Best Practices from Industry Leaders

Hear best practices and case study presentations from industry leaders.
Win high-tech prizes and get a Qualys bag after each presentation.

View Agenda

BMC logo Catholic Health logo University of Colorado logo Microsoft logo
Nationwide Insurance logo Secure Mentem logo Splunk logo Time Warner Cable logo Verisign logo
Qualys Show Bag

Qualys Show Bag
– Get Yours

Get yours after each best practices presentation.


Plus, enter for a chance to win high-tech prizes:

Dropcam logo Amazon logo GoPro logo Apple logo
Qualys Cafe

Join Us for
Refreshments

Enjoy complimentary refreshments
during each presentation.


We'll be serving Nespresso to keep you going
throughout the show!

Nespresso logo

Qualys Booth Schedule

Hear best practices and case study presentations from industry leaders.
Win high-tech prizes and get a Qualys bag after each presentation.

5:10PM
5:40PM

Qualys Cloud Agents

Sumedh Thakar, Chief Product Officer, Qualys
Alex Au Yeung, Director of Product Management, Cloud Platform, Qualys

5:50PM
6:20PM

Make Better IT Security Decisions with Qualys Vulnerability Management and Threat Intelligence

Jayson Jean, Director of Vulnerability Management, Verisign
James Adair, Senior Manager, InfoSec Team, Verisign

6:30PM
7:00PM

Comprehensive Web Application Defense with Qualys WAS and WAF

Will Bechtel, Director of Product Management, WAS, Qualys
Steve McBride, Director of Application Security, WAF, Qualys

11:15AM
11:45AM

A Case Study in Security and Higher Education: The University of Colorado

Craig Hurter, IT Manager, University of Colorado

12:00PM
12:30PM

How to Build a Successful Vulnerability Management Program

Roger Raymond, Manager, IRMIT, Risk Management, Nationwide Insurance

12:45PM
1:15PM

How to Achieve IT Compliance by Closing the Gap Between Security and Operations

Akbar Aziz, Lead Product Manager, Middleware and Server Automation Products, BMC

1:30PM
2:00PM

A Case Study in Security and Healthcare: Catholic Health Systems

Michael Arent, IT Security Analyst, Catholic Health Systems

2:15PM
2:45PM

Qualys Policy Compliance

Tim White, Director of Product Management, Policy Compliance, Qualys

3:00PM
3:30PM

Improving an Actionable Intelligence Framework with Qualys and Archer

Prentis Brooks, Cyber Security Director, Time Warner Cable
Brian M. White, Director of IT Compliance, Time Warner Cable

4:00PM
4:30PM

Managing Incident Response in Large,
Complex Environments

Rich Eicher, Security Analyst, Microsoft

4:45PM
5:15PM

Qualys Web Application Scanning

Frank Catucci, Director of Web Application Security, Qualys

11:15AM
11:45AM

Qualys Web Application Firewall 2.0

Steve McBride, Director of Application Security, WAF, Qualys

12:00PM
12:30PM

The Sophisticated Attack Myth

Ira Winkler, President, Secure Mentem

12:45PM
1:15PM

How to Build a Successful Vulnerability Management Program

Roger Raymond, Manager, IRMIT, Risk Management, Nationwide Insurance

1:30PM
2:00PM

A Case Study in Security and Higher Education: The University of Colorado

Craig Hurter, IT Manager, University of Colorado

2:15PM
2:45PM

How to Achieve IT Compliance by Closing the Gap Between Security and Operations

Akbar Aziz, Lead Product Manager, Middleware and Server Automation Products, BMC

3:00PM
3:30PM

Improving an Actionable Intelligence Framework with Qualys and Archer

Prentis Brooks, Cyber Security Director, Time Warner Cable
Brian M. White, Director of IT Compliance, Time Warner Cable

3:45PM
4:30PM

Q&A and Book Signing: Countdown to Zero Day

Kim Zetter, Author

4:45PM
5:15PM

Qualys Cloud Agents

Alex Au Yeung, Director of Product Management, Cloud Platform, Qualys

11:15AM
11:45AM

Managing Incident Response in Large,
Complex Environments

Rich Eicher, Security Analyst, Microsoft

12:00PM
12:30PM

Using Splunk for Security Analytics

Wissam Ali-Ahmad, Senior Security Solutions Architect, Splunk
Jeff Leggett, Product Manager/Subject Matter Expert, Qualys

12:45PM
1:15PM

A Case Study in Security and Healthcare: Catholic Health Systems

Michael Arent, IT Security Analyst, Catholic Health Systems

1:30PM
2:00PM

Qualys Cloud Agents

Alex Au Yeung, Director of Product Management, Cloud Platform, Qualys

Monday, April 20

9:00AM
9:30AM

Keynote: Cloud Without Borders: Paving the Way for Global Security and Privacy

Philippe Courtot, Chairman & CEO of Qualys
Moscone Center West | Room 2014

Tuesday, April 21

1:10PM
2:00PM

Bridging the Divide Between Security and Operations Teams

Jonathan Trull, CISO, Qualys
Moscone Center North | Room: 130

2:20PM
3:10PM

Getting a Jump on Hackers

Wolfgang Kandek, CTO, Qualys
Moscone Center West | Room: 2018

Speakers

Craig Hurter

Craig Hurter

IT Manager

University of Colorado

Read bio

Jayson Jean

Jayson Jean

Director of Vulnerability Management

Verisign

Read bio

Ira Winkler

Ira Winkler

President

Secure Mentem

Read bio

Rich Eicher

Rich Eicher

Security Analyst

Microsoft

Read bio


Roger Raymond

Roger Raymond

Manager, IRMIT, Risk Management

Nationwide Insurance

Read bio

Michael Arent

Michael Arent

IT Security Analyst

Catholic Health Systems

Read bio

Prentis Brooks

Prentis Brooks

Cyber Security Director

Time Warner Cable

Read bio

Wissam Ali-Ahmad

Wissam Ali-Ahmad

Senior Security Solutions Architect

Splunk

Read bio

Akbar Aziz

Akbar Aziz

Lead Product Manager, Middleware and Server Automation Products

BMC

Read bio

A Case Study in Security and Higher Education: The University of Colorado

Craig Hurter
IT Manager, University of Colorado

While universities need to keep their networks secure, they often have to approach security differently than most enterprises due to the open nature of academia. Add to this more common challenges such as distributed networks and devices, limited resources, and a low user awareness of security risks, and these institutions become easy targets for hackers.


This presentation will delve into how the University of Colorado's central security team built and now manages an effective vulnerability management program covering the networks and systems for four campuses and almost 60,000 students, faculty, and staff. Craig will also discuss common challenges and barriers to success and layout best practices.

Craig Hurter
IT Manager, University of Colorado

Craig Hurter is the IT Security Manager for the University of Colorado Boulder. His role encompasses the management of the campus Vulnerability Management and E-Discovery services. He also function as the Security Awareness manager for the CU system. Craig has over 20 years of experience in Information Technology with his primary focus being IT security for the past 6 years. He was worked in support of the non-profit, retail, legal and education sectors.

How to Build a Successful Vulnerability Management Program

Roger Raymond
Manager, IRMIT, Risk Management, Nationwide Insurance

Vulnerability management programs are the corner stone of a good security strategy in order to control information and security risks. It's critical to be able to identify and mitigate vulnerabilities within an IT environment to prevent cyber criminals from attacking. But how do you go about building an implementing a successful VM program?


In this session, Roger will discuss the major requirements for implementing a vulnerability management program, how to gain alignment with key stakeholders, and outline potential challenges that may be encountered when starting a new or modifying an existing program.

How to Achieve IT Compliance by Closing the Gap Between Security and Operations

Akbar Aziz
Lead Product Manager, Middleware and Server Automation Products, BMC

Security and IT Operations teams (SecOps) within organizations have traditionally been siloed functions making it difficult to quickly identify and respond to potential vulnerabilities. This siloed structure undermines efforts around security and compliance, making reacting to threats and remediating breaches a challenge. While you may have a compliance plan may be in place, how fast can you execute?


This presentation will outline a blueprint for how to bridge the gap between IT security and operations teams to achieve complete IT compliance to reduce the risk and cost within organizations. Additionally Dominic will discuss how to reduce the window of exposure to vulnerabilities and be more proactive in preventing aggressive threats, as well as analyze operational dependencies and enforce governance policies and change approval requirements.

Akbar Aziz
Lead Product Manager, Middleware and Server Automation Products, BMC

Akbar is currently the Lead Product Manager for our BMC Middleware and Server Automation Products. Prior to this role, he was the Team Lead for the Automation Team in BMC IT. This team consists of Automation Engineers who are responsible for implementing, managing, and creating use cases for our Automation tools such as BSA, BDA, BNA, BMA and AO. He has also been in the role of a Discipline Advocate (Evangalist) for Service Automation. As a Discipline Advocate, he is responsible for working with the various teams in IT to ensure optimal implementation of the Service Automation suite. An extension of that role is to meet with the Service Automation Product and Development Managers to discuss issues and future enhancements to the suite. Akbar was also the Team Lead for the UNIX/Linux Platform group at BMC. He implemented the initial Production roll-out of Red Hat Linux in BMC Data Centers across the globe.


Prior to joining BMC Software, Akbar was an Infrastructure Engineer at JPMorgan Chase Investment Bank, focused on managing the Chase and Morgan Markets web infrastructure and applications. He has over 20 years of exeperience working in IT and has supported and implemented a diverse set of applications and infrastructure configurations for Fortune 500 companies.

A Case Study in Security and Healthcare: Catholic Health Systems

Michael Arent
IT Security Analyst, Catholic Health Systems

If you don't know what's in your network, how can you secure it? This session will demonstrate how Catholic Health Systems used asset tagging to identify and remedy system weaknesses and gaps in regulatory compliance, giving them the ability to see their networks the way hackers do.


In addition, Michael will offer best practices on how to classify applications and systems according to risk and their business importance, in order to identify the most critical vulnerabilities and mitigate them based on the real-world risk they pose to the organization.

A Case Study in Security and Healthcare: Catholic Health Systems

Michael Arent
IT Security Analyst, Catholic Health Systems

If you don't know what's in your network, how can you secure it? This session will demonstrate how Catholic Health Systems used asset tagging to identify and remedy system weaknesses and gaps in regulatory compliance, giving them the ability to see their networks the way hackers do.


In addition, Michael will offer best practices on how to classify applications and systems according to risk and their business importance, in order to identify the most critical vulnerabilities and mitigate them based on the real-world risk they pose to the organization.

Improving an Actionable Intelligence Framework with Qualys and Archer

Prentis Brooks
Cyber Security Director, Time Warner Cable
Brian M. White
Director of IT Compliance, Time Warner Cable

This session will highlight how Time Warner Cable further enhanced its integration between Archer and Qualys by implementing a routine reporting process and risk ranking methodology to ensure remediation cadence based on risk. He will discuss specific challenges around vulnerability remediation and describe how Time Warner Cable leveraged these two technologies to automate reporting and foster rapid collaboration across the company.

Using Splunk for Security Analytics

Wissam Ali-Ahmad, Senior Security Solutions Architect, Splunk
Jeff Leggett, Product Manager/Subject Matter Expert, Qualys

Security analytics can give businesses critical insight into potential threats and enable faster detection by prioritizing vulnerability and event data. This session will demonstrate a new way to look at and analyze vulnerability data by combining Splunk and Qualys. A live demo will walk attendees through a Splunk app that pulls vulnerability data using Qualys APIs, and shows users how to build custom reports and dashboards to help security teams identify the most critical threats in their perimeter.

Prentis Brooks
Cyber Security Director, Time Warner Cable

Prentis Brooks is an information security leader with more than 15 years in technology, 10 of which are in the information security field. He holds a B.S. in information technology, a M.B.A. with a concentration in technology, and holds security management certifications from both (ISC)2 and ISACA. He currently serves as the Director of Cyber Security for Time Warner Cable (TWC) with responsibilities in incident response, risk management, vulnerability management, penetration testing, digital forensics, and security infrastructure. Prentis began his technology career in 1995, working for a local value-added reseller in Decatur, AL. From there he joined America Online in 1999 as a web server administrator and moved into a security role as a principal security engineer just prior to his move to TWC in 2006. Prentis lives in Charlotte with his wife and five girls.

Michael Arent
IT Security Analyst, Catholic Health Systems

Michael is a IT security analyst for Catholic Health and a seasoned Information Security leader, engineer and user with over 25 years of experience in the engineering, operations and management of Information Security assets. His breadth of experience has traversed multiple industry silo's that include; Government, DOD, Health Care, Financial, Manufacturing and Retail. Michael's current focus in the healthcare industry has proven to be a very challenging environment, continually driven by state, local and federal compliance requirements which makes his day-to-day role exciting.

Brian M. White
Director of IT Compliance, Time Warner

Brian M. White is an experienced leader in IT Risk Management and Compliance, with 20 years in Information technology, 15 of which dedicated to Technology Risk Management. He currently serves as the Director of IT Compliance at Time Warner Cable (TWC) with responsibilities of Remediation Management, User Access Reviews, and Governance of the corporate Archer environment. Additional responsibilities include the management of customer compliance programs for systems hosted by NaviSite, the Managed Hosting and Cloud Service provider within TWC Business Class. Prior to joining TWC in 2013, Brian was Audit Director for 10 years at large financial institutions where he developed unique approaches to audit and special investigations with a passionate focus on the risks that technology and business processes together create; such as rogue trading, anti-money laundering, and Online Banking Fraud. Previous roles include system engineering and architecture roles for healthcare and consulting organizations. He holds an M.B.A. from the McColl School of business at Queens University of Charlotte.

Managing Incident Response in Large, Complex Environments

Rich Eicher, Security Analyst, Microsoft

During a security incident, the focus is usually on solving the incident as quickly as possible. The controlled chaos of learning about a vulnerability, ensuring that exploits do not cause further damage and managing the process of producing, testing, and releasing an update to deal with the issue is something we don't often think about. Tackling incident response can be even more challenging within large and complex environments. This presentation will highlight the challenges associated with managing incident response in larger environments and offer best practices to develop an plan to limit damage and reduce recovery time and costs.

Rich Eicher
Security Analyst, Microsoft

​Rich is a security professional with 20 years of experience in security engineering. Currently he is a security analyst for Microsoft​ within the Operating System Group. Prior to Microsoft, Rich held engineering positions at T-Mobile, Expedia and AGEON Americas.

Roger Raymond
Manager, IRMIT, Risk Management, Nationwide Insurance

​Roger is an Information Risk Manager for Nationwide. His role includes enhancing infrastructure related capabilities across the organization. Roger has 20 years of Information Technology experience including architecture, operations and engineering, the last 8 of which have been focused on Information Security and Risk Management for various size organizations in public and private sectors.

Jayson Jean
Director of Vulnerability Management, Verisign

​Jayson is the Director of Vulnerability Management in charge of the strategic direction and fulfillment of product requirements for iDefense's Vulnerability Management solution set portfolio. Operationally, Jayson provides management oversight for both the Vulnerability Research Lab and Vulnerability Exploit Intelligence functional components. Jayson brings more than 12 years of technical experience in the software, telecommunications and security industries. Early in his career, he worked at several start-up companies as a network engineer. Prior to joining Verisign, Jayson worked for Science Applications International Corporation (SAIC), where he served as a security analyst for the US Department of Homeland Security (DHS).

Make Better IT Security Decisions with Qualys Vulnerability Management and Threat Intelligence

Jayson Jean, Director of Vulnerability Management, Verisign
James Adair, Senior Manager, InfoSec Team, Verisign

It is practically impossible to address all IT security vulnerabilities with an available patch. How do organizations prioritize their patching queues without understanding the context around a vulnerability or threat? Wrong or even delayed decisions can potentially be a huge financial expense or security vulnerability. In this session, Jayson and James will take a look at how Verisign utilizes Qualys and Threat Intelligence to helps organizations make sense in the prioritization of its patching schedules.

Wissam Ali-Ahmad
Senior Security Solutions Architect, Splunk

​Wissam is a Senior Security Solutions Architect in the Technical Services team for the Global Strategic Alliances group at Splunk. Wissam brings more than 15 years of technical experience in enterprise security, cloud, compliance and e-commerce software. Prior to Splunk, Wissam held several engineering leadership roles at AppSense, Infoblox, Qualys, Vernier Networks, PSS Systems and Verizon Labs.

James Adair
Senior Manager, InfoSec Team, Verisign

​James is a security professional with 15 years of experience information security. Currently he is a senior manager for the infosecurity group for Verisign.. Prior to Verisign, James was an Information Technology Advisor for the United States Air Force.

The Sophisticated Attack Myth

Ira Winkler, President, Secure Mentem

Every significant data compromise is said to be sophisticated. Anthem Blue Cross, Sony, Target and Home Depot have all claimed to have been victims of sophisticated attacks, but what does that really mean? In this presentation, Ira will discuss the anatomy of a “sophisticated attack” and why organizations should recognize that these are actually common and should be expected. He’ll also discuss why the best way to safeguard against any attack is to ensure you have sophisticated security programs to defend against them.

Ira Winkler
President, Secure Mentem

​Ira Winkler, CISSP, is President of Secure Mentem. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World; investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. He also won the Hall of Fame award from the ISSA, as well as several other prestigious industry awards. Most recently, CSO Magazine named him a CSO Compass Award winner as “The Awareness Crusader.”

Q&A and Book Signing:
Countdown to Zero Day

Kim Zetter, Author

Qualys CTO Wolfgang Kandek will chat with cybersecurity journalist and author Kim Zetter to learn more about her book Countdown to Zero Day, the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare. Following the Q&A Kim will sign copies of her book.

Kim Zetter
Author

​Kim is an award-winning, senior staff reporter at Wired covering cybercrime, privacy, and security. Zetter has broken numerous stories over the years on WikiLeaks, NSA surveillance, and the hacker underground, which she has discussed on CNN, MSNBC, BBC, NPR’s All Things Considered, and PBS’s Frontline and NewsHour.

Qualys Solutions
Qualys Community
Free Trial & Tools
Free Trial

Nothing to install or download!

1 (800) 745 4355