10:00AM - 10:45AM | Complementing Tenable.sc with Tenable.io
- 11:00AM - 11:45AM | Vulnerability scanning
- 12:00PM - 1:00PM | Lunch break
- 1:00PM - 1:45PM | Asset lists
- 2:00PM - 2:45PM | Vulnerability analysis
- 3:00PM - 3:45PM | Dashboards
- 4:00PM - 4:45PM | Reports
Tenable.io Vulnerability Management
In this introductory course for Tenable.io users, students will learn how to gather and share vulnerability data, contextualise and analyse that data and easily distribute reports to key stakeholders. Participants will become familiar with Predictive Prioritization by utilising the Vulnerability Priority Rating (VPR) score and the Lumin interface to identify and track assets. Hands-on exercises related to the discussed topics will be performed throughout the class in a lab environment.
Session Details
- 9:00AM - 9:45AM | Introduction to Tenable.io
- 10:00AM - 10:45AM | Asset discovery methods
- 11:00AM - 11:45AM | Asset tracking in practice
- 12:00PM - 1:00PM | Lunch break
- 1:00PM - 1:45PM | Managing assets, asset reporting
- 2:00PM - 2:45PM | Vulnerability management and assessment overview
- 3:00PM - 3:45PM | Vulnerability assessment methods, measuring assessment success
- 4:00PM - 4:45PM | Vulnerability analysis
Tenable.sc Advanced Scanning and Reporting
Ready to take your Tenable.sc (formerly SecurityCenter) skills to the next level? In this advanced course, we will discuss how to perform host-by-host security data reporting and how to generate warning indicator dashboards and alerts, as well as how to measure key performance indicators (KPIs) in your infrastructure using Assurance Report Cards. Participants will learn advanced scanning techniques to minimise network impact, maximise scan performance, scan fragile environments and assess compliance. Hands-on exercises related to the discussed topics will be performed throughout the class in a lab environment. PREREQUISITES: Assumes operational familiarity of scanning with Tenable.sc
Session Details
- 9:00AM - 9:45AM | Dashboards and alerts
- 10:00AM - 10:45AM | Custom reporting
- 11:00AM - 11:45AM | Assurance Report Cards
- 12:00AM - 1:00PM | Lunch break
- 1:00AM - 1:45PM | Advanced scanning
- 2:00PM - 2:45PM | Scan policy tuning
- 3:00PM - 3:45PM | Policy and compliance auditing
- 4:00PM - 4:45PM | Complementing Tenable.sc with Tenable.io
Breakout Sessions (6 November)
Track A - Illuminating Insights: Assessment Maturity | Nobel Suite 1
How do your assessment practices stack up against those of your competitors? Assessment Maturity is a key metric in Tenable Lumin that provides an aggregated bird's-eye view of one facet of a good cyber hygiene programme, namely how thoroughly organisations assess their network. This view takes into account the following factors: scanning frequency; the percentage of an organisation's assets that are actively scanned; the usage of authenticated scans; and the percentage of plugins included in an organisation’s scan policies. These attributes are distilled into a single assessment maturity score that can be benchmarked against industry peers and the general population. The reasoning behind this metric, and some key insights, will be illustrated in detail. In this session you’ll learn:
- How thoroughly do organisations scan their assets?
- Are some device types scanned more or less often than others?
- How does assessment maturity vary across organisations?

Wei Tai, Senior Data Scientist, Tenable

Wei Tai
Senior Data Scientist, Tenable

Bryan Doyle, Data Science Manager, Tenable

Bryan Doyle
Data Science Manager, Tenable
Track B - Scaling End-to-End Vulnerability Management: From No Staff to Global Enterprise | Nobel Suite 2
Are you looking to build and execute a pragmatic vulnerability management transformation programme for your organisation? Understanding the business impact of vulnerabilities, prioritising remediation, coordinating activities and continuous improvement are core aspects of a sound vulnerability management strategy. Undertaking such an effort often requires you to incorporate multiple processes and integrations across your organisation. For many, this effort can include customer integrations or manual interventions which can slow the process, reduce consistency and provide poor metrics to motivate your stakeholders. Failure hardens silos, fosters a blame culture and increases risk. Success drives a cultural change in the business that reduces risk and encourages collaboration. We’ll explore how Tenable and ServiceNow have worked together in customer environments to radically reduce remediation times and demonstrate the value of a vulnerability management programme to business stakeholders. In this session you’ll learn:
- How to change the culture in the wider business around vulnerability management
- How to demonstrate the business risk context of a vulnerability
- How to drive measurement and continual improvement in processes and risk posture

Dr. James Blake, Advisory Chief Information Security Officer, ServiceNow

Dr. James Blake
Advisory Chief Information Security Officer, ServiceNow
Track A - Security Programme Success — Building Modern Enterprise Solutions Together | Nobel Suite 1
Create, develop and enhance your security programme from top to bottom with these simple approaches and techniques. Setting yourself up for success correctly in the long term is often complicated and misunderstood, especially when dealing with today’s modern attack surface. Whether you have inherited a programme, have a disjointed programme or are simply building out your own programme, understanding the key success factors and the programme blueprints is essential. In this session, we will provide a blueprint and structure to follow while building your vulnerability management programme. We will outline big and small examples of project success and discuss simple feature enhancements. In this session you’ll learn:
- How and when to use the Tenable resources and techniques available to you to get the most out of your security programme
- Ways to approach all landscapes — including virtual machines (VM), containers, web applications and the cloud — with a new level of certainty
- Tips and tricks based on proven success stories and methods, latest product feature utilisation and strategy insights

David Bradley, Sales Engineer, Tenable

David Bradley
Sales Engineer, Tenable

Andy Herrington, Director of Professional Services, Tenable

Andy Herrington
Director of Professional Services, Tenable
Track B - The Journey: A Consultant’s Overview of How Different Companies Scan Assets | Nobel Suite 2
Is your business doing vulnerability management as an audit tick-box exercise or are they really serious about securing the environment? As a veteran Cybersecurity Consultant, Steve Gillham has seen it all. In this session, we’ll discuss how to find all your assets (even those no one else knows about), why manipulating the results to meet audit points is dangerous, why frequency of scanning is important and how you can work smarter by using Tenable’s Vulnerability Priority Rating (VPR) to reduce the risk of a breach. In this session you’ll learn:
- How to use VPR to make your business more secure more quickly
- Why using VPR is a smarter way to tackle the problem of fixing millions of vulnerabilities
- How to create dashboards for displaying information beyond the normal vulnerability management metrics

Steve Gillham, Cybersecurity Consultant, Santander

Steve Gillham
Cybersecurity Consultant, Santander
Track A - The Evolution of Vulnerability Disclosure | Nobel Suite 1
Back in the day, before bug bounty programmes, vulnerability disclosure was an extremely risky venture for vendors and researchers alike. Public zero-day disclosures were prevalent and full-time bug hunting wasn’t a career like it is today. In this session, we’ll discuss the evolution of bug hunting and vulnerability disclosure practices over time, the pros and cons of various disclosure policies, bug bounty programmes and the experiences and insights of Tenable’s Zero Day Research team when interacting with vendors. Understanding vulnerability disclosure from a researcher's perspective is important for any security team that want to effectively field external vulnerability reports. In this session you’ll learn:
- The pros and cons of “responsible” versus “full disclosure” policies
- The benefits and drawbacks of bug bounty programmes
- Best practices for handling and fielding reports from external researchers

Nick Miles, Research Manager, Tenable

Nick Miles
Research Manager, Tenable
Track B - Vulnerability Remediation Using Predictive Prioritization | Nobel Suite 2
During this session, we’ll look at how companies have traditionally prioritised vulnerabilities — and the patching processes they have built to remediate them. We will discuss why these processes are unworkable in the modern world and don't have the desired effect of reducing risk sufficiently. We will also explore how these processes could be reworked using Tenable’s Predictive Prioritization and discuss how to use virtual patching to target the important vulnerabilities first whilst reducing downtime to the business caused by deploying large numbers of individual patches. In this session you’ll learn:
- Real-life applications of Tenable’s Predictive Prioritization
- Practical ways to rework your remediation processes
- The business benefits of changing your approach to vulnerability prioritisation

Daniel Grice, Security Engineer, EMEA Enterprise Team, Tenable

Daniel Grice
Security Engineer, EMEA Enterprise Team, Tenable
Track A - Exploit Kits and Risk to the Enterprise — What You Need to Know | Nobel Suite 1
Exploit Kits (EK) represent one of the most common client-side attacks targeting the user. While EK activity has declined in the past 18 to 24 months, these tools still pose a threat to organisations, having been repurposed to deliver cryptomining payloads, among other examples. In this session, we’ll explore which EKs have had the highest level of activity thus far in 2019 and the vulnerabilities they are exploiting. Armed with this information, defenders can focus remediation efforts on eliminating EKs as a risk. In addition, we will show how Tenable’s Vulnerability Priority Rating (VPR) integrates threat-centric intelligence to automate this effort. In this session you’ll learn:
- Which CVEs are most commonly targeted by threat actors using Exploit Kits
- How defenders can eliminate EKs as an imminent threat by selective remediation of key vulnerabilities
- How Tenable capabilities can help with identification of these risks and their prioritisation for mitigation

Thomas Parsons, Senior Director, Tenable Research, Tenable

Thomas Parsons
Senior Director, Tenable Research, Tenable
Track B - Know Your Certificates — Customise Scanners for Corporate-wide SSL/TLS Monitoring | Nobel Suite 2
Secure transport is a crucial part of IT security in any corporate environment. The widespread adoption of agile practices means small independent teams develop and manage their tooling, causing deployed setups of Secure Sockets Layer/Transport Layer Security (SSL/TLS)-based services to diverge. While online tools are available for monitoring SSL/TLS configurations, assets in restricted network zones are harder to monitor. In the session, we’ll discuss our Tenable.sc-based solution to help with TLS/SSL monitoring. We’ll show how we integrate external tools with Nessus, using custom Nessus Attack Scripting Language (NASL) plugins and audit files, to provide a comprehensive and insightful vulnerability assessment and configuration monitoring process. We’ll show how the depth and quality of your Cyber Exposure data could be improved using already-deployed Nessus products and how we approach monitoring of proprietary assets. In this session you’ll learn:
- How to approach monitoring of SSL/TLS-based services
- How to enhance Nessus and Tenable.sc capabilities by deploying custom audit files and NASL plugins
- How to assess the cost effectiveness of developing custom solutions

Maciej Wróbel, Senior DevOps Expert, ING Tech Poland

Maciej Wróbel
Senior DevOps Expert, ING Tech Poland
Track A - Security @ Machine Speed | Nobel Suite 1
Cybercriminals are leveraging sophisticated tools to automate their attacks. For them, unattended attacks executed at machine speed are a powerful advantage. To defend against these attacks, security operations center (SOC) teams need to incorporate integration, automation and orchestration as core defence strategies. In this session you’ll find out how security information and event management (SIEM) and security orchestration, automation and response (SOAR) technologies from Splunk — integrated with Tenable.sc and all your other security tools — can help SOC teams respond to threats and attacks at machine speed. In this session you’ll learn how our joint offering helps you to:
- Automatically feed security and vulnerability status/context data directly into the SIEM environment to quickly generate well-qualified events and alerts
- Automate decision making and orchestrate your entire suite of security tools in customisable playbooks
- Utilise this power combination of tools to reduce costs while increasing the SOC’s response speed, effectiveness and coverage

Robert Farnod, Security Specialist, U.K., Splunk

Robert Farnod
Security Specialist, U.K., Splunk
Track B - Persistent Vulnerabilities and Their Causes | Nobel Suite 2
Persistent vulnerabilities are a common phenomenon across the industry, with some examples lingering over years in end-user environments. In this session, we’ll explore what characterises a persistent vulnerability, what you can expect during its lifecycle and how widespread these are. Further, we will discuss the lessons we can learn from investigating the overall trends on vulnerability remediation data. We will present a vulnerability survival view, then define persistence and delve into some of its causes using example CVEs. Finally, we will touch on the importance of economic incentives for defensive strategies. In this session you’ll learn:
- What lessons can be drawn from the remediation velocity of vulnerabilities
- Which factors influence the persistence of vulnerabilities and inhibit remediation — across the global user population
- Why it's important to think about economic incentives for defensive strategies and prioritisation

Lamine Aouad, Principal Research Engineer, Tenable

Lamine Aouad
Principal Research Engineer, Tenable
Track A - How Lucrative is Cybercrime? | Nobel Suite 1
Awareness of the vulnerability and exploit ecosystem and supply chain — and understanding the economic incentives driving the players — is important to help cybersecurity professionals evaluate and act on information from the media, vendors and threat intelligence providers. In this session, we’ll share highlights from our recent research into cybercrime economics. Using Open Source Intelligence (OSINT) data — including Darknet, threat Intelligence, third-party reports and research and media articles — the study examines the available data on vulnerability research, exploit development and cybercrime economics to compile a supply chain model with associated economic data. We also look at the role bitcoin plays in enabling the black market in cybercrime, especially in the exploit market and related threat types, such as Exploit Kits. In this session you’ll learn:
- What the actual end-to-end ecosystem for vulnerabilities and exploits looks like
- How the industry and community intersect with the threat ecosystem when it comes to vulnerability research
- How much a vulnerability or an exploit is worth on the open market, and how such knowledge can be used to better manage vulnerabilities

Oliver Rochford, Research Director, Tenable

Oliver Rochford
Research Director, Tenable
Track B - The Data Science Behind the Cyber Exposure Score | Nobel Suite 2
Translating security data into a metric you can use to provide a clear, concise answer about the state of your organisation’s security posture is a massive challenge. With the introduction of the Cyber Exposure Score — an essential feature of Lumin — Tenable are delivering that metric. In this talk, we will take a deep dive into the data science underpinning the Cyber Exposure Score and discuss how you can use the score to measure and manage security programme effectiveness. In this session you’ll learn:
- What factors influence the Cyber Exposure Score
- How the Cyber Exposure Score is calculated
- Tenable’s vision for the future of the Cyber Exposure Score

Bryan Doyle, Data Science Manager, Tenable

Bryan Doyle
Data Science Manager, Tenable

Vincent Gilcreest, Director of Data Services, Tenable

Vincent Gilcreest
Director of Data Services, Tenable
Track A - How to Win Friends and Remediate Vulnerabilities | Nobel Suite 1
How to Win Friends and Influence People, released in 1936, is one of the most influential and bestselling non-fiction books ever. The principles espoused by author Dale Carnegie remain as relevant today as they ever were for those of us working to remediate vulnerabilities, when working relationships with IT operations teams are often put to the test. Whether you’re grappling with operational priorities, colliding egos or any number of other interpersonal challenges, you’ll find value in honing your non-technical skills. This is especially true when it comes to collaborating with your IT administrators and managers to remediate those vulnerabilities with a high Vulnerability Priority Rating (VPR). In this session you’ll learn:
- The timeless principles of How to Win Friends and Influence People — and how to put them into practice in your vulnerability remediation efforts
- Why you should never say, "you're wrong"
- The only way to get “the best” of an argument

Frederic Coene, Cybersecurity Operations Director, Beosec

Frederic Coene
Cybersecurity Operations Director, Beosec
Track B - Reducing Cybersecurity Cost and Risk Through Compliance Automation | Nobel Suite 2
Regulators keep raising the bar while hackers increase their fraudulent activities. As a result, it is very hard for cybersecurity professionals to cope with a wide list of requirements — especially in large, heavily regulated enterprises with thousands of assets to protect. In this session, we’ll explore how to automatically create customised audit files based on the nature of each asset, launch compliance checks using Tenable.sc (formerly SecurityCenter) APIs and monitor the lifecycle of deviations using a customised cockpit. In this session you’ll learn:
- Ways to leverage APIs in Tenable.sc
- How to manage the complete lifecycle for compliance deviations
- How to build customised and automated compliance checks depending on the nature of the asset

Jose María Labernia, Head of Cybersecurity and Internal Control, LafargeHolcim EMEA

Jose María Labernia
Head of Cybersecurity and Internal Control, LafargeHolcim EMEA

Juan Sáez, Cybersecurity Analyst and Project Manager, mdtel

Juan Sáez
Cybersecurity Analyst and Project Manager, mdtel