State of Cyber 2021
Virtual Cybersecurity Summit
While the needs of the cybersecurity community often cross international borders, sometimes the most important way to stay on top of the latest trends is to focus on what’s happening locally. Join the State of Cyber 2021 Virtual Cybersecurity Summit to connect with like-minded executives, innovative solutions providers, experts and luminaries.
Log in to the immersive virtual platform of State of Cyber 2021 Virtual Cybersecurity Summit and attend a variety of educational sessions led by subject matter experts, plus listen to insightful Q&A panels and gain a peek behind-the-curtain into the roles of local CISOs during the CISO RoundTable. These exclusive discussions are curated around the needs of cyber experts in the Great Lakes and Midwest regions, offering a unique perspective on how to set up your organization for success against a complex threat landscape.
Take a look at all Data Connectors has to offer here!
State of Cyber 2021
Tue. Dec 14 — Wed. Dec 15
Special Agent in Charge – St. Louis Field Office
Planning, Protection & Response: Working with the US Secret Service as a Cyber LeaderDan Unger
Manager - Security Monitoring and Response at Mastercard
The Payment Card Industry: Is My Money Safe?Jeff Dant
Head of Fraud at Ally Bank
Cyber Enabled Fraud: Understanding & Managing the Growing ThreatDonna Gregory
Unit Chief at FBI Cyber Division, IC3
Keynote: FBI IC3: Cybercrime Data Collection and AnalysisJD Henry
Cyber Security Advisor (Region V), Cybersecurity State Coordinator...
Keynote: State of Cyber 2021 CISA BriefingMeredith Harper
VP, Chief Information Security Officer at Eli Lilly and Company
CISO RoundTableChristopher Conner
CISO at Astute Solutions
CISO RoundTableE.J. Hilbert
Former FBI Cyber Agent, CISO & Founder at KCECyber
CISO RoundTableMark Sangster
Cybersecurity Expert & Author “No Safe Harbor”
CISO RoundTablePhil Kirk
Region VII Director for the Office of Infrastructure Protection in...
Partnering With CISA to Help Secure American InfrastructureDavid Wren
President at InfraGard St. Louis
25 Years of InfraGardAngela Robinson
Cybersecurity Specialist with the Department of Public Safety (DPS)
State of Cyber Inter-Agency CooperationBrian Cockrill
ATSAIC at USSS, St. Louis Field Office
State of Cyber Inter-Agency CooperationChristopher Cockburn
Cybersecurity Advisor at CISA
State of Cyber Inter-Agency Cooperation
Times for this Event are in Central Time (CDT/CST)
The Summit will be open from 8AM to 6PM.
- DAY ONE
- Welcome / Introductions
Planning, Protection & Response: Working with the US Secret Service as a Cyber Leader 9:10 am
Presented by US Secret Service
The Cyber Fraud Task Force Model & the NCFI 9:15 am
Presented by US Secret Service
The Payment Card Industry: Is My Money Safe? 9:20 am
Presented by Mastercard International
The Payment Card Industry faces not only legislative challenges but significant cybersecurity issues as well. Learn how Mastercard protects its payment transaction and corporate networks from the latest cyberattacks.
Cyber Enabled Fraud: Understanding & Managing the Growing Threat 10:10 am
As criminal tactics adapt in the financial crime space, the security industry must also align and adapt. Criminal actors continue to enhance their capabilities by utilizing cyber-enabled tactics to commit fraud and financial crimes at scale. With this convergence of criminal intentions and technical aptitude, businesses must be prepared to detect and prevent.
In this session, we will explore some of the areas where cyber fraud convergence has had an impact on industry groups, such as financial institutions, as well as ways that we can address the threat through collaborative approaches through leveraging intelligence, data, technology, and process.
Low Hanging Fruit: Improve Ad Hygiene For the Easy Win 11:20 am
We read about successful cyber and ransomware attacks every day. Most organizations do not realize that these attacks all have ONE thing in common and that there are simple, rapid, and inexpensive/free actions they can take which will dramatically improve their defense. This presentation will discuss key challenges with improving AD security and offer real solutions.
The State of Secure Identity 11:40 am
Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security. The 2021 Auth0 State of Secure Identity report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies.
During this session, we’ll provide greater insight into which industries are:
– Most highly targeted by credential stuffing attacks
– Most highly targeted by SQL injection attacks
– Leading the way in MFA adoption to improve overall security posture
We’ll also shed light on: fake account creation, MFA bypass attacks, and what defensive measures are being adopted to combat these identity security threats.
Expert Panel Discussion: Defense in Depth: New Strategies for 2022 12:00 pm
Layering Defense in Depth (DiD) with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors. From individual laptops, to VPN to the WAN, the old paradigm of “castles and moats” is soooo 1999. How are organizations preparing to defend against inventive hackers penetrating their systems in 2022?
Panel Participants:Matt Tesauro
Global Director of Security Evangelism at Noname SecurityChris Adkins
Senior Director, Proactive Services at Blue VoyantAdam Fisher
Principal Security Engineer at Salt SecurityJeff Miller
Director, Security Solutions at Infoblox
- Lunch Break
Keynote: FBI IC3: Cybercrime Data Collection and Analysis 1:00 pm
Since 2000, the FBI’s Internet Crime Complaint Center (IC3) has received complaints crossing a wide array of cybercrime matters. Cybercrime data collection and analysis not only identifies trends, but enables efforts to control, reduce, mitigate, and prevent cybercrime. In this discussion, Donna Gregory, Unit Chief for the FBI Cyber Division, IC3 will explain more about their mission to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI, the categories of cybercrime, types of cybercrime data collected, criteria used to measure cybercrime, and how these crimes interoperate with other cybercrime activities.
Securing the Modern API Ecosystem 1:45 pm
APIs are central to digital transformation. Public cloud adoption, modern application architectures, and cloud-native designs capitalize on APIs as a foundational building block. Meanwhile, Gartner predicts that APIs will become the most frequently targeted attack vector by 2022.Attendees of this presentation will learn modern API strategies for security and risk management, including how to perform:
- API discovery and inventory management
- continuous vulnerability identification and testing
- runtime prevention and detection
Importantly, we will focus on orchestration across business, technology, and security teams to empower API-centric business and technology strategies with a shared, complete picture of API risks from code to production.
Rethinking Data Protection in the Age of Ransomware 2:10 pm
With the proliferation of data-driven digital business growing at an exponential pace, so is the pace of cyber security threats and attacks, such as ransomware. Cyberattacks can cost a company $1.4 Million on average in recovery when you add in the cost of lost productivity, reputation damage, and service disruption. Are you at risk? Can your backup keep pace with the speed of recovery that’s needed today? Attend this session to find out why traditional backup won’t save you from ransomware attack and how continuous data protection helps you to prepare, respond and recover from an attack.
The Next Class of Browser-Based Attacks 2:45 pm
There are two distinct characteristics that all threat actors tend to share. First, they focus on avoiding detection by any means. Second, while some go after specific targets, many opt to aim their tactics on vectors that will reap the greatest rewards. After all, a big pond with many fish increases everyone’s chances at success.
Today, given that a majority of business users spend 75% of their working day in a web browser, it’s quickly become the prime target for cyber swindlers. While malware once had to be downloaded to pose a real risk, now, it’s a dynamically generated threat toolkit built in the web where employees are productive.
During this insightful discussion, prepare to learn about the next class of browser-based attacks, but most importantly, share how organizations can protect that productivity. Key takeaways include:
- The anatomy of recent browser-based attacks
- Exposing why network security today is broken
- The technology approach proven to eliminate these threats
Why You Need a First and Last Line of Defense to Protect Against Ransomware 3:10 pm
Ransomware is more dangerous than ever before. Why? It’s partly because successful attacks don’t just affect the victim anymore. Take the Colonial Pipeline attack as an example. What if you could stay safe from ransomware, however it may attempt to get into your network? Join this event to learn how to stop ransomware infections with a first line and last line of defense approach from the cloud edge to the endpoint. Learn how this layered defense approach can help provide ultimate visibility with ultimate responsiveness against ransomware.
Keynote: State of Cyber 2021 CISA Briefing 3:30 pm
The headlines that grabbed attention throughout 2021 were dotted with ransomware, nation-state attacks, and new regulatory and compliance requirements. Part of the Department of Homeland Security (DHS), the over 2,000-person Cyber Infrastructure Security Agency (CISA) is responsible for protecting federal networks and offering security advice to critical infrastructure operators, small businesses, and local governments.
In this exclusive briefing for the State of Cyber 2021 audience, Region 5 Cybersecurity Advisor (Indiana), Integrated Operations Division JD Henry will highlight how CISA has responded to these threats. He will further detail the latest thinking from the agency, and the goals set forth by its new Director Jen Easterly, who was unanimously confirmed by Congress in July.
Cyber Security Advisor (Region V), Cybersecurity State Coordinator at State of Indiana
CISO RoundTable 4:15 pm
Submit your bio for consideration to participate on our CISO RoundTable
to [email protected] or fill out our Call for Speakers form here.
Panel Participants:Meredith Harper
VP, Chief Information Security Officer at Eli Lilly and CompanyChristopher Conner
CISO at Astute SolutionsE.J. Hilbert
Former FBI Cyber Agent, CISO & Founder at KCECyberMark Sangster
Cybersecurity Expert & Author “No Safe Harbor”
- Day One Closing
- DAY TWO
- Welcome / Introductions
Small Businesses Deserve Big Protection 9:10 am
Small businesses are facing many of the same cybersecurity challenges as larger businesses. 66% of small businesses experienced a cyberattack in 2019, and 63% experienced a data breach. But securing your business doesn’t have to be complicated. Cybersecurity tools should be easy for a team of any size to deploy, use, and manage — letting you focus on more important things (like running your business!) Join Kate MacLean from Cisco to learn more about small business cybersecurity and how cloud-delivered security provides powerful protection against today’s biggest cyberthreats.
Remote Work – The Wild West of Endpoint Management 9:30 am
The pandemic forced many of us to switch to working remotely overnight. At the time this was and continues to be an ongoing challenge for IT Departments that need to manage and maintain their remote endpoints. Now that companies are trending towards long-term remote work options, IT Infrastructure has to continue to adapt to the new and demanding ways of working from home. During this session we will cover what remote work has to do with the Wild West and what you need to be aware of to tame these challenges.
Ransomware Decoded: Understanding & Preventing Modern Ransomware Attacks 9:50 am
Learn how to become fearless in the face of modern ransomware attacks. Next-gen ransomware has evolved to better evade standard defenses and targeted attacks stand a high chance of success against underprepared environments, making a behavior-based approach to prevention, detection, and response required for success.
Join our session to understand how to deploy fearless ransomware protection to detect the preliminary stages of a ransomware attack, fully analyze the scope and scale of the operation, and prevent the execution of the malicious ransomware payload to mitigate future cyber risk.
WHY SHOULD I ATTEND?
– Learn about the latest ransomware trends
– Dissect discoveries from Cybereason’s Nocturnus team
– Become empowered to defend against ransomware
Expert Panel Discussion: 2022 Trends & Directions 10:10 am
What will define cybersecurity in 2022? What carries over from 2021?
2021 was a busy year for cybersecurity professionals. The impacts from attacks like SolarWinds, Colonial Pipeline, Hafnium and Kaseya rippled through the industry — and spurred changes in the way we look at ransomware, threat actors, nation-state attacks, supply chain, and third-party risk. Moreover, the latest Executive Order on Cybersecurity and infrastructure bills will cause us to reevaluate some practices, and refine processes and procedures.
In this panel discussion, experts will bring in various opinions and points of views on what they expect to shape the next 12 months, and what cybersecurity leaders in the audience can do to prepare.
Panel Participants:George Cassels
Director of Technology, Enterprise at TelosAmi Luttwak
Chief Technology Officer & Co-Founder at WizPeter Klimek
Director of Technology at ImpervaJohn Capello
VP Product Strategy at Nasuni
Introduction to Risk-Based Vulnerability Management 11:00 am
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.
But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.
Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:
- Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
- Details the findings on how risk-based is the way to get ahead in vulnerability management
- Lays out several factors that drive better remediation performance
- Provides steps for setting up a successful risk-based vulnerability management program
Moving Beyond Password to Delight & Secure Users 11:20 am
Passwords have been a constant throughout the internet era. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources across the applications we use on a daily basis.
But in this new digital age where data breaches are rampant, passwords are no longer good enough. Not only are they insecure, they are expensive and offer a poor user experience. Fortunately, there’s a better way to protect your applications and stop account takeover incidents.
In this session, we’ll discuss the benefits of passwordless authentication and explain how eliminating the password can help improve user experience, admin visibility and control, and scalability. We’ll also walk through key considerations and first steps as you embark on your passwordless journey.
A Realistic Take on Zero Trust 11:45 am
Learn about how you can take a pragmatic approach to securing your multiple cloud apps and services. We will discuss the journey to the cloud and how security tools all work together to build a unified cloud security strategy that is effective and scalable for modern enterprises.
- Demo Session 12:15 pm
- Lunch Break
Partnering With CISA to Help Secure American Infrastructure 12:40 pm
CISA leads the national effort to protect and enhance the resilience of the Nation’s physical and cyber infrastructure. The responsibility of this mission is becoming increasingly important, because in today’s globally interconnected world, our critical infrastructure and American way of life face a wide array of serious cyber risks. As the agency evolves to meet modern security challenges, governmental entities and the private sector must work together as a critical partners in the whole-of-nation effort. The time to bolster cyber defenses is now. Nation-state adversaries are investing significantly in building world-class intrusion capabilities. We are seeing this trend manifest with the proliferation of ransomware actors right here in our region. Cybersecurity is a shared responsibility, and CISA relies on teamwork and partnerships because collaboration is the foundation of our collective success. Cooperation, information sharing, and action – across both public and private sectors – are central to CISA’s mission. We are all in this together.
Region VII Director for the Office of Infrastructure Protection in the Department of Homeland Security’s National Protection and Programs Directorate
25 Years of InfraGard 1:00 pm
How InfraGard got started, what they do, and the importance of the public private partnership
Expert Panel Discussion: Empowering Users to Be the Best Human Firewall in Your Organization 1:20 pm
Your business users, those oft-confused carbon-based life forms normally roaming the halls of your office building, are now at home on their (probably very secure) private networks. Maybe with corporate devices, maybe not. This makes it more important than ever to arm them with tools, training and the sense to look for suspicious activity.
Our panelists today will talk more about this issue, and what you can do to make your users the best last line of defense.
Panel Participants:Daniel Stiegman
Manager, Threat Intelligence GroupKim Berry
Principal Threat Intelligence Researcher - Auth0Jeff Reichard
Senior Director, Enterprise Strategy at Veeam Government Solutions
It’s Time to Actually Do Something 2:15 pm
This is not your average “you’re not doing what you should be doing” cybersecurity lecture. In this informative session, Dave Bailey, Vice President of Healthcare Services, and 12-year cybersecurity veteran, will talk through why, now more than ever before, it’s time to shift your cybersecurity approach. Coming from a healthcare industry perspective, the most at risk and hardest hit by cyber incidents, Dave will share his subject matter expertise on the importance of breaking the traditional vicious cycle and instead focus on preparation, practice, and validation to build resilience.
Secure Your Last Line of Defense 2:35 pm
Data is expected to grow to 200 ZB by the end of 2025. More data to manage, more data to protect. IDC recommends a 3-2-1-1 best practice as a mid-market data protection strategy. The addition of the new “1” is a copy of the data on immutable storage. Backup data is a key tool in business continuity & disaster recovery planning. Securing this backup data and maintaining multiple copies of it allow for a resilient recovery plan. Your cyber security plan is incomplete without a reliable recovery plan. In the event of any disaster, natural or man-made, like a ransomware attack, getting your IT systems and workloads back on their feet as fast as possible is essential. Join us as we share best practices to help keep your data protected and secure with multiple layers of defenses. We will share our perspective on how organizations can simplify the approach of incorporating guidance from NIST’s Cybersecurity Framework into their own environments.
Rise of Secure Access Service Edge (SASE) 3:00 pm
Secure access service edge has quickly emerged as a hot topic in cybersecurity, but what exactly does it mean and why should organizations care? As cloud migration, BYOD adoption, and remote work have skyrocketed in prevalence, it has become increasingly apparent that organizations need to think differently about security. While legacy tools like firewalls are no longer equipped to handle the modern IT ecosystem, SASE platforms like Bitglass are built for this exact moment.
State of Cyber Inter-Agency Cooperation 3:25 pm
As the wrap-up to a deep agenda of material from over 20 presentations and panels at the Conference this week, the State of Cyber Panel discussion will bring together all of those discussion threads. Panelists will talk about what their organizations are doing to support the advancement of cybersecurity preparedness in the region. They will share best practices, and learnings from the real interactions they have day-to-day with organizations across the region. This Conference exclusive panel brings together multiple agencies who are all working to support the common good of the citizens and businesses that operate across the region.
Panel Participants:Angela Robinson
Cybersecurity Specialist with the Department of Public Safety (DPS)Christopher Cockburn
Cybersecurity Advisor at CISA
- Summit Final Closing Session