Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, May 15
 

8:00am

Health Care Privacy and Security - Workshop 2, Morning Session
A Data Breach Has Occurred: Do You Know What to Do?

Data breaches are quickly becoming a major threat to the healthcare environment. The steps following a data breach could potentially save your organization thousands of dollars.   If a data breach occurred   at your organization, would you know what to do?  In this training session, you will learn:

  • What constitutes a data breach
  • The most common causes of healthcare data breaches
  • Costs associated with a data breach
  • How to respond to data breach
  • How to assist in preventing a data breach

Speakers
avatar for Fred Cobb

Fred Cobb

Director of Enterprise Solutions, Director of Health Care Compliance, Sword & Shield
William (Fred) Cobb is a senior IT professional with a proven record of IT and business analysis achievements and experience that have involved risk and compliance, systems engineering, systems architecture, regression and new product beta testing, network administration, system and network security, life cycle management, IT project management, and ITIL/ITSM implementation. “Nothing gives me more satisfaction that to... Read More →


Thursday May 15, 2014 8:00am - 12:00pm
Club Room

8:00am

Secure Coding Web Applications Bootcamp - Workshop 1, Morning Session
HTTP Basics and Introduction to Application SecurityInput ValidationSQL and Other InjectionAuthenticationXSS Defense:  The major cause of web insecurity is insecure software development practices. This session will cover the basics of application security software engineering. We will discuss security techniques that all web developers need to master in order to build a security web application. We will cover the security implications of the HTTP protocol, the most fundamental defense of “input validation”, as well as techniques that will protect your software from SQL Injection. We will also cover the creation of a security login mechanism, and will finish with the construction of a secure UI interface with a variety of XSS defense techniques. This session is “language agnostic” and will be beneficial to all web developers.

Speakers
avatar for Jim Manico

Jim Manico

Author and Educator, OWASP volunteer, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a volunteer and former board member for the OWASP foundation. He is the author of "Iron-Clad Java... Read More →


Thursday May 15, 2014 8:00am - 12:00pm
Hiro Room

10:00am

Introductory Computer Forensic Analysis - Workshop 3, Morning Session

In this hands-on lab, we will cover the basic requirements for the identification, collection and preservation of electronic evidence, as well as introductory approaches for analyzing various types of electronic evidence. Attendees will learn how to collect disk, memory and log data using forensic tools. In addition, attendees will learn how to ask answer some of the fundamental questions that come up during an investigation. 

Attendees will develop an understanding of what evidence can be retrieved from a disk image, memory image and log data and how to recognize evidence related to unauthorized activity. You will learn how to determine when a program was executed, when a file was deleted or if a file was opened by a particular user. Memory analysis techniques will cover analyzing processes and network connections, as well as how analyzing malware in memory can provide insight into the malware’s capabilities and behavior. Log analysis will help attendees develop an approach to reviewing logs with the goal of determining the scope of an incident and where to continue to focus their investigation.

Speakers
avatar for Patrick Kelly

Patrick Kelly

Senior Associate, Advisory - Forensics, PwC


Thursday May 15, 2014 10:00am - 12:00pm
Salon 6B

1:30pm

Health Care Privacy and Security - Workshop 2, Afternoon Session
HIPAA Privacy Bootcamp

Basic Training:  HIPAA Privacy Post Omnibus Rule & Beyond
The Omnibus Final Rule implements changes enacted by the HITECH Act and makes other refinements to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules.  Subsequent guidance made further refinements to these rules.  Learn the latest rules and get tips on steps you and your organization should take to maintain compliance with these updated requirements.

Preparing To Survive An OCR Audit
HITECH Act amendments to HIPAA require OCR to audit the compliance of covered entities and business associates with the HIPAA Privacy, Security and Breach Notification Rules.  OCR officials recently have signaled that OCR is preparing to put new teeth in its audit program.   To help participants prepare their organizations for an OCR audit, this session will help participants understand what OCR is likely to ask in an audit by looking at the latest OCR Audit Checklist, resolution agreements and other OCR guidance as well as share practical tips for structuring and documenting compliance audits and other HIPAA compliance activities to help their organization to prepare to respond to an OCR audit or enforcement action.

HIPAA Business Associate Contracting & Risk Management
OCR’s Final Omnibus HIPAA Rule implementing the HITECH Act’s changes to HIPAA’s business associate, breach notification and other rules elevated the complexity and importance of business associate contracting and risk management for both covered entities and their business associates.    This session will examine the business associate coverage, contracting and breach notification requirements of the Final Omnibus HIPAA Rule and discuss contracting and risk management best practices to help covered entities and business associates manage their business associate responsibilities and risks in light of these expanded rules and exposures.

Strengthening Your Defenses Using The Rules Of Legal Evidence

Covered entities, business associates and their privacy, security and other leaders often can help strengthen the defensibility of their compliance and risk management efforts by understanding how rules like the Federal Sentencing Guidelines, evidentiary rules like attorney-client privilege and work-product, the business records exceptions and other rules of legal procedure affect the defensibility of their actions and leveraging this understanding when conducting their compliance, investigations, documentation and other activities to help strengthen their organization’s defenses.



Speakers
avatar for Marcy Zwelling-Aamot, M.D.

Marcy Zwelling-Aamot, M.D.

Physician, -
Attorney and health care management advisor Cynthia Marcotte Stamer has more than 25 years’ experience advising and assisting health care providers, health plans, health care technology, their business associates and other health industry clients about privacy and data security, investigations and enforcement, and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. ... Read More →


Thursday May 15, 2014 1:30pm - 5:30pm
Club Room

1:30pm

Intermediate Computer Forensic Analysis - Workshop 3, Afternoon Session

In this hands-on lab, we will approaches for analyzing various types of electronic evidence. 
Attendees will develop an understanding of what evidence can be retrieved from a disk image, memory image and log data and how to recognize evidence related to unauthorized activity.

Memory analysis techniques will cover analyzing injected processes, creation of IOC’s from indicators in memory and creating timelines from memory images.  Disk analysis will cover techniques to identify when malware was created on the system, when it was executed, identifying signs of lateral movement and other internal reconnaissance activities.  Log analysis techniques will help attendees identify scope of external threat activity and what tools may have been deployed and how were they used to access additional resources.

Attendees will learn how to analyze:

·        Process lists 
·        Network connections 
·        Registry keys used for persistence 
·        Files used by malware 
·        Process injected binaries 
·        Identify configuration files used my malware


Speakers
avatar for Jeffrey Dye

Jeffrey Dye

Manager, Advisory - Forensics, PwC
Jeffrey is a Manager in the Advisory-Forensics practice at PwC with 6 years of experience in the fields of forensic investigations, malware capability, cybercrime and information security consulting. | | He has led multiple computer forensic investigations dealing with PCI/PII data breaches, intellectual property theft, insider threats, extortion, and economic espionage.  Jeffrey has investigated cases in areas... Read More →


Thursday May 15, 2014 1:30pm - 5:30pm
Salon 6B

1:30pm

Secure Coding Web Applications Bootcamp - Workshop 1, Afternoon Session
CSFT/Clickjaking DefenseSecure SDLC and Security ArchitectureCryptographic Storage and TransportMobile Security Basics:  The major cause of web insecurity is insecure software development practices. This session will will cover two web-specific threats, clickjacking and cross site request forgery. We will also cover the the various elements of a software development life-cycle that will guide your organization to secure software.  We will then cover the basics of cryptographic storage and transport and will end with an overview of mobile security considerations. This session is “language agnostic” and will be beneficial to all web developers.

Speakers
avatar for Jim Manico

Jim Manico

Author and Educator, OWASP volunteer, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a volunteer and former board member for the OWASP foundation. He is the author of "Iron-Clad Java... Read More →


Thursday May 15, 2014 1:30pm - 5:30pm
Hiro Room

7:00pm

Opening Reception
Limited Capacity seats available

Join us as we kick off the Summit with an awesome Opening Reception shindig at the Hard Rock Cafe! Space is limited and advance RSVPs a must. Thanks to our sponsor Contrast Security!


Thursday May 15, 2014 7:00pm - 10:30pm
Hard Rock Cafe Universal CityWalk 1000 Universal Studios Blvd. #99 Universal City, CA 91608
 
Friday, May 16
 

7:30am

Registration, Breakfast, Vendor Expo
Pick up your badge and conference materials, enjoy your complementary breakfast, and meet the other attendees before our sessions kick off!


Friday May 16, 2014 7:30am - 8:15am
Garden

8:15am

Welcome Address
Moderators
avatar for David Lam, CISSP

David Lam, CISSP

VP and Summit Co-Chair, ISSA-LA
David Lam has 27 years of experience managing information for small and medium businesses including custom software development, systems management and information security. | | As a CIO and Chief Information Security Officer, David brings a holistic and highly integrated view of technology services to his day-to-day work. David has worked as a consultant, for a university, for a nonprofit and in the corporate... Read More →
avatar for Stan Stahl

Stan Stahl

President, ISSA-LA
Stan Stahl, Ph.D., is President of both Citadel Information Group and the Los Angeles Chapter, Information Systems Security Association.  He is a knowledgeable, articulate, high-energy speaker with the rare gift of being able to describe the complexities of information systems security in a way that makes sense to real-world non-technical business professionals. | | Foreseeing the computer crime tsunami that was to come, Stan co-founded... Read More →

Friday May 16, 2014 8:15am - 8:30am

8:30am

Opening Keynote
Details soon!

Speakers
avatar for Richard A. Clarke

Richard A. Clarke

Chairman & CEO, Good Harbor
Richard Clarke is CEO of Good Harbor Security Risk Management, which advises companies and governments on cyber security. He served for thirty years in the United States Government, including an unprecedented ten continuous years as a White House official, serving three consecutive Presidents. In the White House he was Special Assistant to the President for Global Affairs, Special Advisor to the President for Cyberspace, and National Coordinator... Read More →


Friday May 16, 2014 8:30am - 9:30am
Ballroom A-B-C-D

9:30am

10:00am

When Bad News Happens: Crisis Communications In Times of Breach

Effective external and internal crisis communication planning and execution plays a critical role in how patients, management, and the community react when health care providers, health plans give breach notifications required by HIPAA or other laws or delivering other bad news. Fresh off of his chairmanship of the Parkland Health & Hospital Board Audit Committee through difficult times, strategic communications consultant Eddie Reeves has been spotlighted nationally for his expertise in crisis communications. Eddie will share how you should build and use effective external and internal crisis communication planning and strategies to mitigate the damage to your organization and manage the difficult internal and external communications when you must share the bad news of a breach or other crisis with patients, the media, management, regulators and others in the community. 

 

 


Speakers
avatar for Eddie Reeves

Eddie Reeves

Owner/Principle, Reeves Strategy Group
Eddie Reeves heads Reeves Strategy Group, a strategic communications consultancy that helps corporations, not-for-profits and trade associations develop and execute sophisticated public relations, marketing, public affairs and issues management campaigns that get measurable results. Eddie writes and speaks nationally on effective communications, campaign strategy, social media, employee engagement, leadership... Read More →


Friday May 16, 2014 10:00am - 11:00am
Ballroom B

10:00am

Real-world Website Security Statistics: What Web programming language is the most ‘secure'?
Whenever beginning a new software project the inevitable choice must be made: what programming language(s) or development framework(s) should be used? While it would be nice to select “the most secure” software stack at the start of a project, the vast majority of the time this decision is made for completely different and perhaps even more important reasons. More than likely the software stack decision is basedupon parameters such as: what the development teams are most familiar with; what the current market momentum is around the latest and greatest technology; what will generate code the fastest and maintained
the cheapest; the available talent pool as the project grows; and of course, whatever gets the job done. Everything is considered ahead of security.
 
In this presentation we put this area of application security understanding to the test by measuring how various Web programming languages and development frameworks actually perform ‹ ON THE WEB! To which classes of attack are they most prone, how often and for how long; and, how do they fare against popular alternatives? Is it really true that the most popular modern languages and frameworks yield similar results in production websites?
 
By analyzing the vulnerability assessment results of more than 30,000 websites under management with WhiteHat Sentinel, we begin to answer at least some of these questions. These answers may enable the application security community to ask better and deeper questions, which will eventually lead to more secure websites. Organizations deploying these technologies can have a closer look at particularly risk-prone areas; software vendors may focus on areas that are found to be lacking; and, developers can increase their 
familiarity with the strength and weaknesses of their technology stack.

Speakers
avatar for Jeremiah Grossman

Jeremiah Grossman

Founder, WhiteHat Security
Jeremiah Grossman is the Founder and iCEO of WhiteHat Security, where he sets overall company vision and oversees day to day operations. Over the last decade, Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, Forbes, NY Times and hundreds of other media outlets around the world. | | As a well-known security expert and industry veteran, Mr... Read More →


Friday May 16, 2014 10:00am - 11:00am
Ballroom C-D

10:00am

Panel: Creating a Path for Success for Today's Women in Security
Why is a SIG needed, or any special group for women in security? We'll answer that and more. This panel will explore what might be holding women back in their security careers today, how we can explore new or expanded careers, share examples of how we can support each other, how we can build a pipeline, how we can engage more women successfuly in our field, and how we can invite more women inside. We'll share best practices to help you succeed, and ways you can connect in your own business environment. This will be interactive, with audience questions collected before and during the session, to direct to our Women in Security panelists.
 

Moderators
avatar for Debbie Christofferson, CISSP, CIPP/IT, CISM

Debbie Christofferson, CISSP, CIPP/IT, CISM

Debbie is a global cyber security leader with a long history of successful enterprise management in large distributed organizations--Intel Corporation, the Apollo Education Group and the State of Arizona. She is experienced with processes and technology required to create and support a successful security program. Debbie is an ISSA Distinguished Fellow and a Board Director for ISSA International. She has served as... Read More →

Speakers
avatar for Martha Daniel

Martha Daniel

Founder, President & CEO, IMRI
Ms. Daniel’s technology career has spanned both corporate and government sectors.  In 1992, she founded IMRI to provide technical support for the Southern California Resolution Trust Corporation's (RTC) legal litigation teams.  Her leadership, perseverance and vision expanded IMRI into systems integration during the Year 2000 crisis.  Today IMRI delivers comprehensive cyber security, technology, program management and... Read More →
avatar for Andrea Hoy

Andrea Hoy

Chief Information Security Officer, SchoolsFirst Federal Credit Union
Andrea recently joined SchoolsFirst Federal Credit Union as their Chief Information Security Officer.  SchoolsFirst is the fifth largest credit union in the country, serving 500,000 members, with over $10B in assets.  Additionally, Andrea's leadership positions in information security and business continuity include companies such as Fluor, Rockwell International, Boeing, McDonnell Douglas, Lifton, and a security consultant to companies... Read More →
avatar for Maria C. Suarez

Maria C. Suarez

Director Information Security, University of Southern California
Maria C. Suarez is responsible for leading the information security program development for USC.  USC consists of 8 international campuses across 4 continents and the health sciences campus. This includes 15 affiliated hospitals and academic medical research center, consisting of two acute care hospitals with 471 beds, a community hospital with 158 beds, 5 outpatient facilities, and physician practices throughout Los Angeles, Orange and... Read More →
avatar for Maria Vello

Maria Vello

Director, CEO, National Cyber-Forensic & Training Alliance (NCFTA)
Ms. Maria Vello‐CISSP, CEO and President of the NCFTA, with more than 25 years of experience in the design, integration, and implementation of global corporate systems, security, and networks, Ms Vello was the Chief Executive Officer and President of SCS, Inc.  She was a charter member of AT&T’s newly formed subsidiary, American Bell (AT&T Information Systems, Inc.).  During her career with AT&T and... Read More →


Friday May 16, 2014 10:00am - 11:00am
Hiro Room

10:00am

Evasions, how do they work?
First came the system, then the system was hacked. Next came the defense, and the defense was
bypassed. Today's defenders are in an ever increasing arms race with attackers, and the attackers arewinning. As new defense strategies come to market, new ways to evade and bypass them follow soon after. In this talk we explore why detecting attacks and defending targets is so difficult, how increasingly clever evasion techniques are being successfully used by attackers, and why evasion detection should be a consideration in any modern defense system if it is to be effective.

Speakers
avatar for D0n Quix0te

D0n Quix0te

Senior Network and IT Security Architect
D0n Quix0te is the author and creator of OMENS. He has more than 25 years of experience in architecting, installing, maintaining, and defending high value targets. Currently he is an Incident Response Analyst for a Fortune 500 entertainment company. Prior to that he spent more than 20 years architecting and securing systems for NASA and Lockheed.


Friday May 16, 2014 10:00am - 11:00am
Club Room

10:00am

Panel Discussion: Executive Roundtable: Information Security Strategies for Executives and their Boards
NOTE: Attendance at the Executive Roundtable is limited to those people registered for The Executive Forum.

Moderators
Speakers
avatar for Joseph Esposito

Joseph Esposito

Assistant District Attorney, County of Los Angeles
Joseph Esposito joined the Los Angeles County District Attorney’s Office in 1989 and is currently a member of District Attorney Jackie Lacey’s Executive Management Team. During his 24 years a prosecutor he has served as a felony trial deputy in Central Trials, the Hardcore Gang Division and the Hate Crimes Suppression Unit. He has also served as Special Assistant to the Director of Central Operations... Read More →
avatar for George Johnson, CISSP

George Johnson, CISSP

Chief Security Officer, NC4
Mr. Johnson has worked in information technology and information security for over 15 years. In 1996, as acting Webmaster at the Defense Advanced Research Projects Agency (DARPA) and while working in the Security and Intelligence Office, network security, Mr. Johnson implemented the Extranet for Security Professionals as a proof of concept “secure web application” to secure collaboration and information sharing for the National... Read More →
avatar for Dan Meacham

Dan Meacham

Cyber Security and Compliance Officer, Legendary Entertainment
A highly accomplished information security leader with more than 15 years of experience protecting information assets, risk management, incident management and compliance management, Dan Meacham is recognized as a top contributor to the information security community through support and advisory board membership at the University of Dallas, Texas A & M University, UCLA Extensions and VHA, Meacham’s... Read More →
avatar for Stan Stahl

Stan Stahl

President, ISSA-LA
Stan Stahl, Ph.D., is President of both Citadel Information Group and the Los Angeles Chapter, Information Systems Security Association.  He is a knowledgeable, articulate, high-energy speaker with the rare gift of being able to describe the complexities of information systems security in a way that makes sense to real-world non-technical business professionals. | | Foreseeing the computer crime tsunami that was to come, Stan co-founded... Read More →


Friday May 16, 2014 10:00am - 11:30am
Ballroom A

11:00am

Healthcare Evolution, Challenges and Road-map for Identity in Healthcare

Fraud, quality, continuity, and the cost of providing care are some of the most significant issues facing the Healthcare industry today. It is not only patients that are affected, but all of society as we try to balance both moral and fiscal obligations.

Central to these challenges is being able to correctly identify those who provide and receive care. The inability to have a high degree of trust in knowing that the right person is receiving care, the right care, or the provider actually performing the procedures they are billing for translates into billions of dollars of fraud.

The reality is that their medical records are now in part or in whole, digital in various system repositories. Merging the legacy physical identity model with the growing digital one is very difficult, not only resulting in fraud but missed opportunities to improve care and lower costs.

This session will review key concepts of digital identity in healthcare and how forces such as HIPAA, Meaningful Use, ePrescribing and others are poised to change the way most organization approach and implement an identity  program. Also to be reviewed are security concepts within identity, credentialing, use cases and fundamental concepts in Trust Frameworks that will play a central role in the provider, payer and patient landscape.

Attendees learn how to better assess their current state of preparedness, improve dialogue of cross-departmental stakeholders, and take away key points for next steps on a long-term strategic plan. 

 


Speakers
avatar for Terry Gold

Terry Gold

Founder, IDanalyst LLC
Terry is a subject matter expert in digital identity management, authentication, and access control in both physical and information-based environments. For the last ten years, he has been dedicated to developing strategies for some of the largest companies and agencies in the world concerning their planning and execution of identity and credentialing strategies and vulnerability assessments. He is the founder of IDanalyst, a... Read More →


Friday May 16, 2014 11:00am - 12:00pm
Ballroom B

11:00am

Leverage the Cloud Security Alliance for Cloud Security
The Cloud Security Alliance (CSA) is a not-for-profit consortium that promotes best practices and security assurance in cloud computing. In this talk we'll take a look at some of the critical documentation and initiatives in the CSA that organizations can use to support their cloud security strategy. We will cover the CSA security guidance, cloud controls matrix (CCM, consensus assessments initiatives questionnaire (CAIQ) and the CSA Security, Trust and Assurance Registry (STAR).

Speakers
avatar for Diana Kelley

Diana Kelley

Application Security Strategist, AppScan and Faculty member, IANS
Diana Kelley is the Application Security Strategist for IBM's AppScan product family. She is an internationally recognized security expert with 20 years of IT security experience. She founded her own consulting firm, SecurityCurve in 2003 to provide risk-focused advisory services to enterprises and deliver strategic, competitive knowledge to security software vendors. She was VP and service director for the Security and Risk Management Strategies... Read More →


Friday May 16, 2014 11:00am - 12:00pm
Ballroom C-D

11:00am

Confessions of a Social Engineer: Why Developers Are My Favorite Target
Social engineers use a dangerous combination of technology and old-fashioned con artistry to 
infiltrate organizations every day. In this talk we'll walk through the social engineering process 
including research, target selection, attack selection, and attack execution. Learn to see the world 
through the eyes of a social engineer and prevent yourself from being a victim.

Speakers
avatar for Valerie Thomas

Valerie Thomas

Senior Information Security Consultant, Securicon LLC
Valerie Thomas is a Senior Information Security Consultant for Securicon LLC that specializes in social engineering and physical penetration testing. After obtaining her bachelor's degree in Electronic Engineering, Valerie led information security assessments for the Defense Information Systems Agency (DISA)  before joining private industry. Throughout her career, Valerie has conducted  penetration tests, vulnerability... Read More →


Friday May 16, 2014 11:00am - 12:00pm
Hiro Room

11:00am

Securing the SDLC in the Real World
The earlier you address security in the engineering of software, the less expensive it will be for your organization. There are many who will tell you that you need to change all of your current processes around building software so it is more secure. Many of those forces are consultants charging high rates to help you deeply modify what you are doing today. This talk will will take the opposite approach. How can you add a few reasonable and mostly lightweight processes to how you build software today to make it more secure? Software development is like driving a boat. You need to look ahead make small changes to steer effectively.

Speakers
avatar for Jim Manico

Jim Manico

Author and Educator, OWASP volunteer, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a volunteer and former board member for the OWASP foundation. He is the author of "Iron-Clad Java... Read More →


Friday May 16, 2014 11:00am - 12:00pm
Club Room

11:45am

Executive Forum Lunch and Presentation
NOTE: Attendance at the Executive Lunch and Jackie Lacey’s talk is limited to those people registered for The Executive Forum.
 

Speakers
avatar for Jackie Lacey

Jackie Lacey

District Attorney, Los Angeles County.
District Attorney Jackie Lacey has spent most of her professional life as a prosecutor, manager, and executive in the Los Angeles County District Attorney’s Office. | On December 3, 2012, she was sworn in as the 42nd District Attorney. Ms. Lacey oversees roughly 1,000 lawyers, nearly 300 investigators and about 800 support staff employees. She is the first woman and first African-American to serve as Los Angeles County... Read More →



Friday May 16, 2014 11:45am - 1:30pm
Ballroom A

12:00pm

12:30pm

Lunchtime Presentation: Information Security Challenges in a Large Academic Medical Center

Information security management in a large academic medical center requires the ability to dynamically balance several conflicting business needs as well as trying to deal with decentralized workforce control and the research equivalent of “mergers and acquisitions” that may involve the on-boarding or off-boarding of entire labs, including staff and computer equipment that may not meet security standards. Our experience indicates that once computers are purchased with grant funds, rarely is there a way to get the grant to pay for upgrades or refreshes beyond the funding period of the grant, so it’s not uncommon to have very old computers that cannot be updated with current security patches. Additionally, the current research funding models foster multi-institution collaborate so it's not uncommon to have to setup shared access to documents and very large data sets with collaborators both nationally and internationally.

At times, it’s tempting to say “No, HIPAA won’t let you do that” but that may gloss over legitimate research or other academic requirements, with the result that very clever people find loopholes or workarounds that can make a network more insecure than the original request. The trick is to truly understand the academic/research requirements and collaborate with researchers to help develop a solution. In this presentation, we will review some strategies including setting up isolated networks, subsidizing the cost of centrally-managed storage, and upgrades, and establishing safety nets to compensate for gaps in access management. 


Speakers
avatar for Dr. Spencer Soohoo, Ph.D.

Dr. Spencer Soohoo, Ph.D.

Chief Security Officer and Director, Scientific Computing, Cedars-Sinai Health Systems
Spencer L.  SooHoo, PhD holds two roles at Cedars-Sinai Health Systems:  Chief Security Officer and Director, Scientific Computing.    Dr. SooHoo has been with Cedars-Sinai for over 36 years, starting first as a biomedical engineer, then a research scientist in pulmonary medicine before moving into IT to manage a research computing facility at Cedars-Sinai before it was merged with the enterprise IT organization. ... Read More →


Friday May 16, 2014 12:30pm - 1:30pm
Ballroom B

1:15pm

Latest Updates from the ISSA Int’l. Board
This year we are fortunate to have three members of the ISSA International Board of Directors speaking on the exciting and big changes that will be hapening to ISSA, starting this month. If you are an ISSA member, or care about this leading worldwide security organization, don't miss this session.

Speakers
avatar for Debbie Christofferson, CISSP, CIPP/IT, CISM

Debbie Christofferson, CISSP, CIPP/IT, CISM

Debbie is a global cyber security leader with a long history of successful enterprise management in large distributed organizations--Intel Corporation, the Apollo Education Group and the State of Arizona. She is experienced with processes and technology required to create and support a successful security program. Debbie is an ISSA Distinguished Fellow and a Board Director for ISSA International. She has served as... Read More →
avatar for Andrea Hoy

Andrea Hoy

Chief Information Security Officer, SchoolsFirst Federal Credit Union
Andrea recently joined SchoolsFirst Federal Credit Union as their Chief Information Security Officer.  SchoolsFirst is the fifth largest credit union in the country, serving 500,000 members, with over $10B in assets.  Additionally, Andrea's leadership positions in information security and business continuity include companies such as Fluor, Rockwell International, Boeing, McDonnell Douglas, Lifton, and a security consultant to companies... Read More →
avatar for Ira Winkler

Ira Winkler

President, Secure Mentem and President, ISSA-International
Ira Winkler, CISSP is President of Secure Mentem. He is considered one of the | world’s most influential security professionals, and has been named a “Modern | Day James Bond” by the media. Ira is one of the foremost experts in the human | elements of cyber security and is known for the extensive espionage and social | engineering simulations that he has conducted for Fortune 500 companies | globally. He continues to perform... Read More →


Friday May 16, 2014 1:15pm - 1:30pm
Ballroom C-D

1:30pm

Connecting the Dots: Wrap Up, Tips & Insights from the Expert Panel

A panel of speakers and other experts will reunite to help participants pull it all together and connect the dots. Panelist will share their perspectives, insights and tips on questions on knotty real world channels like strategies and best practices for dealing with management and interdepartmental challenges, managing risk on a limited budget, EMR, mobile device and other decision making and audience questions.


Moderators
avatar for Marcy Zwelling-Aamot, M.D.

Marcy Zwelling-Aamot, M.D.

Physician, -
Attorney and health care management advisor Cynthia Marcotte Stamer has more than 25 years’ experience advising and assisting health care providers, health plans, health care technology, their business associates and other health industry clients about privacy and data security, investigations and enforcement, and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. ... Read More →

Speakers
avatar for James Brady

James Brady

Area Chief Information Officer, Kaiser Permanente Orange County
James is the Area CIO at Kaiser Permanente Orange County, where he oversees the information technology for the 262-bed Anaheim and 150-bed Irvine Medical Centers, 22 medical offices, 960 physicians, 6,400 employees, and over 468,000 health plan members. Prior to coming to Kaiser Permanente, he was the Chief Information Security Officer and Director of Technical Services at Hawaii Health Systems Corporation in... Read More →
avatar for Terry Gold

Terry Gold

Founder, IDanalyst LLC
Terry is a subject matter expert in digital identity management, authentication, and access control in both physical and information-based environments. For the last ten years, he has been dedicated to developing strategies for some of the largest companies and agencies in the world concerning their planning and execution of identity and credentialing strategies and vulnerability assessments. He is the founder of IDanalyst, a... Read More →
avatar for Eric Read,CISA, CISM, CGEIT

Eric Read,CISA, CISM, CGEIT

Associate Director of Audit, Risk Management and Compliance, UnitedHealth Care
Eric Read began his IT career in 1974, programming punch-cards in Fortran and COBOL on an IBM/370. He continued in application development for a decade (C, C++), until he moved into day to day management of a VAX/VMS computer operations center. | | Mr. Read moved into network operations in 1992, and as a network and security architect, provided the design and project management for many of the world’s largest Hotel/Casinos... Read More →
avatar for Eddie Reeves

Eddie Reeves

Owner/Principle, Reeves Strategy Group
Eddie Reeves heads Reeves Strategy Group, a strategic communications consultancy that helps corporations, not-for-profits and trade associations develop and execute sophisticated public relations, marketing, public affairs and issues management campaigns that get measurable results. Eddie writes and speaks nationally on effective communications, campaign strategy, social media, employee engagement, leadership... Read More →
avatar for Brenda Rose, CISSP

Brenda Rose, CISSP

Enterprise Information Services IT Security Manager, Cedars-Sinai Health System
Certified Information Systems Security Professional who currently holds position of Enterprise Information Services IT Security Manager for Cedars-Sinai Health System. An information technologyexpert with 25+ years of diverse experience in technology and healthcare industry sectors. Proficient in all facets of Information Assurance and in many areas of regulatory compliance including HIPAA, PCI, SOX and international frameworks... Read More →
avatar for Dr. Spencer Soohoo, Ph.D.

Dr. Spencer Soohoo, Ph.D.

Chief Security Officer and Director, Scientific Computing, Cedars-Sinai Health Systems
Spencer L.  SooHoo, PhD holds two roles at Cedars-Sinai Health Systems:  Chief Security Officer and Director, Scientific Computing.    Dr. SooHoo has been with Cedars-Sinai for over 36 years, starting first as a biomedical engineer, then a research scientist in pulmonary medicine before moving into IT to manage a research computing facility at Cedars-Sinai before it was merged with the enterprise IT organization. ... Read More →


Friday May 16, 2014 1:30pm - 2:30pm
Ballroom B

1:30pm

Security for the "Gave Up" Generation
Any day of the week, a glance at your favorite newsoutlet will reveal another story of a well-known company beingcompromised. In fact, organizations are compromised with suchregularity that we have accepted it as being the status quo. Some evengo as far as suggest that we simply give up the idea of preventingattackers and embrace the singular hope of detecting early andexisting compromises. This presentation will not be based on theorybut on practical examples using a variety of recent breaches, malware,exploits and vulnerabilities as case studies. You will walk away withquestions, ideas, and tools to help find the right balance ofproactive and defensive security for your own organization.

Speakers
avatar for Marc Maiffret

Marc Maiffret

Chief Technology Officer, BeyondTrust
Marc leads BeyondTrust's Advanced Research labs, responsible for identifying new trends in enterprise security for the benefit of the BeyondTrust product roadmap. Marc Maiffret joined BeyondTrust via the acquisition of eEye Digital Security, which he co-founded in 1998 and served as Chief Technology Officer. | | Marc is an industry visionary having created one of the first Vulnerability Management and also Web Application Firewall... Read More →


Friday May 16, 2014 1:30pm - 2:30pm
Ballroom C-D

1:30pm

Gamifying Security Awareness

Users are the most vulnerable link if information systems security, probably because the level of security awareness is extremely poor. Most security awareness programs fail, because they focus on pushing information to people who are less than enthusiastic about receiving it. A properly designed awareness program doesn’t have to be that way, however most programs seem to focus on meeting compliance requirements than actually changing behaviors. Gamification is the practice of applying game principles to business problems; it is not developing a video game. By gamifying security awareness, your users want to practice good security behaviors and voluntarily seek out additional security related training.

This presentation will discuss how to create security awareness programs, and implement gamification techniques that actually make security awareness fun for people. Actual examples of successful gamification techniques will be presented.


Speakers
avatar for Samantha Manke

Samantha Manke

Executive Vice President and Chief Knowledge Officer, Secure Mentem
Samantha Manke is Executive Vice President and Chief Knowledge Officer of Secure | Mentem, where she leads the development of customized security awareness | programs. Previously, she co-designed and implemented highly acclaimed security | awareness programs at several Fortune 500 companies. Samantha was awarded a | Master’s degree in Security Technologies from the University of Minnesota. She has | become known for her groundbreaking... Read More →
avatar for Ira Winkler

Ira Winkler

President, Secure Mentem and President, ISSA-International
Ira Winkler, CISSP is President of Secure Mentem. He is considered one of the | world’s most influential security professionals, and has been named a “Modern | Day James Bond” by the media. Ira is one of the foremost experts in the human | elements of cyber security and is known for the extensive espionage and social | engineering simulations that he has conducted for Fortune 500 companies | globally. He continues to perform... Read More →


Friday May 16, 2014 1:30pm - 2:30pm
Ballroom A

1:30pm

Enabling a Smart Protection Strategy
When one third of American’s are presumed to be affected by the impact of a single targeted attack, we have to admit that we are in an age where the cyber attackers have the advantage.  Hackers today have easy access to expertise and cyber weapons and low penalty for failure as they launch campaigns on businesses of all sizes. At the same time, IT and security organizations are resource constrained, have a growing number of points to defend and live with the fear of becoming the next Target with high cost and consequence of failure to protect their organizations.  For the past 26 years, Trend Micro has been laser focused on helping customers find new ways to defend against ever evolving threats. Learn how a Smart Protection Strategy can help you defend your enterprise.  

Speakers
avatar for Phil DuRall

Phil DuRall

Senior Sales Engineer, TrendMicro
Phil DuRall  has over 20 years of experience in the high-tech industry, with the last 12 focused on computer, network and cyber security. Mr. DuRall has been a technical advisor to a variety of Fortune 50 enterprise corporations in the Western United States supporting them on technologiesthat span across optimized security for... Read More →


Friday May 16, 2014 1:30pm - 2:30pm
Hiro Room

1:30pm

Attack-Driven Defense
Abstract: "Traditionally, defense has been approached without enough emphasis on countering
real world attack behaviors. This presentation will cover new network defense techniques 
from an attack perspective, specifically focusing on building detection systems around initial 
compromise, persistence/C2, and lateral movement. It will discuss practical methods of alerting 
on both host and network level persistence, what works (and what doesn’t!) with network 
traffic anomaly analysis, and useful approaches for correlating weak and strong attack signals. 
Finally, this presentation will demonstrate effective ways to reduce organizational attack surface, 
simulate realistic adversaries, and increase cost for attackers."

Speakers
avatar for Zane Lackey

Zane Lackey

Founder/CSO, Signal Sciences
Zane Lackey is the Founder/CSO at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. Prior to Signal Sciences, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners. He has been featured in notable media outlets such as the BBC, Associated Press, Forbes, Wired, CNET,Network World, and SC... Read More →


Friday May 16, 2014 1:30pm - 2:30pm
Club Room

2:30pm

3:00pm

Panel Discussion: Privacy and Security in the Age of NSA and Snowden
Snowden’s actions have led to a “reinvigorated” interest in government oversight. Privacy advocates are concerned about both corporate data collection and government spying. What trade-offs are the American people willing to live with? Are trade-offs, however, actually needed? Can our country be both safe and our citizens’ privacy protected? We have assembled a panel of experts who can address all aspects of this crucial issue.

Moderators
avatar for Yev Avidon

Yev Avidon

Vice President, 2016 Board of Directors, ISSA-LA Chapter
Yev Avidon is the Security Summit 2016 Co-Chair and Vice President for ISSA-LA Chapter. He is an information privacy, security and compliance professional. Yev started his career as an IT auditor working at major players in Finance and Healthcare industries. Pursuing his career further, Yev moved to information security and risk management working for a large media and telecommunication companies. Throughout his career, Yev has been involved with... Read More →

Speakers
avatar for Alex Abdo

Alex Abdo

Staff Attorney, Speech, Privacy, and Technology Project, ACLU
Alex Abdo is a Staff Attorney in the ACLU’s Speech, Privacy, and Technology Project. He is counsel in the ACLU’s ongoing challenges to the NSA’s phone-records program and to the FISA Amendments Act. He has been involved in the litigation of cases concerning the Patriot Act, the Foreign Intelligence Surveillance Act, the International Emergency Economic Powers Act, and the treatment of detainees in... Read More →
avatar for Stewart Baker

Stewart Baker

Partner, Steptoe & Johnson LLP
Stewart Baker practices law at Steptoe & Johnson in Washington, D.C. His law practice covers matters such as homeland security, international trade, cybersecurity, data protection, travel industry regulation, and foreign investment regulation. He is the author of Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism, and he blogs on law, cybersecurity, and privacy at www.skatingonstilts.com. He has... Read More →
avatar for Nate Cardozo

Nate Cardozo

Senior Staff Attorney, Electronic Frontier Foundation
NATE CARDOZO is a Senior Staff Attorney on the Electronic Frontier Foundation’s digital civil liberties team. In addition to his focus on free speech and privacy litigation, Nate works on EFF's Who Has Your Back? report and Coders' Rights Project. Nate has projects involving cryptography and the law, automotive privacy, government transparency, hardware hacking rights, anonymous speech, electronic privacy law reform, Freedom of Information... Read More →
avatar for Monica E. Ryan

Monica E. Ryan

Chief, Privacy and Civil Liberties Unit
Monica Ryan is the Chief of the Privacy and Civil Liberties Unit in the FBI’s Office of the General Counsel, and she currently serves as the Privacy and Civil Liberties Officer for the FBI.  Ms. Ryan provides advice and counsel to FBI Headquarters Divisions and Field Offices regarding compliance with federal laws protecting individual privacy, including the Privacy Act, Section 208 of the E-Government Act and the Federal Information... Read More →
avatar for Stan Stahl

Stan Stahl

President, ISSA-LA
Stan Stahl, Ph.D., is President of both Citadel Information Group and the Los Angeles Chapter, Information Systems Security Association.  He is a knowledgeable, articulate, high-energy speaker with the rare gift of being able to describe the complexities of information systems security in a way that makes sense to real-world non-technical business professionals. | | Foreseeing the computer crime tsunami that was to come, Stan co-founded... Read More →


Friday May 16, 2014 3:00pm - 4:00pm
Ballroom B-C-D

4:00pm

Closing Keynote: Privacy, Secrecy, and Democracy
The debate swirling around Edward Snowden's disclosures is primarily
focused on citizen privacy in the growth of a surveillance state. The
question we ask is a more philosophical one: in a democratic society
whose privacy must be guarded and from what? Is privacy dead, can
it be saved, or should it be killed?

Speakers
avatar for Marcus Ranum

Marcus Ranum

Chief Security Officer, Tenable Security, Inc.
Marcus J. Ranum, Chief Security Officer of Tenable Security, Inc.,is a world-renowned expert on security system design and implementation. Since the late 1980's, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from... Read More →


Friday May 16, 2014 4:00pm - 4:45pm
Ballroom B-C-D

5:00pm

Closing Address
Speakers
avatar for Yev Avidon

Yev Avidon

Vice President, 2016 Board of Directors, ISSA-LA Chapter
Yev Avidon is the Security Summit 2016 Co-Chair and Vice President for ISSA-LA Chapter. He is an information privacy, security and compliance professional. Yev started his career as an IT auditor working at major players in Finance and Healthcare industries. Pursuing his career further, Yev moved to information security and risk management working for a large media and telecommunication companies. Throughout his career, Yev has been involved with... Read More →


Friday May 16, 2014 5:00pm - 5:15pm
Ballroom B-C-D

5:15pm

Closing Cocktail Reception and Raffle Drawings
Join us as we enjoy cocktails and hors d'oeuvres and then a frenzy of raffle drawings! You must be present to win!


Friday May 16, 2014 5:15pm - 6:30pm
Ballroom A-B