SD1 – Cylance – Next-Generation Antivirus Powered by Artificial Intelligence

Peter Ritter, Brite Computers

Cylance’s award-winning product, CylancePROTECT®, provides enterprise endpoint security, preventing over 99% of advanced persistent threats and malware from executing. CylancePROTECT stops what others don’t, without requiring a cloud connection or frequent updates, all while using a fraction of the system resources associated with antivirus and endpoint security software.

Cylance® is the only company to offer a preventive cybersecurity solution that stops advanced threats and malware at the most vulnerable point: the endpoint. Applying a revolutionary artificial intelligence approach, the Cylance endpoint security solution, CylancePROTECT®, analyzes the DNA of code prior to its execution on the endpoint to find and prevent threats others can’t, while using a fraction of the system resources associated with endpoint antivirus and detect and respond solutions that are deployed in enterprises today. For more information and thought provoking blogs, visit:

SD2 – Trends in Malware Detection and Incident Response

John Otte, ePlus

Today’s threats to information systems include both malware and ransomware that may result in the significant loss of sensitive data. Having effective detection and response methods are critical to effectively reducing the spread and damage these threats cause within an organization. This presentation will help identify current trends in malware detection and activity while exploring best practices for responding to and containing these events within the organization.


John is a seasoned Information Security and data protection professional with over 10 years of Systems Security Audit and controls experience. His vast experience includes over 20 years of Information Technology and engineering experience in the US Government, Department of Defense and the private sector. John’s private sector experience includes assisting clients with assessments related to the Health Insurance Portability and Accountability Act (HIPAA). John has extensive experience in the healthcare and public utility industries. John has led both large and small health insurance companies, providers and hospitals with the assessment of their information processing environments using the HIPAA privacy and security rules as the baseline.

John has also performed a number of large engagements for companies that required experience in dealing with the National Institute of Health, The Center for Disease Control and the Center for Medicare/Medicaid. John’s vast knowledge in Healthcare related issues and challenges enables him to provide cost effective pragmatic solutions to his clients.

John has extensive experience with assisting power and other public utility companies with the assessment of their compliance with the Northern American Electric Reliability Corporations (NERC) standards for Critical Infrastructure Protection (CIP). John has led several engagements for public utility companies to help them achieve and sustain compliance with these standards.

John’s experience also includes leading numerous financial and regulatory types of audits including those involving the Gramm-Leach-Bliley Act. John has vast experience in assessing the design and effectiveness of information protection, data security and internal controls in both commercial and investment banks across the United States.

John has also performed incident response and digital forensics work for a variety of commercial and government organizations. His investigation experience ranges from corporate misconduct to high profile criminal cases involving expert testimony. John is a national speaker on the topic of incident response and specializes in forensics cases related to the Payment Card Industry Data Security Standards (PCI DSS).

Much of his recent expertise centers on IT governance and control. His knowledge in the Payment Card Industry Data Security Standards (PCI DSS) has assisted in the implementation of comprehensive compliance programs. John has also helped organizations with technology governance and control by aiding in the implementation of leading IT governance frameworks such as ISO 17799.

SD3 – Security Operations Centers: Focused Before, During, and After an Attack


Keeping up with and getting ahead of cyber threats require you to address suspicious and overt malicious activity before, during, and after an attack. As cloud technologies and services become more critical to your business, extending your governance, security controls, threat detection and response capabilities across both your on-premise and cloud realms introduces new challenges. Our experts will present on how you can:

Before an Attack: Get ahead of emerging threats by activating global threat intelligence across your systems and teams.
During an Attack: Diagnose critical threats with a combination of expertise and 24×7 global visibility across your on-premise and cloud environments.
After an Attack: Respond quickly and effectively by activating your tested incident response program and global team of experts.

Organizations like yours want to bring this all together into an integrated cybersecurity posture. Regardless if you are in the early stages of building a SOC, operationalizing a SOC, or wanting to optimize and extend an existing SOC, it’s clear that you require flexibility and a global team of experts who can partner with you at every stage.

SD4 – Securing the Infrastructure for an Information Security Company

Ronald Dodge, Palo Alto

During this talk I will engage the audience on the processes and unique security requirements that are considered for a security company. I will discuss with the audience how some of the items are present in many companies and how I have approached them. I will also discuss our roles in security operations and threat intelligence, leveraging the Cyber Threat Alliance and discuss some recent results from our threat research.


Ronald Dodge is currently the Senior Director for Information Security Engineering at Palo Alto Networks – responsible for building and securing a global information infrastructure. Ron has a diverse background spanning over 20 years including IT leadership in government, academia, and industry; leading innovation in IT infrastructure/services, security education, and cyber research.

Ron has served in leadership positions in many international consortiums including the Institute for Infrastructure Protection (I3P), the Colloquium for Information Systems Security Education (CISSE), the International Federation for Information Processing (IFIP), the IEEE/ACM 2013 Computing Curriculum working group, and the Honeynet Project. Ron was an early thought leader in cyber security exercises from the Cyber Defense Exercise to the Collegiate Cyber Defense Competition and in the delivery of security education using virtualization.

Ron served over 28 years in the US Army with military assignments ranging from combat duties in an attack helicopter squadron to the CIO for the United States Military Academy, West Point. Ron received his Ph.D. from George Mason University, Fairfax, Virginia in Computer Science. His current research areas are information warfare, network deception, and performance planning and capacity management. He is a frequent speaker at national and international security events and has published many papers and articles on information assurance and security.

SD5 – Cloud Security – Some Basics to Help Keep Your Data Safe

Anthony Luz, Meridian IT

Moving your data to the Cloud? Perhaps you are already using the Cloud, but question what security measures could be taken. With more and more of today’s computing moving to shared data centers, understanding the risks and benefits of different models can help with a secure deployment. We will take a look at what the “Cloud” is today, the different types of Clouds, and who the security responsibilities fall to in this introductory discussion.


Anthony Luz joined Meridian IT Inc. as a Security Solutions Architect in September of 2014. Before coming to Meridian IT, Anthony was the Sr. Network Engineer for Oneida Nation Enterprises / Turning Stone Resort. Working over 15 years in a variety of roles for the Oneida Nation Enterprises, he helped lead solutions in the ever changing challenges presented to an “always on” organization. Some of the systems and solutions he was responsible for encompassed mail servers, Active Directory, PKI, storage, virtualization, LAN/WAN/Wireless networking, firewalls, and system security. Having worked with many manufacturers technologies, he has experienced some of the benefits and challenges presented from each.

Recently moving from a private enterprise to a consulting role has allowed him to bring his experiences to a larger audience. This has also provided a unique vantage point of truly being in the customer’s shoes, having been presented with similar challenges in his former role. With a dedication to solutions that work for individual challenges, he continues to strive for new and unique solutions to ever changing needs of business.

SD6 – The Eye of the Storm

Ladi Adefala, Fortinet

The most intense phase during a data breach investigation (the eye of the storm) can be very frustrating when answers to questions are difficult to come by. Questions such as how did they get in, how do they stay in and evade defenses, what are they after and who are they. During the eye of the storm, it can be very beneficial to already have meaningful intelligence and context that can help answer some of these questions.

This session will provide answers to these questions and offer some best practice considerations for getting the most out of threat data feeds.

These threat data feeds offer threat context and can make quite a difference when taking meaningful action to reduce the impact of a data breach. Additionally, the presentation will offer insights into the new Tactics Techniques and Procedures (TTPs) and associated risk-mitigation strategies.


Ladi Adefala is a passionate cyber security professional with a broad range of expertise that spans multiple security domains including security strategy, solution architectures, SIEMs, IDS/IPS, web security solutions, security assessments, network security, threat management, NAC and security training. Adefala’s background in information technology and security began with stints at Red Hat Consulting, AT&T and World Wide Technology Inc. Adefala has served in a variety of strategic technical and leadership roles that span a variety of disciplines including enterprise network, mobility, data center and advanced cybersecurity solutions.

As a FortiGuard cybersecurity expert with Fortinet, Adefala advises and engages clients and executive leaders on solution strategies in a number of industry segments, including financial, healthcare, retail, utilities/energy, and numerous federal and state government agencies.

Adefala’s research interests include cyberthreat intelligence and big data analytics. He also serves as adjunct faculty supporting students at Webster University’s Master of Science — Cyber Security Program, where he engages participating students in the domains of critical infrastructure protection, network forensics, and malware analysis and reverse engineering.

His credentials include an MBA from Washington University and multiple industry certifications including GIAC exploit researcher and advanced penetration tester, GIAC reverse engineering malware, and GIAC network forensics analyst.

SD7 – Ransomware – Protect or Pay

Mike Ruiz, Zscaler

In the last few years, ransomware has taken the cybercrime world by storm. CryptoWall 3.0, one of the most lucrative and broad-reaching ransomware campaigns, was alone responsible for 406,887 infection attempts and accounted for about $325 million in damages in 2015. According to the Institute for Critical Infrastructure Technology, ransomware promises to wreak more havoc in 2016.

While individual users were once the preferred target of ransomware, perpetrators have increasingly set their sights on businesses and organizations; and you can bet that with larger targets, the ransom demands will increase accordingly.

Are you prepared for such an attack?

Learn how ransomware can impact your business and why legacy security solutions don’t stand a chance against such threats. We will also cover:

  • How has ransomware evolved
  • Lessons learned from the recent attacks
  • Why is cloud sandboxing so important
  • How ransomware can be mitigated

SD8 – Secure the Breach

Ron Stamboly, Gemalto

Confidences in everyday transactions and personal protection have been shattered over the last few years with the exponential growth of breaches. In 2015 alone, over 707 million records were breached globally, resulting in the loss of millions of dollars. Organizations must be on high alert—with more and more devices, data and transactions in the cloud, hackers have even more to go after—increasing everyone’s risk.

It should be accepted that perimeter security is not enough – a breach will happen. It is time to move into a state of breach acceptance and focus on what you can do to secure your organization’s sensitive data through encryption, trusted key storage and management, and strong authentication.

It is time to secure the breach.


Mr. Stamboly joined Gemalto (formerly SafeNet) in 1997 as a Security Architect responsible for technical presales and sales support for the entire sales cycle, from evaluation to installation. Mr. Stamboly’s area of expertise includes hardware and software products covering authorization, access control, key management, and encryption.

Currently, Mr. Stamboly focuses on supporting the sales of Gemalto’s Data Protection Solution, most specifically driving Gemalto’s market share in cloud computing security and virtualized environments—securing and controlling access to cloud applications, along with encrypting virtual volume and instances. Mr. Stamboly has over 18 years of experience in the data protection, telecommunications and networking equipment industries. Additionally, Mr. Stamboly has extensive experience with networking hardware along with TCP/IP.

SD9 – Six Steps for Operationalizing Threat Intelligence

Russ Harnish, Forsythe

The best form of defense against cyber-attacks and those who perpetrate them, is to know about them. Collaborative defense has become critical to IT security and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by.

Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.

Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and delivery standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and better focus staff efforts and decision-making.

Join us to learn:

  • The difference between threat data and threat intelligence
  • Available sources of intelligence and how to determine if they apply to your business
  • Key steps for preparing to ingest threat information and turn it into intelligence
  • How to derive useful data that helps you achieve your business goals
  • Tools that are available to make collaboration easier


Russell is a 20-year technology veteran with experience in software, networking, communications, and information security. He is currently a security architect with Forsythe Solutions Group, where he draws on his previous experience as Chief Information Security Officer to help Fortune 500 clients with their security challenges, most notably in the pharmaceutical, financial, and healthcare industries. Russell is actively involved in the security community, serving on his both of his regional ISACA and InfraGard boards.