hamburger menu

Agenda

7:30 – 8:30 AM Registration and Breakfast
8:30 – 8:45 AM Welcome and Opening Remarks
Amer Deeba, Chief Commercial Officer, Qualys
8:45 – 9:30 AM Keynote
Philippe Courtot, Chairman and CEO, Qualys

Qualys Cloud Platform – 2017 Update and Roadmap

9:30 – 10:30 AM Qualys Cloud Platform – 2017 Update and Roadmap
Sumedh Thakar, Chief Product Officer, Qualys
10:30 – 11:15 AM Refreshments and Networking
11:15 – 12:45 PM Showcase of New Innovations / New Cloud Apps
Sumedh Thakar, Chief Product Officer, Qualys
12:45 – 2:00 PM Lunch
2:00 – 2:50 PM Keynote
Scott Crawford, Research Director, 451 Research

Qualys Cloud Apps – 2017 Update and Roadmap

2:50 – 3:35 PM IT Asset Management Cloud Apps
Hari Srinivasan, Director of Product Management, Cloud and Virtualization Security, Qualys
3:35 – 4:40 PM IT Security Cloud Apps
Chris Carlson, Vice President, Product Management, Qualys Cloud Agent, Qualys
Tim White, Director of Product Management, Policy Compliance, Qualys
Jimmy Graham, Director of Product Management, Vulnerability Management, Qualys
4:40 – 5:10 PM Refreshments and Networking
5:10 – 5:55 PM Compliance Monitoring Cloud Apps
Tim White, Director of Product Management, Policy Compliance, Qualys
Shailesh Athalye, Senior Manager, Engineering, Qualys
5:55 – 6:20 PM Web App Security Cloud Apps
Frank Catucci, Director of Product Management, Web Application Security, Qualys
6:20 – 6:30 PM Closing Remarks
Amer Deeba, Chief Commercial Officer, Qualys
6:30 – 9:00 PM Reception
9:00 – 9:30 PM Travel Time to O Theatre
9:30 PM Cirque du Soleil "O"

8:00 – 8:45 AM

Breakfast and Networking

8:45 – 9:45 AM

Keynote

Neil MacDonald, Distinguished Analyst and VP, Gartner

9:45 – 10:15 AM

Refreshments and Networking

Solution Sessions

10:15 – 10:45 AM

Solution Session

10:15 – 10:45 AM

Solution Session

10:50 – 11:20 AM

Solution Session

10:50 – 11:20 AM

Solution Session

11:25 – 11:55 AM

Solution Session

11:25 – 11:55 AM

Solution Session

12:00 – 1:15 PM

Lunch

Case Studies

1:15 – 1:45 PM

Case Study

1:15 – 1:45 PM

Case Study

Product Drill Down / Use Cases

1:50 – 2:20 PM

Use Case

1:50 – 2:20 PM

Use Case

2:20 – 2:50 PM

Refreshments and Networking

2:55 – 3:40 PM

Use Case

2:55 – 3:40 PM

API and Tech Integrations Update

Jeffrey Leggett, Director, Cloud Services, API and Integration, Qualys

4:30 – 4:45 PM

Closing Remarks

Amer Deeba, Chief Commercial Officer, Qualys

4:45 PM

Book signing with Jennifer S Granick

Jennifer S Granick, Surveillance and Cybersecurity Counsel, ACLU

We are offering two classes on Monday, Oct. 16. You may sign up for one class per day.


Web Application Scanning Agenda

Register for this class

9:00 – 10:00 AM Web Application Scanning Overview
  • The WAS Lifecycle
  • Scanning Your Web Architecture
  • The Qualys Cloud Platform
10:00 – 10:30 AM The Qualys KnowledgeBase
  • The Qualys KnowledgeBase
  • Grouping Vulnerabilities
  • HANDS ON LAB: Basic Setup
10:30 – 12:00 PM Basic Application Setup and Discovery
  • Defining an Application
  • Adding, Removing, and Managing Web Applications
  • Crawl Scope
  • Path Fuzzing
  • Scanning workflow
  • Form Training
  • Discovery Scan
  • HANDS-ON LAB: Defining an App and Launching a Discovery Scan
12:00 – 1:00 PM Lunch
1:00 – 2:00 PM Advanced Application Setup and Scanning
  • Scanning Configuration
  • Crawling your Application
  • Progressive Scanning
  • Configuring DNS Override
  • Form Based Authentication
  • Crawl Exclusions
  • HANDS-ON LAB: Vulnerability Scan
2:00 – 3:00 PM Reporting
  • Dashboard
  • Web Application, Scan, Scorecard, and Catalog Reporting
  • Useful QIDs
  • HANDS-ON LAB: Customized Reporting
3:00 – 4:30 PM Tags and Users
  • Tag Creation
  • User Roles and Permissions
  • HANDS-ON LAB: Asset Tags and User Privileges
4:30 – 5:00 PM Burp and Malware Detection
  • Burp Professional Integration Overview
  • Malware Detection Application
  • HANDS-ON LAB: Burp integration and Malware Detection

Advanced Vulnerability Management Agenda

Register for this class

9:00 – 10:00 AM Qualys Cloud Suite
  • The Qualys Cloud Platform
  • Integrated Apps
  • HANDS-ON LAB: Getting Started
10:00 – 12:00 AM Scanning in Vulnerability Management
  • Authenticated Scanning
  • Continuous Monitoring
  • AWS Scanning
  • HANDS-ON LAB: Getting Started
12:00 – 1:00 PM Lunch
1:00 – 2:00 PM Cloud Agent
  • Deployment
  • Agent Status and Lifecycle
  • Configuration Profile
  • HANDS ON LAB: Cloud Agent installation on student virtual machine
2:00 – 3:30 PM AssetView and Advanced Reporting
  • Advanced Search
  • Sorting queries
  • Dynamic Dashboards
  • Dynamic Asset Tagging
  • Reporting tips and best practices
  • HANDS-ON LAB: AssetView Labs
3:30 – 4:30 PM Threat Protection
  • Real-time Threat Indicators
  • Threat feed
  • Reports using RTIs
  • HANDS-ON LAB – Organizing and Viewing Assets
4:30 – 5:00 PM
  • Q&A

We are offering two classes on Tuesday, Oct. 17. You may sign up for one class per day.


Policy Compliance Agenda

Register for this class

9:00 – 10:00 AM Policy Compliance Overview
  • The Qualys Cloud Platform
  • Subscription Setup
  • Asset Tagging and Asset Groups
  • HANDS-ON LAB: Account Setup
10:00 – 11:00 AM Compliance Scanning
  • Controls Library
  • Compliance Scanning
  • Compliance Profiles and Configuration
  • HANDS-ON LAB: Compliance Scanning
11:00 – 12:00 PM Cloud Agent
  • Deployment
  • Agent Status
  • Configuration Profile
  • HANDS ON LAB: Cloud Agent installation on student virtual machine
12:00 – 1:00 PM Lunch
1:00 – 2:30 PM Policies and Reporting
  • User Defined Controls
  • Building Policies from scratch and importing
  • Cardinality in Controls
  • Regular Expressions
  • Reporting
  • HANDS-ON LAB: Policy Creation and User Defined Controls
2:30 – 3:30 PM SAQ Overview
  • Campaigns and Questionnaires
  • Templates and Library
  • User Roles
  • HANDS-ON LAB: SAQ creation
3:30 – 4:30 PM FIM Overview
  • File Integrity Monitoring
  • Real-time Change Engine
  • Automated Change Review
  • Demo
4:30 - 5:00 PM Q&A

Advanced Vulnerability Management Agenda

Register for this class

9:00 – 10:00 AM Qualys Cloud Suite
  • The Qualys Cloud Platform
  • Integrated Apps
  • HANDS-ON LAB: Getting Started
10:00 – 12:00 AM Scanning in Vulnerability Management
  • Authenticated Scanning
  • Continuous Monitoring
  • AWS Scanning
  • HANDS-ON LAB: Getting Started
12:00 – 1:00 PM Lunch
1:00 – 2:00 PM Cloud Agent
  • Deployment
  • Agent Status and Lifecycle
  • Configuration Profile
  • HANDS ON LAB: Cloud Agent installation on student virtual machine
2:00 – 3:30 PM AssetView and Advanced Reporting
  • Advanced Search
  • Sorting queries
  • Dynamic Dashboards
  • Dynamic Asset Tagging
  • Reporting tips and best practices
  • HANDS-ON LAB: AssetView Labs
3:30 – 4:30 PM Threat Protection
  • Real-time Threat Indicators
  • Threat feed
  • Reports using RTIs
  • HANDS-ON LAB – Organizing and Viewing Assets
4:30 – 5:00 PM
  • Q&A
Liz McQuarrie

Liz McQuarrie
Principal Scientist, Director of Security Operations, Adobe

Liz is the Director of Security Operations for Adobe's Cloud Ops group, responsible for the security and compliance of the Adobe's Creative Cloud and Shared Cloud services. She is also principal scientist for Adobe. The results of her work have dramatically improved the security landscape for hundreds of millions of Adobe Reader customers.

Vulnerability Management at Scale

Liz McQuarrie
Principal Scientist, Director of Security Operations, Adobe

Liz McQuarrie, Adobe’s director of security operations, will discuss how the company implemented security & compliance with Qualys as part Adobe’s movement to the cloud. She will cover the vulnerability management challenges within Adobe’s cloud migration and the role Qualys’ automation played before, during and after this journey, including what went well and what she would have done differently.

Fred Kaplan

Fred Kaplan
Slate columnist and author of Dark Territory: The Secret History of Cyber War

Fred Kaplan is Slate’s “War Stories” columnist and the author of five books, most recently Dark Territory: The Secret History of Cyber War. He is a former Pulitzer Prize-winning reporter for the Boston Globe, and earned a Ph.D. from M.I.T.

Cyber Conflict: Prevention, Stability and Control

Fred Kaplan
Slate columnist and author of Dark Territory: The Secret History of Cyber War

Computer vulnerabilities are nothing new. They’ve been understood, and exploited, since the dawn of the Internet. The resulting offense-defense cyber-arms race is an inevitable product of the technology, The quest for perfect security is futile—there’s no silver bullet or magic algorithm—but there are some sensible approaches for making the ride a little less bumpy.

Joseph Blankenship

Joseph Blankenship
Senior Analyst, Forrester

Joseph is a senior analyst at Forrester, where he supports Security & Risk Professionals, helping clients develop security strategies and make informed decisions to protect against risk. He covers security infrastructure and operations, including security information and event management (SIEM), security analytics, and network security. His research focuses on security monitoring, threat detection, operations, and management.

DeDOSing IT Security

Joseph Blankenship
Senior Analyst, Forrester

Security teams are deluged with data from myriad devices and device types. Making sense of it all and making use of it in time to prevent an attack or stop a breach is a Herculean task. Without the right strategies, tools and tactics, we are DoSing our security teams with an increasingly unserviceable volume and variety of data. We need smarter technology and processes to help us make better security decisions that leverage these data volumes strategically and effectively, and communicate their impact efficiently. Forrester Senior Analyst Joseph Blankenship will present best practices to examine this problem and discuss:

Mike Rothman

Mike Rothman
President, Securosis

Mike’s bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike is one of the most sought after commentators in the security business and brings a deep background in information security. After 20 years in and around security, he’s one of the guys who “knows where the bodies are buried” in the space.

Only the STRONG Survive

Mike Rothman
President, Securosis

It's not easy being a security executive nowadays. Adversaries continue to innovate and find new ways to compromise devices and exfiltrate your critical data. Management still doesn't understand what you do, but they are certainly watching. You face a talent gap that will be addressed in maybe 50 years or so. Things sure seem dire, but if you flip your perspective on security, you realize that there has never been a better time to be in the security business. If you become a STRONG security executive.


Mike Rothman, Securosis analyst, author of the Pragmatic CSO, and 3-time QSC keynoter will discuss the evolution of the security program and delve into the skills required to not just survive, but thrive as a security executive. Mike will cover how to define security success, build a talent factory to optimize the performance of your team, and how to manage your response to any situation. Most importantly, Mike will challenge you to align your personal priorities with your job and interests to make sure you are engaged, growing, and dare we say it, happy practicing security.

My Life as a Chief Security Officer

Gerhard Eschelbeck
VP, Security and Privacy Engineering, Google

What’s it like heading up security for one of the world’s biggest tech companies and hacker targets? Google VP of Security Engineering Gerhard Eschelbeck will give a rare inside look at his daily job and how he protects the data of millions of people and companies. He'll also share insights from the big and little challenges Google faces with security and what keeps him up at night.

Gerhard Eschelbeck

Gerhard Eschelbeck
VP, Security and Privacy Engineering, Google

Gerhard Eschelbeck is Vice President Security and Privacy Engineering at Google, where he leads the teams that ensure data and systems security, as well as user privacy. Eschelbeck has a passion for championing new technologies and is a trusted advisor to a number of early stage start-up companies. He published the “Laws of Vulnerabilities” and is one of the inventors of the Common Vulnerability Scoring System (CVSS). He holds numerous patents in the field of managed network security. Prior to joining Google, Eschelbeck was CTO and Senior Vice President at Sophos and Qualys, and served in senior product and technology roles at companies including Network Associates and McAfee. Eschelbeck has a Ph.D. in computer science from University Linz, Austria.

Automating Vulnerability Management with Qualys Cloud Agents

Nathan Cooper
Senior CyberSecurity Analyst, Geisinger

Maintaining IT Security and compliance posture in the health care industry means protecting patient health records and data from Hackers. This starts with security basics: vulnerability scanning, compliance, and asset management. The Qualys Cloud Agent helped Geisinger achieve the basics on their devices without impacting patient care. The Qualys API along with the Qualys Cloud Agent allowed Geisinger to automate and streamline our processes and procedures, which made for more efficient patching cycle.

Nathan Cooper

Nathan Cooper
Senior CyberSecurity Analyst, Geisinger Health Systems

Nathan Cooper is a senior security analyst at Geisinger Health Systems, where he has been responsible for the company’s vulnerability management and penetration testing efforts since 2015. Prior to Geisinger, Cooper worked with various government agencies including the FBI and DOD, doing everything from encryption to server management. He started his IT career in 1999 with the US Army.

Leveraging Qualys and EiQ’s SOCVue to Identify and Remediate Threats and Vulnerabilities

Vijay Basani
Co-founder, President & CEO, EiQ Networks

Find out how EiQ's SOCVue® Vulnerability Management service helps reduce your attack surface, while saving time and minimizing your operational costs. EiQ leverages leading vulnerability scanning technology from Qualys to identify and provide remediation guidance for the latest threats and vulnerabilities. We’ll cover:

Vijay Basani

Vijay Basani
Co-founder, President & CEO, EiQ Networks

Vijay is a serial entrepreneur with a track record of building successful businesses delivering enterprise-class solutions. Before starting EiQ Networks, he founded AppIQ, an application storage resource management provider acquired by Hewlett Packard in October 2005, and WebManage Technologies, a policy-driven content delivery solution provider acquired by Network Appliance in August 2000. Vijay’s experience includes senior executive positions in the financial industry at Spencer Trask Securities and Josephthal Lyon & Ross. Vijay is the co-owner of five patents for the architecture and design of the WebManage Content Delivery system, Adaptive Policy Engine, and SLA Management. He earned a Bachelor of Engineering degree in electronics and instrumentation as well as an MBA and post-MBA degrees from Baruch College in New York. He is currently enrolled in the Owner/President Management program at Harvard Business School.

Accelerate The Detection, Reduce Time to Respond and Remediation of Web Vulnerabilities Using Splunk Enterprise Security

Girish Bhat
Director, Security Product Marketing, Splunk

The popularity and adoption of web applications by today’s Enterprise continues to increase the use of Web applications as a popular attack surface. As more web applications continue to be adopted by Enterprises, CISOs are looking to investigate ways to mitigate the threats posed.

Girish Bhat

Girish Bhat
Director, Security Product Marketing, Splunk

Girish Bhat is director of security product marketing at Splunk responsible for key Splunk security solutions, the Splunk CISO customer advisory board and customer use cases.


Previously, Girish held various roles managing authentication, compliance, VPN, advanced threats, DLP, IDS/IPS, mobile, SaaS, IaaS, virtualization and network monitoring solutions.


Girish's initial career involved designing and implementing hardware and software products.

2016 Vulnerability Threats & Trends

Tim Cantilena
Vulnerability Intelligence Engineer, Verisign

Savvy security practitioners understand that the key to effective online risk management is software vulnerability management, as trends in this facet can drastically affect the rest of the ecosystem, from firewalls to malware defense to combating espionage. To prioritize vulnerabilities and defend against their exploitation, organizations need to understand not only the context, scope and magnitude of individual vulnerabilities, but also the range of broader trends that can signal significant shifts in the vulnerability management landscape.


In this talk Verisign iDefense discusses notable trends in vulnerabilities and exploits from the previous year, and how iDefense vulnerability intelligence helps Qualys customers protect themselves against the latest vulnerabilities and exploits.

Tim Cantilena

Tim Cantilena
Vulnerability Intelligence Engineer, Verisign

Tim is currently a vulnerability intelligence engineer with Verisign iDefense Security Intelligence Services, where he specializes in analyzing software vulnerabilities. The focus of his current work is providing actionable and timely vulnerability risk assessments focused on enterprise technologies in support of client asset management mitigation strategies. He has worked in the cyber security field for the past four years, and has experience as a quality assurance test engineer as well as software developer for penetration testing software.

AssetView Use Cases

Jimmy Graham
Director of Product Management, Vulnerability Management, Qualys

Tim White
Director of Product Management, Policy Compliance, Qualys

This talk will cover real-world use cases and show how to leverage Qualys AssetView to address both IT and Security needs. Attendees will learn how to perform advanced searches and build customized widgets within the platform. This session will also include new features inside of AssetView, such as trending widgets and search filtering.

ThreatPROTECT Use Cases

Jimmy Graham
Director of Product Management, Vulnerability Management, Qualys

Tim White
Director of Product Management, Policy Compliance, Qualys

This talk will show how Qualys ThreatPROTECT can be used to pinpoint critical vulnerabilities using real time threat data. Attendees will learn how to tap into the firehose of vulnerability and exploit disclosures and automatically prioritize remediation without the need for manual searching. This session will also cover best practices for visualizing threat data within a dashboard environment.

Jason Kent

Jason Kent
Vice President, Product Management, Web Application Security, Qualys

Jason Kent is Vice President, Web Application Security Product Management at Qualys. Prior to that, he held technical security positions at Veracode, BlueCoat, Aruba and Verizon. Through more than a decade of dedicated AppSec experience, he has established expertise in AppSec PenTesting, AppSec program architecture and AppSec tools. His efforts helping Fortune 500 companies to maintain continuous security and compliance spans application security, infrastructure security, wireless and physical security. Jason has spoken at conferences such as ISC2 Security Congress, Northeastern OWASP events, and for Qualys at RSA and Black Hat. A US Navy Submarine Force Veteran, Jason is also passionate about putting security people together with their stakeholders.

Web Application Scanning (WAS) and Web Application Firewall (WAF)

Jason Kent
Vice President, Product Management, Web Application Security, Qualys

This talk will introduce the Web Application Security offerings by first demonstrating the vast breadth of deployments of Web Application Scanning and give an understanding of how customers are using WAS today. Additionally Jason will cover the extensive work that is going into the WAF UI and Engine to incorporate feedback and create flexibility that will allow for your organization to get ahead of the attackers.

Jeffrey Leggett

Jeffrey Leggett
Director, Cloud Services, API and Integration, Qualys

Jeffrey Leggett is currently Director of Cloud Services, API and Integrations for Qualys. With over 25 years of IT and InfoSec experience, he acts as both Product Manager and Subject Matter Expert on Automation and Integrations for the company.

API Best Practices

Jeffrey Leggett
Director, Cloud Services, API and Integration, Qualys

This talk features a mid-level exploration of each Qualys module with customer-exposed API's, including their functionality, with special emphasis on new API's to the Qualys Cloud Platform (Cloud Agent, updates to host detection API and posture API, etc).


Jeffery will also talk about all current Qualys-built integrations - Splunk and Service Now - what's new in them and what new features are planned for 2017.

2017: The Year of Vendor Consolidation, and the Role Qualys Will Play

Philippe Courtot
Chairman & CEO, Qualys

Philippe will report on Qualys’ progress and will discuss the company’s vision and product strategy as it relates to the current industry trend of vendor consolidation.

Philippe Courtot

Philippe Courtot
Chairman and CEO, Qualys

As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor's Award in 2004 for bringing on demand technology to the network security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. He was previously Chairman and CEO of Signio until its acquisition by VeriSign. He is also a member of the Board of Directors of StopBadware, a non-profit, anti-malware organization.

Vulnerability Management (VM), Continuous Monitoring (CM), Cloud Agent (CA), AssetView (AV), ThreatPROTECT (TP)

Tim White
Director of Product Management, Policy Compliance, Qualys

Jimmy Graham
Director of Product Management, Vulnerability Management, Qualys

This talk will highlight the latest improvements in Vulnerability Management, Cloud Agent, Continuous Monitoring as well as AssetView and ThreatPROTECT. We will discuss upcoming product features scheduled for 2017 such as Docker, IPv6, new dashboard and search features, and Cloud Agent. Attendees will also learn about key new features delivered since the last conference.

Tim White

Tim White
Director, Product Management, Policy Compliance, Qualys

Tim is the director of product management for Qualys’ policy compliance portfolio and has more than 20 years of experience in various IT security areas including IT governance risk and compliance, datacenter security, firewalls, server protection and more. Prior to joining Qualys, Tim was a technical product manager and systems engineer with Symantec, and has held roles with the City of Austin and Axent.

Jimmy Graham

Jimmy Graham
Director, Product Management, Vulnerability Management, Qualys

Jimmy Graham is the Director of Product Management for Qualys Vulnerability Management. He has been deeply involved in information security and vulnerability management for over 10 years, and has managed teams covering security operations, incident response, application security, vulnerability management, penetration testing, governance, and compliance.

Martin Walker

Martin Walker
SME, Vulnerability Management, Cloud Agent, Qualys

Mr. Walker is the Qualys SME for Vulnerability Management and Cloud Agent. He has 30 years of experience in IT, and 25 in InfoSec focused roles. For the last decade he has been providing professional services focused on incident response and forensics, and vulnerability management.

Policy Compliance (PC) and Security Assessment Questionnaire (SAQ)

Tim White
Director of Product Management, Policy Compliance, Qualys

Hariom Singh
Director of Product Management, Qualys

This talk will highlight the full breadth of Qualys' Policy Compliance solutions, plus discuss upcoming product features scheduled for 2017. Attendees will learn about significant Policy Compliance coverage expansions into app, database and network compliance, and see demos of new reporting features. This session will also showcase recent updates to Qualys' cloud-based Security Assessment Questionnaire.

Hariom Singh

Hariom Singh
Director of Product Management, Qualys

With over 12 years of experience in cyber security and IT GRC, Hariom Singhhas been a driving force for positive change, helping organizations across industries lower IT security risk and meet their IT GRC objectives. As Qualys' director of product management, he works with clients to help them secure their cyber infrastructure and exceed their IT-GRC goals. Prior to Qualys, he worked as the technical lead for Creative Breakthroughs, a technical consultancy, and as senior consultant for Symantec, building his vast experience designing and building effective security and compliance solutions for large enterprises in the healthcare, energy, financial and telecommunications industries.

Shailesh Athalye

Shailesh Athalye
Senior Manager, Engineering, Qualys

Shailesh Athalye (CISA, CRISC, CEH, ISO 27001 LA) is a senior engineering manager for Policy Compliance and Security Assessment Questionnaire. With over 12 years of experience in IT GRC, he has been a driving force for engineering Risk & Compliance products at leading security product companies, helping customers go beyond compliance and drive their IT GRC objectives.

The Qualified SIEM: Going Beyond Data Suffocation

Jake Reynolds
Technical Alliances Engineer, LogRhythm

Without context, data tells an incomplete story. Yet, with the eroding perimeter, user owned and embedded devices, and the adoption of cloud platforms, we are collecting more than ever. Combining Qualys’ accurate and timely vulnerability data with LogRhythm's Security Intelligence Platform leverages both solutions’ analytics to build precision context for all that data. With a deeper understanding of the impact of these events, organizations can better prioritize real-time alerts, focus on the most important threats first, and accelerate the time to detect and respond to them.

Jake Reynolds

Jake Reynolds
Senior Manager, Engineering, Qualys

Jake Reynolds is the Technical Alliances Engineer at LogRhythm, where he is responsible for supporting the development and management of the company’s technical alliances with third-party technology providers. He has more than 20 years of experience in the Information Technology industry, with a focus on Information Security. Prior to LogRhythm, he held multiple security architect and engineer roles, and most recently helped spearhead security analytics and threat research at Level 3 Communications. Jake is an autodidact, with a focus on security, technology, and aviation.

Scanning Cloud Environments and Container Technologies

Hari Srinivasan
Director, Product Management, Cloud and Virtualization Security, Qualys

This talk will cover how to deploy Qualys seamlessly and deeply into public cloud environments with new features. It will also detail how to gain complete visibility of an organization’s entire cloud asset inventory and security posture to help them keep up with shared security responsibility models across public cloud infrastructure and container-based environments like Docker.

Jake Reynolds

Hari Srinivasan
Director, Product Management, Cloud and Virtualization Security, Qualys

Hari Srinivasan is director of product management for Qualys’ public cloud infrastructure platform integrations. With over 11 years experience in Enterprise Software space, Hari has expertise in numerous enterprise software disciplines including cloud automation and systems management, data center transformation, Hybrid Cloud, PaaS - DBaaS, compliance and configuration management. He previously worked at Oracle and Andale.

Amer Deeba

Amer Deeba
Chief Commercial Officer, Qualys

Responsible for all aspects of marketing, strategic alliances and global accounts, Amer has a proven track record of driving company growth in fast-moving technology fields. Amer previously served as the Chief Marketing Officer for Qualys for thirteen years and led the corporate and product marketing functions. Before joining Qualys, Amer served as the General Manager for the Payment Services Division at VeriSign where he contributed to establishing VeriSign as a leader in online payments processing 40% of all credit card transactions across the Internet. Amer came to VeriSign through its acquisition of online payments pioneer Signio, where he was Director of Product Marketing.

Sumedh Thakar

Sumedh Thakar
Chief Product Officer, Qualys

As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements.

Showcase of New Innovations / New Cloud Apps

Sumedh Thakar
Chief Product Officer, Qualys

An overview of Qualys' recent and upcoming improvements in the cloud platform along with exciting new modules being added to the platform.

Qualys Cloud Platform – 2016 Update and Roadmap

Sumedh Thakar
Chief Product Officer, Qualys

Sumedh will review the key 2016 product updates as well as outline the 2017 Qualys roadmap. He’ll demonstrate how platform enhancements and technology innovation in the cloud are enabling Qualys customers to reduce the number of solutions used for IT security and compliance.

Chris Carlson

Chris Carlson
Vice President, Product Management, Cloud Agent Platform

Chris Carlson is a Vice President of Product Management at Qualys, where he is in charge of the product definition, roadmap and strategy for the Cloud Agent Platform. During his 20+ year career in the infosec industry, Carlson has attained expertise in multiple areas, ranging from firewalls, VPNs and intrusion prevention systems to real-time event-processing, security analytics and next-generation endpoint platforms. Prior to joining Qualys, he held security architecture roles at UBS and at Booz Allen Hamilton, and product management positions at venture-funded startups and at leading vendors, including Hexis Cyber Solutions, Agent Logic, Informatica and Trustwave.

Scott Crawford
Research Director, 451 Research

Scott Crawford is Research Director for the Information Security Channel at 451 Research, where he leads coverage of emerging trends, innovation and disruption in the information security market.


Well known as an industry analyst covering information security prior to joining 451 Research, Scott has experience as both a vendor and an information security practitioner. At IBM, Scott guided offering strategy and development with a primary focus on security intelligence for IBM Security Services. He is the former CISO of the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO) International Data Centre in Vienna, Austria, where he pioneered the implementation of security policy and architecture for a non-governmental organization (NGO) serving more than 150 nations. "

Frank Catucci

Frank Catucci
Director of Product Management, Web Application Security, Qualys

Frank Catucci is the Director of Web Application Security, Product Manager and a Subject Matter Expert for Qualys. He has over 15 years experience in the Information Technology and Security field that spans enterprise, financial services, university/higher education, government, healthcare, legal, start-up businesses, public and private industries. Aside from his daily Web Application Security duties, Frank also conducts security research, penetration testing, and often speaks at information security conferences and events.

Neil MacDonald

Neil MacDonald
Distinguished Analyst and VP, Gartner

Neil MacDonald is a Vice President, Distinguished Analyst and Gartner Fellow Emeritus in Gartner Research, based in Stamford, Connecticut. Mr. MacDonald is a member of Gartner's information security, privacy and risk research team, focusing on securing next-generation virtualized and cloud-based computing environments from advanced attacks. Specific research areas include endpoint detection and response, virtualization security, protection of hybrid cloud server workloads, cloud access security brokers and protection from advanced targeted attacks using adaptive security architectures.

API and Tech Integrations Update

Jeffrey Leggett
Director, Cloud Services, API and Integration, Qualys

This talk will cover all updates to the Qualys API integratios, such as with Splunk and ServiceNow. Learn about new plug-ins for CI/CD development, plus see a preview of what's coming in 2018.

Keynote: American Spies, Modern Surveillance, Why You Should Care, and What To Do About It

Jennifer S Granick
Surveillance and Cybersecurity Counsel, ACLU

Technology, government secrecy, and a legal and policy vacuum combine to give the intelligence community unprecedented insight into and power over private conduct. The danger is that government agents will use this power as government agents always have: to monitor and hinder individuals and groups that seek political and social change. In this talk, Jennifer Granick outlines opportunities for meaningful and necessary surveillance reform this year.

Neil MacDonald

Jennifer S Granick
Surveillance and Cybersecurity Counsel, ACLU

Jennifer Stisa Granick joined the American Civil Liberties Union in September as surveillance and cybersecurity counsel. Before that, she was Director of Civil Liberties at the Stanford Center for Internet and Society for fives years. She is the author of the Palmer Civil Liberties prize winning book from Cambridge University Press entitled American Spies: Modern Surveillance, Why You Should Care, and What To Do About It. Before teaching at Stanford,Granick spent almost a decade practicing criminal defense law in California.