More issues/www.banktech.com events
IT leaders don't have the liberty of facing tomorrow's problems with yesterday's solutions, in today's world that simply doesn't work. Successful technology leaders understand their role in driving innovation and change to successfully produce continued growth and profitability. In this workshop, participants will learn about creativity and techniques for influencing leaders at all levels to embrace creativity. Participants will also identify strategies for challenging norms, staying open to new ideas, and taking risks while taking ownership of their roles and their team's creative climate. Taught by one of the all-time favorite Interop keynote speakers, Rob Cordova, this session is guaranteed to be interactive, entertaining and full of takeaways that can be implemented in your organization. Feedback from the Creative Leadership workshop taught at UBM Tech's 2014 HDI Conference: * It was the best offering that I attended throughout the whole conference. It really was of value to me. I got my conference fee value out of this single course. * Rob was an excellent speaker, and I walked away with several useful tools to enhance my leadership skills as well as share with the leaders on my team.
The ready availability and relatively low price of cloud storage means IT departments can improve the services they provide while also keeping costs in line. Because cloud storage is equally accessible from anywhere, it's a compelling option for providing access to data from multiple locations. Cloud storage is also attractive for backup data. Even better, in a disaster IT can recover that data from a provider for rapid recovery. Add in how object storage services like Amazon's Glacier offer low-cost, long-term archiving and the cloud starts to look like a nice place to keep some of your data. The rub, of course, is that cloud storage is on the other side of the Internet from your applications, which adds significant latency and stresses your bandwidth. These latency and bandwidth challenges will require organizations to make process and organizational changes, and storage pros aren't big fans of change. This workshop will explore how you can bring the advantages of cloud storage to your organization without losing your mind. We'll start by look at the various types of cloud storage services available, from basic object storage to backup services to collaboration/sync-and-share services. For each class of service we'll share use cases and discuss how to choose among the competing offerings. We'll discuss secure alternatives to consumer services such as Dropbox that give users the functionality they need while keeping your valuable data secure. We'll also look at the pros and cons of cloud storage gateways, which let you use cloud storage like infinitely large file server or SAN array. Whether you use cloud storage as the digital equivalent of a grandma's attic (that place where you put stuff just because you think you might need it) or as the core of your organization's storage strategy, this workshop will show you how to make cloud storage work for your organization. Attendees will: Understand the different cloud storage service types Get practical use cases for cloud storage Discuss cloud storage benefits, limitations, and risks See beyond cost as a cloud storage driver Learn the pros and cons of cloud storage gateways Find out how to steer users toward great sync-and-share services Who should attend: This workshop will appeal to system and storage administrators, as well as more strategic IT management. It will provide both an overview of the state of the art and use cases that illustrate practical business applications for cloud storage.
Just as we began to grasp the enormity of mobile computing, the Internet of Things (IoT) is arriving. It has the potential to be as disruptive as anything we've experienced to date, including computerization itself. Analysts predict a 25X increase of connected things in the next five years; this will dwarf today's 2 billion smartphone users, and completely changing the way we think about computing, storage, security and movement of data. Businesses and end users will expect to have any data, anywhere, at the moment it's needed. Architectures will have to changeor be created from the ground upto accommodate the vast collection, transportation, processing and presentation of data that IoT promises. Such technological ferment will spur wholesale change and create both significant challenges and unprecedented opportunities. This vendor-agnostic, business and technology-focused workshop will bring together IoT visionaries and experts to help IT leaders understand how to prepare for and take advantage of the Internet of Things. Key Takeaways: Attendees will: Understand the true potential of the Internet of Things to change our workplace and our world Learn what they can do today to prepare for changes in computing, networking and storage brought on by IoT Plan for security and data governance Discover how analytics will play a new and larger role in managing and making use of IoT Who Should Attend: IT leaders and domain experts in networking, storage, analytics and security who need to understand the Internet of Things and want to get ahead of the coming changes
Web applications expose organizations to a variety of threats that can lead to data loss, denial of service, and other unwanted outcomes. This day-long workshop will use hands-on labs and demonstrations to introduce participants to the tools and techniques needed to remotely detect and validate security defects in Web applications. Testing will be conducted from the perspective of the end user (as opposed to a source code audit). This workshop will focus on the most widespread and critical Web application threats as identified by the industry-standard OWASP Top Ten, including cross-site scripting (XSS) and SQL injection. The foundation built in this class will enable participants to go beyond the Top Ten via self-directed learning using other industry resources, such as the OWASP Testing Guide (https://www.owasp.org/index.php/OWASP_Testing_Project). Web application penetration testing helps meet industry best practices and validate application implementation. Security testing can be conducted at various phases within the application's lifecycle (e.g. during development), or when source code is not available for review. Course Objectives: Understand the most widespread security threats facing Web applications Use tools and techniques to identify security defects Leverage man-in-the-middle tools to exploit weaknesses for validation purposes Understand and work around tool limitations (e.g. how to test a multi-step form) Identify and avoid denial-of-service conditions during testing Test for persistent and non-persistent XSS Safely and effectively test for back-end XSS (overlooked by most scanners) Enhance secure programming practices by raising awareness and giving developers and auditors the tools and knowledge needed to test Web application's security from the user's perspective Who should attend: People who need to audit Web application security, develop Web applications, or manage the development of Web applications. Some essentials of HTTP will be briefly covered, but prior experience with HTML and HTTP is recommended. Course Topics: Very Brief Web Primer (HTML, HTTP, Cookies, the basics) Tools & Techniques (MITM Proxies, Fuzzing, Browser Extensions) Threat Classification Systems (OWASP Top Ten & WASC Threat Classes) OWASP Vulnerability Category A1: Injection OWASP Vulnerability Category A2: Cross-Site Scripting (XSS) OWASP Vulnerability Category A3: Broken Authentication and Session Management OWASP Vulnerability Category: A6: Security Misconfiguration Overall Testing Advice & Strategies Real-world advice from the trenches Materials and Requirements: This one-day workshop will include live demos by the instructor, as well as lab exercises to be performed by attendees. Each attendee will be given a virtual machine image containing an open-source OS (Ubuntu), tools, documentation, and Web application targets for a fully self-contained Web security testing environment. Training will feature the open-source project "Web Application Security Dojo" (http://dojo.mavensecurity.com). Students are expected to bring a laptop computer to run the virtual machine image supplied by the instructor. System requirements are simple: Any operating system that can run the latest stable version of VirtualBox (free from http://www.virtualbox.org/). Currently supported operating systems included Windows, Mac, and Linux. 5 GB of free HD storage 2 GB of RAM (more is better) USB port or DVD drive Wi-Fi networking capability *** Before the first day of class students must install the latest stable version of VirtualBox. Also install the latest version of "Oracle VM VirtualBox Extension Pack." Both are free and found here: http://www.virtualbox.org/wiki/Downloads
Private cloud deployments are often just a glorified facade for server virtualization, missing the flexibility, elasticity and self-service aspects of cloud services. The missteps leading to this sad state usually start in the design phase, making it even more important to focus on the design of your private cloud infrastructure. This workshop will focus on the design aspects of private cloud infrastructure including: Private cloud design principles The importance of cloud orchestration software Selecting Optimal compute capacity Storage aspects, including software-defined storage (SDS) Network services implementation (physical appliances or virtualized network services) Selecting optimal network virtualization technology Designing network infrastructure and network services cluster After attending this workshop you'll be able to: Prioritize your design and decision-making process Evaluate how emerging technologies (SDDC, SDN, SDS, overlay networks) fit into your next-generation data center design Select the optimal infrastructure for your private or public cloud deployment. Who Should Attend: This workshop targets architects and designers who are planning, designing or building next-generation data centers supporting private cloud services. It will also help server, virtualization, security and networking engineers understand the limitations of traditional data center designs and the options made available with the emerging software-defined technologies.
BYOD has become the law of the land. While BYOD security is still vital, IT has to shift its focus to take advantage of mobility and BYOD. That means planning for mobile applications that enhance productivity, trigger business transformation, or provide a competitive advantage. Whether you build or buy these mobile apps, you need strategies to meet the expectations of users who demand the same engaging experience they get with consumer apps. This session will offer strategies to develop policies that can secure corporate data and systems and also foster an environment where the organization is free to make the most effective use of these exciting mobile technologies, both internally and in its interactions with customers, partners and suppliers. You will learn: The major developments in mobility, both cellular and Wi-Fi, and how they will affect the enterprise The major security exposures for both company-provided and user-owned mobile devices and how to best manage those risks What goes into a mobility policy, who should be involved in its development, and what are the best strategies to ensure both upper management and end user support The characteristics of a first-rate mobile application The elements of leading-edge mobile apps, and which of those are most relevant to enterprise apps Whether to outsource mobile app development , and how HTML5 will affect mobile applications going forward Who Should Attend: CIOs, mobility managers, and enterprise IT professionals who will be involved in mobile policy development, applications planning/support, security, and ongoing operations for mobile devices, both company-provided and user-owned.
After a decade of relative technology stagnation, data center networking has seen dozens of new technologies emerge to offer new business services. This means more networking, more technology and more things to do. This vendor-agnostic, technology-focused session will outline how you can build the physical network that will serve as the foundation for the Software-Defined Data Center (SDDC). Let me introduce you to essential technologies, designs, protocols and processes so you can plan for the next-generation network. Key Takeaways: I will talk about solutions, options and ideas by covering these technologies: Hardware switch features - crossbar, silicon architecture, network processes, TCAM Data center fabrics L2 fabrics - MLAG, TRILL / FabricPath / VCS L3 fabrics - Leaf/Spine, Juniper QFabric, Cisco ACI, Cisco Dynamic Fabric Automation Legacy virtual networking Intersection of physical and virtual networks Who Should Attend: This workshop is well suited to network architects and engineers who want insights into the technology foundation of the data center network for the next 10 years. This session will particularly focus on design principles for the software-defined data center and cloud computing.
Can you afford to deploy new applications in days or weeks when your competitors can do it in minutes? Are your developers satisfied with the time it takes to move a new application from development through QA and CA to production? Are you able to deploy new releases daily? Are you happy that your development teams prefer public cloud services over internal IT? If you've answered NO to at least one of these questions, it's high time to put the Software-Defined Data Center (SDDC) near the top of your priority list. Not surprisingly, vendors know all your pain points and bombard you with buzzwords. They are also quick to tell you how their shiny new gadgets solve all your woes. We all know that marketing hype is more often about buying a road map than a deployable solution, but you can protect your enterprise from vaporware by understanding the technologies available on the SDDC/SDN landscape. This workshop will unravel the mysteries of software-defined storage, software defined networking (SDN), overlay virtual networks, and network function virtualization (NFV) and help you select the optimal design and product mix for your new data center. Key Takeaways: After attending this workshop you'll be able to: Prioritize your decision-making process Evaluate how SDDC, SDN, SDS and NFV fit into your next-generation data center design Understand pros and cons of core SDN and components such as OpenFlow Understand overlay virtual networks, as well as tunnel protocols such as VXLAN and NVGRE Select the optimal networking technology for your private or public cloud deployment; Integrate layer 4-7 services (firewalls, load balancers) with the virtual networking infrastructure. Who Should Attend: This workshop targets network architects, designers and deployment/operations engineers who are planning, designing or building next-generation data centers supporting private or public cloud services. It will also help virtualization and server engineers understand the limitations of traditional data center designs and the options made available with the emerging virtual networking and SDN technologies
Federated cloud infrastructures are the future of application deployments. This is good news for IT because hybrid systems provide high availability, promote mobility, and can simplify disaster recovery and continuity of operations. However, federated architectures also create thorny orchestration and management challenges, as data and applications are dispersed across private and (eventually several) public clouds. For many, this is already a reality. For everyone else, getting there is a three-step process. The first step is to get your applications running in a federated environment. Next, you need to understand the tools and techniques that are available for monitoring and managing a hybrid architecture. Finally, drill into performance management, including synthetic transaction monitoring, to ensure that your federated architecture can meet user demands. If you thought finger pointing among internal teams was bad, just wait until diagnosing a slow-down requires wrangling with cloud service providers. Key Takeaways: Best-Practice Application Architectures in a Hybrid Cloud Environment How to Migrate Applications to the Cloud Understanding the State of the Market for Orchestration Tools & Cloud Brokers How to Deploy Application Management Tools in Hybrid Clouds How to Establish and Manage Application SLAs in Hybrid Clouds The Role of Cloud Computing Standards in Orchestration and Management Who Should Attend: This workshop is designed for IT managers and implementers who are involved in the planning, implementation, and support of modernized data center and cloud computing environments, and are facing challenges with architecting and managing applications. Information received from this workshop will be beneficial for those who are interested in application, infrastructure, and management tools that enable IT managers and implementers to develop and optimize federated application environments.
At some point every voice, video, and data packet traversing the network passes over Ethernet links and through Ethernet switches. If these technologies are not working properly, the result will be poor voice quality and slow applications. This workshop will drill into Ethernet and the factors that can affect its performance. We'll cover a number of practical tools and techniques to ensure your Ethernet network performs as it should. This workshop will cover: Ethernet operation Ethernet errors Ethernet switch operation Testing Ethernet and switch performance Troubleshooting Ethernet errors VLAN operation Attendees will: Understand Ethernet operation Be able to measure Ethernet performance Learn how to isolate and troubleshoot Ethernet errors Who should attend: Network administrators, network engineers, and network managers
The use of third party vendors, service providers, and partners are a normal and growing part of many businesses' operations today and are a growing concern for information risk and security professionals. An organization's security posture is only as strong as it weakest link. While many information risk and security organizations are effectively managing information risk they have direct control over, third parties often challenge them due to their limited governance and oversight capabilities. In this session, Elliott Glazer, the CISO of Dun and Bradstreet will share his thoughts on how he is successfully navigating this challenge using a business-focused, risk-based, and process-driven approach to manage third party risks.
Devops has been defined as everything from a cultural shift in IT, to a new role within operations, to using automation frameworks to manage infrastructure. The abuse of the term has led to fear, uncertainty and a lot of doubt about its intent and potential impact on network architects and engineers. This workshop will focus on DevOps as a means to achieving operational excellence by leveraging automation frameworks to accelerate and optimize infrastructure deployment processes. In particular, this workshop will examine how DevOps can lead to operational excellence through network programmability, deployment process optimization, and standardization on a framework. Workshop attendees will: Understand stack, flow and policy-based infrastructure orchestration models Evaluate how programmatic technologies can benefit your operational efforts Identify processes that will benefit from automation in your infrastructure Get an overview of common tools and technologies used to create a DevOps framework Who Should Attend: Architects and designers who are planning, designing or building software-defined infrastructure to support next-generation networks and application architectures. It will also help security and networking engineers understand how DevOps can be applied within their domains to improve the stability of the infrastructure.
Cloud computing solves the problem of infrastructure -- computing resources are now cheap, scalable, and easy to access. However, it's still challenging to design and operate applications for cloud environments; in addition, the ongoing shift of IT from back office to the public-facing front of the corporation means the number and type of applications is changing dramatically. The Cloud Applications workshop delivers knowledge and insight about how IT organizations can prepare for the new world of cloud applications. The workshop is made up of four modules: 1: Introduction: Why cloud computing applications are different and what that means for IT 2: APIs: the new lingua franca of enterprise applications -- how to design, build, and operate API-facing applications 3: PaaS: using frameworks to accelerate application delivery and achieve the promise of DevOps 4: Mobile: the rise of the new client, and how mobile is the future of enterprise IT Attendees will leave the workshop prepared to deliver cloud-based applications and understand the technical and organization requirements to meet the challenges of the new world of enterprise applications. Who should attend: All IT personnel responsible for developing and delivering cloud-based applications, including: Software developers Application development managers IT operations personnel IT operations management IT finance personnel Senior IT executives
Internet bandwidth is available everywhere at low cost. Is it ready to replace your expensive private WAN circuits? In this workshop, we'll take a long, hard look at the future of the WAN and cover the next generation of technologies that offer new hope for replacing today's costly, slow-to-provision, and under-utilized WAN. Those technologies include cloud-based WANs, WAN as a service, SDN-based WANs and optical choices. Some of these options can serve both as a WAN and remote-access VPNs for end users. Some options also offer services such as acceleration and content scanning. At the same time, we'll discuss issues that will transform the way we use old technologies. In particular, WAN security and content inspection may become obsolete as new protocols change the way we work. This workshop will help you to plan for the next 5 years of WAN and give you hope that one day you will be free of overpriced and underused WAN services. Attendees will: Understand why the Internet is a compelling alternative to traditional private circuits Learn how the cloud and SDN create innovative options and more choice Discuss how new protocols will affect security and content inspection Get a blueprint to help you plan a new WAN strategy Who Should Attend: Engineers, architects and IT leaders who want a look into the future of WAN options to cut costs and better serve the business
InformationWeek Leadership Summit Agenda Build Your CIO Chops - So you aspire to the C-suite, or some other spot in upper IT management? Then bulk up your credentials around today's most pressing IT movement: digital business. 9:00 9:15am Introduction Speaker: Rob Preston, VP & Editor In Chief, InformationWeek 9:15 - 10:30am Real World Innovation: The Ups and Downs Learn directly from your peers in this interactive session, where two technology innovators share lessons learned from their digital experiences, and lead a discussion on how their work applies to your initiatives and career path. One will explore Atlantic Health System's implementation of predictive analytics to prevent infection, including how to persuade clinicians to make the tool part of their daily work. Speaker: Dr. Veronica Daly, Medical Informatics Director, Atlantic Health System 10:30 - 10:45am Coffee Break 10:45 - 11:15am Project Leadership: Getting Digital Done Led by the chief strategy officer of a fast-growing digital development shop, this highly pragmatic session will offer ways to get past the common roadblocks to digital initiatives, from mobile apps to big data to the Internet of things. We'll explore the various phases of the typical digital effort - and how successful leaders drive them to the next level. Speaker: Josh Oakhurst, Chief Strategy Officer, Skookum Digital Works 11:15am - 12:00pm A CIO's View on IT's Future CIOs must work hand-in-hand with the leaders in marketing, product development, operations, and finance if the company hopes to spark real digital innovation. This session will explore the skills and strategies leaders must embrace to put IT in the middle and not on the sidelines of your company's hottest tech initiatives. Speaker: David Wright, CIO, McGraw-Hill Education and Formerly of Capital One 12:00 - 1:30pm Lunch 1:30 - 2:15pm 3 Steps To Improve The IT-Marketing Relationship The CIO-CMO relationship is among the weakest in the C-suite, according to the Digital IQ survey of PricewaterhouseCoopers. So how do we get these teams on the same digital page? PwC's Chris Curran will delve into the three essential steps toward true IT-marketing collaboration: setting a common strategy; defining IT and marketing roles in a digital world; and developing a digital operating model. These steps are ever-more critical as IT spending moves outside of the IT organization to marketing departments. Speaker: Chris Curran, PwC Advisory Principal & Chief Technologist 2:15 - 3:00pm IT at Digital Speed Speed is the No. 1 concern among IT leaders, and it only rises in importance in delivering digital products and apps. In this session, an expert known for cutting through technology hype will lead a series of exercises to examine company cultural, and your team's readiness to embrace tactics such as Agile development, cloud resources, and DevOps. Speaker: Mike Healey, President, Yeoman Technologies 3:00 - 3:15pm Coffee Break 3:15 - 4:00pm Career Plan: Do You Want To Be A CIO? Digital business is blurring the career lines for technology leaders -- and that can be a good thing, if you play it right. We'll explore how to nurture talent and advance your own career in the digital era. 4:00 - 4:30pm What Lies Ahead InformationWeek editors use their exclusive research and real-world case studies to show what the next phase of technology-fueled will look like, and to challenge IT organizations and their future leaders to brace for change. Speakers: Rob Preston and Chris Murphy, InformationWeek editors
It's time to move beyond SDN hype and dig into how it can be used in enterprise and data center networks. This day-long workshop will look at the real value of SDN and how enterprises can transition to network virtualization and move onward to automation and orchestration. We'll explore the different SDN implementations and deployments and include a live demonstration of SDN applications. We'll also provide a virtual SDN lab that attendees can take with them. The workshop provides detailed background on the available SDN technologies and their implementations, and weighs the benefits and drawbacks of each. Network virtualization has been with us for some time, but SDN has extended expectations. Meanwhile, the integration of networking into cloud orchestration platforms has opened new opportunities, but also increased complexity. You'll learn how and when you can put SDN to work and how to manage the transition for your environment. The workshop will cover: Why SDN? Market perspectives Where's SDN headed? SDN technologies OpenFlow and beyond The challenge of scaling Virtualizing network appliances with NFV SDN deployment scenarios Real-world SDN use cases SDN Live Exploring the ONUG hackathon winning application Workshop Details Why SDN? While it's been over-hyped, SDN brings real value to networking. It opens a new set of possibilities for the way interconnection integrates with compute and storage. However, the transition from CLI to API can be a significant change. Where's SDN Headed? The technology behind SDN is changing products and vendor relationships, and the repercussions are only just beginning to be felt. Where do all of the companies, open source projects, and technologies fit today and what's being displaced tomorrow? We'll look at the forces at work in the SDN landscape to help you determine how you can plan for the best outcomes and select partners that can get you there. SDN Technologies Many approaches to network virtualization and automation are vying for visibility and traction. Which of these would be suitable for your situation? The workshop will examine the options and delve into the relevant details. We'll cut through the hype and look at the core capabilities of different offerings and how they can work for you. The Challenge of Scaling As larger SDN deployments become a reality, implementers have to deal with the problems of scaling. SDN addresses problems of network agility, but to preserve those capabilities, deployments have to be built with architectures and technologies that can grow to the needed size. The workshop will explore the limitations that appear as SDN installations expand and detail approaches to allow your networks to continue to perform well in the long run. Virtualizing Network Appliances While we're comfortable virtualizing servers, virtualized instances of network services come with a unique set of challenges. The gains from appliance virtualization can be huge, but you need careful design to avoid being caught in an explosion of management complexity. This section will look at Network Function Virtualization (NFV) and the balance between simple virtual appliances and network functions that are part of larger platforms. SDN Deployment Scenarios To build real networks with SDN technologies, you have to account for resilience, capacity, security, and cost. This section will address different topologies and design considerations and provide information on how to balance competing aspects of typical SDN architectures. Real-World SDN Use Cases Theory is great, but any networking investment has to earn its keep. This section will look at pragmatic SDN use cases that deliver real value and do useful work in today's networks. SDN Live Getting your hands on technology is the best way to gain a deeper understanding of it. The winners of the ONUG spring hackathon will demonstrate the WAN traffic routing application that they built in two days on a platform that attendees can download and run themselves. We'll look at the challenge they tackled and the tools and techniques that they employed. A live demonstration will walk through the coding process and show the effects of the traffic management capabilities of the finished application.
The Wireshark protocol analyzer can do a lot more than basic packet capture and filtering. This workshop will focus on in-depth protocol analysis, including the use of advanced filtering techniques, IO graphs, and data interpretation. The goal of this workshop is to turn those captured packets into troubleshooting results. We'll provide example trace files during the class to let you follow along with the instructor. The workshop will cover: Advanced packet capture techniques Using IO Graphs to get the big picture In-depth protocol analysis VoIP analysis Exporting data Using Colorization Rules to quickly identify packets of interest Using Profiles for protocol-specific analysis Attendees will learn how to: Get the right packets in the capture buffer the first time Quickly eliminate packets that are not part of the problem Distinguish improper and proper protocol behavior Analyze and play back VoIP traffic Who should attend: Network administrators, network engineers, network managers, and application developers. Some familiarity with Wireshark is recommended but not required.
IT leaders are expected to break down silos between different technology teams, get end users to understand and embrace policies, and forge productive relationships with their counterparts on the business side of the organization. This is harder than it sounds, because while people can behave rationally, they can also be governed by emotions such as frustration and fear of change. They can be driven by ego, a bad attitude, or simple ignorance. They can cause conflict that can disrupt professional relationships, drag down a team or even poison an entire department. Unfortunately for technical-minded leaders, there's no Python script to program company-wide collaboration and harmony and get everyone to sing Kumbaya. We have to learn how to build healthy relationships with employees, drive engagement, and understand how to resolve conflicts using practical, effective strategies. In this workshop, participants will get a deep-dive on what motivates us as human beings and how our emotional wiring can quickly override our best intentions. You'll learn assertive communication and conflict resolution strategies that will help re-engage the staff and encourage organizational change. You'll see that peaceful doesn't have to mean passive and that conflict isn't always a negative for an organization. This is a participatory workshop utilizing collaboration techniques from Joe Weston's Respectful Confrontation method. "We have to face the fact that either all of us are going to die together or we are going to learn to live together, and if we are to live together we have to talk." Eleanor Roosevelt Who Should Attend: IT managers who need to motivate technical staff and create an engaging, productive work environment; engineers and administrators that need to work across IT silos; IT professionals that interact with internal business units and end users. Key Takeaways: Attendees will: Understand our emotional wiring and how it can trigger both positive and negative responses Learn real-world strategies to resolve conflicts Discover how to motivate and engage co-workers Recognize that "peaceful" and "respectful" conflict resolution doesn't equate to passivity Find positive outcomes in conflicts
Vulnerability management is essential to information risk management and security programs. However, many organizations' vulnerability management processes are reactive and inefficient. Organizations that implement a comprehensive, proactive vulnerability management program will see a significant increase their success rates in protecting their business processes, information infrastructure, and data. This session will focus on the key elements in vulnerability programs as well as their dependencies and requirements. The most effective vulnerability management programs follow a structured lifecycle from the moment of vulnerability detection until the completion of its remediation report. The speaker will explore industry-leading methods and, practices of vulnerability management supported by case studies and real world examples.
This lively and fast-paced presentation will examine the most recent developments in hacker tools, exploits, trends and legislation. Live demos for some of the newest tools will be given. This session aims to arm the participates with knowledge about the state-of-the-art in IT security to better equip the participant to defend against newer threats, identify new resources for auditing IT systems, and plan for coming trends and legislation. After completing this session,attendees will be able to: Determine the appropriateness of using the latest free security tools as part of their security testing tool kit. Evaluate if new threats apply to their situation and possible mitigation strategies. Learn from current incidents to better evaluate their own defenses from similar attacks and raise awareness within their organization. Enhance their own personal security (as well as the security of their organizations) by implementing (typically) free security tools or using enhanced settings in common software.
You probably consider your enterprise data safe, but have you really considered every possible security scenario to ensure its safety? In this session, you will learn what to look for in a cloud provider, including architectural considerations, and proper data procedures and compliance. You will also learn about the top five practices that can put your company data at risk and how to successfully combat those challenges to ensure the complete safety of your most sensitive information. Specifically, the session will explain what architectural features to look for in a cloud provider that ensure data privacy laws, such as where does client data reside in the full cloud stack as well as understanding that data processing also applies to people accessing this data in a customer support capacity. Attendees will learn how data protection laws impact how your data is stored, and what to look for to confirm the architecture you're using is built to ensure those privacy and protection laws are not violated.
The concept of "if" has been replaced with "when and how bad" when it comes to the reality of cyber attacks and business disruptions for many organizations. Defending the business while ensuring it continues to thrive is a delicate balance that risk and security professionals must embrace, while at the same time is often their greatest challenge. Successful organizations and business leaders identify, assess, embrace, and manage risks to ensure they are prepared to minimize their impacts if they are realized. This same philosophy and approach should be true for risk and security activities and the professionals who enable them as well. The constant changing and evolving landscape of attacks, adversaries, regulations, and compliance requirements has forced many organizations to aggressively implement best effort approaches to information risk management and security to meet their immediate defensive needs. This often leads to them operating on a less than adequate and reactive basis. By using a risk based and business aligned approach to design, implementation, and operation of comprehensive and proactive defensive programs and capabilities can be easily introduced, sustained, and matured within organizations of any size or complexity. This workshop will explore a risk based and pragmatic approach to defending information infrastructure and data assets. Both proactive capabilities to manage risk and reactive capabilities to minimize realized risks will be explored. Topics will include information risk profiles, threat and vulnerability analysis, vulnerability management, and business resiliency capabilities (Command and Control, Incident Response, Business Continuity and Disaster Recovery). Interactive discussions, examples, and cross industry case studies will be presented throughout the workshop to provide examples of discussion points as well as identify and explore current and evolving industry-leading practices. Who Should Attend Individuals who have the responsibility to provide information security, risk management, and privacy services and capabilities within their organization. Individuals who currently are or aspire to become chief information security or risk officers. Business leaders and individual contributors who have the responsibility of designing, implementing, and operating information security and risk management programs within their organization. Business leaders and individual contributors who would like to understand how to implement an effective information security and risk management programs and capabilities within their organization. Information technology or security examiners and/or auditors who are responsible for providing oversight to enterprise information security and risk management solutions. Prerequisites Fundamental understanding of information security and risk management concepts, goals, and techniques.
Cloud computing with OpenStack is a powerful way of providing and consuming IaaS to achieve the scale and agility required by IT departments today. In the most recent release, Havana included nearly 400 application-driven enterprise features. Organizations such as Fidelity, Bloomberg, Comcast, PayPal, Cisco Webex, Best Buy, Concur and Shutterstock are now deploying OpenStack-powered IaaS in production order to increase operational efficiency and create real business value. The OpenStack Forum provides an opportunity for cloud architects, IT management and business leaders to gain a working understanding of OpenStack, its core projects, the current state of the technical components, use cases ideally suited to OpenStack, and considerations for taking OpenStack from dev/test into production environments. Join us for the 1/2 day Forum and gain insight into: The State of the Stack: what works and what needs work Which components of OpenStack are fully featured today and which are in development OpenStack vs. other open source cloud software choices Getting started with OpenStack Considerations for moving OpenStack out of dev/test and into your production environment
Next-generation firewalls promise more sophisticated attack detection and prevention without affecting network performance. Rob Smithers, President and CEO of Miercom, will provide a wealth of objective information on next-generation firewalls. Smithers will share validated results of Miercom's performance testing of next-generation firewalls from WatchGuard, Cisco, Palo Alto, Check Point, Juniper and SonicWall. He'll also share case studies that show which products have been the most effective. Mr. Smithers will also discuss Miercom's experiences in deploying and troubleshooting next-generation firewalls in the private sector and government.
In this day and age, it's not only dangerous to use the cloud without secure encryption, it's downright neglectful. Ponemon's annual cloud encryption report recently noted that 50% of companies are still sending their data to and from the cloud unsecured. Today, securing data is only half of the issue for IT security teams. Modern data protection is about security and control. Whoever owns and maintains the encryption keys, controls access to the data. If your cloud service provider manages the keys on behalf of your organization, they can still be obligated to share your data with government officials without notifying your organization. In this session, cloud encryption expert and Vaultive CEO, Elad Yoran, will discuss the importance of persistent encryptiona method which secures data in all three states (at rest, in transit, and in use) so your information is never exposed to anyone, except your organization holding the encryption keys.