Sign Up to be Notified When Registration Opens in Your Area

  • Featured Speakers

    Collapse This Item

Event Schedule

Times for this Event are in Central Time (CDT/CST).

The Conference will be open from 11:00 AM April 13th to 5PM and 8:30 AM April 14th to 3PM.

  • DAY ONE
  • Welcome / Introductions
  • Operational Technology (OT) & Industrial Control Systems (ICS): Cybersecurity Concerns 12:20 pm
    Add to Calendar20220413 12:20 pm20220413 12:40 pmAmerica/ChicagoOperational Technology (OT) & Industrial Control Systems (ICS): Cybersecurity Concerns

    Since the Stuxnet worm was first discovered back in 2010, attacks related to SCADA systems have been of concern. While manufacturing and utility organizations tend to talk about them more, there are wide implications across the cybersecurity landscape that touch on ICS and OT systems of all kinds. 

    This session will talk about why these types of attacks represent a primary concern, and what state-of-the-art looks like in terms of building protections. 

     

    .

    Since the Stuxnet worm was first discovered back in 2010, attacks related to SCADA systems have been of concern. While manufacturing and utility organizations tend to talk about them more, there are wide implications across the cybersecurity landscape that touch on ICS and OT systems of all kinds. 

    This session will talk about why these types of attacks represent a primary concern, and what state-of-the-art looks like in terms of building protections. 

     

    Click to Expand

    Collapse This Item

  • The State of Secure Identity 12:50 pm
    Add to Calendar20220413 12:50 pm20220413 1:10 pmAmerica/ChicagoThe State of Secure Identity

    Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security. The Auth0 State of Secure Identity report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies. 

    During this session, we’ll provide greater insight into which industries are: 

    • Most highly targeted by credential stuffing attacks 
    • Most highly targeted by SQL injection attacks 
    • Leading the way in MFA adoption to improve overall security posture 

    We’ll also shed light on: fake account creation, MFA bypass attacks, and what defensive measures are being adopted to combat these identity security threats.

    Presented by Auth0

    Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security. The Auth0 State of Secure Identity report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies. 

    During this session, we’ll provide greater insight into which industries are: 

    • Most highly targeted by credential stuffing attacks 
    • Most highly targeted by SQL injection attacks 
    • Leading the way in MFA adoption to improve overall security posture 

    We’ll also shed light on: fake account creation, MFA bypass attacks, and what defensive measures are being adopted to combat these identity security threats.

    Click to Expand

    Collapse This Item

  • How Leaky Can it Git? How Scanning Public Git Repository Commits Uncovered 2 Million Leaked Secrets in 2020 1:15 pm
    Add to Calendar20220413 1:15 pm20220413 1:35 pmAmerica/ChicagoHow Leaky Can it Git? How Scanning Public Git Repository Commits Uncovered 2 Million Leaked Secrets in 2020

    Leaked secrets like API keys, security certificates and other credentials are a growing security risk for organizations which has led to many high profile security breaches. The biggest source of leaked credentials is without question within public git repositories. GitHub, the largest host of open-source code, had more than 60 million repositories created in a single year. Public code distribution on this scale brings with it a serious security threat, especially when you consider the many leaks that happen on personal repositories outside of organizations control. 

    With such a vast amount of data stored on GitHub, it has been difficult to quantify the extent of this problem, until now. GitGuardian conducted the largest research project to date on leaked secrets in public repositories. The project scanned 2.5 million commits a day and over 1 billion commits throughout the year uncovering over 2 million leaked secrets. This presentation looks at why secrets and other sensitive information are frequently leaked through git including the type of secrets commonly leaked and where. Additionally, the presentation will look at how to prevent Secrets Sprawl from individual developers, security teams and organizations as a whole.

    Presented by GitGuardian

    Leaked secrets like API keys, security certificates and other credentials are a growing security risk for organizations which has led to many high profile security breaches. The biggest source of leaked credentials is without question within public git repositories. GitHub, the largest host of open-source code, had more than 60 million repositories created in a single year. Public code distribution on this scale brings with it a serious security threat, especially when you consider the many leaks that happen on personal repositories outside of organizations control. 

    With such a vast amount of data stored on GitHub, it has been difficult to quantify the extent of this problem, until now. GitGuardian conducted the largest research project to date on leaked secrets in public repositories. The project scanned 2.5 million commits a day and over 1 billion commits throughout the year uncovering over 2 million leaked secrets. This presentation looks at why secrets and other sensitive information are frequently leaked through git including the type of secrets commonly leaked and where. Additionally, the presentation will look at how to prevent Secrets Sprawl from individual developers, security teams and organizations as a whole.

    Click to Expand

    Collapse This Item

  • Expert Panel Discussion: Managing Risk in Today's Cybersecurity Landscape 2:00 pm
    Add to Calendar20220413 2:00 pm20220413 2:30 pmAmerica/ChicagoExpert Panel Discussion: Managing Risk in Today's Cybersecurity Landscape

    Risk comes from all angles. Users, vendors, partners, systems.  What can security teams improve when attempting to convey ‘risk’ to executive and board level people within an organization?

    In this panel, we will discuss some of the many facets encountered by security leaders in organizations of all sizes, with particular focus on the threat landscape seen across the region. 

    .

    Risk comes from all angles. Users, vendors, partners, systems.  What can security teams improve when attempting to convey ‘risk’ to executive and board level people within an organization?

    In this panel, we will discuss some of the many facets encountered by security leaders in organizations of all sizes, with particular focus on the threat landscape seen across the region. 

    Click to Expand

    Collapse This Item

  • CIS Controls in the Real World 2:40 pm
    Add to Calendar20220413 2:40 pm20220413 3:00 pmAmerica/ChicagoCIS Controls in the Real World

    As a vendor, we witness first-hand the tangible effect that best practices like the CIS Controls have on our customers’ network security. From our perspective, it’s easy to see who is on top of their security game… and who could really benefit from the guidance these controls provide. In this discussion, we’ll walk through several of the CIS Controls, review the changes to the new V8, and provide real-world case studies to illustrate how different security tools and services can work together – sometimes in not-so-obvious ways – to reduce risk, and keep your network safe and secure.

    Presented by Sentinel IPS

    As a vendor, we witness first-hand the tangible effect that best practices like the CIS Controls have on our customers’ network security. From our perspective, it’s easy to see who is on top of their security game… and who could really benefit from the guidance these controls provide. In this discussion, we’ll walk through several of the CIS Controls, review the changes to the new V8, and provide real-world case studies to illustrate how different security tools and services can work together – sometimes in not-so-obvious ways – to reduce risk, and keep your network safe and secure.

    Click to Expand

    Collapse This Item

  • The Risk Management “Balance Sheet” 3:05 pm
    Add to Calendar20220413 3:05 pm20220413 3:25 pmAmerica/ChicagoThe Risk Management “Balance Sheet”

    Managing risk has always been a part of the CISO responsibility set; however, the ways in which it is managed has no clear definition. With new ransomware threats, supply chain attacks, and third-party risk in the mix – perhaps a new way to budget risk is required.  Is there an effective way to have a “risk balance sheet” – a way in which the CISO could communicate risk to the rest of the C-suite in a consistent language they would understand? 

    Attend this session to get these questions answered and more.

     

    .

    Managing risk has always been a part of the CISO responsibility set; however, the ways in which it is managed has no clear definition. With new ransomware threats, supply chain attacks, and third-party risk in the mix – perhaps a new way to budget risk is required.  Is there an effective way to have a “risk balance sheet” – a way in which the CISO could communicate risk to the rest of the C-suite in a consistent language they would understand? 

    Attend this session to get these questions answered and more.

     

    Click to Expand

    Collapse This Item

  • Cloud Clarity in 2022: Strategy, Execution & Alignment 3:45 pm
    Add to Calendar20220413 3:45 pm20220413 4:05 pmAmerica/ChicagoCloud Clarity in 2022: Strategy, Execution & Alignment

    Securely optimizing the cloud for better business outcomes is the product of clear communication of terms and expectations, alignment with business processes and functions, and partnerships among multiple internal and external stakeholders. “Activity” does not equal “progress.”  In this session, attendees will hear about creating definitional clarity, building adaptability, and creating cross-functional, business-wide alignment. 

    .

    Securely optimizing the cloud for better business outcomes is the product of clear communication of terms and expectations, alignment with business processes and functions, and partnerships among multiple internal and external stakeholders. “Activity” does not equal “progress.”  In this session, attendees will hear about creating definitional clarity, building adaptability, and creating cross-functional, business-wide alignment. 

    Click to Expand

    Collapse This Item

  • Cyber Executive RoundTable 4:10 pm
    Add to Calendar20220413 4:10 pm20220413 4:30 pmAmerica/ChicagoCyber Executive RoundTable

    Submit your bio for consideration to participate on our Cyber Executive RoundTable

    to [email protected] or fill out our Call for Speakers form here.

    .

    Submit your bio for consideration to participate on our Cyber Executive RoundTable

    to [email protected] or fill out our Call for Speakers form here.

    Click to Expand

    Panel Participants:

    Gavin Grounds
    Gavin Grounds

    Gavin Grounds

    Exec. Director Cyber Security Strategy and Information Risk Management at Verizon

    Collapse This Item

  • Day One Closing
  • Networking Reception
  • DAY TWO
  • Welcome / Introductions
  • Fighting Ransomware with Autonomous Response 9:30 am
    Add to Calendar20220413 9:30 am20220413 9:50 amAmerica/ChicagoFighting Ransomware with Autonomous Response

    New strains of ransomware are leaving organizations vulnerable – too often, security teams lack the ability to respond proportionately to an attack, leading to cyber disruption across the organization.

    Join Darktrace as we unpack some of today’s most advanced ransomware threats. Learn how Self-Learning AI understands the organization to reveal every stage of a ransomware attack – and takes targeted, autonomous action to stop the threat in its tracks.  

    This presentation will discuss: 

    • Recent ransomware threat trends, including double extortion and RDP attacks 
    • How Autonomous Response takes action to contain an emerging attack, even when security teams are out of office   
    • Real-world examples of ransomware detected by Darktrace AI – including a zero-day and an attack initiated on Christmas Day

    Presented by Darktrace

    New strains of ransomware are leaving organizations vulnerable – too often, security teams lack the ability to respond proportionately to an attack, leading to cyber disruption across the organization.

    Join Darktrace as we unpack some of today’s most advanced ransomware threats. Learn how Self-Learning AI understands the organization to reveal every stage of a ransomware attack – and takes targeted, autonomous action to stop the threat in its tracks.  

    This presentation will discuss: 

    • Recent ransomware threat trends, including double extortion and RDP attacks 
    • How Autonomous Response takes action to contain an emerging attack, even when security teams are out of office   
    • Real-world examples of ransomware detected by Darktrace AI – including a zero-day and an attack initiated on Christmas Day
    Click to Expand

    Collapse This Item

  • The Evolution of the Threat: Hunting, Detection, & Response 9:55 am
    Add to Calendar20220414 9:55 am20220414 10:15 amAmerica/ChicagoThe Evolution of the Threat: Hunting, Detection, & Response

     Nation-State attacks are not always focused on political or military adversaries. Recently, below-military-grade action can create havoc or destabilize adversaries, or manipulate markets.  Hard to trace and even harder to convict, they may affect stock price or even influence the outcome of elections. 

    Attend to talk about the problem, and see what US enterprises are doing to prepare themselves for these situations

    .

     Nation-State attacks are not always focused on political or military adversaries. Recently, below-military-grade action can create havoc or destabilize adversaries, or manipulate markets.  Hard to trace and even harder to convict, they may affect stock price or even influence the outcome of elections. 

    Attend to talk about the problem, and see what US enterprises are doing to prepare themselves for these situations

    Click to Expand

    Collapse This Item

  • Expert Panel Discussion: Ransomware: Prevention & Preparation 10:20 am
    Add to Calendar20220414 10:20 am20220414 10:50 amAmerica/ChicagoExpert Panel Discussion: Ransomware: Prevention & Preparation

    Unless you’ve been under a rock, you’ve seen some big ransomware headlines. Moreover, ransomware-as-a-service changes the way many cyber leaders think about this topic, and changes some of the economics related to it. In this panel, our experts will talk about best practices, tactics and tricks for prevention and preparation. Sensitive data is put at risk, huge sums of money are in the balance, and organizations must struggle between expediency and the bottom line. 

    .

    Unless you’ve been under a rock, you’ve seen some big ransomware headlines. Moreover, ransomware-as-a-service changes the way many cyber leaders think about this topic, and changes some of the economics related to it. In this panel, our experts will talk about best practices, tactics and tricks for prevention and preparation. Sensitive data is put at risk, huge sums of money are in the balance, and organizations must struggle between expediency and the bottom line. 

    Click to Expand

    Collapse This Item

  • AI & ML in Cybersecurity: Can We ‘Science the Heck’ Out of Trouble? 11:25 am
    Add to Calendar20220414 11:25 am20220414 11:45 amAmerica/ChicagoAI & ML in Cybersecurity: Can We ‘Science the Heck’ Out of Trouble?

    We get it, Artificial Intelligence (AI) with particular focus on Machine Learning (ML) is one way to overcome advanced threats with particular attention to scale. That said, those terms are thrown at our executives to delight, amaze and confuse them. How do we really discern between them as tools in our kit versus ‘Weapons of Mass Distraction’? 

     

    .

    We get it, Artificial Intelligence (AI) with particular focus on Machine Learning (ML) is one way to overcome advanced threats with particular attention to scale. That said, those terms are thrown at our executives to delight, amaze and confuse them. How do we really discern between them as tools in our kit versus ‘Weapons of Mass Distraction’? 

     

    Click to Expand

    Collapse This Item

  • IAM + WFH - Authentication vs Authorization 11:50 am
    Add to Calendar20220414 11:50 am20220414 12:10 pmAmerica/ChicagoIAM + WFH - Authentication vs Authorization

    The “perimeter” concept for organizational security… The castles and moats analogy no longer applies… As we all went to Work From Home quickly – we tested the boundaries of identity and authentication.

    Join this session to discuss the concepts and trends shaping identity and authentication, from IAM to passwordless, and PAM to zero-trust. 

    .

    The “perimeter” concept for organizational security… The castles and moats analogy no longer applies… As we all went to Work From Home quickly – we tested the boundaries of identity and authentication.

    Join this session to discuss the concepts and trends shaping identity and authentication, from IAM to passwordless, and PAM to zero-trust. 

    Click to Expand

    Collapse This Item

  • Lunch Break
  • Keynote Fireside Chat: John Kindervag 12:40 pm
    Add to Calendar20220414 12:40 pm20220414 1:00 pmAmerica/ChicagoKeynote Fireside Chat: John Kindervag

    After eight and a half years at Forrester Research where he was a Vice President and Principal Analyst on the Security and Risk Team, John went on to join Palo Alto Networks as a Field CTO, and is now at ON2IT.

    John is considered one of the world’s foremost cybersecurity experts. He is best known for creating the revolutionary Zero Trust Model of Cybersecurity. 

    In this Keynote Fireside Chat, John will talk about the ideation of Zero Trust, inspirations for the thinking around it and digs into some of the (many) misconceptions about it across the cybersecurity landscape.

    .

    After eight and a half years at Forrester Research where he was a Vice President and Principal Analyst on the Security and Risk Team, John went on to join Palo Alto Networks as a Field CTO, and is now at ON2IT.

    John is considered one of the world’s foremost cybersecurity experts. He is best known for creating the revolutionary Zero Trust Model of Cybersecurity. 

    In this Keynote Fireside Chat, John will talk about the ideation of Zero Trust, inspirations for the thinking around it and digs into some of the (many) misconceptions about it across the cybersecurity landscape.

    Click to Expand

    Speaker:

    John Kindervag
    John Kindervag

    John Kindervag

    Senior Vice President, Cybersecurity Strategy

    Collapse This Item

  • Beyond SolarWinds: Supply Chain & Third-Party Risk Management for 2022 1:30 pm
    Add to Calendar20220414 1:30 pm20220414 1:50 pmAmerica/ChicagoBeyond SolarWinds: Supply Chain & Third-Party Risk Management for 2022

    Even before SolarWinds Orion Code Compromise, Supply Chain Attacks were up over 400% in 2020. As we go into 2022, this attack vector will continue to  receive tremendous attention. Along with third-party risk in general, partner organizations and software systems with unfettered, privileged, deep access to infrastructure create a “perfect storm” threat for modern cyber executives.  

    In this session we will discuss these challenges in detail, as well as the multiple approaches to identify the best means of using supply chains while keeping the third-party risks at a minimum.

    .

    Even before SolarWinds Orion Code Compromise, Supply Chain Attacks were up over 400% in 2020. As we go into 2022, this attack vector will continue to  receive tremendous attention. Along with third-party risk in general, partner organizations and software systems with unfettered, privileged, deep access to infrastructure create a “perfect storm” threat for modern cyber executives.  

    In this session we will discuss these challenges in detail, as well as the multiple approaches to identify the best means of using supply chains while keeping the third-party risks at a minimum.

    Click to Expand

    Collapse This Item

  • Compliance & Automation in Cybersecurity 2:05 pm
    Add to Calendar20220414 2:05 pm20220414 2:25 pmAmerica/ChicagoCompliance & Automation in Cybersecurity

    Managing compliance needs as a continuous, organizational process (as opposed to a reactive response), amid the ever-increasing myriad of industry regulations and legislation has become a full time job for most CISOs.  Automation – including artificial intelligence and machine learning will help, and are perhaps more critical than ever. As CRPA comes into play and brings the US closer to GDPR, there are also a number of touchpoints where the CDO and CISO interplay will be crucial over the coming months. 

    This session will discuss the current issues with regard to compliance, monitoring, and reporting.  Policy decisions and regulations that have kept CISOs busy of late, and what we can expect more of in 2022 will also be addressed. 

    .

    Managing compliance needs as a continuous, organizational process (as opposed to a reactive response), amid the ever-increasing myriad of industry regulations and legislation has become a full time job for most CISOs.  Automation – including artificial intelligence and machine learning will help, and are perhaps more critical than ever. As CRPA comes into play and brings the US closer to GDPR, there are also a number of touchpoints where the CDO and CISO interplay will be crucial over the coming months. 

    This session will discuss the current issues with regard to compliance, monitoring, and reporting.  Policy decisions and regulations that have kept CISOs busy of late, and what we can expect more of in 2022 will also be addressed. 

    Click to Expand

    Collapse This Item

  • The Risk Management “Balance Sheet” 2:30 pm
    Add to Calendar20220414 2:30 pm20220414 2:50 pmAmerica/ChicagoThe Risk Management “Balance Sheet”

    Managing risk has always been a part of the CISO responsibility set; however, the ways in which it is managed has no clear definition. With new ransomware threats, supply chain attacks, and third-party risk in the mix – perhaps a new way to budget risk is required.  Is there an effective way to have a “risk balance sheet” – a way in which the CISO could communicate risk to the rest of the C-suite in a consistent language they would understand? 

    Attend this session to get these questions answered and more.

    .

    Managing risk has always been a part of the CISO responsibility set; however, the ways in which it is managed has no clear definition. With new ransomware threats, supply chain attacks, and third-party risk in the mix – perhaps a new way to budget risk is required.  Is there an effective way to have a “risk balance sheet” – a way in which the CISO could communicate risk to the rest of the C-suite in a consistent language they would understand? 

    Attend this session to get these questions answered and more.

    Click to Expand

    Collapse This Item

  • Supply Chain & Third Party Risk Management 2:55 pm
    Add to Calendar20220414 2:55 pm20220414 3:15 pmAmerica/ChicagoSupply Chain & Third Party Risk Management

    A supply chain encompasses the entire network of all the individuals, organizations, resources, activities and technology involved in the creation and sale of a product.  The ultimate goal of an effective supply chain is lower costs of doing business thus resulting in higher profits and improved customer satisfaction.  The process of bringing in a third party involves identifying, assessing and controlling all the various risks that can develop over the entire lifecycle of such relationships. 

    Join this session to drive into how sophisticated attackers can live quietly inside even organizations with significant expertise and mature security processes. 

    .

    A supply chain encompasses the entire network of all the individuals, organizations, resources, activities and technology involved in the creation and sale of a product.  The ultimate goal of an effective supply chain is lower costs of doing business thus resulting in higher profits and improved customer satisfaction.  The process of bringing in a third party involves identifying, assessing and controlling all the various risks that can develop over the entire lifecycle of such relationships. 

    Join this session to drive into how sophisticated attackers can live quietly inside even organizations with significant expertise and mature security processes. 

    Click to Expand

    Collapse This Item

  • Keynote: FBI IC3: Cybercrime Data Collection and Analysis 3:30 pm
    Add to Calendar20220414 3:30 pm20220414 4:15 pmAmerica/ChicagoKeynote: FBI IC3: Cybercrime Data Collection and Analysis

    Since 2000, the FBI’s Internet Crime Complaint Center (IC3) has received complaints crossing a wide array of cybercrime matters. Cybercrime data collection and analysis not only identifies trends, but enables efforts to control, reduce, mitigate, and prevent cybercrime.  In this discussion, Donna Gregory, Unit Chief for the FBI Cyber Division, IC3 will explain more about their mission to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI, the categories of cybercrime, types of cybercrime data collected, criteria used to measure cybercrime, and how these crimes interoperate with other cybercrime activities.

    .

    Since 2000, the FBI’s Internet Crime Complaint Center (IC3) has received complaints crossing a wide array of cybercrime matters. Cybercrime data collection and analysis not only identifies trends, but enables efforts to control, reduce, mitigate, and prevent cybercrime.  In this discussion, Donna Gregory, Unit Chief for the FBI Cyber Division, IC3 will explain more about their mission to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI, the categories of cybercrime, types of cybercrime data collected, criteria used to measure cybercrime, and how these crimes interoperate with other cybercrime activities.

    Click to Expand

    Speaker:

    Donna Gregory
    Donna Gregory

    Donna Gregory

    Unit Chief at the FBI Cyber Division, Internet Crime Complaint Center (IC3)

    Collapse This Item

  • Conference Closing
Partners Register