3 Keynote Presentations
3 Networking Receptions
1 Media Panel
1 Analyst Panel
2 Vertical Focused Events
20+ Technology Demos
6 Post-Summit Training Courses
Up To 32 CPE Credits
SPEAKERS AND SESSION TOPICS:
SPEAKERS AND SESSION TOPICS:
Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection and Response -- Marshall Heilman, VP Service and Executive Director, IR and Red TeamOperations, Mandiant Consulting
SPEAKERS AND SESSION TOPICS:
Using FireEye Intelligence for Effective Vulnerability Prioritization -- Michelangelo Sidagni, CTO, NopSec, Jordan Dominguez, Data Scientist, NopSec
Keeping the Kids In and the Bad Guys Out -- Robert Losinski, Sr. InfoSecurity Administrator, Denver Public Schools
Seven Best Practices to Maximize Your FireEye Investment -- Anand Deveriya, DSE, FireEye
Panel: Cybersecurity Automation and Orchestration: The Best Response to the Most Difficult Threats -- Paul A. Ferrillo, Weil, Gotshal & Manges, Paul Nguyen, VP, Orchestration & Integration, FireEye, Grady Summers, SVP & CTO, FireEye
SPEAKERS AND SESSION TOPICS:
FireEye Cyber Defense Summit 2016 is pleased to announce the following Keynote Speakers this year:
Kevin has been FireEye CEO since June 2016 and a member of the FireEye Board of Directors since February 2016. He previously served as FireEye President, from February 2015 until his appointment as CEO. Kevin joined the company as Senior Vice President and Chief Operating Officer in December 2013, when FireEye acquired Mandiant, the company he founded in 2004. As CEO of Mandiant, Kevin grew the company to nearly 500 employees and more than $100 million in revenue. Widely recognized as the leading provider of security incident management products and services prior to the acquisition, Mandiant remains the core of the highly successful FireEye consulting business.
Kevin has spent more than 20 years in information security and has been on the front lines helping organizations respond to computer security breaches. Before Mandiant, he was the Director of Computer Forensics at Foundstone (acquired by McAfee Corporation) from 2000 to 2003, and he was the Director of Information Security for Sytex (later acquired by Lockheed Martin) from 1998 to 2000. Kevin was also a United States Air Force Officer, serving as a computer security officer in the 7th Communications Group at the Pentagon, and a special agent in the Air Force Office of Special Investigations (AFOSI). He holds a B.S. in computer science from Lafayette College and a M.S. in forensic science from The George Washington University.
The Honorable John P. Carlin, nominated by President Obama and confirmed overwhelmingly by the Senate, is the Assistant Attorney General for National Security and serves as the Department of Justice's top national security attorney. As AAG, Mr. Carlin oversees nearly 400 employees responsible for protecting the country against international and domestic terrorism, espionage, cyber, and other national security threats.
Under his leadership, NSD worked with U.S. Attorneys' Offices and others to:
Mr. Carlin joined NSD after serving as Chief of Staff and Senior Counsel to Robert S. Mueller, III, Director of the FBI, where he helped lead the Bureau's evolution to meet growing and changing national security threats, including cyber threats. A career federal prosecutor, Mr. Carlin previously served as National Coordinator of DOJ's Computer Hacking and Intellectual Property (CHIP) program and as an Assistant United States Attorney (AUSA) for the District of Columbia, where he prosecuted cases ranging from homicide and sexual offenses to cyber, fraud, and public corruption matters.
Mr. Carlin, who joined DOJ through the Attorney General's Honors Program, earned his Juris Doctor degree from Harvard Law School, where he received the Samuel J. Heyman Fellowship for Federal Government Service and served as Articles editor for the Harvard Journal on Legislation. Mr. Carlin earned his Bachelor of Arts degree magna cum laude from Williams College, where he was elected to Phi Beta Kappa.
“I am an explorer of limits – geographically, physically and mentally. It's about pure human endeavour, and the way in which I can inspire others to explore their own personal potential.”
Polar explorer and world record-breaking long-distance skier Ben Saunders is a man making history. Best known for leading one of the most ambitious polar expeditions in a century, he was the first to successfully complete the epic, 105-day, 1,800-mile trek on foot to retrace Captain Robert Falcon Scott's ill-fated, early 20th-century journey to the South Pole – equivalent to running 69 marathons back-to- back. Of his expedition he said, “We can all accomplish great feats through ambition, passion, stubbornness, and refusal to quit. If you dream something hard enough, it does indeed come to pass.”
A speaker at the 2005, 2012, and 2014 TED conferences, Ben was labeled “a master story teller” by TED. Believing that “No one else is an authority on your potential” and “Impossible is just someone's opinion,” Saunders combines the allure and nostalgia of 20th century explorers with the ingenuity of today's modern adventurers. His presentation takes you to the ends of the Earth and back and showcases spectacular visuals, a commanding stage presence, a winning smile, and funny and relatable stories.
He enthralls audiences as he touches on themes like challenging conventional wisdom, pushing past self-imposed limits, the disconnect between ideas and action, communicating with your team, and managing change (the landscapes he travels are in constant flux). He jokes that he makes a living by dragging heavy things in cold places, but his message is one of inspiration, empowerment, and boundless potential. Saunders has also developed innovative methods that allow him to live blog his adventures, and he is known for his incredible pictures and video.
Ben has five North Pole expeditions under his belt and has accomplished some of the world's most impressive polar expeditions. He is the youngest person to ski solo to the North Pole and holds the record for the longest solo Arctic journey by a Briton. He also holds the record for the longest human- powered polar journey in history and is the third in history and the youngest by 10 years to reach the North Pole alone and on foot. Since 2001, he has skied more than 3,730 miles (or 142 marathons) in the Polar Regions. A powerful advocate for the natural world, Saunders has seen first-hand the effects of climate change, and his expeditions are raising awareness for sustainable solutions. He has also climbed in the Nepalese Himalayas, worked as an instructor at the John Ridgway School of Adventure, raced bikes at a national level, and run seven marathons and three ultra-marathons.
While not pulling a sled, Ben publishes Avant magazine and has contributed articles on his journeys to a number of publications. He was featured in the 2016 New York Times best-seller TED Talks: The Official Guide to Public Speaking, which was published by TED chief Chris Anderson. In the book, Ben is described by Chris as a “powerful storyteller” with a penchant for surprising audiences.
This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach. Students will learn how to find the functionality of a program by analyzing disassembly and by watching how it modifies a system and its resources as it runs in a debugger. Students will learn how to extract host and network-based indicators from a malicious program. Students will be taught about dynamic analysis and the Windows APIs most often used by malware authors. Each section is filled with in-class demonstrations and hands-on labs with real malware where the students practice what they have learned.
Software developers, information security professionals, incident responders, computer security researchers, puzzle lovers, corporate investigators, or others requiring an understanding of how malware works and the steps and processes involved in performing malware analysis.
Students must bring their own laptop with VMware Workstation, Server, or Fusion installed (VMware Player is acceptable, but not recommended). Laptops should have at least 20GB of free space. A licensed copy of IDA Pro is highly recommended to participate in ALL labs, but the free version can be used in most cases.
Attacks against computer systems continue to increase in frequency and sophistication. In order to effectively defend data and intellectual property, organizations must have the ability to rapidly detect and respond to threats. This intensive two-day course is designed to teach the fundamental investigative techniques needed to respond to today's landscape of threat actors and intrusion scenarios. Completely redeveloped with all new material in 2016, the class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them. Students will learn how to conduct rapid triage on a system to determine if it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms, develop indicators of compromise to further scope an incident, and much more.
This is a fast-paced technical course that is designed to provide hands-on experience with investigating targeted attacks and the analysis steps required to triage compromised systems. The content and pace is intended for students with some background in conducting forensic analysis, network traffic analysis, log analysis, security assessments, and penetration testing, or even security architecture and system administration duties. It is also well suited for those managing CIRT / incident response teams or in roles that require oversight of forensic analysis and other investigative tasks.
Students must have a working understanding of the Windows operating system, file system, registry, and use of the command-line. Familiarity with Active Directory and basic Windows security controls and common network protocols will also be beneficial.
Laptop or virtual machine running Windows 7 (32 or 64 bit). Students must possess Administrator rights to the system they will use during class and must be able to install software provided on a USB device.
This course is designed to teach students how to deploy and use FireEye HX, as well as how to follow a prescribed methodology to deeply investigate and validate alerts using both the HX triage viewer and Redline®, and how to use the HX API to automate actions and integrate HX with other solutions. Students will be engaged in labs that simulate real world use of FireEye HX.
Cyber Defense Summit attendees or FireEye HX customers who have not yet taken an HX training course. These courses can also be taken by those customers who are considering moving from MIR to HX, but have not yet had the opportunity to attend product training.
Students should have a working understanding of networking and network security, the Windows operating system, file system, registry, use of the CLI, regular expressions, and experience scripting in Python.
FireEye Endpoint Security (HX Series) labs are hosted online at portal.training.fireye.com, FireEye Training Virtual Labs, which requires students to bring their own laptops equipped with one of the following browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10 or greater). Wireshark is recommended. Guest wireless access will be provided. Registrants will be provided details of the minimum requirements necessary to connect to the FireEye Training Virtual Labs.
World class instruction from cyber security practitioners that have been teaching and working with HX for customers of both Mandiant and FireEye. Along with global and enterprise level instructors providing deep insight and training, students will receive courseware and an optional certificate of course attendance.
Routers play a critical role in the security of any network. With access to a router, an attacker has complete control of the network to manipulate and copy traffic as needed. And as seen with the SYNful Knock router implant this is a serious and imminent threat. Router implants can also be difficult to detect and analyze due to their location within the network. For edge routers positioned outside of network monitoring devices, a direct analysis of the image may be the only option to obtain the critical information to mitigate the compromise.
Students will learn to analyze Cisco IOS images by performing hands-on analysis using a live router running in a lab environment. They will learn how to configure and load a router for analysis. They'll take and analyze core memory dumps. Students will gain an understanding of the Cisco IOS image format to focus on what modifications were made to an image and for what purpose. Students will learn how to effectively dissect an IOS image using IDA Pro for static analysis and how to debug a running router for active analysis.
Students will perform a final lab that involves analyzing backdoored router firmware to determine its functionality.
Few malware analysts have the skills taught in this class, so any malware analyst could benefit, but this course is geared towards intermediate to advanced malware analysts comfortable using IDA Pro.
This one-day course is designed to provide an exclusive look behind-the-scenes and learn how FireEye Threat Intelligence analysts take raw threat information and employ the painstaking process of assigning attribution to suspected nations or groups.
The course is comprised of the following modules, with labs included throughout the instruction.
This is a fast-paced course that is designed to provide insight into FireEye's attribution methodology while also demonstrating sound handling of threat intelligence information. The content and pace is intended for students with some background or familiarity with threat intelligence. Other technical skills are a plus but not required, including experience conducting forensic analysis, network traffic analysis, log analysis, security assessments & penetration testing, or even security architecture and system administration duties. It is also well suited for those managing a technical information security team.
Students must have a working understanding of basic information security principles and a general understanding of "threat intelligence" and indicators of compromise.
Students will receive a lab book, thumb-drive containing all required class materials and tools, and Mandiant-branded giveaways.
As cyber security professionals and technologies continue to evolve and become better at prevention, detection, and remediation, attackers are forced to continually evolve their Tools, Tactics, and Procedures (TTPs) in order to remain effective. This is especially true with the most advanced attack groups operating that need to remain undetected for periods of time in order to effectively accomplish their mission. Mandiant is on the front lines investigating these types of breaches. This gives us unparalleled access to understand not only how advanced attackers operate and what TTPs they're leveraging, but also what attack methodologies are most effective across industries.
This intense two-day course is designed to teach advanced offensive techniques to provide you with the ultimate skillset to test your existing security controls. You will learn proven Mandiant Red Team methodologies that start with the successful TTPs we see used by advanced attackers and builds upon them to be even more effective and stealthy. You will even learn how to successfully complete your mission even if part of your team gets caught. This course makes heavy use of labs so that you get to practice everything you learn in a realistic scenario. By learning how to implement and protect against effective TTPs you learn how to help your organization best prevent, detect, and respond to cyber threats.
This is a fast-paced technical course designed to provide hands-on experience conducting covert no-holds barred cyber attack simulations to accomplish various objectives within in a corporate environment, just like an advanced adversary would do. Mandiant is the recognized global leader in performing incident response. As such we blend the latest attacker TTPs we investigate into our Red Team Operations methodology. This course provides an opportunity to learn how real attackers conduct offensive operations, how we improve upon those operations, and to understand how to defend against them. The content and pace is intended for students with a background in conducting penetration tests, security assessments, IT administration, and/or incident response.
Students must have working knowledge of the Windows Operating system, file systems, registry and use of the Windows command line.
Active Directory and basic Windows security controls; Common network protocols; Linux Operating Systems; Scripting languages such as PowerShell, Python, or Perl; Assessing web applications using the OWASP top 10.
Laptop with the following virtual machines: Kali Linux Rolling, 32-bit version of Windows 7 or 10, and a 64-bit version of Windows 7 or 10. Students must possess local administrator rights to their host OS and VMs and must be able to install software provided on a USB stick.
The deadline to register and receive the early-bird fee is September 30, 2016. The registration fee increases on October 1, 2016.
The Summit begins on Monday, November 28 with a casual evening welcome reception. The Summit sessions are Tuesday, November 29 and Wednesday, November 30.
|Registration Fee||General Admission||Government/Academia|
|July 20-September 30||$495||$295*|
|October 1-November 21||$995||$595*|
|November 22-Novenber 28||$1500||$1500|
The registration fee includes entry to all sessions, keynotes and the Solutions Showcase, Monday Welcome Reception, Tuesday Gala Cocktail Reception and Dinner, and breakfast, lunch and breaks on Tuesday and Wednesday.
Please note that Post-Summit Training Courses are not included in Summit registration and are an additional fee.
All Summit cancellation requests must be submitted in writing to email@example.com. All Summit cancellation requests must be received by October 28, 2016 to receive a full refund or to transfer registration to a colleague. No registration refunds will be issued after October 28, 2016, however registration transfers will be issued until November 27, 2016.
FireEye Cyber Defense Summit 2016 will once again be held at the historic Washington Hilton, located at 1919 Connecticut Avenue, NW, Washington, DC 20009. Tel: +1-202-483-3000 Fax: +1-202-232-0438.
Hotel reservations must be made separately from your Summit registration, using the following link: https://resweb.passkey.com/go/FireEyeCyber
There are a limited number of rooms available at the discounted Summit rate of $279. We encourage you to reserve your room now. Please note that the discounted rate will not be available after November 4, 2016.
Taxis are available from all major airports and within the city. Bus and metro service are also available. The Dupont Circle Metro Station on the Red Line is closest Metro Station to the hotel. Exit at the north end of the Station to Q Street and walk four blocks north on Connecticut Avenue to Hilton Washington, located at 1919 Connecticut Avenue.
Visit www.wmata.com for current information.
If you are staying at the Washington Hilton, garage parking is available at a discounted rate of $33 per day and valet parking at a discounted rate per day.
Directions to parking garage from Connecticut Avenue, take a right on T Street and drive alongside the perimeter of the hotel. Drive past the T Street Ballroom entrance, and at the first intersection, take a hard left onto Florida Avenue, and then another left onto 19th Street. The parking facility entrance is located on the left, on 19th Street.
Badges and registration materials will be available at the Registration and Information Desk in the Terrace Foyer on the ground level of the hotel.
A printed program guide will be available as part of your registration materials.
The Summit mobile app for will be available one month before the event. Downloading instructions will be emailed to all attendees once the app is available.
Yes. Routes to guestrooms, the main entrance of the hotel, all restaurants, lounges, meetings spaces, pool, fitness center and business center are accessible.
Service animals are also allowed for persons with disabilities.
Accessible guestrooms have 32-inch openings.
No. Attendees are encouraged to takes notes during the sessions and presentations, but we do not allow recordings of the sessions or presentations.
We are still working on this process.
Free Wi-Fi will be provided throughout the Summit conference area.
For attendees staying at the hotel, WiFi is available for a fee.
There is a Business Center onsite with 24-hour access, Internet and computer access, and printing and copying capabilities.
We welcome and encourage your feedback! There are two ways to submit your feedback at Summit 2016 —by paper evaluation form or on the Summit mobile app.
To thank you for your feedback, just stop by the registration desk at the end of the Summit and turn in your completed evaluation form or show your submission via the app. You will receive a gift as a thank you.
|Registration Fee||General Admission||Government/Academia|
|July 20-September 30||$495||$295*|
|October 1-November 21||$995||$595*|
|November 22-November 30||$1500||$1500|
*Must have valid government/academia ID to receive discount.