Account Login


Security Symposium Presented by Red Hat


  • 22 de maio de 2017
  • New York, NY
  • Crowne Plaza Times Square


Join the Security Symposium, presented by Red Hat, where cybersecurity professionals can learn and network alongside Red Hat security experts, partners, and industry peers. No one can solve IT security issues alone. Connecting with a community and solving problems together is the future of technology.

The Security Symposium is a full-day event that will give you the opportunity to learn about the latest security developments (upstream and enterprise) from industry experts, and for Red Hat engineering to hear from you about the security challenges you face. The Symposium features collaboration and networking with other industry peers throughout the event.

This year’s Security Symposium will feature Theresa Payton, former White House CIO, cybersecurity authority, and expert on identify theft and the Internet of Things.

This event is intended for IT business leaders, security professionals, operations professionals, and application developers who are interested in securing their organization’s infrastructure and applications.


8:00–9:00 a.m. Financial Services Breakfast
9:00–9:30 a.m. Registration and Networking
9:30–10:30 a.m. Keynote Presentation, featuring Theresa Payton
10:30–10:45 a.m. Break
10:45–11:30 a.m. Session One:
Track 1 – Infrastructure Security: Emerging Tech: Application Whitelisting 
Presented by Steve Grubb 
Track 2 – Application Security: The Ten Layers of Container Security 
Presented by Matt Smith and Anthony Golia 
11:30 a.m.–12:15 p.m. Session Two:
Track 1 – Infrastructure Security: Container Security 
Presented by Dan Walsh 
Track 2 – Application Security: Securing Access to Your Data with JBoss Data Virtualization 
Presented by Vijay Chintalapati 
12:15–1:00 p.m. Networking Lunch
1:00–1:45 p.m. Session Three:
Track 1 – Infrastructure Security: Securing the Open Source Supply Chain 
Presented by Josh Bressers 
Track 2 – Application Security: Container Trust Through Simple Signing and Atomic Scan 
Presented by Dan Walsh 
1:45–2:30 p.m. Session Four:
Track 1 – Infrastructure Security: Automating Security Compliance for Your Physical, Virtual, Cloud, and Container Environments 
Presented by Lucy Kerner 
Track 2 – Application Security: Securing the OpenShift Pipeline 
Presented by Justin Goldsmith, Red Hat and Curtis Yanko, Sonatype 
2:30–3:30 p.m. Networking and Cocktail Reception


Emerging Tech: Application Whitelisting

10:45–11:30 a.m.
Steve Grubb, Senior Principal Engineer, Red Hat 
Application whitelisting is an effective way of preventing unknown software from executing on a machine. This presentation will feature one implementation that is under development. We will talk about the low-level details of various ways that applications could be executed. A policy will be demonstrated that blocks the execution of unknown software launched many ways. Time permitting, we will also look at some major new features of the Linux® Audit system. 


The Ten Layers of Container Security

10:45–11:30 a.m.
Matt Smith, Chief Architect, Red Hat and Anthony Golia, Chief Architect, Financial Services, Red Hat 
Containers are becoming more widely used as they enable developers to iterate quickly and deploy workloads across multiple environments. It is imperative that containerized workloads be secured to the same level that our traditional workloads have been for years. This session will explore ten key capabilities of Red Hat's container platform which will allow you to securely build and deploy your applications. 


Container Security

11:30 a.m.–12:15 p.m. 
Dan Walsh, Consulting Engineer, Red Hat 

This session covers topics to consider when looking at container security, including:

  • Where should you run your applications (bare metal, virtual machines, containers, native services)?
  • The importance of kernels for container security
  • What parts of Linux® do we use to keep containers separate?
  • What should you run inside of your containers?
  • Examining containers


Securing Access to Your Data with JBoss Data Virtualization

11:30 a.m.–12:15 p.m.
Vijay Chintalapati, Senior Middleware Specialist, Red Hat 

Companies over time adopt newer technologies and ways to store the ever-growing high volume of data. This leads to a disparate data source problem. It also results in enforcing differing security access constraints at each data source. It makes the job of managing and monitoring all of the data security cumbersome to the organization. With JBoss® Data Virtualization, we will discuss how we can solve both the access and security issues around disparate data sources. 


Securing the Open Source Supply Chain

1:00–1:45 p.m.
Josh Bressers, Security Strategist, Red Hat 

Code hygiene is becoming a hot topic in a world where no one knows who to trust anymore. The days of not understanding what bits you are consuming are long gone. If we're working with open source, how does this change our supply chain? Who can we ask for help? When we are told to "trust but verify," how can we verify, who can we trust? 


Container Trust Through Simple Signing and Atomic Scan

1:00–1:45 p.m.
Dan Walsh, Consulting Engineer, Red Hat 

When you run your container images in production, you need to be concerned about where these images came from and what content they have inside of them. This session takes a deeper dive into container security looking at signing and trust of container images and scanning of images for known vulnerabilities. 


Automating Security Compliance for Your Physical, Virtual, Cloud, and Container Environments

1:45–2:30 p.m.
Lucy Kerner, Principal Technical Product Marketing Manager for Security, Red Hat 

In this session, you'll learn how to provision a security-compliant host at the push of a button and how to quickly detect and remediate security and compliance issues in your physical, virtual, cloud, and container environments. We’ll discuss possible compliance challenges and show how a combination of Red Hat®CloudForms, Red Hat® Satellite, and Red Hat® Ansible Tower can help you achieve compliance, security automation, and remediation in a short time. By integrating Red Hat CloudForms with Red Hat Satellite and Ansible Tower, and utilizing the OpenSCAP integration in Red Hat Satellite, you can perform audit scans and remediations on your systems on demand. This integration can automate security compliance and ensure compliance against various profiles such as the Payment Card Industry Data Security Standard (PCI DSS), Center for Internet Security (CIS) Security Benchmarks, U.S. Government Configuration Baseline (USGCB), DISA STIG, Centralized Supercomputing Facility (CSCF) baseline, U.S. Government Commercial Cloud Services (C2S) baseline, Certified Cloud and Service Provider (CCSP) baseline, as well as custom policies your own organization has. 


Securing the OpenShift Pipeline

1:45–2:30 p.m.
Justin Goldsmith, Architect, Financial Services, Red Hat and Curtis Yanko, Senior Principal Architect, Sonatype

Security is commonly an inhibitor to DevOps adoption due to it being treated as a gating process in most organizations today. As security is a top concern of IT leaders, Red Hat and Sonatype are collaborating on how to seamlessly integrate security into DevOps. Applications and containers are assembled, not developed, which allows container security to be a part of the CI/CD pipeline instead of an after-the-fact gating process. We will demonstrate how to integrate Red Hat® Atomic with the OpenSCAP scanner and Sonatype's Nexus platform to secure application and containers via automation built into modern delivery pipelines. 



Date: Monday, May 22, 2017
Time: 9 a.m. to 3:30 p.m.


Crowne Plaza Times Square
1605 Broadway
New York, NY 10019

Get Directions 


We look forward to seeing you at our event. 

 Register now (Go to the bottom of the page and click the register now link to purchase tickets)




Former White House CIO, Cybersecurity Authority
Starring on CBS’s New TV Show, "Hunted"

As one of America’s most respected authorities on internet security, data breaches, and fraud mitigation, Theresa Payton remains the cybersecurity expert organizations turn to regarding efforts to strengthen cybersecurity measures and understand the impact of the Internet of Things and the importance of securing big data. Payton was the first female to serve as White House Chief Information Officer; prior to that she held executive roles in banking technology at Bank of America and Wells Fargo. Currently the founder, president, and CEO of security, risk, and fraud consulting company, Fortalice, LLC, and author of two books focused on helping others learn about cybersecurity, Payton offers a fascinating narrative on the world of cybersecurity, including insight and methods critical to protecting organizations and information from rapidly evolving cyberattacks.


Principal Technical Product Marketing Manager for Security, Red Hat

Lucy Kerner is a Principal Technical Product Marketing Manager for Security at Red Hat. As part of the Infrastructure Business Group at Red Hat, she is the global security technology evangelist and helps drive thought leadership and the global go-to-market strategy for security across the entire Red Hat portfolio. Prior to this role, she was a Senior Cloud Solutions Architect for the North America Public Sector team at Red Hat. With her domain expertise in cloud technologies, she supported the Red Hat cloud sales efforts by presenting and designing Red Hat cloud solutions for a wide range of North America public sector customers. Lucy has over 13 years of professional experience as both a software and hardware development engineer and a pre-sales solutions architect. Prior to joining Red Hat, she worked at IBM as both a microprocessor design engineer for vMainframe microprocessors and a pre-sales solutions architect for IBM x86 servers.


Senior Principal Engineer, Red Hat

Steve Grubb is a Senior Principal Engineer whose role in Red Hat® Enterprise Linux®(RHEL) Engineering is a security architect with a focus on security certifications (such as Common Criteria and FIPS-140), configuration guidance, and threat research.


Consulting Engineer, Red Hat

Dan Walsh has worked in the computer security field for over 30 years. Dan is a Consulting Engineer at Red Hat. He joined Red Hat in August 2001. Dan has lead the Red Hat Container Engineering team since August 2013, but has been working on container technology for several years. Dan has made many contributions to the Docker project. Dan has also developed a lot of the software on Project Atomic. He has led the SELinux project, concentrating on the application space and policy development. Dan helped developed sVirt, Secure Virtualization, as well as the SELinux Sandbox back in RHEL6, an early desktop container tool. Previously, Dan worked at Netect/Bindview on vulnerability assessment products and at Digital Equipment Corporation working on the Athena Project, AltaVista Firewall/Tunnel (VPN) products. Dan has a BA in Mathematics from the College of the Holy Cross and a MS in Computer Science from Worcester Polytechnic Institute.


Security Strategist, Red Hat

Josh Bressers is a Security Strategist for Red Hat in the Platform Business Unit. Josh has been involved in security for more than 20 years, with a heavy focus on open source. Josh spent more than 12 years at Red Hat as part of various security teams, everything from security response, open source security development lifecycle, security product management, security strategy, and helping open source projects deal with their security problems. Josh is currently focusing on Red Hat’s security strategy around the operating system, containers, storage, networking, virtualization, and understanding how everything fits together in the new IT landscape as well as the open source communities.


Chief Architect, Red Hat

As Chief Architect, Matt is responsible for helping Red Hat customers achieve their key business transformation initiatives through open source architectures and technologies. He regularly advises Fortune 100 enterprises across a wide range of industries, on topics such as digital transformation, IT modernization, and the changing landscape of security and risk. Matt joined Red Hat in 2013, bringing two decades of IT experience ranging from development and system administration to management, strategy, and architecture. Matt has knowledge in many areas of technology, with a particular interest in identity and access management and managing the risk of change, and greatly enjoys bringing open source solutions to the enterprise.


Chief Architect, Financial Services, Red Hat

A 17-year technology veteran in the financial services industry, I am passionate about partnering with my clients to ensure open source and emerging technologies bring them value and competitive advantage in today's fast-changing industry landscape. My goal is to be a strategic partner and trusted adviser to my clients, which means investing a lot of time listening to their needs and concerns. I act as their champion in the open source community and ensure Red Hat's product roadmaps reflects their interests.

Previously, I was a managing director at a Fortune 500 bank in New York, where I was a leader in the infrastructure space, as well as facing off to business developers. I drove the development of innovative enterprise software, including hybrid cloud architecture, recommendation engines, and a low latency market data plant. I also invented a fault tolerant network architecture that ensures uninterrupted connectivity across multiple locations


Senior Middleware Specialist, Red Hat

Vijay Chintalapati is a Senior Middleware Specialist at Red Hat for JBoss® Data Virtualization and JBoss Data Grid. He helps Red Hat clients with their needs around disparate data and providing faster access to the data. Vijay is a certified JBoss EAP administrator and has a background in developing middleware applications dealing with large data volumes. He holds a Masters degree in Computer Science.


Architect, Financial Services, Red Hat

Justin Goldsmith is an Architect working in Red Hat’s Financial Services Practice. Justin specializes in developing business rules and process-driven solutions and has delivered projects for the insurance and financial services industries. He has also worked extensively with Red Hat OpenShift, successfully migrating legacy applications to containers and building net-new OpenShift native applications. While he has always focused on CI/CD and DevOps and has emphasized the benefits of automation in each step of the software development lifecycle, recently he has been stressing the importance of including security analysis of applications upfront in the CI/CD process.


Senior Principal Architect, Sonatype

Curtis Yanko is a Senior Principal Architect at Sonatype and a DevOps coach. Prior to coming to Sonatype, Curtis chaired an Open Source Governance Committee and started the DevOps Center of Enablement at a Fortune 100 insurance company. When he isn’t working with customers and partners on how to build security and governance into modern CI/CD pipelines, he can found raising service dogs or out playing ultimate frisbee during his lunch hour. Curtis is currently working on building strategic technical partnerships to help solve for the rugged DevOps tool chain.