Thursday, April 22

8:30 AM – 8:45 AM
Opening Remarks From the Chair
Matthew E. Luallen, CISSP, GIAC, CCIE, Co-Founder, Encari

8:45 AM – 9:45 AM
Keynote Address: The Future of Virtualization Security
Edward L. Haletky, VMware vExpert, author VMware vSphere™ and Virtual Infrastructure Security: Securing the Virtual Environment
Until recently, virtualization security has been a bolt-on action using traditional firewalls and security appliances either ported to or specially crafted for the virtual environment. With the advent of VMsafe and the Xen Introspection API, this has changed. It is now possible for security appliances to get trusted authoritative data about the environment they are designed to protect. Mr. Haletky will lay out the significance of this evolution, and take you down the path of where virtualization security is headed, built upon the current technology that can defend VMs within the local enterprise as well as the cloud.

9:45 AM – 10:45 AM
Migrating to a Secure Virtualized Environment
Cassandra Chasnis, CISA, Senior Auditor, Internal Audit, Chemical Bank
• A case study of the implementation and security challenges of migration, including lack of experience among staff, maintenance of servers, and physical and logical access
• Implementing proper change control for bringing servers online and deletion of servers to avoid rogue or unapproved servers
• The future of server virtualization and the impact on security

10:45 AM – 11:00 AM Refreshment Break

11:00 AM – 12:00 PM
Virtualization and the Desktop: Security Hurdles and How to Overcome Them
Ray Soriano, CISSP, CISM, Director, Technology Risk Services - Security & Privacy, Deloitte & Touche LLP
• The main components of desktop virtualization: hypervisor, broker, desktop component
• Securing the endpoint, access point and VDI
• The main forms of desktop virtualization and the pros and cons of each from an efficiency and security perspective
• Desktop virtualization and man-in-the-middle attacks
• Identity management risks in a virtual environment
• The problem with defrags in a V-infrastructure and how to work around it

12:00 PM Networking Luncheon

1:00 PM – 2:00 PM
Penetration Testing in a Virtualized Environment
Tim Pierson, President, Data-Sentry, Inc.; contributing author, VMware vSphere™ and Virtual Infrastructure Security: Securing the Virtual Environment
• The differences between pen testing a virtual environment and a physical machine
• Regulatory compliance requirements that you must adhere to in the virtual arena
• Testing "all-in-one" hosted solutions in the virtual environment
• Virtualizing a DMZ with P2V software to ensure that any hiccups are done in the virtual arena and not on the physical machines

2:00 PM – 2:45 PM PANEL DISCUSSION
Best Practices of Virtualization and Cloud Computing
Moderator: Matthew E. Luallen, CISSP, GIAC, CCIE, Co-Founder, Encari
Panelists: Glenn Brunette, Distinguished Engineer and Chief Security Architect, Sun Microsystems; Cassandra Chasnis, CISA, Senior Auditor, Internal Audit, Chemical Bank; Rob Randell, CISSP, Senior Security and Compliance Specialist, VMware
• Recommended security controls, in order of priority
• Strategies to secure the administration of a virtualized environment
• The most ingenious solution for securing virtualization, either at the cloud or local level
• The best resources available to protect the virtualized environment
• How to enable boundary controls around virtualized solutions, and how to ensure the trustworthiness of those boundaries

2:45 PM – 3:00 PM Refreshment Break

3:00 PM – 3:45 PM
Virtualizing Systems in the Cloud: Pitfalls, Opportunities and Recommendations
Glenn Brunette, Distinguished Engineer and Chief Security Architect, Sun Microsystems
• A multi-dimensional approach to securing virtualized systems
• Opportunities and recommendations for improved systems security
• Lingering concerns that need to be tackled
• Where do we go from here?

3:45 PM – 4:30 PM
Legal Considerations in the Cloud
David Snead, Attorney at Law, W. David Snead, P.C.
• Legal considerations cloud users should take into account before contracting with a cloud provider
• Easy-to-understand explanations combined with smart contract examples for any business owner that needs to outsource technology
• Transnational issues involved in cloud computing
• Questions to ask your cloud provider to analyze your risks and evaluate the relative strengths of various cloud providers

4:30 PM – 5:15 PM
Technology and Solutions Spotlight: Separating Hype from Reality
Moderator: Edward L. Haletky, VMware vExpert, author, VMware vSphere™ and Virtual Infrastructure Security: Securing the Virtual Environment
Panelists: Michael Berman, Chief Technology Officer, Catbird; Todd Ignasiak, Director, Product Management, Altor Networks; Hemma Prafullchandra, Chief Security Architect, HyTrust, Inc.; Mike Wronski, Vice President, Product Management, Reflex Systems; Steven Spadaccini, Sr. Director, Global Technical Sales Solutions, Trend Micro, Inc
• How would one go about securing a mixed hypervisor environment?
• How do virtualization security challenges change with scale? Is it based on the number of VMs? Does security get too expensive to manage, maintain, or purchase with thousands of VMs?
• How does the current set of tools actually protect the hypervisor?
• Considering that most tools are network based, how would these prevent "VM Escape" or protect out-of-band VM communication with the hypervisor or other VMs?
• How can we state a virtual environment or VM is compliant when the compliance documents do not mention virtualization? Can you ever claim to be compliant then? How do we effect change within these compliance groups to support virtualization?

5:15 PM – 6:15 PM Networking Cocktail Reception