Managing risk has always been a part of the CISO responsibility set; however, the ways in which it is managed has no clear definition. With new ransomware threats, supply chain attacks, and third-party risk in the mix – perhaps a new way to budget risk is required. Is there an effective way to have a “risk balance sheet” – a way in which the CISO could communicate risk to the rest of the C-suite in a consistent language they would understand?
Seattle & Portland 2021
Virtual Cybersecurity Summit
The Seattle & Portland Virtual Cybersecurity Summit is a new way to connect with like-minded executives, innovative solutions providers, experts and luminaries. With a shared interest in security innovation in the region, summit attendees have a lot to talk about in the live, immersive virtual experience.
Seattle & Portland 2021
Wed. Mar 31 — Thu. Apr 01
Times for this Event are in Pacific Time (PDT/PST)
The Summit will be open from 8AM to 6PM.
How to Confront Supply Chain Attacks and Ransomware 10:05 am
Cybersecurity professionals operate in a dynamic environment driven by two accelerating forces;threat developments and the rapid adoption of new technologies and digital business initiatives.
And yet most companies still rely on discrete snapshots of their security performance.
CISO’s and security teams must be ready to confront new threat vectors including human powered ransomware and supply chain attacks with an agile, continuous approach to security validation and constant improvement.
Join this session to discover how to:
- Pinpoint and address security deficiencies related to supply chain attacks and ransomware.
- Validate EDR detection of lateral movement, command and control and privilege escalation techniques.
- Increase the operational efficiency of security teams with automated security testing.
The Ultimate Vendor Risk Assessment Checklist 10:25 am
Vendor risk assessments are essential to truly understand the security, privacy, and compliance programs of the third parties you work with. As a result, nearly every organization endures an endless back-and-forth with third parties. Lengthy questionnaires, broken processes, time-consuming reviews;these challenges are common, and as such, there are concrete steps your organization can take to save time and reduce assessment-related headaches.
In this webinar, we’ll outline the ultimate checklist for better vendor risk assessments, including:
- Actionable takeaways to quickly improve your assessment operations
- Long-term changes you can make to set yourself up for success
- Real advice and lessons learned from leading assessment experts
Expert Panel Discussion: Risk Management 10:45 am
Risk Management: Analytics, Intelligence & Response
Panel Participants:Alex Kirk
Global Principal - SuricataMark Sangster
Cybersecurity Expert & Author “No Safe Harbor”
- Morning Coffee Break
Out of the Shadows: Real-time Asset Visibility and Security for Every Connected Device 11:35 am
For many years now, enterprises have seen an explosive rise in connected devices, from traditional IT devices like servers, workstations and PCs to new and more vulnerable IoT, IoMT, and OT like building systems, medical equipment and manufacturing machines. This myriad of devices from different manufacturers, operating systems and protocols expand the attack surface. IoT, IoMT, and OT bring their own challenges as they are typically not designed with security in mind. The bad news? Security teams are still responsible for all of them. It’s time for a modern approach. In this session, Ordr’s Chief Strategy Officer Danelle Au outlines why connected device security should be on your security initiatives in 2021, and presents a framework that starts with real-time asset inventory and ends with scalable security. Learn best practices and implementation considerations for device discovery, profiling and segmentation as you start your connected device security journey.
Moving Beyond Password to Delight & Secure Users 11:55 am
Passwords have been a constant throughout the internet era. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources across the applications we use on a daily basis.
But in this new digital age where data breaches are rampant, passwords are no longer good enough. Not only are they insecure, they are expensive and offer a poor user experience. Fortunately, there’s a better way to protect your applications and stop account takeover incidents.
In this session, we’ll discuss the benefits of passwordless authentication and explain how eliminating the password can help improve user experience, admin visibility and control, and scalability. We’ll also walk through key considerations and first steps as you embark on your passwordless journey.
- Lunch Break
Lunch Sponsor / Briefing - Small businesses deserve big protection 12:15 pm
Small businesses are facing many of the same cybersecurity challenges as larger businesses. 66% of small businesses experienced a cyberattack in 2019, and 63% experienced a data breach. But securing your business doesn’t have to be complicated. Cybersecurity tools should be easy for a team of any size to deploy, use, and manage — letting you focus on more important things (like running your business!) Join Rohit Sawhney from Cisco to learn more about small business cybersecurity and how cloud-delivered security provides powerful protection against today’s biggest cyberthreats.
Keynote: Evolving Nature of CyberCrime in the Pacific Northwest 12:40 pm
Presented by Tim Hunt
US Secret Service Special Agent Timothy Hunt joins us for this special ‘Keynote Fireside Chat,” where he will summarize the key threats particularly facing organizations in the Greater Pacific Northwest. From his years of experience, and work with firms from his post in the Seattle Field Office, he will detail the specifics of Business Email Compromise (BEC), Ransomware, and E-Commerce Skimming fraud cases that have impacted public and private companies of all sizes, as well as local municipalities.
Special Agent Hunt will share best practices on how senior cybersecurity leaders can best protect their organizations. His chat will cover education, business process understanding, and third-party risk management. It will also discuss specific scams targeted at firms based on industry sector and business practices. Leveraging the services available from the USSS Cyber Fraud Task Force, as well as cooperating law enforcement agencies, cybersecurity executives can access services free of charge that will keep them ahead of attackers.
Rethinking your data protection strategy in the age of ransomware. 1:25 pm
With the proliferation of data-driven digital business growing at an exponential pace, so is the pace of cyber security threats and attacks, such as ransomware. Cyberattacks can cost a company $1.4 Million on average in recovery when you add in the cost of lost productivity, reputation damage, and service disruption. Are you at risk? Can your backup keep pace with the speed of recovery that’s needed today? Attend this session to find out why traditional backup won’t save you from ransomware attack and how continuous data protection helps you to prepare, respond and recover from an attack.
Are You Ready for Intelligent SOC? 1:45 pm
Invoked by experts, Intelligent SOC solves today’s problems (and tomorrow’s issues) better and faster by going beyond the SIEM—and even beyond AI—to combine threat intelligence (TI), attack surface management (ASM), and pay-as-you-grow SOC-as-a-Service. Hear how this expansive approach transforms your security investments and operations into better ROI and safer outcomes—in hours or days versus weeks, months, or years.
- Afternoon Coffee Break
Expert Panel Discussion: IoT 2:20 pm
IoT - Security at the Edge
The Internet of Things (IoT) poses entirely new challenges. With 35 billion IoT devices expected to be in operation by next year – weak passwords, insecure network services and a lack of secure update mechanisms concern every organization.
Panel Participants:Jeff Horne
Director of Enterprise Security at DarktraceDeral Heiland
Principal Security Researcher IoTSteve Poeppe
Vice President, Solution Architect
Latest network-layer DDoS trends and the rise of ransom-driven attacks 2:50 pm
Unprecedented changes in how people live and work around the world since the COVID-19 pandemic led to changing patterns of Internet usage. And as our reliance on the Internet surged, so did the frequency, sophistication, and distribution of cyberattacks.
In this talk, Cloudflare’s Head of Solution Engineering will discuss the latest DDoS attack trends observed over Cloudflare’s network. Join this talk to understand:
- Key trends and shifts in the DDoS landscape
- Ransom-based attacks: what are they and how to respond?
- Steps organizations can take to better protect their networks
Brief Overview of Network Detection and Response 3:10 pm
Every organization has concerns about data and network security, but what steps and solutions should you use to protect yourself?
In this session, you’ll hear about:
- Critical components of network detection and response (NDR) technologies
- Why visibility is a cornerstone to any NDR technology
- How to get visibility into all devices and traffic types
- Afternoon Break
CISO Panel 3:40 pm
Panel Participants:Robert Thomas
CISO - 180AConsulting.comHadas Cassorla
CISO - M1 FinanceDave Estlick
CISO - Chipotle Mexican GrillBryan Hurd
VP/CISO at Aon Cyber SolutionsDennis Tomlin
Chief Information Security Officer - Multnomah CountyJon Washburn
Chief Information Security Officer - Stoel RivesKevin Morrison
Managing Director & CISO at Alaska Airlines
- Day One Closing Session
- Day Two
- Welcome / Introductions
Disrupting Lateral Movement by Securing Active Directory 10:00 am
Organizations continue to build their security stacks, yet advanced threats and insiders continue to breach networks and extract valuable data. A common tactic among most of these Ransomware and Advanced Threat Actors today involves leveraging Active Directory. AD contains all of the information that an attacker needs to successfully move laterally and accomplish their mission.
In this session, Tom Atkins will explore a new method for securing Active Directory that can (for the first time) actually prevent an attacker from progressing laterally through your enterprise network. Some key highlights include:
- How Threat Actors use AD to accomplish their goals
- Why Monitoring Active Directory is not enough
- What simple tools you can deploy to dramatically improve your security posture by better securing AD
Zero Trust Security for Everywhere Workplace 10:20 am
As we see pandemic restrictions starting to subside around the globe, the impact of the “Remote” Tech Tsunami that accompanied the pandemic has started to become a reality. From advanced vulnerabilities impacting Edge Technologies, to the Everywhere Workplace, companies are faced with greater security challenges and vulnerability threats now more than ever before.
Join Ivanti’s Global CTO, Mike Riemer, as he covers security and control challenges faced by businesses in today’s “new” world as well as how the recent acquisitions of Pulse Secure and Mobile Iron provide Ivanti customers with the most comprehensive Cloud to Edge, Zero Trust Access solution, available in today’s market.
Expert Panel Discussion: Cloud Security 2021: What’s New, What Changes 10:45 am
Cloud Security 2021: What’s New, What Changes
Although it seems like a decade – just a few years ago, industry analysts were still advising the CISO community to keep the “crown jewel” data in private data centers. Requirements for the security OF the cloud, and the security IN the cloud have accelerated quickly and today – amid the pandemic – that transition is near-complete.
This is a broad topic – so our panel today will focus on the nuances of security IN the cloud, and some of the cutting-edge practices that innovative organizations are doing today to get ahead of threat actors who target online storage, protocols, email, file shares, and other data and network access that can be accidentally be exposed.
Panel Participants:Daniel Petrillo
Director of Security StrategyCarlo Beronio
Director Systems Engineering West/Central at Attivo NetworksRomen Kuloor
Vice President of Security Solutions and Products
- Morning Coffee Break
The Last Line of Defense: The Importance of having a robust and comprehensive Data Protection strategy 11:30 am
Data protection is experiencing a resurgence. Historically it’s been seen as an innovation backwater and as “insurance”, but with the growth of Ransomware and cybercrime, and increasing risk, organizations are having to modernize their data protection architectures and strategies to ensure that data can be recovered quickly to ensure that an Organization can survive an attack. Join this session to learn about the latest innovations in the data protection space and how they can be deployed to provide a comprehensive last line of defense.
Application Security Beyond Effective Bot Mitigation 11:50 am
The past twelve months have been punctuated by soaring data breaches, new attack patterns and phishing scams catalyzed by COVID-19 with Credential Stuffing and other brute force attacks resulting in hard losses surpassing billions of dollars. Now, more so than ever in this digital-first world, must organizations seek cross-functional, convergent platforms with strong digital fraud solutions to combat the relentless sources of cybercrime that continue to abuse our online platforms.
Join Shape to explore how truly effective digital transformation journeys must transcend traditional bot mitigation and understand why defending our web and mobile applications without harming user experience or hampering revenue growth and brand reputation will become organizing principles for 2021 and beyond.
Microsoft Teams Vulnerabilities 12:15 pm
Microsoft Teams has quickly become the go-to application for remote work, accelerating dramatically in usage over the last year. Millions of users turned to Microsoft Teams to help keep businesses going in 2020—and hackers have noticed. As Teams is still relatively new, much is unknown about how it operates and how hackers will approach it.
While the increased usage has been well-documented, what’s not been documented is whether the app is vulnerable to hacking. We will talk about discoveries that have already been made, potential risks that we see in the future, and how to best secure this relatively new communication vector.
This session will walk attendees through:
- The many inherent vulnerabilities in the platform
- The popular attack types
- How hackers act differently within Teams than they do on email
- Lunch Break
Keynote: Ronald Watters, Department of Homeland Security. Cybersecurity Advisor DHS-CISA 1:00 pm
Don’t miss this CISA Briefing on responding to the cyber threats we’re facing in 2021, including the SolarWinds supply chain compromise and ongoing breaches that threaten the U.S.
Panel Participants:Ronald Watters
Cybersecurity Advisor-Region X Cybersecurity and Infrastructure Security Agency (CISA)
The Dark Web: Exposing the Business of Cybercrime 1:45 pm
The Dark Web is growing at an exponential rate, with hackers doubling down on cybercrime-as-a-service—allowing non-traditional and unskilled hackers to wreak havoc in ways previously unheard of. Criminals don’t have to be skilled to get your data;they just need to know where and who to go to for help.
This session aims to expose the inner workings and business of the cyber underground, focusing on the following:
- Cryptocurrency – The impact digital currency has had on the rate of growth of cybercrime
- Cybercrime-as-a-service – The expansion of services offered by skilled hackers and for low cost
- Money laundering and money mules – Ways criminals are skirting around laws and regulations to get paid
- Mitigating risk – How businesses can protect themselves from all levels of cybercriminals with an emphasis on the importance of investing in proactive threat-hunting
Get beyond compliance and achieve real data security 2:10 pm
To keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.
Hacking Exposed: Learning from the Adversaries 2:35 pm
Fileless attacks and fileless malware have grown in sophistication, especially in their ability to obfuscate and hide from both traditional and next-generation anti-virus. Join us to discover the techniques being used by APT32/OceanLotus to attack their victims and learn how to replicate them to better test your defenses. In this very short demonstration, you will learn techniques to make a weaponized document that is designed to not just bypass AV but also human threat hunters through a sophisticated method of obfuscation and the use of built-in trusted tools. The document is capable of allowing the attacker to gain remote access to the victim system and exfiltrate sensitive data. You will get to see, firsthand, the attack compromise both a Windows PC as well as a MacOS.
- Afternoon Coffee Break
Featured Keynote: Functional Testing: A New Era of Pentesting 3:05 pm
Presented by John Helmus, Pentester and Educator of Offensive Security
As the cloud begins to take over the technology era, so does the ever-growing threat landscape of companies’ infrastructure. Today, copious amounts of businesses are relying on cloud providers to help build infrastructure quickly and efficiently – doing so allows companies to scale rapidly and maintain relevance into today’s competitive markets.
However, as Billy Mays would say, “BUT WAIT, THERE’S MORE!”.
Cloud security comes at a cost that does not always present itself. That cost comes in the form of security and how adequate security can be applied to cloud infrastructure.
This talk is going to discuss how security professionals can not use the same security guidelines for the cloud as they use for physical and on-prem systems. New technology and new tactics and strategies, such as a new way of effectively pentesting. In this talk, attendees can expect to learn new ways of thinking about security and pentesting when it comes to targeting cloud providers – while also providing efficient adversarial assessments that assess the cloud.
Expert Panel Discussion: DevSecOps - Testing, Tuning, Containers 3:30 pm
DevSecOps - Testing, Tuning, Containers
In this panel, experts around penetration testing, defense-in-depth, and containers will explore the nuances associated with the cybersecurity landscape that impact development teams. From the early stage components of identity and access management, to ongoing releases and discovery of flaws introduced by third-party and open source components, this is an area where security-minded organizations need to pay attention.
Panel Participants:Ray Espinoza
Head of Security, CISOMaury Cupitt
VP of Engineering at SonatypeDave Russell
Vice President, Enterprise Strategy
- Summit Final closing Session