General Sessions

We've invited these speakers and several others to fully update you on the challenges in their respective areas of expertise, and show you how to go about thinking about, finding and implementing the solutions.

Sunday, May 17
9:30 am - 11:45 am

Working in the Clouds: How Cloud Computing is Reshaping Enterprise Technology

Adam Swidler
Sr. Product Marketing Manager, Google, Inc.

Today's winning enterprises will be those that empower employees around the world with the appropriate content, knowledge and collaboration solutions that will power innovation through the 21st century. In the current economy, the ability to cut costs without cutting corners, while continuing to innovate, will have significant impact on a company's success. In a rapidly changing technological context, new paradigms such as cloud computing offer novel ways of enabling cost-effective, global innovation. Join us at CSI SX as Google's Adam Swidler discusses ways cloud computing is influencing enterprise IT and what this means for businesses. Swidler will describe how businesses and organizations can start to leverage cloud computing solutions in effective, low risk approaches.

Adam Swidler is a Sr. Product Marketing Manager in Google's enterprise division, responsible for the Google Apps Security and Compliance products. Adam came to Google via the acquisition of Postini and prior to Postini, Adam was the Director of Product Management for Vendavo, in charge of the Pricing and Margin Management applications suite. Adam was also with Ariba as the Sr. Manager of Product Management for Arbia's eProcurement solutions. Adam attended Fordham University and graduated Cum Laude with a BA in Economics and Mathematics.

Security During Economic Downturns: What should you be doing now to protect your organization in this current economy?

Ira Winkler
President, Internet Security Advisors Group

As the economy suffers, so does the security department—your job becomes more difficult. Studies show that employees who are shown the door are walking out with proprietary information. Security budgets are cut. This presentation discusses the security issues associated with the economic downturn, and provides guidance as to how to respond to the changing threat landscape. You'll learn what security professionals can and should be doing now to ensure the safety of their organizations—and maximize what's left of their shrinking budgets.

Ira Winkler CISSP is President of the Internet Security Advisors Group. He is considered one of the world's most influential security professionals, performing espionage simulations for some of the largest companies in the world. Mr. Winkler began his career at the National Security Agency, as an Intelligence and Computer Systems Analyst, and went on to serve as Chief Security Strategist at HP Consulting, and Director of Technology of the National Computer Security Association. Ira is author of the riveting, entertaining, and educational books, Spies Among Us and Zen and the Art of Information Security and was a columnist for ComputerWorld.com. He has also been featured in magazines and newspapers including Forbes, USA Today, Wall Street Journal, San Francisco Chronicle, Washington Post, Planet Internet, and Business 2.0. Ira has won numerous prestigious industry awards.

Removing the Uncertainty and Doubt (But Not the Fear): What are the problems with current risk management approaches? Here's a new model.

Amit Yoran
CEO, NetWitness; former Director, Cyber Security, Dept. of Homeland Security

Knee-jerk reactions to compliance mandates such as GLBA, HIPAA, FISMA, SOx and PCI have resulted in security risk models that have little to do with the way the rest of the organization measures risk. Yoran will present the outline of a new model that provides a methodology to assess, measure and manage information risk quantitatively across the enterprise. This model will allow organizations to know which critical and sensitive enterprise data is most at risk, prioritize risk remediation and acceptance activities, and focus risk management resources in those areas that create the highest risk reduction return on investment.

Amit Yoran has been serving as Chairman and CEO of NetWitness since November of 2006. Prior to NetWitness, he was appointed as Director of the US-CERT and National Cyber Security Division of the Department of Homeland Security, and as CEO and advisor to In-Q-Tel, the venture capital arm of the CIA. Formerly Mr. Yoran served as the Vice President of Worldwide Managed Security Services at the Symantec Corporation. Mr. Yoran was the co-founder of Riptech, a market leading IT security company, and served as its CEO until the company was acquired by Symantec in 2002. He served as an officer in the United States Air Force in the Department of Defense's Computer Emergency Response Team. Mr. Yoran serves as a commissioner on the CSIS Commission on Cyber Security for the 44th Presidency and numerous other industry advisory bodies.

The Economy's Effect on Security: How is the economic downturn affecting security budgets and security companies' stock prices?

Robert Richardson
Director, CSI

Despite several high-profile acquisitions, the security industry is faring better than the rest of the market. Enterprise security budgets are similarly insulated from the deadliest of the budget cuts. Will it last?

Robert Richardson has served as Director at CSI since 2003, having worked IT in various capacities for twenty years. He's given keynote presentations on three continents, often speaking about the CSI Computer Crime and Security Survey, an undertaking he directs each year. Based outside Philadelphia, he occasionally serves as an adjunct teacher of computer science at Swarthmore College.

Monday, May 18
9:30 am - 11:45 am

Inside the Worst Data Breaches: How do the worst data breaches REALLY happen?

Peter Tippett
Vice President of Innovation and Technology, Verizon Business

In 2008 the Verizon Business Investigative Response Team released a report that compiled forensic data gleaned from over 500 forensic engagements handled by the team over a four-year report. The results were both frightening and surprising. At CSI SX Peter Tippett, vice president of innovation and technology at Verizon Business, will dig into the most exciting findings of the 2009 report.

Peter Tippett is vice president of Innovation and Technology for Verizon Business and is the chief scientist of the security product testing and certification organization, ICSA Labs. An information security pioneer, Tippett has led the computer security industry for more than 20 years, initially as a vendor of security products, and over the past 16 years, as a key strategist. He is widely credited with creating the first commercial anti-virus product that later became Norton AntiVirus. Tippett is best known for his creation of enterprise risk metrics, and large risk intelligence and compliance management programs for enterprises. Tippett has written many articles and papers on IT and information security and was the founding executive publisher of Information Security Magazine.

Cyber Security Priorities for the New Administration: How should the new administration change government policies and practices to protect all the nation's critical infrastructures from cyber threats?

Jerry Dixon
Vice President, Government Relations, Infragard

Are new security and privacy regulations on the horizon—and if so will they be a welcome sight or a worrisome one? Jerry Dixon, member of the CSIS Commission on Cyber Security, will highlight the most exciting elements of the Commission's Recommendations for the 44th Presidency, and update us on how the recommendations have been received by the new administration, the legislature and the security industry.

Jerry Dixon currently serves as Infragard's Vice President for Government Relations. He is also the Director of Analysis for Team Cymru, and was the former Executive Director of the National Cyber Security Division (NCSD) & US-CERT, of the Department of Homeland Security. He currently serves as a member of the CSIS Cyber-Commission on Cyber-Security for the 44th President and a member of the Advisory Board for Debix, an Identity Theft Protection Company.

Anti-Malware for the Cloud: How are attackers and malware authors already capitalizing on cloud computing, and what's their next move?

David Perry
Global Director of Education, Trend Micro, Inc.

Attackers are already conquering the clouds with greater dexterity than security companies or organizations planning to embrace cloud computing. What are the most sinister threats at the moment? How must anti-malware companies respond?

David Perry brings more than 25 years of technical education and support experience to his role as Global Director of Education at Trend Micro, representing the company's Internet content security awareness endeavors through speaking engagements and presentations, working to educated network administrators, computer users, and the public at large about computer virus protection. Prior to assuming his current role, Mr. Perry served as Product Marketing Manager at Trend Micro. Previously, he worked at Cybermedia Corporation, where he appeared in more than 170 television and radio broadcasts as a company spokesperson; and at McAfee Corporation, where he managed all online and Web-based support. Mr. Perry began his career as Technical Support Analyst at Peter Norton Computing (now Symantec). Additionally, he has served in the national Y2K center and as co-chair for the Cyber-Incident Steering Group at the White House.

Tuesday, May 19
9:30 am - 11:45 am

Can You Prove Compliance in the Cloud?: How can cloud users prove compliance with security, privacy and e-discovery laws without access to logs?

Tanya Forsheit
Partner,
Proskauer Rose LLP


Nolan Goldberg
Associate,
Proskauer Rose LLP

Cloud resources are owned by a third party—who may not share their log files with you, auditors or forensic investigators. Cloud users cannot be sure what server they're accessing, who else can access it, where in the world their server is located or when the data moves to another server. With cloud computing's superior load-balancing capabilities, scaling issues melt away; but so do forensic data. Which legal responsibilities can you pass on to the cloud service providers and which must you answer for?

Tanya Forsheit is a partner in the Litigation and Dispute Resolution Department of Proskauer's Los Angeles office, and a member of Proskauer's Privacy and Data Security Practice Group. Tanya has extensive experience handling complex commercial and appellate litigation for corporate and individual clients before federal and state courts at all levels. Tanya is certified as an information privacy professional by the International Association of Privacy Professionals (IAPP) and frequently writes and speaks on recent developments in federal and state privacy laws. She is the lead editor and a frequent contributor to the Proskauer Privacy Law Blog, (proskaueronprivacy.com), selected in 2008 for inclusion in the Library Of Congress historic collection of Internet materials.

Nolan M. Goldberg is an associate in the Litigation and Dispute Resolution Department and a member of the Patent Law Practice of Proskauer Rose LLP in New York. As an intellectual property litigator, his practice focuses on patent, trademark, and trade secret litigation and counseling. Mr. Goldberg's work has included patent and trade secret litigations and negotiations concerning optical cross-connects; voice over Internet protocol ("VoIP"); bar code scanners; computer networking; financial business methods and software, including securities settlement, fail management and trade execution and reporting software; data storage; handheld computers, least-cost routing, pharmaceuticals; cardiac electro-stimulatory devices; and prosthetics.

NAC Deployment on Speed: Want to see someone else rapidly deploy an enterprise NAC solution before you attempt it yourself?

Lisa Lorenzin
Principal Solutions Architect - Security Solutions, Juniper Networks

Before heading to the Interop exhibition hall (open to all CSI attendees Tuesday through Thursday), get a glimpse into how NAC was deployed at a previous Interop in the Interop network operations center—built, secured and maintained by engineers from over 20 companies in less than three weeks. This case study shows how to tackle (and how not to tackle) NAC's biggest challenges—redundancy, cross-platform supplicants, unmanaged endpoints, a heterogeneous environment and mission-critical user resources.

Lisa Lorenzin is a Principal Solutions Architect with Juniper Networks, specializing in security solutions, and a contributing member of Trusted Network Connect (TNC), a work group of the Trusted Computing Group (TCG) that defines an open architecture and standards for endpoint integrity and network access control. She has worked in a variety of Internet-related roles for the past 13 years, with more than a decade of that focused on network and information security. Lorenzin's experience in data center, government and enterprise environments, as well as her active participation and service in local user groups, has brought her a thorough understanding of the challenges network administrators and users face in today's world of expanding regulations and increasing security threats.

Cloud Security: Processes and Practices: What can Amazon.com teach us about security in the Cloud?

Jinesh Varia
Technology Evangelist, Amazon Web Services, Amazon.com

Security in the Cloud is the most critical challenge when it comes to Cloud Computing. As Cloud Computing is evolving, so are security protocols and best practices. In this session, Seattle-based Jinesh Varia, Evangelist for Amazon Web Services will discuss the latest innovations from Amazon Web Services, focusing on security and what it means. The session will discuss how Amazon.com infrastructure and processes are set up to deal with vulnerability, what steps can be taken to ensure optimum security of applications in the Cloud and how some of the current enterprise customers have dealt with security in the Amazon Cloud.

Jinesh Varia Technology Evangelist, Amazon Web Services, Amazon.com, helps businesses take advantage of disruptive technologies like Cloud Computing—that are going to change the way we think about computer applications, and the way businesses compete in the new web world. Jinesh has spoken at more than 100 conferences/UserGroups. Jinesh has over 11 years experience in XML and Web services and has worked with standards-based working groups in XBRL. Prior to joining Amazon as an evangelist, he held several positions in UBmatrix including Solutions Architect, Enterprise Team Lead and Software engineer, working on various financial services projects including Call Modernization Project at FDIC. He was also lead developer at Penn State Data Center, Institute of Regional Affairs. Jinesh's publications have been published in ACM and IEEE. Jinesh is originally from India and holds a Master's degree in Information Systems from Penn State University.