Registration - Step 1 of 2

Wed. Oct 06 — Thu. Oct 07

Registration for qualified senior cybersecurity professionals. Subject to approval.
Please submit form to proceed to the next step where you can access a VIP discount code for FREE ADMISSION.

SAVE $200 BY COMPLETING YOUR REGISTRATION TODAY*

* Savings applied with VIP code at checkout

Step 1 of 2

  • Featured Speakers

    Collapse This Item

Event Schedule

Times for this Event are in Central Time (CDT/CST)

The Conference will be open from 8AM to 6PM.

  • DAY ONE
  • Welcome / Introductions
  • Expert Panel Discussion: Ransomware Prevention/Preparation, or the Closest You Can Come to It (Pre-Attack Practices) 12:10 pm

    Unless you’ve been under a rock, you’ve seen some big ransomware headlines. Moreover, ransomware-as-a-service changes the way many cyber leaders think about this topic, and changes some of the economics related to it. In this panel, our experts will talk about best practices, tactics and tricks for prevention and preparation. [NOTE: Post-Attack concepts will be discussed separately in a panel this afternoon]  Sensitive data is put at risk, huge sums of money are in the balance, and organizations must struggle between expediency and the bottom line.

    Click to Expand

    Collapse This Item

  • Disrupting Lateral Movement by Securing Active Directory 12:45 pm

    Presented by Attivo Networks

    Organizations continue to build their security stacks, yet advanced threats and insiders continue to breach networks and extract valuable data. A common tactic among most of these Ransomware and Advanced Threat Actors today involves leveraging Active Directory. AD contains all of the information that an attacker needs to successfully move laterally and accomplish their mission. 

    In this session, Tom Atkins will explore a new method for securing Active Directory that can (for the first time) actually prevent an attacker from progressing laterally through your enterprise network. 

    Some key highlights include:

    • How Threat Actors use AD to accomplish their goals
    • Why Monitoring Active Directory is not enough
    • What simple tools you can deploy to dramatically improve your security posture by better securing AD
    Click to Expand

    Panel Participants:

    Tom Atkins
    Tom Atkins

    Tom Atkins

    Regional VP at Attivo

    Collapse This Item

  • Broken Authentication: Fixing One of the Most Critical Web Application Security Risks 1:10 pm

    Presented by Auth0

    Authentication is a cornerstone capability of any application. Ensuring a user is who they say they are is crucial to maintaining data privacy and preventing fraud and data breaches. Consequently, improperly implemented authentication, known as broken authentication, is a potentially devastating application vulnerability. In fact, the Open Web Application Security Project (OWASP) lists broken authentication as the second most critical security risk to web applications.

    This session will provide:

    • An overview of broken authentication;
    • Why it’s so dangerous;
    • The types of threats that can take advantage of this vulnerability;
    • How you can prevent this most critical application security risk.
    Click to Expand

    Panel Participants:

    Andrew Akers
    Andrew Akers

    Andrew Akers

    Senior Manager, Solutions at Auth0

    Collapse This Item

  • Expert Panel Discussion: Empowering Users to Be the Best Human Firewall in Your Organization 1:45 pm

    Your business users, those oft-confused carbon-based life forms normally roaming the halls of your office building, are now at home on their (probably very secure) private networks. Maybe with corporate devices, maybe not. This makes it more important than ever to arm them with tools, training and the sense to look for suspicious activity.  

    Our panelists today will talk more about this issue, and what you can do to make your users the best last line of defense.

    Click to Expand

    Panel Participants:

    Dan Tyrrell
    Dan Tyrrell

    Dan Tyrrell

    Manager, Professional Services at Cobalt Labs Inc

    Collapse This Item

  • Ransomware Decoded: Understanding & Preventing Modern Ransomware Attacks 2:20 pm

    Presented by Cybereason

    Learn how to become fearless in the face of modern ransomware attacks. Next-gen ransomware has evolved to better evade standard defenses and targeted attacks stand a high chance of success against underprepared environments, making a behavior-based approach to prevention, detection, and response required for success.

    Join our session to understand how to deploy fearless ransomware protection to detect the preliminary stages of a ransomware attack, fully analyze the scope and scale of the operation, and prevent the execution of the malicious ransomware payload to mitigate future cyber risk.

    WHY SHOULD I ATTEND?

    – Learn about the latest ransomware trends

    – Dissect discoveries from Cybereason’s Nocturnus team

    – Become empowered to defend against ransomware

    Click to Expand

    Panel Participants:

    Maggie MacAlpine
    Maggie MacAlpine

    Maggie MacAlpine

    Security Strategist at Cybereason

    Collapse This Item

  • Office, Home or Hybrid - Manage and Secure Endpoints Anywhere, Anytime 2:45 pm

    Presented by baramundi

    Cyberattacks have quadrupled since the beginning of the pandemic. Lots of endpoints are currently on their own when it comes to being managed and protected. What will happen when these machines come back to the office, or are they coming back at all? This presentation will address the different scenarios that companies may encounter and how to resolve them by automating their endpoint management.

    Click to Expand

    Panel Participants:

    Axel Peters
    Axel Peters

    Axel Peters

    Endpoint Security Executive at baramundi

    Collapse This Item

  • Supply Chain & Third Party Risk Management 3:30 pm

    Presented by ZPE Systems

    A supply chain encompasses the entire network of all the individuals, organizations, resources, activities, and technology involved in the creation and sale of a product.  The ultimate goal of an effective supply chain is lower costs of doing business thus resulting in higher profits and improved customer satisfaction. The process of bringing in a third party involves identifying, assessing and controlling all the various risks that can develop over the entire lifecycle of such relationships. 

    Click to Expand

    Collapse This Item

  • Rise of Secure Access Service Edge (SASE) 3:55 pm

    Presented by Bitglass

    Secure access service edge has quickly emerged as a hot topic in cybersecurity, but what exactly does it mean and why should organizations care? As cloud migration, BYOD adoption, and remote work have skyrocketed in prevalence, it has become increasingly apparent that organizations need to think differently about security. While legacy tools like firewalls are no longer equipped to handle the modern IT ecosystem, SASE platforms like Bitglass are built for this exact moment.

    In this presentation, you will learn: 

    • The core components of a SASE platform like Bitglass.
    • The functionality you need to secure cloud, web, and remote access use cases.
    • Architectural considerations you should keep in mind when comparing SASE vendors
    Click to Expand

    Panel Participants:

    Jonathan Andresen
    Jonathan Andresen

    Jonathan Andresen

    Senior Director at BitGlass

    Collapse This Item

  • CISO RoundTable 4:20 pm

     

    Submit your bio for consideration to participate on our CISO RoundTable

    to [email protected] or fill out our Call for Speakers form here.

    Click to Expand

    Panel Participants:

    Patrick Benoit
    Patrick Benoit

    Patrick Benoit

    Global Head of Cyber GRC / BISO at CBRE

    Anand Singh
    Anand Singh

    Anand Singh

    Global CISO at Alkami

    Dave Belanger
    Dave Belanger

    Dave Belanger

    CISO at Maxor National Pharmacy Services

    Chuck Springer
    Chuck Springer

    Chuck Springer

    CISO at First American Payment System

    Jeff Kirby
    Jeff Kirby

    Jeff Kirby

    CISO at Interstate Batteries

    Cecil Pineda
    Cecil Pineda

    Cecil Pineda

    Cybersecurity and Data Privacy at Critical Start

    Collapse This Item

  • Day One Closing Session & Happy Hour Kick-Off
  • DAY TWO
  • Breakfast Briefing
  • Welcome / Introductions
  • Introduction to Risk-Based Vulnerability Management 9:25 am

    Presented by Kenna Security

    Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.

    But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.

    Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:

    • Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
    • Details the findings on how risk-based is the way to get ahead in vulnerability management
    • Lays out several factors that drive better remediation performance
    • Provides steps for setting up a successful risk-based vulnerability management program
    Click to Expand

    Panel Participants:

    Ed Bellis
    Ed Bellis

    Ed Bellis

    CTO and Co-Founder at Kenna Security

    Collapse This Item

  • Securing the Modern API Ecosystem 9:55 am

    Presented by Noname Security

    APIs are central to digital transformation. Public cloud adoption, modern application architectures, and cloud-native designs capitalize on APIs as a foundational building block. Meanwhile, Gartner predicts that APIs will become the most frequently targeted attack vector by 2022.Attendees of this presentation will learn modern API strategies for security and risk management, including how to perform:

    • API discovery and inventory management
    • continuous vulnerability identification and testing
    • runtime prevention and detection

    Importantly, we will focus on orchestration across business, technology, and security teams to empower API-centric business and technology strategies with a shared, complete picture of API risks from code to production.

    Click to Expand

    Panel Participants:

    Karl Mattson
    Karl Mattson

    Karl Mattson

    CISO at Noname Security

    Collapse This Item

  • Expert Panel Discussion: Recover from Ransomware: Coming Back After an Attack 10:35 am

    Whether you chose to pay the ransomware or not, industry experts tell you to treat your entire network as contaminated. Rebuilding images, devices, re-formatting storage, and all the rest is part of this process. In this panel, our experts will talk about what to do first – and what to avoid, and where the traps may lie. 

    Click to Expand

    Collapse This Item

  • Zero Trust Security for Everywhere Workplace 11:05 am

    Presented by Ivanti

    As we see pandemic restrictions starting to subside around the globe, the impact of the “Remote” Tech Tsunami that accompanied the pandemic has started to become a reality. From advanced vulnerabilities impacting Edge Technologies, to the Everywhere Workplace, companies are faced with greater security challenges and vulnerability threats now more than ever before.

    Join Ivanti’s Global CTO, Mike Riemer, as he covers security and control challenges faced by businesses in today’s “new” world as well as how the recent acquisitions of Pulse Secure and Mobile Iron provide Ivanti customers with the most comprehensive Cloud to Edge, Zero Trust Access solution, available in today’s market.

    Click to Expand

    Panel Participants:

    Michael Riemer
    Michael Riemer

    Michael Riemer

    Global Vice President, Office of the CTO at Ivanti

    Collapse This Item

  • Compliance & Automation in Cybersecurity 11:30 am

    Presented by GitGuardian

    Managing compliance needs as a continuous, organizational process (as opposed to a reactive response), amid the ever-increasing myriad of industry regulations and legislation has become a full time job for most CISOs. Automation – including artificial intelligence and machine learning will help, and are perhaps more critical than ever. As CRPA comes into play and brings the US closer to GDPR, there are also a number of touchpoints where the CDO and CISO interplay will be crucial over the coming months. 

    In this session, we will discuss the current issues with regard to compliance, monitoring, and reporting. Policy decisions and regulations that have kept CISOs busy of late, and what we can expect more of in 2021 will also be addressed.

    Click to Expand

    Collapse This Item

  • Demo Sessions / Lunch Break
  • Keynote: Ransomware Investigations and Actionable Intelligence from DarkSide and REvil 12:50 pm

    Ransomware is now a threat equal to terrorism. Cryptocurrencies have proven to be a lucrative modus operandi for criminal groups and state-actors looking to launder funds and evade sanctions. Cryptocurrency intelligence products, such as CipherTrace Inspector, can remove the financial incentives from ransomware perpetrators without risking brute force attacks. In May 2021, US-based Colonial Pipeline paid 75 BTC ($4.3M USD at the time) after a ransomware attack from DarkSide severely hindered the refinery’s operations. In March 2020, a DOJ Verified complaint illustrated how North Korea launched sophisticated attacks on cryptocurrency exchanges to finance their WMD program by laundering hundreds of millions of dollars’ worth of the stolen cryptocurrency through several banks and cryptocurrency exchanges. An uptick in Iranian and DPRK state-sponsored ransomware also led to OFAC issuing an advisory in October 2020 to alert companies that engage with victims of ransomware attacks of the potential sanctions risks for facilitating ransomware payments. 

    Learn how investigators were able to utilize blockchain analysis tools to follow the illicit flow of funds and see exactly how bad actors moved stolen crypto to virtual asset service providers and, eventually, banks.   

     Objectives: 

    • Examine how blockchain analytics enabled investigators to follow the flow of funds in recent ransomware cases like DarkSide (Colonial Pipeline)
    • Explore the role banks play in converting crypto to fiat  
    • Understand how ransomware is used to evade sanctions  
    • Look at the risks financial institutions face by processing ransomware payments for customers  
    • Learn which methods North Korean hackers have used to steal, obfuscate, and launder their crypto  
    Click to Expand

    Panel Participants:

    Pamela Clegg
    Pamela Clegg

    Pamela Clegg

    VP of Financial Investigations at CipherTrace

    Collapse This Item

  • Operational Technology (OT) & Industrial Control Systems (ICS): Cybersecurity Concerns 1:40 pm

    Presented by Swimlane

    Since the Stuxnet worm was first discovered back in 2010, attacks related to SCADA systems have been of concern. While manufacturing and utility organizations tend to talk about them more, there are wide implications across the cybersecurity landscape that touch on ICS and OT systems of all kinds. 

    In this session we will talk about why these types of attacks represent a primary concern, and what state-of-the-art looks like in terms of building protections.

    Click to Expand

    Collapse This Item

  • Automatic Vulnerability Discovery: False Promise for the DevSecOps world? 2:20 pm

    Presented by Fluid Attacks

    DevSecOps suggests that all security activities should be as automated as possible. Regarding automatic vulnerability discovery: How much can we expect? How many vulnerabilities are discovered automatically? How many are still undetected (escapes or false negatives)? Are automatic tools enough? In this talk, we will answer and teach you how to answer these and other related questions in a quantitative way.

    Click to Expand

    Panel Participants:

    Rafael Alvarez
    Rafael Alvarez

    Rafael Alvarez

    CTO at Fluid Attacks

    Collapse This Item

  • Managing the Insider Threat 2:45 pm

    Presented by Lookout

    An adversary who attacks an organization from within can prove fatal to the business and is generally impervious to conventional defenses.  Social science research has been used to explain why traditional methods fail against these trusted betrayers.  Every company must identify and utilize new management techniques, increase security, and revise workplace strategies for categorizing and defeating insider threats.

     

    There are key players in positions to either effectively support or undermine the insider threats.  Leadership style can make a difference in the way an institution recognizes and identifies these threats from rethinking background investigations to recognizing deception and using lawful disruption. Most importantly, organizations must circumvent these predators before they jeopardize the workplace and sabotage business operations.

    Click to Expand

    Collapse This Item

  • Guest Keynote: Grounds’ Rules for Cyber Risk Quantification (CRQ) 3:10 pm

    A Realist’s Guide on Why CRQ is a Prerequisite and How to Do It Right.

    In almost all areas of business and corporate management, we speak in terms of facts, figures and real fiscal currencies. So why do cybersecurity leaders opt for gradients (low, medium, high, critical) and colors (Green, Amber, Red… “traffic light” chart)?

    This keynote will analyze the key reasons why qualitative risk methods and relative ratings are woefully inadequate and do not meet basic business needs; and delve into their weakness as it pertains to the inputs and conclusions.  

    Adding business context and factoring in criticality, potential revenue impact, and likelihood to occur are a start; however, vulnerabilities rated (relatively) based on their technical characteristics and overall exploitability will not build an accurate risk picture. Gavin will then expand on specific techniques on how to quickly adopt a meaningful quantitative risk management (QRM) methodology and framework that is not exclusively built around minimizing Annualized Loss Expectancy (ALE).

    Specific working examples will highlight why ALE-based risk quantification is only a part of the equation. Further, the talk will expand on how using QRM can go beyond risk reduction to deliver measurable and quantifiable analysis to support business enablement and rationalize cybersecurity controls and investment levels. 

    In essence, his session will help business leaders to understand how to factor cyber risk and technology services risk into business risk in a meaningful, quantifiable fashion.

    Click to Expand

    Panel Participants:

    Gavin Grounds
    Gavin Grounds

    Gavin Grounds

    Exec. Director Cyber Security Strategy and Information Risk Management at Verizon

    Collapse This Item

  • Conference Final Closing Session
Register