Event Schedule

  • Continuous Vulnerability Management: Striving for a 14-Day SLA 9:20 am

    Presented by Ivanti

    The importance of having a continuous vulnerability management process as part of an overall security program such as that provided by the CIS controls framework.

    When threat actors exploit weaknesses in an organization’s IT infrastructure, the consequences can be devastating to productivity, reputation, and financially. Without treating cybersecurity as an ongoing process, hackers can find, weaponize, deploy, and attack your infrastructure faster than your team can patch the vulnerability leaving your infrastructure unprotected. Your systems may be secure today, but next week, a cybersecurity criminal may discover and exploit a critical vulnerability in your environment. Join us as we discuss how continuous vulnerability management can be executed effectively.

    Click to Expand

    Speaker:

    Chris Goettl
    Chris Goettl

    Chris Goettl

    Director of Product Management, Security

    Collapse This Item

  • Credential Harvesting as a Service: How This Dark Web Organization Steals Your Microsoft Credentials Presentation 9:40 am

    Presented by Avanan

    In this presentation, we will analyze the attack methods of a single advanced persistent threat organization that guarantees its dark-web customers that their messages will bypass Microsoft security. We will review the software they use to send email from anywhere in the world, their techniques that take advantage of both short- and long-lived vulnerabilities and the infrastructure to harvest credentials and perform attacks almost instantaneously. You will be surprised by the sophistication of the tools as well as their ease of use. Updated regularly with release notes and training videos, they are not ‘hackers’, so much as software developers with a very clear product offer: 100% access to your inbox. We will watch them over time and show how the tricks they use provide us with the indicators-of-attack we need to stop them.

    Click to Expand

    Speaker:

    Michael Landewe
    Michael Landewe

    Michael Landewe

    Cofounder

    Collapse This Item

  • Threat Hunting & Modern Security: 3 Fundamental Flaws 10:30 am

    Presented by CriticalStart

    Security Operations is a discipline continuously evolving – with the evolution of tools and processes , there are still 3 fundamental flaws that exist with Modern Security Operations.  We will examine 3 specific flaws of modern security operations:

    • Risk Acceptance
    • SOC Alert Overload
    • Inability to mitigate all Zero-Day Attacks.

    We will start the discussion with a quick SOC capacity expertise, review in detail the 3 fundamental security flaws, revisit the math from the SOC capacity exercise to understand “what is being missed based upon my current capacity?”  We will also cover costs to the business for associated with these flaws and wrap up with some suggestions for mitigation.

    Click to Expand

    Speaker:

    Jim Rohde
    Jim Rohde

    Jim Rohde

    Director of Security Engineering

    Collapse This Item

  • Introduction to Risk-Based Vulnerability Management 10:50 am

    Presented by Kenna Security

    Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.

    But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.

    Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:

    • Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
    • Details the findings on how risk-based is the way to get ahead in vulnerability management
    • Lays out several factors that drive better remediation performance
    • Provides steps for setting up a successful risk-based vulnerability management program
    Click to Expand

    Speaker:

    Ed Bellis
    Ed Bellis

    Ed Bellis

    CTO and Co-Founder at Kenna Security

    Collapse This Item

  • Lunch Break
  • The USSS’ Current Posture During the COVID-19 Pandemic 12:10 pm

    Presented by United States Secret Service

    Tom will discuss the USSS’ current posture during the COVID19 pandemic. He will discuss how the pandemic, and the current telework posture of the majority of the private and public workforce has had on effect on criminal activity, cyber hygiene, and the incident response process. He will discuss the continued importance of having a relationship with federal law enforcement and the need for timely reporting of incidents and events, especially if the incident involves the loss of money through U.S. and International financial systems.

    Click to Expand

    Speaker:

    Thomas Flynn
    Thomas Flynn

    Thomas Flynn

    Assistant Special Agent In Charge - New York Field Office US Secret Service

    Collapse This Item

  • Shifting PAM into High Gear with Zero Standing Privilege (ZSP) 1:05 pm

    Presented by Remediant

    Zero Standing Privilege (PAM) was a new term introduced in 2019 and might just be the best approach to shift your PAM strategy into high gear. In this short presentation, we’ll discuss how PAM projects were managed historically and highlight a new PAM approach to reduce the impact of compromised admin credentials.

    Do you know what admin credentials exist today or even how they change over time in your organization? This is just one of several challenges we’ll discuss, offer a solution and discuss the need and value of frequent scanning of admin rights, reporting on current standing privileges and the adoption of a ZSP and Just-In-Time administration.

    So, if you’re looking for quick wins in PAM, including removing local admin rights and support for DevOps+PAM use cases, join the discussion and learn how other organizations like yours have succeeded.

    Click to Expand

    Speaker:

    Paul Lanzi
    Paul Lanzi

    Paul Lanzi

    COO

    Collapse This Item

  • Get Rich Quick with Ransomware! A Lazy Hacker’s Perspective for Enterprises 1:25 pm

    Presented by Axis Security

    Think Ransomware isn’t for you? In this enlightening talk, Gil Azrielant, co-founder of Axis Security, will quickly discuss the business opportunities, the technologies, the industry and the mechanics attracting hackers the world over to ransomware. In the process Gil will reveal how some enterprises can use new technologies to defend themselves against attack.

    Click to Expand

    Speaker:

    Gil Azrielant
    Gil Azrielant

    Gil Azrielant

    Co-Founder and CTO at Axis Security

    Collapse This Item

  • Deciphering SOC 2 Compliance in Cloud-Native Environments 2:15 pm

    Presented by Capsule8

    How did a fairly straightforward endeavor – an IT audit – become that monster under the bed?

    Compliance projects all too often feel a massive box checking exercise. You may be pulling staff and co-workers into a vast abyss, mapping arcane compliance controls, deciphering audit speak, all to hopefully pass an audit and maybe shore up security. So how can you, the IT experts, quickly tease out the essence of what an auditor needs to give them confidence that you have passed an audit?

    In this presentation we will use the example of a SOC 2 Type 1 audit in a cloud-native environment to demystify all of the dots, dashes and control numbers, giving you a high level roadmap of key elements required to pass your own SOC 2 audit regardless of where you are on your cloud native or compliance journey.

    Click to Expand

    Speaker:

    Cynthia Burke
    Cynthia Burke

    Cynthia Burke

    Head of Compliance

    Collapse This Item

  • Three Things You Need to Know About New CCPA Regulations 2:35 pm

    Presented by Spirion

    This presentation describes the many cyber security requirements of the California Consumer Privacy Act. Included is an analysis of additional requirements recently published by the California Attorney General.

    On March 11, 2020, the California Attorney General issued another set of revisions to the California Consumer Privacy Act of 2018 regulations. Updates include guidance on IP addresses, privacy policy disclosures, and denying deletion requests. While the regulations address many questions, they still leave much unanswered, and privacy/security professionals need clarity ahead of the July 1, 2020 compliance deadline. In this interactive presentation, a data protection industry veteran will offer perspective on the Regulations and three ways professionals can hedge their compliance bets ahead of the deadline. Takeaways include:

    • Understand the most pressing elements of the Regulations
    • Learn how to prioritize and rationalize your compliance efforts
    • How to leverage your efforts in advance of CCPA 2.0
    Click to Expand

    Speaker:

    Scott Giordano
    Scott Giordano

    Scott Giordano

    VP and Sr Counsel, Privacy & Compliance

    Collapse This Item

  • Q&A - AI & ML in Cybersecurity: Can We ‘Science the Heck’ Out of Trouble?
  • Closing Session
  • Cyber Resilience: Rethinking Your Data Protection Strategy in the Age of Ransomware 9:20 am

    Presented by Zerto

    Ransomware threats increased by 300% last year, and the industry is expecting it to get worse. Ransomware victims’ greatest pains are downtime and data loss. Current DR and Backup solutions aren’t equipped to help you manage it at the speed of business. Join us for this discussion on how to transform your data protection approach to ensure you can protect your data and resume operations almost instantly when facing a ransomware attack. See you there!

    Click to Expand

    Speaker:

    Andy Fernandez
    Andy Fernandez

    Andy Fernandez

    Senior Technology Evangelist at Zerto

    Collapse This Item

  • Managing Digital Risk Amid Disruption 9:40 am

    Presented by RSA

    Digital transformation is not only changing how companies think about business. It is changing how we think about risk. We need to *act* on risk, not worry about it. We need to start and end with the basics. In this session we review several key areas of digital risk management to target as you are challenged to be a key contributor in your company’s digital journey.

    Click to Expand

    Speaker:

    Ben Smith
    Ben Smith

    Ben Smith

    Field CTO

    Collapse This Item

  • Developing Your Identity Strategy 10:30 am

    Presented by Sailpoint

    Remember when identity management meant creating new accounts and resetting user’s passwords? Over the years, digital identity has evolved into much, MUCH more. Your identity program now includes not just identity management, but also access management, privilege management, and even customer identity management, all of this falling under the umbrella of identity governance. More importantly, identity has shifted from being a basic operations function to the cornerstone for business enablement and digital transformation. In this presentation, Rob walks you through key considerations when developing your identity strategy to help you improve the current state of your program while building a solid foundation for the future of your identity program.

    Click to Expand

    Speaker:

    Rob Wilson
    Rob Wilson

    Rob Wilson

    Sr. Solution Engineer

    Collapse This Item

  • How Do You Start a ML Project? Finding the Breach With Infinity SOC 10:50 am

    Presented by Check Point Software Technologies

    What is Machine Learning? Can you decipher buzzwords such as Artificial Intelligence, machine or deep learning, and differentiate between hype and fake news? Cyber-attacks are more prevalent than ever in our world today, with exponential, every-increasing variance, velocity, and volume of threat campaigns. This presentation aims to hopefully enable you to understand what lies beneath the words “AI-powered cloud” or more precisely “data driven security”.

    The Security Operations Center (SOC) is often all that stands between an organization and a potentially financially devastating data breach. However, 98% of SOC teams face significant challenges in their mission to detect and shut down attacks. For many SOC teams, finding malicious activity inside their network is like finding a needle in a haystack. They are often forced to translate information from across a multitude of monitoring solutions and navigate through tens of thousands of daily alerts. This is crossroad where machine learning and security align to equip security analysts with relevant and actionable information to prevent and respond to threats in real time.

    Click to Expand

    Speaker:

    Elie Klein
    Elie Klein

    Elie Klein

    Security Engineer

    Collapse This Item

  • Q&A: Users as the Attack Vector - People and Security
  • Lunch Break
  • Shift Left – Building Security into the Application Development Lifecycle 1:05 pm

    Presented by Micro Focus

    By building security into your application development lifecycle you not only help reduce your attack surface, but also save roughly 30% in costs associated with resolving the application security vulnerabilities afterwards… never mind the costs associated with a breach, such as shareholder value and brand tarnishing.

    Click to Expand

    Speaker:

    Rob Aragao
    Rob Aragao

    Rob Aragao

    Chief Security Strategist

    Collapse This Item

  • 2020: The Passwordless Decade 1:25 pm

    Presented by HYPR

    As we enter the passwordless decade, more and more organizations are asking the question: How quickly can I move beyond passwords?

    George Avetisov, CEO of HYPR, will discuss the rise of organizations moving to the cloud, how the perimeter fades and the attack surface gets larger.

    Modern tools such as SNIPR and Modlishka make it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. How did we get here, and will mainstream adoption of passwordless security have an impact?

    We will explore how the rise of virtual desktop infrastructure has affected workstation login and review how the evolution of authentication has impacted organizations’ identity and access management systems.

    In this session, you’ll learn:

    • Why is Credential Reuse at All-time Highs?
    • How has Authentication Evolved?
    • Why this is the Passwordless Decade
    Click to Expand

    Speaker:

    George Avetisov
    George Avetisov

    George Avetisov

    CEO

    Collapse This Item

  • A People-Centric Approach to Cyber Risk Management 2:15 pm

    Presented by Proofpoint

    Today’s threat landscape is characterized by attacks which focus on humans. For the third straight year, Proofpoint Threat Research has confirmed that over 99% of attacks are human-activated.

    Developing a holistic cyber security program involves educating end users on where and how they are exposed to cyber-attacks, gathering metrics, and highlighting key areas where proactive steps can be identified to minimize risks to cyber-attacks.

    During this presentation, we’ll cover:

    • The clearly defined risk areas that are frequently targeted in cyber-attacks, with clear examples and use cases
    • How organizations can implement a People-Centric security approach, decreasing their vulnerability to cyber threats.
    Click to Expand

    Speaker:

    Jack Johnson
    Jack Johnson

    Jack Johnson

    Sr. Systems Engineer

    Collapse This Item

  • Reducing Friction and Managing Remote Work Environments 2:35 pm

    Presented by Automox

    The business world has changed and many of those changes, like remote working, are here to stay. And keeping your teams safe during this period is a no-brainer—as is making sure their remote endpoints are managed and secure. But with these changes come a list of concerns and issues that many organizations just are not ready to address, sometimes highlighting legacy support policies and even out-of-standard technological needs. The friction of everyday management of the full enterprise has increased, putting a strain on the IT and support staff as well as the users.

    During this presentation, I will address common areas of friction in endpoint management as well as ways to pinpoint friction in your environment, and finally ways to address the problems and setup your organization for scalability with endpoint management.

    Click to Expand

    Speaker:

    Richard Melick
    Richard Melick

    Richard Melick

    Sr. Technical Product Manager

    Collapse This Item

  • Q&A Ransomware - to Pay, or Not to Pay?
  • How Various Cryptocurrency and and Blockchain Technologies Fundamentally Work 3:45 am

    Presented by United States Secret Service

    This presentation will provide a basic overview of the mechanics of how various cryptocurrency and and blockchain technologies fundamentally work, and the role it plays in emerging cyber-enabled crimes such as Ransomware and Business Email Compromises (BEC).

    Click to Expand

    Speaker:

    Mark Norberg
    Mark Norberg

    Mark Norberg

    Assistant to the Special Agent in-Charge - New York Field Office

    Collapse This Item

  • Summit Final Closing Session
Partners