• Featured Speakers

    Collapse This Item

Event Schedule

Times for this Event are in Eastern Time (EDT/EST)

The Summit will be open from 8AM to 6PM.

  • Welcome / Introductions
  • CISO Author Interview - Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future 8:26 am

    The Greater DFW Area is blessed with a great many learned CISOs, and we’re pleased to have George Finney, CISO from Southern Methodist University (SMU) as part of the agenda for the Dallas Cybersecurity Summit.

    Today, we’ll dig into his latest book, “Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future.”  Well Aware offers a timely take on the leadership issues that businesses face when it comes to the threat of hacking. This book examines security challenges using lessons learned from psychology, neuroscience, history, and economics.

    Spanning those habits – literacy, skepticism, vigilance, secrecy, culture, diligence, community, mirroring, and deception – are stories that assert that cybersecurity is not a technology problem; it’s a people problem.

    In this “fireside chat” style Q&A, George will be interviewed by our moderator Michael.  He will share some of the lessons from the book, experiences on learnings from his 20+ year CISO career and talk about his inspirations.

    Click to Expand

    Panel Participants:

    George Finney
    George Finney

    George Finney

    CISO at Southern Methodist University

    Collapse This Item

  • Disrupting Lateral Movement by Securing Active Directory 8:42 am

    Presented by Attivo Networks

    Organizations continue to build their security stacks, yet advanced threats and insiders continue to breach networks and extract valuable data. A common tactic among most of these Ransomware and Advanced Threat Actors today involves leveraging Active Directory. AD contains all of the information that an attacker needs to successfully move laterally and accomplish their mission. 

    In this session, Nick Houck will explore a new method for securing Active Directory that can (for the first time) actually prevent an attacker from progressing laterally through your enterprise network. 

    Some key highlights include: 

    • How Threat Actors use AD to accomplish their goals 
    • Why Monitoring Active Directory is not enough 
    • What simple tools you can deploy to dramatically improve your security posture by better securing AD
    Click to Expand

    Panel Participants:

    Nick Houck
    Nick Houck

    Nick Houck

    Senior Security Strategist at Attivo

    Collapse This Item

  • The State of Secure Identity 2021 8:58 am

    Presented by Auth0

    Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security. The 2021 Auth0 State of Secure Identity report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies. 

    During this session, we’ll provide greater insight into which industries are: 

    – Most highly targeted by credential stuffing attacks 

    – Most highly targeted by SQL injection attacks 

    – Leading the way in MFA adoption to improve overall security posture 

    We’ll also shed light on: fake account creation, MFA bypass attacks, and what defensive measures are being adopted to combat these identity security threats.

    Click to Expand

    Panel Participants:

    Jameeka Green Aaron
    Jameeka Green Aaron

    Jameeka Green Aaron

    CISO at Auth0

    Collapse This Item

  • Ransomware Decoded: Understanding & Preventing Modern Ransomware Attacks 9:45 am

    Presented by Cybereason

    Learn how to become fearless in the face of modern ransomware attacks. Next-gen ransomware has evolved to better evade standard defenses and targeted attacks stand a high chance of success against underprepared environments, making a behavior-based approach to prevention, detection, and response required for success.

    Join our session to understand how to deploy fearless ransomware protection to detect the preliminary stages of a ransomware attack, fully analyze the scope and scale of the operation, and prevent the execution of the malicious ransomware payload to mitigate future cyber risk.

    WHY SHOULD I ATTEND?

    – Learn about the latest ransomware trends

    – Dissect discoveries from Cybereason’s Nocturnus team

    – Become empowered to defend against ransomware

    Click to Expand

    Panel Participants:

    Trevor Eastin
    Trevor Eastin

    Trevor Eastin

    Field Lead Engineer at Cybereason

    Collapse This Item

  • Remote Work – The Wild West of Endpoint Management 10:01 am

    Presented by baramundi

    The pandemic forced many of us to switch to working remotely overnight. At the time this was and continues to be an ongoing challenge for IT Departments that need to manage and maintain their remote endpoints. Now that companies are trending towards long-term remote work options, IT Infrastructure has to continue to adapt to the new and demanding ways of working from home. During this session we will cover what remote work has to do with the Wild West and what you need to be aware of to tame these challenges.

    Click to Expand

    Panel Participants:

    Axel Peters
    Axel Peters

    Axel Peters

    VP West Coast Operations at baramundi

    Collapse This Item

  • Expert Panel Discussion: Ransomware Prevention/Preparation, or the Closest You Can Come to it (Pre-Attack Practices) 10:17 am

    Unless you’ve been under a rock, you’ve seen some big ransomware headlines. Moreover, ransomware-as-a-service changes the way many cyber leaders think about this topic, and changes some of the economics related to it. In this panel, our experts will talk about best practices, tactics and tricks for prevention and preparation. [NOTE: Post-Attack concepts will be discussed separately in a panel this afternoon]  Sensitive data is put at risk, huge sums of money are in the balance, and organizations must struggle between expediency and the bottom line.

    Click to Expand

    Panel Participants:

    Brian Smith
    Brian Smith

    Brian Smith

    CTO, Co-founder at Spyderbat

    Nick Houck
    Nick Houck

    Nick Houck

    Senior Security Strategist at Attivo

    Jason Jones
    Jason Jones

    Jason Jones

    Lead Solutions Engineer at ExtraHop

    Anand Singh
    Anand Singh

    Anand Singh

    Global CISO at Alkami

    Collapse This Item

  • Rise of Secure Access Service Edge (SASE) 11:00 am

    Presented by Bitglass

    Secure access service edge has quickly emerged as a hot topic in cybersecurity, but what exactly does it mean and why should organizations care? As cloud migration, BYOD adoption, and remote work have skyrocketed in prevalence, it has become increasingly apparent that organizations need to think differently about security. While legacy tools like firewalls are no longer equipped to handle the modern IT ecosystem, SASE platforms like Bitglass are built for this exact moment. In this presentation, you will learn: 

    * The core components of a SASE platform like Bitglass. 

    * The functionality you need to secure cloud, web, and remote access use cases. 

    * Architectural considerations you should keep in mind when comparing SASE vendors.

    Click to Expand

    Panel Participants:

    Jonathan Andresen
    Jonathan Andresen

    Jonathan Andresen

    Senior Director at BitGlass

    Collapse This Item

  • Introduction to Risk-Based Vulnerability Management 11:23 am

    Presented by Kenna Security

    Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities. 

    But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first. 

    Join Kenna Security’s CTO and Co-Founder Ed Bellis as he: 

    • Reviews what years of research into vulnerability management data uncovered about the scope of the challenge 
    • Details the findings on how risk-based is the way to get ahead in vulnerability management 
    • Lays out several factors that drive better remediation performance 
    • Provides steps for setting up a successful risk-based vulnerability management program
    Click to Expand

    Panel Participants:

    Ed Bellis
    Ed Bellis

    Ed Bellis

    CTO and Co-Founder at Kenna Security

    Collapse This Item

  • Keynote: James Harris 11:42 am

    Insights from the FBI Internet Crime Complaint Center (IC3): 2021 Trends

    IC3.gov is the ultimate compendium of cyber-crime related data in the United States, and likely the world. In this riveting keynote, James Harris will further explain the myriad of activity taken by the FBI, in partnership with other agencies and local law enforcement, a complaint reaches the database. 

    Criminal prosecutions,  asset recovery, national cyber threats, and all manner of compromises and internet-facilitated crimes start with the key trends discussed in this presentation.  Look for important metrics used by the Bureau to understand which nation-state actors, ransomware groups, and all manner of threat actors are most lethal today. This data will be shared for the first time at the Summit, with particular focus on some of the aspects most important to cybersecurity leaders in the audience. 

    Data shared will include details from the National Threat Operations Center (NTOC), the Department of Homeland Security (DHS), Department of Justice (DOJ), as well as Texas Field Offices in Houston, Dallas and San Antonio. This previews some of the insights that will be further detailed in the IC3 Annual Report due out next year, and include specific best practices for cyber leaders across the state to better protect their staff, information, and assets. 

    Click to Expand

    Panel Participants:

    James T. Harris, Jr.
    James T. Harris, Jr.

    James T. Harris, Jr.

    SMAPA at the FBI Cyber Division

    Collapse This Item

  • Lunch Break
  • Securing the Modern API Ecosystem 12:40 pm

    Presented by Noname Security

    APIs are central to digital transformation. Public cloud adoption, modern application architectures, and cloud-native designs capitalize on APIs as a foundational building block. Meanwhile, Gartner predicts that APIs will become the most frequently targeted attack vector by 2022. Attendees of this presentation will learn modern API strategies for security and risk management, including how to perform:

    • API discovery and inventory management
    • continuous vulnerability identification and testing
    • runtime prevention and detection

    Importantly, we will focus on orchestration across business, technology, and security teams to empower API-centric business and technology strategies with a shared, complete picture of API risks from code to production.

    Click to Expand

    Panel Participants:

    Karl Mattson
    Karl Mattson

    Karl Mattson

    CISO at Noname Security

    Collapse This Item

  • Zero Trust Security for Everywhere Workplace 1:03 pm

    Presented by Ivanti

    As we see pandemic restrictions starting to subside around the globe, the impact of the “Remote” Tech Tsunami that accompanied the pandemic has started to become a reality. From advanced vulnerabilities impacting Edge Technologies, to the Everywhere Workplace, companies are faced with greater security challenges and vulnerability threats now more than ever before. 

    Join Ivanti’s Global CTO, Mike Riemer, as he covers security and control challenges faced by businesses in today’s “new” world as well as how the recent acquisitions of Pulse Secure and Mobile Iron provide Ivanti customers with the most comprehensive Cloud to Edge, Zero Trust Access solution, available in today’s market.

    Click to Expand

    Panel Participants:

    Michael Riemer
    Michael Riemer

    Michael Riemer

    Global Vice President, Office of the CTO at Ivanti

    Collapse This Item

  • Expert Panel Discussion: Empowering Users to be the Best Human Firewall in your Organization 1:28 pm

    Your business users, those oft-confused carbon-based life forms normally roaming the halls of your office building, are now at home on their (probably very secure) private networks. Maybe with corporate devices, maybe not. This makes it more important than ever to arm them with tools, training and the sense to look for suspicious activity.

    Our panelists today will talk more about this issue, and what you can do to make your users the best last line of defense.

    Click to Expand

    Panel Participants:

    Dan Tyrrell
    Dan Tyrrell

    Dan Tyrrell

    Manager, Professional Services at Cobalt Labs Inc

    Mackenzie Jackson
    Mackenzie Jackson

    Mackenzie Jackson

    Developer Advocate at GitGuardian

    Ian Hassard
    Ian Hassard

    Ian Hassard

    Senior Manager, Product Management at Auth0

    Collapse This Item

  • How Leaky Can it Git? How Scanning Public Git Repository Commits Uncovered 2 Million Leaked Secrets in 2020 2:09 pm

    Presented by GitGuardian

    Leaked secrets like API keys, security certificates and other credentials are a growing security risk for organizations which has led to many high profile security breaches. The biggest source of leaked credentials is without question within public git repositories. GitHub, the largest host of open-source code, had more than 60 million repositories created in a single year. Public code distribution on this scale brings with it a serious security threat, especially when you consider the many leaks that happen on personal repositories outside of organizations control. 

    With such a vast amount of data stored on GitHub, it has been difficult to quantify the extent of this problem, until now. GitGuardian conducted the largest research project to date on leaked secrets in public repositories. The project scanned 2.5 million commits a day and over 1 billion commits throughout the year uncovering over 2 million leaked secrets. This presentation looks at why secrets and other sensitive information are frequently leaked through git including the type of secrets commonly leaked and where. Additionally, the presentation will look at how to prevent Secrets Sprawl from individual developers, security teams and organizations as a whole.

    Click to Expand

    Panel Participants:

    Mackenzie Jackson
    Mackenzie Jackson

    Mackenzie Jackson

    Developer Advocate at GitGuardian

    Collapse This Item

  • The Automation Journey: Where's the Wall 2:31 pm

    Presented by Swimlane

    Gartner says 69% of Boards of Directors accelerated their digital business initiatives following COVID-19 disruption.  This has made organizations shorten the time to integrate technologies, reduce the effort it takes to update them, and reduce development costs.  We will discuss the automation journey and where we are seeing where most organizations hit the ‘automation’ wall.

    Click to Expand

    Panel Participants:

    Bryon Page
    Bryon Page

    Bryon Page

    Director, Solutions Architecture at Swimlane

    Collapse This Item

  • Expert Panel Discussion: DevSecOps: Application Security in Hybrid, Multi-Cloud Environments 2:51 pm

    89% of CISOs say microservices API, containers, and Kubernetes have created application security blind spots. As the application landscape continues to grow, and the increased use of cloud-native architectures challenges traditional approaches, cybersecurity leaders are often looking for new ways to understand potential vulnerabilities. With faster iterations from Agile Development pushing the DevSecOps Teams to move as quickly as possible, there is ample room for gaps to appear. 

    In this panel, our experts will discuss some of the various approaches to address these issues. The discussion will cover challenges faced by teams of all sizes, and processes, tools and methods that are in use to address.

    Click to Expand

    Panel Participants:

    Giora Engel
    Giora Engel

    Giora Engel

    CEO & Co-Founder at Neosec

    Jerry Gamblin
    Jerry Gamblin

    Jerry Gamblin

    Director Of Security Research at CISCO

    Brianna Leddy
    Brianna Leddy

    Brianna Leddy

    Director of Analysis at Darktrace

    George Cassels
    George Cassels

    George Cassels

    Director of Technology, Enterprise at Telos

    Collapse This Item

  • Automatic Vulnerability Discovery: False Promise for the DevSecOps World? 3:28 pm

    Presented by Fluid Attacks

    DevSecOps suggests that all security activities should be as automated as possible. 

    Regarding automatic vulnerability discovery: How much can we expect? How many vulnerabilities are discovered automatically? How many are still undetected (escapes or false negatives)? Are automatic tools enough? In this talk, we will answer and teach you how to answer these and other related questions in a quantitative way.

    Click to Expand

    Panel Participants:

    Daniel Salazar
    Daniel Salazar

    Daniel Salazar

    Lead DevSecOps Engineer at Fluid Attacks

    Collapse This Item

  • The Art & Science of Cloud Security 3:51 pm

    Presented by Lookout

    Come learn about the beauty of the cloud while applying the right “science” to securing your multiple cloud services. We will discuss the journey to the cloud and how security tools all work together to build a unified cloud security strategy work of art.

    Click to Expand

    Panel Participants:

    Hank Schless
    Hank Schless

    Hank Schless

    Senior Manager, Security Solutions at Lookout

    Collapse This Item

  • Guest Keynote: Grounds’ Rules for Cyber Risk Quantification (CRQ) 4:12 pm

    A Realist’s Guide on Why CRQ is a Prerequisite and How to Do It Right.

    In almost all areas of business and corporate management, we speak in terms of facts, figures and real fiscal currencies. So why do cybersecurity leaders opt for gradients (low, medium, high, critical) and colors (Green, Amber, Red… “traffic light” chart)?

    This keynote will analyze the key reasons why qualitative risk methods and relative ratings are woefully inadequate and do not meet basic business needs; and delve into their weakness as it pertains to the inputs and conclusions.  

    Adding business context and factoring in criticality, potential revenue impact, and likelihood to occur are a start; however, vulnerabilities rated (relatively) based on their technical characteristics and overall exploitability will not build an accurate risk picture.  Gavin will then expand on specific techniques on how to quickly adopt a meaningful quantitative risk management (QRM) methodology and framework that is not exclusively built around minimizing Annualized Loss Expectancy (ALE).

    Specific working examples will highlight why ALE-based risk quantification is only a part of the equation. Further, the talk will expand on how using QRM can go beyond risk reduction to deliver measurable and quantifiable analysis to support business enablement and rationalize cybersecurity controls and investment levels. 

    In essence, his session will help business leaders to understand how to factor cyber risk and technology services risk into business risk in a meaningful, quantifiable fashion.

    Click to Expand

    Panel Participants:

    Gavin Grounds
    Gavin Grounds

    Gavin Grounds

    Exec. Director Cyber Security Strategy and Information Risk Management at Verizon

    Collapse This Item

  • Special Guest Interview - John Kindervag 4:46 pm

    After eight and a half years at Forrester Research where he was a Vice President and Principal Analyst on the Security and Risk Team, John went on join Palo Alto Networks as a Field CTO, and is now at ON2IT.

    Still a DFW-Area local, John is considered one of the world’s foremost cybersecurity experts. He is best known for creating the revolutionary Zero Trust Model of Cybersecurity.

    In this session, join John and George Finney for this brief interview.

    Click to Expand

    Speaker:

    John Kindervag
    John Kindervag

    John Kindervag

    Senior Vice President, Cybersecurity Strategy

    Collapse This Item

  • CISO RoundTable 5:06 pm

    Submit your bio for consideration to participate on our CISO RoundTable

    to [email protected] or fill out our Call for Speakers form here.

    Click to Expand

    Panel Participants:

    Chuck Springer
    Chuck Springer

    Chuck Springer

    CISO at First American Payment System

    Patrick Benoit
    Patrick Benoit

    Patrick Benoit

    Global Head of Cyber GRC / BISO at CBRE

    Dave Belanger
    Dave Belanger

    Dave Belanger

    CISO at Maxor National Pharmacy Services

    Chris Wolski
    Chris Wolski

    Chris Wolski

    CISO at Port of Houston Authority

    Anand Singh
    Anand Singh

    Anand Singh

    Global CISO at Alkami

    Jeff Kirby
    Jeff Kirby

    Jeff Kirby

    CISO at Interstate Batteries

    Collapse This Item

  • Closing Session + Prize Drawing