Plan. Create Playbooks. Respond.

We're expecting 350+ CISO, Manager and Analyst attendees in this concentrated yet focused community event. Join us!


About IR17

IR17 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes.

  • 30+ hours of practical training on today’s best practices in incident response topics
  • 36 breakout sessions designed for all levels of experience
  • Learn practical operations tips and best practices from industry leaders
  • Leave the conference with a developed incident response plan

Community-Driven conference for all levels of cybersecurity professionals!


Information Security Executives

Information Security Executives will have a great opportunity to share best practices in cybersecurity with their peers. IR17 will provide a collaborative space to discuss and learn how to bridge the gap between technology and business to ensure high potential in security teams.



Managers will learn techniques and develop playbooks to manage security teams in an efficient and cost-effective manner. Customized playbooks will improve security team's preparedness to cyber-incidents and attacks.

Security Analysts


Analysts will improve their knowledge about different systems logs, security alerts, and proper response to incidents to ensure their organization’s safety. Analysts will gather knowledge to implement incident response playbooks within their organizations.

IR17 Agenda



Nadhem AlFardan

Security Architect at Cisco Systems


Linus Barloon II

Director of Cybersecurity at the Office of the Sergeant at Arms, U.S. Senate


Nick Bilogorskiy

Sr. Director, Threat Operations at Cyphort


Mark Butler

CISO at Qualys


Ed Cabrera

Chief Cybersecurity Officer at Trend Micro


Philippe Courtot

Chairman & CEO at Qualys


Brian Done

DHS/CS&C Deputy Chief Technology Officer (CTO) at DHS


David Girard

Breach Detection Team Leader at Trend Micro


Lt. Gen. Rhett Hernandez (ret.)

Former Commander of the U.S. Army Cyber Command & President at CyberLens


Chris Howell

CTO at Wickr


Larry Johnson

CEO at CyberSponse


Terry McAuliffe

Governor of Virginia


Gary McIntyre

Senior Security Services Architect at Cisco Systems


Robert Novy

Deputy Assistant Director, Office of Investigations, U.S. Secret Service


Eric O'Neill

Founder of The Georgetown Group


Razwan Raja

Principal at XOR Security


Mike Rogers

Former Congressman (Michigan’s Eighth Congressional District)


Dean Sapp

CISO at Braintrace


Wasif Shakeel

Vice President - Cyber Defense at Defense Point Security


Mark Sullivan

Principal at GSIS


Kelcey Tietjen

Chief Information Security Officer at LANL


Gregory Touhill

Cybersecurity and IT Senior Executive


Joel Wallenstrom

CEO at Wickr



Philippe Courtot | CEO, Qualys

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor’s Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe.


Daniel Conroy | CISO, United Technologies

Daniel is an innovative thought leader with over 17 years’ experience in building, managing, and leading information security teams, currently serving as the Chief Information Security Officer (CISO) at United Technologies. He has a proven track record implementing security programs in complex organizations to manage and reduce risk to acceptable levels. He is a highly accomplished practitioner of cybersecurity and technology risk governance. As a senior executive, he has built information security programs ground up and developed cutting-edge capabilities. Prior to joining United Technologies, Daniel has served as the CISO at Synchrony Financials and The Bank of New York Mellon as well as the Head of Cybersecurity Strategy, Planning, and Governance at Citigroup. Infectiously energetic and an engaging public speaker, Daniel is a results-oriented, hardcore security technologist at heart, with a passion for business and programs. He continues to develop existing skills while exploring the latest best practices in threat intelligence, crisis management, infrastructure, application, mobile, and architectural security.


Joel Wallenstrom | CEO, Wickr

Joel Wallenstrom is the CEO of Wickr, a secure communications company building peer-to-peer encrypted ephemeral messaging and collaboration platforms. Prior to joining Wickr, Joel co-founded and led several top white-hat hacker teams including iSEC Partners and NCC Group, renowned for their cutting edge security research and incident response in high-profile cases. Joel also served as Director for Strategic Alliances at @stake, one of the very first information security companies.


Gus Hunt | Former CTO - CIA, Accenture Federal

Ira “Gus” Hunt, former chief technology officer for the CIA, has joined Accenture Federal Services (AFS) to lead its cybersecurity practice, which offers its clients a portfolio of key cyber capabilities including strategic consulting, data-centric security technologies, secure transition to the cloud, and operational security such as cyber hunt and incident response. Hunt retired from the CIA in 2013 after a 28-year career. As CTO, he set the CIA’s information technology strategic direction, accelerated adoption of new technology and led the agency’s implementation of the Amazon cloud.


Joseph Loomis | CTO, CyberSponse

Joseph Loomis is the Founder & CTO of Security Operations Technology, CyberSponse, Inc. Joe is a proven serial security entrepreneur with successful startup exits and has provided security based technology for companies like Apple, Microsoft, Novartis, Sony, LG, Pfizer and many others. Mr. Loomis is well versed in Cyber Security methodologies, incident response and leverages his relationships to help define visionary and innovative product offerings for the information security sector. Joe is often seen speaking on national news networks to include CNBC, FOX, CNN and a few others. Joe works closely with multiple government agencies in his cooperative efforts combating Cybercrime and Cybersecurity. Joe is driven by a deep passion for helping others in need, mentoring other entrepreneurs and helping the next founder build their business.


Charles Sterner | Head of Security Ops, Palo Alto Networks

Charles Sterner has been with Palo Alto Networks for a year and a half, working with a few customers willing to try out a new model of SOC he calls SOC 2030. In his last role, Charles worked in product management at Arcsight, overseeing SOC Strategy. Prior to that role, Charles managed multiple SOC implementations and operations as a founding member in ArcSight’s Security Intelligence and Operations Consulting practice. He led HP’s Global Cyber Defense Center, one of the largest SOCs globally. Charles also led the ground zero formation of Sony Entertainment International’s SOC as a response to the PlayStation Network breach of 2011. Prior to ArcSight/HP, Charles was a member of the US Navy, specializing in Aviation Warfare, and later Cyber Intelligence. Charles is a licensed private pilot, enjoys paintball as “team building” events, and is passionate about all things SOC.


Wayne Reynolds | Head of Security Ops, Armor

VP of Security Wayne Reynolds manages the cyber and physical security operations at Armor. This unique, dual responsibility extends beyond the typical approach many cloud providers take in securing their own operations while leaving customers to fend for themselves. Key to establishing the strategic and operational vision at Armor, Wayne oversees the execution of Security Incident Management, Security Infrastructure, Vulnerability Threat Management, Threat Intelligence, Corporate Security, and Physical Security within both the Armor’s corporate and customer environments. He leads Armor's Friendly Network Forces, a one-of-a-kind internal penetration testing organization designed to validate the company’s own security measures and evaluate risk from new or unforeseen threats. Prior to Armor, Wayne served in the U.S. Marine Corps for nearly 20 years where he led the Tactical Information Technology and Avionics Departments. In his civilian career, he has lead organizations for a wide range of businesses to include Conde Nast Publication, Copart Auto Auctions, Aerojet-Rocketdyne, Citi Group, and GameStop.


Greg Foss | Head of Security Ops, LogRhythm

Greg Foss is LogRhythm’s Head of Global Security Operations, where he is tasked with leading both offensive and defensive aspects of corporate security. His team drives product research and development from the front lines, consistently focused on improving defensive capabilities. Previously, he was a Senior Researcher with the Labs Threat Intelligence team – presenting research at various information security conferences, such as DerbyCon, Black Hat, BSidesLV, AppSecUSA, and others. Greg is a very active member of the Denver information security community who loves to give back and support the industry however he can.


Boyden Rohner | Head of Security Ops, DHS

Boyden is the Director of Cybersecurity Operations for the Information Security Office at the Department of Homeland Security (DHS). In this role, Boyden oversees the DHS Enterprise Cybersecurity Operations Center which prevents, detects, and responds to cyber threats targeting DHS. Previously, Boyden worked at the National Security Council Staff in direct support of the President of the United States and the National and Homeland Security Advisors. Prior, Boyden managed the production of the daily intelligence and operations brief for three Homeland Security Secretaries. Before joining DHS, Boyden served on three destroyers as a Surface Warfare Officer in the United States Navy and deployed to the Middle East in support of Operations Enduring and Iraqi Freedom. Boyden holds a Bachelor of Science from the United States Naval Academy, a certificate in Executive Leadership from the Kennedy School of Government at Harvard University, and Masters of Public Administration from American University.


Eric VanDine | Head of Global Cyber Security Ops, Capital One

Eric VanDine has held multiple positions in Information Security over the course of his career, including malware reverse engineering, network security monitoring, security engineering, and third-party risk management. Eric has led security operations teams in e-commerce and banking industries, building out security operations and developing managed security services offerings. Most recently Eric has worked for Capital One, building a global, 24x7 cyber security operations center. In his free time, Eric studies cooking techniques and the science behind food preparation.


Wasif Shakeel | Enterprise SOC Architect, Accenture Federal

Mr. Shakeel, Vice President of Cyber Defense, has over 15 years of hands-on years of experience in cyber security in its various disciplines including security operations, vulnerability management, and accreditation. In this capacity he has supported a number of federal and commercial entities including, DHS, CBP, ATF, USAF, Wells Fargo, and many others. Formerly, the Senior Director of Cyber Security for a large integrator, Mr. Shakeel managed multiple cyber security programs in the federal civilian sector including DHS SOC, IRS CSIRC, CFPB Engineering Services, and many others. He has directly led programs including DHS SOC and Managed Services SOC where he has developed and implemented ground-breaking SOC processes, metrics, and cyber defense techniques. For Defense Point Security, Mr. Shakeel directs the Cyber Defense practice – which is composed of multiple SOC programs in the federal civilian, health, and commercial sectors – with hands-on support for customers and DPS employees to ensure services provided are highly innovative yet cost-effective cyber solutions.

Why Should You Attend?

Build playbooks for your organization by working with the best in the industry

Leave with operational Incident Response plan by using the best tools

Learn how to build efficient and effective processes



Join the Incident Response Community to be a part of the conversation.

No incident response conversation should be discoverable by an adversary because it takes place on insecure mainstream communication platforms.

Get Wickr Pro
An out-of band end-to-end encrypted ephemeral channel where IR professionals share indicators, threat intel and conduct investigations.

Venue Information

The Ritz-Carlton, Pentagon City is conveniently located Close to Pentagon. This 5-star hotel is 5 minutes away from the heart of Washington, D.C.


1250 South Hayes Street
Arlington, VA 84440

The Incident Response Conference (IR17) is being held at the Ritz-Carlton, Pentagon City. IR17 has reserved a block of rooms at the Ritz Carlton Pentagon City at a group rate of $265 USD per night (plus tax). Please make sure to reserve your room now as the block will fill quickly. Reservation requests for the IR17 Annual Summit will be accepted through Monday, August 21, 2017. The block is available up to this date or until filled. Reservations requests received after August 21 are on vacancy and price availability.

Ritz Carlton

Be a Part of the New Community!

Do not miss this opportunity to be part of history! Join the cybersecurity community and be part of inspiring change in improving incident response process!

Stay Connected on  

Join the Incident Response Consortium Slack Channel to be a part of the conversation.

Register Below


IR17 is a free event. All registrants must use their corporate or government email address to attend. Any registrants using personal email accounts will be denied entry.

Please select only one ticket option listed below.

This is an IR Consortium Members Only event.
For more information, click here.

Our Mission

IR17 is organized by Incident Response Consortium, a non-profit organization dedicated to improving the incident response process within the cybersecurity community.