
Virtual Summit
Southern California
Virtual Cybersecurity Summit
While life in Southern California might have the reputation for being fairly glamorous, cybersecurity professionals know the world of data security is a very serious business. Grow your skillset and connect virtually with your peers at the Southern California Virtual Cybersecurity Summit.
This full-day event will allow you and your fellow security professionals to learn from industry thought leaders and experts, with a curated schedule designed to meet your needs. You’ll hear from expert panels, insightful keynote speakers, and the CISO RoundTable, each offering a new perspective on how to keep your organization safe from threats. The sessions will take place in an immersive virtual environment, allowing you to tune in from anywhere and gain the knowledge you need for success.
SEE A SNEAK PEEK OF OUR KEYNOTE HERE
Date
Thu. Sep 30
-
Featured Speakers
John Felker
Keynote Speaker: Cybersecurity Leadership Lessons, from Hawaii to Afghanistan
Nemi GeorgeCISO RoundTable
Jeffrey JohnsonCISO RoundTable
E.J. HilbertCISO RoundTable
Richard GreenbergCISO RoundTable
Jeff FarinichCISO RoundTable
Mark Dy-RagosCISO RoundTable
Event Schedule
Times for this Event are in Pacific Time (PDT/PST)
The Summit will be open from 8AM to 6PM.
- Welcome / Introductions
-
Is Active Directory and Multi-Cloud Leaving you Exposed? 8:30 am
Come learn why Active Directory has become a primary target for attackers and how multi-cloud adoption is dramatically expanding your attack surface. We will discuss advanced attacks that are exploiting these weaknesses and outline steps you should take to reduce your risk of being compromised.
Panel Participants:
-
Securing the Modern API Ecosystem 8:50 am
APIs are central to digital transformation. Public cloud adoption, modern application architectures, and cloud-native designs capitalize on APIs as a foundational building block. Meanwhile, Gartner predicts that APIs will become the most frequently targeted attack vector by 2022. Attendees of this presentation will learn modern API strategies for security and risk management, including how to perform:
- API discovery and inventory management
- continuous vulnerability identification and testing
- runtime prevention and detection
Importantly, we will focus on orchestration across business, technology, and security teams to empower API-centric business and technology strategies with a shared, complete picture of API risks from code to production.
Panel Participants:
-
Trends in Third-Party Risk 9:30 am
As the world changes, third-party risk management requirements change too. So, what can you expect in 2021? How can you prepare for what’s ahead? We’ve helped implement thousands of third-party risk management programs, and in doing so, we’ve seen how organizations’ needs have evolved. There are proactive measures you can take to stay ahead of the curve. But in order to execute against and adapt to these third-party risk trends, you need to first know what the future holds.
In this session, we’ll answer the following questions:
-What are the latest trends for third-risk management?
-How your organization adapts to current and future trends?
-What can you do to future-proof your third-party risk management program?
-Where can you go to keep up-to-date with new third-party risk trends as they emerge?
Panel Participants:
-
Zero Trust Security for Everywhere Workplace 9:50 am
As we see pandemic restrictions starting to subside around the globe, the impact of the “Remote” Tech Tsunami that accompanied the pandemic has started to become a reality. From advanced vulnerabilities impacting Edge Technologies, to the Everywhere Workplace, companies are faced with greater security challenges and vulnerability threats now more than ever before.
Join Ivanti’s Global CTO, Mike Riemer, as he covers security and control challenges faced by businesses in today’s “new” world as well as how the recent acquisitions of Pulse Secure and Mobile Iron provide Ivanti customers with the most comprehensive Cloud to Edge, Zero Trust Access solution, available in today’s market.
Panel Participants:
-
Expert Panel Discussion: Protecting Users 10:10 am
Protecting Users - Identity, Endpoints and Access Management
The 2000’s view of “perimeter” in terms of security conjures up an analogy about castles and moats… but today, the question is, where is the moat? As we turbo-charged Work From Home this year, and BYOD is just a way of life – have your Identity and Access Management practices kept-up?
Panel Participants:
-
Do’s and Don'ts for Business Email Compromise (BEC) and Email Account Compromise (EAC) 10:55 am
Email fraud leads to two main threats- one is Business Email Compromise (BEC) where attackers pretend to be you; the other one is Email Account Compromise (EAC) where attackers actually become you. BEC/EAC scams have cost the victimized businesses over $26 billion since 2016. What they have in common is that they both target people. They both rely on social engineering and are designed to solicit fraudulent wire transfers or payment. Unlike malware attacks, BEC and EAC don’t typically include detectable malicious payload. These types of threats can be hard to recognize because to the target these business requests sent by the impostors seem very routine and reasonable.
Join our session and learn about:
- What is BEC and EAC? And how do they work?
- What are the common attack tactics regarding this new form of email threats?
- Best practices to defend against BEC and EAC
Panel Participants:
-
Risk Mitigation Strategies for TCP/IP Vulnerabilities in OT 11:15 am
Join this session to dive into the industry’s most comprehensive study of TCP/IP vulnerabilities. We will cover 14 vulnerabilities affecting the popular closed source TCP/IP stack NicheStack. These vulnerabilities can cause Denial of Service or Remote Code Execution, allowing attackers to take targeted OT and ICS devices offline or take control of them.
Join this discussion to learn about:
- Recently discovered vulnerabilities and how they impact the NicheStack TCP/IP stack
- Organizations and devices with the highest potential to be affected
- How to assess and mitigate risk and protect enterprise networks
Panel Participants:
-
Keynote Speaker: Cybersecurity Leadership Lessons, from Hawaii to Afghanistan 11:35 am
If it’s not Illegal, immoral, or unethical – it’s on the table. John Felker led some of our nation’s largest and most important groups within consequential missions related to security, defense and protection. Pulling from his experiences at CISA, NCCIC, the US Coast Guard Cyber Command, and more, he will share with the Conference audience his most prescient takeaways from a lifetime of service, with a specific focus on cybersecurity.
Today, cybersecurity leaders are uniquely positioned to lead their peers and the organizations they serve as we are among the most sought-after, read-in, and connected executives in our respective firms. Patching together a depth of technical knowledge, Mr. Felker will focus on further developing information gathering practices, leadership style, and effective decision making in team-based environments that will embody your character as a leader and at the same time encourage the loyalty and compliance of staff at all levels.
Look for best practices on delegation, setting metrics, training, accountability, and building effective teams in this unique presentation from a monumental executive leader.
Panel Participants:
-
Lunch Break Sponsored by Kenna Security 12:30 pm
Responsible Exposure: The Attacker-Defender Divide
According to a recent study, about one-third of vulnerabilities have exploit code published before a patch is made available. When this code is made public prior to the release of a patch, cybercriminals get a critical head start. However, not exposing the vulnerability could leave the public at risk. This sparks the long debate on responsible exposure which requires researchers and software vendors to work together to benefit the whole community.
In this short lunch briefing, Ed Bellis of Kenna Security will discuss a recent study that explores the lifecycle of 473 vulnerabilities. This session will highlight what really happens after a vulnerability is discovered and reveal surprising insights into the effectiveness of responsible vulnerability disclosure and exploit development and much more.
Panel Participants:
-
Office, Home or Hybrid - Manage and Secure Endpoints Anywhere, Anytime 12:50 pm
Cyberattacks have quadrupled since the beginning of the pandemic. Lots of endpoints are currently on their own when it comes to being managed and protected. What will happen when these machines come back to the office, or are they coming back at all? This presentation will address the different scenarios that companies may encounter and how to resolve them by automating their endpoint management.
Panel Participants:
-
Don’t Phreak Out: Bring VOIP, P2P, and Server-initiated Access into the Zero Trust Era 1:10 pm
It all started with phreaking the phone network and a few clever hackers. Today business runs on IP networks and VOIP is an important application used by employees, contractors, and partners. Hackers today focus on attacking these private IP networks and they target vulnerable VPNs to gain access. Consequently, organizations are turning to zero trust network access (ZTNA) to protect their networks and applications against these attacks. For the longest time only VPNs were used to enable remote access for VOIP, P2P, or server-initiated flows. That changes now. Learn how you can add VOIP, P2P, and server-initiated flows into a zero trust network access model.
Panel Participants:
-
Self-Learning AI: Redefining Enterprise Security 1:30 pm
In this new era of cyber-threat, characterized by both slow and stealthy attacks and rapid, automated campaigns, static and siloed security tools are failing – and the challenge has gone beyond one that is human-scalable. Organizations need to urgently rethink their strategy to ensure their systems, critical data, and people are protected, wherever they are. Today’s Autonomous, Self-Learning defenses are capable of identifying and neutralizing security incidents in seconds, not hours – before the damage is done.
In this session, learn how self-learning AI:
- Detects, investigates, and responds to threats – even while you are OOTO
- Protects your entire workforce and the digital environment – wherever they are, whatever the data
- Defends against zero-day and other advanced attacks – without disrupting the organization
Panel Participants:
-
Expert Panel Discussion: Ransomware 1:55 pm
100 Ransomware Attacks Since Colonial Pipeline: What Have We Learned?
Whether you chose to pay the ransomware or not, industry experts tell you to treat your entire network as contaminated. Rebuilding images, devices, re-formatting storage, and all the rest is part of this process. In this panel, our experts will talk about what to do first – and what to avoid, and where the traps may lie.
Panel Participants:
-
Ransomware Resilience 2:30 pm
Ransomware attacks continue to bring an elevated threat of data loss and business disruptions. Legacy backup solutions do not meet the recovery needs or SLAs your organization needs.
Join this live session and hear how your company can:
- Instantly resume operations post-attack
- Reduce your data loss from days to seconds/minutes
- Test and isolate data to ensure a safe recovery
Panel Participants:
-
Introduction to Risk-Based Vulnerability Management 2:50 pm
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.
But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.
Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:
- Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
- Details the findings on how risk-based is the way to get ahead in vulnerability management
- Lays out several factors that drive better remediation performance
- Provides steps for setting up a successful risk-based vulnerability management program
Panel Participants:
-
Automatic Vulnerability Discovery: False Promise for the DevSecOps World? 3:25 pm
DevSecOps suggests that all security activities should be as automated as possible. Regarding automatic vulnerability discovery: How much can we expect? How many vulnerabilities are discovered automatically? How many are still undetected (escapes or false negatives)? Are automatic tools enough? In this talk, we will answer and teach you how to answer these and other related questions in a quantitative way.
Panel Participants:
-
What CISOs Get Wrong About Connected Device Product Security (And Why You Should Care) 3:45 pm
With billions of connected devices powering up every year, crowded markets have created unique challenges and opportunities for device manufacturers. In this environment, competitive differentiation is key. As attackers move away from application layer attacks, connected devices are now the ultimate low-hanging fruit to offer unauthorized access to critical IT and OT networks.
Breaches in product security will have unprecedented impacts on device manufacturers and owners. According to Gartner, cyber-physical attacks resulting in fatal casualties will cost over $50B by 2023. Even the White House is taking note, with a new Cybersecurity EO that will add new requirements for secure software.
In this presentation by Finite State, we’ll take a close look at how product security breaches occur, and how the financial impact of these breaches have tangible permanent effects on industry competitors. Learn proactive approaches to product security that are being adopted by some of the world’s largest device manufacturers, as well as how to ensure that your product security strategies generate value for your customers and shareholders.
Panel Participants:
-
Expert Panel Discussion: AI/ML 4:05 pm
AI/ML and Other Leading-Edge Innovations in Cybersecurity
We get it, Artificial Intelligence (AI) with particular focus on Machine Learning (ML) is one way to overcome advanced threats with particular attention to scale. That said, those terms are thrown at our executives to delight, amaze and confuse them. How do we really discern between them as tools in our kit versus ‘Weapons of Mass Distraction’?
Panel Participants:
-
CISO RoundTable 4:40 pm
Submit your bio for consideration to participate on our CISO RoundTable
to [email protected] or fill out our Call for Speakers form here.
Panel Participants:
- Closing Session + Prize Drawing
-
Partners
Gold Partners
Silver Partners
Bronze Partners
Exhibiting Partners
Affiliate Partners