Special Offer w/ OnDemand: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training thru Jan 27


To attend this webcast, login to your SANS Account or create your Account.

Closing the Book on Heartbleed - and Avoiding Future Sad Stories

  • Tuesday, May 06, 2014 at 1:00 PM EDT (2014-05-06 17:00:00 UTC)
  • Wolfgang Kandek, Joe Sechman, Joanna Burkey, John Pescatore, David Pack


  • HP
  • LogRhythm
  • Qualys

You can now attend the webcast using your mobile device!



The Heartbleed vulnerability in OpenSSL forced millions of users to changed passwords and enterprises to rapidly patch thousands of servers.Because of all the publicity there continues to be a lot of CXO-level awareness around cyber security and now is the perfect time to recommend strategies for avoiding or mitigating the next Heartbleed - and there *will* be a next one. There were many lessons learned during Heartbleed than can be used to bolster your plans and your presentations to management to gain funding.

In this SANS Special webcast, John Pescatore, SANS Director of Emerging Security Trends will present an overview on the details around Heartbleed and an update on the current status, risks and industry efforts around software security. He will then moderate a panel of vendor experts in a discussion around lessons learned from dealing with Heartbleed and best practices for mitigating or shielding the risks due to vulnerabilities in open source and other third party software. Panelists will include Wolfgang Kandek, Chief Technical Officer of Qualys, Joanna Burkey, TippingPoint DVLabs Manager, Joe Sechman, Manager, Software Security Research for HP, and Dave Pack, Director of LogRhythm Labs.

Speaker Bios

David Pack

David Pack, CISSP, is the Manager of LogRhythm Labs. Dave has over a decade of experience in enterprise-level systems engineering, information security, R&D work on advanced data analysis and visualization systems, and has served as a Security Analyst/Shift Lead for the Citizenship and Immigration Services Security Operations Center (CIS SOC). The team Dave currently manages is responsible for the development of advanced correlation rules for LogRhythm's Advanced Intelligence Engine, MPE parsing rules, and LogRhythm's compliance packages supporting PCI-DSS, HIPAA, SOX, and more.

John Pescatore

John Pescatore joined SANS as director of emerging technologies in January 2013, bringing with him over 35 years of experience in computer, network and information security. Prior to SANS, he was Gartner's lead security analyst for more than 13 years, working with Global 5000 corporations, government agencies and major technology and service providers. In 2008, John was named one of the top 15 most influential people in security and has frequently testified before Congress on issues relating to cybersecurity.

Joanna Burkey

Joanna Burkey, TippingPoint DVLabs Manager. Ms. Burkey manages the DVLabs security research organization at HP TippingPoint. DVLabs provides industry-leading security intelligence for HP TippingPoint's line of Intrusion Prevention System (IPS) and Next-Generation Firewall (NGFW) network security products. With ten years of management experience at TippingPoint, Ms. Burkey has had multiple roles in engineering management and product ownership. Prior to joining HP TippingPoint she worked at Compaq and Surgient Technologies.She has focused on the security and networking industries throughout her career. Ms. Burkey received her BS in Computer Sciences at Angelo State University and studied graduate coursework in Computer Sciences at The University of Texas at Austin. She holds both Pragmatic Marketing Certified Product Manager and Certified Scrum Product Owner (CSPO) professional certifications.

Joe Sechman

Joe Sechman is the Vice President of Security Operations at Cobalt.io. His diverse technical background spans web development, systems administration, advanced attack and penetration testing, and enterprise software security research disciplines.

Over his career, Joe has executed hundreds of pentests, authored several publications, contributed to nine intellectual property disclosures, and is co-inventor of an automated approach to comprehensively discover the attack surface of an application under test.

Wolfgang Kandek

Wolfgang Kandek, Chief Technical Officer. As the CTO for Qualys, Wolfgang is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany. Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.