Event Schedule

Times for this Event are in Mountain Time (MDT/MST).

The Summit will be open from 8:00 AM to 6:00 PM, both days.

• DAY ONE
• Welcome / Introductions
• Special Welcome with SAC F. Boudreaux 9:05 am

  Speaker:

  Frank J. Boudreaux, Jr.

  Frank J. Boudreaux, Jr.

  Special Agent in Charge at US Secret Service

  Collapse This Item

• Demystifying Zero Trust and Its Role in Cybersecurity 9:25 am

  Presented by ThreatLocker

  The Zero Trust framework is based on the principle of “never trust, always verify.” Join us to learn about Zero Trust, how to adopt it, and the technologies you need to take control of your environment in the fight against ransomware.

  Click to Expand

  Speaker:

  Danny Jenkins

  Danny Jenkins

  CEO at ThreatLocker

  Collapse This Item

• CIS Controls in the Real World 9:50 am

  Presented by Sentinel IPS

  As a vendor, we witness first-hand the tangible effect that best practices like the CIS Controls have on our customers’ network security. From our perspective, it’s easy to see who is on top of their security game … and who could really benefit from the guidance these controls provide. In this discussion, we’ll walk through several of the CIS Controls, review the changes to the new V8, and provide real-world case studies to illustrate how different security tools and services can work together – sometimes in not-so-obvious ways – to reduce risk, and keep your network safe and secure.

  Click to Expand

  Speaker:

  Ted Gruenloh

  Ted Gruenloh

  CEO at Sentinel IPS

  Collapse This Item

• The State of Secure Identity 10:30 am

  Presented by Auth0

  Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security. The Auth0 State of Secure Identity report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies. 

  During this session, we’ll provide greater insight into which industries are: 

  • Most highly targeted by credential stuffing attacks 
  • Most highly targeted by SQL injection attacks 
  • Leading the way in MFA adoption to improve overall security posture 

  We’ll also shed light on: fake account creation, MFA bypass attacks, and what defensive measures are being adopted to combat these identity security threats.

  Click to Expand

  Speaker:

  Gatewood Green

  Gatewood Green

  Principal Security Architect at Auth0

  Collapse This Item

• Expert Panel Discussion: Defense in Depth: New Strategies for 2022 10:55 am

  Layering Defense in Depth (DiD) with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors. From individual laptops, to VPN to the WAN, the old paradigm of “castles and moats” is soooo 1999. How are organizations preparing to defend against inventive hackers penetrating their systems in 2022?

  Click to Expand

  Panel Participants:

  Ian McShane

  Ian McShane

  Field CTO at Arctic Wolf

  Ryan Bowman

  Ryan Bowman

  Director of Solutions Engineering at ThreatLocker

  Chris Hass

  Chris Hass

  Director of Information Security and Research at Automox

  Gatewood Green

  Gatewood Green

  Principal Security Architect at Auth0

  Collapse This Item

• Lunch Break

  Collapse This Item

• Keynote Presentation: Micro-Cap Fraud: An Exercise in Complex Financial Crimes 12:10 pm

  Special Agent Suzanne Allen will take us through one of her market manipulations that has all the hallmark words of a securities fraud case: conspiracy, wire fraud, money laundering. Learn how her investigation revealed several individuals acting together to execute a debt conversion scheme in the microcap stock market.

  Click to Expand

  Speakers:

  Suzanne Allen

  Suzanne Allen

  Special Agent, Private Sector & InfraGard Coordinator at FBI - Phoenix Field Office

  Craig Moringiello

  Craig Moringiello

  Retired Assistant Special Agent in Charge at FBI

  Collapse This Item

• Disrupting Lateral Movement by Securing Active Directory 1:15 pm

  Presented by Attivo Networks

  A common tactic among advanced threat actors and ransomware attacks today involves leveraging Active Directory to move laterally and accomplish their mission. Active Directory data can give attackers credentials, privileges, access, and persistence. Protecting it must be a high priority for any organization. 

  Active Directory security requires time, resources, expertise, and visibility. Typical best practices focus on limiting privileged accounts, conducting audits, and hardening systems, but these no longer suffice to address advanced attacks. 

  Join this session to explore new options that automate defending AD from compromise to prevent lateral movement. 

  Highlights include: 

  • Live detection for attacks targeting Active Directory 
  • Attack surface reduction at both Active Directory and the endpoint 
  • Continuous visibility to AD changes that introduce new exposures 
  • Addressing Active Directory assurance to reduce risks and pass Red team tests

  Click to Expand

  Speaker:

  Joseph Salazar

  Joseph Salazar

  Technical Deception Engineer, CISSP, CEH, EnCE at Attivo

  Collapse This Item

• Security Considerations: Before, During and After an Attack 1:35 pm

  Presented by Pure Storage

  The world of data backup and recovery has evolved with ransomware to highlight the need for a resiliency architecture that gives an organization the ability to quickly and reliably get back up and running after a cyber attack. This session will dive into how an attack (such as ransomware) unfolds and key considerations to give before, during and after so that the post-event recovery needs of the business can be achieved.

  Click to Expand

  Speaker:

  Andy Stone

  Andy Stone

  CTO - Americas at Pure Storage

  Collapse This Item

• Expert Panel Discussion: What You Left Out of Your 2022 Cybersecurity Plan (& How to Fix it!) 2:00 pm

  While the 2021 headlines certainly facilitated easier discussions on expanded 2022 budget for cybersecurity, the “unknown unknowns” are a part of every cybersec leaders’ life. New threats will always arise, and bad actors didn’t take a planning break during the holiday season.

  In this panel discussion, our experts offer advice and opinions on how to best build out budget requests and add in padding for potential disruptions. They will also discuss how to best “translate” business requirements into meaningful budget items for finance and procurement teams, who are less “read-in” on cybersecurity in general.

  Click to Expand

  Panel Participants:

  E.J. Hilbert

  E.J. Hilbert

  Former FBI Cyber Agent, CISO & Founder at KCECyber

  Michael Lettman

  Michael Lettman

  Cybersecurity Advisor at DHS-CISA and former CISO at State of Arizona

  Andy Stone

  Andy Stone

  CTO - Americas at Pure Storage

  Harry Steward

  Harry Steward

  CFCE Network Intrusion Forensic Analyst at United States Secret Service - Phoenix Field Office

  Collapse This Item

• Stopping Ransomware with Autonomous Response 2:45 pm

  Presented by Darktrace

  New strains of ransomware are leaving organizations vulnerable – too often, security teams lack the ability to respond proportionately to an attack, leading to cyber disruption across the organization. 

  Join SME, Darktrace’s TITLE, as he/she/they unpacks some of today’s most advanced ransomware threats. Learn how Self-Learning AI understands the organization to reveal every stage of a ransomware attack – and takes targeted, autonomous action to stop the threat in its tracks. 

  This presentation will discuss:

  •  Recent ransomware threat trends, including double extortion and RDP attacks 
  • How Autonomous Response takes action to contain an emerging attack, even when security teams are out of office 
  • Real-world examples of ransomware detected by Darktrace AI – including a zero-day and an attack initiated on Christmas Day

  Click to Expand

  Speaker:

  Brianna Leddy

  Brianna Leddy

  Director of Analysis at Darktrace

  Collapse This Item

• Remote Work – The Wild West of Endpoint Management 3:05 pm

  Presented by baramundi

  The pandemic forced many of us to switch to working remotely overnight. At the time this was and continues to be an ongoing challenge for IT Departments that need to manage and maintain their remote endpoints. Now that companies are trending towards long-term remote work options, IT Infrastructure has to continue to adapt to the new and demanding ways of working from home. During this session we will cover what remote work has to do with the Wild West and what you need to be aware of to tame these challenges.

  Click to Expand

  Speaker:

  Axel Peters

  Axel Peters

  VP West Operations, baramundi

  Collapse This Item

• Keynote Presentation: Human Security Engineering: Stop Relying on the Failed Human Firewall 3:25 pm

  While the main perception is that the “user problem” is due to a malicious party trying to trick well intentioned users, users who are unaware, apathetic, careless, etc., are more likely to be the cause of loss. Either way, the cybersecurity industry realizes this and develops tactics such as awareness, MFA, DLP, etc. to mitigate the problem. Despite all of these tactics, 90%+ of all losses result from attacks targeting users. What this talk proposes is a comprehensive strategy to address the insider threat, whether it results from malicious or well meaning insiders.

  Click to Expand

  Speaker:

  Ira Winkler

  Ira Winkler

  Chief Security Architect at Walmart

  Collapse This Item

• Day One Closing Session
• DAY TWO
• Welcome / Introductions
• Prioritizing Remediation: A Log4j Retrospective 9:35 am

  Presented by Rapid7

  In this talk, Erick will discuss the community’s reaction to the recent state of Log4j CVEs and the remediation efforts around them. In spite of the overwhelming response from security teams and the tremendous work done to remediate the vulnerability, some organizations were compromised during their response by vulnerabilities other than Log4j — including vulnerabilities that were known to be exploited in the wild ahead of the release of Log4j. We present some ways that threat intelligence, community sentiment, and other information can help us parse through fear, uncertainty, and doubt to ensure that the vulnerabilities most likely to lead to compromise are the ones we patch first.

  Click to Expand

  Speaker:

  Erick Galinkin

  Erick Galinkin

  Principal Artificial Intelligence Researcher at Rapid7

  Collapse This Item

• A Realistic Take on Zero Trust 10:00 am

  Presented by Lookout

  Learn about how you can take a pragmatic approach to securing your multiple cloud apps and services. We will discuss the journey to the cloud and how security tools all work together to build a unified cloud security strategy that is effective and scalable for modern enterprises.

  Click to Expand

  Speaker:

  Hank Schless

  Hank Schless

  Senior Manager, Security Solutions at Lookout

  Collapse This Item

• Expert Panel Discussion: Recover from Ransomware: Coming Back After an Attack 10:20 am

  Whether you chose to pay the ransomware or not, industry experts tell you to treat your entire network as contaminated.  Rebuilding images, devices, re-formatting storage, and all the rest is part of this process.  In this panel, our experts will talk about what to do first – and what to avoid, and where the traps may lie.

  Click to Expand

  Panel Participants:

  Mark Sangster

  Mark Sangster

  Cybersecurity Expert & Author “No Safe Harbor”

  Andy Stone

  Andy Stone

  CTO - Americas at Pure Storage

  Jason Mar-Tang

  Jason Mar-Tang

  Director of Solutions Engineering at Pentera

  Collapse This Item

• Understanding Your Organization's Sensitive Data - And How You Can Protect It 11:10 am

  Presented by Cavelo

  If you’re a small or midsized business, you’ve got lots of sensitive, unstructured data across multiple file shares. Growing data privacy and protection regulations mean that every employee across the business has an obligation to know what sensitive customer data the business has, so the business can better protect it.

  Join cybersecurity industry veteran and Cavelo CEO James Mignacca as he covers:

  · The different types of sensitive data your business uses and stores, and why that matters.
  · How top threats like ransomware and phishing schemes make sensitive data vulnerable to risk and exploit.
  · Top tips and best practices IT staff, clerks and frontline team members can apply to protect your customer’s sensitive data, meet compliance requirements and streamline data management.

  Click to Expand

  Speaker:

  James Mignacca

  James Mignacca

  CEO at Cavelo

  Collapse This Item

• Compliance as a Catalyst for Reducing Risk 11:30 am

  Presented by Reciprocity

  Compliance is a required part of risk management. But are your compliance initiatives helping you bridge compliance and risk?  Effective compliance is a catalyst for developing a proactive, risk management program by providing effective controls and tools that assess, manage, and monitor risk. Compliance isn’t about checking the box, it’s about proactively protecting your company and providing assurance so that others trust doing business with you. And, demonstrating trust will be the next market shaper. 

  • Challenges in Compliance and Risk Programs
  • Five Best Practices in starting a Risk Program
  • Compliance Considerations that will Improve Your Risk Posture

  Click to Expand

  Speaker:

  Rob Ellis

  Rob Ellis

  Chief Strategy Officer at Reciprocity

  Collapse This Item

• Keynote Fireside Chat: John Kindervag 11:50 am

  After eight and a half years at Forrester Research where he was a Vice President and Principal Analyst on the Security and Risk Team, John went on to join Palo Alto Networks as a Field CTO, and is now at ON2IT.

  John is considered one of the world’s foremost cybersecurity experts. He is best known for creating the revolutionary Zero Trust Model of Cybersecurity. 

  In this Keynote Fireside Chat, John will talk about the ideation of Zero Trust, inspirations for the thinking around it and digs into some of the (many) misconceptions about it across the cybersecurity landscape. 

  Click to Expand

  Speaker:

  John Kindervag

  John Kindervag

  Senior Vice President, Cybersecurity Strategy

  Collapse This Item

• Lunch Break
• Is Your Defensive Stack Ready for a Targeted Attack? 1:15 pm

  Presented by Pentera

  A key challenge for organizations is determining if the investment in detection and response tools are performing and meeting their objective. Security teams struggle with red team and security validation processes performed in a continuous and efficient manner. How can security teams remove assumptions and shift their organization’s security program to one centered around the attacker’s perspective predicting the attacker’s next move.

  Click to Expand

  Speaker:

  Jason Mar-Tang

  Jason Mar-Tang

  Director of Solutions Engineering at Pentera

  Collapse This Item

• Expert Panel Discussion: Identity & Access 2022 1:35 pm

  The 2000’s view of “perimeter” in terms of security conjures up an analogy about castles and moats… but today, the question is, where is the moat? As we turbo-charged Work From Home this year, and BYOD is just a way of life – have your Identity and Access Management practices kept-up?

  Click to Expand

  Panel Participants:

  Tony Cole

  Tony Cole

  Chief Technology Officer at Attivo Networks

  E.J. Hilbert

  E.J. Hilbert

  Former FBI Cyber Agent, CISO & Founder at KCECyber

  Gatewood Green

  Gatewood Green

  Principal Security Architect at Auth0

  Mark Sangster

  Mark Sangster

  Cybersecurity Expert & Author “No Safe Harbor”

  Collapse This Item

• FBI Briefing: Cybersecurity Services for Building Cyber Resilience 2:15 pm

  In his remarks at the Salt Lake City Conference S.A.C. Rice expanded on the importance of public/private partnership and some statistics on the FBI services available to every organization in the region.

  Click to Expand

  Speaker:

  Dennis Rice

  Dennis Rice

  Special Agent in Charge at FBI

  Collapse This Item

• Keynote Fireside Chat: Dr. Jonathan Ward - Author, “China’s Vision of Victory” 2:45 pm

  In this fireside chat discussion, Author, consultant and frequent television commentator for Bloomberg, MSNBC, and CNN, Dr. Ward will discuss the geopolitical intricacies related to cyberthreats coming from Communist China and Russia.  Based on the ground-breaking work in his book “China’s Vision of Victory,” and his work with the US Department of Defense, other agencies and consulting for Fortune 500 organizations, Dr. Ward will take questions from the audience and discuss in more detail some of the key threats from afar. 

  Expect this talk to touch on state-sponsored hacking, and consider the government support for this type of “grey crime,” as well as how the rise of military and economic power in the Indo-Pacific affects the world’s new strategic balance.

  Click to Expand

  Speaker:

  Dr. Jonathan D. T. Ward

  Dr. Jonathan D. T. Ward

  Founder & Author - Atlas Organization

  Collapse This Item

• Cyber Executive RoundTable 3:30 pm

  Submit your bio for consideration to participate on our Cyber Executive RoundTable

  to [email protected] or fill out our Call for Speakers form here.

  Click to Expand

  Panel Participants:

  Jeff Hudesman

  Jeff Hudesman

  CISO at Pinwheel

  Morgan Reed

  Morgan Reed

  Executive Government Advisor at Amazon / AWS

  Seema Sewell

  Seema Sewell

  Assistant CISO at Maricopa County

  Ryan Murray

  Ryan Murray

  Deputy State CISO for the State of Arizona

  Kristen Sanders

  Kristen Sanders

  Former CISO at Albuquerque Bernalillo County Water Utility Authority

  Michael Lettman

  Michael Lettman

  Cybersecurity Advisor at DHS-CISA and former CISO at State of Arizona

  Collapse This Item

• Summit Closing Session