Enrich your conference experience!

Evening talks given by our faculty and selected subject matter experts help you broaden your knowledge, get the most for your training dollar, and hear from the voices that matter in computer security.

SANS @Night

Log Management Hands-on Mini Summit
- Mike Poor
- Thursday, December 11th, 2008
- 6:00pm - 7:00pm | Mike Poor Presentation
- 7:00 - 8:30pm | Hands-on demonstrations with sponsoring vendors

All attendees are encouraged to attend this lively, interactive session featuring a presentation by SANS luminary Mike Poor. Mr. Poor will discuss the current state of the Log Management industry and provide actionable advice and insight on the separation of reality and hype when considering solutions. We will take a hard look at commercial and open-source solutions in this space. Join in this interactive session to make the summit work for you. Mike will address the questions every potential buyer of a Log Management solution should be asking when considering their options.

At the conclusion of the presentation by SANS attendees are invited to visit with sponsoring Log Management solution providers to discuss their organizational requirements and receive hands-on tutorials on how these solutions address Log Management challenges. Participants can work through live, real-time demonstrations with the vendors in attendance and featured SANS instructor Mike Poor.

CISSP Reception: What's Next for the CISSP?
- Speakers: W. Hord Tipton, Executive Director ISC2 and Dr. Eric Cole, PhD., SANS Fellow
- Friday, December 12 * 7:00pm - 8:00pm
- Location: Lincoln 2

The protection of the government's information systems will be one of the important issues that will confront President-elect Obama as he assumes office in January 2009. While our new President will be faced with a variety of recommendations for cyber security, there is one constant - the need to improve the professionalism of the government's IT security workforce. ISC2 and GIAC are global leaders in helping security professionals demonstrate their knowledge. Topics for this session also include a discussion about upcoming changes for CISSP criteria and the impact on existing and new CISSPs. Discussion to be followed by beverages and informal networking.

W. Hord Tipton
W. Hord Tipton is the Executive Director for (ISC)², the global leader in educating and certifying information security professionals throughout their careers. Tipton previously served as president and chief executive officer of Ironman Technologies, where his clients included IBM, Perot Systems, EDS, Booz Allen Hamilton and Symantec. Before founding his own business, he served for five years as Chief Information Officer for the U.S. Department of the Interior.

Tipton holds a bachelor's degree from the University of Morehead and a master's degree from the University of Tennessee, and in 2004, he received the Distinguished Rank Award from the President of the United States.

Secrets of America's Top Penetration Testers
- Ed Skoudis
- Friday, December 12 * 7:00pm - 8:00pm

Listen to luminary Ed Skoudis share 7 secrets employed by the best penetration testers in the industry. This session will cover some little-known but extremely helpful technical and procedural tips for maximizing the effectiveness of pen tests. These secrets can help testers save huge amounts of time, improve the likelihood of successful compromise, and lower the chance of negatively impacting target systems during a test. Based on experiences learned from in-the-trenches tests by a dozen pen testers over the past year, Ed will examine crucial secrets associated with scanning, password attacks, exploitation, and many other aspects that attendees will be able to apply immediately in their own penetration testing regimen.

Pen Testing Hands-On Demo Session featuring Dr. Eric Cole
- Dr. Eric Cole, Ph.D.
- Saturday, December 13
- 6:00pm - 7:00pm | Dr. Eric Cole Presentation
- 7:00pm - 8:30pm | Hands-on demonstrations with sponsoring vendors

Penetration Testing has received a lot of focus in the press and many organizations are talking about the best way to perform them. However in many cases penetration testing has resorted to just running a few tools and presenting a canned report. This presentation will look at achieving maximum value from a penetration test. It will also show how you can take tools and use them to develop unique solutions that can help organizations reduce to risk and secure their assets.

Following the presentation all attendees are invited to meet with leading providers of Penetration Testing solutions. Bring your laptop and prepare to engage in a "hands-on" environment featuring the latest cutting edge technologies in the Penetration Testing market. Work through live, real-time demonstrations with vendors and featured SANS instructor Dr. Eric Cole. Sponsoring vendors arrive prepared to interact with SANS' technically savvy audience, presenting examples on how to avoid current threats to your environment. Appetizers and beverages provided by sponsors.

How to Become a SANS Instructor
- John Strand
- Saturday, December 13 * 7:30pm - 8:30pm

Have you ever wondered what it takes to become a SANS instructor? How do these individuals rise to the top and demonstrate the talents to become part of the SANS faculty? Attend this session led by John Strand to learn how he and other SANS instructors made the commitment to become part of the faculty and learn the steps to make that goal a reality. SANS has a program in place to qualify interested GIAC certified professionals into the SANS Certified Instructor levels. John will share his experiences and show you how to become part of the SANS team.

Stick around after John's talk to speak with current participants in the program and see recognition and awards for their efforts.

Mentor Recognition & Awards
- Saturday, December 13 * 8:30pm - 9:00pm

Catching the Wily Hacker
- Sunday, December 14 * 6:00pm - 7:00pm

Listen to the FBI share the challenges and frustrations of tracking down and catching elusive hackers.

Latest Threats presented by the Internet Storm Center (ISC)
- Johannes Ullrich
- Monday, December 15 * 6:00pm - 7:00pm

The SANS Internet Storm Center (ISC) uses advanced data correlation and visualization techniques to analyze data collected from thousands of sensors in over sixty countries. Experienced analysts constantly monitor the Storm Center data feeds searching for trends and anomalies in order to identify potential threats. When a threat is identified, the team immediately begins an intensive investigation to gauge the threat's severity and impact. This talk discusses recent threats observed by the Internet Storm Center, and discusses new software vulnerabilities or system exposures that were disclosed over the past month.

Visualization of Network Attacks
- Eric Conrad
- Monday, December 15 * 7:00pm - 8:00pm

Eric Conrad will show you how to cut through the clutter by leveraging the latest network and information security visualization techniques. As the old saying goes, a picture is worth a thousand words: are undiscovered malicious trends and connections buried in megabytes of logs? Bring order to the chaos through the power of network attack visualization. DAVIX, the open source data analysis and visualization live CD, will be used to illustrate real-world examples which will show security engineers and managers how to visualize their own threats.

Future Trends in Network Security
- Dr. Eric Cole, Ph.D.
- Monday, December 15 * 8:00pm - 9:00pm

Malicious code and other attacks are increasing in intensity and the damage that they cause. With little time to react, organizations have to become more proactive in their security stance. Reactive security will no longer work. Therefore, organizations need to better understand what the future trends, risks, and threats are so that they can be better prepared to make their organizations as secure as possible. Dr. Cole's in-depth, cross-industry experience allows him to give relevant examples in every instance. This presentation covers security issues that are relevant to IT managers and administrators alike.

Don't miss our Welcome to SANS Reception, along with other special presentations the GIAC and SANS Technology Institute Briefings, a full vendor show, many lunch and learns and birds of the feather sessions.