Registration

Thu. Oct 14

Registration for qualified senior cybersecurity professionals. Subject to approval.

Event Schedule

Times for this Event are in Eastern Time (EDT/EST)

The Summit will be open from 8AM to 6PM.

  • Welcome / Introductions
  • Disrupting Lateral Movement by Securing Active Directory 8:30 am

    Presented by Attivo Networks

    Organizations continue to build their security stacks, yet advanced threats and insiders continue to breach networks and extract valuable data. A common tactic among most of these Ransomware and Advanced Threat Actors today involves leveraging Active Directory.  AD contains all of the information that an attacker needs to successfully move laterally and accomplish their mission. 

    In this session, Joseph Salazar will explore a new method for securing Active Directory that can (for the first time) actually prevent an attacker from progressing laterally through your enterprise network.  Some key highlights include:

    • How Threat Actors use AD to accomplish their goals
    • Why Monitoring Active Directory is not enough
    • What simple tools you can deploy to dramatically improve your security posture by better securing AD
    Click to Expand

    Panel Participants:

    Joseph Salazar
    Joseph Salazar

    Joseph Salazar

    Technical Deception Engineer, CISSP, CEH, EnCE at Attivo

    Collapse This Item

  • Broken Authentication: Fixing One of the Most Critical Web Application Security Risks 8:50 am

    Presented by Auth0

    Authentication is a cornerstone capability of any application. Ensuring a user is who they say they are is crucial to maintaining data privacy and preventing fraud and data breaches. Consequently, improperly implemented authentication, known as broken authentication, is a potentially devastating application vulnerability. In fact, the Open Web Application Security Project (OWASP) lists broken authentication as the second most critical security risk to web applications.

     This session will provide:

    • An overview of broken authentication; 
    • Why it’s so dangerous;
    • The types of threats that can take advantage of this vulnerability;
    • How you can prevent this most critical application security risk.
    Click to Expand

    Panel Participants:

    Andrew Akers
    Andrew Akers

    Andrew Akers

    Senior Manager, Solutions at Auth0

    Collapse This Item

  • Ransomware Decoded: Understanding & Preventing Modern Ransomware Attacks 9:30 am

    Presented by Cybereason

    Learn how to become fearless in the face of modern ransomware attacks. Next-gen ransomware has evolved to better evade standard defenses and targeted attacks stand a high chance of success against underprepared environments, making a behavior-based approach to prevention, detection, and response required for success.

    Join our session to understand how to deploy fearless ransomware protection to detect the preliminary stages of a ransomware attack, fully analyze the scope and scale of the operation, and prevent the execution of the malicious ransomware payload to mitigate future cyber risk.

    WHY SHOULD I ATTEND?

    – Learn about the latest ransomware trends

    – Dissect discoveries from Cybereason’s Nocturnus team

    – Become empowered to defend against ransomware

    Click to Expand

    Panel Participants:

    Maggie MacAlpine
    Maggie MacAlpine

    Maggie MacAlpine

    Security Strategist at Cybereason

    Collapse This Item

  • Office, Home or Hybrid - Manage and Secure Endpoints Anywhere, Anytime 9:50 am

    Presented by baramundi

    Cyberattacks have quadrupled since the beginning of the pandemic. Lots of endpoints are currently on their own when it comes to being managed and protected. What will happen when these machines come back to the office, or are they coming back at all? This presentation will address the different scenarios that companies may encounter and how to resolve them by automating their endpoint management.

    Click to Expand

    Panel Participants:

    Axel Peters
    Axel Peters

    Axel Peters

    Endpoint Security Executive at baramundi

    Collapse This Item

  • Expert Panel Discussion: Ransomware Prevention/Preparation, or the Closest You Can Come to it (Pre-Attack Practices) 10:10 am

    Session Details Coming Soon

    Click to Expand

    Collapse This Item

  • Subject Matter Expert Session - More Details to Come 10:55 am
  • Rise of Secure Access Service Edge (SASE) 11:15 am

    Presented by Bitglass

    Secure access service edge has quickly emerged as a hot topic in cybersecurity, but what exactly does it mean and why should organizations care? As cloud migration, BYOD adoption, and remote work have skyrocketed in prevalence, it has become increasingly apparent that organizations need to think differently about security. While legacy tools like firewalls are no longer equipped to handle the modern IT ecosystem, SASE platforms like Bitglass are built for this exact moment. In this presentation, you will learn: 

    * The core components of a SASE platform like Bitglass. 

    * The functionality you need to secure cloud, web, and remote access use cases. 

    * Architectural considerations you should keep in mind when comparing SASE vendors.

    Click to Expand

    Panel Participants:

    Jonathan Andresen
    Jonathan Andresen

    Jonathan Andresen

    Senior Director at BitGlass

    Collapse This Item

  • Keynote: Pamela Clegg 11:35 am

    Ransomware Investigations and Actionable Intelligence from DarkSide and REvil

    Ransomware is now a threat equal to terrorism. Cryptocurrencies have proven to be a lucrative modus operandi for criminal groups and state-actors looking to launder funds and evade sanctions. Cryptocurrency intelligence products, such as CipherTrace Inspector, can remove the financial incentives from ransomware perpetrators without risking brute force attacks. In May 2021, US-based Colonial Pipeline paid 75 BTC ($4.3M USD at the time) after a ransomware attack from DarkSide severely hindered the refinery’s operations. In March 2020, a DOJ Verified complaint illustrated how North Korea launched sophisticated attacks on cryptocurrency exchanges to finance their WMD program by laundering hundreds of millions of dollars’ worth of the stolen cryptocurrency through several banks and cryptocurrency exchanges. An uptick in Iranian and DPRK state-sponsored ransomware also led to OFAC issuing an advisory in October 2020 to alert companies that engage with victims of ransomware attacks of the potential sanctions risks for facilitating ransomware payments. 

    Learn how investigators were able to utilize blockchain analysis tools to follow the illicit flow of funds and see exactly how bad actors moved stolen crypto to virtual asset service providers and, eventually, banks.   

    Objectives: 

    • Examine how blockchain analytics enabled investigators to follow the flow of funds in recent ransomware cases like DarkSide (Colonial Pipeline)
    • Explore the role banks play in converting crypto to fiat  
    • Understand how ransomware is used to evade sanctions  
    • Look at the risks financial institutions face by processing ransomware payments for customers  
    • Learn which methods North Korean hackers have used to steal, obfuscate, and launder their crypto
    Click to Expand

    Panel Participants:

    Pamela Clegg
    Pamela Clegg

    Pamela Clegg

    VP of Financial Investigations at CipherTrace

    Collapse This Item

  • Lunch Break Sponsor
  • Introduction to Risk-Based Vulnerability Management 12:50 pm

    Presented by Kenna Security

    Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities. 

    But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first. 

    Join Kenna Security’s CTO and Co-Founder Ed Bellis as he: 

    • Reviews what years of research into vulnerability management data uncovered about the scope of the challenge 
    • Details the findings on how risk-based is the way to get ahead in vulnerability management 
    • Lays out several factors that drive better remediation performance 
    • Provides steps for setting up a successful risk-based vulnerability management program
    Click to Expand

    Panel Participants:

    Ed Bellis
    Ed Bellis

    Ed Bellis

    CTO and Co-Founder at Kenna Security

    Collapse This Item

  • Securing the Modern API Ecosystem 1:10 pm

    Presented by Noname Security

    APIs are central to digital transformation. Public cloud adoption, modern application architectures, and cloud-native designs capitalize on APIs as a foundational building block. Meanwhile, Gartner predicts that APIs will become the most frequently targeted attack vector by 2022. Attendees of this presentation will learn modern API strategies for security and risk management, including how to perform:

    • API discovery and inventory management
    • continuous vulnerability identification and testing
    • runtime prevention and detection

    Importantly, we will focus on orchestration across business, technology, and security teams to empower API-centric business and technology strategies with a shared, complete picture of API risks from code to production.

    Click to Expand

    Panel Participants:

    Karl Mattson
    Karl Mattson

    Karl Mattson

    CISO at Noname Security

    Collapse This Item

  • Zero Trust Security for Everywhere Workplace 1:20 pm

    Presented by Ivanti

    As we see pandemic restrictions starting to subside around the globe, the impact of the “Remote” Tech Tsunami that accompanied the pandemic has started to become a reality. From advanced vulnerabilities impacting Edge Technologies, to the Everywhere Workplace, companies are faced with greater security challenges and vulnerability threats now more than ever before. 

    Join Ivanti’s Global CTO, Mike Riemer, as he covers security and control challenges faced by businesses in today’s “new” world as well as how the recent acquisitions of Pulse Secure and Mobile Iron provide Ivanti customers with the most comprehensive Cloud to Edge, Zero Trust Access solution, available in today’s market.

    Click to Expand

    Panel Participants:

    Michael Riemer
    Michael Riemer

    Michael Riemer

    Global Vice President, Office of the CTO at Ivanti

    Collapse This Item

  • Expert Panel Discussion: Empowering Users to be the Best Human Firewall in your Organization 2:05 pm

    Session Details Coming Soon

    Click to Expand

    Panel Participants:

    Dan Tyrrell
    Dan Tyrrell

    Dan Tyrrell

    Manager, Professional Services at Cobalt Labs Inc

    Collapse This Item

  • Subject Matter Expert Session - More Details to Come 2:20 pm
  • Subject Matter Expert Session - More Details to Come 2:40 pm
  • Automatic Vulnerability Discovery: False Promise for the DevSecOps World? 3:15 pm

    Presented by Fluid Attacks

    DevSecOps suggests that all security activities should be as automated as possible. 

    Regarding automatic vulnerability discovery: How much can we expect? How many vulnerabilities are discovered automatically? How many are still undetected (escapes or false negatives)? Are automatic tools enough? In this talk, we will answer and teach you how to answer these and other related questions in a quantitative way.

    Click to Expand

    Panel Participants:

    Daniel Salazar
    Daniel Salazar

    Daniel Salazar

    Lead DevSecOps Engineer at Fluid Attacks

    Collapse This Item

  • Attackers Go Mobile in the Face of a Global Pandemic 3:35 pm

    Presented by Lookout

    The pandemic has changed everything- the way we live, the way we work and the way we protect what’s important to us. The most impactful change to enterprises was the transition to hybrid work and how it shifted the threat landscape for mobile attacks. 

    Everyone relies on their mobile devices to connect to enterprise infrastructure, making both personal and corporate assets susceptible to sophisticated threat actors. In response to heightened security measures, threat actors are getting creative; perpetuating the cat-and-mouse game between attackers and their targets. 

    In this session, we’ll look at how the mobile threat landscape has shifted over the course of the transition toward widespread hybrid work, how some of the most successful attackers have manipulated unsuspecting users into compromising their devices and discuss solutions for mitigating these attacks.

    Click to Expand

    Panel Participants:

    Kristina Balaam
    Kristina Balaam

    Kristina Balaam

    Senior Security Intelligence Researcher at Lookout

    Collapse This Item

  • Expert Panel Discussion: Recover from Ransomware: Coming Back After an Attack 4:00 pm

    Session Details Coming Soon

    Click to Expand

    Collapse This Item

  • CISO RoundTable 4:25 pm

    Submit your bio for consideration to participate on our CISO RoundTable

    to [email protected] or fill out our Call for Speakers form here.

    Click to Expand

    Collapse This Item

  • Closing Session + Prize Drawing
Register