Virtual Summit
Southern California
Virtual Cybersecurity Summit
The Southern California Virtual Cybersecurity Summit is a new way to connect with like-minded executives, innovative solutions providers, experts and luminaries. With a shared interest in security innovation in the region, summit attendees have a lot to talk about in the live, immersive virtual experience.
Date
Wed. Mar 10 — Thu. Mar 11
Event Schedule
Times for this Event are in Pacific Time (PDT/PST)
The Summit will be open from 8AM to 6PM.
- Welcome
-
Disrupting Lateral Movement by Securing Active Directory 8:55 am
Click to Expand
Organizations continue to build their security stacks, yet advanced threats and insiders continue to breach networks and extract valuable data. A common tactic among most of these Ransomware and Advanced Threat Actors today involves leveraging Active Directory. AD contains all of the information that an attacker needs to successfully move laterally and accomplish their mission.
In this session, Tom Atkins will explore a new method for securing Active Directory that can (for the first time) actually prevent an attacker from progressing laterally through your enterprise network. Some key highlights include:
- How Threat Actors use AD to accomplish their goals
- Why Monitoring Active Directory is not enough
- What simple tools you can deploy to dramatically improve your security posture by better securing AD
Panel Participants:
-
A Modern Approach to Information Protection 9:15 am
Click to Expand
Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations – especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?
Join us as we discuss how you can reimagine data privacy with a modern approach to information protection. In this session, we will cover:
- Modern data security challenges
- The convergence of data and threat protection to secure data from internal and external threats
- How people-centric investigations lead to more rapid investigative outcomes
Panel Participants:
- Morning Coffee Break
-
Small businesses deserve big protection 9:50 am
Click to Expand
Small businesses are facing many of the same cybersecurity challenges as larger businesses. 66% of small businesses experienced a cyberattack in 2019, and 63% experienced a data breach. But securing your business doesn’t have to be complicated. Cybersecurity tools should be easy for a team of any size to deploy, use, and manage — letting you focus on more important things (like running your business!) Join Kate MacLean from Cisco to learn more about small business cybersecurity and how cloud-delivered security provides powerful protection against today’s biggest cyberthreats.
Panel Participants:
-
The Ultimate Vendor Risk Assessment Checklist 10:10 am
Click to Expand
Vendor risk assessments are essential to truly understand the security, privacy, and compliance programs of the third parties you work with. As a result, nearly every organization endures an endless back-and-forth with third parties. Lengthy questionnaires, broken processes, time-consuming reviews;these challenges are common, and as such, there are concrete steps your organization can take to save time and reduce assessment-related headaches.
In this webinar, we’ll outline the ultimate checklist for better vendor risk assessments, including:
- Actionable takeaways to quickly improve your assessment operations
- Long-term changes you can make to set yourself up for success
- Real advice and lessons learned from leading assessment experts
Panel Participants:
-
DevOps, Security & the Cloud - Expert Panel Discussion 10:30 am
DevOps Security and the Cloud
Click to ExpandDevOps enables you to release features and bug fixes faster than ever before. However, traditional security activities can’t seem to keep up with this fast-paced tempo. How can you make sure security doesn’t get left behind? Ignoring security bugs won’t make them go away. Slowing down the DevOps team isn’t an option. How can we make DevOps, and DevSecOps work well in the fast-paced cloud environment we live in?
Special Guest Moderator:
-
The Pilot's Checklist 11:05 am
Click to Expand
Discovering risk in a new age of threats and infrastructure transformation. To keep up as technology modernizes around them, security teams need to support speed, stability, and scalability while also protecting and responding to incidents in all infrastructure environments. The landscape is shifting rapidly, are you ready to adapt?
Panel Participants:
- Lunch Break
-
Keynote: Emergency CISA Briefing: Directive 21-02: Microsoft Exchange On-Prem Vulnerabilities 12:00 pm
Klint Walker: Cyber Security Advisor (Region IV) DHS Cybersecurity & Infrastructure Security Agency (CISA)
Click to ExpandNOTE: Patch Immediately! Don’t Wait for this Presentation!
In what has been called “Operation Exchange Marauder,” an active exploitation of multiple zero-day Microsoft Exchange vulnerabilities was uncovered just this past week, and has kept the Department of Homeland Security (DHS) Cyber Infrastructure Security Agency (CISA) busy, with their second major Alert of the year.
Emergency Directive (ED) 21-02 may be even more concerning than the preceding ED 21-01 (SolarWinds Orion Sunburst Supply Chain Attack), and could potentially impact more organizations. Our CISA Cybersecurity Advisor, Klint Walker, will go over what is known to date about these critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network.
Details so far suggest that Advanced Persistent Threat (APT) nation-state actors have used these vulnerabilities to steal email. The data also suggested that webshells have been deployed to numerous organizations that give the attackers ready access to exfiltrate data.
Join this important keynote to get the latest from the central agency responsible for assisting organizations responsible for critical infrastructure across the US.
Panel Participants:
-
Gaining Visibility into Virtual Environments 12:50 pm
Click to Expand
With the shift to the cloud we gain scalability, but we lose visibility. In this session, we will discuss the problems we encounter and the options we have to get back the visibility into the data.
- Come learn what the options are
- How to gain deeper hybrid cloud visibility
- Scale faster, manage more easily
- Some of the pros and cons
By the end of the session, you’ll have the knowledge on how you can get back control of the data and keep an eye out for bad guys.
Panel Participants:
- Afternoon Coffee Break
-
The Dark Web: Exposing the Business of Cybercrime 1:30 pm
Click to Expand
The Dark Web is growing at an exponential rate, with hackers doubling down on cybercrime-as-a-service—allowing non-traditional and unskilled hackers to wreak havoc in ways previously unheard of. Criminals don’t have to be skilled to get your data;they just need to know where and who to go to for help.
This session aims to expose the inner workings and business of the cyber underground, focusing on the following:
- Cryptocurrency – The impact digital currency has had on the rate of growth of cybercrime
- Cybercrime-as-a-service – The expansion of services offered by skilled hackers and for low cost
- Money laundering and money mules – Ways criminals are skirting around laws and regulations to get paid
- Mitigating risk – How businesses can protect themselves from all levels of cybercriminals with an emphasis on the importance of investing in proactive threat-hunting
Panel Participants:
-
Top 5 Reasons Why Privilege Access Management Implementations Fail 1:50 pm
Click to Expand
It is shocking that, year over year, stealing credentials is still the top tactic used by attackers to breach organizations. Why is this still happening? Hint: It isn’t only because of weak passwords. Organizations have invested heavily into privileged access management technologies, but these solutions have struggled to address the problem for five key reasons. In this discussion, we will address the gaps in current access management approaches but, more importantly, show you how to quickly close the gaps and significantly reduce security risks without disrupting your current investments or systems.
Join Remediant in this presentation to:
- Learn the five reasons why privileged access management implementations fail;· Identify areas in your IAM program where you can reduce admin access risk
- Capitalize on existing investments, while improving your risk posture.
Panel Participants:
-
Users-Centric Security - Expert Panel Discussion 2:15 pm
Users-Centric Security
Click to ExpandUsers, those carbon-based life forms usually roaming the halls of your buildings, are the last line of defense. Data suggests that CEOs are ready to spend more money to contravene against attacks aimed at users. Training, tools, and education help – but what are we doing to make sure they are not the weakest link?
Our Subject Matter Experts will look at the problem from multiple angles… Business Email Compromises (BEC)/Phishing and Account Takeover… as well as Endpoint Security, Identity and Access Management, and Password (-less) solutions. Attendees will understand the myriad of challenges from multiple perspectives, and different concepts on how to address.
Panel Participants:
- Afternoon Break
-
Your Ransomware Hostage Rescue Guide 3:00 pm
Click to Expand
Ransomware attacks are on the rise and are estimated to cost global organizations $20 billion. As ransomware attacks become more targeted and more damaging, your organization faces increased risk that can leave your networks down for days or even weeks. So, how can your organization avoid getting held hostage?
Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he looks at concerning features of new ransomware strains, provides actionable info that you need to prevent infections, and gives you tips on what to do when you are hit with ransomware.
In this webcast we will cover:
- What new scary ransomware strains are in the wild
- Am I infected?
- I’m infected, now what?
- Proven methods of protecting your organization
- How to create your human firewall
Don’t get held hostage by ransomware and become a statistic!
Panel Participants:
-
Rethinking your data protection strategy in the age of ransomware. 3:00 pm
Click to Expand
With the proliferation of data-driven digital business growing at an exponential pace, so is the pace of cyber security threats and attacks, such as ransomware. Cyberattacks can cost a company $1.4 Million on average in recovery when you add in the cost of lost productivity, reputation damage, and service disruption. Are you at risk? Can your backup keep pace with the speed of recovery that’s needed today? Attend this session to find out why traditional backup won’t save you from ransomware attack and how continuous data protection helps you to prepare, respond and recover from an attack.
Panel Participants:
- CISO Panel 3:45 pm
- Day One Closing Session
- Day Two
- Welcome / Introductions
-
Are You Ready for Intelligent SOC? 9:10 am
Click to Expand
Invoked by experts, Intelligent SOC solves today’s problems (and tomorrow’s issues) better and faster by going beyond the SIEM—and even beyond AI—to combine threat intelligence (TI), attack surface management (ASM), and pay-as-you-grow SOC-as-a-Service. Hear how this expansive approach transforms your security investments and operations into better ROI and safer outcomes—in hours or days versus weeks, months, or years.
Panel Participants:
-
Mitigating Risk using the MITRE ATT&CK framework 9:30 am
Click to Expand
The MITRE ATT&CK framework has been growing dramatically in both popularity and scope in recent years. Their adversary emulation planning, evaluations, and matrices can offer great value to businesses as they assess their risk and plan their defense strategies. However, it is often difficult for organizations to know where to begin, especially when every business has unique constraints, assets, and threats to manage. This talk offers pragmatic guidance on how any organization can begin using MITRE ATT&CK for risk assessment and deep defense stack optimization
Panel Participants:
- Morning Coffee Break
-
Latest network-layer DDoS trends and the rise of ransom-driven attacks 10:05 am
Click to Expand
Unprecedented changes in how people live and work around the world since the COVID-19 pandemic led to changing patterns of Internet usage. And as our reliance on the Internet surged, so did the frequency, sophistication, and distribution of cyberattacks.
In this talk, Cloudflare’s Head of Solution Engineering will discuss the latest DDoS attack trends observed over Cloudflare’s network. Join this talk to understand:
- Key trends and shifts in the DDoS landscape
- Ransom-based attacks: what are they and how to respond?
- Steps organizations can take to better protect their networks
Panel Participants:
-
The Rise of Secure Access Service Edge (SASE) 10:25 am
Click to Expand
Secure access service edge (SASE) offerings are cloud-delivered platforms that give consistent security across different applications, devices, web destinations, on-premises resources, and infrastructure. To achieve this, these platforms deliver a variety of functionality from complementary security solutions. As organizations operate in our frenetic business world, SASE becomes imperative. In this session, you will learn:
- Why organizations need SASE
- The key components of SASE offerings
- How SASE architectures impact performance
Panel Participants:
-
Defense in Depth - Expert Panel Discussion 10:45 am
Defense in Depth (3rd Party Risk)/Defense-in-Depth: Data, Networks & Infrastructure
Click to ExpandLayering Defense in Depth (DiD) with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors. From individual laptops, to VPN to the WAN, the old paradigm of “castles and moats” is soooo 1999. How are organizations defending against inventive hackers penetrating their systems in 2020?
Panel Participants:
-
Cybersecurity and Duty of Care 11:20 am
Click to Expand
2020 was an unprecedented year for cyber risk. Work from home, a fluid regulatory environment, increased cyber-attacks and ballooning litigation expenses underscore the new paradigm facing IT and Cyber Security management. Traditional risk management and effective investment will become increasingly difficult in this paradigm. IT and Cyber Security leaders will have to focus on prioritization of risk and risk mitigation in context of the impact to the organization. This presentation will introduce you to the concept of cyber security “Duty of Care” and provide guidance on how leadership can leverage it to reduce risk in the environment in the future.
Panel Participants:
- Lunch Break
-
Keynote: Cryptocurrency and Blockchain Technology in a Public Underground World. 12:05 pm
William Callahan - U.S. DEA Special Agent in Charge (Ret.)
Click to ExpandMuch has been written, good and bad, about cryptocurrency, and its effect on cybersecurity. As the value of a single Bitcoin approaches US $50,000 – it’s clear that its usage is not only for illicit activity. That said, there has long been a connection in the use of these currencies in relation to cybercrime, especially with regard, but not limited to, ransomware.
Based on his long tenure as a Special Agent in Charge at the United States Drug Enforcement Administration (DEA), William Callahan will discuss how Crypto and Blockchain have impacted Cybercrime. He’ll explain how the illicit uses have grown, with relatable stories from his professional career, and why it’s important for every cybersecurity executive to know how to protect themselves and their organizations from threat actors.
Mr. Callahan will also detail the training and certifications available, both free online classes as well as certificate courses for qualified professionals.
Outline
- Overview of Cryptocurrency and Blockchain Technology
- Intended Impact of Society
- Intended Impact of Financial Institutions (fees, correspondent banking)
- Public Ledger
- Illicit Use
- Drug Trafficking (Darkweb, common drugs)
- Human Trafficking/Child Exploitation
- Foreign and Domestic Terrorism (Islamic Extremists, Capitol Hill Rioters)
- Tor, Telegram, social media apps
- Training and Certification
- Free Resources: Podcasts, Videos
- Blockchain Analysis
- Certified Cryptocurrency Course by Blockchain Intelligence Group (Discount Code to be provided to attendees)
Panel Participants:
- Overview of Cryptocurrency and Blockchain Technology
-
Extortionware: Your Privacy Problems Made Public 1:00 pm
Click to Expand
Over the last decade, ransomware has increasingly become the most popular option for hackers to monetize the access they’ve obtained to corporate computer systems around the world. Over the last few years, we’ve observed ransomware software and techniques adapt and evolve to include the theft and exposure of private information, creating extortionware as a new breed of malicious software. This talk will provide an overview of these techniques and discuss the potential privacy and security impacts you may face as a result.
Panel Participants:
- Afternoon Coffee Break
-
Protecting MS365 1:40 pm
Click to Expand
With the migration of email to the cloud, it is more important than ever to protect users from account takeover, phishing, and business email compromise attacks. Join this session to learn how Cloud Mailbox Defense is leveraging the native APIs provided by Microsoft to bring Cisco security as close to the mailbox as possible.
Panel Participants:
-
2020 Threats in Review 2:00 pm
Click to Expand
2020 was a year of uncertainty, drastic change, and unprecedented challenge for businesses. Security leaders, in particular, have had to adapt their strategies fast, as remote and hybrid workforces become the norm.
Join Brianna Leddy, Director of Analysis at Darktrace, as she looks back at 2020’s most important threat trends, reflects on how the landscape has evolved, and discuss proactive solutions to the cyber challenges faced this year.
2020 was a year of uncertainty, drastic change, and unprecedented challenge for businesses. Security leaders, in particular, have had to adapt their strategies fast, as remote and hybrid workforces become the norm.
Join Brianna Leddy, Director of Analysis at Darktrace, as she looks back at 2020’s most important threat trends, reflects on how the landscape has evolved, and discuss proactive solutions to the cyber challenges faced this year.
She will present insights on the most significant threats discovered by self-learning Cyber AI in 2020, including advanced email phishing campaigns, SaaS account hijacks, and APT41.
Panel Participants:
-
Compliance & Automation - Expert Panel Discussion 2:20 pm
Compliance & Automation in Cybersecurity
Click to ExpandManaging compliance needs as a continuous, organizational process (as opposed to a reactive response), amid the ever-increasing myriad of industry regulations and legislation has become a full time job for most CISOs. Automation – including artificial intelligence and machine learning will help, and are perhaps more critical than ever. As CRPA comes into play and brings the US closer to GDPR, there are also a number of touchpoints where the CDO and CISO interplay will be crucial over the coming months.
In this panel, our experts will discuss the current issues with regard to compliance, monitoring, and reporting. They’ll also talk about policy decisions and regulations that have kept them busy of late, and what we can expect more of in 2021.
Panel Participants:
- Afternoon Break
-
Earn More Trust Through Vulnerability Management Best Practices 3:10 pm
Click to Expand
COVID has brought on a set of security challenges that has security teams pivoting and spinning up new applications to meet the unique demands of quarantine and remote work. When external and even internal environments demand that you move quickly, how do you measure and communicate changes? And how do you build trust with customers, staff and the board, ensuring data and other investments are protected? Join Synack’s VP of Operations, Nick Harrahill, for a discussion on how to meet these unique demands.
You’ll learn:
- Best practices security leaders can pursue to harden vulnerability programs
- How leveraging a continuous crowdsourced testing model can help measure and communicate security posture
- How to maximize trust with customers and throughout organizations
Panel Participants:
- Summit Final closing Session
-
Partners
Gold Partners
![Attivo Networks]()
![Capsule8]()
![Cisco]()
![Morphisec]()
![OneTrust]()
![Proofpoint - Alternate]()
Silver Partners
![Armor]()
![Bitglass]()
![Cisco]()
![Cloudflare - Alternate]()
![Darktrace]()
![Gigamon]()
![KnowBe4]()
![Logically]()
![Netenrich]()
![OneLogin]()
![Remediant]()
![Synack]()
![Zerto]()
Bronze Partners
![Blackberry]()
![Synopsys]()
![Tufin]()
![Veeam Software]()
Exhibiting Partners
Affiliate Partners
![(ISC)<sup>2</sup> San Diego]()
![aitp San Diego Chapter]()
![CSA SoCal/LA Chapter]()
![CyberUp]()
![IIBA Orange County]()
![IIBA San Diego]()
![InfraGard]()
![PMI Orange County Chapter]()
![Virtually Testing]()
