IANS brings you together with your peers and experts from the IANS Faculty. IANS Faculty are industry practitioners that provide the breadth and depth of information to help you tackle your toughest problems. Walk away with new connections and practical solutions.
Two-day events with keynotes, breakout sessions, technology spotlight sessions, and networking breaks.
One-day roundtables designed exclusively for CISOs and senior level InfoSec executives to learn and share insights in a confidential setting.
Half-day, deep-dive explorations of technical and operational information security topics, free of vendor presence.
Hour-long interactive discussions examining hot topics in information security.
Web Conference
The CrowdStrike outage was a wake-up call – we’ve been neglecting the “availability” part of the CIA triad for too long. As security supply chains become more complex and inter-dependencies grow, modernizing your resilience capabilities is essential.
Dave is the founder and principal consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a senior instructor, analyst and course author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as co-chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture and engineering. He has also worked as a security architect, analyst and manager for several Fortune 500 companies.
Metrics continue to be a pain point in infosec—both in terms of getting a clear understanding of how the program is functioning and communicating that narrative across lines of business. At the center of this problem is the reality there is no one-size-fits-all solution. The best metrics are specific to your business context. In light of that, this session leans on fundamental best practices to help you pressure test your concepts.
Ryan is the Founder and CEO of Neuvik, a cybersecurity research and development consultancy. He has spent the better part of two decades enhancing cyber programs at the world's largest institutions — from the Department of Defense to some of the most successful private and commercial organizations. He focuses largely on providing advanced capabilities for CISO's, as well as testing for best possible security practices at board of directors' requests.
Ryan’s C-level work experience also includes developing Board level metrics to measure and manage enterprise cyber risk, developing and instructing C-Suite cyber risk management courses, and establishing functional reporting metrics for assessing cyber readiness.
Webinar
When transitioning from strategy to execution, many security leaders and teams struggle to sustain progress with Zero Trust. This session tackles that head on by identifying the outcomes, objectives and evidence required to operationalize Zero Trust. Grounded in CISA’s Zero Trust Maturity Model (ZTMM) and bolstered by actionable insights from IANS Faculty, this webinar provides a clear plan for overcoming challenges, with practical guidance tailored to real-world scenarios.
J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.
As privileged accounts continue to be a prime target for credential theft and ransomware attacks, privilege access management (PAM) tools and strategies are becoming more critical. This symposium offers an in-depth exploration of three key privilege use cases, delivering recommended architectural patterns, effective controls and solutions to common design challenges.
Gunnar is the CISO at Forter, a trust platform for digital commerce. Previously, he was chief security architect at Bank of America, a visiting scientist at the Software Engineering Institute at Carnegie Mellon, and a contributing analyst at Securosis.
Business teams are racing to use M365 Copilot, putting pressure on security teams to identify potential risks and put guardrails in place to address those risks.
Shannon is the Founder and CEO of ThirdScore. This followed her role as VP, Security at Adobe, where she led Product and Software Security. Shannon is also the Founder of DevSecOps, a non-profit organization committed to uniting security with DevOps and Agile practices via experimentation and education. Shannon is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America.
The February Privacy Briefing will feature our IANS Faculty panel including privacy expert, Lee Kim and Microsoft cyber advisor, Jeff Brown. This informal discussion centered around how infosec leaders can partner across the organization to support the implementation of critical privacy regulations. We will cover the recent law updates and upcoming rulings that will impact your privacy strategy.
Lee Kim specializes in cybersecurity, data privacy, governance, compliance, and generative artificial intelligence. Her insights are informed by her scientific training, creative pursuits, and diverse professional background. She presents before a wide range of domestic and international audiences. She has significant experience with the media and has been featured on the Canadian Broadcasting Corporation (live and pre-recorded interviews), radio shows, and podcasts. She also has significant experience working in the public policy realm, including with Congressional staffers and various governmental agencies around the world.
By way of background, Lee is an AV preeminent peer review rated attorney (a distinction that only 10% of all attorneys have earned according to Martindale-Hubbell). (Note, however, that while Lee is an attorney, she does not provide legal services through IANS.) Additionally, prior to law school, Lee worked as a database, system, and web administrator at a major university, software company, and a major academic medical center.
Lee is currently serving as an analyst with the US Department of Homeland Security Analytic Exchange Program. Over the years, her teams’ research topics have included phishing, healthcare cybersecurity, patient safety, and maritime and port cybersecurity.
Lee serves as a Director of InfraGard Northern Capital Region, Vice Chair of the Policy Committee of the American Bar Association Health Law Section, and National Visiting Committee member of the National Cybersecurity Training and Education Center. Previously, Lee served with the ISC2 Government Advisory Council Executive Writers Bureau.
Please note: The advice that Lee Kim provides through IANS is not legal advice and is not intended to be relied on as such. There is no attorney-client relationship.
Jeff is a recognized information security and IT risk expert, author and public speaker with a strong track record of implementing cost-effective controls for global Fortune 500 financial institutions including Citigroup, Goldman Sachs, GE Capital, BNY Mellon and AIG. He was the first CISO for the State of Connecticut, and currently works at Microsoft as a cyber advisor for state and local government.
AI has the power to enhance security automation, threat detection and incident response. During this symposium, gain examples of security use cases where you can implement AI-based capabilities that enhance your security operations.
Mick is the Managing Partner for InfoSec Innovations, an information security advisory and research firm. He also serves as an Instructor and GIAC Advisory Board Member for the SANS Institute. Mick empowers information security professionals with useful tools and skills from his extensive experience as an analyst, consultant, and software developer.
In late January, the Chinese start-up company DeepSeek introduced an open-source large language model (LLM) that led to billion-dollar impacts on the stock market and myriad questions around the future of LLM development and use. In this webinar, IANS Faculty Summer Fowler and Jake Williams discuss the security risks with LLMs developed by Chinese organizations. While keeping the math to a minimum, some technical background in LLMs is critical to understanding these issues. Expect to learn some about how LLMs actually work, what "open source" actually means for an LLM, and why it's impossible to fully audit a model.
Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.
Summer is a three-time CISO in the autonomous vehicle industry currently at Torc Robotics, which specializes in AI software for long-haul trucking. She is also a faculty member at Carnegie Mellon University where she teaches a graduate course in cybersecurity policy and multiple courses on cybersecurity metrics and product cybersecurity for executive education programs. In addition, Summer serves on the board of directors for Brentwood Bank, a regional bank in Pittsburgh, PA. She is also an active board member for the Forte Group, an advocacy and education non-profit focused on amplifying women in technology, cybersecurity, and privacy. Summer is often requested to speak at conferences and events, and she has provided expert testimony on cybersecurity risk in the US Congress.
Prior to her role at Torc Robotics, Summer worked at Motional and Argo AI, both AI companies focused on robo-taxi technology. She also led cybersecurity risk and resilience at Carnegie Mellon University's CERT program and Johns Hopkins University's Applied Physics Lab. Summer started her career as a software engineer at Northrop Grumman Corporation after receiving her MS and BS in Computer Science from the University of Pittsburgh.
JW Marriott Atlanta Buckhead
AI is putting legacy data governance processes under a microscope. In response, a number of key frameworks are emerging to provide a foundation for orgs to use as a starting point. This session dives into the strategic and tactical steps to take to improve AI governance, regardless of which framework you choose, and provides a rundown of some of the most prominent AI governance frameworks.
Third-party risk management efforts often hit a wall once orgs get past questionnaires. As third-party supply chains get more complex, it’s time to push through this wall and take actionable steps to manage and mitigate risks created throughout the supply chain.
George is currently Head of Trust at MongDB and was formerly Sumo Logic's Chief Security Officer & SVP of IT. George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines. Mr. Gerchow has years of practical experience in building agile security, compliance and, IT teams in rapid development organizations. These insights make him a highly regarded speaker, and invited panelist on topics including, cloud secure architecture design, compliance and operational security including a TedX talk.
George has been on the bleeding edge of public cloud security, privacy and modernizing IT systems since being a co-founder of the VMware Center for Policy & Compliance. He is a Faculty Member for IANS - Institute of Applied Network Security and sits on several industry advisory boards. Mr. Gerchow is also a known philanthropist and CEO of a nonprofit corporation, XFoundation.
Financial services led the charge on building out fusion centers—co-locating the SOC and fraud teams—but many teams found that priorities, processes, metrics (and more) differed considerably across domains. Fusion was the goal, but these teams often still felt siloed and struggled to collaborate effectively. Today, we are seeing technology for cyber and fraud converging, and this “tech-fusion” is creating new opportunities for cyber teams to better align with fraud counterparts surrounding investments, operations and processes along the customer and fraud lifecycle. In this webinar, we’ll outline how to do just that, with a focus on the perimeter/login, threat intel and detection, and investigations.
Many organizations invest in threat intelligence processes, tools and feeds but struggle with analyzing and operationalizing all that intel in a way that measurably improves their cybersecurity posture. It’s far too easy to get distracted by all the noise. This symposium helps connect the dots, providing a strategy to intelligently collect, process, analyze, operationalize and disseminate actionable threat intelligence that increases the efficacy of your cyber preparedness program.
Ismael Valenzuela is coauthor of the Cyber Defense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering. Ismael is Vice President Threat Research & Intelligence at BlackBerry Cylance, where he leads threat research, intelligence, and defensive innovation. Ismael Valenzuela has participated as a security professional in numerous projects across the globe for over 20+ years, which included being the founder of one of the first IT Security consultancies in Spain.
As a top cybersecurity expert with a strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection, and computer forensics, Ismael has provided security consultancy, advice, and guidance to large government and private organizations, including major EU Institutions and US Government Agencies.
AI generative Large Language Model (LLM) usage has become a ubiquitous part of the technology landscape since the introduction of highly capable public LLM models. While public models do have significant advantages, there are numerous concerns surrounding data security and organizational intellectual property leakage. Organizations with suitably trained data science employees are turning to create domain specific knowledge models using a process called Supervised Fine Tuning (SFT). While SFT allows an organization to develop locally relevant generative AI models, and deploy these models in house, there are still significant information security concerns surrounding production deployment aspects.
Joff is a security analyst and penetration tester at Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis and exploit research. He is also an instructor at the SANS Institute, where he primarily teaches the use of Python for information security purposes.
Hilton Houston Westchase
According to Verizon’s 2024 Data Breach Investigations Report, ransomware remains the top threat across 92% of industries, with roughly one-third of all breaches involving ransomware or some other extortion technique. In this symposium, we’ll use digital forensics and incident response reports from real-world incidents to walk through the tactics, techniques and procedures of top ransomware gangs and share lessons learned to help you avoid the same fate.
TBD
The utilities sector is increasingly being targeted by cyber threats, exposing vulnerabilities that can disrupt operations and compromise safety. Organizations are applying a zero trust approach to secure their operations; but the nuances common in utilities’ environments require an adapted zero trust approach. Join IANS Faculty member and certified ISA/IEC 62443 Cybersecurity Specialist Jennifer Minella as she draws on her two decades of experience working with utilities to help you build a roadmap for applying zero trust to an OT/ICS system by using the NSTAC five step process for zero trust implementation.
Author of “Wireless Security Architecture”, “Low Tech Hacking” and other titles, Jennifer (JJ) Minella has been named as a Top 10 Power Player in cyber security by SC Magazine. As an advisor to more than 50 Fortune-rated companies and hundreds of others, JJ brings a uniquely energetic approach to cyber security, blending deep technical experience with strategic guidance. Her ability to connect with audiences and articulate technical concepts in simple terms has taken her all over the world. She is also the creator of the Mindfulness-Based Leadership for Infosec workshop series. Jennifer is the founder and principal advisor of Viszen Security, offering technical strategy and coaching solutions to CXOs and practitioners.
W Philadelphia
This one-day event is designed for security practitioners to gain actionable technical solutions and leadership insights focused on current and emerging challenges. Engage with IANS Faculty members and network with peers who are tackling similar challenges.
The complexities of IAM are often referred to as "intractable problems" for a reason -- burdensome and broken processes can overwhelm teams. Traditionally, IAM programs rely on manual processes that are cumbersome, time-consuming and difficult to manage and scale. In this symposium, we explore how to transform key areas of your IAM program to streamline operations and boost team efficiency.
Aaron is a three-decade veteran of the cybersecurity community, having worked on projects covering every aspect of the industry, from helping build security technologies while at Microsoft to his work on offensive cyber projects for the U.S. government. He has spent the last 15 years on a series of cybersecurity startups, building technologies and developing companies to help teams solve some of the toughest cybersecurity problems.
JW Marriott Washington, D.C.
Charlotte City Club
CISO Roundtables are the most exclusive, intimate events offered by IANS. Our in-person roundtables are curated experiences with agendas designed specifically for an organization’s CISOs and senior-most executives. In addition to strategic insights presented by IANS Faculty, facilitated conversations and networking opportunities allow you and your CISO peers to share best practices in a trusted, closed-door environment.
The Whitley Atlanta Buckhead
Renaissance Dallas Richardson Hotel
The University of Massachusetts Club
Sheraton Centre Toronto Hotel
Hyatt Regency Minneapolis
Convene
Hyatt Regency Santa Clara
The Westin Dallas Stonebriar