JOIN US IN DAYS

REGISTER BY SEPTEMBER 30 AND SAVE $500 OFF GENERAL ADMISSION!

FireEye Cyber Defense Summit 2016

November 28-30 2016

Washington Hilton, Washington, DC

REGISTER NOW

FireEye Cyber Defense Summit 2016

Join FireEye at the Washington Hilton in Washington, DC for the cyber security event of the year! Register by September 30 and save $500 off General Admission!

Summit: Nov. 28-30 2016
Post-Summit Training: Dec. 01-02 2016

2 full days offering the most current and vital information on Cyber Security

4 Session Tracks

4 Tracks - 36 Sessions
Executive Track: What a C-level Executive Needs to Know
Tales from the Trenches Track
New for 2016! Solutions for Industries Track
Incident Response Track
2000+ Attendees
20+ Industries
45+ Countries Attending

3 Keynote Presentations

3 Networking Receptions

1 Media Panel
1 Analyst Panel

2 Vertical Focused Events

20+ Technology Demos

6 Post-Summit Training Courses

Up To 32 CPE Credits

FireEye Cyber Defense Summit 2015 Highlights

In 2010, Mandiant launched the first MIRcon (Mandiant Incident Response Conference). This first MIRcon was a single-track, two-day event with 100 attendees. MIRcon continued to grow year after year, and after FireEye acquired Mandiant, MIRcon was renamed.

Agenda

Nov 28
2:00pm - 8:00pm

Registration and Information Desk Open

Terrace Foyer, Terrace Level

5:30pm - 8:30pm

Welcome Reception - Solutions Showcase/Technology Demos, Hors d'oeuvres and Cocktails

International Terrace, Terrace Level

Nov 29
7:00am - 7:00pm

Registration and Information Desk Open

Terrace Foyer, Terrace Level

7:00am - 9:00am

Breakfast

Columbia, Terrace Level

7:00am - 9:00am

Solutions Showcase/Technology Demos

International Terrace, Terrace Level

9:00am - 11:30am

Welcome and Keynotes -- Travis Reese, President, FireEye, Kevin Mandia, CEO, FireEye, Grady Summers, SVP and CTO, FireEye and Ben Saunders, World Record-Breaking Polar Explorer

International Ballroom, Concourse Level

11:30am - 1:00pm

Lunch and Solutions Showcase/Technology Demos

Columbia, Terrace Level

1:10pm - 2:00pm

Track Sessions

International Ballroom, Georgetown East/West, Jefferson East/West, Lincoln East/West -- Concourse Level

  • Incident Response Track -- Phishy Words: Internet-Scale Patterns of Word Affixes in Phishing Domains -- Tim Helming, Director, Product Management, Domain Tools
  • Tales from the Trenches Track -- Using FireEye Intelligence for Effective Vulnerability Prioritization -- Michelangelo Sidagni, CTO, NopSec, Jordan Dominguez, Data Scientist, NopSec
  • Solutions for Industries Track -- Industrial Cyber Security: What You Don't Know Can Hurt You (and Others): Tales from Real World ICS Incidents and Actionable Lessons Learned -- David Meltzer, Chief Research Officer, Belden/Tripwire
  • Executive Track -- Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection and Response -- Marshall Heilman, VP Service and Executive Director, IR and Red Team Operations, Mandiant Consulting, Craig Hoffman, Partner, Baker & Hostetler, LLP
2:10pm - 3:00pm

Track Sessions

International Ballroom, Georgetown East/West, Jefferson East/West, Lincoln East/West -- Concourse Level

  • Incident Response Track -- Hunting: Defense Against the Dark Arts -- Jacqueline Stokes, Principal Consultant, Mandiant Consulting, Danny Akacki, Consultant, Mandiant Consulting
  • Tales from the Trenches Track -- Seven Best Practices to Maximize Your FireEye Investment -- Anand Deveriya, DSE, FireEye
  • Solutions for Industries Track -- What's the DFIRence for ICS? -- Chris Sistrunk, Sr. Consultant, Industrial Control Systems, Mandiant Consulting, Josh Triplett, Sr. Reverse Engineer, FireEye
  • Executive Track -- Securing Your Cloud Deployments Through Continous Visibility and Effective Control -- Alex J. Attumalil, Sr Mgr Global Cyber Security Operations, Under Armour
3:00pm - 3:30pm

Coffee Break

Concourse Foyer, Concourse Level

3:30pm - 4:20pm

Track Sessions

International Ballroom, Georgetown East/West, Jefferson East/West, Lincoln East/West -- Concourse Level

  • Incident Response Track -- Visa's Approach to an Intel-led Security Posture in the Fight Against Cybercrime -- Glen Jones, Head of Payment Cyber System Intelligence, Visa
  • Tales from the Trenches Track -- Keeping the Kids In and the Bad Guys Out -- Robert Losinski, Sr. InfoSecurity Administrator, Denver Public Schools
  • Solutions for Industries Track -- Best Defense Should Decrease Attack Surface in Innovative Ways -- Joe White, Information Security Officer, Stanford University, Frank Weigel, Director of IT, Credit Karma
  • Executive Track -- Application of Sun Tzu's Principal's to the Kinetic Cyber Battlefield: the Warrior Mindset -- Chuck McGregor, VP, CyberSecurity Director Parsons and US Marine Corps Special Operations Command, Exercise Control Group Officer
4:30pm - 5:20pm

Track Sessions

International Ballroom, Georgetown East/West, Jefferson East/West, Lincoln East/West -- Concourse Level

  • Incident Response Track -- Lessons Learned from Responding to Disruptive Breaches -- Charles Carmakal, Vice President, Mandiant Consulting, Robert Wallace, Director, Security Consulting Services, Mandiant Consulting
  • Tales from the Trenches Track -- Panel: Cybersecurity Automation and Orchestration: The Best Response to the Most Difficult Threats -- Paul A. Ferrillo, Weil, Gotshal & Manges, Paul Nguyen, VP, Orchestration & Integration, FireEye, Grady Summers, SVP & CTO, FireEye
  • Solutions for Industries Track -- What REALLY Matters for HIPAA Compliance? A Top 10 List for HIPAA Readiness -- Nathan Kottkamp, Partner, McGuireWoods
  • Executive Track-- The FBI (Cyber) Files -- Matthew Braverman, Washington Field Office, Supervisory Special Agent, FBI
5:30pm - 8:30pm

Global Cuisine and Cocktail Reception

International Terrace, Terrace Level

6:30pm - 8:30pm

FireEye Arcade - Fun, Games, Music and More!

Columbia, Terrace Level

Nov 30
6:30am - 4:30pm

Registration and Information Desk

Terrace Foyer, Terrace Level

7:00am - 9:00am

Breakfast

Columbia, Terrace Level

7:00am - 9:00am

Government Breakfast

7:00am - 9:00am

Solutions Showcase/Technology Demos

International Terrace, Terrace Level

9:00am - 9:50pm

Track Sessions

International Ballroom, Georgetown East/West, Jefferson East/West, Lincoln East/West -- Concourse Level

  • Incident Response Track -- Who's Bad? Moonwalking Through Disk Execution Artifacts -- David Cowen, Partner, G-C Partners
  • Tales from the Trenches Track -- City of New Orleans: Back from the Brink, Stronger (and More Secure) than Ever -- Freud Alexandre, Office of Information Technology & Innovation Enterprise Architect & Security Manager, City of New Orleans
  • Solutions for Industries Track -- Even Local Government Can Do Security Right; Let's Change the Stereotype -- Ricardo Lafosse, Chief Information Security Officer, Cook County Government
  • Executive Track -- The Myth of Phishing Awareness -- Aaron Higbee, Co-Founder and Chief Technology Officer, PhishMe
10:00am - 10:50am

Track Sessions

International Ballroom, Georgetown East/West, Jefferson East/West, Lincoln East/West -- Concourse Level

  • Incident Repsonse Track -- Boot What? Why Tech Invented by IBM is Still Relevant in 2016 -- Christopher Glyer, Technical Director, Mandiant Consulting
  • Tales from the Trenches Track -- Ransomware: Buy One, Get One Free -- Jack R. Weiner, Network Engineer, IS Infrastructure, Rush-Copley Medical Center
  • Solutions for Industries Track -- Alternatives to Late-Stage Intrusion Detection in Medicine -- Mark Baenziger, Threat Assessment Manager, FireEye
  • Executive Track -- Cyber Governance Gaps in Product Companies and How to Close Them -- Brad Lunn, Executive, General Atomics Aeronautical Systems (Aerospace and Defense)
10:50am - 11:10am

Coffee Break

11:10am - 12:00pm

Track Sessions

International Ballroom, Georgetown East/West, Jefferson East/West, Lincoln East/West -- Concourse Level

  • Incident Response Track -- Fortifying the Interior with Behavior/Analytics: 5 Real World Case Studies -- Stephen Jou, CTO, Interset
  • Solutions for Industries Track -- COPEing with Your Cyber Exposure -- Russ Cohen, Chubb, Director of Cyber/Privacy Services, North American Financial Lines, Ron Bushar, Global Managing Director Security Program Services, FireEye
  • Executive Track -- Hacking the Pentagon: Taking Incident Response from an Attacker Point of View -- Blake Turrentine, CEO, HotWAN
12:00pm - 1:15pm

Lunch and Solutions Showcase/Technology Demos

Columbia, Terrace Level

1:15pm - 2:15pm

Keynote - John P. Carlin, Assistant Attorney General for National Security United States Department of Justice

International Ballroom, Concourse Level

2:15pm - 3:15pm

Panel Discussion

3:15pm - 3:30pm

Coffee Break

3:30pm - 4:20pm

Track Sessions

International Ballroom, Georgetown East/West, Jefferson East/West, Lincoln East/West -- Concourse Level

  • Incident Response Track -- Detecting and Analyzing PowerShell Attacks -- Matthew Dunwoody, Senior Consultant, Mandiant Consulting, Daniel Bohannon, Consultant, Mandiant Consulting
  • Solutions for Industries Track -- The Healthcare Industry vs The Cyber Threat -- Digital Warfare -- Angela Williams, Director, Enterprise Information Security, Blue Cross Blue Shield Michigan
  • Executive Track -- Panel: The Art and Science of Underwriting Cyber Risk -- Karen Kukoda, Cyber Risk Alliance Director, FireEye, Ron Bushar, Global Managing Director Security Program Services, FireEye, CJ Prusinsky, Underwriter, Beazley, Ben Beeson, Cyber Risk Practice Leader, Lockton Companies
4:30pm - 5:20pm

Track Sessions

International Ballroom, Georgetown East/West, Jefferson East/West, Lincoln East/West -- Concourse Level

  • Incident Response Track -- The Magnificent FIN7 -- John Miller, Manager for Cyber Crime Intelligence, FireEye iSIGHT Intelligence, Devon Kerr, Manager for Incident Response, Mandiant Consulting
  • Solutions for Industries Track – Continuous Monitoring in Healthcare -- Sanjeev Sah, CSO & Director of IS Risk and Controls, Texas Children's Hospital
  • Executive Track -- Using Geopolitical Analysis to Predict Cyber Attacks -- Christopher Porter, Manager, FireEye Horizons, FireEye iSIGHT Intelligence
Dec 01
9:00am - 5:30pm

Post-Summit Training

Dec 02
9:00am - 5:30pm

Post-Summit Training


Incident Response Track

  • Advances in tools or methodologies for incident prevention, detection, response or containment
  • Case studies highlighting unique, real-world intrusion scenarios and investigation and response efforts
  • Best practices for leveraging threat intelligence
  • Digital forensics applied to host and network-based sources of evidence
  • Use of network security monitoring, host-based tools, and SIEM solutions to detect and respond to enterprise-scale attacks
  • Malware analysis and mitigation
  • Post remediation best practices

SPEAKERS AND SESSION TOPICS: 

  • Phishy Words:Internet-Scale Patterns of Word Affixes in Phishing Domains -- Tim Helming, Director, Product Management, Domain Tools
  • Hunting: Defense Against the Dark Arts -- Jacqueline Stokes, Principal Consultant, Mandiant Consulting, Julian Pileggi, Senior Consultant, Mandiant Consulting
  • Visa's Approach to an Intel-led Security Posture in the Fight Against Cybercrime -- Glen Jones, Head of Payment Cyber System Intelligence, Visa
  • Lessons Learned from Responding to Disruptive Breaches -- Charles Carmakal, Vice President, Mandiant Consulting, Robert Wallace, Director, Security Consulting Services, Mandiant Consulting
  • Who's Bad? Moonwalking Through Disk Execution Artifacts -- David Cowen, Partner, G-C Partners
  • Boot What? Why Tech Invented by IBM is Still Relevant in 2016 -- Christopher Glyer, Technical Director, Mandiant Consulting
  • Fortifying the Interior with Behavior/Analytics: 5 Real World Case Studies -- Stephen Jou, CTO, Interset
  • Detecting and Analyzing PowerShell Attacks -- Matthew Dunwoody, Senior Consultant, Mandiant Consulting, Daniel Bohannon, Consultant, Mandiant Consulting

Executive Track: What a C-Level Executive Needs to Know

  • Building and leading computer incident response teams (CIRTs)
  • Measuring and improving CIRT performance and ROI
  • Strategic, legal and/or operational considerations regarding incident detection and response
  • Adapting to regulatory or legislative aspects of incident detection and response
  • Case studies on CIRT work, including lessons learned and global best practices

SPEAKERS AND SESSION TOPICS:

  • The FBI (Cyber) Files -- Matthew Braverman, Washington Field Office, Supervisory Special Agent, FBI
  • Securing Your Cloud Deployments Through Continous Visibility and Effective Control -- Alex J. Attumalil, Sr Mgr Global Cyber Security Operations, Under Armour
  • Application of Counterinsurgency Principal's to the Kinetic Cyber Battlefield: the Warrior Mindset -- Chuck McGregor, VP, CyberSecurity Director Parsons and US Marine Corps Special Operations Command, Exercise Control Group Officer
  • Cyber Governance Gaps in Product Companies and How to Close Them -- Brad Lunn, Executive, General Atomics Aeronautical Systems (Aerospace and Defense) 
  • The Myth of Phishing Awareness -- Aaron Higbee, Co-Founder and Chief Technology Officer
  • Hacking the Pentagon: Taking Incident Response from an Attacker Point of View -- Blake Turrentine, CEO, HotWAN
  • Panel: The Art and Science of Underwriting Cyber Risk -- Karen Kokuda, Cyber Risk Alliance Director, FireEye, Ron Bushar, Global Managing Director Security Program Services, FireEye, CJ Pruzinsky, Underwriter, Beazley, Ben Beeson, Cyber Risk Practice Leader, Lockton Companies
  • Using Geopolitical Analysis to Predict Cyber Attacks -- Christopher Porter, Manager, FireEye Horizons, FireEye iSIGHT Intelligence
  • Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection and Response -- Marshall Heilman, VP Service and Executive Director, IR and Red TeamOperations, Mandiant Consulting, Craig Hoffman Partner, Baker & Hostetler LLP 


FireEye Tales from the Trenches Track

  • Real-world examples of leveraging FireEye offerings to prevent cyber attacks and protect your organization's assets
  • Best practices on how to gather, share and use intelligence to stay a step ahead of attackers
  • Insight into the unique nature of regional threats and how to leverage FireEye to mitigate those challenges
  • Lessons learned on addressing the particular challenges of cyber security within your industry
  • Showcase of successful experiences with FireEye's network security, endpoint security, investigations and incident response offerings
  • Cases/examples of orchestration/automation
  • Challenges, strategies and processes addressing cloud and mobile security

SPEAKERS AND SESSION TOPICS:

  • Using FireEye Intelligence for Effective Vulnerability Prioritization -- Michelangelo Sidagni, CTO, NopSec, Jerry Gagelman, Senior Data Scientist, NopSec

  • Keeping the Kids In and the Bad Guys Out -- Robert Losinski, Sr. InfoSecurity Administrator, Denver Public Schools

  • Seven Best Practices to Maximize Your FireEye Investment -- Anand Deveriya, DSE, FireEye

  • Panel: Cybersecurity Automation and Orchestration: The Best Response to the Most Difficult Threats -- Paul A. Ferrillo, Weil, Gotshal & Manges, Paul Nguyen, VP, Orchestration & Integration, FireEye, Grady Summers, SVP & CTO, FireEye

  • City of New Orleans: Back from the Brink, Stronger (and More Secure) than Ever -- Freud Alexandre, Office of Information Technology & Innovation Enterprise Architect & Security Manager, City of New Orleans
  • Ransomware: Buy One, Get One Free -- Jack R. Weiner, Network Engineer, IS Infrastructure, Rush-Copley Medical Center

New for 2016 - Solutions for Industries Track

  • Solutions and best practices for Industry Verticals including Healthcare, Retail, Financial Services, Telecom, Utilities, Government and Critical Infrastructure
  • Industry specific advances in tools or methodologies for incident prevention, detection, response or containment that are not "horizontal" or common across vertical markets. Examples include protecting electronic medical records (EMR, ePHI), Industrial Control Systems (ICS, SCADA) or industry specific data types (PII, PHI, PCI)
  • Challenges, strategies and processes addressing industry-specific compliance and security requirements
  • Insight into the unique nature of threats in a specific Industry Verticals
  • Real-world examples that reflect how cyber security requirements and solutions for vertical markets vary across government and commercial organizations 

SPEAKERS AND SESSION TOPICS:

  • Industrial Cyber Security: What You Don't Know Can Hurt You (and Others): Tales from Real World ICS Incidents and Actionable Lessons Learned -- David Meltzer, Chief Research Officer, Belden/Tripwire
  • What's the DFIRence for ICS? -- Chris Sistrunk, Sr. Consultant, Industrial Control Systems, Mandiant Consulting, Josh Triplett, Sr. Reverse Engineer, FireEye
  • Best Defense Should Decrease Attack Surface in Innovative Ways -- Joe White, Information Security Officer, Stanford University, Frank Weigel, Director of IT, Credit Karma
  • Even Local Government Can Do Security Right; Let's Change the Stereotype -- Ricardo Lafosse, Chief Information Security Officer, Cook County Government
  • What REALLY Matters for HIPAA Compliance? A Top 10 List for HIPAA Readiness -- Nathan Kottkamp, Partner, McGuireWoods
  • Alternatives to Late-Stage Intrusion Detection in Medicine -- Mark Baenziger, Threat Assessment Manager, FireEye
  • The Healthcare Industry vs The Cyber Threat -- Digital Warfare -- Angela Williams, Director, Enterprise Information Security, Blue Cross Blue Shield Michigan
  • Continuous Monitoring in Healthcare -- Sanjeev Sah, CSO & Director of IS Risk and Controls, Texas Children's Hospital  
  • COPEing wth Your Cyber Exposure -- Russ Cohen, Chubb, Director of Cyber/Privacy Services, North American Financial Lines, Ron Bushar, Global Managing Director Security Program Services, FireEye

 


Keynote Speakers 2016

FireEye Cyber Defense Summit 2016 is pleased to announce the following Keynote Speakers this year:



Kevin Mandia

Kevin Mandia

CEO and Board Director, FireEye

Kevin has been FireEye CEO since June 2016 and a member of the FireEye Board of Directors since February 2016. He previously served as FireEye President, from February 2015 until his appointment as CEO. Kevin joined the company as Senior Vice President and Chief Operating Officer in December 2013, when FireEye acquired Mandiant, the company he founded in 2004. As CEO of Mandiant, Kevin grew the company to nearly 500 employees and more than $100 million in revenue. Widely recognized as the leading provider of security incident management products and services prior to the acquisition, Mandiant remains the core of the highly successful FireEye consulting business.

Kevin has spent more than 20 years in information security and has been on the front lines helping organizations respond to computer security breaches. Before Mandiant, he was the Director of Computer Forensics at Foundstone (acquired by McAfee Corporation) from 2000 to 2003, and he was the Director of Information Security for Sytex (later acquired by Lockheed Martin) from 1998 to 2000. Kevin was also a United States Air Force Officer, serving as a computer security officer in the 7th Communications Group at the Pentagon, and a special agent in the Air Force Office of Special Investigations (AFOSI). He holds a B.S. in computer science from Lafayette College and a M.S. in forensic science from The George Washington University.

John P. Carlin

John P. Carlin

Assistant Attorney General for National Security United States Department of Justice

The Honorable John P. Carlin, nominated by President Obama and confirmed overwhelmingly by the Senate, is the Assistant Attorney General for National Security and serves as the Department of Justice's top national security attorney. As AAG, Mr. Carlin oversees nearly 400 employees responsible for protecting the country against international and domestic terrorism, espionage, cyber, and other national security threats.

Under his leadership, NSD worked with U.S. Attorneys' Offices and others to:

  • Prosecute the Boston Marathon bombing cases.
  • Disrupt multiple terrorist plots and national security threats and bring those involved to justice.
  • Oversee the efforts of the National Security Cyber Specialist Network and the National Security/Anti-Terrorism Advisory Council program.
  • Investigate the attack on Sony Entertainment's computer systems.
  • Bring an unprecedented indictment against five members of the Chinese military for economic espionage.
  • Secure the first federal jury conviction on charges brought under the Economic Espionage Act of 1996.
  • Launch a nationwide outreach effort across industries to raise awareness of national security cyber and espionage threats against American companies and to encourage greater C-suite involvement in corporate cyber security matters.

Mr. Carlin joined NSD after serving as Chief of Staff and Senior Counsel to Robert S. Mueller, III, Director of the FBI, where he helped lead the Bureau's evolution to meet growing and changing national security threats, including cyber threats. A career federal prosecutor, Mr. Carlin previously served as National Coordinator of DOJ's Computer Hacking and Intellectual Property (CHIP) program and as an Assistant United States Attorney (AUSA) for the District of Columbia, where he prosecuted cases ranging from homicide and sexual offenses to cyber, fraud, and public corruption matters.

Mr. Carlin, who joined DOJ through the Attorney General's Honors Program, earned his Juris Doctor degree from Harvard Law School, where he received the Samuel J. Heyman Fellowship for Federal Government Service and served as Articles editor for the Harvard Journal on Legislation. Mr. Carlin earned his Bachelor of Arts degree magna cum laude from Williams College, where he was elected to Phi Beta Kappa.

Ben Saunders

Ben Saunders

World Record-Breaking Polar Explorer and Repeat TED Speaker

“I am an explorer of limits – geographically, physically and mentally. It's about pure human endeavour, and the way in which I can inspire others to explore their own personal potential.”

Polar explorer and world record-breaking long-distance skier Ben Saunders is a man making history. Best known for leading one of the most ambitious polar expeditions in a century, he was the first to successfully complete the epic, 105-day, 1,800-mile trek on foot to retrace Captain Robert Falcon Scott's ill-fated, early 20th-century journey to the South Pole – equivalent to running 69 marathons back-to- back. Of his expedition he said, “We can all accomplish great feats through ambition, passion, stubbornness, and refusal to quit. If you dream something hard enough, it does indeed come to pass.”

A speaker at the 2005, 2012, and 2014 TED conferences, Ben was labeled “a master story teller” by TED. Believing that “No one else is an authority on your potential” and “Impossible is just someone's opinion,” Saunders combines the allure and nostalgia of 20th century explorers with the ingenuity of today's modern adventurers. His presentation takes you to the ends of the Earth and back and showcases spectacular visuals, a commanding stage presence, a winning smile, and funny and relatable stories.

He enthralls audiences as he touches on themes like challenging conventional wisdom, pushing past self-imposed limits, the disconnect between ideas and action, communicating with your team, and managing change (the landscapes he travels are in constant flux). He jokes that he makes a living by dragging heavy things in cold places, but his message is one of inspiration, empowerment, and boundless potential. Saunders has also developed innovative methods that allow him to live blog his adventures, and he is known for his incredible pictures and video.

Ben has five North Pole expeditions under his belt and has accomplished some of the world's most impressive polar expeditions. He is the youngest person to ski solo to the North Pole and holds the record for the longest solo Arctic journey by a Briton. He also holds the record for the longest human- powered polar journey in history and is the third in history and the youngest by 10 years to reach the North Pole alone and on foot. Since 2001, he has skied more than 3,730 miles (or 142 marathons) in the Polar Regions. A powerful advocate for the natural world, Saunders has seen first-hand the effects of climate change, and his expeditions are raising awareness for sustainable solutions. He has also climbed in the Nepalese Himalayas, worked as an instructor at the John Ridgway School of Adventure, raced bikes at a national level, and run seven marathons and three ultra-marathons.

While not pulling a sled, Ben publishes Avant magazine and has contributed articles on his journeys to a number of publications. He was featured in the 2016 New York Times best-seller TED Talks: The Official Guide to Public Speaking, which was published by TED chief Chris Anderson. In the book, Ben is described by Chris as a “powerful storyteller” with a penchant for surprising audiences.

Grady Summers

Grady Summers

Senior Vice President and Chief Technology Officer, FireEye

As Senior Vice President and Chief Technology Officer for FireEye, Grady Summers oversees a global CTO team that supports R&D and product engineering efforts and works with customers worldwide to address today’s evolving threat landscape.

Grady has over 15 years of experience in information security both as a CISO and consultant to many Fortune 500 companies.  He joined FireEye through its acquisition of Mandiant in 2014.  At Mandiant, Grady led the company’s strategic consulting and customer success divisions. Prior to Mandiant, Grady was a partner at Ernst & Young, responsible the firm's information security program management practice. In this role, he worked with CISOs, CIOs, and directors to help improve their information security programs, with a focus on strategic information security planning, organization design, incident response, and targeted threats. His focus included board-level oversight of cyber security, and he has advised dozens of audit and risk committees on successful approaches to cyber risk governance.

Before E&Y, Grady was the Chief Information Security Officer (CISO) at General Electric, overseeing a large global information security organization. GE's information security function grew substantially under his leadership, including the development of the company's first incident response team, a software security center of excellence, and global security operations. His previous roles at GE include divisional CTO and a variety of positions in application security, web development, and infrastructure management.

Grady’s insights frequently appear in print, and he has been a guest on numerous television programs, including CNN Starting Point, Andrea Mitchell Reports, Cavuto, ABC World News, Australia’s Lateline, and France’s The Interview.

Grady holds an MBA from Columbia University and a bachelor of science in computer systems from Grove City College in Pennsylvania.

Post-Summit Training December 1-2

Overview:

This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach. Students will learn how to find the functionality of a program by analyzing disassembly and by watching how it modifies a system and its resources as it runs in a debugger. Students will learn how to extract host and network-based indicators from a malicious program. Students will be taught about dynamic analysis and the Windows APIs most often used by malware authors. Each section is filled with in-class demonstrations and hands-on labs with real malware where the students practice what they have learned.

What You Will Learn:

  • Hands-on malware dissection
  • How to create a safe malware analysis environment
  • How to quickly extract network and host-based indicators
  • How to perform dynamic analysis using system monitoring utilities to capture the file system, registry, and network activity generated by malware
  • How to debug malware and modify control flow and logic of software
  • To analyze assembly code after a crash course in the Intel x86 assembly language
  • Windows internals and APIs
  • How to use key analysis tools like IDA Pro and OllyDbg
  • What to look for when analyzing a piece of malware
  • The art of malware analysis - not just running tools

Who Should Take This Course:

Software developers, information security professionals, incident responders, computer security researchers, puzzle lovers, corporate investigators, or others requiring an understanding of how malware works and the steps and processes involved in performing malware analysis.

Student Requirements:

  • Excellent knowledge of computer and operating system fundamentals
  • Computer programming fundamentals and Windows Internals experience is highly recommended

What Students Should Bring:

Students must bring their own laptop with VMware Workstation, Server, or Fusion installed (VMware Player is acceptable, but not recommended). Laptops should have at least 20GB of free space. A licensed copy of IDA Pro is highly recommended to participate in ALL labs, but the free version can be used in most cases.

What Students Will Be Provided With:

  • A student manual
  • Class handouts
  • Mandiant giveaways

Overview:

Attacks against computer systems continue to increase in frequency and sophistication. In order to effectively defend data and intellectual property, organizations must have the ability to rapidly detect and respond to threats. This intensive two-day course is designed to teach the fundamental investigative techniques needed to respond to today's landscape of threat actors and intrusion scenarios. Completely redeveloped with all new material in 2016, the class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them. Students will learn how to conduct rapid triage on a system to determine if it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms, develop indicators of compromise to further scope an incident, and much more.

Who Should Take This Course:

This is a fast-paced technical course that is designed to provide hands-on experience with investigating targeted attacks and the analysis steps required to triage compromised systems. The content and pace is intended for students with some background in conducting forensic analysis, network traffic analysis, log analysis, security assessments, and penetration testing, or even security architecture and system administration duties. It is also well suited for those managing CIRT / incident response teams or in roles that require oversight of forensic analysis and other investigative tasks.

Student Requirements:

Students must have a working understanding of the Windows operating system, file system, registry, and use of the command-line. Familiarity with Active Directory and basic Windows security controls and common network protocols will also be beneficial.

What Students Should Bring:

Laptop or virtual machine running Windows 7 (32 or 64 bit). Students must possess Administrator rights to the system they will use during class and must be able to install software provided on a USB device.

What Students Will Be Provided With:

  • Class handouts and slides
  • Thumbdrive containing class materials, labs, and tools
  • Mandiant giveaways

Overview:

This course is designed to teach students how to deploy and use FireEye HX, as well as how to follow a prescribed methodology to deeply investigate and validate alerts using both the HX triage viewer and Redline®, and how to use the HX API to automate actions and integrate HX with other solutions. Students will be engaged in labs that simulate real world use of FireEye HX.

What You Will Learn:

  • Identify the components needed for HX deployment
  • Identify the key phases of HX operation
  • Perform initial configuration of HX appliance and hosts
  • Create custom threat indicators
  • Identify critical information in an HX alert
  • Validate an HX alert
  • Request and approve hosts for containment
  • Investigate a Redline® triage package using a defined methodology
  • Validate and provide further context for alerts using Redline®
  • Identify malicious activity hidden among common Windows events recorded in the lookback cache
  • Use the API to automate HX functionality

Who Should Take This Course:

Cyber Defense Summit attendees or FireEye HX customers who have not yet taken an HX training course. These courses can also be taken by those customers who are considering moving from MIR to HX, but have not yet had the opportunity to attend product training.

Student Requirements:

Students should have a working understanding of networking and network security, the Windows operating system, file system, registry, use of the CLI, regular expressions, and experience scripting in Python.

What Students Should Bring:

FireEye Endpoint Security (HX Series) labs are hosted online at portal.training.fireye.com, FireEye Training Virtual Labs, which requires students to bring their own laptops equipped with one of the following browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10 or greater). Wireshark is recommended. Guest wireless access will be provided. Registrants will be provided details of the minimum requirements necessary to connect to the FireEye Training Virtual Labs.

What Students Will Recieve:

World class instruction from cyber security practitioners that have been teaching and working with HX for customers of both Mandiant and FireEye. Along with global and enterprise level instructors providing deep insight and training, students will receive courseware and an optional certificate of course attendance.

Overview:

Routers play a critical role in the security of any network. With access to a router, an attacker has complete control of the network to manipulate and copy traffic as needed. And as seen with the SYNful Knock router implant this is a serious and imminent threat. Router implants can also be difficult to detect and analyze due to their location within the network. For edge routers positioned outside of network monitoring devices, a direct analysis of the image may be the only option to obtain the critical information to mitigate the compromise.

Students will learn to analyze Cisco IOS images by performing hands-on analysis using a live router running in a lab environment. They will learn how to configure and load a router for analysis. They'll take and analyze core memory dumps. Students will gain an understanding of the Cisco IOS image format to focus on what modifications were made to an image and for what purpose. Students will learn how to effectively dissect an IOS image using IDA Pro for static analysis and how to debug a running router for active analysis.

Students will perform a final lab that involves analyzing backdoored router firmware to determine its functionality.

What You Will Learn:

  • Hands-on Cisco IOS malware analysis
  • Familiarization of the MIPS architecture
  • Format of Cisco IOS image and how the image is loaded by the router
  • How to analyze an IOS image using IDA Pro
  • How to identify modifications to an Cisco IOS image and focus analysis efforts
  • How to obtain and analyze memory dumps of running router
  • How to perform dynamic analysis on a live system

Who Should Take This Course:

Few malware analysts have the skills taught in this class, so any malware analyst could benefit, but this course is geared towards intermediate to advanced malware analysts comfortable using IDA Pro.

Student Requirements:

  • Experience in malware analysis
  • Experience using IDA Pro
  • Computer programming experience

What Students Should Bring:

  • Students will be provided a router for use in the classroom.
  • Students must bring their own laptop with VMware Workstation, Server or Fusion installed (VMware Player is acceptable, but not recommended). Laptops should have at least 20GB of free space.
  • A licensed copy of IDA Pro is required that supports the MIPS architecture. The free version of IDA Pro will not suffice for this class. If purchasing you'll need IDA Professional Edition.

What Students Will Be Provided With:

  • Student manual
  • Class handouts
  • Mandiant/FireEye giveaways

Overview:

This one-day course is designed to provide an exclusive look behind-the-scenes and learn how FireEye Threat Intelligence analysts take raw threat information and employ the painstaking process of assigning attribution to suspected nations or groups.

Course Description

The course is comprised of the following modules, with labs included throughout the instruction.

  • Understanding Threat Intelligence and Attribution – An introduction to the precise meaning of the terms ‘threat intelligence' and ‘attribution'. Not only will this module clarify those terms, but it will separate helpful information from hype. Demonstrations on how alerts, indicators, and investigative data form the basis of threat intelligence, allowing organizations to understand intrusions. The outcome: uncovering a true picture of threat activity and actors that support assessments of attribution.
  • The Value of Threat Intelligence – This module will explore the building blocks of a threat group: how FireEye analysts take raw tactical intelligence and weigh connections and relationships to start building a set of "related activity" that corresponds to a group of threat actors. This module includes the description of several factors that must be considered when attributing "related activity", and provide real-world examples or research and "pivoting".
  • Challenges with Analysis and Attribution – This module builds on the process of using tactical intelligence to identify indicators that can be grouped into a set of related activity and thereby attributed to a "threat group". During the early stages of identifying cyber attacks, it's critical to carefully evaluate data for correct attribution. Errors can lead to mischaracterization and possibly even misattribution down the road.
  • Determining Sponsorship –This module transitions from discussing tactical information to examining operations and strategic intelligence, both of which help us being to determine the "who" and "why" behind an operation. At this stage, we have built a collection of related indicators that we call a threat group and discussed common practices & errors in attributing those indicators. This module will now explore factors that help us make preliminary assessments on motivations and sponsorship of a threat group.
  • Why Attribution Matters for Organizations – Attribution can sometimes seem like a "nice to have", but in many ways this type of analysis can provide incredibly helpful context to threat activity that might enable more insightful decisions or save valuable resources.
  • The Big Picture for You – Focus on attribution from the threat group's point of view: the goal is to no longer look at attribution as a reactive process, but as one that enables us as network defenders to be proactive and even predictive of cyber attacks and operations before they happen.

Who Should Take This Course

This is a fast-paced course that is designed to provide insight into FireEye's attribution methodology while also demonstrating sound handling of threat intelligence information. The content and pace is intended for students with some background or familiarity with threat intelligence. Other technical skills are a plus but not required, including experience conducting forensic analysis, network traffic analysis, log analysis, security assessments & penetration testing, or even security architecture and system administration duties. It is also well suited for those managing a technical information security team.

Student Requirements:

Students must have a working understanding of basic information security principles and a general understanding of "threat intelligence" and indicators of compromise.

Course Materials

Students will receive a lab book, thumb-drive containing all required class materials and tools, and Mandiant-branded giveaways.

Overview:

As cyber security professionals and technologies continue to evolve and become better at prevention, detection, and remediation, attackers are forced to continually evolve their Tools, Tactics, and Procedures (TTPs) in order to remain effective. This is especially true with the most advanced attack groups operating that need to remain undetected for periods of time in order to effectively accomplish their mission. Mandiant is on the front lines investigating these types of breaches. This gives us unparalleled access to understand not only how advanced attackers operate and what TTPs they're leveraging, but also what attack methodologies are most effective across industries.

This intense two-day course is designed to teach advanced offensive techniques to provide you with the ultimate skillset to test your existing security controls. You will learn proven Mandiant Red Team methodologies that start with the successful TTPs we see used by advanced attackers and builds upon them to be even more effective and stealthy. You will even learn how to successfully complete your mission even if part of your team gets caught. This course makes heavy use of labs so that you get to practice everything you learn in a realistic scenario. By learning how to implement and protect against effective TTPs you learn how to help your organization best prevent, detect, and respond to cyber threats.

Why You Should Take This Course:

This is a fast-paced technical course designed to provide hands-on experience conducting covert no-holds barred cyber attack simulations to accomplish various objectives within in a corporate environment, just like an advanced adversary would do. Mandiant is the recognized global leader in performing incident response. As such we blend the latest attacker TTPs we investigate into our Red Team Operations methodology. This course provides an opportunity to learn how real attackers conduct offensive operations, how we improve upon those operations, and to understand how to defend against them. The content and pace is intended for students with a background in conducting penetration tests, security assessments, IT administration, and/or incident response.

Student Requirements:

Students must have working knowledge of the Windows Operating system, file systems, registry and use of the Windows command line.

Students Should Have Some Experience With The Following:

Active Directory and basic Windows security controls; Common network protocols; Linux Operating Systems; Scripting languages such as PowerShell, Python, or Perl; Assessing web applications using the OWASP top 10.

What should students bring:

Laptop with the following virtual machines: Kali Linux Rolling, 32-bit version of Windows 7 or 10, and a 64-bit version of Windows 7 or 10. Students must possess local administrator rights to their host OS and VMs and must be able to install software provided on a USB stick.

The course will provide the students with:

  • Class handouts and slides
  • Thumb drive containing class materials, labs, and tools

Book Your Room Now as Space is Limited!

Washington Hilton

1919 Connecticut Ave NW

Washington, DC 20009

Tel: +1-202-483-3000

For telephone reservations, reference code FCD

FAQs

Registration

Housing and Travel

Onsite

Register by September 30th and save $500 off General Admission!

Bring your team and save even more! Register for 10 Summit passes and get 2 additional passes at no charge! Email fcds@fireeye.com for more information.


Registration Fee General Admission Government/Academia
July 20-September 30 $495 $295*
October 1-November 21 $995 $295*
November 22-November 30 $1500 $1500

*Must have valid government/academia ID to receive discount.