qsc 16

Qualys Security Conference 2015

Las Vegas, Aria Resort, October 8-9, 2015

Join us for our 13th annual security conference that connects our customers with our engineers and leading industry experts. This year our architects will unveil the many new groundbreaking technologies they are building into the Qualys Cloud Platform and Integrated Suite of Security and Compliance solutions.

Why Attend?

QSC14 Highlights:

Training Highlights:

Agenda

Tuesday, Oct 6 (Training)

Vulnerability Management Training

Trainer: Nick Dlouhy

This class is full. We are no longer accepting registrations.

Earn 8 hours of Continuing Professional Education (CPE) credit for attending this class.
Please bring your (ISC)2 member number to class.

AM Session

9:00 – 10:00AM Basic Vulnerability Management
Overview of Vulnerability Management Lifecycle
Hands-On Lab: Account Setup

Vulnerabilities, KnowledgeBase, and Search Lists
Hands-On Lab: Search Lists
10:00 – 11:00AM Understand Your Network
Using Discovery Scans (Maps)
New Graphics Mode Map Results
Hands-On Lab: Mapping
11:00AM – 12:00PM Asset Management
Host Assets
Asset Organization and Prioritization
Manage Asset Tags
Application, Ports/Service, OS, and Certificate Inventories
Hands-On Lab: Asset Tags, Asset Groups and Asset Search
12:00 – 1:00PM Lunch

PM Session

1:00 – 2:30PM Vulnerability Scanning Engine
Authenticated Scanning
Introduction to Qualys Cloud Agent
Review Results
2:30 – 4:00PM Reporting and Fine Tuning
Manage Reports using Templates and Scorecards
iDefense Threat Intelligence and 0-day Risk Analyzer
Hands-On Lab: Reporting
4:00 – 4:30PM User Management
Create Users
Organize Users into Business Units
Remediation/Trouble Ticketing
Hands-On Lab: User creation and Remediation labs
4:30 – 5:00PM Certification Exam

Policy Compliance and Advanced Vulnerability Management Training

Trainer: Phil Niegos

This class is full. We are no longer accepting registrations.

Earn 8 hours of Continuing Professional Education (CPE) credit for attending this class.
Please bring your (ISC)2 member number to class.

AM Session

9:00 – 9:30AM Introduction
Account and Application Setup
Hands-On Lab
9:30 – 10:00AM Policy Compliance Overview
Policy 101: A Top-Down Approach
The Qualys Control Library
The Path To Compliance
SCAP Support
10:00 – 10:30PM Compliance Scanning
The Qualys Cloud Platform
Compliance Scanning Requirements
Compliance Scanning Options
Raw Scan Report (Authentication Issues)
Hands-On Lab
10:30 – 11:00AM User Defined Controls
Windows-Based Controls
Unix-Based Controls
Hands-On Lab
11:00 – 11:30AM Controls and Policies
Create Policy From Scratch
Create Policy From Existing Host
Qualys Policy Library
Hands-On Lab
11:30AM – 12:00PM Compliance Reporting
Policy Report and Report Templates
Request Exceptions using Interactive Reports
Hands-On Lab
12:00 – 1:00PM Lunch

PM Session

1:00 – 1:30PM VM and PC Implementation Objectives
Hands-On Lab
1:30 – 2:30PM Scanning and Continuous Monitoring
Scanner Placement and Deployment
Scanner Parallelization
Secure Authenticated Scanning
Qualys Cloud Agent
Hands-On Lab
2:30 – 3:30PM Asset Management
Asset Groups vs. Asset Tags
Effective Asset Tag Design
Asset Tags and Regex
Stale Host Tags
Hands-On Lab
3:30 – 4:30PM Reporting and Remediation
Compliance Scorecard Report
Vulnerability Scorecard – Setting Goals for Acceptable Risk
Measuring Business Risk in a Trend Report
Monitoring and Enforcing Patch Deadlines (i.e. SLAs)
Unknown Devices Report
Hands-On Lab
4:30 – 5:00PM Q & A

Wednesday, Oct 7 (Training)

Advanced Vulnerability Management Training

Trainer: Nick Dlouhy

This class is full. We are no longer accepting registrations.

Earn 8 hours of Continuing Professional Education (CPE) credit for attending this class.
Please bring your (ISC)2 member number to class.

AM Session

9:00 – 10:30AM VM and PC Implementation Objectives
Mapping with the "none" Domain
Unknown Devices Report
Continuous Monitoring
Hands-On Lab: Planning Deployment, Mapping, and Continuous Monitoring
10:30 – 12:00PM Scanning and Continuous Monitoring
Scanner Placement and Deployment
Scanner Parallelization and Performance
Authenticated Scanning
Attribution and Delegation of Scanning Tasks
EC2 Scanning Overview
Qualys Cloud Agent
12:00 – 1:00PM Lunch

PM Session

1:00PM – 2:00PM Asset Management
Asset Groups vs. Asset Tags
Automation with Asset Tags
Effective Asset Tag Design
Hands-On Lab: Advanced Scanning, Account Management, Tagging
2:00 – 2:30PM Reporting and Remediation
Host Based vs Scan Based Findings
Setting Goals for Acceptable Risk
Monitoring and Enforcing Patch Deadlines (i.e. SLAs)
Measuring Business Risk in a Trend Report
Identifying and Responding to Process Bottlenecks
Hands-On Lab: Qualys Report Metrics
2:30 – 4:30PM API primer for Qualys API
Python and Curl
API v1 and v2 for Vulnerability Management
Hands-On Lab: API v1 and v2 lab
4:30 – 5:00PM Q & A

Web Application Scanning

Trainer: Phil Niegos

This class is full. We are no longer accepting registrations.

Earn 8 hours of Continuing Professional Education (CPE) credit for attending this class.
Please bring your (ISC)2 member number to class.

AM Session

9:00 – 10:00AM Web Application Scanning Overview
Scanning Your Web Architecture
Hands-On Lab
10:00 – 11:00AM Web Application Setup
Crawl Scope
Application Scanning Options
Selenium Scripts
Authentication
Crawl Exclusions
Malware Monitoring
Hands-On Lab
11:00AM – 12:00PM Scanning with Qualys WAS
Discovery Scan
Vulnerability Scan
Authenticated Scanning
Using Selenium for Authentication
Hands-On Lab
12:00 – 1:00PM Lunch

PM Session

1:00 – 2:00PM Reporting with Qualys WAS
Scan Report
Web Application Report
Catalog Report
Scorecard Report
Hands-On Lab
2:00 – 3:00PM Tagging and Users
Manage Tags to Organize Your Applications and Users
Setting User Scope
New Users
3:00 – 4:30PM Burp and MD Integration
Malware Monitoring
Burp Professional Integration Overview
Hands-On Lab
4:30 – 5:00PM Q & A

Thursday, Oct 8 (Conference)

7:30 – 8:30AM

Registration & Breakfast

8:30 – 8:45AM

Welcome & Opening Remarks

Amer Deeba, Vice President of Corporate Development and Strategic Alliances, Qualys

8:45 – 9:30AM

Opening Keynote

Philippe Courtot, Chairman and CEO, Qualys

Qualys Cloud Platform – 2015 Update and Roadmap

9:30 – 10:30AM

Qualys Cloud Platform

Sumedh Thakar, Chief Product Officer, Qualys

10:30 – 11:30AM

Refreshment Break in the Solutions Showcase

11:30AM – 12:30PM

Cloud Platform Showcase

Engineering Leads, Qualys

12:30 – 1:45PM

Lunch in the Solutions Showcase

1:45 – 2:30PM

Keynote: Security is Breaking Down...

Tyler Shields, Principal Analyst, Forrester

Qualys Cloud Suite – 2015 Update and Roadmap

2:30 – 3:15PM

Vulnerability Management Roadmap & Cloud Agent for VM

Martin Walker, Security Solution Architect, Qualys

3:15 – 3:45PM

Policy Compliance Roadmap & Cloud Agent for PC

Tim White, Director of Product Management, Cloud Platform, Qualys

3:45 – 4:30PM

Refreshment Break in the Solutions Showcase

4:30 – 5:15PM

Web Application Scanning & Web Application Firewall Roadmap

Frank Catucci, Director of Web Application Security, Qualys

Steve McBride, Director of Application Security, WAF, Qualys

5:15 – 5:45PM

Qualys Platform Infrastructure Update

Mark Dorsi, Infrastructure and Security Manager, Qualys

5:45 – 6:30PM

Break Before Dinner

6:30 – 7:30PM

Transportation to Dinner

7:00 – 10:30PM

Cocktails, Dinner & Live Entertainment

Aureole at Mandalay Bay

Friday, Oct 9 (Conference)

7:30 – 8:45AM

Registration & Breakfast

8:45 – 9:30AM

Keynote: TLS Maturity Model

Ivan Ristic, Author and Director of Application Security, Qualys

Solution Sessions

9:30 – 10:00AM

Using Splunk for Security Analytics

Kyle Champlin, Senior Sales Engineer, Global Strategic Alliances & CISSP

Jeff Leggett, Director of API and Integrations, Qualys

10:00 – 10:30AM

Actionable Threat Intelligence: A Risk-Based Approach to Vulnerability Management

David French, VP, Kenna Security

VP of Information Security, Fortune 1000 Financial Company

10:30 – 11:15AM

Refreshment Break in the Solutions Showcase

Book signing of Bulletproof SSL and TLS by author Ivan Ristic


11:15 – 11:45AM

Mitigations and Countermeasures for 0-day and Public Vulnerabilities Through Threat Intelligence

Jayson Jean, Director of Vulnerability Management, Verisign

Rohit Mothe, Vulnerability Research Engineer, Verisign

11:45AM – 12:15PM

Continuous Monitoring and Mitigation: Making Continuous Monitoring a Reality

Rob Greer, Senior Vice President, Products & Marketing, ForeScout

12:15 – 1:15PM

Lunch in the Solutions Showcase

Case Studies

1:15 – 2:00PM

Large Scale Deployment in Azure IaaS

Andre Howard, Principal IT Ops Manager, Microsoft

Hands-Off Vulnerability Management

Raj Sargule, Director of Information Security, Viacom Media Networks

2:00 – 2:45PM

Achieving Continuous Monitoring with VM

Sangamesh Shivaputrappa, Manager of Information Security, Infosys

Closing Keynote

2:45 – 3:30PM

Closing Keynote: Technology And The Threat Of A Jobless Future

Martin Ford

Book signing of Rise Of The Robots

3:30PM

Closing Remarks: Philippe Courtot

Conference Adjourns. See You Next Year!

Guest Speakers

Martin Ford
Martin Ford

Author and Entrepreneur

Read bio

Tyler Shields
Tyler Shields

Principal Analyst

Forrester

Read bio

Ivan Ristic
Ivan Ristic

Author and Director of Application Security

Qualys

Read bio

Event Information

Pricing

Attendance at the Qualys Security Conference is complimentary. This includes access to all general sessions, breakout sessions, training, breakfast and lunch both conference days, and dinner on Thursday, October 8. Pricing does not include travel or hotel accommodations.


Travel and Accommodations

We are pleased to host our event for the third year in a row at the Aria Resort & Casino, located on the Las Vegas strip. Make a reservation online or call the Aria Group Reservation Department at 866-359-7757.

Aria

Aria Resort & Casino
3730 Las Vegas Boulevard
Las Vegas, NV 89158
T: (702) 590-7757
www.arialasvegas.com

Dinner

Join Qualys for cocktails, dinner and must-see entertainment.


Cocktails and Dinner 7:00 – 10:30PM

Aureole

Aureole Restaurant
at the Mandalay Bay Hotel
www.charliepalmer.com/aureole-las-vegas/

Premiere Sponsors

BMC logo Forescout logo NopSec logo Splunk logo Thycotic logo Verisign logo

Supporting Sponsors

Compass IT Compliance logo LogRhythm logo Lumeta logo

Session Abstracts & Speaker Bios

Security is Breaking Down... Why Now, and What Can We Do About It?

Tyler Shields
Principal Analyst, Forrester

Understanding where we have come from and where we are going are fundamental to successful security in the age of mobile, cloud, and IoT. Networks, operating systems, and applications have completely changed. How we do business with today's technology has modified our usage patterns requiring a complete rework on how we approach security of our sensitive data. Scale, cloud architectures, mobility, app containers -- let's pick them apart and see what they really mean to our security future. It's time to secure the enterprise, big and small, and do it on a global scale.

Achieving Continuous Monitoring with VM

Sangamesh Shivaputrappa
Manager of Information Security, Infosys

This talk focuses on achieving and delivering Continuous Monitoring through Vulnerability Management including advanced security notifications on new advisories, deriving threat intelligence from scan data and building dashboards in SIEMs or other tools for senior management to evaluate the effectiveness of patch programs and continuously measure the security posture of an organization.

Hands-off Vulnerability Management

Raj Sargule
Director of Information Security, Viacom Media Networks

The hallmark of an effective vulnerability management program is its ability to scale with the environment, align with an organization's administrative structure, and stay in step with its changes to accurately represent an organization's asset base and its associated risks. In this presentation, Raj will discuss various tips and techniques for using the Qualys API to bring a hands-off approach to vulnerability management.

Creating the Baseline: Making Policy Baselines through Qualys

Sam Harris
Security Systems Analyst, UNUM

This session will highlight best practices for making standard baselines whether it's implementing CIS, PCI requirements, HIPAA requirements, or making a baseline from one of your own systems right out of the box.

Large Scale Deployment in Azure IaaS

Andre Howard
Principal IT Ops Manager, Microsoft

This presentation will outline best practices for scaled automation using Qualys APIs and demonstrate how to automate large scale deployment of scanner infrastructure into Azure IaaS.

Rise Of The Robots: Technology And The Threat Of A Jobless Future

Martin Ford
Author and Entrepreneur

An artificial-intelligence entrepreneur offers a stark warning about what we must do to keep an automated economy from being a massively unjust one.

TLS Maturity Model: A New Way of Looking at TLS Security

Ivan Ristic
Author and Director of Application Security, Qualys

Life used to be much simpler back in the day when we thought that encrypted communication via TLS is just... secure. Not any longer. Now, it seems that every day we are bombarded with information and problems with ridiculous names, usually acronyms. But are all those problems equally dangerous? How to make sense of it all? We introduce TLS Maturity Model, a fresh and practical way of looking at TLS security that will allow you to cut through the fluff to focus on what really matters.

Unauthenticated vs. Authenticated Scanning: Doesn't Matter, You're Doing it Wrong

Jonathan Cogley
CEO, Thycotic
Nathan Wenzler
Senior Technology Evangelist, Thycotic

Overcome the hurdles to authenticated scanning by using a privileged account management tool. Find out how you and your IT operations team can protect and manage privileged credentials, while giving your scanner appliance secure, automated, and audited access to those accounts. If you are already doing authenticated scanning, you may be leaving pass-the-hash vulnerabilities behind on scanned devices. Find out how to use the Thycotic integration with Qualys to ensure you are scanning all your devices with seamless authenticated scanning, dramatically improve security by reducing pass-the-hash exposure, and automate the entire process for all the devices on your network.

Operational Governance, Regulatory Mandates, and Security Threats – Oh MY!

Mitchell Sherfey
Principal Product Manager, BMC Software

Competing priorities, new and more dangerous threats, limited resources, and huge penalties loom over Security and IT Operations teams on a daily basis. How can these teams work together to close the SecOps Gap and create healthy, and secure environments hardened from new vulnerabilities, and able to pass audits more easily? Join Mitchell Sherfey, Principal Product Manager, BMC Software to learn more about best practices for Security and IT Operations.

Achieving Strategic Information Security Management with Qualys Vulnerability Management and TraceSecurity

Wes Withrow
Cybersecurity Expert, TraceSecurity

Cloud-based IT Governance, Risk and Compliance (IT GRC) solutions have been described as the "lightweight Enterprise Resource Planning (ERP) tool" of the security industry. IT GRC solutions like TraceSecurity's TraceCSO integrates the different units of an information security program the same way that an ERP solution integrates the different business units across a company; making it all work cohesively with the right visibility. The integration of TraceCSO with Qualys gives security teams the ability to manage vulnerability scan results within TraceCSO's centralized interface and benefit from automated communication between areas of TraceCSO, such as risk, audit and compliance management.

Mitigations and Countermeasures for 0-day and Public Vulnerabilities Through Threat Intelligence

Jayson Jean
Director of Vulnerability Management, Verisign
Rohit Mothe
Vulnerability Research Engineer, Verisign

In a perfectly ideal world, organizations would roll out each and every software security patch in the software update bundle within 24 hours of its release.


However, the world, especially the IT security world, isn't ideal and this is not a realistic expectation to meet. There could be a multitude of variables and factors at play that could affect the prompt and timely deployment of all the software fixes. Wrong or even delayed decisions can potentially be a huge financial expense and compromise the overall security posture.


So what can an organization do to help protect their enterprise? The proper solution to this problem is prioritization. And for prioritizing, an organization not only needs to understand the context, scope and magnitude of the threat but also the immediate steps to be taken to work around/remediate it appropriately. In this talk Jayson and Rohit discuss the mitigations and countermeasures that Verisign iDefense provides through its threat intelligence services to help enterprises against exploitation.

The Attack Path: Not All Vulnerabilities are Created Equal

Michelangelo Sidagni
CTO, NopSec

Recent high-profile security breaches have highlighted that attackers follow very specific attack paths, the same paths used by expert penetration testers in their engagements. In the eye of an attacker, not all vulnerabilities are created equal. Regardless of the CVSS score, attackers use a unique prioritization algorithm in scoring vulnerabilities and placing them in their attacks paths.


In this session, we will present a real world case and analyze the prioritization algorithm used by attackers. In addition, we will highlight the most common vulnerabilities and misconfigurations found in the attack path and offer recommendations of remedial actions based on insight from these scenarios.

Actionable Threat Intelligence: A Risk-Based Approach to Vulnerability Management

David French
VP, Kenna Security, Inc.
VP of Information Security
Fortune 1000 Financial Company

It's great to close as many vulnerabilities as you can, but if you're only playing the "numbers game," you may be falling behind the curve. How can you make your vulnerability management program more actionable, efficient, and effective--by quantifying and measuring your true exposure to risk?


Adding real-time threat context to your vulnerability and remediation management enables you to prioritize the most critical vulnerabilities at the right time, and reduce your exposure to threats. And automating this process means that you can remediate with confidence--not to mention get hours of your life back each week.


This presentation will highlight how Qualys and Kenna work together to connect vulnerability scanning programs with actionable threat intelligence in order to employ a risk-based approach to vulnerability management. Learn how a Fortune 1000 financial organization is driving down its exposure to vulnerabilities that match active Internet breaches, and tracking its remediation progress with little manual effort and without adding additional headcount.

Using Splunk for Security Analytics

Kyle Champlin
Senior Sales Engineer, Global Strategic Alliances & CISSP
Jeff Leggett
Director of API and Integrations, Qualys

Security analytics can give businesses critical insight into potential threats and enable faster detection by prioritizing vulnerability and event data. This session will demonstrate a new way to look at and analyze vulnerability data by combining Splunk and Qualys. A live demo will walk attendees through a Splunk app that pulls vulnerability data using Qualys APIs, and shows users how to build custom reports and dashboards to help security teams identify the most critical threats in their perimeter.

Continuous Monitoring and Mitigation: Making Continuous Monitoring a Reality

Rob Greer
Senior Vice President, Products & Marketing, ForeScout

Organizations are challenged by the pervasive nature of Cyber threats and vulnerabilities to their valuable corporate information that is maintained on their networks. By continuously monitoring the network and the devices on the network, world class tools, working together, such as Qualys and ForeScout, assess the state of vulnerabilities by executing scans anytime desired. Vulnerabilities can be addressed and remediated quickly. Real world examples will highlight the way organizations leverage and rely on these solutions to help protect their information and company brand.

Sangamesh Shivaputrappa

Sangamesh Shivaputrappa
Manager of Information Security, Infosys

Sangamesh is an information security professional with more than ten years of experience in enterprise security platform management, security engineering, incident response/management and forensics. Sangamesh has developed, recommended and delivered security services and solutions to enterprise stakeholders, provided concise reporting and actionable advice to management and leadership, and guided implementation of leading-edge technology solutions while balancing security initiatives to risks, business operations and innovations. His specializations include network security, vulnerability assessment, penetration testing, incident management and digital forensics.

Raj Sargule

Raj Sargule
Director of Information Security, Viacom Media Networks

Raj is the director of information security at Viacom, responsible for the corporate InfoSec program including engineering, operations, vulnerability management and incident response. He has over 18 years of experience in IT with over 12 years in information security, mostly in the media industry. Prior to joining Viacom, Raj worked for ABC television as a senior manager of information security. He holds CISSP, CISA, and CEH certifications, and has a MBA from NYU's Stern School of Business, with an undergraduate degree in Electronics from India.

Sam Harris

Sam Harris
Security Systems Analyst, UNUM

Sam has five years of network security experience, all of it in Vulnerability Management and Incident Handling, and 13 years of IT experience. Prior to his time in Network Security he spent the majority working on a Deskside Support team. He has a Masters in Business Administration, Bachelors in Information Technology, and an Associate degree in Business Computer Science as well as a GCIH certification. An avid gamer whether PC or console, and a disc golfer as long as there is no snow on the ground and the need to bundle up like you are in the arctic, Sam enjoys being an all-around geek.

Andre Howard

Andre Howard
Principal IT Ops Manager, Microsoft

Andre has more than 25 years of experience in the computer industry, with a background in IT operations and nearly 10 years of experience in security operations and engineering. In that past 8 years he has focused on regulatory reporting (SOX/PCI), computer security operations, operations management, security incident response, managing engineering and architecture roles and risk actualizations.

Jonathan Cogley
CEO, Thycotic

Jonathan grew up in South Africa and began his software engineering career in London where he founded Thycotic Software Ltd in 1996, moving Thycotic headquarters to the United States several years later. Thycotic is recognized as the fastest growing private company in identity and access management. Jonathan speaks at more than 40 enterprise technology events throughout the year and has appeared in notable news outlets such as The Wall Street Journal Radio, The Washington Post, CNET, Yahoo! Finance, PC Magazine and CSO. Jonathan regularly contributes to WIRED magazine's Innovation Insights on all things infosec.

Nathan Wenzler
Senior Technology Evangelist, Thycotic

Nathan has over a decade of experience designing, implementing and managing both technical and non-technical solutions for IT and Information Security organizations. Throughout his career, Nathan has helped government agencies and Fortune 1000 companies build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security effort. Currently as the Senior Technology Evangelist for Thycotic, Nathan brings his expertise on security program development and implementation in both the public and private sector to admins, auditors, managers, and security professionals.

Tyler Shields

Tyler Shields
Principal Analyst, Forrester

Tyler is a leading expert on mobile and application security topics, having researched a diverse set of topics and focuses his research time and energy around both corporate business strategy and the technologies used in securing the rapidly converging mobile and application threat landscape. Before joining Forrester, Tyler was product owner and manager for mobile solutions at Veracode, where he was responsible for or contributed to global go-to-market strategy, mergers and acquisitions, technology due diligence, competitive intelligence, and product research and design.

Martin Ford

Martin Ford
Author and Entrepreneur

Martin is the founder of a Silicon Valley-based software development firm and the author of two books: The New York Times Bestselling Rise of the Robots: Technology and the Threat of a Jobless Future and The Lights in the Tunnel: Automation, Accelerating Technology and the Economy of the Future. He has over 25 years experience in the fields of computer design and software development. He holds a computer engineering degree from the University of Michigan, Ann Arbor and a graduate business degree from the University of California, Los Angeles.


He has written for publications including The New York Times, Fortune, Forbes, The Atlantic, The Washington Post, Project Syndicate, The Huffington Post and The Fiscal Times. He has also appeared on numerous radio and television shows, including NPR and CNBC. Martin is a frequent keynote speaker on the subject of accelerating progress in robotics and artificial intelligence—and what these advances mean for the economy, job market and society of the future.

Ivan Ristic

Ivan Ristic
Author and Director of Application Security, Qualys

Ivan is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs website. He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing.


Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.

Jayson Jean

Jayson Jean
Director, Vulnerability Management & Research, Verisign

Jayson is the Director in charge of the strategic direction and fulfillment of product requirements for iDefense's Vulnerability Management solution set portfolio. Operationally, Jayson provides management oversight for both the Vulnerability Research Lab and Vulnerability Exploit Intelligence functional components. Jayson brings more than 15 years of technical experience in the software, telecommunications and security industries. Early in his career, he worked at several start-up companies as a network engineer. Prior to joining Verisign, Jayson worked for Science Applications International Corporation (SAIC), where he served as a security analyst for the US Department of Homeland Security (DHS).

Rohit Mothe

Rohit Mothe
Vulnerability Research Engineer, Verisign

Rohit joined Verisign in 2013 as part of the iDefense Vulnerability and Exploit Intelligence (VEI) team. He joined the Vulnerability Research Labs (VRL) team in 2014, where his primary work includes managing the iDefense Vulnerability Contributor Program (VCP), and contributing to internal vulnerability discovery efforts. His interests are in areas related to exploit development, vulnerability discovery, and reverse engineering. He has a Masters of Science in information security from The Johns Hopkins University, MD. During his Masters program he worked as an Intern at Cigital Inc., focussing on Web application penetration testing and file format fuzzing.

Wes Withrow

Wes Withrow
Cybersecurity Expert, TraceSecurity

For over 15 years, Wes has worked in IT and information security. He began his career as a systems engineer at Under Armour then joined The Johns Hopkins University Applied Physics Laboratory. Here Wes served in enterprise IT operations management, systems engineering, and information security roles, working closely with the Department of Defense. He leveraged the diversity of his expertise becoming the CIO at a consulting group that provided managed IT services to several industries. Wes represents TraceSecurity as a Cybersecurity Expert at onsite client engagements and across the country at conferences and speaking engagements providing deep industry knowledge spanning all verticals.

Mitchell Sherfey

Mitchell Sherfey
Principal Product Manager, BMC Software

As a Principal Product Manager at BMC Software, Mitch is responsible for new innovation in IT Automation and the BMC Portal. He has 16 years of experience in high tech software.

Michelangelo Sidagni

Michelangelo Sidagni
CTO, NopSec

Michelangelo serves as Chief Technology Officer leading technical development, security research and operations for NopSec. Prior to NopSec, Michelangelo was the Director of IT Security Services at Ciphertechs and served as a lead internal security consultant at Blue Cross Blue Shield advising on HIPAA security and privacy initiatives. Michelangelo holds numerous professional certifications in information security including CISSP, CISA, and CIA and is a frequent speaker at information security events around the country. He holds a Master's of Business Administration from the University of Pavia in Italy.

Gorka Sadowski

Gorka Sadowski
Director Global Strategic Alliances, Splunk

As a cybersecurity expert, Gorka has dedicated his career to helping organizations improve their security posture. He spent the last 20 years defining, implementing, and positioning security solutions in the marketplace. He has worked to bring together disparate technologies and vendors in unified ecosystems. He believes cybersecurity can only be achieved via strong cooperation of complementary subject matter experts. Gorka is Director of Global Strategic Alliances for Splunk where he fosters Splunk's role as the Nerve Center for Security Command Centers.

Rob Greer

Rob Greer
Senior Vice President, Products & Marketing, ForeScout

Rob has served as chief marketing officer at ForeScout since June 2015. Prior to joining ForeScout, he served as vice president and general manager of the Network Security division at HP Software, where he was responsible for determining product strategy, delivery, customer success and overall P&L. Before that, Rob served in numerous leadership roles at Symantec, ClearApp (acquired by Oracle), SonicWALL, and Ignyte Technology, Inc., where he was founder and chief executive officer. He earned a Bachelor degree in Management Information Systems from San Jose State University.

David French

David French
VP, Kenna Security

David is Kenna's VP of Sales & Business Development, and is responsible for driving customer growth, retention, and technology partnerships. He has focused on information security for nearly 15 years, beginning his career as a consultant at Ernst & Young, and went on to play several roles at Qualys including VP of Field Operations. David holds a B.S. in Information Systems Audit & Control, and also maintains both CISSP and CISA certifications.

Kyle Champlin
Senior Sales Engineer, Global Strategic Alliances & CISSP

Kyle has been a Sales Engineer in the security space for nearly a decade, working in many areas from cryptography, endpoint security, IoT and others.

Qualys Security Conference 2016 in Las Vegas will be held on October 12 & 13 at Delano Las Vegas with two days of free training on October 10 & 11.

Mark Your Calendar 10/12/2016 07:30 AM 10/13/2016 3:30 PM America/Los_Angeles Qualys Security Conference 2016 QSC16 is two days of interaction around the cutting edge of security at Delano Las Vegas. Delano Las Vegas Qualys events@qualys.com MM/DD/YYYY