Cloud adoption is accelerating dramatically and extending many new benefits to organizations, but at the same time introducing many new challenges. This is especially true at the database security level, as the Cloud introduces a long list of new concerns: New database types (Yugabyte ?), more dynamic environments, no agents allowed, multicloud/hybrid and many others. This session will focus on better understanding these challenges and highlight strategies for incorporating Cloud into your data security model while introducing new capabilities and efficiencies.
Salt Lake City / Denver Virtual Cybersecurity Summit 2021
The Salt Lake City & Denver Virtual Cybersecurity Summits are a new way—maybe even a better way to connect with like-minded executives, innovative solutions providers, experts and luminaries. With a shared interest in security innovation in the region, summit attendees have a lot to talk about in the live, immersive virtual experience.
Wed. Jan 13
Times for this Event are in Mountain Standard Time (MST)
- Welcome / Introductions
A new Spin on Securing Active Directory 9:05 am
Presented by Attivo Networks
CISOs, Penetration Testers, and Incident Responders all agree that Active Directory is a primary target for attackers. So why isn’t AD defended more effectively? Join us in this session to learn who is attacking AD, why AD Security has traditionally been so difficult, and some groundbreaking new techniques for securing Active Directory.
Your Ransomware Hostage Rescue Guide 9:30 am
Presented by KnowBe4
Ransomware attacks are on the rise and are estimated to cost global organizations $20 billion. As ransomware attacks become more targeted and more damaging, your organization faces increased risk that can leave your networks down for days or even weeks. So, how can your organization avoid getting held hostage?
Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he looks at concerning features of new ransomware strains, provides actionable info that you need to prevent infections, and gives you tips on what to do when you are hit with ransomware.
In this webcast we will cover:
- What new scary ransomware strains are in the wild
- Am I infected?
- I’m infected, now what?
- Proven methods of protecting your organization
- How to create your human firewall
Don’t get held hostage by ransomware and become a statistic!
The Last Line of Defense: The Importance of having a robust and comprehensive Data Protection strategy 10:10 am
Data protection is experiencing a resurgence. Historically it’s been seen as an innovation backwater and as “insurance”, but with the growth of Ransomware and cybercrime, and increasing risk, organizations are having to modernize their data protection architectures and strategies to ensure that data can be recovered quickly to ensure that an Organization can survive an attack. Join this session to learn about the latest innovations in the data protection space and how they can be deployed to provide a comprehensive last line of defense.
Cyber Resilience: Rethinking your data protection strategy in the age of ransomware. 10:30 am
Presented by Zerto
Ransomware threats increased by 300% last year, and the industry is expecting it to get worse. Ransomware victims’ greatest pains are downtime and data loss. Current DR and Backup solutions aren’t equipped to help you manage it at the speed of business. Join us for this discussion on how to transform your data protection approach to ensure you can protect your data and resume operations almost instantly when facing a ransomware attack. See you there!
Expert Panel Discussion #1 11:05 am
2021 Trends & Directions
What will define cybersecurity in 2021? What carries over from 2020?
Risk comes from all angles in 2020 users, vendors, partners, systems. In this panel, we will discuss some of the many facets encountered by security leaders in organizations of all sizes, with particular focus to the threat landscape seen across the continent.
Obviously, COVID and the associated rush to work-from-home played a big part. Beyond that, what are the key cybersecurity trends we need to watch out for in 2021?
Introduction to Risk-Based Vulnerability Management 11:40 am
Presented by Kenna Security
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.
But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.
Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:
- Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
- Details the findings on how risk-based is the way to get ahead in vulnerability management
- Lays out several factors that drive better remediation performance
- Provides steps for setting up a successful risk-based vulnerability management program
The Evolution Beyond Secure Email Gateways 12:00 pm
Presented by Avanan
Cloud email requires a new approach to security. If your corporate email relies on Microsoft or Google, you may have deployed (or are considering) a Secure Email Gateway (SEG). Originally designed as a perimeter solution for on-premise email, you should ask these questions:
- Why do you disable the native security in our platform?
- How can my configuration allow attackers to bypass the gateway?
- How do we block insider email attacks?
- How can we quarantine a compromised account?
- How can we prevent Business Email Compromise (BEC) or impersonation email attacks?
Our cloud security expert Jeff will explain where an SEG approach falls short protecting cloud-hosted email. Touch upon fundamental architectural weaknesses of a proxy design, and arm attendees to help them make smart decisions to protect their users.
- Lunch Break
Keynote Speaker 12:45 pm
Overview of the SolarWinds Supply Chain Compromise
- Speaker Intro
- Previous Supply Chain Compromises
- Timeline of Significant Events
- National Cyber Incident Response Plan in Action
- Public / Private Partnerships during Cyber IR
- Adversary Targeting Cyber Incident Responders
- What to take away moving forward
- CISA Cybersecurity Service Offerings Overview
Cybersecurity and Infrastructure Security Agency (CISA)
The Cybersecurity and Infrastructure Security Agency (CISA) is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating with industry to build more secure and resilient infrastructure for the future. CISA is at the heart of mobilizing a collective defense as we lead the Nation’s efforts to understand and manage risk to our critical infrastructure. Our partners in this mission span the public and private sectors. Programs and services, we provide are driven by our comprehensive understanding of the risk environment and the corresponding needs identified by our stakeholders. We seek to help organizations better manage risk and increase resilience using all available resources, whether provided by the Federal Government, commercial vendors, or their own capabilities.
Panel Participants:David Sonheim
Chief of Cybersecurity - Supervisor Region 8 at Department of Homeland Security
Building Cyber Resilience: Finding Factors not Fault 1:30 pm
Presented by eSentire
Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of corporate security, or worse, bury the true causes of incidents and lead to repeated data breaches or business disrupting cyber incidents. In this session, we will explore real-world incidents and threats to assemble an actionable cyber resilience framework that adapts to distributed assets, remote workers, and virtual workloads.
Institutionalizing Incident Response 1:50 pm
Presented by Cloudflare
The 3 keys for incident response are risk reduction, crisis preparation, and communication. Listen as Cloudflare CSO Joe Sullivan shares his thoughts on how security leaders can implement incident response in their organizations.
Expert Panel Discussion #2 2:45 pm
Identity & Users
The 2000’s view of “perimeter” in terms of security conjures up an analogy about castles and moats… but today, the question is, where is the moat? As we turbo-charged Work From Home this year, and BYOD is just a way of life – have your Identity and Access Management practices kept-up?
Ramping up with FedRAMP– Best practices using real-world examples for your compliance projects 3:15 pm
Presented by Capsule8
So many acronyms such little time – FISMA, FedRAMP, OBM, 3PAO – you may have heard these acronyms uttered in the same sentence, but at the end of the day, what compliance standards and controls are required when an organization intends to do business with Federal agencies and institutions?
In this session, Cynthia Burke, Compliance Manager from Capsule8, will give a high level overview of the Federal Risk and Authorization Management Program (FedRAMP) landscape and will discuss some of the challenges of and best practices for FedRAMP compliance using specific case study examples to help guide you and your team up the compliance hill with FedRAMP.
Challenges of cloud: How it makes an already difficult situation even harder 3:40 pm
Presented by Imperva
Intro to MITRE ATT&CK for Assessing and Mitigating Risk 4:10 pm
Presented by Morphisec
The MITRE ATT&CK framework has been growing dramatically in both popularity and scope in recent years. Their adversary emulation planning, evaluations, and matrices can offer great value to businesses as they assess their risk and plan their defense strategies. However, it is often difficult for organizations to know where to begin, especially when every business has unique constraints, assets, and threats to manage. This talk offers pragmatic guidance on how any organization can begin using MITRE ATT&CK for a personalized assessment and mitigation.
Ciso Panel 4:35 pm
Panel Participants:Dan Anderson
CISO and Privacy OfficerEric Sorenson
Chief Information Security Officer - doTERRASteve Winterfeld
Advisory CISO - Akamai TechnologiesNiel Nickolaisen
Chief Information Officer - OC TannerNavpreet Jatana
Deputy CISO - Zions BancorporationDr. Ken Knapton
Dr. Ken Knapton
Senior Vice President & Chief Information Officer - Merrick BankNathaniel “Peter” Walton
Nathaniel “Peter” Walton
Chief Information Officer / Director of Communications - 76th Operational Response Command (OR)
Closing Session + Prize Drawing
Solutions Showcase Open until 6:00 pm