Client Portal
| Become a Client

Symposium Replays

Led by IANS Faculty experts, our symposiums are half-day virtual and in-person deep dives of technical and operational information security topics. Symposiums are free of vendor presence and are open to IANS Decision Support clients and invited guests. These recordings represent the most popular symposium topics that we’ve produced this year.


Advancing Cloud Security: A Roadmap

with Mike Rothman, IANS Faculty

In this Virtual Symposium, Mike Rothman begins with an overview of the IANS/Securosis Cloud Security Maturity Model and then explores fresh guidance to improve SecOps and DevOps in the cloud, including:

  • How to build an automation framework for SecOps in the cloud
  • How to build a library of design patterns that development teams can use to develop stronger code in the cloud
  • How to know when you’ve reached the point where you don’t have to be involved because everything is being built into code and infrastructure


Effectively Leveraging MITRE ATT&CK

with Dave Kennedy, IANS Faculty

In this Virtual Symposium, Dave Kennedy begins with an overview of how the MITRE ATT&CK framework works and then delves into several key areas, including:

  • Its applications for purple teaming, threat modeling/hunting, tool selection, and vulnerability management
  • Sigma, Caldera and Red Canary – where they fit in
  • Commercial tools for attack simulation
  • Making MITRE ATT&CK part of your daily process


Security Learns to Sprint: DevSecOps

with Tanya Janca, IANS Faculty

In this Virtual Symposium, Tanya Janca argues that DevOps could be the best thing to happen to application security since OWASP – if developers and operations teams are enabled to make security a part of their everyday work. Tanya explains how to build security into each of "The Three Ways":

  • Automating and/or improving efficiency of all security activities to ensure we don’t slow down developers
  • Speeding up feedback loops for security related activities so that we fix the bugs faster and sooner
  • Providing continuous learning opportunities in relation to security, for both teams


Zero Trust Principles in Action

with Wolfgang Goerlich, IANS Faculty

In this Virtual Symposium, Wolfgang Goerlich breaks down Zero Trust principles into the basic components and addresses:

  • Establishing the need for Zero Trust and examining the risks that organizations face
  • How the landscape is changing for things like SIEM, SOAR, UEBA, SOAP and authentication protocols
  • Zero Trust and people, the risks it addresses, the journey to implement it, and metrics to measure success and drive the program forward
  • How to apply Zero Trust principles when managing IoT and other devices, including printers and those used for medical and manufacturing purposes

Expertise:

  • Developing Application Security Programs
  • Secure Code and Design training for software developers
  • Creating and advising DevSecOps Pipelines and strategies
  • Web App Security testing (PenTests) and security Assessments

Tanya Janca

IANS Faculty

Tanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and ‘Cards Against AppSec'. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software.

Achievements & Noteworthy Contributions

  • Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMonday
  • Best-Selling Author of Alice and Bob Learn Application Security
  • CISO for 2015 Canadian General Election
  • 13.5 years’ service to the Canadian Public (Government), 25 years in tech
  • Numerous awards: Public Speaking, Security Leadership, Mentoring Leader, Hacker of the Year, DevSecOps Inspiring Individual, etc. from various organizations
  • Spoken and keynoted at security conferences, meetups, and training events the world over
  • Authored 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and ‘Cards Against AppSec'

Hobbies & Fun Facts

Tanya is also an avid gardener with a small hobby-farm and will sing karaoke any chance she gets.

wolfgang-goerlich

Expertise:

  • Zero Trust
  • Identity & Access Management
  • Multi-factor Authentication
  • Single Sign On
  • Privileged Access Management

Wolfgang Goerlich

IANS Faculty

J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.

Achievements & Noteworthy Contributions

  • InfoWorld Leadership for DevOps and Cloud
  • IDG Best Practices in Infrastructure Management
  • Microsoft Most Valuable Professional (MVP) for Enterprise Security
  • Contributed to NIST standards for digital identity (SP 800-63) and zero trust (SP 800-207)
  • Former organizer of annual BSides and Converge conferences in Detroit

Certifications & Credentials

  • CISSP - (ISC)2
  • Certified Information Systems Auditor (CISA) - ISACA
jake-williams

Expertise:

  • Incident Response
  • Digital Forensics
  • Threat Modeling
  • Penetration Testing
  • Security Architecture

Jake Williams

IANS Faculty

Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.

Achievements & Noteworthy Contributions

  • Two-Time Winner of the Annual DC3 Forensics Challenge
  • Speaker at information security conferences such as Black Hat, DEF CON, ShmooCon, RSA, and DC3
  • Designated a Master Computer Network Exploitation (CNE) Operator by the NSA
  • Former Vulnerability Analyst at US Department of Defense
  • Former Senior Systems Engineer at Dell Services

Certifications & Credentials

  • MSIA, Information Assurance –Capitol College
  • GSE, GSNA, GCFE, GREM, GCWN, GCIA, GCIH, GPEN, GCFA, GXPN, GSEC –GIAC
mike-rothman

Expertise:

  • Cloud Security Practices & Maturity
  • Security Program Building & Management
  • Security Monitoring & SIEM
  • Security Automation & SOAR
  • Email & Web Security

Mike Rothman

IANS Faculty

Mike is the Chief Strategy Officer and GM of Techstrong. Formerly Mike served as President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Achievements & Noteworthy Contributions

  • Author of The Pragmatic CSO, which details how technical security practitioners can thrive as a CISO
  • Spearheaded META Group’s initial foray into information security research
  • Founded and acted as President of Security Incite, an information security analyst firm
  • Founded SHYM Technology, a pioneer in the PKI software market
  • Held Marketing and Strategy positions at CipherTrust, TruSecure, and eIQ Networks

Certifications & Credentials

  • BS, Operations Research and Industrial Engineering – Cornell University

Hobbies & Fun Facts

Mike has been to 23 of the past 24 RSA Conferences. Of the 1000+ talks Mike has given over the years, he is most proud of the mindfulness talk he gave at RSA in 2014 (Google "Rothman RSA Neurohacking”).

dave-kennedy

Expertise:

  • Penetration Testing
  • Incident Response
  • Digital Forensics
  • Cybersecurity Program Management
  • Security Research & Tool Development

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.


Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Achievements & Noteworthy Contributions

  • Founding Member of the Penetration Testing Execution Standard (PTES)
  • Co-Author of Metasploit: The Penetration Testers Guide (2011)
  • Guest appearances on Fox News, CNN, CNBC, MSNBC, Huffington Post, Bloomberg, BBC, and other high-profile media outlets
  • Presenter at information security conferences such as Black Hat, RSA, DEF CON, ShmooCon, INFOSEC World, ISACA, ISSA, United Security Summit, INFOSEC Summit, Hack3rCon, BSides, and DerbyCon, which he co-created and expanded into DerbyCon Communities

Certifications & Credentials

  • BA, Business Management – Malone University
  • CISSP – (ISC)2
  • Qualified Security Assessor (QSA) – PCI Security Standards Council
  • ISO/IEC 27001 Certified – ISO
  • GSEC - GIAC
  • Certificate Professional (OSCP) & Certified Expert (OSCE) – Offensive Security
  • Global Information Assurance Gold Certification
  • Microsoft Certified Solutions Expert (MCSE) – Microsoft
 

Want to know more? Let us know how we can help you.

 Privacy Statement.*