Best Practices from Industry Leaders

Hear best practices and case study presentations from industry leaders.
Win high-tech prizes and get a Qualys bag after each presentation.

View Agenda

BMC logo Catholic Health logo University of Colorado logo
Microsoft logo Nationwide Insurance logo Splunk logo Time Warner Cable logo
Qualys Show Bag

Qualys Show Bag
– Get Yours

Get yours after each best practices presentation.


Plus, enter for a chance to win high-tech prizes:

Dropcam logo Amazon logo GoPro logo Apple logo
Qualys Cafe

Join Us for
Refreshments

Enjoy complimentary refreshments
during each presentation.


We’ll be serving Nespresso to keep you going
throughout the show!

Nespresso logo

Qualys Booth Schedule

Hear best practices and case study presentations from industry leaders.
Win high-tech prizes and get a Qualys bag after each presentation.

5:00PM
6:00PM

Policy Compliance

Hariom Singh, Director of Policy Compliance, Qualys

6:00PM
7:00PM

Web Application Scanning

Will Bechtel, Director of Product Management, WAS, Qualys

11:15AM
11:45AM

A Case Study in Security and Higher Education: The University of Colorado

Craig Hurter, IT Manager, University of Colorado

12:00PM
12:30PM

How to Build a Successful Vulnerability Management Program

Roger Raymond, Manager, IRMIT, Risk Management, Nationwide Insurance

12:45PM
1:15PM

How to Achieve IT Compliance by Closing the Gap Between Security and Operations

Dominic Wellington, Compliance Marketing Manager, BMC

1:30PM
2:00PM

A Case Study in Security and Healthcare: Catholic Health Systems

Michael Arent, IT Security Analyst, Catholic Health Systems

2:15PM
2:45PM

PCI Compliance

Tim White, Director of Product Management, Policy Compliance, Qualys

3:00PM
3:30PM

Improving an Actionable Intelligence Framework with Qualys and Archer

Prentis Brooks, Cyber Security Director, Time Warner Cable
Brian M. White, Director of IT Compliance, Time Warner Cable

4:00PM
6:00PM

Managing Incident Response in Large,
Complex Environments

Rich Eicher, Security Analyst, Microsoft

4:45PM
5:15PM

Web Application Security

Frank Catucci, Director of Web Application Security, Qualys

11:15AM
11:45AM

Web Application Firewall

Steve McBride, Director of Application Security, WAF, Qualys

12:00PM
12:30PM

Using Splunk for Security Analytics

Jeff Leggett, Product Manager/Subject Matter Expert, Qualys

12:45PM
1:15PM

How to Build a Successful Vulnerability Management Program

Roger Raymond, Manager, IRMIT, Risk Management, Nationwide Insurance

1:30PM
2:00PM

A Case Study in Security and Higher Education: The University of Colorado

Craig Hurter, IT Manager, University of Colorado

2:15PM
2:45PM

How to Achieve IT Compliance by Closing the Gap Between Security and Operations

Dominic Wellington, Compliance Marketing Manager, BMC

3:00PM
3:30PM

Improving an Actionable Intelligence Framework with Qualys and Archer

Prentis Brooks, Cyber Security Director, Time Warner Cable
Brian M. White, Director of IT Compliance, Time Warner Cable

4:00PM
6:00PM

Book Signing: TBD

TBD

4:45PM
5:15PM

Cloud Agent and Vulnerability Management

Alex Au Yeung, Director of Product Management, Cloud Platform, Qualys

11:15AM
11:45AM

Managing Incident Response in Large,
Complex Environments

Rich Eicher, Security Analyst, Microsoft

12:00PM
12:30PM

Using Splunk for Security Analytics

Jeff Leggett, Product Manager/Subject Matter Expert, Qualys

12:45PM
1:15PM

A Case Study in Security and Healthcare: Catholic Health Systems

Michael Arent, IT Security Analyst, Catholic Health Systems

1:30PM
2:00PM

Cloud Agent and Vulnerability Management

Alex Au Yeung, Director of Product Management, Cloud Platform, Qualys

Monday, April 20

9:00AM
9:30AM

Keynote: Cloud Without Borders: Paving the Way for Global Security and Privacy

Philippe Courtot, Chairman & CEO of Qualys
Moscone Center West | Room 2014

Tuesday, April 21

1:10PM
2:00PM

Bridging the Divide Between Security and Operations Teams

Jonathan Trull, CISO, Qualys
Moscone Center North | Room: 130

2:20PM
3:10PM

Getting a Jump on Hackers

Wolfgang Kandek, CTO, Qualys
Moscone Center West | Room: 2018

Speakers

Craig Hurter

Craig Hurter

IT Manager

University of Colorado

Read bio

Roger Raymond

Roger Raymond

Manager, IRMIT, Risk Management

Nationwide Insurance

Read bio

Michael Arent

Michael Arent

IT Security Analyst

Catholic Health Systems

Read bio

Prentis Brooks

Prentis Brooks

Cyber Security Director

Time Warner Cable

Read bio

A Case Study in Security and Higher Education: The University of Colorado

Craig Hurter
IT Manager, University of Colorado

While universities need to keep their networks secure, they often have to approach security differently than most enterprises due to the open nature of academia. Add to this more common challenges such as distributed networks and devices, limited resources, and a low user awareness of security risks, and these institutions become easy targets for hackers.


This presentation will delve into how the University of Colorado’s central security team built and now manages an effective vulnerability management program covering the networks and systems for four campuses and almost 60,000 students, faculty, and staff. Craig will also discuss common challenges and barriers to success and layout best practices.

Craig Hurter
IT Manager, University of Colorado

Craig Hurter is the IT Security Manager for the University of Colorado Boulder. His role encompasses the management of the campus Vulnerability Management and E-Discovery services. He also function as the Security Awareness manager for the CU system. Craig has over 20 years of experience in Information Technology with his primary focus being IT security for the past 6 years. He was worked in support of the non-profit, retail, legal and education sectors.

How to Build a Successful Vulnerability Management Program

Roger Raymond
Manager, IRMIT, Risk Management, Nationwide Insurance

Vulnerability management programs are the corner stone of a good security strategy in order to control information and security risks. It's critical to be able to identify and mitigate vulnerabilities within an IT environment to prevent cyber criminals from attacking. But how do you go about building an implementing a successful VM program?


In this session, Roger will discuss the major requirements for implementing a vulnerability management program, how to gain alignment with key stakeholders, and outline potential challenges that may be encountered when starting a new or modifying an existing program.

How to Achieve IT Compliance by Closing the Gap Between Security and Operations

Dominic Wellington
Compliance Marketing Manager, BMC

Security and IT Operations teams (SecOps) within organizations have traditionally been siloed functions making it difficult to quickly identify and respond to potential vulnerabilities. This siloed structure undermines efforts around security and compliance, making reacting to threats and remediating breaches a challenge. While you may have a compliance plan may be in place, how fast can you execute?


This presentation will outline a blueprint for how to bridge the gap between IT security and operations teams to achieve complete IT compliance to reduce the risk and cost within organizations. Additionally Dominic will discuss how to reduce the window of exposure to vulnerabilities and be more proactive in preventing aggressive threats, as well as analyze operational dependencies and enforce governance policies and change approval requirements.

A Case Study in Security and Healthcare: Catholic Health Systems

Michael Arent
IT Security Analyst, Catholic Health Systems

If you don’t know what’s in your network, how can you secure it? This session will demonstrate how Catholic Health Systems used asset tagging to identify and remedy system weaknesses and gaps in regulatory compliance, giving them the ability to see their networks the way hackers do.


In addition, Michael will offer best practices on how to classify applications and systems according to risk and their business importance, in order to identify the most critical vulnerabilities and mitigate them based on the real-world risk they pose to the organization.

A Case Study in Security and Healthcare: Catholic Health Systems

Michael Arent
IT Security Analyst, Catholic Health Systems

If you don’t know what’s in your network, how can you secure it? This session will demonstrate how Catholic Health Systems used asset tagging to identify and remedy system weaknesses and gaps in regulatory compliance, giving them the ability to see their networks the way hackers do.


In addition, Michael will offer best practices on how to classify applications and systems according to risk and their business importance, in order to identify the most critical vulnerabilities and mitigate them based on the real-world risk they pose to the organization.

Improving an Actionable Intelligence Framework with Qualys and Archer

Prentis Brooks
Cyber Security Director, Time Warner Cable
Brian M. White
Director of IT Compliance, Time Warner Cable

This session will highlight how Time Warner Cable further enhanced its integration between Archer and Qualys by implementing a routine reporting process and risk ranking methodology to ensure remediation cadence based on risk. He will discuss specific challenges around vulnerability remediation and describe how Time Warner Cable leveraged these two technologies to automate reporting and foster rapid collaboration across the company.

Using Splunk for Security Analytics

Jeff Leggett, Product Manager/Subject Matter Expert, Qualys

Security analytics can give businesses critical insight into potential threats and enable faster detection by prioritizing vulnerability and event data. This session will demonstrate a new way to look at and analyze vulnerability data by combining Splunk and Qualys. A live demo will walk attendees through a Splunk app that pulls vulnerability data using Qualys APIs, and shows users how to build custom reports and dashboards to help security teams identify the most critical threats in their perimeter.

Prentis Brooks
Cyber Security Director, Time Warner Cable

Prentis Brooks is an information security leader with more than 15 years in technology, 10 of which are in the information security field. He holds a B.S. in information technology, a M.B.A. with a concentration in technology, and holds security management certifications from both (ISC)2 and ISACA. He currently serves as the Director of Cyber Security for Time Warner Cable (TWC) with responsibilities in incident response, risk management, vulnerability management, penetration testing, digital forensics, and security infrastructure. Prentis began his technology career in 1995, working for a local value-added reseller in Decatur, AL. From there he joined America Online in 1999 as a web server administrator and moved into a security role as a principal security engineer just prior to his move to TWC in 2006. Prentis lives in Charlotte with his wife and five girls.

Michael Arent
IT Security Analyst, Catholic Health Systems

Michael is a IT security analyst for Catholic Health and a seasoned Information Security leader, engineer and user with over 25 years of experience in the engineering, operations and management of Information Security assets. His breadth of experience has traversed multiple industry silo’s that include; Government, DOD, Health Care, Financial, Manufacturing and Retail. Michael's current focus in the healthcare industry has proven to be a very challenging environment, continually driven by state, local and federal compliance requirements which makes his day-to-day role exciting.

Brian M. White
Director of IT Compliance, Time Warner

Brian M. White is an experienced leader in IT Risk Management and Compliance, with 20 years in Information technology, 15 of which dedicated to Technology Risk Management. He currently serves as the Director of IT Compliance at Time Warner Cable (TWC) with responsibilities of Remediation Management, User Access Reviews, and Governance of the corporate Archer environment. Additional responsibilities include the management of customer compliance programs for systems hosted by NaviSite, the Managed Hosting and Cloud Service provider within TWC Business Class. Prior to joining TWC in 2013, Brian was Audit Director for 10 years at large financial institutions where he developed unique approaches to audit and special investigations with a passionate focus on the risks that technology and business processes together create; such as rogue trading, anti-money laundering, and Online Banking Fraud. Previous roles include system engineering and architecture roles for healthcare and consulting organizations. He holds an M.B.A. from the McColl School of business at Queens University of Charlotte.

Managing Incident Response in Large, Complex Environments

Rich Eicher, Security Analyst, Microsoft

During a security incident, the focus is usually on solving the incident as quickly as possible. The controlled chaos of learning about a vulnerability, ensuring that exploits do not cause further damage and managing the process of producing, testing, and releasing an update to deal with the issue is something we don’t often think about. Tackling incident response can be even more challenging within large and complex environments. This presentation will highlight the challenges associated with managing incident response in larger environments and offer best practices to develop an plan to limit damage and reduce recovery time and costs.

Rich Eicher
Security Analyst, Microsoft

​Rich is a security professional with 20 years of experience in security engineering. Currently he is a security analyst for Microsoft​ within the Operating System Group. Prior to Microsoft, Rich held engineering positions at T-Mobile, Expedia and AGEON Americas.

Roger Raymond
Manager, IRMIT, Risk Management, Nationwide Insurance

​Roger is an Information Risk Manager for Nationwide. His role includes enhancing infrastructure related capabilities across the organization. Roger has 20 years of Information Technology experience including architecture, operations and engineering, the last 8 of which have been focused on Information Security and Risk Management for various size organizations in public and private sectors.

Qualys Solutions
Qualys Community
Free Trial & Tools
Free Trial

Nothing to install or download!

1 (800) 745 4355