hamburger menu

Agenda

6:30 – 9:30 PM QSC Welcome Reception at Hyde Bellagio
Kick off QSC17 in the chic indoor-outdoor Hyde nightclub. Join us for appetizers and cocktails, networking with Qualys experts, sponsoring partners and peers, and views of the Bellagio fountains.
Hyde nightclub - Bellagio
7:30 – 8:30 AM Registration & Breakfast
8:30 – 8:45 AM Welcome and Opening Remarks
Amer Deeba, Chief Commercial Officer, Qualys
8:45 – 9:15 AM KEYNOTE – From Securing our Networks to Enabling Digital Transformation of our Enterprises
Philippe Courtot, Chairman and CEO, Qualys
9:15 – 10:15 AM Our Journey into the Cloud: The Qualys Cloud Platform and Architecture
Sumedh Thakar, Chief Product Officer, Qualys
10:15 – 10:50 AM Refreshments & Networking
10:50 – 12:20 PM Securing Your Global IT Assets
Cloud Agents
Asset Management
Vulnerability Management
Indication of Compromise
Patch Management
12:20 – 1:30 PM Lunch, Best Practices Roundtables & Networking
1:35 – 2:25 PM KEYNOTE – It’s Not Just One Revolution: Extending Security Throughout Digital Transformation
Scott Crawford, Research Director, 451 Research
2:25 – 3:20 PM Securing Your Cloud Environments
Container Security
CloudView: Cloud Inventory and Cloud Security Assessment
3:20 – 4:20 PM Ensuring Continuous Compliance
Policy Compliance
File Integrity Monitoring
Security Assessment Questionnaire
4:20 – 4:45 PM Refreshments & Networking
4:45 – 5:20 PM Securing Your Web Applications
Web Application Scanning
Web Application Firewall
5:20 – 5:45 PM Managing Your Digital Certificates
CertView: Certificate Inventory and Certificate Assessment
5:45 – 6:00 PM Drastically Reducing Your IT Security Spend and Consolidating Your Stack
Sumedh Thakar, Chief Product Officer, Qualys
6:05 – 9:00 PM Dinner Reception and Networking
9:00 – 9:15 PM Walk to 'O' Theatre
The theater is in the Bellagio – a ten-minute walk.
Please arrive at least 15 minutes prior to showtime
9:30 PM Cirque du Soleil 'O'
Be our guest at a performance of Cirque du Soleil 'O'. Inspired by the concept of infinity and the elegance of water, world-class acrobats, synchronized swimmers and divers create a breathtaking experience.

8:00 – 8:45 AM

Breakfast and Networking

8:45 – 9:45 AM

KEYNOTE – Adaptive Security that Moves at the Speed of Digital Business

Neil MacDonald, Distinguished Analyst and VP, Gartner

9:45 – 10:15 AM

Refreshments and Networking

Solution Sessions

10:15 – 10:45 AM

Effective Threat LifeCycle Management with LogRhythm & Qualys

Jake Reynolds, Technical Alliances Engineer, LogRhythm

10:50 – 11:20 AM

Bridging the Gap: Vulnerability Assessment to Patch Remediation Without the Hassle

Chris Goettl, Manager of Product Management, Security, Ivanti

10:50 – 11:20 AM

Bugcrowd + Qualys: Automation Meets the Crowd

Daniel Korsunsky, Director of Product Marketing, Bugcrowd

Case Studies

11:25 AM – 12:05 PM

Customer Case Study: Visualizing Business-specific Risk and Vulnerability Prioritization with Qualys VM and APIs

Chris Kennedy, Head of Enterprise Technology Security, Bridgewater Associates

11:25 AM – 12:05 PM

Customer Panel: Use Cases for Qualys Cloud Agent

Moderator
Chris Carlson, VP of Product Management, Qualys

Panelist
William Dailey, Director of Information Security/ISO, RX30

Joseph Bamgbose, Security Analyst, ACI Worldwide

12:10 – 1:25 PM

Lunch

Product Drill Down / Use Cases

1:25 – 2:05 PM

Container Security and DevOps

Hari Srinivasan, Director of Product Management, Qualys

1:25 – 2:05 PM

Qualys Integrations and API Updates

Jeff Leggett, Director of Cloud Services, API and Integration,

2:10 – 2:50 PM

WAS Case Studies, Use Cases and DevOps Integration

Dave Ferguson, Security Solutions Architect, Qualys

2:10 – 2:50 PM

Digital Transformation at Qualys: Agility, Visibility & Security in the Cloud

Syamla Bandla, Vice President, Global Cloud Operations & DevOps, Qualys

3:45 – 3:50 PM

Closing Remarks

Amer Deeba, Chief Commercial Officer, Qualys

3:50 PM

Book signing with Jennifer S Granick

Jennifer S Granick, Surveillance and Cybersecurity Counsel, ACLU

We are offering three classes on Monday, Oct. 16. You may sign up for one class per day.


Vulnerability Management agenda

Registration is closed.


AM Session – Vulnerability Management

9:00 – 10:00 AM Host Assets
  • Agenda
  • The Qualys Cloud Platform
  • Overview of the Vulnerability Management Lifecycle
  • HANDS-ON LAB: Getting Started
10:00 – 11:00 AM KnowledgeBase
  • Vulnerabilities and the KnowledgeBase
  • Building and applying Search Lists
  • HANDS-ON LAB: Creating and Importing Search Lists
11:00 AM – 12:00 PM Scanning
  • Scanning Overview
  • Scanning Configuration
  • Authenticated Scanning
  • Cloud Agent Introduction
  • HANDS-ON LAB: Vulnerability Scanning
12:00 – 1:00 PM Lunch

PM Session – Assets, Scanning, and Reporting

1:00 – 2:30 PM Assets and Asset Inventory
  • Asset Groups and Business Risk
  • Dynamic Asset Tagging
  • AssetView, Advanced Search, and Dynamic Dashboards
  • HANDS-ON LAB – Organizing and Viewing Assets
2:30 – 4:30 PM
  • Reporting Overview and Templates
  • Scheduling Reports
  • Reporting Use Cases
  • HANDS-ON LAB: Reporting
  • User Roles
  • Building Remediation Policies
  • HANDS-ON LAB: User Creation and Remediation Policies
4:30 – 5:00 PM
  • Certification Exam

Web Application Scanning Agenda

Registration is closed because this class is full.

9:00 – 10:00 AM Web Application Scanning Overview
  • The WAS Lifecycle
  • Scanning Your Web Architecture
  • The Qualys Cloud Platform
10:00 – 10:30 AM The Qualys KnowledgeBase
  • The Qualys KnowledgeBase
  • Grouping Vulnerabilities
  • HANDS ON LAB: Basic Setup
10:30 AM – 12:00 PM Basic Application Setup and Discovery
  • Defining an Application
  • Adding, Removing, and Managing Web Applications
  • Crawl Scope
  • Path Fuzzing
  • Scanning workflow
  • Form Training
  • Discovery Scan
  • HANDS-ON LAB: Defining an App and Launching a Discovery Scan
12:00 – 1:00 PM Lunch
1:00 – 2:00 PM Advanced Application Setup and Scanning
  • Scanning Configuration
  • Crawling your Application
  • Progressive Scanning
  • Configuring DNS Override
  • Form Based Authentication
  • Crawl Exclusions
  • HANDS-ON LAB: Vulnerability Scan
2:00 – 3:00 PM Reporting
  • Dashboard
  • Web Application, Scan, Scorecard, and Catalog Reporting
  • Useful QIDs
  • HANDS-ON LAB: Customized Reporting
3:00 – 4:30 PM Tags and Users
  • Tag Creation
  • User Roles and Permissions
  • HANDS-ON LAB: Asset Tags and User Privileges
4:30 – 5:00 PM Burp and Malware Detection
  • Burp Professional Integration Overview
  • Malware Detection Application
  • HANDS-ON LAB: Burp integration and Malware Detection

Advanced Vulnerability Management Agenda

Registration is closed because this class is full.

9:00 – 10:00 AM Qualys Cloud Suite
  • The Qualys Cloud Platform
  • Integrated Apps
  • HANDS-ON LAB: Getting Started
10:00 AM – 12:00 PM Scanning in Vulnerability Management
  • Authenticated Scanning
  • Continuous Monitoring
  • AWS Scanning
  • HANDS-ON LAB: Getting Started
12:00 – 1:00 PM Lunch
1:00 – 2:00 PM Cloud Agent
  • Deployment
  • Agent Status and Lifecycle
  • Configuration Profile
  • HANDS ON LAB: Cloud Agent installation on student virtual machine
2:00 – 3:30 PM AssetView and Advanced Reporting
  • Advanced Search
  • Sorting queries
  • Dynamic Dashboards
  • Dynamic Asset Tagging
  • Reporting tips and best practices
  • HANDS-ON LAB: AssetView Labs
3:30 – 4:30 PM Threat Protection
  • Real-time Threat Indicators
  • Threat feed
  • Reports using RTIs
  • HANDS-ON LAB – Organizing and Viewing Assets
4:30 – 5:00 PM
  • Q&A

We are offering three classes on Tuesday, Oct. 17. You may sign up for one class per day.


Advanced Vulnerability Management Agenda

Registration is closed.

9:00 – 10:00 AM Qualys Cloud Suite
  • The Qualys Cloud Platform
  • Integrated Apps
  • HANDS-ON LAB: Getting Started
10:00 AM – 12:00 PM Scanning in Vulnerability Management
  • Authenticated Scanning
  • Continuous Monitoring
  • AWS Scanning
  • HANDS-ON LAB: Getting Started
12:00 – 1:00 PM Lunch
1:00 – 2:00 PM Cloud Agent
  • Deployment
  • Agent Status and Lifecycle
  • Configuration Profile
  • HANDS ON LAB: Cloud Agent installation on student virtual machine
2:00 – 3:30 PM AssetView and Advanced Reporting
  • Advanced Search
  • Sorting queries
  • Dynamic Dashboards
  • Dynamic Asset Tagging
  • Reporting tips and best practices
  • HANDS-ON LAB: AssetView Labs
3:30 – 4:30 PM Threat Protection
  • Real-time Threat Indicators
  • Threat feed
  • Reports using RTIs
  • HANDS-ON LAB – Organizing and Viewing Assets
4:30 – 5:00 PM
  • Q&A

Policy Compliance Agenda

Registration is closed because this class is full.

9:00 – 10:00 AM Policy Compliance Overview
  • The Qualys Cloud Platform
  • Subscription Setup
  • Asset Tagging and Asset Groups
  • HANDS-ON LAB: Account Setup
10:00 – 11:00 AM Compliance Scanning
  • Controls Library
  • Compliance Scanning
  • Compliance Profiles and Configuration
  • HANDS-ON LAB: Compliance Scanning
11:00 AM – 12:00 PM Cloud Agent
  • Deployment
  • Agent Status
  • Configuration Profile
  • HANDS ON LAB: Cloud Agent installation on student virtual machine
12:00 – 1:00 PM Lunch
1:00 – 2:30 PM Policies and Reporting
  • User Defined Controls
  • Building Policies from scratch and importing
  • Cardinality in Controls
  • Regular Expressions
  • Reporting
  • HANDS-ON LAB: Policy Creation and User Defined Controls
2:30 – 3:30 PM SAQ Overview
  • Campaigns and Questionnaires
  • Templates and Library
  • User Roles
  • HANDS-ON LAB: SAQ creation
3:30 – 4:30 PM FIM Overview
  • File Integrity Monitoring
  • Real-time Change Engine
  • Automated Change Review
  • Demo
4:30 - 5:00 PM Q&A
Jeffrey Leggett

Jeffrey Leggett
Director of Cloud Services, API and Integration, Qualys

Jeffrey Leggett is currently Director of Cloud Services, API and Integrations for Qualys. With over 25 years of IT and InfoSec experience, he acts as both Product Manager and Subject Matter Expert on Automation and Integrations for the company.

Philippe Courtot

Philippe Courtot
Chairman and CEO, Qualys

As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor's Award in 2004 for bringing on demand technology to the network security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. He was previously Chairman and CEO of Signio until its acquisition by VeriSign. He is also a member of the Board of Directors of StopBadware, a non-profit, anti-malware organization.

Tim White

Tim White
Director, Product Management, Policy Compliance, Qualys

Tim is the director of product management for Qualys’ policy compliance portfolio and has more than 20 years of experience in various IT security areas including IT governance risk and compliance, datacenter security, firewalls, server protection and more. Prior to joining Qualys, Tim was a technical product manager and systems engineer with Symantec, and has held roles with the City of Austin and Axent.

Jimmy Graham

Jimmy Graham
Director, Product Management, Vulnerability Management, Qualys

Jimmy Graham is the Director of Product Management for Qualys Vulnerability Management. He has been deeply involved in information security and vulnerability management for over 10 years, and has managed teams covering security operations, incident response, application security, vulnerability management, penetration testing, governance, and compliance.

Shailesh Athalye

Shailesh Athalye
Senior Manager, Engineering, Qualys

Shailesh Athalye (CISA, CRISC, CEH, ISO 27001 LA) is a senior engineering manager for Policy Compliance and Security Assessment Questionnaire. With over 12 years of experience in IT GRC, he has been a driving force for engineering Risk & Compliance products at leading security product companies, helping customers go beyond compliance and drive their IT GRC objectives.

Hari Srinivasan

Hari Srinivasan
Director, Product Management, Cloud and Virtualization Security, Qualys

Hari Srinivasan is director of product management for Qualys’ public cloud infrastructure platform integrations. With over 11 years experience in Enterprise Software space, Hari has expertise in numerous enterprise software disciplines including cloud automation and systems management, data center transformation, Hybrid Cloud, PaaS - DBaaS, compliance and configuration management. He previously worked at Oracle and Andale.

Amer Deeba

Amer Deeba
Chief Commercial Officer, Qualys

Responsible for all aspects of marketing, strategic alliances and global accounts, Amer has a proven track record of driving company growth in fast-moving technology fields. Amer previously served as the Chief Marketing Officer for Qualys for thirteen years and led the corporate and product marketing functions. Before joining Qualys, Amer served as the General Manager for the Payment Services Division at VeriSign where he contributed to establishing VeriSign as a leader in online payments processing 40% of all credit card transactions across the Internet. Amer came to VeriSign through its acquisition of online payments pioneer Signio, where he was Director of Product Marketing.

Sumedh Thakar

Sumedh Thakar
Chief Product Officer, Qualys

As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys Cloud Platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements.

Showcase of New Innovations / New Cloud Apps

Sumedh Thakar
Chief Product Officer, Qualys

Hari Srinivasan
Director Product Management, Qualys

Pablo Quiroga
Director Product Management, Qualys

Gill Langston
Director Product Management, Qualys

Asif Karel
Director Product Management, Qualys

The Qualys Cloud Platform is expanding its unified view with new security applications that address new threat vectors across modern global IT infrastructure that spans hybrid clouds, IoT, and endpoints. These new apps provide you with enhanced visibility into both hardware and software inventory, public clouds, containers, and certificates. This expansion also extends the platform capability to automate response with patch management. Learn how Asset Management, Cloud View, Container Security, Certificate View and Patch Management deliver security teams an end-to-end solution for evolving global IT environment at a lower cost.

Chris Carlson

Chris Carlson
Vice President, Product Management, Cloud Agent Platform

Chris Carlson is a Vice President of Product Management at Qualys, where he is in charge of the product definition, roadmap and strategy for the Cloud Agent Platform. During his 20+ year career in the infosec industry, Carlson has attained expertise in multiple areas, ranging from firewalls, VPNs and intrusion prevention systems to real-time event-processing, security analytics and next-generation endpoint platforms. Prior to joining Qualys, he held security architecture roles at UBS and at Booz Allen Hamilton, and product management positions at venture-funded startups and at leading vendors, including Hexis Cyber Solutions, Agent Logic, Informatica and Trustwave.

Keynote

It's Not Just One Revolution: Extending Security Throughout Digital Transformation

Scott Crawford
Research Director, 451 Research

Cloud. SaaS. Mobile. DevOps. And now, IoT. Technology has long been an area of rapid change, but today, there’s no single revolutionary focus. Digital transformation is hitting organizations from every direction at once. How will security cope, when we’re still seeing some of the largest attacks and most extensive breaches ever revealed – and skilled expertise is so dear? In this session, Scott Crawford, research director for information security at industry analyst firm 451 Research, discusses the impact of these changes, and factors to consider in making the most of security analytics and automation that can help tame technology scale and diversity and enable people to do what they can do best.

Scott Crawford

Scott Crawford
Research Director, 451 Research

Scott Crawford is Research Director for the Information Security Channel at 451 Research, where he leads coverage of emerging trends, innovation and disruption in the information security market.


Well known as an industry analyst covering information security prior to joining 451 Research, Scott has experience as both a vendor and an information security practitioner. At IBM, Scott guided offering strategy and development with a primary focus on security intelligence for IBM Security Services. He is the former CISO of the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO) International Data Centre in Vienna, Austria, where he pioneered the implementation of security policy and architecture for a non-governmental organization (NGO) serving more than 150 nations.

Neil MacDonald

Neil MacDonald
Distinguished Analyst and VP, Gartner

Neil MacDonald is a Vice President, Distinguished Analyst and Gartner Fellow Emeritus in Gartner Research, based in Stamford, Connecticut. Mr. MacDonald is a member of Gartner's information security, privacy and risk research team, focusing on securing next-generation virtualized and cloud-based computing environments from advanced attacks. Specific research areas include endpoint detection and response, virtualization security, protection of hybrid cloud server workloads, cloud access security brokers and protection from advanced targeted attacks using adaptive security architectures.

API and Tech Integrations Update

Jeffrey Leggett
Director of Cloud Services, API and Integration, Qualys

This talk will cover all updates to the Qualys API integratios, such as with Splunk and ServiceNow. Learn about new plug-ins for CI/CD development, plus see a preview of what's coming in 2018.

Keynote

American Spies, Modern Surveillance, Why You Should Care, and What To Do About It

Jennifer S Granick
Surveillance and Cybersecurity Counsel, ACLU

Technology, government secrecy, and a legal and policy vacuum combine to give the intelligence community unprecedented insight into and power over private conduct. The danger is that government agents will use this power as government agents always have: to monitor and hinder individuals and groups that seek political and social change. In this talk, Jennifer Granick outlines opportunities for meaningful and necessary surveillance reform this year.

Neil MacDonald

Jennifer S Granick
Surveillance and Cybersecurity Counsel, ACLU

Jennifer Stisa Granick joined the American Civil Liberties Union in September as surveillance and cybersecurity counsel. Before that, she was Director of Civil Liberties at the Stanford Center for Internet and Society for fives years. She is the author of the Palmer Civil Liberties prize winning book from Cambridge University Press entitled American Spies: Modern Surveillance, Why You Should Care, and What To Do About It. Before teaching at Stanford,Granick spent almost a decade practicing criminal defense law in California.

Effective Threat LifeCycle Management with LogRhythm & Qualys

Jake Reynolds
Technical Alliances Engineer, LogRhythm

Today’s reality is that organizations will continue to be confronted by increasingly frequent and complex cyber threats. The first step in protecting your organization is through effective Threat Lifecycle Management (TLM). The TLM framework begins with the ability to monitor and search across your IT environment and ends with the ability to quickly mitigate and recover from security incidents. The result? Faster time to detect and time to respond, without adding staff to accomplish the job.


LogRhythm’s Threat Lifecycle Management Platform combined with Qualys’ cloud-based Vulnerability Management Platform empowers organizations to sort through the noise to quickly discover and neutralize concerning incidents. In this session, learn how to enhance your threat detection and quickly respond to cyberthreats.

Jake Reynolds
Technical Alliances Engineer, LogRhythm

Jake Reynolds is the Technical Alliances Engineer at LogRhythm, where he is responsible for supporting the development and management of the company’s technical alliances with third-party technology providers. He has more than 20 years of experience in the Information Technology industry, with a focus on Information Security. Prior to LogRhythm, he held multiple security architect and engineer roles, and most recently helped spearhead security analytics and threat research at Level 3 Communications. Jake is an autodidact, with a focus on security, technology, and aviation.

Customer Case Study: Visualizing Business-specific Risk and Vulnerability Prioritization with Qualys VM and APIs

Chris Kennedy
Head of Enterprise Technology Security, Bridgewater Associates

This talk will explain how Bridgewater Associates leverages the Qualys API for a dashboard that improves risk-based prioritization, vulnerability and remediation activities while giving business tech owners a continuous view of the vulnerability posture of their assets, as analyzed by Qualys. Bridgewater will detail its approach to combining Qualys VM data with business-specific data to prioritize and validate remediation, plus discuss the immediate risk mitigation impact of successfully reducing time to remediation for their most critical vulnerabilities, and help answer critical questions about asset coverage, performance measurement and metrics in near real-time. Attendees will also learn how Bridgewater plans to add PC and WAS to increase visibility across multiple layers of the asset.

Chris Kennedy

Chris Kennedy
Head of Enterprise Technology Security, Bridgewater Associates

Head of Enterprise Technology Security, Bridgewater Associates – responsible for the cyber, staff, and physical risk management of all enterprise platform, compute, and infrastructure support services a within the largest department of Bridgewater. Christopher is also responsible for the engineering and operations of Bridgewater’s core network, endpoint and monitoring controls fleet.


Prior to Bridgewater, Christopher was a senior program manager, technical fellow, and director of Federal cybersecurity strategy at Northrop Grumman Corporation. He managed a broad portfolio of security contracts spanning government compliance, continuous monitoring and validation, and security operations, to include The US Department Treasury enterprise cyber operations center (known as the GSOC). Christopher was also instrumental in crafting and executing Northop’s cybersecurity market strategy, serving as technical lead for national and international cybersecurity bid opportunities, managing cybersecurity R&D investments, and influencing security partnerships and M&A activities.

Asif Karel

Asif Karel
Director of Product Management, Qualys

Asif Karel is the director of product management for Qualys CertView. He has over 20 years of experience in Information Security including online fraud detection, PKI, strong authentication and single sign-on. Prior to joining Qualys, he was a subject matter expert in digital certificates and certificate solutions at VeriSign and Symantec, a solutions architect in the CASB space at CipherCloud and a solutions manager at Venafi.

Pushpak Pradhan

Pushpak Pradhan
Product Manager, Security Assessment Questionnaire, Qualys

Pushpak Pradhan is in charge of Security Assessment Questionnaire. His expertise is in developing product strategies, business plans, product requirements and roadmaps based on customer use cases, competitive market analysis and industry trends. Pushpak has more than 17 years of experience in pre-sales and product management in the IT industry. Prior to joining Qualys, he has held product management roles with Ensim, BMC Software and Cisco Systems owning enterprise software products.

William Dailey

William Dailey
Director of Information Security/ISO, RX30

William Dailey, a graduate and alumni of the University of Central Florida, has worked in the field of Information Security for 11-years and Information Technology for 16-years. His professional experience has spanned across small, mid-size, Fortune 500 and government organizations focusing on security in general internet services, software development, business continuity, projects, financial services and transaction processing. Today his focus resides within governance, risk, compliance and promoting sound practices and applications for businesses to utilize as components of their Information Security management program.

Keynote

Adaptive Security that Moves at the Speed of Digital Business

Neil MacDonald
Distinguished Analyst and VP, Gartner

Digital transformation is affecting all industries. Every business is a digital business. Every company is a software company. The key to competitive advantage will be in the rapid development, delivery and continuous innovation in new IT-enabled capabilities. Traditional static security approaches can be an inhibitor to digital business. Much of our defense and access protection is based on pre-defined lists of what to allow and what to block. This won't work and won't scale for the needs of digital business. This presentation will lay out a strategic approach for information security that is continuously adaptive, assessing risk and trust in real-time to enable businesses to embrace the opportunities — and manage the risks — at the speed of digital business.

Case Study: Building a Comprehensive Cyber Risk Program through Effective Vulnerability Management

Syed Abdur
Director, Product Management, Brinqa

In this session, we’re going to discuss how Brinqa customers are creating a new breed of cyber risk intelligence programs by making Qualys vulnerability management a central focus of their efforts. These programs take vulnerability management effectiveness to a new level, by introducing automation at every step of the process - whether it is integration and correlation of data from multiple sources, prioritization of vulnerability and asset risks, creation and management of tickets based on optimal remediation strategies, or representation and distribution of real-time metrics and KPIs. By taking these core capabilities and applying them to additional sources of security data — asset inventory, network management, web application scanning, BC/DR, policy compliance, IDS/IPS, change and configuration management, directory services, SIEM, etc. — these programs are providing security analysts, business owners and executives with actionable insights that were previously unattainable.

Syed Abdur
Director, Product Management, Brinqa

Syed Abdur is director of product management at Brinqa where he is responsible for driving the overall strategy and technical direction of Brinqa product lines. His previous experience includes technical software development and delivering large enterprise security applications at Sun Microsystems and Oracle.

Bridging the Gap: Vulnerability Assessment to Patch Remediation Without the Hassle

Chris Goettl
Manager of Product Management, Security, Ivanti

Continuous vulnerability assessment and remediation. That is what we all strive for, but with each vulnerability assessment and handoff from security to IT Operations there is a cost: countless hours of research to identify the software updates needed to resolve detected vulnerabilities. What if you could reduce the human element significantly, resulting in a comprehensive list of updates to be applied to systems in minutes instead of hours? In this session, we will demonstrate an integration between Qualys’ Vulnerability Management and Ivanti Patch Management solutions to tackle this problem head-on.

Chris Goettl

Chris Goettl
Manager of Product Management, Security, Ivanti

With more than 15 years experience in the industry, Chris Goettl knows his way around IT. Security, too, beginning with Shavlik in 2004, where he started on the support team, moved to Systems Engineer and Product Trainer, and then brought his product expertise and knowledge of customers’ needs and challenges to the role of Product Owner for all product lines. 2016 saw Shavlik merge with the Landesk brands to become Ivanti, and now Chris manages product and strategic direction for Ivanti's Security product lines. He also hosts Ivanti's monthly Patch Tuesday webinar and analysis—which often gets a tip of the hat in media sources like ComputerWorld, InfoSecurity Magazine, and KrebsonSecurity—and regularly speaks at security events around the globe.

Bugcrowd + Qualys: Automation Meets the Crowd

Daniel Korsunsky
Director of Product Marketing, Bugcrowd

Modern application development requires a fundamentally different approach. Faster iterations and continuous deployment in a cloud-enabled environment can spell disaster for security teams if they fall behind. Bugcrowd and Qualys are partnering to help application security teams rise to the challenge and deliver secure products more quickly. Join us and learn about our shared vision for the future!

Jonathan Cran

Jonathan Cran
VP of Product, Bugcrowd

With over 15 years of experience in information security, Jonathan began his career working as a network administrator and software engineer. After learning the ropes, he switched to the dark side and took a role as a penetration tester for Rapid7. He quickly realized that every organization was vulnerable to the same set of attacks, and joined the Metasploit team to help launch the commercial tool - Metasploit Pro. Now a security assessment expert, Cran served as a founding member and CTO of Pwnie Express. In his most recent role, Jonathan continues his pursuits to better the state of security assessment as a founding member and VP of Product at Bugcrowd.

Use Cases for Container Security and DevOps

Hari Srinivasan
Director of Product Management, Qualys

Containers are changing the landscape of IT, empowering developers and operations with agility and scale that match the speed of business. Security teams must adapt to this transformation with new tailored methods to prevent threats and vulnerabilities in the Container environment. Learn how, with Qualys Container Security, you can gain total visibility and incorporate security into the DevOps cycle to harden and remove vulnerabilities before a container environment is operational.

Qualys Integrations and API Updates

Jeff Leggett
Director of Cloud Services, API and Integrations, Qualys

Accurate vulnerability assessment and network scan data from Qualys can dramatically improve the usefulness and accuracy of many complementary security products. This talk will cover integrations with leading tech and security companies, as well as review major new Qualys API updates across all modules, plus discuss the Qualys architecture and where certain API's are within it. Come learn about upcoming major new API features, see demos of new features in both Splunk (Policy Compliance data) and the Service Now CMDB Sync Connector, plus learn about the new Jenkins plugins for SecDevOps.

Digital Transformation at Qualys: Agility, Visibility & Security in the Cloud

Syamla Bandla
Vice President, Global Cloud Operations & DevOps, Qualys

In today's digital era, organizations are constantly changing and getting more complex. Digital transformation helps every organization to stay relevant in the market and helps to keep up with emerging customer demand. This talk will cover how we at Qualys have used our own cloud based security platform to gain visibility and security in a heterogeneous environment. As we embrace the digital transformation journey ourselves, this talk highlights some of the challenges we see similar to our customers' and how dogfooding our own products has helped us solve some of the visibility and security challenges of our environment.

Customer Panel: Use Cases for Qualys Cloud Agent

Moderator:
Chris Carlson
VP of Product Marketing, Qualys

Panelist:
William Dailey
Director of Information Security/ISO, RX30

Joseph Bamgbose
Security Analyst, ACI Worldwide

In this Cloud Agent Customer panel, hear from (and ask questions of) two leading companies that have supercharged their asset inventory, vulnerability management, and policy compliance programs by deploying the Qualys Cloud Agent across their enterprises. Learn why these companies chose the Cloud Agent, how they partnered with IT to deploy the agent, best practices for management and upgrading, and the benefits each has seen from gaining real-time visibility across their environment.

WAS Case Studies, Use Cases and DevOps Integration

Dave Ferguson
Security Solutions Architect, Qualys

Hackers bombard web apps because they’re often vulnerable and expose data. Your job: stop them. This session will cover three different use-cases for Qualys WAS. Learn how customers from different industries and of varying sizes and resources are leveraging WAS to automate their scanning program in order to help identify security holes in their web applications quickly and reliably across different environments, ensuring web app security from development to deployment and beyond.

Dave Ferguson
Security Solutions Architect, Qualys

Dave Ferguson is a solution architect and SME with Qualys and has been an application security specialist since 2006. After writing code as a developer for over a decade, Dave worked as a consultant pen-testing countless applications and training other developers on how to build secure apps. Prior to Qualys, he led the global application security program at Sabre Corporation. Dave is author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.

Keynote

From Securing our Networks to Enabling Digital Transformation of our Enterprises

Philippe Courtot
Chairman and CEO, Qualys

Philippe discusses how we can regain the visibility needed to secure our digital assets, as there is no security without visibility. He also discuss how, by embracing cloud-based security and compliance solutions, we can help our companies move quickly and securely into this new digital age.

Our Journey into the Cloud: The Qualys Cloud Platform and Architecture

Sumedh Thakar
Chief Product Officer, Qualys

Sumedh discusses the Qualys Cloud Platform and its architecture, which enables customers to secure their global assets across InfoSec, AppSec, Endpoints, DevSec, and Cloud environments. He also reviews 2017 updates and roadmap, and demonstrates the latest platform innovations.

Drastically Reducing Your IT Security Spend and Consolidating Your Stack

Sumedh Thakar
Chief Product Officer, Qualys

Sumedh will summarize how the Qualys Cloud Platform helps organizations consolidate their security and compliance stack, and allows them to simplify security and compliance operations.

New Cloud Apps

Tim White
Director of Product Management, Qualys

Chris Carlson
VP of Product Management, Qualys

Qualys introduces two new Cloud Apps focusing on post-breach detection and monitoring to help enterprises rapidly respond to incidents before compromise or data loss can occur, both delivered by the Qualys Cloud Agent for on-premise servers, user endpoints, and cloud instances. Qualys File Integrity Monitoring (FIM) identifies and tracks changes across internal IT environments. Learn how Qualys FIM can help with change monitoring and compliance efforts, and can reduce the time needed to pinpoint where policy violations may have taken place, so teams can more quickly remediate issues and investigate potential breaches. Qualys Indication of Compromise (IOC) monitors, records, and analyzes millions of system events to deliver scalable threat intelligence verification, hunting and suspicious activity detection, and malware family detection for security analyst and incident response teams of all sizes. Learn how Qualys IOC can help augment and extend your organization’s threat investigation and response capabilities with a single, unified security agent.

New Cloud Apps

Chris Carlson
VP of Product Management, Qualys

Jimmy Graham
Director of Product Management, Qualys

Tim White
Director of Product Management, Qualys

Hari Srinivasan
Director of Product Management, Qualys

Qualys Vulnerability Management Cloud Apps offer an accurate, scalable platform for detecting and tracking vulnerabilities across all assets, including perimeter, virtual, or in public and private clouds. This talk will cover how to leverage dashboards and widgets to visualize vulnerability information, and apply real-time threat intelligence to quickly prioritize vulnerability remediation with Qualys Threat Protection. Also, learn how enterprises are using the Qualys Cloud Agent to provide continuous inventory and Vulnerability Management for on-premise systems, user endpoints, and cloud instances. We'll then demonstrate how automated assessment and reporting features in Qualys Security Configuration Assessment (SCA) can expand your overall security & vulnerability management program with configuration assessment for Center for Internet Security (CIS) benchmarks.

New Cloud Apps

Dave Ferguson
Security Solutions Architect, Qualys

Remi LeMer
Product Manager, WAF

Digital transformation often takes the form of more web apps linked to data-rich systems, and more opportunity for attackers looking for bugs to exploit. This session outlines recent improvements and new capabilities across Qualys Web App Security Apps. These latest updates enable better scanning at scale and integrated detection, response and mitigation all from one console. See enhancements such as new features and improved performance at work in Qualys WAS and WAF. In addition, this talk offers best practices and useful tips for a more effective web application security program. It also features an extensive review of the 2017/2018 WAS and WAF roadmap, which includes more integration with Qualys tools.

Policy Compliance Cloud Apps

Tim White
Director of Product Management, Qualys

Pushpak Pradhan
Director of Product Management, Qualys

A continuously expanding regulatory environment means compliance remains a priority for many organizations, which must apply increasing technical and procedural controls to assure the security of customer data. This session highlights how Qualys Policy Compliance Cloud Apps can help customers with ever-expanding compliance needs and overcome common challenges such as enforcing policy, complexity of multiple mandates and reducing risk. We will highlight the importance of automation, reporting, and prioritization to continuously secure your organization while meeting auditing requirements. We’ll also show how to streamline procedural controls and vendor-risk assessment using the Security Assessment Questionnaire app, which offers customers a rich library of pre-built content library to automate procedural assessments without recreating the wheel.

Securing Your Global IT Assets

The Qualys Cloud Platform is expanding its ‘single pane view’ with new Cloud Apps that enable a unified approach to prevention and detection of breaches across global IT assets. This talk will outline how enterprises are using the Qualys Cloud Agent to provide continuous Asset Management and Vulnerability Management for on-premise systems, user endpoints, and cloud instances. A new Indication of Compromise (IOC) app now also monitors, records, and analyzes millions of system events to deliver scalable threat intelligence verification, hunting and suspicious activity detection, and malware family detection for security analyst and incident response teams of all sizes. This expansion also extends the platform capability to automate response with Patch Management. Learn how to deliver InfoSec, Endpoint, DevSec, and Cloud teams a single platform to secure an evolving global IT environment at a lower cost.

Securing Your Cloud Environments

Security teams must be at the forefront of how clouds and Container technologies are transforming the DevOps process with increased agility and delivery speed. Security processes need to shift left and into the developer’s build cycle. This session discusses how Qualys CloudView helps teams continuously monitor and secure public cloud infrastructure against misconfigurations, malicious behavior and non-standard deployments. It also covers how Container Security helps incorporate security into the DevOps cycle to harden and remove vulnerabilities before a container environment is operational.

Ensuring Continuous Compliance

A continuously expanding regulatory environment means compliance remains a priority for many organizations, which must apply increasing technical and procedural controls to assure the security of customer data. See how Qualys Policy Compliance Cloud Apps can help you with ever-expanding compliance needs and overcome common challenges such as enforcing policy, complexity of multiple mandates and reducing risk. We’ll show how Qualys FIM can help you with change monitoring and compliance efforts, and can reduce the time needed to pinpoint where policy violations may have taken place. We’ll also show how to streamline procedural controls and vendor-risk assessment using the Security Assessment Questionnaire app.

Securing Your Web Applications

Digital transformation often takes the form of more web apps linked to data-rich systems, and more opportunity for attackers looking for bugs to exploit. This session outlines recent improvements and new capabilities across Qualys Web App Security Apps. These latest updates enable better scanning at scale and integrated detection, response and mitigation all from one console. See enhancements such as new features and improved performance at work in Qualys Web Application Scanning (WAS) and Web Application Firewall (WAF). In addition, this talk offers best practices and useful tips for a more effective web application security program. It also features an extensive review of the 2017/2018 WAS and WAF roadmap, which includes more integration with Qualys tools.

Managing Your Digital Certificates

In order to stay ahead of risk amidst the rise of DevOps and public clouds, organizations must automate visibility and tracking of their certificate deployments. Qualys CertView allows them to do so by centralizing visibility of certificate vulnerabilities into their overall continuous view of security and compliance state, and by enabling customers to rapidly see and remediate expired or vulnerable certificates. Learn about how the new Certificate Inventory (CI) and Certificate Assessment (CA) apps help you to prevent downtime and outages, audit and compliance failures, and mitigate risks associated with expired and/or vulnerable SSL/TLS certificates.

Pablo Quiroga
Director of Product Management, Qualys

Pablo Quiroga is director of product management at Qualys, where he is in charge of all product definition, roadmap and strategy for its IT asset visibility & management initiatives. With over 10 years of experience in enterprise software and the IT industry, Pablo has helped numerous customers gain significantly better visibility to support data-powered decisions that often led to multi-million-dollar savings and risk avoidance.

Gill Langston
Director of Product Management, Qualys

Gill Langston is director of product management for Patch Management at Qualys. In the past 12 years, Gill has worked with organizations of all sizes in efforts to secure their infrastructure and attain compliance goals through email security, endpoint security, patch management, archiving and event monitoring. Previously Gill held multiple leadership roles in sales and product panagement at GFI Software and as director of product management at ThreatTrack Security.

Dave Ferguson
Security Solutions Architect, Qualys

Dave Ferguson is a solution architect and SME with Qualys and has been an application security specialist since 2006. After writing code as a developer for over a decade, Dave worked as a consultant pen-testing countless applications and training other developers on how to build secure apps. Prior to Qualys, he led the global application security program at Sabre Corporation. Dave is author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.

Remi LeMer
Security Solutions Architect, Qualys

Rémi Le Mer is a solution architect and SME working with the Qualys Web Application Firewall. He is a seasoned IT security specialist whose professional career began with sendmail back in 1999. Prior to joining Qualys in 2015, Rémi worked as a SecOps professional for the past ten years in the French industry and finance markets, implementing numerous projects with a strong focus on F5 Networks solutions. In 2009, Rémi began building WAF policies, and in 2013, he participated in authoring the F5 ASM certification exam.

Joseph Bamgbose

Joseph Bamgbose
Security Analyst, ACI Worldwide

Joseph Bamgbose is a Security Analyst at ACI Worldwide, where he is responsible for the Vulnerability Management Lifecycle Program Enterprise wide. He has almost 4 years in the Information security field protecting the confidentiality and availability of systems, and information owned, controlled, used and managed by organizations. Joseph has been the key contact for vendors and account executives regarding security information gathering relative to risk management, vulnerability management and application security. Prior to working at ACI, Joseph worked at Crawford and Company as a Security Analyst conducting vulnerability scanning, processing security questionnaires and performing security assessments. Joseph's educational background includes an M.Sc in Information Security from University College, University of Denver, Colorado and a BBA in Computer Information Systems from Robison College of Business, Georgia State University.

Syamla Bandla

Syamla Bandla
Vice President, Global Cloud Operations & DevOps, Qualys

As Vice President, Global Cloud Operations & DevOps, Syamla oversees all aspects of Qualys’ global Cloud Platform infrastructure, including site reliability engineering, database operations, infrastructure operations, network operations, security operations, DevOps, NOC/SOC and service level management. Syamla has 18+ years experience leading the design, implementation and support of high-performance technology solutions.


Prior to Qualys, Syamla was Vice President of Global Cloud Operations at RMS, where she built the Global Cloud Operations team and was responsible for supporting RMS’s platforms in both private and public clouds. Prior to RMS, Syamla was at Dell, where she was responsible for deploying its global SaaS data centers.


Syamla holds a Bachelors in Electronics and Communication Engineering from Nagarjuna University, and also pursued a Masters in Information Technology from Harvard University. Syamla is also the recipient of CloudNOW’s 2016 Top Women in Cloud Innovations award.