Event Schedule

Times for this Event are in Eastern Standard Time (EST)

The Summit will be open from 8AM to 6PM.

  • Welcome
  • Broken Authentication: Fixing one of the most critical web application security risks 9:25 am

    Presented by Auth0

    Authentication is a cornerstone capability of any application. Ensuring a user is who they say they are is crucial to maintaining data privacy and preventing fraud and data breaches. Consequently, improperly implemented authentication, known as broken authentication, is a potentially devastating application vulnerability. In fact, the Open Web Application Security Project (OWASP) lists broken authentication as the second most critical security risk to web applications.

     This session will provide:

    • An overview of broken authentication; 
    • Why it’s so dangerous;
    • The types of threats that can take advantage of this vulnerability;
    • How you can prevent this most critical application security risk.
    Click to Expand

    Panel Participants:

    Andrew Akers
    Andrew Akers

    Andrew Akers

    Senior Manager, Solutions at Auth0

    Collapse This Item

  • Disrupting Lateral Movement by Securing Active Directory 9:45 am

    Presented by Attivo Networks

    Organizations continue to build their security stacks, yet advanced threats and insiders continue to breach networks and extract valuable data. A common tactic among most of these Ransomware and Advanced Threat Actors today involves leveraging Active Directory.  AD contains all of the information that an attacker needs to successfully move laterally and accomplish their mission. 

     In this session, Tom Atkins will explore a new method for securing Active Directory that can (for the first time) actually prevent an attacker from progressing laterally through your enterprise network.  Some key highlights include:

    • How Threat Actors use AD to accomplish their goals
    • Why Monitoring Active Directory is not enough
    • What simple tools you can deploy to dramatically improve your security posture by better securing AD
    Click to Expand

    Panel Participants:

    Tom Atkins
    Tom Atkins

    Tom Atkins

    Regional VP at Attivo

    Collapse This Item

  • Morning Coffee Break
  • How to Confront Supply Chain Attacks and Ransomware 10:20 am

    Presented by Cymulate

    Cybersecurity professionals operate in a dynamic environment driven by two accelerating forces;threat developments and the rapid adoption of new technologies and digital business initiatives.
    And yet most companies still rely on discrete snapshots of their security performance.
    CISO’s and security teams must be ready to confront new threat vectors including human powered ransomware and supply chain attacks with an agile, continuous approach to security validation and constant improvement.

    Join this session to discover how to:
    • Pinpoint and address security deficiencies related to supply chain attacks and ransomware.
    • Validate EDR detection of lateral movement, command and control and privilege escalation techniques.
    • Increase the operational efficiency of security teams with automated security testing.

    Click to Expand

    Panel Participants:

    Mike DeNapoli
    Mike DeNapoli

    Mike DeNapoli

    Lead of Solution Architecture

    Collapse This Item

  • Small businesses deserve big protection 10:45 am

    Presented by Cisco

    Small businesses are facing many of the same cybersecurity challenges as larger businesses. 66% of small businesses experienced a cyberattack in 2019, and 63% experienced a data breach. But securing your business doesn’t have to be complicated. Cybersecurity tools should be easy for a team of any size to deploy, use, and manage — letting you focus on more important things (like running your business!) Join Kate MacLean from Cisco to learn more about small business cybersecurity and how cloud-delivered security provides powerful protection against today’s biggest cyberthreats.

    Click to Expand

    Panel Participants:

    Kate MacLean
    Kate MacLean

    Kate MacLean

    Cloud Security Evangelist at Cisco

    Collapse This Item

  • Users-Centric Security - Expert Panel Discussion 11:05 am

    Users-Centric Security

    Users, those carbon-based life forms usually roaming the halls of your buildings, are the last line of defense.  Training, tools, and education help – but what are we doing to make sure they are not the weakest link?

    Our Subject Matter Experts will look at the problem from multiple angles… Business Email Compromises (BEC)/Phishing and Account Takeover…  as well as Endpoint Security, Identity and Access Management, and Password (-less) solutions.  Attendees will understand the myriad of challenges from multiple perspectives, and different concepts on how to address.

    Click to Expand

    Panel Participants:

    Arien Seghetti
    Arien Seghetti

    Arien Seghetti

    Senior Solution Architect

    Adib Sarakby
    Adib Sarakby

    Adib Sarakby

    Senior Engineer/Security Strategist - Mimecast

    David Telehowski
    David Telehowski

    David Telehowski

    Director, Security Engineering - Auth0

    Joe Vozzella
    Joe Vozzella

    Joe Vozzella

    Senior Field Engineering Manager

    Collapse This Item

  • Lunch Break
  • Keynote: CISA Briefing: Current Realities and Misconceptions 12:10 pm

    CISA Briefing: Current Realities and Misconceptions

    SolarWinds, Florida Water Utility Hack, Mirai Bot Net new strains—as new attacks reach corporate networks, and Advanced Persistent Threats (APTs) continue to wreak havoc and claim ransoms, the Department of Homeland Security (DHS) Cyber Infrastructure Security Agency (CISA) is leading the US Government’s efforts to aid organizations like those in the Data Connectors Community in Boston.

    Ron Ford, Cybersecurity Advisor for Region I (New England) will cover the basics of DHS Emergency Directive 21-01 (SolarWinds Sunburst Orion Hack) as well as the key components that led to the Florida Water Utility hack more recently.  From there, he will surface the common issues and key fundamentals that every cybersecurity leader should know in the region.

    Covering the common misconceptions and highlighting the key requirement to change the mindset of all constituents who are likely targets, he will talk through the CISA resources available.  He will also divulge what has been learned that can help leaders to educate their audience and improve their cybersecurity posture.

     

    Click to Expand

    Panel Participants:

    Ron Ford
    Ron Ford

    Ron Ford

    Region 1 Cybersecurity Advisor - CISA

    Collapse This Item

  • The Ultimate Vendor Risk Assessment Checklist 1:00 pm

    Presented by OneTrust

    Vendor risk assessments are essential to truly understand the security, privacy, and compliance programs of the third parties you work with. As a result, nearly every organization endures an endless back-and-forth with third parties. Lengthy questionnaires, broken processes, time-consuming reviews;these challenges are common, and as such, there are concrete steps your organization can take to save time and reduce assessment-related headaches. 

    In this webinar, we’ll outline the ultimate checklist for better vendor risk assessments, including: 

    • Actionable takeaways to quickly improve your assessment operations
    • Long-term changes you can make to set yourself up for success
    • Real advice and lessons learned from leading assessment experts
    Click to Expand

    Panel Participants:

    Jason Sabourin
    Jason Sabourin

    Jason Sabourin

    Director, Product Management at OneTrust

    Collapse This Item

  • Afternoon Coffee Break
  • Moving Beyond Password to Delight & Secure Users 1:35 pm

    Presented by Okta

    Passwords have been a constant throughout the internet era. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources across the applications we use on a daily basis.

    But in this new digital age where data breaches are rampant, passwords are no longer good enough. Not only are they insecure, they are expensive and offer a poor user experience. Fortunately, there’s a better way to protect your applications and stop account takeover incidents.

    In this session, we’ll discuss the benefits of passwordless authentication and explain how eliminating the password can help improve user experience, admin visibility and control, and scalability. We’ll also walk through key considerations and first steps as you embark on your passwordless journey.

    Click to Expand

    Panel Participants:

    Michael Patterson
    Michael Patterson

    Michael Patterson

    Solutions Engineer at Okta

    Collapse This Item

  • Automate or Die Trying: The New Cybersecurity Reality 1:55 pm

    Presented by Armor Defense

    As the nature of threats continue to evolve as well as the volume of threats increase, a new reality is setting upon cybersecurity teams – automation. Paired with human error and the insurmountable amount of data to manage, it is inevitable that a potential threat will slip through the cracks for businesses who rely too heavily on manual process.

    Implementing automation could be vital in order to reliably protect your organization and ensure resilience through robust and repeatable processes.

    Join our session to learn:

    • Key security considerations when implementing automation programs
    • Advice for how companies can begin finding success with AI and machine learning
    Click to Expand

    Panel Participants:

    Ryan Smith
    Ryan Smith

    Ryan Smith

    Vice President of Product

    Collapse This Item

  • Afternoon Break
  • Afternoon Sponsor / Briefing - Ramping up with FedRAMP - Best practices using real-world examples for your compliance projects 2:25 pm

    Presented by Capsule8

    So many acronyms such little time – FISMA, FedRAMP, OMB, 3PAO – you may have heard these acronyms uttered in the same sentence, but at the end of the day, what compliance standards and controls are required when an organization intends to do business with Federal agencies and institutions? 

    In this session, Cynthia Burke, compliance expert from Capsule8, will give a high level overview of the Federal Risk and Authorization Management Program (FedRAMP) landscape and will discuss some of the challenges of and best practices for FedRAMP compliance using specific case study examples to help guide you and your team up the compliance hill with FedRAMP.

    Click to Expand

    Panel Participants:

    Cynthia Burke
    Cynthia Burke

    Cynthia Burke

    Head of Compliance

    Collapse This Item

  • Are You Ready for Intelligent SOC? 2:45 pm

    Presented by Netenrich

    Invoked by experts, Intelligent SOC solves today’s problems (and tomorrow’s issues) better and faster by going beyond the SIEM—and even beyond AI—to combine threat intelligence (TI), attack surface management (ASM), and pay-as-you-grow SOC-as-a-Service. Hear how this expansive approach transforms your security investments and operations into better ROI and safer outcomes—in hours or days versus weeks, months, or years.

    Click to Expand

    Panel Participants:

    Brandon Hoffman
    Brandon Hoffman

    Brandon Hoffman

    Head of Security Strategy & CISO

    Collapse This Item

  • Hacking Exposed: Learning from the Adversaries 3:05 pm

    Presented by Blackberry

    Fileless attacks and fileless malware have grown in sophistication, especially in their ability to obfuscate and hide from both traditional and next-generation anti-virus. Join us to discover the techniques being used by APT32/OceanLotus to attack their victims and learn how to replicate them to better test your defenses. In this very short demonstration, you will learn techniques to make a weaponized document that is designed to not just bypass AV but also human threat hunters through a sophisticated method of obfuscation and the use of built-in trusted tools. The document is capable of allowing the attacker to gain remote access to the victim system and exfiltrate sensitive data. You will get to see, firsthand, the attack compromise both a Windows PC as well as a MacOS.

    Click to Expand

    Panel Participants:

    Brian Robison
    Brian Robison

    Brian Robison

    Chief Evangelist

    Collapse This Item

  • Cybersecurity and the Law- Expert Panel Discussion 3:25 pm

    Cybersecurity and the Law

    Description: Over the years, many an attorney have participated in a panel about cyber and data issues, and how legal concerns mix in.  In this panel, we have an all-star staff of lawyers and legally-minded executives that have spent the majority of their time dealing with these issues, as well as risk and contractual requirements around cybersecurity.

    We’ll hear from those experts, and take questions from the Summit audience on new requirements, regulations, and what every cyber professional should know.  Look for key questions you’ll want to put to your staff, vendors and marketing team.

     

    Click to Expand

    Panel Participants:

    Vanessa Henri
    Vanessa Henri

    Vanessa Henri

    Cybersecurity and Data Governance Lawyer - Fasken

    Jake Bernstein
    Jake Bernstein

    Jake Bernstein

    Partner - K&L Gates

    Shawn Tuma
    Shawn Tuma

    Shawn Tuma

    Partner - Spencer Fane LLP

    Scott Giordano
    Scott Giordano

    Scott Giordano

    VP and Sr Counsel, Privacy & Compliance

    Diane Reynolds
    Diane Reynolds

    Diane Reynolds

    Partner, Chair of the Cybersecurity, Data Protection & Privacy Practice - McElroy, Deutsch, Mulvaney & Carpenter, LLP

    Collapse This Item

  • Day One Closing Session
  • Day Two
  • Welcome / Introductions
  • Cybersecurity and Duty of Care 9:25 am

    Presented by Logically

    2020 was an unprecedented year for cyber risk. Work from home, a fluid regulatory environment, increased cyber-attacks and ballooning litigation expenses underscore the new paradigm facing IT and Cyber Security management. Traditional risk management and effective investment will become increasingly difficult in this paradigm. IT and Cyber Security leaders will have to focus on prioritization of risk and risk mitigation in context of the impact to the organization. This presentation will introduce you to the concept of cyber security “Duty of Care” and provide guidance on how leadership can leverage it to reduce risk in the environment in the future.

    Click to Expand

    Panel Participants:

    Greg Manson
    Greg Manson

    Greg Manson

    VP of Security, Audit, and Compliance

    Collapse This Item

  • Do’s and Don’ts for Business Email Compromise (BEC) and Email Account Compromise (EAC) 9:45 am

    Presented by Proofpoint

    Email fraud leads to two main threats- one is Business Email Compromise (BEC) where attackers pretend to be you; the other one is Email Account Compromise (EAC) where attackers actually become you. BEC/EAC scams have cost the victimized businesses over $26 billion since 2016. What they have in common is that they both target people. They both rely on social engineering and are designed to solicit fraudulent wire transfers or payment. Unlike malware attacks, BEC and EAC don’t typically include detectable malicious payload. These types of threats can be hard to recognize because to the target these business requests sent by the impostors seem very routine and reasonable.

    Join our session and learn about:

    • What is BEC and EAC? And how do they work?
    • What are the common attack tactics regarding this new form of email threats?
    • Best practices to defend against BEC and EAC
    Click to Expand

    Panel Participants:

    Ash Valeski
    Ash Valeski

    Ash Valeski

    Email Security Product Evangelist

    Collapse This Item

  • Morning Coffee Break
  • Rethinking your data protection strategy in the age of ransomware. 10:25 am

    Presented by Zerto

    With the proliferation of data-driven digital business growing at an exponential pace, so is the pace of cyber security threats and attacks, such as ransomware. Cyberattacks can cost a company $1.4 Million on average in recovery when you add in the cost of lost productivity, reputation damage, and service disruption. Are you at risk? Can your backup keep pace with the speed of recovery that’s needed today? Attend this session to find out why traditional backup won’t save you from ransomware attack and how continuous data protection helps you to prepare, respond and recover from an attack.

    Click to Expand

    Panel Participants:

    Andy Fernandez
    Andy Fernandez

    Andy Fernandez

    Senior Technology Evangelist at Zerto

    Collapse This Item

  • Get beyond compliance and achieve real data security 10:45 am

    Presented by Imperva

    To keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.

    Click to Expand

    Panel Participants:

    Terry Ray
    Terry Ray

    Terry Ray

    SVP Strategy and Imperva Fellow

    Collapse This Item

  • Compliance, Automation and Cybersecurity - Expert Panel Discussion 11:05 am

    Compliance, Automation and Cybersecurity

    Managing compliance needs as a continuous, organizational process (as opposed to a reactive response), amid the ever-increasing myriad of industry regulations and legislation has become a full time job for most CISOs.  Automation – including artificial intelligence and machine learning will help, and are perhaps more critical than ever. As CRPA comes into play and brings the US closer to GDPR, there are also a number of touchpoints where the CDO and CISO interplay will be crucial over the coming months.

    In this panel, our experts will discuss the current issues with regard to compliance, monitoring, and reporting.  They’ll also talk about policy decisions and regulations that have kept them busy of late, and what we can expect more of in 2021.

    Click to Expand

    Panel Participants:

    Cynthia Burke
    Cynthia Burke

    Cynthia Burke

    Head of Compliance

    Marzena Fuller
    Marzena Fuller

    Marzena Fuller

    CISO

    Christopher Smith
    Christopher Smith

    Christopher Smith

    GRC Consultant

    Collapse This Item

  • Lunch Break
  • Keynote - New England Cyber Fraud Task Force: Fireside Chat 12:15 pm

    Don't Be A Victim

    “Don’t be a Victim” is the key message from our Thursday Keynote Presenter, Donald McGrail, Assistant to the Special Agent in Charge of the US Secret Service New England Cyber Fraud Task Force (CFTF).  In this fireside chat-style discussion, SA McGrail will give an overview of his agency, the mission of his team, and how they interoperate with other agencies, from his post in the Boston Field Office.

    He will share some relevant stories and use cases from his investigations.  With the goal of bringing federal indictments, SA McGrail works to build a case against a criminal, and the relationship with cybersecurity leaders like those at the Summit today are essential to that. As COVID stimulus checks, and the related scams that have plagued Americans run rampant, look for timely strategies around people and processes that will be useful for promoting better security at organizations of any size throughout the region.

    Click to Expand

    Keynote Speaker:

    Donald McGrail
    Donald McGrail

    Donald McGrail

    Assistant to the Special Agent in Charge & Head of New England Cyber Fraud Task Force, Boston Office

    Collapse This Item

  • Shift Left – The imperative need for code security 1:10 pm

    Presented by Check Point

    As we transform our organizations leveraging the cloud more every day we protect these multi-cloud environments with continuous and automated security and compliance. Today more than ever this same security should be integrated into the CI/CD pipeline with Infrastructure as Code Security for DevSecOps. This session will discuss shifting cloud security left into your CI/CD pipeline stopping misconfigurations, policy violations and potential malware present in 3rd party modules

    Click to Expand

    Panel Participants:

    Mark Ostrowski
    Mark Ostrowski

    Mark Ostrowski

    Security Evangelist, Office of the CTO

    Collapse This Item

  • Why Office 365 Backup is ESSENTIAL 1:20 pm

    Presented by Veeam Software

    The role IT professionals play in a landscape where data loss, security breaches, and invasion of privacy are the new normal has never been more critical. With that spotlight comes great pressure to deliver on the organization’s expectations that data is safe, privacy is not compromised, productivity is unencumbered, and brand reputation is intact.

    Businesses are depending more and more on Microsoft Office 365 following their dynamic Digital Transformation. There’s something though they fail to realize and that is how important data backup is to guarantee business durability.

    Join Office 365 expert, Karinne Bessette, and Microsoft MVP, Rick Vanover, as they discuss WHY Office 365 Backup is Essential.  They will review the data security challenges organizations face in today’s computing landscape, by uncovering the gaps in the out-of-the-box security features found in Office 365, that require action to achieve an effective backup and recovery strategy.

    Click to Expand

    Panel Participants:

    Karinne Bessette
    Karinne Bessette

    Karinne Bessette

    Global Technologist, Product Strategy at Veeam Software

    Rick Vanover
    Rick Vanover

    Rick Vanover

    Senior Director, Product Strategy at Veeam Software

    Collapse This Item

  • Afternoon Coffee Break
  • Ransomware - Day 1 Protection 1:55 pm

    Presented by StorageCraft

    Ransomware attacks have increased over 130% since the COVID crisis. Everyone is a target and even those with preventative measures in place are at risk. We will review some of the latest attacks and offer best practices in how to protect your organization without increasing budgets.

    Click to Expand

    Panel Participants:

    Chip Vacek
    Chip Vacek

    Chip Vacek

    Chief Technologist at Arcserve

    Collapse This Item

  • Earn More Trust Through Vulnerability Management Best Practices 2:15 pm

    Presented by Synack

    COVID has brought on a set of security challenges that has security teams pivoting and spinning up new applications to meet the unique demands of quarantine and remote work. When external and even internal environments demand that you move quickly, how do you measure and communicate changes? And how do you build trust with customers, staff and the board, ensuring data and other investments are protected? Join Synack’s VP of Operations, Nick Harrahill, for a discussion on how to meet these unique demands.

    You’ll learn: 

    • Best practices security leaders can pursue to harden vulnerability programs
    • How leveraging a continuous crowdsourced testing model can help measure and communicate security posture
    • How to maximize trust with customers and throughout organizations
    Click to Expand

    Panel Participants:

    Nick Harrahill
    Nick Harrahill

    Nick Harrahill

    VP of Operations at Synack

    Collapse This Item

  • Defense in Depth - Expert Panel Discussion 2:40 pm

    Defense in Depth (3rd Party Risk)/Defense-in-Depth: Data, Networks & Infrastructure

    Layering Defense in Depth (DiD) with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors. From individual laptops, to VPN to the WAN, the old paradigm of “castles and moats” is soooo 1999. How are organizations defending against inventive hackers penetrating their systems in 2020?

    Click to Expand

    Panel Participants:

    Tom Atkins
    Tom Atkins

    Tom Atkins

    Regional VP at Attivo

    Ming Fu
    Ming Fu

    Ming Fu

    Mark Ramsey
    Mark Ramsey

    Mark Ramsey

    Director Of Cyber Security Program - Fairfield University

    Nick Harrahill
    Nick Harrahill

    Nick Harrahill

    VP of Operations at Synack

    Collapse This Item

  • Afternoon Break
  • Ciso Panel 3:55 pm

    Panel Participants:

    Marc French
    Marc French

    Marc French

    CISO - Product Security Group

    Gerald Beuchelt
    Gerald Beuchelt

    Gerald Beuchelt

    CSO - Netscout

    Deb Briggs
    Deb Briggs

    Deb Briggs

    CSO - Netscout

    Chris St. Aubin
    Chris St. Aubin

    Chris St. Aubin

    CISO - Systems & Technology Research

    Michael McGovern
    Michael McGovern

    Michael McGovern

    (Former) SVP CTO CISO - Metro Credit Union

    Michael F. D. Anaya
    Michael F. D. Anaya

    Michael F. D. Anaya

    Head of Attack Surface Analysis at Palo Alto Networks

    Collapse This Item

  • Summit Final Closing Session
Partners