Presentations are hyperlinked below.
|
| Wednesday, March 4, 2009 |
| 8:00am - 5:00pm |
Pre-Conference and Conference Registration |
| 8:00am - 9:00am |
Continental Breakfast |
Pre-Conference Workshops presented by SANS Institute
|
| 9:00am - 12:00pm |
Morning Sessions |
| |
• Research: Developing Exploits for Penetration Testers and Research
As zero-day vulnerabilities are discovered more frequently, malicious
computer attackers are constantly writing exploits to attack them. But
when a new flaw is discovered, it is often difficult to determine
whether it is truly exploitable, making an analysis of business risk
difficult, if not impossible. Things get even murkier when the flaw is
discovered in home-grown applications supporting an enterprise. Yet
until now, only a small, self-selected, high-tech "priesthood" of security researchers have had the skills to determine whether a given flaw can lead directly to exploitation.
Do you want to join the skilled security researcher elite and stop relying on others to find your application's vulnerabilities and start writing your own Proof of Concept (POC) code?
Instructor: Peter Szczepankiewicz,
BIO: Formerly working with the military, Peter responded to network
attacks, and worked with both defensive and offensive red teams.
Currently, Peter is a Senior Security Engineer with IBM. People lead
technology, not the other way around. He works daily to bring actionable
intelligence out of disparate security devices for customers, making
systems interoperable.
CPE: Three CPE Credits
|
| |
• Operational Security: Defending Wireless Networks
Wireless technology fundamentally changes accepted security paradigms.
With the pervasive deployment of wireless technology, attackers have
latched on with sophisticated and effective techniques to exploit
wireless systems at work, at home, or on the road. Despite the
significant threats, organizations are deploying WiFi, Bluetooth, and
proprietary wireless technology at a break-neck pace. This can expose
internal networks and client systems, often allowing attackers to bypass
intrusion detection systems and other defenses. To be a wireless security expert, you need to have a comprehensive
understanding of the technology, the threats, the exploits, and the
defense techniques along with hands-on experience in evaluating and
attacking wireless networks.
Instructor, Jim Shewmaker:
BIO: James has over 15 years' experience in IT. He is a SANS certified
instructor and is one of the first certified GSE-Malware experts. He
graduated with a BS in computer science from the University of Idaho.
James is a founder and active consultant for Bluenotch Corporation, which
focuses on investigations, penetration testing, and analysis. He develops
applications and appliances for broadcast radio, Internet, and satellite
devices. James also contributes to the FreeBSD project and is a port
maintainer. He presents at various security and IT conferences, is a
courseware contributor, and is actively involved in the COINS program. He
holds many certifications including the GCIA, GCIH, and GCFA.
CPE: Three CPE Credits
|
| 12:00pm - 1:30pm |
Lunch |
| 1:30pm - 4:30pm |
Afternoon Sessions |
| |
• Security Management: Security Leadership Essentials
This track is designed to empower advancing managers who want to get up
to speed fast on information security issues and terminology. You don't
just learn about security, you learn how to manage security. Lecture
sections are intense; the most common student comment is that it's like
drinking from a fire hose. The diligent manager will learn vital,
up-to-date knowledge and skills required to supervise the security
component of any information technology project. Additionally, the
course has been engineered to incorporate the NIST Special Papers 800
guidance so that it can be particularly useful to US Government managers
and supporting contractors.
Instructor: Peter Szczepankiewicz
BIO: Formerly working with the military, Peter responded to network
attacks, and worked with both defensive and offensive red teams.
Currently, Peter is a Senior Security Engineer with IBM. People lead
technology, not the other way around. He works daily to bring actionable
intelligence out of disparate security devices for customers, making
systems interoperable.
|
| |
• Operational Security: Hacker Exploits
By helping you understand attackers' tactics and strategies in detail,
giving you hands-on experience in finding vulnerabilities and
discovering intrusions, and equipping you with a comprehensive incident
handling plan, the in-depth information in this course helps you turn
the tables on computer attackers. This course addresses the latest
cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks
that are still so prevalent, and everything in between. Instead of
merely teaching a few hack attack tricks, this course includes a
time-tested, step-by-step process for responding to computer incidents,
a detailed description of how attackers undermine systems so you can
prepare, detect, and respond to them, and a hands-on workshop for
discovering holes before the bad guys do. Additionally, the course
explores the legal issues associated with responding to computer
attacks, including employee monitoring, working with law enforcement,
and handling evidence.
Instructor: Jim Shewmaker
BIO: James has over 15 years' experience in IT. He is a SANS certified
instructor and is one of the first certified GSE-Malware experts. He
graduated with a BS in computer science from the University of Idaho.
James is a founder and active consultant for Bluenotch Corporation, which
focuses on investigations, penetration testing, and analysis. He develops
applications and appliances for broadcast radio, Internet, and satellite
devices. James also contributes to the FreeBSD project and is a port
maintainer. He presents at various security and IT conferences, is a
courseware contributor, and is actively involved in the COINS program. He
holds many certifications including the GCIA, GCIH, and GCFA.
CPE: Three CPE credits |
Thursday, March 5, 2009 |
| 6:00am - 7:00am |
Vendor / Exhibitor Set-Up |
| 7:00am - 5:00pm |
Conference Registration |
| 7:00am - 8:00am |
Exhibit Hall Opens / Continental Breakfast |
| 8:00am - 9:15am |
Keynote Speaker, Stefano Zanero, PhD
"WOMBAT: Building a Worldwide Observatory of Malicious Behavior and Attack Threats"
|
| 9:15am - 9:30am |
Break |
| 9:30am - 10:45am |
Concurrent Sessions I |
| |
• The Evolution of a Computer Forensics Program |
| |
• Database Security Event and Information Management |
| |
• OMG: There's A Hacker In My Friend's List
|
| 10:45am - 11:00am |
Break |
| 11:00am - 12:15pm |
Concurrent Sessions II |
| |
• Teaching Intrusion Detection and intrusion Prevention on the Virtual
Platform: Hands-On Laboratory E |
| |
• Easiest Ways to Comply with Red Flag Rules |
| |
• Stopping Advanced Persistent Threats from Evading Detection |
| 12:15pm - 1:45pm |
Lunch and Keynote Speaker, Randy V. Sabett, J.D. |
| 2:00pm - 3:15pm |
Concurrent Sessions III |
| |
• Security in the Real World: From Incidents to Solutions |
| |
• Risk Management / Risk Assessments |
| |
• Higher Education and Mobile Devices Security Issues |
| 3:15pm - 3:30pm |
Break |
| 3:30pm - 4:45pm |
Concurrent Sessions IV |
| |
• Growing a Cyber Security Awareness Program |
| |
• Protecting Your Data in a Dangerous World
|
| |
• Do You Know Where Your Groups Are? |
| 5:00pm |
Exhibits Close |
| 5:00pm - 7:30pm |
Poster Session and Reception |
| |
• IT Continuity Management Roadmap |
| |
• Meta Data: How Harmless is Generic Data |
Friday, March 6, 2009 |
| 7:00am - 8:00am |
Continental Breakfast |
| 8:00am - 9:15am |
Keynote Speaker,
Julia H. Allen, Senior Researcher
"Making the Business Case for Software Assurance"
|
| 9:15am - 9:30am |
Break |
| 9:30am - 10:45am |
Concurrent Sessions V |
| |
• Practical Ways to Secure Your Computer For Non-Geeks |
| |
• Payment Card Standards: Unique Challenges, Unique Risks for Higher Education
|
| |
• NAC: Is It Dead Yet? |
| 10:45am - 11:00am |
Break |
| 11:00am - 12:15pm |
Concurrent Sessions VI |
| |
• Student Perceptions of IT Security Knowledge Learned in a CIS Degree
Program |
| |
• The Five Biggest Application Security Vulnerabilities: The Importance of
Integrating Application Security Testing Within the QA Lifecycle |
| |
• Trusted Storage: Putting Security Where Data Lives |
| 12:15pm - 1:00pm |
Lunch |
| 1:00pm - 2:15pm |
Keynote Roundtable |
| 2:30pm |
Conference Ends |
| |
|
