Northwestern Pritzker School of Law
375 E. Chicago Ave.
(Corner of Lake Shore Drive)
Chicago
IL
60611
Event Description
The FTC’s fourth “Start With Security” event was held on Wednesday, June 15, 2016, in Chicago, Illinois, and was co-sponsored by .
During this one-day event, the FTC brought together experts who will provide businesses with practical tips and strategies for implementing effective data security. FTC Commissioner Maureen Ohlhausen provided opening remarks.
The event was free and open to the public. Lunch was provided by Northwestern Pritzker School of Law.
-
ALL TIMES ARE CENTRAL TIME ZONE (CDT).
8:30 am Doors Open 9:30 am
Welcome
Todd Kossow
Acting Regional Director
Midwest Region, 鶹ý Trade CommissionJames B. Speta
Senior Associate Dean for Academic Affairs and International Initiatives
Northwestern Pritzker School of Law
Opening Remarks
Maureen Ohlhausen
Commissioner
鶹ý Trade Commission10:00 am Panel 1: Building a Security Culture
Building a security culture is essential for any business that wants to reduce its security risks. This panel will explore how businesses can prioritize security within their corporate cultures and why it is important to do so. Topics will include organizational buy-in for security, risk analyses, threat modeling, and employee training.
Moderator:
-
Cora Han
Division of Privacy and Identity Protection
鶹ý Trade Commission
Panelists:
-
Aaron Bedra
Chief Security Officer
Eligible - John Downey
Security Lead
Braintree
- Arlan McMillan
Chief Information Security Officer
United Airlines
- Marc Varner
Corporate Vice President and Global Chief Information Security Officer
McDonald’s Corp.
11:00 am Break 11:15 am Panel 2: Integrating Security into the Development Pipeline
Integrating security into the development pipeline can save businesses time and money. This panel will discuss secure coding practices, how security testing can be automated, and strategies for acting upon test results.
Moderator:
-
Jim Trilling
Division of Privacy and Identity Protection
鶹ý Trade Commission
Panelists:
- Michael Allen
Chief Information Security Officer
Morningstar -
Matt Konda
Founder and Chief Executive Officer, Jemurai
Chair, OWASP Global Board of Directors - Alex Lock
Senior Software Engineer, Application Security
Groupon -
Lyle Sudin
Manager
Mandiant Consulting Services
12:15 pm Lunch Break 1:15 pm Panel 3: Considering Security When Working with Third Parties
Service providers and vendors can have a big effect on any business’s security. This panel will address risk management strategies when working with external parties, such as cloud service providers, code developers, and other vendors.
Moderator:
-
Steve Wernikoff
Office of Technology Research and Investigation, and Midwest Region
鶹ý Trade Commission
Panelists:
-
Erin Jacobs
Founding Partner
Urbane Security -
Jeff Jarmoc
Lead Product Security Engineer
Salesforce - Nathan Leong
Corporate Counsel
Microsoft -
Jon Oberheide
Co-Founder and Chief Technology Officer
Duo Security
2:15 pm Break 2:30 pm Panel 4: Recognizing and Addressing Network Security Challenges
Security professionals have observed that diverse businesses are affected by similar network security issues. This panel will discuss common network security challenges and strategies for addressing them.
Moderator:
-
Andrea Arias
Division of Privacy and Identity Protection
鶹ý Trade Commission
Panelists:
- Jibran Ilyas
Director, Incident Reponse
Stroz Friedberg
- Nicholas Percoco
Chief Information Security Officer
Uptake
- Sunil Sekhri
Director, Forensic Technology Solutions
PwC
3:30 pm
Concluding Remarks -
-
Panel 1: Building a Security Culture
Aaron Bedra is Chief Security Officer at Eligible, where he works to protect sensitive healthcare information. He is the creator of Repsheet, an open source threat intelligence framework. He has spoken around the world on software, security, and leadership, and he is the co-author of Programming Clojure, 2nd Edition.
John Downey is the Security Lead at Braintree, a company that provides development tools and support to help businesses accept payments online. He has worked on Braintree’s highly available infrastructure and integrations into the banking system. In his free time, he contributes to open source projects and mentors high school students in the FIRST Robotics Competition.
Arlan McMillan is the Chief Information Security Officer and HIPAA Security Officer for United Airlines. He has over 20 years of experience in information technology and security. Prior to joining United, he was the CISO and HIPAA Security Officer for the City of Chicago, and he previously led global teams delivering security services to Fortune 500 companies in roles such as the head of Symantec’s MSSP Global Analysis group and Global Head of Information Security Operations for ABN AMRO, LaSalle Bank. He is the current FBI-InfraGard Chicago Area Transportation Security Chief and was recognized as the 2014 “CISO of the Year” by the members of the ISSA, AITP, and FBI-InfraGard chapters.
Marc Varner is Corporate Vice President and Global Chief Information Security Officer for McDonald’s Corporation. In this role, he has responsibility for the protection of the company’s information assets, as well as the strategy and implementation of all identity and access management systems for the worldwide organization. He has more than 20 years of experience in the technical, operational, and program management aspects of information security, privacy, and architecture. Prior to his current position, he led security and architecture functions in the professional services industry at Deloitte Global, and Navigant Consulting, as well as in the financial services sector with Discover Financial/Morgan Stanley. He also worked at Arthur Andersen, where he directed the development of the firm’s information security program in the EMEIA region.
Panel 2: Integrating Security into the Development Pipeline
Michael Allen is the Chief Information Security Officer for Morningstar. He is responsible for setting enterprise security strategy, software and product security, and disaster recovery. Recently, his efforts have focused on rugged DevOps, the cloud, and integrating security methodologies into the software development lifecycle. He has more than 15 years of experience in information technology for the finance, banking, start-up, education, and telecommunications sectors. He holds the Certified Information Systems Security Professional (CISSP) designation and is part of the leadership team for the Chicago OWASP Chapter.
Matt Konda is the Founder and Chief Executive Officer of Jemurai and Chair of the OWASP Global Board of Directors. He is experienced building application security programs and delivering secure development training, application penetration testing, secure code review, security unit tests, and automation to inject security into the software development lifecycle. He is the project leader for the OWASP Pipeline project, which seeks to be the glue that ties security tools into the development process. At Jemurai, he is bringing together security pros and developers to solve security challenges in positive, fun, and creative new ways.
Alex Lock is a Senior Software Engineer on the Application Security team at Groupon. There, he is spearheading the efforts to inject static code analysis into the development lifecycle. He is the creator and primary author of Codeburner, and the co-author of OWASP Pipeline, both of which are open source tools developed to help aggregate and triage static analysis results as part of a continuous integration process. Prior to joining the security team at Groupon, he led the company’s production systems engineering group. Before joining Groupon, he worked as a Systems Architect and Engineer at companies including Orbitz, Wireless Generation, and Earthlink/Mindspring.
Lyle Sudin is a Manager in the Mandiant Consulting Services division of FireEye. He has more than 15 years of experience in cybersecurity, working for Mandiant, HERE (formerly Nokia/NAVTEQ), and BBN Technologies. He recently joined Mandiant, where he focuses on strategic security consulting, security program buildout, and incident response. At HERE, he ran over 100 application security project reviews, built a program to include security into the software development lifecycle, and helped to achieve ISO 27001 certification. He spent 12 years at BBN, culminating in running his own cybersecurity R&D projects as a Principal Investigator.
Panel 3: Considering Security When Working with Third Parties
Erin Jacobs is a Founding Partner at Urbane Security, a vendor-agnostic information security services firm focused on providing innovative defense, sophisticated offense, and refined compliance services. As a former CIO and CSO, she brings more than 15 years of consulting and c-level management experience to managing Urbane’s compliance and strategic advisory delivery teams. She and her teams work with all levels of client organizations to implement solutions for securely driving their businesses forward. She has presented at Black Hat, SOURCE Boston, Cloud Expo, SOURCE Barcelona, and several Security BSides events. She is passionate about fostering collaboration between the CSOs and practitioners that oversee day-to-day security challenges and the security research community.
Jeff Jarmoc is a Lead Product Security Engineer at Salesforce. In this role, he works to ensure that the security and privacy of customer information is maintained throughout Salesforce’s cloud platform. Previously, he worked with Matasano Security (now NCC Group) as a Senior Application Security Consultant, and as a Security Researcher at Dell SecureWorks. He has contributed to several open source security tools. He has presented his original research at several security industry conferences, including Black Hat Europe, Black Hat USA, DEFCON, DerbyCon, 44CON, THOTCON, and others.
Nathan Leong is Corporate Counsel at Microsoft, where he is a trusted advisor in complex cloud computing deals with Fortune 100 global companies and serves as Privacy Subject Matter Co-Lead for North America. He regularly speaks, writes, and advises on global privacy, data protection, information security, cross-border data transfer, healthcare and financial privacy, and export issues in the cloud. He also provides front-line legal support for Microsoft’s multibillion dollar 18-state, U.S. Central Region. He is a national committee chair for the National Asian Pacific American Bar Association, and he co-chairs the Corporate Counsel Committee of CABA-Chicago.
Jon Oberheide is the Co-Founder and Chief Technology Officer of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, he was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, he enjoyed offensive security research and generally hacking the planet. He was recently named to the Forbes “30 under 30” list for his mobile security hijinks.
Panel 4: Recognizing and Addressing Network Security Challenges
Jibran Ilyas is a Director on Stroz Friedberg’s Incident Response Team. He serves as one of the firm’s investigative leads for high-profile data breaches and leverages the experience in the field to the benefit of organizations seeking proactive security services. He has investigated large breaches in the financial, technology, and retail sectors. As a thought leader, he has presented on the topics of computer forensics and cybercrime at several global security conferences, including DEFCON, Black Hat USA, THOTCON, Microsoft Digital Crimes Conference, and SOURCE Barcelona. He is also an Adjunct Lecturer at Northwestern University, teaching its first-ever Digital Forensics and Incident Response course.
Nick Percoco is the Chief Information Security Officer at Uptake. Previously, he served as the Vice President at Rapid7, a publicly held security data analytics company. He co-founded the “I am The Cavalry” movement, a highly regarded grassroots hacker organization that is focused on issues where computer security intersects public safety and human life, and he founded SpiderLabs, the ethical hacking test lab that contributed to Trustwave’s growth. He created THOTCON, a growing annual Chicago hacking conference. He has served as a media spokesperson on CNN, Fox News, CNET, and Forbes.
Sunil Sekhri is a Director in PwC’s Forensic Technology Solutions practice in Chicago, supporting local and global clients in matters addressing internal corporate investigations, accounting fraud, IP theft, data breaches, global Ponzi schemes, and regulatory response. He brings over 16 years of specialized expertise in computer forensics and information security, applying a strong understanding of information technology as it relates to computer forensics, eDiscovery, IT audit, risk management, incident response, cybercrime, and network security. He has led investigations and managed a variety of technical security engagements, including security architecture reviews, security baseline standards development, server configuration reviews, vulnerability assessments, and incident response cases. He holds several certifications, including the EnCase Certified Examiner (EnCE), Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), and GIAC Certified Forensic Analyst (GCFA).
-
Event Materials
DocumentWorkshop Slide Deck (1.89 MB)FileWorkshop Slide Deck (444.4 KB)
-
Consumer and Business Education
-
Videos