Software Security Assurance Summit



12:00pm - Lunch Buffet

12:00pm - Welcoming Remarks

Marci McCarthy

Marci McCarthy
CEO and President
T.E.N.
Biography

12:10pm - SSA Insights & Trends

name

Rob Roy
Federal CTO
Fortify
Biography

Download the Presentation (ppt)          2011 Cost of Cyber Crime Study (pdf)
Fortify Stuxnet Whitepaper (pdf)          Fortify Software Security Center Brochure (pdf)

12:30pm - Morning Keynote

name

Dr. Eugene Schultz
CTO
Emagined Security
Biography

The Proliferation of High Profile Cyberattacks: Is There an End in Sight? > Download the Presentation
Twenty years ago cyber attacks were by today’s standards relatively benign. Attackers cracked passwords, broke into systems, and installed backdoor access mechanisms. The cybe rsecurity landscape has changed considerably since then, with well-financed organized gangs of cyber thieves breaking into systems of their choice practically at will and installing incredibly sophisticated malicious code that takes months to develop. Many high profile cyber attacks against the US military and government agencies and Fortune 500 companies have occurred in recent years. Enabled by a wide range of exploitable vulnerabilities in software, the rate of attacks has been accelerating to the point that a spokesperson for the U.S. military admitted that there is currently insufficient knowledge concerning how to stop these attacks. Research by the Ponemon Institute and other organizations shows that cyber security-related financial losses have also been growing rapidly year-by-year, yet somehow many people do not realize that they, too, are becoming more likely to experience cyber attacks that have potentially catastrophic consequences. Will current trends continue, or will there be an end in sight? This presentation addresses this question by focusing on a paramount issue--why and how we should concentrate on avoiding making critical errors in software during the software development life cycle so that cyber attackers do not have nearly as target rich an environment as they currently do.

1:15pm - Evolution of Application Security: From Breach to Mobile Applications

John R. South

John R. South
Chief Security Officer
Heartland Payment Systems
ISE® Central Executive Award Winner 2011
ISE® of the Decade Central Award Winner 2012

Biography
T.E.N. Success Story

Download the Presentation
Heartland’s 2008 breach was not atypical to the attack scenario that a number of companies face today.  Heartland adopted an aggressive integrated approach to remediating their breach, as well as evolving its applications development environment to bring practical insight on the underlying security of new and existing applications.    To support the application security framework that is applied across the entire application development space, analysis tools such as HP Fortify were incorporated into Heartland’s security strategy for both remediation of application vulnerabilities and to demonstrate compliance with the industry standards.  With the application space moving rapidly towards the various mobile computing platforms,  the software development lifecycle has had to evolve to provide for the increased diligence needed in securing today’s applications.

2:00pm - Break

2:15pm - Social Media and the Potential of Cyber Security Attacks

name

Aaron Barr
Director of Cyber Security
Sayres and Associates

Download the Presentation (ppt)
Aaron Barr is back—and he wants more cybersecurity offensives (ARS Technica)
Social networking via Facebook, Twitter, LinkedIn, YouTube, and MySpace are now an important part of the business scene as this platform empowers businesses to build a brand, expand their reach, connect with customers and partners and facilitate the “flow of business.” Employees toggling between “friending” on Facebook and “businessing” on corporate systems leave a company open to to number of security threats and provide a treasure trove of information which include the exposure of personal data in the workplace, the release of corporate data to the public, the risk of identity fraud and a host of security, governance and compliance challenges. Further,Aaron will share how the perfect storm is brewing between the number of people using social media and the increasingly sophisticated malware attacks being launched to prey on the data. And now with the proliferation of third-party applications for mobile devices, the complexity and diversity of security issues becomes even greater as users download unsecured applications and use mobile devices for personal reasons.

3:00pm - Executive Roundtables

name

Adam Hils
HP Software Security Product Group
Hewlett-Packard Company
Biography

Selling Application Security within the Commercial Enterprise


John Keane

John Keane
Information Technology Specialist
Military Health System
Biography

Selling Application Security within a Government Agency


name

Barmak Meftah
Chief Products Officer
Fortify, an HP company
Biography

Cloud Security


name

Ryan English
Practice Principal, Application Security Professional Services
Hewlett-Packard Company
Biography

Security & Mobility


Chris Tignor

Chris Tignor
Vice President and Chief Information Security Officer
Capital One
Biography

Security & Social Media

4:15pm - Afternoon Keynote

name

Dennis Dickstein
Chief Privacy and Information Security Officer
UBS Wealth Management
Author of "No Excuses"
Biography

No Excuses: A Business Process Approach to Managing Operational Risk and Information Security
Download the Presentation
Is there a cohesive method of thinking about application, software and information security across a shifting threat landscape? The possibility of loss due to people, process or technology failure is called operational Risk. Weaknesses and failures in application, software and information security are operational risks. This session will explain operational risk and provide an overview of an innovative and integrated framework to manage the risk of people, process and technology failure, including security risk, by integrating business process management with operational risk management.

5:00pm - "No Excuses" Book Signing and Reception

Dennis Dickstein will be signing his book on the HP Protect show floor. Visit the Fortify booth to watch demos.