Speakers

Interested in becoming a Secure Iowa Conference speaker? Apply today.

Lieutenant Colonel Robert J. Darling, United States Marine Corps (Ret.)

Lieutenant Colonel Robert J. DarlingUnited States Marine Corps (Ret.)

 

September 11, 2001 - The White House

A Crisis Leadership Presentation

By Lieutenant Colonel Robert J. Darling
United States Marine Corps (Ret.
)

On September 11th, 2001, Lieutenant Colonel Darling was working in the White House Military Office and was initially tasked to coordinate airlift assets for the President’s evacuation to an undisclosed site.  However, he was quickly recruited to provide his military expertise and became a liaison between the Vice President, National Security Advisor and the Pentagon.  During the next 24 hours, he received real time information from numerous government agencies and worked directly with the National Command Authority to respond to the terrorist attacks.  Lieutenant Colonel Darling witnessed firsthand the enormity of the crisis leadership decisions that were made that day on behalf of all Americans.  This presentation is designed to ensure we, as a nation, never forget the events of 9/11/01, and to inspire all leaders to take the necessary steps within their power to protect and safeguard their employees, their organizations and their communities.   

Robert J. Darling Bio

Retired Marine Corps Lt. Col.
Cobra “Attack Helicopter” Pilot
Marine Helicopter Squadron One Presidential Pilot for President Bill Clinton

White House Airlift Operations Officer who, during the attack on America on 9/11/01, responded to the underground White House Bunker Complex and stood shoulder to shoulder with America’s highest leaders as they made unprecedented crisis leadership decisions on behalf of all Americans.

Author : “24 Hours Inside the President’s Bunker, 9/11/01”

Events

Keynote Speaker

David Nelson--President at Pratum

David NelsonPresident at Pratum

Dave is a Certified Information Systems Security Professional (CISSP) with 20 years of experience and a Fellow with the Information Systems Security Association (ISSA). He has lead technology organizations in both the public and private sector. Prior to founding Pratum, he most recently was the Chief Information Security Officer for a leading health informatics company.

He also managed an information security group for a top 5 U.S. banking organization, was the CIO for a higher education institution and served as the information security officer for one of the largest municipal governments on the east coast. Dave received his Bachelor of Science degree with a major in Computer Information Systems from Excelsior College. He has also taught and developed information technology curriculum at the post-secondary level, is a published author and speaker at national conferences.

Brad Beltman

Brad Beltman

 

AppSec War Stories

This is a look back at some of the fun, cool, and sometimes jaw-dropping situations we've encountered over the last year of web application penetration testing, where we'll recount stories of real tests that we conducted. Some stories include interesting ways around hurdles encountered, some include issues we see frequently, and some are included just for the lulz :) . This talk will include technical content, but has something for everyone from analysts and developers, to executives. 

Our intent is not to point fingers or place blame, but rather a reminder of what can happen if we don't all remain vigilant and work to continually improve our defenses. Pull up a chair and grab some pop-corn, it's story time!

Brad Beltman Bio

Brad is a consultant with SecureWorks doing full time web application penetration testing.

He has a masters degree in Information Assurance from Dakota State University. Certifications include OSCP, GWAPT, GPEN, GCIH, GCED, and CISSP. When not on a computer, Brad is usually tormenting his wife, playing with his two kids, or playing guitar.

 

AppSec War Stories will be be co-presented with Jared McLaren.

Events

Track
Security Testing and Investigation

Levels
All

Eric Johnson

Eric Johnson

 

Secure DevOps: Static Analysis & the Puma’s Tail

DevOps is changing the way that organizations design, build, deploy and operate online systems. Engineering teams are making hundreds, or even thousands, of changes per day, and traditional approaches to security are struggling to keep up. Security must be reinvented in a DevOps world and take advantage of the opportunities provided by continuous integration and delivery pipelines.

In this talk, we will explore how static analysis fits into Secure DevOps and introduce you to Puma Scan: an opensource .NET static analysis rules engine. Live demonstrations will show Puma Scan identifying vulnerabilities inside Visual Studio and in a Jenkins continuous integration (CI) build pipeline. Attendees will walk away with a better understanding of the role static analysis play in DevOps and a .NET static analysis engine to help secure your organization’s applications.

Eric Johnson Bio

Eric Johnson is a Principal Security Consultant at Cypress Data Defense. At Cypress, he leads web and mobile application penetration testing, secure development lifecycle consulting, secure code review assessments, static source code analysis,
security research, and security tool development. Eric has presented his security research at conferences around the world including SANS, BlackHat, OWASP AppSecUSA, BSides, JavaOne, UberConf, and ISSA. He has contributed to several open
source projects including Puma Scan (a .NET static analysis tool), AWS Critical Security Control Automation, and the OWASP Secure Headers project.

Eric is also a Certified Instructor with the SANS Institute where he authors several application security courses, serves on the advisory board for the SANS Securing the Human Developer awareness training program, and delivers security training around the world.

Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP. NET, and GSSPJava certifications.

Events

Track
Application & Infrastructure Security

Levels
Mid-Career
Senior Level
Security Leader

Alex T. Hart

Alex T. Hart

 

Secure Application Development:
Managing your risks as you build

This session will explore an agile approach to secure application development, and risk management. We will explore how risk management activities can tie into application development, developing synergies to reduce time to market.

Alex Hart MA MPA

Alex works with customers to establish necessary Information Security Governance and Controls in Cloud Computing environments. Previously, he formulated a third-party risk management framework for a portfolio of cloud based products and was responsible for establishing all security agreements. Alex formulated a fraud mitigation system for a financial services company and through his guidance on enterprise risk management for cloud systems, the firm increased 600% in users and 2,000% in funds transferred during his tenure. He worked side-by-side with cloud software engineers and product managers ensuring new releases were compliant with applicable regulatory requirements and fit within the risk appetite of the leadership team.

Alex holds a Master in Public Administration in Public Policy from Drake University, a Master of Arts in Developmental and Educational Psychology from Boston College. Alex enjoys spending time with his family and his dog Mr. Wynn in Montana. He enjoys continuously learning the changing environments of Cloud Computing and Information Security.

Events

Track
Application & Infrastructure Security

Levels
Mid-Career
Senior Level
Security Leader

Jared McLaren

Jared McLaren

Jared is a Principal Consultant with SecureWorks, and Technical Lead for the application security practice. He has spent over 16 years working in the security industry with extensive experience in both defensive and offensive tools, techniques, and procedures. Certifications include GSE, GSEC, GCIA, GPPA, GCIH, GCWN, GCPM, GMOB, GWEB, GXPN, CISSP, OSCP, and OSCE. Outside of work, Jared is a dedicated family man, competitive duathlete and cyclist, and enjoys a good Belgian beer.

Events

Track
Security Testing and Investigation

Levels
All

Bil Harmer

Bil Harmer

 

Change is Simply an Act of Survival - How can we predict the future when we're shackled to the past?

This presentation will review the history and development of the corporate network, it's interaction with the Internet and how the adoption of SaaS and PaaS base solutions have rendered the network irrelevant from a security perspective. We will explore recent developments in malware, trends in targets and attack methodologies using case studies and how threat actors have adopted a more businesslike approach to creation, distribution, and management of their attack campaigns. Finally we will then consider one possible future and explore how laying the ground work now will provide a more secure base to work from while improving usability, reigning in costs.

 

Bil Harmer Bio

Bil has been in Information Technology for 30 + years. He has been at the forefront of the Internet since 1995 and his work in security began in 1998. He has led security for startups, Government and well established Financial Institutions. In 2007 he pioneered the use of the SAS70 coupled with ISO to create a trusted security audit methodology used by the SaaS industry until the introduction of the SOC2. He has presented on Security and Privacy in Canada, Europe and the US at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance. He has been interviewed by and has written for various publications such as Dark Reading, Data Informed, SecureWorld and Security Intelligence. His vision and technical abilities have been used on advisory boards for Adallom, Trust Science, ShieldX, Resolve and Integris. He has served as Chief Security Office for GoodData, VP Security & Global Privacy Officer for the Cloud Division of SAP and now serves as a Strategist for Zscaler where he runs the Office of the CISO for the Americas. Bil is CISSP, CISM and CIPP certified.

Events

Track
IT Risk Management and Audit

Levels
Entry Level
Mid-Career
Senior Level
Security Leader

Dave Losen

Dave Losen

 

Security Metrics and Their Importance

Security Metrics and Metric driven security programs are great buzz words. Unfortunately many professionals don't understand the benefits of tracking and trending security metrics, don't know how to collect them, and are at a loss on what actionable items they indicate. This talk will overview 20 top metrics, talk about their history and show how a few may be used to the benefit of a proactive, modern, security team.

Dave Losen Bio:

Dave has spent over 20 years investigating, hacking and developing advanced security tools. He has the unique ability to bridge the gap between kiddy scripting hacker tools to advanced big data machine learning systems, while being able to explain it all in english. He has a great sense of humor and plays a mean game of pool.

 

Events

Track
IT Risk Management and Audit

Levels
Mid-Career

Tal Kushnirsky

Tal Kushnirsky

 

PKI Renaissance

Why PKI is making a comeback - what are the main use cases - why it became popular and to jump-start using in your own organization.

Tal Kushnirsky's Bio

Sales Engineer Manager for Gemalto's Central USA region specializing in Authentication/PKI/HSM product lines for over 13 years.

Events

Track
Application & Infrastructure Security

Levels
Senior Level

Travis Thompson

Travis Thompson

 

Security at the Edge- is your network ready?

The exponential rise in IoT is producing unexpected gains in productivity in all businesses. In this session we discuss the appropriate ways to enable this technology, secure it, and drive value from it to the betterment of the enterprise

Events

Track
Application & Infrastructure Security

Levels
Senior Level

Ryan Lally

Ryan Lally

 

Endpoint Protection in a Mobile World

New attack vectors from mobile devices are often times the access for cyber crime in an organization. We look at ways to protect your enterprise in a mobile and fast changing environment.

Events

Track
Application & Infrastructure Security

Levels
Senior Level

Geoffrey F. Jenista -- DHS

Geoffrey F. Jenista DHS

 

DHS Cyber Resources Overview

 

Geoffrey F. Jenista' Bio

Cyber Security Advisor, Region VII (MO, KS, IA, NE)
Office of Cybersecurity & Communication
Stakeholder Engagement and Cyber Infrastructure Resilience

Mr. Jenista serves as Cyber Security Advisor, Region VII, for the Stakeholder Engagement and Cyber Infrastructure Resilience Division of the Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD). He supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation's critical infrastructure.

His program coordinates cyber preparedness, risk mitigation and incident response, and provides cyber security resources, including assessments, to the nation’s sixteen critical infrastructure sectors and state, local, tribal, and territorial government entities.

Prior to joining the Department of Homeland Security he worked for the U.S. Army as an Army Enterprise Systems Branch Chief and Information Systems Security Manager with responsibility for all aspects of Technical support, Service Delivery, Risk Management, Project Management, Enterprise Architecture and Information Security. Prior to joining the U.S. Army he served in the U.S. Navy as a Senior Chief Petty Officer, holding duties as an Executive Officer, Weapons Officer and AEGIS Maintenance Supervisor from 1983 to 2005.

Mr. Jenista holds a MBA and a MA in Information Technology Management from Webster University. He has a BS in Computer Information Systems from Park University and he holds the Certified Information System Security Professional (CISSP) certification.

Sean Griesheimer

Sean Griesheimer

 

Business-Driven Security: A New Plan for Chaos

We will discuss how and why key-business drivers shape your security operations. We go beyond the guidance provided by NIST, and take a look at Risk Management, Threat Intelligence, Incident Workflow & Classification, Staffing Models, Use Cases & Prioritization, Escalation Plans, Security Controls, and Key Performance Indicators.

Sean Griesheimer's Bio

Sean comes from a vast background in financial planning, analysis, GRC, and Security. Sean’s hands on experience as both a practitioner and a security engineer have proven to be tremendous assets for his colleagues and customers. His abilities to connect across industry and organizations give him a leg up when engaged in those difficult cyber conversations. Sean is currently completing his CISSP, CSA and numerous other Security certifications. In addition, Sean is deeply embedded in the Kansas City technology community where you are likely to find him at ISC2 and ISSA events in his free time.

Dan Klemack

Dan Klemack

 

Compliance for the Digital Workplace Leveraging Automation

This session will help IT leaders examine their compliance readiness, and learn how automating governance and privacy policies can support their ongoing digital workplace strategies.

Dan Klemack's Bio

Dan Klemack is an accomplished technology sales professional for RES (now part of Ivanti), experienced in creating, automating and securing digital workspaces across hybrid environments, enabling IT to improve the experience and productivity of the workforce while lowering costs.

Events

Levels
Mid-Career

Subscribe to this RSS feed