Watch videos of our future roadmap, best practices, and use case presentations.
Where Are We Now and Where is the Industry Going?
Making the World Safer — One App at a Time
Philippe Courtot, Chairman and CEO, Qualys
Toward Continuous Security: Future Reality, or the Ultimate Threat?
Scott Crawford, Research Director, 451 Research
Only viewable for QSC attendees
API Security: Enabling Innovation Without Enabling Attacks and Data Breaches
Mark O’Neill, Sr. Director, Analyst, Gartner
Only viewable for QSC attendees
Qualys Cloud Platform
Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful
Dilip Bachwani, VP of Engineering, Qualys
Real-Time Vulnerability Management
Operationalizing the VM Process from Detection to Remediation
Jimmy Graham, Director of Product Management, Qualys
Qualys Container Security
Comprehensive Security for the Ever-changing Container Stack
Asif Awan, CTO of Container Security, Qualys
Qualys Indication of Compromise
Bringing IOC to the Next Level
Chris Carlson, VP of Product Management, Qualys
A 360° Approach to Securing the Cloud
Total Visibility and Comprehensive Security for Cloud Workloads and Infrastructure
Hari Srinivasan, Director of Product Management, Qualys
Web Applications & APIs
The Soft Belly of the Cloud
Dave Ferguson, Director of Product Management, Qualys
Rémi Le Mer, Director of Product Management, Qualys
Managing Digital Certificates
Asif Karel, Director of Product Management, Qualys
Policy Compliance, Security Configuration Assessment and File Integrity Monitoring
Automate the Assessment of Technical Controls & Mandate-based Security Requirements
Tim White, Director of Product Management, Qualys
Out-of-band Configuration Assessment and Security Assessment Questionnaire
Make Your Inaccessible, Sensitive Assets Visible to Your Vulnerability and Compliance Program
Shailesh Athalye, Director, Compliance Solutions, Qualys
First Look Showcase
Sumedh Thakar, Chief Product Officer, Qualys
Engineering Team, Qualys
Vulnerability Management & DevSecOps & the Cloud … Oh My!!
Patty Smith, CISO, Cox Automotive
Tabrez Naqvi, Security & Risk Assessment, Sr. Manager, Cox Automotive
Peeyush Patel, VP of Information Security, Experian
Gaining Total Visibility in Your Environment
Michael Smith, Information Security Engineer, TravelClick, an Amadeus Company
Improving Defense Posture Through Intelligence-based Vulnerability Management
Nelrose Viloria, Product Management, Secureworks
Lauren Ashley Zamora, Engineer, Vulnerability Management, Secureworks
Qualys Data + Splunk Security Analytics = Finding Hidden Threats
Don Leatham, Global Strategic Alliances - Security Markets, Splunk
Managing Compliance in a Rapidly Changing Regulatory Environment
Jerry Hughes, President, Managing Partner, Senior Executive IT Auditor, Compass IT Compliance
Operationalizing Web Application Security
Frank Catucci, Director of Application Security and DevSecOps, ImagineX Consulting
Ignore APIs at Your Peril
Qualys and 42Crunch Partner to Deliver API Security
Jacques Declas, Founder and CEO, 42Crunch
Qualys Agents and RTIs
Leveraging Vulnerability Intelligence and Cloud Agents in Vulnerability Management: Prioritizing Risk at Montana State University
Constantine Vorobetz, Former Security Analyst, Montana State University
How Security Best Practices Enable a DevOps Data Transformation in the Cloud
Dan Wilson, Senior Manager, Vulnerability and Remediation, Capital One
Colleen Csech, Manager, Vulnerability and Remediation, Capital One
How to Build a Successful Vulnerability Management Program for Medical Devices
Sarah Kennedy, Security Vulnerability Engineer, HCA Healthcare
Robert Sloan, Security Vulnerability Engineer, HCA Healthcare
November 18-21, 2019
The Bellagio Hotel, Las Vegas
Scott Crawford is Research Director for the Information Security Channel at 451 Research, where he leads coverage of emerging trends, innovation and disruption in the information security market.
Well known as an industry analyst covering information security prior to joining 451 Research, Scott has experience as both a vendor and an information security practitioner. At IBM, Scott guided offering strategy and development with a primary focus on security intelligence for IBM Security Services. He is the former CISO of the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO) International Data Centre in Vienna, Austria, where he pioneered the implementation of security policy and architecture for a non-governmental organization (NGO) serving more than 150 nations.
Mark O'Neill advises on strategy for API management and the API economy as part of an overall digital platform and business ecosystem. He advises on how API management relates to SOA and products such as ESBs. He also advises on strategy for banking APIs, including PSD2 in Europe. This includes API security. With his background in B2B, he covers the usage of APIs for B2B, as well as the relationship between APIs and traditional B2B technologies.
Charles Henderson is the Managing Partner and Global Head of X-Force Red. Throughout his career, Charles and the teams he has managed have specialized in network, application, physical, and hardware/device penetration testing as well as vulnerability research. X-Force Red’s clients range from the largest on the Fortune lists to small and midsized companies interested in improving their security posture.
Charles is also an enthusiastic member of the information security community and an advocate of vulnerability research. He has been a speaker at various conferences (including Black Hat, DEFCON, RSA, SOURCE, OWASP AppSec USA and Europe, and SXSW) around the world on various subjects relating to security testing and incident response. He has also appeared on or in The Today Show, CBS Evening News, CNN, Fox News, MSNBC, BBC, The Wall Street Journal, Forbes, USA Today, The Register, SC Magazine, Engadget, eWeek, Reuters, Car & Driver, and various other media outlets.
Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor’s Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe.
Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign’s payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe’s direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991. In 1986, as CEO of Thomson CGR Medical, a medical imaging company, Philippe received the Benjamin Franklin award for his role in the creation of a nationwide advertising campaign promoting the life-saving benefits of mammography. Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a master’s degree in physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987.
As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys’ PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.
A long time advocate of the SaaS model and cloud computing, Sumedh worked at Intacct, a cloud-based financial and accounting software provider, before working at Qualys. Previous to Intacct, Sumedh worked at Northwest Airlines to develop complex algorithms for yield and revenue management for their backend reservation system.
Sumedh is active in the PCI and security community working closely with the PCI Council on the development and enhancement of PCI DSS. He co-authored “PCI Compliance for Dummies,” an easy-to-read guide designed to educate merchant organizations about PCI. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.
Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 25 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), and Certified in Risk and Information Systems Control (CRISC), has extensive IT auditing experience—especially within the financial industry, Healthcare industry, and the retail sector—and has participated in hundreds of PCI Risk Assessments and Audits.
Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the nation’s premier consulting firms in the area of IT Governance, Assurance, Security and Compliance services. His team of CISA-certified auditors, all certified in the international framework called Control Objectives for Information and related Technologies (COBIT), offers a full suite of IT Compliance services within the banking, insurance, retail, health care, energy and education sectors.
Frank Catucci is currently the Director of Application Security and DevSecOps for ImagineX Consulting. He is also the former Director of Product Management for Application Security at Qualys. Frank is an appsec and infosec leader, hacker and consultant during the day and a security researcher by night and by life. Decades of experience spanning Fortune 500 enterprise, financial services, university/higher education, government, and a fair share of start-ups and businesses, both public and private, grants him the unique ability to see and lead information security with a unique, complete, and widely encompassing approach in all aspects of cybersecurity.
Brian Canaday is a senior engineer for the vulnerability and configuration management program at CSAA Insurance Group, a AAA Insurer. With over 21 years of system administration, information security and governance risk & compliance, Brian brings a unique balance of technical and regulatory experience. Having worked in the private sector and in the government sector he is well rounded in the different environments of security.
Michael Smith has been working as an Information Security Professional for 19 years. In that time, he has worked across multiple global organizations such as Paypal, General Dynamics, SAIC, and Deloitte. He now currently works within the Amadeus Information Security team for their Hospitality business handling enterprise risk management, compliance, and audit.
Sarah Kennedy is currently working at HCA, Inc. specializing in security vulnerability assessment. She received her Master’s in Information Security from Lipscomb University and her undergraduate in Telecommunications Systems Management from Murray State University.
Robert Sloan has been with HCA, Inc. for the past 15 years, currently on the Vulnerability Management team. He and his team are responsible for the security assessments of diverse systems over a complex healthcare network across the US and UK.
Dilip Bachwani is Vice President of Engineering at Qualys, responsible for spearheading Qualys’ Cloud Platform Engineering, DevOps and SRE initiatives. An Agile and DevOps champion passionate about its transformational potential on organizational productivity and success, Dilip has deep technology and architecture expertise and over 18 years experience in building complex scalable distributed systems.
Jimmy Graham is the Director of Product Management for Vulnerability Management. He has been deeply involved in information security and vulnerability management for over 10 years, and has managed teams covering security operations, incident response, application security, vulnerability management, penetration testing, governance, and compliance.
Chris Carlson is a vice president of product management at Qualys, where he is in charge of the product definition, roadmap and strategy for the Cloud Agent Platform. During his 20+ year career in the infosec industry, Carlson has attained expertise in multiple areas, ranging from firewalls, VPNs and intrusion prevention systems to real-time event-processing, security analytics and next-generation endpoint platforms. Prior to joining Qualys, he held security architecture roles at UBS and at Booz Allen Hamilton, and product management positions at venture-funded startups and at leading vendors, including Hexis Cyber Solutions, Agent Logic, Informatica and Trustwave.
Patricia Smith is Vice President and Chief Information Security Officer for Cox Automotive, the world’s leader in automotive software solutions for auto dealers, consumers, financial institutions and OEMs. Cox Automotive is a subsidiary of Atlanta-based Cox Enterprises. Patricia was named to this position in June 2016. She is responsible for developing and managing the security strategy for Cox Automotive, as well as all aspects of risk management & compliance, security operations, security engineering & architecture, vulnerability management, business resiliency and security culture & awareness.
Patricia has spent over 15 years designing, building, and managing Information Security programs that focus on delivering innovative security solutions while partnering with the business to enable innovation and business success.
Dave Ferguson is Director of Product Management for Web Application Security at Qualys. After writing code and developing applications for over a decade, Dave transitioned to focus on application security. Prior to Qualys, he led the global application security program at Sabre Corporation and worked as a Principal Consultant at FishNet Security (now Optiv). Dave is author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.
Asif Karel is the director of product management for Qualys CertView. He has over 20 years of experience in Information Security including online fraud detection, PKI, strong authentication and single sign-on. Prior to joining Qualys, he was a subject matter expert in digital certificates and certificate solutions at VeriSign and Symantec, a solutions architect in the CASB space at CipherCloud and a solutions manager at Venafi.
Tim White, is Qualys’ director of product management for policy compliance. With more than 20 years of experience in IT GRC, he has worked with a variety of large enterprises across many different verticals while shaping products in the industry. He also has significant experience in broader Information Security, working with products ranging from Firewalls, Network Security, and Host Security.
Shailesh Athalye (CISA, CRISC, CEH, ISO 27001 LA), is Director of compliance solutions at Qualys, heading product innovation as well as engineering. With over 15 years of experience in IT risk, compliance and cybersecurity domains, he has been a driving force for engineering risk & compliance line of products at leading security product companies, helping customers go beyond compliance and drive their IT GRC objectives.
Nelrose Viloria is the Product Manager for Vulnerability Management Services (VMS) at Secureworks, a Dell Technologies company. She has an extensive background in product management, marketing, and strategic planning in various industries, with a heavy focus in technology. Her key focus is to drive the VMS portfolio to help clients optimize their vulnerability management program and make the most out of their vulnerability scanner to keep their business or enterprise secure.
Pablo Quiroga is a Director of Product Management at Qualys, where he is in charge of the product definition, roadmap and strategy for the IT asset visibility & management initiatives. With over 10 years of experience in Enterprise Software and the IT industry, Pablo has helped numerous customers gain significantly better visibility to support data-powered decision that often led to multi-million-dollar savings and risk avoidance.
Peeyush Patel is Vice President of Information Security within the Experian Global Security Office (GSO). He is responsible for the strategy, leadership and governance of Experian’s GSO, including Application Security, Threat Management, Data Protection, and Offensive Security programs.
Jacques Declas, founder and CEO of 42 Crunch, is an entrepreneur with more than 20 years in the Enterprise Software industry and a record of scaling international sales team. He has an extensive knowledge of the API Security market having served in senior VP roles in Forum Systems, Vordel (acquired by Axway) and Intel. During his career Jacques has built worldwide partnership with Software vendors such as Computer Associates, Oracle and Microsoft and leading consulting firms such as Accenture, Atos and CSC. Jacques holds a bachelor of Financial Management and European Business Law.
Don Leatham is a 15-year veteran of the security software market. Having held senior roles in security product management, OEM technologies, and strategic technology alliances, Don provides a unique perspective and understanding of how security technologies, products, and market relationships come together to form today’s complex InfoSEC environment.
Constantine Vorobetz worked as a Computer Software Engineer/Security Analyst at Montana State University (MSU) located in Bozeman, MT where he implemented and currently manages their Qualys use. He has over seven years working in Information Security. He graduated from Montana State University with a Bachelor of Science Degree in 2002 and later completed his Master of Science in 2007 from the University of Cincinnati. He completed his Certification as a Computer Forensic Examiner (CFCE) from the International Association of Computer Investigative Specialists (IACIS) in 2013.
Hari Srinivasan is director of product management for Qualys’ security for cloud and virtualization. He has expertise in numerous enterprise software disciplines including cloud security and analytics, automation, systems management, data center transformation, Hybrid Cloud, PaaS - DBaaS, compliance and configuration management. He previously worked at Oracle both as an engineer and spent over a decade in multiple areas in product management positions.
Colleen Csech is a Manager on the Vulnerability Management Team in Capital One’s Cyber division where she leads the development, implementation, and maintenance of vulnerability best practices for applications in the server space for both on-premises and cloud environments. Colleen began her career working for a federal consulting company in the Washington, DC area where she worked as a Cyber security policy and compliance analyst specializing in vulnerability scanning security documentation.
Dan Wilson is a Sr Manager within Capital One's Cyber organization based in Chicago, IL. He leads the Vulnerability Management Team which drives vulnerability remediation and configuration compliance across all lines of business and all platforms within the enterprise. Prior to Capital One, he spent more than decade serving in local law enforcement. He specialized in computer forensic investigations and assisted multiple agencies, ranging from the federal and state agencies, as well as other law enforcement agencies within Wisconsin.
Asif is a passionate cybersecurity entrepreneur with a broad business and technology expertise that spans enterprise, healthcare and financial domains, and cloud, mobile and deep learning technologies. He was the founder and CTO of Layered Insight till it was acquired recently by Qualys. He is now the CTO for Container Security at Qualys. Layered Insight was a pioneer in the container security space that offered a solution for providing deep visibility and protection for containerized and serverless workloads, using an innovative application-centric approach. It's the only infrastructure and orchestration agnostic solution that's zero-touch to developers and DevOps, and fully portable for cloud and edge workloads.
Asif is a pioneer in the Mobile Application Management space. Back in 2011, he identified a serious gap in the enterprise solutions being offered for BYOD, envisioned an innovative user-space virtualization solution, and founded Plursona to build that solution and realize the business vision. Plursona was acquired in 2012 by HPE (Aruba Networks) for its best-in-class technology. Asif has held various technology and business leadership positions at HPE (Aruba Networks), Motorola Mobility, Wells Fargo, Juniper Networks and Boston Scientific (Guidant).