
Virtual Summit
Southeast
Virtual Cybersecurity Summit
The Southeast Virtual Cybersecurity Summit is a new way to connect with like-minded executives, innovative solutions providers, experts and luminaries. With a shared interest in security innovation in the region, summit attendees have a lot to talk about in the live, immersive virtual experience.
Date
Wed. Nov 17 — Thu. Nov 18
-
Featured Speakers
Jamie Portell
Featured Keynote: Pseudonymity: Catching Cyber-Criminals via Crypto-Tracing
James J.W. GrantKeynote: Creating Florida’s First Cybersecurity Program: Lessons Learned So Far
Merritt BaerCISO RoundTable
Tamika BassCISO RoundTable
Nate ShifletCISO RoundTable
Michael F. D. AnayaCISO RoundTable
Robert ReynoldsCISO RoundTable
Event Schedule
Times for this Event are in Eastern Time (EDT/EST)
The Summit will be open from 8AM to 6PM both days.
- DAY ONE
- Welcome / Introduction
-
Malware Threats Q3: An Analysis of 113M Files & the Evasive, Unknown Malware Inside 9:25 am
From August to September, Votiro’s research team has been aggregating and analyzing proprietary data on the threats that made it through detection-based security solutions like email gateways, AV, and sandboxing. Join Henry Frith, VP of Customer Success, as he overviews the statistics from 113M files analyzed and explains the stealthy ways that malware enter networks via weaponized files and links and evade both employees and detection solutions:
- See the latest trends in malware delivery via files
- Learn common techniques that hackers use to evade detection-based security tools
- View real, recent examples of evasion techniques from the billions of malicious files that Votiro processes each year
Speaker:
-
Improving Cyber Threat Detection with Machine Learning, Visualizations and Graph Analytics 9:45 am
The sophistication of cybercriminals is increasing relentlessly. Accenture found that 68% of business leaders feel their cybersecurity risks are increasing. More and better technologies are required to detect attacks and prevent them.
We’ll discuss:
- How graph analytics, machine learning, and visualizations, can directly assist in the identification of threats in your environment.
- Using the same approach as many other security tools, we examine how TigerGraph can help you identify threats earlier along the kill chain of the MITRE Attack Framework.
Speaker:
-
Low Hanging Fruit -- How Better AD Visibility Improves Your Defense against All Types of Attackers (including Ransomware!) 10:05 am
We read about successful cyber and ransomware attacks every day. Most organizations do not realize that these attacks all have ONE thing in common and that there are simple, rapid, and inexpensive/free actions they can take which will dramatically improve their defense. This presentation will discuss key challenges with improving AD security and offer real solutions.
Speaker:
-
Zero Trust Security for Everywhere Workplace 10:50 am
As we see pandemic restrictions starting to subside around the globe, the impact of the “Remote” Tech Tsunami that accompanied the pandemic has started to become a reality. From advanced vulnerabilities impacting Edge Technologies, to the Everywhere Workplace, companies are faced with greater security challenges and vulnerability threats now more than ever before.
Join Ivanti’s Global CTO, Mike Riemer, as he covers security and control challenges faced by businesses in today’s “new” world as well as how the recent acquisitions of Pulse Secure and Mobile Iron provide Ivanti customers with the most comprehensive Cloud to Edge, Zero Trust Access solution, available in today’s market.
Speaker:
-
The State of Secure Identity 11:10 am
Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security. The 2021 Auth0 State of Secure Identity report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies.
Speaker:
-
Expert Panel Discussion: Defense in Depth: New Strategies for 2022 11:30 am
Layering Defense in Depth (DiD) with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors. From individual laptops, to VPN to the WAN, the old paradigm of “castles and moats” is soooo 1999. How are organizations defending against inventive hackers penetrating their systems in 2021?
Panel Participants:
- Lunch Break
-
Featured Keynote: Pseudonymity: Catching Cyber-Criminals via Crypto-Tracing 12:30 pm
While most cyber-crime investigations are along the lines of “follow the money to the servers, then from the servers to the cybercriminals,” pseudonymous crypto-currency makes this a tricky business. Jamie Portell, Special Agent, USPS, OIG, CCU will share for the first time with the Miami Cybersecurity Conference audience details of the take-down of “Wall Street Market.” This Dark Web marketplace was one of the biggest networks for contraband sales of various goods.
This exclusive keynote will answer the question “Are Criminals Anonymous?” While their transactions through crypto-wallets may seem to protect them, savvy investigators who use some of the same tactics your SOC can leverage to counter cybercrime have a lot to share that can benefit cybersecurity leaders across the private sector.
Special Agent Portell will also talk about some of the key Advanced Persistent Threats (APTs) important to organizations, especially those active in South Florida. He’ll bring that together with a discussion of best practices, and government and private sector collaboration that can help combat threat actors of all shapes and sizes.
Speaker:
-
Self-Learning AI: Redefining Enterprise Security 1:15 pm
In this new era of cyber-threat, characterized by both slow and stealthy attacks and rapid, automated campaigns, static and siloed security tools are failing – and the challenge has gone beyond one that is human-scalable. Organizations need to urgently rethink their strategy to ensure their systems, critical data, and people are protected, wherever they are. Today’s Autonomous, Self-Learning defenses are capable of identifying and neutralizing security incidents in seconds, not hours – before the damage is done. How self-learning AI:
- Detects, investigates, and responds to threats – even while you are OOTO
- Protects your entire workforce and the digital environment – wherever they are, whatever the data
- Defends against zero-day and other advanced attacks – without disrupting the organization
Speaker:
-
Automatic Vulnerability Discovery: False Promise for the DevSecOps World? 1:35 pm
DevSecOps suggests that all security activities should be as automated as possible. Regarding automatic vulnerability discovery: How much can we expect? How many vulnerabilities are discovered automatically? How many are still undetected (escapes or false negatives)? Are automatic tools enough? In this talk, we will answer and teach you how to answer these and other related questions in a quantitative way.
Speaker:
-
To Build or Not to Build? Key Considerations and the Advantages of a Pre-Built Identity Solution 2:15 pm
Every team building a new web or mobile application faces a choice: build the entire application in-house or selectively use out-of-the-box services to make the job easier and faster.
Development teams have increasingly turned to pre-built tools to offload some of the burden of application development. Identity and access management presents developers with a broad range of challenges that a trusted identity layer can help offload easily.
Join us to discover how Okta’s pre-built identity solutions:
- Accelerates time to market
- Lowers the total cost of ownership (TCO) of Application Development
- Focuses resources on Core Application Functionality
- Reduces the Risk of a Security and Compliance Breach
- Helps ensure a better user experience
Speaker:
-
Should I Buy an EDR, PAM, or DLP? How Do I Know? 2:35 pm
The information security space is awash in point technology solutions. As a defender, how does one choose where to spend a limited security budget when faced with this sea of choices? We are debilitated by too many choices and similarity of products in security where even experienced practitioners find it difficult to understand the rapid technological evolution and the trade-offs in play.
When clear objectives, goals, and decision-making criteria are not present, people often make buying decisions based on less scientific considerations: what they perceive “everyone else” is buying, unsubstantiated “gut feelings,” pre-existing relationships with vendors or sales individuals, or even who invites them to the best parties or nominates them for the most coveted industry awards.
The practice of information security is maturing rapidly. This transition to more scientific approaches to prioritizing security investments is becoming the standard to justify value. Security practitioners must embrace these mature approaches to strategic defense planning and resource allocation. This presentation will discuss ways to make the best choices to maximize defense coverage with appropriate resource allocation.
Speaker:
-
Expert Panel Discussion: Managing Risk: Seek Forward Accountability and Assume a Stormy Sea 2:55 pm
While managing risk has always been a part of the CISO office, most resources turn to stopping new ransomware threats, managing supply chain attacks and mitigating third-party vulnerabilities. And budgets reflect this tactical action-reaction approach. How can CISOs truly move to managing risk? And by extension, how can they clearly communicate risk, and measure the efficacy of mitigation activities?
In this panel, experts will debate how to facilitate the risk conversation with non-technical leaders, determine priorities, and counterbalance cybersecurity considerations against business requirements. This panel will address risk quantification, accounting, budgeting and resourcing, and building more resilience rather than taller walls.
Panel Participants:
-
Remote Work – The Wild West of Endpoint Management 3:40 pm
The pandemic forced many of us to switch to working remotely overnight. At the time this was and continues to be an ongoing challenge for IT Departments that need to manage and maintain their remote endpoints. Now that companies are trending towards long-term remote work options, IT Infrastructure has to continue to adapt to the new and demanding ways of working from home. During this session, we will cover what remote work has to do with the Wild West and what you need to be aware of to tame these challenges.
Speaker:
-
Guest Keynote Presentation: Tales from the Dark Web 4:00 pm
Presented by Bradley A. Langston
This presentation will include information focusing on the following three case studies:
- The takedown of the Administrator of the notorious Dream Market website.
- The interception of a major narcotics shipment through an International Control Delivery (discovered via the Dark Web)
- The arrest of a local Florida narcotics dealer through the DEA’s cracking of the Drug Web
In this “Tales from the Crypto” keynote, attendees will be enthralled by some of the cybersecurity-oriented tactics used by the DEA to find the bad guys. Through the telling of the stories above, learn about some of the intelligent crypto-tracing, tracing, and tactics used to follow the money… and the drugs… to the servers… and eventually to the criminals. All of the referenced stories are a matter of public record and have been adjudicated. There’s a lot to learn from this exciting presentation that will give cybersecurity leaders a number of items to think about as they manage their corporate infrastructure!
Speaker:
- Summit Day One Closing Session
- DAY TWO
- Welcome / Introductions
-
Using Data Protection for Ransomware Recovery 9:25 am
With the growth of ransomware and cybercrime, Data Protection is rapidly becoming the go to solution to help organizations recover from a Ransomware event and avoid paying the Ransom and hope your data made available. Current approaches are designed around a backup centric approach, whereas a new approach centered around restore and getting organizations back up and running as quickly as possible are critical.
Join this session to learn best practices of how to evaluate your current data protection solution and what changes you may need to make to be ready to recover from a Ransomware event.
Speaker:
-
Risk Mitigation Strategies for TCP/IP Vulnerabilities in OT 9:45 am
Join this session to dive into the industry’s most comprehensive study of TCP/IP vulnerabilities. We will cover 14 vulnerabilities affecting the popular closed source TCP/IP stack NicheStack. These vulnerabilities can cause Denial of Service or Remote Code Execution, allowing attackers to take targeted OT and ICS devices offline or take control of them.
Join this discussion to learn about:
- Recently discovered vulnerabilities and how they impact the NicheStack TCP/IP stack
- Organizations and devices with the highest potential to be affected
- How to assess and mitigate risk and protect enterprise networks
Speaker:
-
The ROI of Zero Trust and the Move to Distributed Enterprise 10:05 am
The move towards zero-trust architectures and cloud applications has left many organizations to question the value of migration. While there are important technical considerations around zero-trust and SASE/SSE solutions, this presentation looks at the positive return-on-investment in their implementation.
Speaker:
-
Advanced Supply Chain Security 10:50 am
Presented by SecurityScorecard
SecurityScorecard’s CISO Mike Wilkes discusses supply chain management and how a modern approach to governance of cyber risk requires effective engagement of the board of directors. This presentation references two recent World Economic Forum publications on the principles of evaluating new and existing risks with a view towards providing operational resilience by understanding the strategic role of information security.
Speaker:
-
Remote Workforce: Authorization Intercept, Recording & Tracking 11:10 am
Learn what benefits organizations gain from the latest security controls around remote access including session recording, authorization intercept on demand and modeling of remote user behavior. How ZTNA and SASE are making this possible without major investments in products, manpower, infrastructure or change and why the remote worker also enjoys faster access performance to their applications and services.
Speakers:
-
Expert Panel Discussion: DevSecOps: Application Security in Hybrid, Multi-Cloud Environments 11:30 am
89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots. As the application landscape continues to grow, and the increased use of cloud-native architectures challenges traditional approaches, cybersecurity leaders are often looking for new ways to understand potential vulnerabilities. With faster iterations from Agile Development pushing the DevSecOps Teams to move as quickly as possible, there is ample room for gaps to appear.
In this panel, our experts will discuss some of the various approaches to address these issues. The discussion will cover challenges faced by teams of all sizes, and processes, tools and methods that are in use to address.
Panel Participants:
- Lunch Break
-
Keynote: Creating Florida’s First Cybersecurity Program: Lessons Learned So Far 12:30 pm
Serving as Florida’s Chief Information Officer, Jamie Grant leads the Florida Digital Service and is responsible for the state’s CDO, CISO, Chief of Service Experience, and the State Data Center. Tasked with developing the state’s first ever enterprise approach to technology, he will share the progress this far in building Florida’s technology office and why partnership is foundational to its success.
Appointed personally by the Governor, Mr. Grant leveraged the work done by Florida Cyber Task Force, which has become an advisory board with a public and private partnership, to take a brand new approach for a state-wide digital service. Cybersecurity is core to its mission, as the “battlefield” for warfare moves to the modern age. Protecting citizens, assets, information and infrastructure is the building block for stable government services.
Grant will share experiences that will benefit cybersecurity leaders–be they in the public or private sectors. He’ll talk about cutting bureaucracy, budgeting, staffing, working with solution providers, and motivating teams to strive for a meaningful mission.
Speaker:
-
What CISOs Get Wrong about Connected Device Product Security (and Why You Should Care) 1:15 pm
With billions of connected devices powering up every year, crowded markets have created unique challenges and opportunities for device manufacturers. In this environment, competitive differentiation is key. As attackers move away from application layer attacks, connected devices are now the ultimate low-hanging fruit to offer unauthorized access to critical IT and OT networks.
Breaches in product security will have unprecedented impacts on device manufacturers and owners. According to Gartner, cyber-physical attacks resulting in fatal casualties will cost over $50B by 2023. Even the White House is taking note, with a new Cybersecurity EO that will add new requirements for secure software.
In this presentation by Finite State, we’ll take a close look at how product security breaches occur, and how the financial impact of these breaches have tangible permanent effects on industry competitors. Learn proactive approaches to product security that are being adopted by some of the world’s largest device manufacturers, as well as how to ensure that your product security strategies generate value for your customers and shareholders.
Speaker:
-
Ransomware Decoded: Understanding & Preventing Modern Ransomware Attacks 1:35 pm
Learn how to become fearless in the face of modern ransomware attacks. Next-gen ransomware has evolved to better evade standard defenses and targeted attacks stand a high chance of success against underprepared environments, making a behavior-based approach to prevention, detection, and response required for success.
Join our session to understand how to deploy fearless ransomware protection to detect the preliminary stages of a ransomware attack, fully analyze the scope and scale of the operation, and prevent the execution of the malicious ransomware payload to mitigate future cyber risk.
WHY SHOULD I ATTEND?
– Learn about the latest ransomware trends
– Dissect discoveries from Cybereason’s Nocturnus team
– Become empowered to defend against ransomware
Speaker:
-
The Art & Science of Cloud Security 2:15 pm
Come learn about the beauty of the cloud while applying the right “science” to securing your multiple cloud services. We will discuss the journey to the cloud and how security tools all work together to build a unified cloud security strategy work of art.
Speaker:
-
Ransomware Resilience 2:35 pm
With the proliferation of data-driven digital business growing at an exponential pace, so is the pace of cyber security threats and attacks, such as ransomware. Cyberattacks can cost a company $1.4 Million on average in recovery when you add in the cost of lost productivity, reputation damage, and service disruption.
Are you at risk? Can your backup keep pace with the speed of recovery that’s needed today? Attend this session to find out why traditional backup won’t save you from a ransomware attack and how continuous data protection helps you to prepare, respond and recover from an attack.
Speaker:
-
Expert Panel Discussion: Recover from Ransomware: Coming Back After an Attack 2:55 pm
Whether you chose to pay the ransomware or not, industry experts tell you to treat your entire network as contaminated. Rebuilding images, devices, re-formatting storage, and all the rest is part of this process. In this panel, our experts will talk about what to do first – and what to avoid, and where the traps may lie.
Panel Participants:
-
Introduction to Risk-Based Vulnerability Management 3:40 pm
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.
But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.
Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:
- Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
- Details the findings on how risk-based is the way to get ahead in vulnerability management
- Lays out several factors that drive better remediation performance
- Provides steps for setting up a successful risk-based vulnerability management program
Speaker:
-
CISO RoundTable 4:00 pm
Submit your bio for consideration to participate on our CISO RoundTable
to [email protected] or fill out our Call for Speakers form here.
Panel Participants:
- Closing Session + Prize Drawing
-
Partners
Platinum Partners
Gold Partners
Silver Partners
Bronze Partners
Exhibiting Partners
Affiliate Partners