Qualys Security Conference

Qualys Security Conference

QSC USA 2020
12-Day Virtual Event

November 9–24, 2020

Sign up today

What is QSC?

QSC, short for the Qualys Security Conference, is an exchange of expertise and ideas on how to better secure our digital assets, and help our companies navigate the new Digital Age. It is also an opportunity for our customers and partners to connect with Qualys engineers so we can better meet your needs and continue to deliver innovative solutions to address them.

QSC19 Video Highlights

Why Attend?

Whether it’s time to re-charge your understanding of the evolving threat landscape, or to sharpen your skills using the Qualys Cloud Platform, QSC is the right event for you.

What’s Next at Qualys

See the latest major innovative extensions to our cloud platform and groundbreaking apps we are launching

Free Training

Receive world-class technical training and certification at no cost!

Exchange Insights

Learn about the disruptive changes our industry is facing, and the latest innovations to help protect your organization

1-on-1 Meetings

Schedule 1-on-1 meetings with Qualys engineers and experts to answer all your questions and meet other conference attendees via the digital event platform

Customer Presentations

Hear best practice use cases from prominent Qualys customers

Provide Direct Feedback

Meet the Qualys engineers, the driving force behind our Qualys Cloud Platform. It’s your opportunity to provide direct feedback and suggestions.

CPE Credits

Learn and tally CPE credits for the training and conference sessions, up to 46.

Virtual Agenda

More than 35 sessions showcasing the whys and hows of the Qualys Cloud Platform and apps, from IT Management, IT Security, Cloud and Container Security, Application Security to Compliance and more.

Sign Up

DAY 1

MON, NOV 9
Building an Open Cloud Platform
Philippe Courtot, Chairman & CEO, Qualys
Mon, Nov 9 | 10:00AM - 10:30AM PT
The Evolution of the Qualys Cloud Platform
Sumedh Thakar, President & CPO, Qualys
Mon, Nov 9 | 10:30AM – 12:00PM PT
Live Q&A
Mon, Nov 9 | 12:00PM – 12:30PM PT

DAY 2

TUE, NOV 10
Risk-Based Vulnerability Management: Myth or Reality?
Mehul Revankar, VP of Product Management and Engineering, VMDR, Qualys
Tue, Nov 10 | 10:00AM - 10:45AM PT
The Past, Present, and Future of Vulnerability Management within Jabil
Chris Ong, Manager, Information Security Operations, Jabil
Tue, Nov 10 | 10:45AM - 11:15AM PT
Live Q&A
Tue, Nov 10 | 11:15AM - 11:45AM PT
Breakouts:
Tue, Nov 10 | 11:45AM - 12:15PM PT

Customer Best Practices

Qualys Use Cases

DAY 3

WED, NOV 11
Today’s EDR Solutions Require Comprehensive Telemetry to Fend Off Multi-Vector Attacks
Hiep Dang, VP of Product Management, EDR
Wed, Nov 11 | 10:00AM – 10:45AM PT
Securing Remote Workers in Challenging Times
Randy Barr, Head of Security Operations, Zoom
Wed, Nov 11 | 10:45AM – 11:15AM PT
Live Q&A
Wed, Nov 11 PT | 11:15AM – 11:45AM
Breakouts:
Wed, Nov 11 | 11:45AM - 12:15PM PT

Customer Best Practices

Qualys Use Cases

DAY 4

THU, NOV 12
Securing Cloud and Container Workloads: A View From the Trenches
Badri Raghunathan, Director, Product Management, Container & Serverless Security
Thu, Nov 12 | 10:00AM – 10:45AM PT
Keeping Zoom Clouds Secure with Qualys
Bae-Sik Chon, Sr. Security Engineer, Zoom
Thu, Nov 12 | 10:45AM – 11:15AM PT
Live Q&A
Thu, Nov 12 | 11:15AM – 11:45AM PT
Breakouts:
Thu, Nov 12 | 11:45AM - 12:15PM PT

Customer Best Practices

  • Securing Cloud and Container Infrastructure with Qualys
    Oleksandr Vietrov, Lead Security Systems Engineer, Delivery Manager, EPAM Systems, Inc.

Qualys Use Cases

DAY 5

FRI, NOV 13
A Modern Approach to Risk Management and Compliance
Shailesh Athalye, VP, Compliance Solutions
Fri, Nov 13 | 10:00AM – 10:45AM PT
The "Shift Left Approach" – Continuous Compliance in Production
Kasturi Dalvi, Senior Security Engineer, Informatica
Fri, Nov 13 | 10:45AM – 11:15AM PT
Live Q&A
Fri, Nov 13 | 11:15AM – 11:45AM PT
Breakouts:
Fri, Nov 13 | 11:45AM - 12:15PM PT

Customer Best Practices

Qualys Use Cases

DAY 6

MON, NOV 16
An End-to-End Approach to Next-Gen Web Application and API Security
David Ferguson, Director, Product Management, WAS
Mon, Nov 16 | 10:00AM – 10:45AM PT
Securing Web Applications Against Modern Threats
Mike Manrod, CISO, Grand Canyon Education
Mon, Nov 16 | 10:45AM – 11:15AM PT
Live Q&A
Mon, Nov 16 | 11:15AM – 11:45AM PT
Breakouts:
Mon, Nov 16 | 11:45AM - 12:15PM PT

Qualys Use Cases

DAY 7

TUE, NOV 17
Free Training & Certification: Qualys VMDR®
Tue, Nov 17 | 9:00AM – 3:30PM PT

DAY 8

WED, NOV 18
Free Training & Certification: Qualys Multi-Vector EDR
Wed, Nov 18 | 9:00AM – 3:30PM PT

DAY 9

THU, NOV 19

DAY 10

FRI, NOV 20

DAY 11

MON, NOV 23

DAY 12

TUE, NOV 24

Register Today!

QSC USA is our marquee event of the year, and is open to all customers, partners and security professionals. There is no cost to attend.

Sign Up

All Digital Platform

This year we’re hosting QSC on a completely digital platform. Going fully virtual isn’t the best, but it offers some advantages:

  • Schedule 1-on-1 meeting with Qualys engineers, product managers and SMEs
  • Discover and connect with other attendees on the event platform
  • Ask questions via chat
  • Watch recorded sessions on your own time
  • Win Qualys swag and other great prizes!


Event and platform FAQs

Register to Save Your Spot

There is no conference fee to attend either event

In-person event
  • Newtork with your peers, and meet with our engineers
  • Visit the Q&A Bar to speak to our product experts directly
  • Attend our special party
  • Participate in roundtable discussions
  • Get hands-on training
  • Receive Qualys shwag and win prizes
Virtual event
  • Watch all sessions live remotely
  • Ask questions
  • Take the virtual training courses
  • Learn more

Building an Open Cloud Platform

Mon, Nov 9 | 10:00AM - 10:30AM PT

In this session, Philippe will discuss why, in a world where connected devices are exploding, visibility across all devices (known and unknown) and environments is essential. Creating an accurate inventory or "cartography of your entire hybrid environment," which is always up to date and seamlessly integrated into your security stack, is the foundation for a comprehensive security program. Simply said, "You can’t secure what you don’t know or can’t see."

The Evolution of the Qualys Cloud Platform

Mon, Nov 9 | 10:30AM – 12:00PM PT

In this keynote, Sumedh will discuss the current state of security given the evolving infrastructure and growth in the remote workforce. He will discuss industry trends, new challenges and the opportunity these changes bring to improve our cybersecurity.

He will share Qualys' approach that allows customers to take advantage of these opportunities and effectively streamline security. He will discuss the latest in Qualys Cloud Platform evolution and give a peek into our upcoming innovations with a comprehensive set of demos showing the end-to-end capabilities the Qualys offers with a unified platform for IT, security and compliance.

Live Q&A

Mon, Nov 9 | 12:00PM – 12:30PM PT

Risk-Based Vulnerability Management: Myth or Reality?

Mehul Revankar
Mehul Revankar, VP of Product Management and Engineering, VMDR, Qualys
Tue, Nov 10 | 10:00AM - 10:45AM PT

If your organization fails to prioritize the right set of vulnerabilities, attackers will prioritize them for you. With today's hybrid infrastructure, figuring out the right vulnerabilities to prioritize based on risk can be a daunting task, but it doesn't have to be. Determining risk requires an in-depth understanding of the assets, the vulnerabilities impacting them, and their associated threats. Once understood, reducing risk requires an approach that balances and converges the needs of people, process and technology to offer closed-loop remediation. Find out how a new integrated approach from Qualys can help organizations discover assets, find and prioritize vulnerabilities, and finally remediate them all from a single platform.

The Past, Present, and Future of Vulnerability Management within Jabil

Tue, Nov 10 | 10:45AM - 11:15AM PT

Jabil, a large manufacturing solutions provider, will discuss its vulnerability management journey from appliance-based scanning to its present agent-based scanning approach, which delivers improved awareness and real-time assessment. The presentation will also cover VMDR and a look towards automating the entire vulnerability management cycle including OT and IoT environments.

Live Q&A

Tue, Nov 10 | 11:15AM - 11:45AM PT

Breakouts:

Tue, Nov 10 | 11:45AM - 12:15PM PT

Today’s EDR Solutions Require Comprehensive Telemetry to Fend Off Multi-Vector Attacks

Wed, Nov 11 | 10:00AM – 10:45AM PT

As the saying goes, to a hammer everything is a nail. For traditional endpoint security products, every threat is just a file. This narrow perspective is no longer adequate to protect Enterprises against the evolving spectrum of threats they face today. New techniques such as fileless malware, living-off-the-land attacks, and insider threats require a solution that combines breadth and depth of visibility into all corporate assets. Adding EDR to Qualys' product stack allows you to go beyond detection and response of a single threat by identifying exploited vulnerabilities and compliance failures to increase your security posture and prevent future threats.

Securing Remote Workers in Challenging Times

Wed, Nov 11 | 10:45AM – 11:15AM PT

The world of virtual work presents unique challenges for information security professionals – but also new opportunities to re-imagine a more secure future of work. This session will dive into the challenges and offer approaches to solving them.

Live Q&A

Wed, Nov 11 PT | 11:15AM – 11:45AM

Breakouts:

Wed, Nov 11 | 11:45AM - 12:15PM PT

Securing Cloud and Container Workloads: A View From the Trenches

Thu, Nov 12 | 10:00AM – 10:45AM PT

Driven by digital transformation and remote work, enterprises today face a proliferation of cloud infrastructure and containerized workloads. Securing this infrastructure requires a holistic approach that runs across workloads and the cloud posture.

In this session, attendees will see why a platform approach focusing on visibility, prevention, detection, and response is needed to effectively address these security challenges. We’ll explore how Qualys CloudView and Container Security provide visibility into your cloud footprint, continuously assess its security posture and help proactively manage the associated attack surface with automated detection and response capabilities across cloud and container resources.

Keeping Zoom Clouds Secure with Qualys

Bae-Sik Chon, Sr. Security Engineer, Zoom
Thu, Nov 12 | 10:45AM – 11:15AM PT

Zoom is a cloud-based video conferencing company that’s seen its business soar in 2020. This session will cover Zoom’s approach to container security in a hybrid environment and touch on how they manage container vulnerabilities, misconfigurations and workflows.

Live Q&A

Thu, Nov 12 | 11:15AM – 11:45AM PT

Breakouts:

Thu, Nov 12 | 11:45AM - 12:15PM PT

A Modern Approach to Risk Management and Compliance

Fri, Nov 13 | 10:00AM – 10:45AM PT

In today's dynamic IT environments, traditional IT GRC/IRM tools prove ineffective in managing real-time risk and compliance programs. These legacy tools operate in silos, with a cumbersome and time-consuming approach of defining security and risk controls and reporting them back for compliance audits and risk posture. This session will show how the Qualys Unified Risk & Compliance platform brings together security and compliance profiles and orchestrates them as policies for automated assessment and enforcement through various Qualys apps. You'll also learn how the correlated insights are leveraged for real-time risk and audit management.

The "Shift Left Approach" – Continuous Compliance in Production

Fri, Nov 13 | 10:45AM – 11:15AM PT

Managing Vulnerability and Compliance programs for ephemeral environments can be challenging. To effectively maintain the right security posture, gaining end-to-end visibility is critical. In this session, we will discuss how Informatica is embracing the "Shift Left" approach by integrating security best practices early in the DevOps process. Informatica leverages Qualys platform capabilities to address security issues in near real time to meet its Vulnerability Management, CIS Compliance and File Integrity Monitoring requirements using a single agent.

Live Q&A

Fri, Nov 13 | 11:15AM – 11:45AM PT

Breakouts:

Fri, Nov 13 | 11:45AM - 12:15PM PT

An End-to-End Approach to Next-Gen Web Application and API Security

Mon, Nov 16 | 10:00AM – 10:45AM PT

Web applications continue to be the top hacking vector and source of data breaches according to the 2020 Verizon DBIR. With Qualys Web Application Scanning, you can guard against these realities by identifying and fixing application vulnerabilities throughout the development lifecycle. In this session, you’ll see how to bake scanning into your CI/CD pipelines, scan prior to go-live in QA or staging, and set up scheduled scanning to monitor production apps. We’ll also take a look at APIs, and you’ll learn how Qualys API Security empowers developers to design and build secure APIs from the start.

Securing Web Applications Against Modern Threats

Mon, Nov 16 | 10:45AM – 11:15AM PT

Web applications are frequently exploited by attackers, often with catastrophic outcomes. Sometimes the web application and associated services represent the actual objective and in other cases the application layer serves as a gateway into your environment. What can we do to improve our knowledge of web application vulnerabilities and the external attack surface? How can we reduce the number of opportunities an attacker has to compromise our information and/or infrastructure?

Live Q&A

Mon, Nov 16 | 11:15AM – 11:45AM PT

Breakouts:

Mon, Nov 16 | 11:45AM - 12:15PM PT

Qualys VMDR®

Tue, Nov 17 | 9:00AM – 3:30PM PT
9:00AM – 9:30AM PT
  • VMDR Lifecycle
  • Asset Management
  • Qualys Sensors

Lab Tutorial

9:30AM – 10:00AM PT

Q&A

10:00AM – 10:30AM PT
  • Global IT Asset Inventory
  • Asset Categorization, Normalization & Enrichment
  • Dynamic Rule-Based Tags

Lab Tutorial

10:30AM – 11:00AM PT

Q&A

11:00AM – 11:30AM PT
  • Vulnerability Management
  • Vulnerability Assessments and Findings
  • Searching for Vulnerabilities
  • "Patch Now" and "View Missing Patches"

Lab Tutorial

11:30AM – 12:00PM PT

Q&A

12:00PM – 1:00PM PT

Break

1:00PM – 1:30PM PT
  • VMDR Prioritization Report
  • Asset Context
  • Priority Options (Age, Real-Time Threat Indicators (RTI), and Attack Surface
  • Deploy Priority Patches
  • Dashboards and Widgets

Lab Tutorial

1:30PM – 2:00PM PT

Q&A

2:00PM – 3:00PM PT
  • Response (Patch Management)
  • PM Configuration Workflow
  • Patch Assessment
  • Patch Deployment
  • Patch Catalog

Lab Tutorial

3:00PM – 3:30PM PT

Q&A

Qualys Multi-Vector EDR

Wed, Nov 18 | 9:00AM – 3:30PM PT
9:00AM – 9:30AM PT
  • Introduction to Qualys EDR
  • Understanding EDR Terminology
  • EDR Activation and Setup

Lab Tutorial

9:30AM – 10:00AM PT

EDR Introduction and Activation Q&A

10:00AM – 10:30AM PT
  • Working with the EDR Application
  • Asset Inventory

Lab Tutorial

10:30AM – 11:00AM PT

Working with the EDR Application Q&A

11:00AM – 12:00PM PT
  • Events and Incidents
  • EDR Investigation
  • Dashboards and Widgets

Lab Tutorial

12:00PM – 12:30PM PT

EDR Investigation Q&A

1:30PM – 2:00PM PT
  • Response Actions
  • User Activity
  • Rule Based Alerts

Lab Tutorial

2:00PM – 2:30PM PT

Response Actions Q&A

2:30PM – 3:00PM PT
  • Prevention
  • Mapping multiple vectors to EDR

Lab Tutorial

3:00PM – 3:30PM PT

EDR Prevention and Multi-Vector Mapping Q&A

Qualys Cloud Security Assessment and Response

Thu, Nov 19 | 9:00AM – 2:30PM PT
9:00AM – 10:00AM PT
  • Introduction to Cloud Security
  • Introduction to CloudView
  • Connector configuration

Lab Tutorial

10:00AM – 11:30AM PT
  • CloudView Resources

Lab Tutorial

11:30AM – 12:30PM PT
  • CloudView Monitor
  • CloudView Policie

Lab Tutorial

12:30PM – 1:00PM PT
  • CloudView Reports
  • CloudView Dashboard

Lab Tutorial

1:00PM – 1:45PM PT
  • CloudView Users and Access Management

Lab Tutorial

1:45PM – 2:30PM PT
  • EC2 Scanning and Cloud Perimeter Scanning
  • Azure Security Center Integration

Qualys Container Security Assessment and Response

Fri, Nov 20 | 9:00AM – 4:00PM PT
9:00AM – 9:30AM PT
  • Container Technology Overview
  • Container Security Overview
  • Qualys Container Security Use Cases
  • Container Sensor Overview

Lab Tutorial

9:30AM – 10:00AM PT

Container Security Use Cases Q&A

10:00AM – 10:30AM PT
  • Container Sensor Deployment in Orchestration Platforms

Lab Tutorial

10:30PM – 11:00AM PT
  • Visibility into Container Projects
  • Assess Container Applications
  • Dashboards and Widgets

Lab Tutorial

11:00AM – 11:30AM PT

Containerized Application Assessment Q&A

11:30AM – 12:00PM PT
  • Secure the Build Pipeline
  • Secure Jenkins Build Pipeline
  • Secure a build Pipeline using Scripts and CS API

Lab Tutorial

12:00PM – 12:30PM PT

Secure Build Pipeline Q&A

1:30PM – 2:00PM PT
  • Secure the Registry
  • Tuning Registry Sensor
  • Configure Registry Scan Jobs

Lab Tutorial

2:00PM – 2:30PM PT

Secure the Registry Q&A

2:30PM – 3:30PM PT
  • Secure Containers in the Runtime Environment
  • Instrument Images
  • Enforce Policy for Runtime Security
  • Verify Runtime Protection

Lab Tutorial

3:30PM – 4:00PM PT

Container Runtime Security Q&A

Qualys Unified Compliance

Mon, Nov 23 | 9:00AM – 3:30PM PT
9:00AM – 9:30AM PT
  • Application Setup
  • Policy Compliance Overview

Lab Tutorial

9:30AM – 10:00AM PT
  • User Defined Controls

Lab Tutorial

10:00AM – 10:30AM PT

Controls and UDCs Q&A

10:30AM – 11:30AM PT
  • Compliance Scanning

Lab Tutorial

11:30AM – 12:00PM PT

Compliance Scanning Q&A

12:00PM – 1:00PM PT

BREAK

1:00PM – 2:00PM PT
  • Policies
  • SCA

Lab Tutorial

2:00PM – 2:30PM PT

Policies Q&A

2:30PM – 3:00PM PT
  • Compliance Reporting

Lab Tutorial

3:00PM – 3:30PM PT

Reporting Q&A

Qualys Web App and API Security

Tue, Nov 24 | 9:00AM – 3:00PM PT
9:00AM – 9:30AM PT
  • Qualys Web Application Overview
  • WAS Lifecycle
  • Scanner Deployment and Best practices

9:30AM – 10:15AM PT
  • KnowledgeBase and Search Lists

Lab Tutorial

10:15AM – 11:15AM PT
  • Basic Application Setup
  • Filtering Applications
  • Removing Applications
  • Crawl Scope
  • Discovery Scan
  • Sitemap

Lab Tutorial

11:15AM – 12:30PM PT
  • Option Profiles
  • Progressive Scanning
  • WAS Authentication
  • Exclusions
  • DNS Override

Lab Tutorial

12:30PM – 1:15PM PT
  • Reporting
  • Web application report
  • Scan report
  • Scorecard report
  • Catalog report

Lab Tutorial

1:15PM – 2:15PM PT
  • Creating and applying tags
  • Use tags to filter, scan, and report
  • WAS Users

Lab Tutorial

2:15PM – 3:00PM PT
  • Burp and Bugcrowd Integration
  • Malware Detection

Lab Tutorial

Customer Presentation

Surendra Nemani
Surendra Nemani, Head of Security Engineering, Information Security Group, Infosys
Tue, Nov 10 | 11:45AM - 12:15PM PT

Securing Billion Dollar Companies During a Time of Growing Cybersecurity Threats

Tue, Nov 10 | 11:45AM - 12:15PM PT

Hackers are becoming more targeted, advanced, and stealth. Today’s cybersecurity landscape is increasingly challenging to navigate, with ransomware attacks becoming more sophisticated and costly. With limited financial and IT resources to support security efforts and a lack of in-house security technical expertise, enterprises are increasingly turning to managed service providers (MSPs) like Syntax to keep them safe.

In this session, you’ll learn:

  • Why it’s important that your partner has a macro and micro view of cybersecurity
  • How to overcome the growing cybersecurity skills gap and to account for hackers attacking during non-business hours
  • Why security problems rarely follow a standard script
  • How to avoid the commodity ransomware wave

Build an Up-to-Date, Comprehensive Asset Inventory and CMDB Sync

Tue, Nov 10 | 11:45AM - 12:15PM PT

A critical element in effectively securing your network is complete visibility across your full IT ecosystem. Technology advances such as SaaS, cloud instances, containers and mobile devices, in addition to existing on-prem hardware and software deployments, are significantly increasing the complexity of today's IT environment. This presentation will discuss how a comprehensive, up-to-date Global IT Asset Inventory strengthens your security position and helps you manage scarce IT resources. We'll also look at using the same IT Inventory to improve the accuracy of your Service Management CMDB.

Context-Based Vulnerability Prioritization with Qualys VMDR®

Mehul Revankar
Mehul Revankar, VP Product Management and Engineering, VMDR, Qualys
Tue, Nov 10 | 11:45AM - 12:15PM PT

Vulnerabilities are not created equal, but the CVSS scoring model scores them as though they are all the same. CVSS ratings represent the technical severity of the vulnerability, not the risk it poses to an organization. Without the right context, the risk from a critical vulnerability with no exploit would appear to have the same risk as a vulnerability with an easy exploit that is actively being exploited. This is why context is so important. This session will show how Qualys VMDR helps organizations prioritize vulnerabilities with the proper context across threats, assets, and vulnerabilities. VMDR then combines them with mitigation controls so you can focus on the right set of vulnerabilities to prioritize and remediate.

Rapid Remediation: Patch Management and Beyond

Tue, Nov 10 | 11:45AM - 12:15PM PT

Patch management is critical, yet it's also a cumbersome process for most enterprises. Luckily, many detected vulnerabilities are more easily remediated using the Qualys Patch Management app. In this session, we will share best practices for streamlining the remediation process to ensure an efficient handoff between your security and IT teams. We will also demonstrate current and upcoming product capabilities and share our vision for how Qualys can help remediate most of the discovered vulnerabilities regardless of OS and vulnerability type.

Extending VMDR to ICS/OT Environments and Enterprise Mobile Devices

Tue, Nov 10 | 11:45AM - 12:15PM PT

Today's distributed workforce is rapidly adopting mobile devices. Enterprises are adapting by allowing connectivity with the corporate network, which increases the amount of company data on these mobile devices. There has also been a drastic rise in Android and iOS vulnerabilities and an increased number of vulnerable apps distributed from authorized app stores. Both of these trends make the mobile device a preferred target of attacks. At the same time, Digital Transformation in manufacturing, power generation and distribution, oil and gas, and similar industrial environments is rapidly inter-connecting these systems with each other and back to the enterprise networks. Every year, more and more vulnerabilities are disclosed for these industrial systems, and the number of cybersecurity-related incidents on the shop floor rises. In this session, we will walk through how Qualys solutions - Secure Enterprise Mobility and Industrial Control Security - help you secure mobile and industrial assets providing extensive visibility into the security posture and performing various remediation actions on the affected assets.

Insights on Long-Tail Detection and Response

Tue, Nov 10 | 11:45AM - 12:15PM PT

At IBM X-Force Red, we work with our clients to drive successful Vulnerability Management programs. This work requires us to roll up our sleeves and dig into the underlying problems that plague most organizations. It's no surprise that we find more issues around fixing vulnerabilities than around detecting them. Steve Ocepek, CTO of X-Force Red, will share his team's insights on the long-Tail Detection and Response issues that most clients encounter, and explain how Qualys VMDR helps organizations reduce operational debt and focus on their most critical risks.

Multi-Vector EDR: Real-World Use Cases

Wed, Nov 11 | 11:45AM - 12:15PM PT

Emotet and Trickbot (two of today's most prevalent threats) can infiltrate corporate networks from employees' homes. In this session, you'll learn how Qualys EDR can protect your organization from these attacks by giving your security response teams the necessary visibility, insights and context. We will show how Qualys EDR goes beyond traditional EDR by combining contextual data from other Qualys modules, including Asset Inventory, Vulnerability Management, and Policy Compliance. Qualys EDR helps you not only to detect and respond, but also to harden your assets to prevent future attacks.

Threat Detection and Response in the Context of MITRE ATT&CK Framework

Wed, Nov 11 | 11:45AM - 12:15PM PT

The MITRE ATT&CK framework gives defenders an advantage by letting them know how attackers target their systems. In this session, we'll look at how the Qualys Cloud Platform lets you respond quickly and intelligently to attackers and shorten the time attackers lurk in your environment. We'll explore how Qualys Policy Compliance helps you lock down assets under the context of the ATT&CK framework. In instances where attackers bypass the hardened state of the system, we'll show you how Qualys File Integrity Monitoring and Qualys EDR provide enhanced capabilities to detect tactics, techniques and procedures linked back to the ATT&CK framework.

An Attacker’s View of Your Cybersecurity Defenses

Wed, Nov 11 | 11:45AM - 12:15PM PT

The goal of attackers is to find the most compelling and well-connected assets in a network so they can then move laterally and carry out their nefarious plans. Their target could be a domain controller, database server or even a developer's laptop. With Qualys Attack Path Discovery, we help you identify these assets using attacker-like "situational awareness" techniques. We then leverage the Qualys Agent and Qualys Vulnerability Management data to further enrich the asset information with user-, asset- and network-related contextual details. This gives you the upper hand at remediation before an attacker can find your well-connected assets.

Expanding Incident Response Beyond Endpoints with Qualys Security Analytics

Wed, Nov 11 | 11:45AM - 12:15PM PT

Effective cybersecurity requires real-time context. Deploying multiple, siloed cybersecurity products and stitching them together with SIEM solutions is not working. In this session, you'll get a glimpse into the upcoming Security Analytics, a next-gen product line for security analytics and incident response that natively integrates and correlates security telemetry. The solution will incorporate solutions from Qualys and third parties into a cohesive security incident and response platform that includes native support for UEBA, threat hunting, intelligence, and automated response with out-of-the-box support for MITRE ATT&CK detection use cases.

Securing Cloud and Container Infrastructure with Qualys

Oleksandr Vietrov
Oleksandr Vietrov, Lead Security Systems Engineer, Delivery Manager, EPAM Systems, Inc.
Tue, Nov 10 | 11:45AM - 12:15PM PT

EPAM Systems, Inc is a worldwide company specializing in consulting, engineering, architecture, and design. The company uses nine Qualys applications to secure its hybrid infrastructure. The presentation will cover EPAM's approach to the organization and the implementation of security management - focusing on securing EPAM cloud infrastructure and containers.

Shifting Left: Integrate the Qualys Platform In Your DevOps Pipeline

Thu, Nov 12 | 11:45AM - 12:15PM PT

The rise of DevOps methodologies has changed how software is developed and delivered -- and also how it's secured. As part of the "shift left" DevOps practice, there has been growing momentum for embedding security throughout the development cycle. Shifting left focuses on problem prevention instead of detection, so that DevOps teams can increase code quality, shorten test cycles and reduce the possibility of unpleasant surprises at the end of the development cycle—or, worse, in production. This session will explore how Qualys' native CI/CD integrations enable organizations to achieve their shift left goals securely.

Manage Your Multi-Cloud Attack Surface with Qualys CloudView

Thu, Nov 12 | 11:45AM - 12:15PM PT

With an increasing number of enterprises maintaining multiple cloud environments, a new approach is needed to maintain and secure these environments. Enterprises must continuously inventory these resources and assess them against best practices such as the CIS standards and cloud provider recommendations. In this session, you'll learn how Qualys CloudView collects rich metadata, and provides powerful search capabilities, advanced resource information like associations, and hundreds of out-of-the-box controls covering the CIS standards and best practices policies. With Qualys CloudView, you'll be able to quickly and continuously identify misconfigurations and minimize your multi-cloud attack surface

Securing Your Public Cloud Deployments with Qualys

Thu, Nov 12 | 11:45AM - 12:15PM PT

We're seeing an increase in the utilization of public cloud platforms, the adoption of cloud-native services, and the prevalence of multi-cloud deployments. These trends pose a visibility challenge for security teams tasked with managing vulnerabilities and achieving compliance across all cloud assets. Each cloud platform has a different toolset, which creates information silos and a mishmash of methods for consuming security-related data. This session will demonstrate how to integrate the Qualys Cloud Platform into your public multi-cloud infrastructure. First, we'll explore how to automatically create CloudView connectors for visibility into workload locations and account compliance. Next, we'll show options for deploying agents across clouds. Finally, we'll explain how to integrate Qualys vulnerability assessment findings with native security tools from public cloud platforms, so you can unify your vulnerability management program. Integrations will cover AWS/Security Hub, Azure/Security Center, and Google Cloud Platform/Cloud Security Command Center.

Behavioral Policy-Driven Runtime Security for Containers

Thu, Nov 12 | 11:45AM - 12:15PM PT

An effective container security program consists of scanning container images, running containers across the "build-ship-run" pipeline, and implementing runtime security to provide visibility and enforcement of in-container behavior. Proper implementation of runtime security is particularly important as it addresses several use cases, including attack mitigation, enforcement of security best practices, and monitoring. This session will cover the entire runtime security workflow using Qualys Container Runtime Security, including image instrumentation, policy tuning and runtime event management. We'll also cover various use cases for runtime security.

Solving Business Challenges and Automating Scans of New Servers with Qualys APIs

Tue, Nov 10 | 11:45AM - 12:15PM PT

Using Qualys APIs, you can create automated processes for scanning and releasing new systems on your network. See how a financial institution has used this to their advantage and how easy it can be to use in your organization.

Continuous Cyber Hygiene and Policy Enforcement

Fri, Nov 13 | 11:45AM - 12:15PM PT

Misconfiguration of IT assets puts systems and data at risk for breaches, which is why it's essential for organizations to have a cyber hygiene plan. This is especially true today, because increasingly IT infrastructures are hybrid, with assets and data on premises, in public clouds and even in employees' homes. In this session, you'll learn how a good cyber hygiene plan serves as the foundation for better security and compliance programs that foster trusted systems and business processes. We will explain best practices around continuous cyber hygiene and policy enforcement at scale.

Asset Classification and Assessment Using Automated Sensitive Data Discovery

Fri, Nov 13 | 11:45AM - 12:15PM PT

The surge in remote working has caused sensitive and critical data that is subject to regulatory compliance to increasingly reside outside of traditional asset and network boundaries. This increases the risk of data breaches or other cyber incidents. What's more, if you don't discover where your sensitive and critical data is, attackers will find it. This session will explore new capabilities from Qualys that allow automatic discovery and labeling of sensitive data across assets and tagging of assets for orchestrating further workflows to assess user access and monitor it for changes and suspicious activities.

Accelerate Compliance Audits with Qualys File Integrity Monitoring

Fri, Nov 13 | 11:45AM - 12:15PM PT

Assessing an organization's compliance posture in near realtime, understanding current threat levels, and satisfying the auditor's requirement for an ongoing CIS/FedRAMP compliance can be tedious and resource-intensive. This session will show how Qualys File Integrity Management (FIM) helps organizations gain visibility to detect authorized and unauthorized changes, known good changes, and malicious activities. Expanded Qualys FIM capabilities include one-click assessment for CIS and FedRAMP compliance, and support to assess security posture based on MITRE framework.

Extending a Compliance Program to Your SaaS Applications

Fri, Nov 13 | 11:45AM - 12:15PM PT

As enterprises rapidly adopt SaaS applications, IT teams must manage and secure them. Qualys SaaS Security and Compliance (SSC) expands the Qualys Cloud Platform to provide a single console for IT administrators to manage security and compliance for their critical SaaS applications such as Google G Suite, Microsoft's Office 365, and Salesforce.com. In this session, we will review compliance capabilities as well as real-time reporting on malicious or careless data exposure.

Leverage Qualys Plugins to Automate DAST Scanning in Your CI/CD Processes

Mon, Nov 16 | 11:45AM - 12:15PM PT

As web applications and APIs rapidly increase, application security teams can get overwhelmed with scanning requirements. By integrating DAST scanning into the CI/CD pipeline, scans are automatically run as part of the normal build process. Learn how Qualys plugins let you empower developers to view scan results in their preferred environment and address security vulnerabilities proactively while securing the DevOps lifecycle.

Dynamic Application Security Testing at Scale

Mon, Nov 16 | 11:45AM - 12:15PM PT

One of the biggest challenges a web application security program can face is scaling testing efforts against a larger number of web sites. Whether you have a dozen sites or thousands of them, Qualys Web Application Scanning (WAS) makes scaling quick and painless. In this session, we'll explain Qualys WAS' multiple options to set up applications, schedules, and reporting. You'll learn how to leverage its UI features, automation, and APIs to get a fully automated solution up and running in no time.

Secure APIs From Your DevOps Pipeline with Swagger/OpenAPI

Mon, Nov 16 | 11:45AM - 12:15PM PT

The early days of RESTful APIs were like the Wild West, as APIs were not built with security in mind. Developers had no standard to describe APIs to consumers and documentation was done manually in an ad-hoc fashion. Eventually, a specification known as Swagger - now called OpenAPI – came onto the scene. Swagger/OpenAPI not only provides a standard way to describe an API, but it also offers an opportunity to harden it against attack. In this session, you will learn how APIs can be developed securely by leveraging the Swagger/OpenAPI specification.

Secure Your Web Apps at Runtime With Virtual Patching and Trusted Scanning

Mon, Nov 16 | 11:45AM - 12:15PM PT

As a cyber defender, assessing and rating your security posture is essential, and this maxim also applies to web application firewalls (WAFs). In this talk, we will explore how Qualys Web Application Scanning (WAS) evaluates true-positive and false-negative results from Qualys WAF and proposes actionable remediation. Using the Confusion Matrix and its scoring method, we will dive into the very true-positive and distinguish between true-bad and false-bad violations to get a clear picture of its efficiency in real scenarios.

Philippe Courtot

Philippe Courtot

Chairman and CEO, Qualys

As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor's Award in 2004 for bringing on demand technology to the network security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. He was previously Chairman and CEO of Signio until its acquisition by VeriSign. He is also a member of the Board of Directors of StopBadware, a non-profit, anti-malware organization.

Sumedh Thakar

Sumedh Thakar

President and Chief Product Officer, Qualys

As President and Chief Product Officer at Qualys, Sumedh oversees worldwide field operations as well as all things product including engineering, development, product management, cloud operations, DevOps, and customer support. He is responsible for the design, development, delivery and support of all product lines. He has also built up multiple Qualys sites resulting in a global 24x7 follow-the-sun product team. Sumedh has been with Qualys since 2003 and was most recently vice president of engineering. He has a bachelor’s degree in computer engineering with distinction from the University of Pune.

Shailesh Athalye

Shailesh Athalye

VP, Compliance Solutions, Qualys

Shailesh Athalye (CISA, CRISC, CEH, ISO 27001 LA) drives product management and engineering for Qualys' line of compliance products including Policy Compliance, File Integrity Monitoring, Security Assessment Questionnaire. With over 15 years of experience in the fields of IT GRC and information security, he has been a driving force for creating innovative ways to streamline risk, configuration and compliance management use cases.

David Ferguson

David Ferguson

Director of Product Management, WAS, Qualys

Dave Ferguson is Director of Product Management for Web Application Security at Qualys. After writing code and developing applications for over a decade, Dave transitioned to focus on application security. Prior to Qualys, he led the global application security program at Sabre Corporation and worked as a Principal Consultant at FishNet Security (now Optiv). Dave is author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.

Badri Raghunathan

Badri Raghunathan

Director, Product Management, Container & Serverless Security, Qualys

Badri Raghunathan is a director of product management at Qualys, responsible for spearheading Qualys’ product initiatives around cloud-native infrastructure (containers, serverless). A technology entrepreneur at heart, Badri thrives on understanding customer problems, building differentiated products, and taking them to market. Badri has worked in product and engineering management roles in a variety of industries, including security, networking and consumer electronics. Most recently, Badri was a founder at an early stage cloud DevSecOps startup, and prior to that, he led cloud-based security and networking products at companies like Symantec and Cisco. Badri holds 9 U.S. patents and has several more applications in the pipeline. He holds an MBA from the University of California Berkeley, and M.S. and B.S. degrees in electrical engineering from Oklahoma State University and the University of Madras, respectively.

Ed Rossi

Ed Rossi

VP, Product Management, Asset Inventory and Discovery, Qualys

Ed Rossi is an experienced product management leader with over 20 years in the IT Asset Management and Software Asset Management space. He recently joined Qualys as Vice President, Product Management, focused on Asset Inventory & Discovery. Ed spent six years at Flexera Software, leading the product team driving their ITAM & SAM offerings and concentrating on helping clients manage their technology investment from on-premises hardware and software to SaaS & Cloud Infrastructure. Previously, Ed was with IBM, where he focused on IT Asset Management, Discovery & Service Management products across several roles. Ed is passionate about the need for strong visibility across the IT ecosystem to support a strong IT Security program and to manage assets more effectively in an increasingly complex technological world.

Eran Livne

Eran Livne

Director, Product Management Endpoint Remediation, Qualys

With a 20-year background in product management and computer science, Eran has had experience in diverse IT and security markets, and has a broad security perspective. Eran is currently Director of Product Management for Qualys Endpoint Remediation.

Travis Smith

Travis Smith

Director, Malware Threat Research, Qualys

Travis is the Director of Malware Threat Research at Qualys. He has spent the past 15 years in the security industry with a focus on digital forensics and incident response. He holds a wide array of certifications ranging from GIAC Certified Penetration Tester to the CISSP, as well as an MBA with a concentration in information security. Travis has presented his research at conferences worldwide at venues such as BlackHat, RSA, and SecTor.

Kunal Modasiya

Kunal Modasiya

Director of Product Management for Security Analytics, Qualys

Kunal joined Qualys in 2018 as Director of Product Management for XDR - Security Analytics. He is responsible for vision, strategy, and execution of Security Analytics, UEBA, SOAR, Threat Hunting, and Data Lake products from inception. He was previously responsible for building and launching multiple security and networking software products at Extreme Networks and Juniper Networks in product and engineering roles. Kunal has been with Qualys for more than two years.

Alex Mandernack

Alex Mandernack

Security Solutions Architect, Qualys

Alex Mandernack is a Security Solution Architect at Qualys, focusing on Cloud and Container Security from an engineering and architecture perspective. Alex is a liaison between customers and product teams and provides a hands-on, real-world perspective. Before joining Qualys in 2018, Alex held leadership positions in various organizations from startups to MSPs and publicly traded companies.

Sean Nicholson

Sean Nicholson

Security Solutions Architect, Qualys

Sean has served in the IT and security industry throughout his career. He has held leadership positions within various technology organizations, ranging from startups, SMBs, to publicly traded companies. He has spent the last six years focusing on public cloud security in an engineering and architecture role. As a security solution architect for Qualys, Sean has focused on helping customers of all sizes with security automation and integration for their public cloud deployments with the Qualys Cloud Platform.

Hariom Singh

Hariom Singh

Director of Product Management, Policy Compliance, Qualys

Hariom Singh, CISSP, is the Director of Product Management for Compliance Solutions at Qualys. With over 16 years of experience in cybersecurity and IT GRC, he helps shape compliance products and leads client efforts to secure their cyber infrastructure while exceeding their IT-GRC goals. Prior to Qualys, he worked as the technical lead for Creative Breakthroughs, a technical consultancy, and as a senior consultant for Symantec, building his vast experience designing and building effective security and compliance programs for large enterprises in the healthcare, energy, financial and telecommunications industries.

Ed Arnold

Ed Arnold

Security Solution Architect, Qualys

Ed Arnold is a Security Solution Architect with Qualys, focusing on web application and API security testing. He formerly held positions of Senior Security Engineer, Technical Architect and Principal Security Consultant over a 13 year security career. Ed is focused on automating security testing and enabling developers to proactively address security issues.

John Delaroderie

John Delaroderie

Solution Architect, SME Application Security, Qualys

John Delaroderie is a Security Solution Architect and Subject Matter Expert for Web Application Scanning. He has been with Qualys since early 2018, and priot to that he worked for a variety of government agencies and private organizations in the fields of cyber security, incident response, digital forensics, and systems integrations.

Dharmesh Ghelani

Dharmesh Ghelani

Principal Product Manager, Industrial Cybersecurity, Qualys

Dharmesh Ghelani is Principal Product Manager at Qualys, focused on industrial cybersecurity. He has 15 years of experience spanning R&D, engineering and product management, working on various domains like virtualization, cloud computing and cybersecurity. He has contributed to developing multiple products at Symantec, VMware, IBM Software Labs and BMC Software. Dharmesh holds VCP & ITIL certifications and has a master's degree in computer networks, a master's in business administration, and a bachelor's degree in information technology.

Mayuresh Dani

Mayuresh Dani

Manager of Threat Research, Qualys

Mayuresh is Manager of Threat Research at Qualys. During his 15+ year career, he has gained expertise in many areas of information security, including vulnerability assessments, penetration testing, application security, reverse engineering, and purple teaming. He is passionate about all things inter-networked and possesses an intellectual curiosity in secure computing and emerging technologies. Mayuresh has been with Qualys since 2012 and was one of the first technical hires in the Pune, India office.

Swapnil Ahirrao

Swapnil Ahirrao

Product Manager, Mobile Security, Qualys

Swapnil Ahirrao is a Product Manager for Mobile Security at Qualys. He leads Qualys product initiatives around mobile security. He has 7+ years of experience in Mobile Security, Mobile Device Management (MDM), and Enterprise Mobility Management (EMM). Prior to Qualys, Swapnil worked at 1Mobility (acquired by Qualys) as a Sr. Business Analyst, working with customers and designing solutions to manage and secure corporate and employee-owned mobile devices and the associated data across the enterprise.

Santosh Mukkawar

Santosh Mukkawar

Senior Product Manager, Cloud Security, Qualys

Santosh Mukkawar is a Senior Product Manager for Cloud Security at Qualys. He leads Qualys product initiatives for cloud workload and infrastructure security. He is a seasoned professional with 15+ years of experience in DevOps, public cloud (AWS, Azure, GCP), and virtualization technologies. Before joining Qualys, Santosh spent a decade at Symantec working on data center security solutions.

Aditi Sahasrabudhe

Aditi Sahasrabudhe

Product Manager, Compliance Solutions, Qualys

Aditi Sahasrabudhe is a Product Manager for Compliance Solutions at Qualys and spearheads the research on new features in its Policy Compliance solution. She has also devised out-of-band configuration assessment capability for assessing critical assets in the customer environment. Before joining Qualys, she has worked in development and research roles at Symantec Corporation and KPIT infosystem’s CREST R&D labs. She holds a master's in technology from IIT Roorkee and CISSP certification. She is an author of CIS benchmarks.

Kaustubh Kumbhar

Kaustubh Kumbhar

Director of Product Management, Compliance Solutions, Qualys

Kaustubh Kumbhar is Director of Product Management, Compliance Solutions at Qualys with 20+ years of engineering and product management experience. He has worked for startups and enterprise organizations to deliver Managed Security-As-A-Services (MSS), Database Activity Monitoring (DAM), and e2e security services. Currently, Kaustubh engages with large global customers to meet their security and compliance needs using Qualys File Integrity Monitoring and the Qualys platform.

Deepak Balakrishna

Deepak Balakrishna

CTO, SaaS Security, Qualys

Deepak is the CTO for SaaS Security at Qualys. He was previously Founder and CEO of cloud security company, Adya, which was acquired by Qualys in January 2019. Before founding Adya, Deepak was the head of Product Management (Server Backup) at Druva. He has extensive product management, marketing and engineering expertise at enterprise companies such as Riverbed Technologies, Spirent Communications, Sun Microsystems, AOL and Netscape. He has over 20 years of work experience in enterprise SaaS, application, security, networking and storage experience.

Rémi Le Mer

Rémi Le Mer

Director of Product Management, WAF, Qualys

Rémi Le Mer is the Director of Product Management for the Qualys Web Application Firewall (WAF). He is an experienced network and security specialist whose professional career began in 1999. Prior to joining Qualys in 2015, Rémi worked as a network and security engineer for the past ten years for the French industry and finance markets, implementing numerous appsec oriented projects using a mix of vendor and opensource-based solutions. In 2009, Rémi dove into building WAF policies, and in 2013, he participated in authoring WAF operational programs.

Hiep Dang

Hiep Dang

VP of Product Management, EDR, Qualys

Hiep Dang is Vice President of Product Management, EDR at Qualys. He is passionate about building innovative cybersecurity solutions to protect users and corporations from the evolving threat landscape. Almost 20 years ago, Hiep turned a casual curiosity in computer forensics and computer viruses into a full-time cybersecurity career. His journey has given him a spectrum of experiences from burgeoning startups to Fortune 500 companies and the opportunity to solve a range of problems from deeply technical to abstract business. He's found his sweet spot in product management at the intersection of product strategy and technical execution. Before joining Qualys, Hiep launched several enterprise and consumer products for Cylance (acquired by BlackBerry), McAfee (acquired by Intel), and Aluria (acquired by EarthLink). Hiep has also served as the Director of Anti-Malware Research for McAfee, where he oversaw a globally distributed 24x7 organization responsible for researching and responding to complex malware threats.

Chris Ong

Chris Ong

Manager, Information Security Operations, Jabil

Chris Ong is the manager of Jabil’s Information Security Solution Engineering team and has been with Jabil for five years. He lives in St. Petersburg Florida, and has 20 years of overall IT experience with the last 15 years focused on information security and assurance. His versatile work experience includes protecting and securing assets in the pharmaceutical, department of defense, and manufacturing fields. He holds a bachelor’s degree in Technical Management as well as vendor neutral cybersecurity certifications. When he isn’t working in cybersecurity, he has a huge passion for international travel and world history.

Steve Ocepek

Steve Ocepek

CTO, X-Force Red

During the past 15+ years, Steve Ocepek has received five patents in the field of network security, as well as launched various successful security projects, including founding Wholepoint Corporation which focused on threat intelligence, malware analysis and other security domains. He also launched Trustwave’s SpiderLabs Research division. Today, as a member of the X-Force Red team, his primary responsibilities include managing and delivering security services to X-Force Red’s global client base. Steve’s experience spans both attack and defense, with extensive experience in both penetration testing and network defense. Trusted as an experienced investigator, Steve has led cyber response activities across dozens of high-profile breaches. As Manager of Incident Response for Fidelity Information Services, Steve worked with specialists across the private sector and federal law enforcement to create a unified state-of-the-art team of responders within the organization. Steve has provided numerous open source contributions to the field of information security including both attack and defense tools. Speaking engagements include Black Hat (US/EU), DEF CON, RSA, BSides, and OWASP AppSec.

Surendra Nemani

Surendra Nemani

Head of Security Engineering, Information Security Group, Infosys

Surendra Nemani is the Sr. Manager and Head of Security Engineering at Infosys. He has been deeply involved in Information Security for over 12+ years, and has managed teams covering Security engineering, Incident management and response, Security Infrastructure, Vulnerability management, Security automation, Audits, Security Operations, Governance and Compliance. He is driving force in enabling the security controls at Infosys to mitigate & minimize the cyber security risks

Matthew Rogers

CISO, Syntax

Matthew Rogers joined Syntax as the company’s Chief Information Security Officer of the Americas in August 2020. In this role, Rogers has a dual focus of working with Syntax’s Global Product Management team to develop innovative security products for Syntax’s global customers. He also leads Syntax’s Security Operations team for the Americas region. Matthew’s passion is to simplify complex problems through technology. He has designed, implemented, and staff cybersecurity programs and strategies for almost 15 years. Rogers previously worked at Allscripts, a global leader in healthcare IT, where he managed cyber security for multiple data centers and applications. He also gained valuable security experience with Duke Energy Corporation, where he focused on cybersecurity within the Nuclear Power business. Matthew has spoken at numerous cybersecurity conferences and has published many articles about cybersecurity. He is a certified information security systems security professional (CISSP). He is also certified with Microsoft and Elastic Stack, a computer software company that makes data usable. He holds a Bachelor of Science degree in Computer Information Systems from Thomas College in Waterville, Maine.

Randy Barr

Randy Barr

Head of Security Operations, Zoom

Currently the Head of Security Operations at Zoom Video Communications. Most recently, Barr served as CISO at Topia, overseeing security for the company’s global cloud-based platform. As the former CISO at Aryaka Networks, Saba, the Talent Development company, Barr created the company's global security program from the ground up, including policy creation, logical and technical controls, vulnerability assessment and a mechanism for weaving security review into the product development lifecycle. Prior to Saba, Barr held chief security and IT management positions at leading cloud companies including ServiceSource, Qualys, Yodlee and WebEx Communications.

Oleksandr Vietrov

Oleksandr Vietrov

Lead Security Systems Engineer, Delivery Manager, EPAM Systems, Inc.

Oleksandr has been the Vulnerability Management program leader at EPAM Systems, Inc. for the last two years focused on Public Cloud and Container Security vulnerability management. He has been in the Information Technology field since 2007 with seven plus years within Information Security field. Oleksandr has successfully integrated more than ten projects in several security domains such as DLP, EDR, SCADA security, PAM in various business sectors like Financial, Telecom, Insurance, etc.

Kasturi Dalvi

Kasturi Dalvi

Senior Security Engineer, Informatica

Kasturi is a Senior DevSecOps Engineer working with the Cloud Security Engineering team at Informatica. She has been on the team for the past 3.5 years working on Threat Detection and Vulnerability Management, and building automations to integrate various security tools within Informatica's DevOps pipeline.

Jeremy

Security Architect, Large Midwestern Financial Institution

Jeremy is a security architect at a large Midwestern financial institution and is responsible for vulnerability management, operating system security standards/compliance, and file integrity monitoring.

Mike Manrod, MSISE, CCSBA, CSSBB, CISSP

Mike Manrod, MSISE, CCSBA, CSSBB, CISSP

CISO, Midwestern Financial Institution

Mike presently serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff and information assets across the enterprise. Previous experiences include serving as a threat prevention expert for Check Point and working as a consultant and analyst for other large enterprise customers. He is also a co-author/contributor for the joint book project, Understanding New Security Threats published by Routledge in 2019. When not exploring the implications of the rapidly evolving threat landscape or the convergence between cognitive psychology and machine learning, he spends time playing video games with his kids, practicing martial arts and cooking.