Symposium Replays

Led by IANS Faculty experts, our symposiums are half-day virtual and in-person deep dives of technical and operational information security topics. Symposiums are free of vendor presence and are open to IANS Decision Support clients and invited guests. These recordings represent the most popular symposium topics that we’ve produced this year.


Advancing Cloud Security: A Roadmap

with Mike Rothman, IANS Faculty

In this Virtual Symposium, Mike Rothman begins with an overview of the IANS/Securosis Cloud Security Maturity Model and then explores fresh guidance to improve SecOps and DevOps in the cloud, including:

  • How to build an automation framework for SecOps in the cloud
  • How to build a library of design patterns that development teams can use to develop stronger code in the cloud
  • How to know when you’ve reached the point where you don’t have to be involved because everything is being built into code and infrastructure


Effectively Leveraging MITRE ATT&CK

with Dave Kennedy, IANS Faculty

In this Virtual Symposium, Dave Kennedy begins with an overview of how the MITRE ATT&CK framework works and then delves into several key areas, including:

  • Its applications for purple teaming, threat modeling/hunting, tool selection, and vulnerability management
  • Sigma, Caldera and Red Canary – where they fit in
  • Commercial tools for attack simulation
  • Making MITRE ATT&CK part of your daily process


Security Learns to Sprint: DevSecOps

with Tanya Janca, IANS Faculty

In this Virtual Symposium, Tanya Janca argues that DevOps could be the best thing to happen to application security since OWASP – if developers and operations teams are enabled to make security a part of their everyday work. Tanya explains how to build security into each of "The Three Ways":

  • Automating and/or improving efficiency of all security activities to ensure we don’t slow down developers
  • Speeding up feedback loops for security related activities so that we fix the bugs faster and sooner
  • Providing continuous learning opportunities in relation to security, for both teams


Zero Trust Principles in Action

with Wolfgang Goerlich, IANS Faculty

In this Virtual Symposium, Wolfgang Goerlich breaks down Zero Trust principles into the basic components and addresses:

  • Establishing the need for Zero Trust and examining the risks that organizations face
  • How the landscape is changing for things like SIEM, SOAR, UEBA, SOAP and authentication protocols
  • Zero Trust and people, the risks it addresses, the journey to implement it, and metrics to measure success and drive the program forward
  • How to apply Zero Trust principles when managing IoT and other devices, including printers and those used for medical and manufacturing purposes

Tanya Janca

Expertise:

  • Developing Application Security Programs
  • Secure Code and Design training for software developers
  • Creating and advising DevSecOps Pipelines and strategies
  • Web App Security testing (PenTests) and security Assessments
  • Cloud Security (Azure specialty)

Tanya Janca

IANS Faculty

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community, podcast, and training company that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty-five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker, active blogger & podcaster and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.

Achievements & Noteworthy Contributions

  • Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMonday
  • Best-Selling Author of Alice and Bob Learn Application Security
  • CISO for 2015 Canadian General Election
  • 13.5 years’ service to the Canadian Public (Government), 25 years in tech
  • Numerous awards: Public Speaking, Security Leadership, Mentoring Leader, Hacker of the Year, DevSecOps Inspiring Individual, etc. from various organizations
  • Spoken and keynoted at security conferences, meetups, and training events the world over
  • Currently authoring second book; Alice and Bob Learn Secure Coding

Hobbies & Fun Facts

Tanya is also an avid gardener with a small hobby-farm and will sing karaoke any chance she gets.

wolfgang-goerlich

Expertise:

  • Zero Trust
  • Identity & Access Management
  • Multi-factor Authentication
  • Single Sign On
  • Privileged Access Management

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Achievements & Noteworthy Contributions

  • Former organizer of annual BSides and Converge conferences in Detroit
  • Former Senior VP of Strategic Security Programs at CBI, an information security solutions firm
  • Former VP of Consulting Services at VioPoint Inc., an information security consulting firm

Certifications & Credentials

  • CISSP - (ISC)2
  • Certified Information Systems Auditor (CISA) - ISACA
jake-williams

Expertise:

  • Incident Response
  • Digital Forensics
  • Threat Modeling
  • Penetration Testing
  • Security Architecture

Jake Williams

IANS Faculty

Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in the technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence, and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances, or his postings about cybersecurity.

Achievements & Noteworthy Contributions

  • Two-Time Winner of the Annual DC3 Forensics Challenge
  • Speaker at information security conferences such as Black Hat, DEF CON, ShmooCon, RSA, and DC3
  • Designated a Master Computer Network Exploitation (CNE) Operator by the NSA
  • Former Vulnerability Analyst at US Department of Defense
  • Former Senior Systems Engineer at Dell Services

Certifications & Credentials

  • MSIA, Information Assurance –Capitol College
  • GSE, GSNA, GCFE, GREM, GCWN, GCIA, GCIH, GPEN, GCFA, GXPN, GSEC –GIAC
dave-kennedy

Expertise:

  • Penetration Testing
  • Incident Response
  • Digital Forensics
  • Cybersecurity Program Management
  • Security Research & Tool Development

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.


Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Achievements & Noteworthy Contributions

  • Founding Member of the Penetration Testing Execution Standard (PTES)
  • Co-Author of Metasploit: The Penetration Testers Guide (2011)
  • Guest appearances on Fox News, CNN, CNBC, MSNBC, Huffington Post, Bloomberg, BBC, and other high-profile media outlets
  • Presenter at information security conferences such as Black Hat, RSA, DEF CON, ShmooCon, INFOSEC World, ISACA, ISSA, United Security Summit, INFOSEC Summit, Hack3rCon, BSides, and DerbyCon, which he co-created and expanded into DerbyCon Communities

Certifications & Credentials

  • BA, Business Management – Malone University
  • CISSP – (ISC)2
  • Qualified Security Assessor (QSA) – PCI Security Standards Council
  • ISO/IEC 27001 Certified – ISO
  • GSEC - GIAC
  • Certificate Professional (OSCP) & Certified Expert (OSCE) – Offensive Security
  • Global Information Assurance Gold Certification
  • Microsoft Certified Solutions Expert (MCSE) – Microsoft
mike-rothman

Expertise:

  • Cloud Security Practices & Maturity
  • Security Program Building & Management
  • Security Monitoring & SIEM
  • Security Automation & SOAR
  • Email & Web Security

Mike Rothman

IANS Faculty

Mike is the Chief Strategy Officer and GM of Techstrong. Formerly Mike served as President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Achievements & Noteworthy Contributions

  • Author of The Pragmatic CSO, which details how technical security practitioners can thrive as a CISO
  • Spearheaded META Group’s initial foray into information security research
  • Founded and acted as President of Security Incite, an information security analyst firm
  • Founded SHYM Technology, a pioneer in the PKI software market
  • Held Marketing and Strategy positions at CipherTrust, TruSecure, and eIQ Networks

Certifications & Credentials

  • BS, Operations Research and Industrial Engineering – Cornell University

Hobbies & Fun Facts

Mike has been to 23 of the past 24 RSA Conferences. Of the 1000+ talks Mike has given over the years, he is most proud of the mindfulness talk he gave at RSA in 2014 (Google "Rothman RSA Neurohacking”).

 

Want to know more? Let us know how we can help you.

 Privacy Statement.*

* Required Fields