Conferences that solve current IT challenges

Data Breaches: Defending Against and Responding to

Strategies to help your organization prepare for, defend against and respond to breaches

May 3, 2017


7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois



Overview: It is not a matter of if, but when your organization will be breached. Against these threats, enterprises try to build higher and more secure walls around their data and networks. This seems to be a never-ending arms race, as even the most sophisticates systems may, before long, present weaknesses that malicious technology can overcome.

What You Will Learn

In this one day conference attendees will learn:

  • Reducing the Risk for a Data Breach through Effective Vulnerability Management
  • You've Been Breached, Now What?
  • The Oh Snap Moment: How to Leverage Threat Intel During, Before, and After a Breach

  • When the Breach Occurs: How to Gather Evidence and Help Determine the Culprit

  • Should You Plan for a Data Breach?
  • Phishing Your Employees to Prevent the Next Breach
  • Data Breach Security Policy: Governance and Management (Panel Discussion)

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast



Reducing the Risk for a Data Breach through Effective Vulnerability Management

Steve Hamburg, Security Engineering & Incident Response Practice Lead, Halock 

Most of the companies I have worked with that experienced a data breach were initially mystified regarding why and how their respective security incidents occurred. Since the root cause of most data breaches is due to suboptimal vulnerability management practices, this session will provide insights into the implications associated with vulnerability management deficiencies and what comprises an optimal vulnerability management program. This session will also explain how sound vulnerability management can help prevent data breaches from occurring in the future.

9:50am -10:20am - Refreshment Break



You Have Been Breached: Now What?

David Balcar, Security Evangelist, Kaspersky Lab

“The story you are about to see is true. Only the names have been changed to protect the innocent" (Dragnet). In this talk will hear about data breaches (not just the big ones that make the 5 O’clock news). We will discuss and go through the steps you should be taking before, during and after a breach. So sit back and grab a chair. Turn off you mobile phone, put down your tablet and hear real world issues facing enterprises every day.



The Oh Snap Moment: How to Leverage Threat Intel During, Before, and After a Breach

Tim Helming, Director, Product Management, DomainTools

It is sometimes said that there are only two kinds of companies: those who discover they have been breached, and those who haven't discovered it yet. While this may be overstating it slightly, attempted or successful breaches affect nearly every organization. In this session by Tim Helming of DomainTools, learn how attackers almost can't help leaving clues behind--clues you can use to lock down against a current breach, look back to see when it may have started, and stay ahead of attackers as they lay plans for future attacks.

12:00pm - 1:00pm Luncheon



When the Breach Occurs: How to Gather Evidence and Help Determine the Culprit

Ken Karasek, Sr. Solutions Consultant, Guidance Software

Finding the evidence and determining the source can be complicated. The evidence of a possible breach can come from different sources , including internal sabotage, external parties such as vendors, business partners and/ or customers.

This session will examine how to locate, preserve and understand the evidence and present it in a fact based scenario while leaving out the hysteria.

1:50pm - 2:20pm - Refreshment Break



Should You Plan for a Data Breach?

David A. Chapa, Managing Partner, CTO, Elovate, LLC

No one wants to suffer through a data breach, or even contemplate what it would look like if you actually had a breach, but you should plan for it. Just as hardware is sure to fail, there is a good possibility someone with poor intentions could be knocking on your proverbial digital door to see if there is a way to enter. Sadly, it is a sign of the times, and we need to have a resumption practice in place to minimize impact, and maximize remediation options. This should be part of your business continuity plan, and DR plan. What if? You may never have to execute the strategy, but in the event you do, you will have a plan, and metrics in place to help you identify these threats before too much damage has occurred. 



Phishing Your Employees to Prevent the Next Breach

Greg Hetrick, Security Solutions Technical Advisor, Levi, Ray & Shoup, Inc. (LRS)

For years organizations have focused on computer security, but may often are lax when it comes to the human security. The weakest spot of any origination is the person behind the keyboard. For almost a year I ran a phishing campaign against a large organization. The purpose of this was to enlighten the organization of the level of risk and to train users on the spot. During this talk I will discuss tools, tips, trials and results of this year long campaign to harden the users.







Data Breach Security Policy: Governance and Management

Patrick Garcia, Sr. Security Engineer, Imperva
Stefan Wahe, Associate Chief Information Security Officer, University of Wisconsin-Madison
Victor Hsiang, CISO, GATX
David Ogbolumani, Industry Consultant and former CISO, Kellogg Company
Umesh Tiwari, Principal Security Architect, US Bank
and other CISOs/Directors sharing their experiences

In this thought provoking session, attendees will learn how to design the procedure that should be followed to ensure a consistent and effective approach is in place for managing data breach and information security incidents across the enterprise.

Conference price: $289 per person.

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)˛, Inc.


As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.