Qualys Security Conference

Qualys Security Conference

Las Vegas

November 14-15, 2018

Qualys Security Conference Session Videos

Watch videos of our future roadmap, best practices, and use case presentations.

Select a session type

Keynote Sessions

Where Are We Now and Where is the Industry Going?

Making the World Safer — One App at a Time

Philippe Courtot, Chairman and CEO, Qualys

View slides

Regaining Our Lost Visibility

Sumedh Thakar, Chief Product Officer, Qualys

View slides

Toward Continuous Security: Future Reality, or the Ultimate Threat?

Scott Crawford, Research Director, 451 Research

Only viewable for QSC attendees

Better Than Mr. Robot

Charles Henderson, Global Head of IBM X-Force Red

View slides

API Security: Enabling Innovation Without Enabling Attacks and Data Breaches

Mark O’Neill, Sr. Director, Analyst, Gartner

Only viewable for QSC attendees

Qualys Sessions

Enterprise TruRisk Platform

Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful

Dilip Bachwani, VP of Engineering, Qualys

View slides

Real-Time Vulnerability Management

Operationalizing the VM Process from Detection to Remediation

Jimmy Graham, Director of Product Management, Qualys

View slides

Qualys Container Security

Comprehensive Security for the Ever-changing Container Stack

Asif Awan, CTO of Container Security, Qualys

View slides

Qualys Indication of Compromise

Bringing IOC to the Next Level

Chris Carlson, VP of Product Management, Qualys

View slides

A 360° Approach to Securing the Cloud

Total Visibility and Comprehensive Security for Cloud Workloads and Infrastructure

Hari Srinivasan, Director of Product Management, Qualys

View slides

Web Applications & APIs

The Soft Belly of the Cloud

Dave Ferguson, Director of Product Management, Qualys

Rémi Le Mer, Director of Product Management, Qualys

View slides

Qualys CertView

Managing Digital Certificates

Asif Karel, Director of Product Management, Qualys

View slides

Policy Compliance, Security Configuration Assessment and File Integrity Monitoring

Automate the Assessment of Technical Controls & Mandate-based Security Requirements

Tim White, Director of Product Management, Qualys

View slides

Out-of-band Configuration Assessment and Security Assessment Questionnaire

Make Your Inaccessible, Sensitive Assets Visible to Your Vulnerability and Compliance Program

Shailesh Athalye, Director, Compliance Solutions, Qualys

View slides

First Look Showcase

Sumedh Thakar, Chief Product Officer, Qualys

Engineering Team, Qualys

Global AssetView

With 2-second Visibility and 2-way Synchronization with CMDB

Pablo Quiroga, Director of Product Management, Qualys

View slides

Solution Sessions

Vulnerability Management & DevSecOps & the Cloud … Oh My!!

Patty Smith, CISO, Cox Automotive

Tabrez Naqvi, Security & Risk Assessment, Sr. Manager, Cox Automotive

View slides

Threat Management

Continuous Security

Peeyush Patel, VP of Information Security, Experian

View slides

Gaining Total Visibility in Your Environment

Michael Smith, Information Security Engineer, TravelClick, an Amadeus Company

View slides

Improving Defense Posture Through Intelligence-based Vulnerability Management

Nelrose Viloria, Product Management, Secureworks

Lauren Ashley Zamora, Engineer, Vulnerability Management, Secureworks

View slides

Qualys Data + Splunk Security Analytics = Finding Hidden Threats

Don Leatham, Global Strategic Alliances - Security Markets, Splunk

View slides

Managing Compliance in a Rapidly Changing Regulatory Environment

Jerry Hughes, President, Managing Partner, Senior Executive IT Auditor, Compass IT Compliance

View slides

Operationalizing Web Application Security

Frank Catucci, Director of Application Security and DevSecOps, ImagineX Consulting

View slides

Ignore APIs at Your Peril

Qualys and 42Crunch Partner to Deliver API Security

Jacques Declas, Founder and CEO, 42Crunch

View slides

Qualys Agents and RTIs

Leveraging Vulnerability Intelligence and Cloud Agents in Vulnerability Management: Prioritizing Risk at Montana State University

Constantine Vorobetz, Former Security Analyst, Montana State University

View slides

How Security Best Practices Enable a DevOps Data Transformation in the Cloud

Dan Wilson, Senior Manager, Vulnerability and Remediation, Capital One

Colleen Csech, Manager, Vulnerability and Remediation, Capital One

View slides

How to Build a Successful Vulnerability Management Program for Medical Devices

Sarah Kennedy, Security Vulnerability Engineer, HCA Healthcare

Robert Sloan, Security Vulnerability Engineer, HCA Healthcare

View slides

Practical Steps Taken to Reboot Vulnerability Management for Modern IT and Mature Business

Brian Canaday, IT Security Analyst / Engineer, CSAA Insurance

View slides

QSC 2019

Save the Date!

November 18-21, 2019
The Bellagio Hotel, Las Vegas

Scott Crawford

Scott Crawford

Research Director, 451 Research

Scott Crawford is Research Director for the Information Security Channel at 451 Research, where he leads coverage of emerging trends, innovation and disruption in the information security market.

Well known as an industry analyst covering information security prior to joining 451 Research, Scott has experience as both a vendor and an information security practitioner. At IBM, Scott guided offering strategy and development with a primary focus on security intelligence for IBM Security Services. He is the former CISO of the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO) International Data Centre in Vienna, Austria, where he pioneered the implementation of security policy and architecture for a non-governmental organization (NGO) serving more than 150 nations.

Mark O'Neill

Mark O'Neill

Sr Director, Analyst, Gartner

Mark O'Neill advises on strategy for API management and the API economy as part of an overall digital platform and business ecosystem. He advises on how API management relates to SOA and products such as ESBs. He also advises on strategy for banking APIs, including PSD2 in Europe. This includes API security. With his background in B2B, he covers the usage of APIs for B2B, as well as the relationship between APIs and traditional B2B technologies.

Charles Henderson

Charles Henderson

Global Head of IBM X-Force Red

Charles Henderson is the Managing Partner and Global Head of X-Force Red. Throughout his career, Charles and the teams he has managed have specialized in network, application, physical, and hardware/device penetration testing as well as vulnerability research. X-Force Red’s clients range from the largest on the Fortune lists to small and midsized companies interested in improving their security posture.

Charles is also an enthusiastic member of the information security community and an advocate of vulnerability research. He has been a speaker at various conferences (including Black Hat, DEFCON, RSA, SOURCE, OWASP AppSec USA and Europe, and SXSW) around the world on various subjects relating to security testing and incident response. He has also appeared on or in The Today Show, CBS Evening News, CNN, Fox News, MSNBC, BBC, The Wall Street Journal, Forbes, USA Today, The Register, SC Magazine, Engadget, eWeek, Reuters, Car & Driver, and various other media outlets.

Philippe Courtot

Philippe Courtot

Chairman and CEO, Qualys

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor’s Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe.

Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign’s payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe’s direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991. In 1986, as CEO of Thomson CGR Medical, a medical imaging company, Philippe received the Benjamin Franklin award for his role in the creation of a nationwide advertising campaign promoting the life-saving benefits of mammography. Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a master’s degree in physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987.

Sumedh Thakar

Sumedh Thakar

Chief Product Officer, Qualys

As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Qualys software-as-a-service (SaaS) platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys’ PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. Today, more than 69 percent of ASVs and 50 percent of QSAs worldwide use Qualys PCI to perform PCI DSS certification.

A long time advocate of the SaaS model and cloud computing, Sumedh worked at Intacct, a cloud-based financial and accounting software provider, before working at Qualys. Previous to Intacct, Sumedh worked at Northwest Airlines to develop complex algorithms for yield and revenue management for their backend reservation system.

Sumedh is active in the PCI and security community working closely with the PCI Council on the development and enhancement of PCI DSS. He co-authored “PCI Compliance for Dummies,” an easy-to-read guide designed to educate merchant organizations about PCI. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.

Jerry Hughes

Jerry Hughes

President, Managing Partner, Senior Executive IT Auditor, Compass IT Compliance

Jerry Hughes, a founding member of Compass IT Compliance, LLC, has over 25 years of experience helping companies become compliant with internal, industry and government regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA and GLBA. Mr. Hughes, a Certified Information Systems Auditor (CISA), Qualified Security Assessor (QSA), and Certified in Risk and Information Systems Control (CRISC), has extensive IT auditing experience—especially within the financial industry, Healthcare industry, and the retail sector—and has participated in hundreds of PCI Risk Assessments and Audits.

Mr. Hughes has helped develop Compass IT Compliance, LLC into one of the nation’s premier consulting firms in the area of IT Governance, Assurance, Security and Compliance services. His team of CISA-certified auditors, all certified in the international framework called Control Objectives for Information and related Technologies (COBIT), offers a full suite of IT Compliance services within the banking, insurance, retail, health care, energy and education sectors.

Frank Catucci

Frank Catucci

Director of Application Security and DevSecOps, ImagineX Consulting

Frank Catucci is currently the Director of Application Security and DevSecOps for ImagineX Consulting. He is also the former Director of Product Management for Application Security at Qualys. Frank is an appsec and infosec leader, hacker and consultant during the day and a security researcher by night and by life. Decades of experience spanning Fortune 500 enterprise, financial services, university/higher education, government, and a fair share of start-ups and businesses, both public and private, grants him the unique ability to see and lead information security with a unique, complete, and widely encompassing approach in all aspects of cybersecurity.

Brian Canaday

Brian Canaday

IT Security Analyst / Engineer, CSAA Insurance Group

Brian Canaday is a senior engineer for the vulnerability and configuration management program at CSAA Insurance Group, a AAA Insurer. With over 21 years of system administration, information security and governance risk & compliance, Brian brings a unique balance of technical and regulatory experience. Having worked in the private sector and in the government sector he is well rounded in the different environments of security.

Michael Smith

Michael Smith

Information Security Engineer, TravelClick, an Amadeus Company

Michael Smith has been working as an Information Security Professional for 19 years. In that time, he has worked across multiple global organizations such as Paypal, General Dynamics, SAIC, and Deloitte. He now currently works within the Amadeus Information Security team for their Hospitality business handling enterprise risk management, compliance, and audit.

Sarah Kennedy

Sarah Kennedy

Security Vulnerability Engineer, HCA Healthcare

Sarah Kennedy is currently working at HCA, Inc. specializing in security vulnerability assessment. She received her Master’s in Information Security from Lipscomb University and her undergraduate in Telecommunications Systems Management from Murray State University.

Robert Sloan

Robert Sloan

Security Vulnerability Engineer, HCA Healthcare

Robert Sloan has been with HCA, Inc. for the past 15 years, currently on the Vulnerability Management team. He and his team are responsible for the security assessments of diverse systems over a complex healthcare network across the US and UK.

Dilip Bachwani

VP of Engineering, Qualys

Dilip Bachwani is Vice President of Engineering at Qualys, responsible for spearheading Qualys’ Cloud Platform Engineering, DevOps and SRE initiatives. An Agile and DevOps champion passionate about its transformational potential on organizational productivity and success, Dilip has deep technology and architecture expertise and over 18 years experience in building complex scalable distributed systems.

Jimmy Graham

Jimmy Graham

Director of Product Management, Qualys

Jimmy Graham is the Director of Product Management for Vulnerability Management. He has been deeply involved in information security and vulnerability management for over 10 years, and has managed teams covering security operations, incident response, application security, vulnerability management, penetration testing, governance, and compliance.

Chris Carlson

Chris Carlson

VP of Product Management, Qualys

Chris Carlson is a vice president of product management at Qualys, where he is in charge of the product definition, roadmap and strategy for the Cloud Agent Platform. During his 20+ year career in the infosec industry, Carlson has attained expertise in multiple areas, ranging from firewalls, VPNs and intrusion prevention systems to real-time event-processing, security analytics and next-generation endpoint platforms. Prior to joining Qualys, he held security architecture roles at UBS and at Booz Allen Hamilton, and product management positions at venture-funded startups and at leading vendors, including Hexis Cyber Solutions, Agent Logic, Informatica and Trustwave.

Patricia Smith

Patricia Smith

CISO, Cox Automotive

Patricia Smith is Vice President and Chief Information Security Officer for Cox Automotive, the world’s leader in automotive software solutions for auto dealers, consumers, financial institutions and OEMs. Cox Automotive is a subsidiary of Atlanta-based Cox Enterprises. Patricia was named to this position in June 2016. She is responsible for developing and managing the security strategy for Cox Automotive, as well as all aspects of risk management & compliance, security operations, security engineering & architecture, vulnerability management, business resiliency and security culture & awareness.

Patricia has spent over 15 years designing, building, and managing Information Security programs that focus on delivering innovative security solutions while partnering with the business to enable innovation and business success.

Dave Ferguson

Dave Ferguson

Director of Product Management, Qualys

Dave Ferguson is Director of Product Management for Web Application Security at Qualys. After writing code and developing applications for over a decade, Dave transitioned to focus on application security. Prior to Qualys, he led the global application security program at Sabre Corporation and worked as a Principal Consultant at FishNet Security (now Optiv). Dave is author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.

Asif Karel

Director of Product Management, Qualys

Asif Karel is the director of product management for Qualys CertView. He has over 20 years of experience in Information Security including online fraud detection, PKI, strong authentication and single sign-on. Prior to joining Qualys, he was a subject matter expert in digital certificates and certificate solutions at VeriSign and Symantec, a solutions architect in the CASB space at CipherCloud and a solutions manager at Venafi.

Tim White

Tim White

Director of Product Management, Qualys

Tim White, is Qualys’ director of product management for policy compliance. With more than 20 years of experience in IT GRC, he has worked with a variety of large enterprises across many different verticals while shaping products in the industry. He also has significant experience in broader Information Security, working with products ranging from Firewalls, Network Security, and Host Security.

Shailesh Athalye

Shailesh Athalye

Director, Compliance Solutions, Qualys

Shailesh Athalye (CISA, CRISC, CEH, ISO 27001 LA), is Director of compliance solutions at Qualys, heading product innovation as well as engineering. With over 15 years of experience in IT risk, compliance and cybersecurity domains, he has been a driving force for engineering risk & compliance line of products at leading security product companies, helping customers go beyond compliance and drive their IT GRC objectives.

Nelrose Viloria

Nelrose Viloria

Product Management, Secureworks

Nelrose Viloria is the Product Manager for Vulnerability Management Services (VMS) at Secureworks, a Dell Technologies company. She has an extensive background in product management, marketing, and strategic planning in various industries, with a heavy focus in technology. Her key focus is to drive the VMS portfolio to help clients optimize their vulnerability management program and make the most out of their vulnerability scanner to keep their business or enterprise secure.

Pablo Quiroga

Director of Product Management, Qualys

Pablo Quiroga is a Director of Product Management at Qualys, where he is in charge of the product definition, roadmap and strategy for the IT asset visibility & management initiatives. With over 10 years of experience in Enterprise Software and the IT industry, Pablo has helped numerous customers gain significantly better visibility to support data-powered decision that often led to multi-million-dollar savings and risk avoidance.

Peeyush Patel

Peeyush Patel

VP of Information Security, Experian

Peeyush Patel is Vice President of Information Security within the Experian Global Security Office (GSO). He is responsible for the strategy, leadership and governance of Experian’s GSO, including Application Security, Threat Management, Data Protection, and Offensive Security programs.

Jacques Declas

Jacques Declas

Founder and CEO, 42Crunch

Jacques Declas, founder and CEO of 42 Crunch, is an entrepreneur with more than 20 years in the Enterprise Software industry and a record of scaling international sales team. He has an extensive knowledge of the API Security market having served in senior VP roles in Forum Systems, Vordel (acquired by Axway) and Intel. During his career Jacques has built worldwide partnership with Software vendors such as Computer Associates, Oracle and Microsoft and leading consulting firms such as Accenture, Atos and CSC. Jacques holds a bachelor of Financial Management and European Business Law.

Don Leatham

Don Leatham

Global Strategic Alliances - Security Markets, Splunk

Don Leatham is a 15-year veteran of the security software market. Having held senior roles in security product management, OEM technologies, and strategic technology alliances, Don provides a unique perspective and understanding of how security technologies, products, and market relationships come together to form today’s complex InfoSEC environment.

Constantine Vorobetz

Constantine Vorobetz

Former Security Analyst, Montana State University

Constantine Vorobetz worked as a Computer Software Engineer/Security Analyst at Montana State University (MSU) located in Bozeman, MT where he implemented and currently manages their Qualys use. He has over seven years working in Information Security. He graduated from Montana State University with a Bachelor of Science Degree in 2002 and later completed his Master of Science in 2007 from the University of Cincinnati. He completed his Certification as a Computer Forensic Examiner (CFCE) from the International Association of Computer Investigative Specialists (IACIS) in 2013.

Hari Srinivasan

Hari Srinivasan

Director of Product Management, Qualys

Hari Srinivasan is director of product management for Qualys’ security for cloud and virtualization. He has expertise in numerous enterprise software disciplines including cloud security and analytics, automation, systems management, data center transformation, Hybrid Cloud, PaaS - DBaaS, compliance and configuration management. He previously worked at Oracle both as an engineer and spent over a decade in multiple areas in product management positions.

Colleen Csech

Colleen Csech

Manager, Vulnerability and Remediation, Capital One

Colleen Csech is a Manager on the Vulnerability Management Team in Capital One’s Cyber division where she leads the development, implementation, and maintenance of vulnerability best practices for applications in the server space for both on-premises and cloud environments. Colleen began her career working for a federal consulting company in the Washington, DC area where she worked as a Cyber security policy and compliance analyst specializing in vulnerability scanning security documentation.

Dan Wilson

Dan Wilson

Senior Manager, Vulnerability and Remediation, Capital One

Dan Wilson is a Sr Manager within Capital One's Cyber organization based in Chicago, IL. He leads the Vulnerability Management Team which drives vulnerability remediation and configuration compliance across all lines of business and all platforms within the enterprise. Prior to Capital One, he spent more than decade serving in local law enforcement. He specialized in computer forensic investigations and assisted multiple agencies, ranging from the federal and state agencies, as well as other law enforcement agencies within Wisconsin.

Asif Awan

Asif Awan

CTO of Container Security

Asif is a passionate cybersecurity entrepreneur with a broad business and technology expertise that spans enterprise, healthcare and financial domains, and cloud, mobile and deep learning technologies. He was the founder and CTO of Layered Insight till it was acquired recently by Qualys. He is now the CTO for Container Security at Qualys. Layered Insight was a pioneer in the container security space that offered a solution for providing deep visibility and protection for containerized and serverless workloads, using an innovative application-centric approach. It's the only infrastructure and orchestration agnostic solution that's zero-touch to developers and DevOps, and fully portable for cloud and edge workloads.

Asif is a pioneer in the Mobile Application Management space. Back in 2011, he identified a serious gap in the enterprise solutions being offered for BYOD, envisioned an innovative user-space virtualization solution, and founded Plursona to build that solution and realize the business vision. Plursona was acquired in 2012 by HPE (Aruba Networks) for its best-in-class technology. Asif has held various technology and business leadership positions at HPE (Aruba Networks), Motorola Mobility, Wells Fargo, Juniper Networks and Boston Scientific (Guidant).