Event Schedule

Times for this Event are in Eastern Time (EDT/EST)

The Summit will be open from 8AM to 6PM.

  • Welcome / Introductions
  • Disrupting Lateral Movement by Securing Active Directory 8:50 am

    Presented by Attivo Networks

    A common tactic among advanced threat actors and ransomware attacks today involves leveraging Active Directory to move laterally and accomplish their mission. Active Directory data can give attackers credentials, privileges, access, and persistence. Protecting it must be a high priority for any organization.

    Active Directory security requires time, resources, expertise, and visibility. Typical best practices focus on limiting privileged accounts, conducting audits, and hardening systems, but these no longer suffice to address advanced attacks.

    Join this session to explore new options that automate defending AD from compromise to prevent lateral movement.

    Highlights include:

    • Live detection for attacks targeting Active Directory
    • Attack surface reduction at both Active Directory and the endpoint
    • Continuous visibility to AD changes that introduce new exposures
    • Addressing Active Directory assurance to reduce risks and pass Red team tests
    Click to Expand

    Panel Participants:

    Joseph Salazar
    Joseph Salazar

    Joseph Salazar

    Technical Deception Engineer, CISSP, CEH, EnCE

    Collapse This Item

  • Broken Authentication: Fixing one of the most critical web application security risks 9:10 am

    Presented by Auth0

    Authentication is a cornerstone capability of any application. Ensuring a user is who they say they are is crucial to maintaining data privacy and preventing fraud and data breaches. Consequently, improperly implemented authentication, known as broken authentication, is a potentially devastating application vulnerability. In fact, the Open Web Application Security Project (OWASP) lists broken authentication as the second most critical security risk to web applications.

     This session will provide:

    • An overview of broken authentication; 
    • Why it’s so dangerous;
    • The types of threats that can take advantage of this vulnerability;
    • How you can prevent this most critical application security risk.
    Click to Expand

    Panel Participants:

    Andrew Akers
    Andrew Akers

    Andrew Akers

    Senior Manager, Solutions

    Collapse This Item

  • Zero Trust Tips from Cisco’s SVP, Chief Security & Trust Officer 9:50 am

    Presented by Duo Security

    Interested in bringing zero trust to your workforce but unsure of where to begin? This talk will cover the basics of workforce zero trust and best practices for implementation at organizations big and small. Practical learnings from Cisco’s rollout to its 100,000+ users will be shared to help you get started on your journey and plan for success.

    Click to Expand

    Panel Participants:

    Brad Arkin
    Brad Arkin

    Brad Arkin

    SVP, Chief Security & Trust Officer

    Collapse This Item

  • Moving Beyond Password to Delight & Secure Users 10:10 am

    Presented by Okta

    Passwords have been a constant throughout the internet era. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources across the applications we use on a daily basis.

    But in this new digital age where data breaches are rampant, passwords are no longer good enough. Not only are they insecure, they are expensive and offer a poor user experience. Fortunately, there’s a better way to protect your applications and stop account takeover incidents.

    In this session, we’ll discuss the benefits of passwordless authentication and explain how eliminating the password can help improve user experience, admin visibility and control, and scalability. We’ll also walk through key considerations and first steps as you embark on your passwordless journey.

    Click to Expand

    Panel Participants:

    Michael Patterson
    Michael Patterson

    Michael Patterson

    Solutions Engineer

    Collapse This Item

  • Expert Panel Discussion: AppSec + Coud 10:30 am

    Application Security in Hybrid, Multi-Cloud Environments

    89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots.  As the application landscape continues to grow, and the increased use of cloud-native architectures challenges traditional approaches, cybersecurity leaders are often looking for new ways to understand potential vulnerabilities.  With faster iterations from Agile Development pushing the DevSecOps Teams to move as quickly as possible, there is ample room for gaps to appear. 

    In this panel, our experts will discuss some of the various approaches to address these issues. The discussion will cover challenges faced by teams of all sizes, and processes, tools and methods that are in use to address. 

    Click to Expand

    Collapse This Item

  • Rethinking Data Protection in the Age of Ransomware 11:20 am

    Presented by Zerto

    With the proliferation of data-driven digital business growing at an exponential pace, so is the pace of cyber security threats and attacks, such as ransomware. Cyberattacks can cost a company $1.4 Million on average in recovery when you add in the cost of lost productivity, reputation damage, and service disruption. Are you at risk? Can your backup keep pace with the speed of recovery that’s needed today? Attend this session to find out why traditional backup won’t save you from ransomware attack and how continuous data protection helps you to prepare, respond and recover from an attack.

    Click to Expand

    Panel Participants:

    Andy Fernandez
    Andy Fernandez

    Andy Fernandez

    Senior Technology Evangelist

    Collapse This Item

  • Building an Effective Security Awareness Program 11:40 am

    Presented by KnowBe4

    Searching on Google for the phrase “Humans are the weakest link”, one would find almost 100,000 results. However, by properly educating humans and making them aware, they can be the most vital asset and, in turn, become the human firewall for an organization. Cybercriminals are successfully gaining access to organization’s systems, data, and infrastructure in various industries worldwide. They are doing it the most common way, tricking the humans into clicking on a link and effectively bypassing the firewalls and opening the organization’s proverbial front door. It is quickly becoming known that Security Awareness Training programs are crucial to reducing the organization’s risk of an attack. However, what does it take to operate and maintain these programs successfully? Organizations need to have a robust security awareness and training program for all employees from the front desk to the boardroom. Understand the purpose of a Security Awareness Training Programs and how to keep up with emerging social engineering threats How various psychology concepts can get employees to accept the training and how everyone can be the human firewall. Learn about the red flags of social engineering or rogue website links.

    Click to Expand

    Panel Participants:

    James McQuiggan
    James McQuiggan

    James McQuiggan

    Security Awareness Advocate

    Collapse This Item

  • Lunch Break
  • Keynote Speaker: Cyber Kills 12:25 pm

    Cyber incidents kill. They have killed before. They will kill again.

    Cyber incidents kill. They have killed before. They will kill again.

    Even though the cyber industry constantly strives to raise the world’s awareness about emerging threats, it seems like we have neglected to talk about the thing that will soon become the center of the cybersecurity domain – life-threatening cyber threats (LTTs).

     Even the current cybersecurity industry standards (e.g., NIST Cybersecurity framework) fail to discuss (and even mention) this threat category, let alone explain how such threats should be incorporated in the risk management process in a way that would allow security experts and decision-makers to identify and tackle such threats effectively.

     In this talk, we will discuss this threat, review past incidents that have resulted in casualties, and dive into effective risk management strategies. We will define the different LTTs subcategories (e.g. direct and indirect), understand who can be affected by such threats (most of enterprises, business and individuals), and how.

    We will discuss incentives, discover why these attacks almost never happen even though they are possible, and see why this is about to change. We will revisit the relationship between physical security and cybersecurity.

     Lastly, we will understand why the cyber industry must adopt the right mindset when human lives are at stake and incorporate this notion into their standards, policies, and methodologies.

    Click to Expand

    Panel Participants:

    Menny Barzilay
    Menny Barzilay

    Menny Barzilay

    CEO of Cytactic

    Collapse This Item

  • The Risk Management “Balance Sheet” 1:05 pm

    Managing risk has always been a part of the CISO responsibility set; however, the ways in which it is managed has no clear definition. With new ransomware threats, supply chain attacks, and third-party risk in the mix – perhaps a new way to budget risk is required.  Is there an effective way to have a “risk balance sheet” – a way in which the CISO could communicate risk to the rest of the C-suite in a consistent language they would understand?

    Click to Expand

    Collapse This Item

  • Beyond SolarWinds: Supply Chain & Third-Party Risk Management for 2021 1:25 pm

    Even before SolarWinds Orion Code Compromise, Supply Chain Attacks were up over 400% in 2020.  As 2021 rolls on, this attack vector has received tremendous attention.  Along with third-party risk in general, partner organizations and software systems with unfettered, privileged, deep access to infrastructure create “a perfect storm” threat for modern cyber executives.  

    In this session we will discuss these challenges in detail, as well as the multiple approaches to identify the best means of using supply chains while keeping the third-party risks at a minimum.

    Click to Expand

    Collapse This Item

  • Expert Panel Discussion: Beyond SolarWinds/3rd Party 2:00 pm

    Beyond SolarWinds: Supply Chain & Third-Party Risk Management for 2021

    Even before SolarWinds Orion Code Compromise, Supply Chain Attacks were up over 400% in 2020.  As 2021 rolls on, this attack vector has received tremendous attention.  Along with third-party risk in general, partner organizations and software systems with unfettered, privileged, deep access to infrastructure create “a perfect storm” threat for modern cyber executives.  

    In this panel, our experts will discuss these challenges in detail, as well as the multiple approaches to identify the best means of using supply chains while keeping the third-party risks at a minimum.

    Click to Expand

    Collapse This Item

  • AI & ML in Cybersecurity: Can we ‘Science the heck’ out of trouble? 2:25 pm

    We get it, Artificial Intelligence (AI) with particular focus on Machine Learning (ML) is one way to overcome advanced threats with particular attention to scale. That said, those terms are thrown at our executives to delight, amaze and confuse them. How do we really discern between them as tools in our kit versus ‘Weapons of Mass Distraction’?

    Click to Expand

    Collapse This Item

  • Managing the Insider Threat 2:45 pm

    An adversary who attacks an organization from within can prove fatal to the business and is generally impervious to conventional defenses.  Social science research has been used to explain why traditional methods fail against these trusted betrayers.  Every company must identify and utilize new management techniques, increase security, and revise workplace strategies for categorizing and defeating insider threats.

    There are key players in positions to either effectively support or undermine the insider threats.  Leadership style can make a difference in the way an institution recognizes and identifies these threats from rethinking background investigations to recognizing deception and using lawful disruption. Most importantly, organizations must circumvent these predators before they jeopardize the workplace and sabotage business operations.

    Click to Expand

    Collapse This Item

  • Expert Panel Discussion: Cloud Security 2021: What’s New, What Changes 3:25 pm

    Cloud Security 2021: What’s New, What Changes

    Although it seems like a decade – just a few years ago, industry analysts were still advising the CISO community to keep the “crown jewel” data in private data centers.  Requirements for the security OF the cloud, and the security IN the cloud have accelerated quickly and today – amid the pandemic – that transition is near-complete. 

    This is a broad topic – so our panel today will focus on the nuances of security IN the cloud, and some of the cutting-edge practices that innovative organizations are doing today to get ahead of threat actors who target online storage, protocols, email, file shares, and other data and network access that can be accidentally be exposed.

    Click to Expand

    Collapse This Item

  • Operational Technology (OT) & Industrial Control Systems (ICS): Cybersecurity Concerns 3:50 pm

    Since the Stuxnet worm was first discovered back in 2010, attacks related to SCADA systems have been of concern. While manufacturing and utility organizations tend to talk about them more, there are wide implications across the cybersecurity landscape that touch on ICS and OT systems of all kinds. 

    In this session we will talk about why these types of attacks represent a primary concern, and what state-of-the-art looks like in terms of building protections.

    Click to Expand

    Collapse This Item

  • CISO Panel 4:30 pm

    Panel Participants:

    Eric Hussey
    Eric Hussey

    Eric Hussey

    Chief Information Security Officer - PTC

    James Cusson
    James Cusson

    James Cusson

    Secretariat Security Liaison at Massachusetts Executive Office of Health and Human Services

    Collapse This Item

  • Closing Session + Prize Drawing