Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

AGENDA

7:30-8:30
Registration and Breakfast
8:30-8:40
Welcome - What to Expect - Big Ideas and Bold Initiatives | Jennifer Johnson, Chief Marketing Officer
Welcome - What to Expect - Big Ideas and Bold Initiatives
Jennifer Johnson,
Chief Marketing Officer
Jennifer Johnson, chief marketing officer (CMO) of Tenable, is one of the most notable enterprise software marketers in the industry. Prior to joining Tenable, she served as the first-ever CMO at Tanium, building one of the most innovative brands in the industry and positioning the company as a dominant force in the cybersecurity and enterprise IT markets. During her tenure, she led the company through consecutive years of triple-digit hypergrowth.
8:40-9:00
Cyber Exposure for the Digital Age | Amit Yoran, Chairman and Chief Executive Officer
KEYNOTE
Cyber Exposure for the Digital Age
Amit Yoran,
Chairman and Chief Executive Officer
As Chairman and Chief Executive Officer, Amit Yoran oversees the company’s strategic vision as Tenable works to empower organizations to understand and reduce their cyber security risk. Amit brings to Tenable a unique blend of leadership in the private and public sectors. Previously, he served as president of RSA, leading its transformation into one of the most successful global security companies. Amit joined RSA through the acquisition of NetWitness, the network forensics company he founded and led as CEO.
9:00-10:00
Real Solutions to Tough Challenges - Tenable Product Update | Dave Cole, Chief Product Officer
KEYNOTE
Real Solutions to Tough Challenges - Tenable Product Update
Dave Cole,
Chief Product Officer
As chief product officer, Dave Cole leads initiatives in continued technology innovation and product excellence. He is an accomplished security veteran with a history of leading product innovation and building highly scalable systems, including product design and development for SaaS and cloud.
10:00-10:30
Fireside Chat | Martin Liutermoza, Global Deputy CISO, Nasdaq in conversation with Tenable’s Jack Huffard
KEYNOTE
Fireside Chat | Martin Liutermoza, Global Deputy CISO, Nasdaq in conversation with Tenable’s Jack Huffard
Martin Liutermoza,
Global Deputy CISO and Global Head of Security Engineering of Nasdaq
Jack Huffard,
Co-founder, President and COO, Tenable
10:30-11:15
Refreshments and Networking | Attendee Networking Lounge, Brain Bar and Partner Pavilion Open
11:15-11:45

Track Sessions

Track A
Securing Critical Energy Infrastructure – The DOE-Funded MEEDS Project

The United States economy, national security and livelihood require secure, resilient and reliable electricity infrastructure. Securing the power grid from complex, non-linear and evolving cyber threats requires continuous monitoring and mitigation to identify, detect and respond to threats against and vulnerabilities in critical cyber assets.

This presentation will highlight a U.S. Department of Energy funded project – Mitigation of External-exposure of Energy Delivery System equipment (MEEDS) – led by Pacific Northwest National Laboratory, in partnership with Tenable, Shodan LLC, National Rural Electric Cooperative Association, and various public energy utilities to improve the state of grid cybersecurity threat intelligence and continuous monitoring. MEEDS, the resultant application, will empower cyber defenders to help monitor and rapidly identify, detect and respond to threats and vulnerabilities in energy delivery systems. This presentation will provide an overview of grid cyber threats, vulnerabilities and how MEEDS provides an opportunity to secure critical energy infrastructure.

Michael Mylrea

Michael Mylrea is a Senior Manager, Cyber Security & Technology
Blockchain Lead (PI) at Pacific Northwest National Laboratory

Track B
Our Evolution with Tenable: From Nessus Scans to Protecting Modern Assets in the Cloud with Tenable.io

As the global leader in logistics real estate, Prologis has moved 100% of its business to the cloud. We have relied on Tenable over the years, starting with basic Nessus scans, moving to vulnerability management with SecurityCenter, and now adopting Tenable.io for cyber exposure (starting with VM and web application scanning). In this talk, we will share our journey with Tenable to secure the modern assets in our cloud environment. Not only will we share lessons learned, but we will also share why security practitioners need not be afraid of moving to the cloud and properly securing their assets.

Tyler Warren

Security Solutions Architect
Prologis

Track C
The Leading Edge of DevSecOps – How Tenable Uses DevOps to Become More Secure

In this talk, we will share the lessons learned from two chief security officers in building and running security programs at the leading edge of the DevOps movement – at Etsy, Bitium, Tenable and Signal Sciences. Specifically, we will cover how a modern approach to security can actually empower an organization to move faster, rather than act as a blocker. Using Tenable as a case study, we will explain how we’ve gone through the transition to cloud-based services and adoption of DevOps and agile, and how the DevSecOps approach has helped enable that shift and improved our overall security posture in the process.

Zane Lackey

Founder and Chief Security Officer
Signal Sciences

Conrad Smith

Chief Information Security Officer
Tenable

11:45-12:15

Track Sessions

Track A
Using the Tenable.io API to Mature Your Security Program

While Tenable.io contains a great deal of valuable information, this information is not always fully utilized by security teams. In this talk, we will explain how to use the power of the Tenable.io API to extract data useful to your organization, and even present it in ways not available through the GUI. At HP Inc., we have written Python scripts to extract the data we need to report on our vulnerabilities as well as communicate this to our internal customers. We have a unique need as we are not a single organization, but rather a set of over 30 internal customer groups, and we use Tenable.io to provide this data to individual groups as well as to executive management in a consistent and automated manner.

Derek Hill

Cloud Solutions and Operations Security Manager
HP Inc.

Track B
Vulnerability Trends and Prioritization Techniques

Thousands of vulnerabilities are reported every year, but vulnerabilities are far from created equal. While the recent Apache Struts vulnerability (CVE-2017-5638) led to the loss of sensitive information about half the US population, other critical vulnerabilities can only be exploited under a narrow set of conditions. Prioritizing which vulnerabilities to patch first is a complex issue, and given the limited resources available for patching, it’s critical to understand and act on your true Cyber Exposure. Perfecting the science of vulnerability scanning is a key element that will help you avoid becoming the next Equifax.

To help address that challenge, we will cover industry vulnerability trends; which vulnerabilities are patched first, and which are rarely patched; how quickly security teams are patching vulnerabilities; industry standards around scan frequency and vulnerability remediation; and techniques for prioritizing vulnerabilities for patching. Join us for an enlightening look at current trends and techniques.

Mehul Revankar

Director of Research
Tenable

Track C
Prioritize Your NIST CSF Implementation with the CIS Controls – City of Portland Case Study

As organizations adopt the NIST Cybersecurity Framework (CSF), many are looking for guidance about how they can strengthen security in phases using risk-based prioritization along with the CSF. In this presentation, we will share how the City of Portland (Oregon) addressed this challenge by developing a prioritized approach to implement the NIST CSF using the CIS Controls (formerly the SANS Top 20). We will cover how to prioritize the implementation of controls based on organizational needs, structure budget requests according to risk-based priorities, and develop a multi-year roadmap to strengthen security. We will also share a popular planning tool for strengthening security in phases, which is an Excel file you can download and customize for your organization.

This talk will be most useful for CISOs and InfoSec professionals responsible for evaluating and optimizing the effectiveness of ongoing information security practices in state.

Brian Ventura

Information Security Architect
City of Portland

12:15-1:30
Lunch
1:30-2:00

Track Sessions

Track A
What Happens in Vegas: Near Real-Time Vulnerability Visibility

Real-time visibility to vulnerabilities can be extremely challenging, especially when you have a huge address space of different 24x7 systems. Yet without it, balancing remediation against non-stop gaming uptime is a difficult bet to place. The key to monitoring a continually changing set of hosts in the environment is having a strategy to complete deep scans within tight timelines. In this talk, we will present a flexible and automated approach developed at The Cosmopolitan of Las Vegas to perform efficient vulnerability scans, detect new hosts, determine when to add more scanning capacity, and report change as it happens. Come learn how one "revolving scan" strategy enables an immediate view to when patching efforts "move the needle."

Michael St. Vincent

Chief Information Security Officer
The Cosmopolitan of Las Vegas

Steven Bonilla

Information Technology Security Architect
The Cosmopolitan of Las Vegas

Track B
DevOps to Take Vulnerability Management to the Next Level
DevOps is being hailed as the next big thing, but how does security fit in the CI/CD pipeline? With the products in your DevOps toolchain, how do you ensure vulnerabilities are rapidly identified and patched? Join us and learn how to bake security into DevOps practices. The adoption of DevOps practices is a real challenge facing today’s security professionals. Security teams can work hand-in-hand with DevOps teams to successfully adopt DevOps practices, while simultaneously ensuring a company’s security goals are met.

Greg Kyrytschenko

2nd Vice President, Information Security Services
Guardian Life Insurance

Track C
Advanced Search Techniques You Can Use for Both GDPR Compliance and Vulnerability Management

When building capabilities throughout the Cyber Exposure lifecycle, many teams struggle with locating the data that is most critical to a specific project or mitigation activity. With new regulations such as GDPR, the line between configuration compliance and vulnerability management begins to blur. By understanding advanced search techniques, security teams can unleash the power of Tenable.io and SecurityCenter to help with both. Join us to learn about the advanced search techniques that Tenable uses to create new dashboards and reports in Tenable.io and SecurityCenter, using GDPR as a case study.

Cody Dumont

Information Security Content Manager
Tenable

2:00-2:30

Track Sessions

Track A
How to Mature Your Security Organization Using NIST Cybersecurity Framework

Is your cybersecurity strategy flailing? Do you know where your gaps exist? Does the right hand know what the left hand is doing? Unclear strategies will result in tool and service overlap, information silos and potentially leave your organization vulnerable to cyber threats.

In response, you can use the NIST Cybersecurity Framework to:

  • Create a map of your security services
  • Perform tool optimization
  • Identify gaps
  • Measure your performance against your strategy
  • Map security services to compliance efforts

This will help you achieve the following results:

  • Know what team performs what service and have data to make decisions on organizational structure and individual responsibilities
  • Use the data to decide on tool selection, tool decommission, and tool ownership
  • Know where you need to spend budget, and determine true need versus “nice to have”
  • Track key metrics to measure your performance

The end result will be a strong foundation to build upon to mature your security organization.

Pamela Gott

Vice President, Global Cyber Security & Fraud
First Data

Track B
Protection of Containerized Workloads from Development to Production
Containerized workloads have revolutionized application deployments. We have seen deployment of containerized workloads to production environments increase dramatically over the past year. However due to the nature of containers, they introduce security complications when it comes to production deployment. Since containers scale differently, traditional security measures are not sufficient to address risks associated with containers in production. In this talk we will identify the risks associated with containers and discuss how to secure them in production.

Sasan Padidar

Director of Engineering
Tenable

Track C
Improving Visibility into your Vulnerability Management Program with Simple, Easy to use Dashboards

It’s not enough to put vulnerability data front and center. To understand the risk vulnerabilities pose to an organization, that data needs to be presented in the right way to the right audiences. Executives need to comprehend the attack surface and protection efforts, managers need to plan remediation work, and remediators need to know where to focus their activities. In this session, we will discuss how to bring enterprise Vulnerability Management Standards to each audience through intuitive SecurityCenter dashboards with actionable data that answers their questions, drives proactive remediation activities, and helps teams respond quickly to the latest threats.

Stephen McGrath

Information Security Analyst
FM Global

2:30-3:00

Track Sessions

Track A
A Conversation with Guest Forrester Senior Analyst Josh Zelonis – Security 2020: Driving Successful Security Outcomes

Join us for a discussion in which our guest speaker, noted Forrester senior analyst Josh Zelonis, explores the rapidly changing IT Security industry – examining future challenges and opportunities, as well as lessons from the past – to help security professionals increase their success. In this conversation, we’ll hear Josh’s perspective on how vulnerability management needs to evolve, investigate organizational considerations, and even take audience questions. It’s sure to be a lively session!

Josh Zelonis

Senior Analyst Serving Security & Risk Professionals
Forrester

Corey Bodzin

Vice President of Product Operations
Tenable

Track B
How to Solve Security Configuration Problems Using Agile

In this talk, we will present an approach from the Vulnerability Management perspective for dealing with security configuration issues using Agile methodologies. We will cover how to address out-of-compliance configuration issues and how to organize various internal IT teams to focus on remediation. Most importantly, we will explain how SecurityCenter and Nessus can be essential parts of the process – showing how Scottrade (owned by TD Ameritrade) leverages SecurityCenter to achieve success and bring systems to an acceptable compliance level. We will start from the construction of the Agile teams and cover building custom configuration files and reports for each Agile team, remediation strategies, and lessons from our mistakes that we hope others can learn from.

Howard Tsui

Senior Threat and Vulnerability Management Engineer
TD Ameritrade

Michael Wallace

Senior Threat and Vulnerability Management Engineer
TD Ameritrade

3:00-3:30
Refreshments and Networking | Attendee Networking Lounge, Brain Bar and Partner Pavilion Open
3:30-4:00

Track Sessions

Track A
From Zero to 1 Million Assets in 100 days

Scanning At Scale! This presentation explains how to go from zero scanners to scanning a million assets with Tenable.io in 100 days. You will understand the main steps and dependencies to quickly scale and federate vulnerability scanning by leveraging the powerful features and flexibility in Tenable.io. We will also cover how to use Tenable.io to quickly get visibility into networks from acquisitions and remote locations.

Clay Keller

Sr. Risk Expert - Cybersecurity
Large Retailer

Track B
Closing the Cyber Exposure Gap – Empowering IT with VM at Scale

Building robust partnerships between Security Operations and IT Operations is critical to Enterprise Vulnerability Management at scale, especially when you're a team of one. Do you handle everything yourself, or do you empower the hundreds or thousands of technicians within your organization?

This talk will focus on performing enterprise-wide vulnerability management on a shoe-string budget – while fully utilizing your technicians across the globe – and managing expectations of C-Levels within your organization. Communicating risk to technicians empowers your team to help close the Cyber Exposure Gap.

Adam Eickhoff

Vulnerability Management Service Lead
Adient

4:00-4:30

Track Sessions

Track A
Vulnerability Scanning at Scale and How DevOps can Help

This session will delve into the strategy and toolset used by Bell to build a large-scale, highly automated vulnerability scanning environment using DevOps principles and Tenable’s open API. This session will also discuss the 500,000 IP address installation of SecurityCenter that Bell is deploying.

Guillaume Ferland

Senior Advisor, Cyber Security
Bell Canada

Track B
A New Approach to Successful Remediation

You open your mailbox to a 178-page report of vulnerabilities. In PDF. I have received this mail, I’ve sent this mail and now I’ve come full circle managing people that send this mail.

Learn how to speak the language of each of your business unit and system owners and properly classify the true risk. Create metrics and goals that celebrate the WINS, not point out the deficiencies. Take the conversation from defensive and overwhelmed to successfully reducing vulnerabilities. Establish a business unit focused holistic approach and learn new ways to communicate results to senior leadership that demonstrate the shared-victory and increase the reputation and value of security.

Sandra Crosswell

CSO/CISO
SonicWall

4:30-5:00

Track Sessions

Track A
The Complete Vulnerability Management Approach
The presenter will address the complete vulnerability management approach needed to run a successful security department and thus diminish the risk of Cyber Exposure. Understanding your environment through live discovery methods such as scanning, a good asset management program based on best-of-breed security practices and partnering with the IT department are all essential to maintaining a strong awareness of your environment. Having a good understanding of your assets within the attack surface is crucial and priority remediation on critical security infrastructure is needed to maintain a safe environment. Continuous visibility is imperative, but so is strategic insight and the validation of success through effective security metrics, reporting and open communication with the senior management and risk management teams. Security is complicated, but with knowledge and understanding of the complete vulnerability management approach, you can reduce the risk of cyber attacks.

Ramin Lamei

Director Information Security
Global Payments

Track B
The Cyber and Business Ecosystem Evolution

Building a strong partnership between cyber security and business has been a process for years. We have all been subjected to cyber security FUD – Fear Uncertainty Death. This style of forcing cyber into business was quick and worked, but was short lived as management shrugged off cyber (Chicken Little). Cyber and business then moved to a forced marriage arrangement as businesses needed to say they had a cyber program to protect themselves (scapegoat). As the two have lived together, they have had to communicate, learn each other’s needs, and work as a team to keep the environment safe (wolf pack). Cyber and business now work in balance to maintain their ecosystem, improving life for all. This analogy shows how two once divergent entities have had to adjust to the other to form the team that manages cyber and business risks, allowing business to prosper.

Kevin Kerr

Chief Information Security Officer
Oak Ridge National Lab

5:15-6:15
An evening with William Shatner
7:00-10:00

Evening Reception at the Grammy Museum

The Grammy Museum
800 W Olympic Blvd A245, Los Angeles, CA
213-765-6800

We will have our reception at The Target Terrace, the fifth floor rooftop of The Grammy Museum (also located inside L.A. Live). The Target Terrace is a modern, outdoor mezzanine with phenomenal views of downtown Los Angeles and the Hollywood sign. Guests will also be able to privately tour the 3rd and 4th floors of the museum itself.

View Website View Map

Times are subject to change