Event Schedule

Times for the Event are in Mountain Time (MDT/MST).

The Conference will be open from 8:30 AM to 5 PM.

• Welcome / Introductions
• Special Welcome from FBI SAC Dennis Rice 9:05 am

  Speaker:

  Dennis Rice

  Dennis Rice

  Special Agent in Charge at FBI

  Collapse This Item

• Keynote: DHS/CISA - Defending our Nation’s Critical Infrastructure in a time of Crisis 9:15 am

  Our DHS-CISA Cybersecurity Agent will discuss the linkages between cyberspace and physical systems and best practices for reducing those vulnerabilities. Resilience is just as important as defense and forming a relationship with CISA will help you as a security professional to stay up-to-date, and know how to report incidents to your local authorities.

  He will provide an in-depth analysis of securing IT assets and maintaining operational capabilities.  CISA works closely with industry leaders, technical experts, and academic leaders throughout the region. Today, they will share some insights and advice on best practices, policies and procedures, based on the guidance from The Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (CISA).

  Click to Expand

  Speaker:

  Richard Gardner

  Richard Gardner

  Cyber Security Advisor, Region VIII Integrated Operations Division, Cybersecurity and Infrastructure Security Agency at CISA

  Collapse This Item

• The State of Secure Identity 9:55 am

  Presented by Auth0

  Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security. The Auth0 State of Secure Identity report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies. 

  During this session, we’ll provide greater insight into which industries are: 

  • Most highly targeted by credential stuffing attacks 
  • Most highly targeted by SQL injection attacks 
  • Leading the way in MFA adoption to improve overall security posture 

  We’ll also shed light on: fake account creation, MFA bypass attacks, and what defensive measures are being adopted to combat these identity security threats.

  Click to Expand

  Speaker:

  Gatewood Green

  Gatewood Green

  Principal Security Architect at Auth0

  Collapse This Item

• Security Considerations: Before, During and After and Attack 10:20 am

  Presented by Pure Storage

  The world of data backup and recovery has evolved with ransomware to highlight the need for a resiliency architecture that gives an organization the ability to quickly and reliably get back up and running after a cyber attack. This session will dive into how an attack (such as ransomware) unfolds and key considerations to give before, during and after so that the post-event recovery needs of the business can be achieved.

  Click to Expand

  Speaker:

  Andy Stone

  Andy Stone

  CTO - Americas at Pure Storage

  Collapse This Item

• Expert Panel Discussion: Recover from Ransomware: Coming Back After an Attack 10:45 am

  Whether you chose to pay the ransomware or not, industry experts tell you to treat your entire network as contaminated.  Rebuilding images, devices, re-formatting storage, and all the rest is part of this process.  In this panel, our experts will talk about what to do first – and what to avoid, and where the traps may lie.

  Click to Expand

  Panel Participants:

  Chris Hass

  Chris Hass

  Director of Information Security and Research at Automox

  Casey Harrington

  Casey Harrington

  Special Agent, Federal Bureau of Investigation

  Paul Whittier

  Paul Whittier

  West Region Director at Adlumin

  Andy Stone

  Andy Stone

  CTO - Americas at Pure Storage

  Philip Rosen

  Philip Rosen

  Manager, Information Security Concierge Services at Arctic Wolf Networks

  Collapse This Item

• Security Through Maturity: Assess and Improve your Cloud Infrastructure Security 11:40 am

  Presented by Ermetic

  When securing your AWS, Azure or GCP environment, the stakes are high — and so may be your blood pressure! With so many different variables to consider when designing and implementing a security strategy, you need a clear framework for setting priorities and building a plan of action. 

  Best practices and compliance standards are a good first step. But they don’t give you a tool for assessing the maturity of your current cloud security practices and a roadmap for continuous improvement. 

  We created a modern framework that defines the key guidelines for a comprehensive cloud security strategy. It is lightweight and easy to understand and serves as a guide for prioritizing and implementing security controls and procedures in a way that will make stakeholders open to collaborating with you. 

  In this session you will learn how to: 

  • Gain a clear picture of where your organization currently stands on its path to a secure cloud environment
  • Design a cloud security strategy for your enterprise with clear and practical milestones
  • Create a common language between various stakeholders in your organization
  • Leverage an automated solution to improve your security

  Click to Expand

  Speaker:

  Or Priel

  Or Priel

  VP Enablement at Ermetic

  Collapse This Item

• Lunch Break
• Demo Session: Take Control of Your Endpoints With baramundi 12:15 pm

  Presented by baramundi

  Keeping track and actively managing your endpoints can be a challenging task. Flexible work hours and locations often cause headaches when it comes to IT security and management. Using tools like the baramundi management suite can reduce the workload and increase your overall IT security significantly. In our live demo we’ll showcase some best practices in patch management, inventory and automation.

  Click to Expand

  Speaker:

  David Sterz

  David Sterz

  Principal Consultant at Baramundi

  Collapse This Item

• Demo Session: Kubernetes Runtime Security 12:25 pm

  Presented by Sysdig

  Learn how Sysdig protects our customers from attempted exploits in live environments. We will provide a quick example of securing containers, CaaS (AWS Fargate), Kubernetes, and hosts with out-of-the-box policies based on open source Falco.

  Click to Expand

  Speaker:

  Alexander Lawrence

  Alexander Lawrence

  Principal Security Architect at Sysdig

  Collapse This Item

• Keynote Presentation: Human Security Engineering: Stop Relying on the Failed Human Firewall 12:45 pm

  While the main perception is that the “user problem” is due to a malicious party trying to trick well intentioned users, users who are unaware, apathetic, careless, etc., are more likely to be the cause of loss. Either way, the cybersecurity industry realizes this and develops tactics such as awareness, MFA, DLP, etc. to mitigate the problem. Despite all of these tactics, 90%+ of all losses result from attacks targeting users. What this talk proposes is a comprehensive strategy to address the insider threat, whether it results from malicious or well meaning insiders.

  I refer to the comprehensive strategy as Human Security Engineering (HSE) and it involves creating a model that looks similar to the MITRE ATT&CK framework. The strategy involves identifying how a user loss is enabled, how it is initiated, and how loss is ideally mitigated before it can be realized. Applying HSE, security professionals can look at the entire sequence of a potential loss and determine what and where are the most cost effective countermeasures to implement. Applying individual tactics has proved to be ineffective in stopping the problem on a large scale. At least one company has begun to implement HSE and has drastically cut phishing losses.

  Click to Expand

  Speaker:

  Ira Winkler

  Ira Winkler

  Chief Security Architect at Walmart

  Collapse This Item

• Getting It Just Right: Achieving Least Privilege in Cloud and Hybrid Environments 1:35 pm

  Presented by Authomize

  Achieving Least Privilege has emerged as a critical goal for the modern enterprise. Getting Least Privilege right has always been a difficult task, and moving to the cloud has not made it any easier. Lock down too much and you can’t get business done. Lock down too little and see your corporate data up for sale to the highest bidder. This gets even more complicated in multi-cloud and hybrid environments, where access controls are fragmented and enforcing unified policies becomes extremely difficult.

  Traditional generic tool sets that provide extreme flexibility at the cost of speed of deployment lack built-in best practices that help you navigate these increasingly complex environments. And targeted solutions that solve your problems in a narrow area of your business over focus and complicate management and deployment in rapidly evolving organizations.

  In this session we’ll discuss a practical approach to security that reduces your risk and keeps your cloud and hybrid information safe through a least privilege approach. This discussion will include:

  • Covering all the Bases: Make sure your solution had enough breadth
  • Find the right depth: Achieve balance between too much and too little control
  • Security as a Team Sport: Extend your security team with collaboration and automated assistance
  • Best Practices: Buy and use expertise in the box
  • Security isn’t quarterly: Make sure your security is constantly being evaluated

  Click to Expand

  Speaker:

  David Bullas

  David Bullas

  Director of Solutions Engineering at AUTHOMIZE

  Collapse This Item

• Stopping Ransomware with Autonomous Response 2:15 pm

  Presented by Darktrace

  New strains of ransomware are leaving organizations vulnerable – too often, security teams lack the ability to respond proportionately to an attack, leading to cyber disruption across the organization. 

  Join SME, Darktrace’s TITLE, as he/she/they unpacks some of today’s most advanced ransomware threats. Learn how Self-Learning AI understands the organization to reveal every stage of a ransomware attack – and takes targeted, autonomous action to stop the threat in its tracks. 

  This presentation will discuss: 

  • Recent ransomware threat trends, including double extortion and RDP attacks 
  • How Autonomous Response takes action to contain an emerging attack, even when security teams are out of office 
  • Real-world examples of ransomware detected by Darktrace AI – including a zero-day and an attack initiated on Christmas Day

  Click to Expand

  Panel Participants:

  Konnor Andersen

  Konnor Andersen

  Vice President of the Global Email and SaaS Security Business Units at Darktrace

  Collapse This Item

• Managing Cloud Risk Without Slowing App Delivery 2:40 pm

  Presented by Sysdig

  As organizations move workloads to the cloud they realize their software development approach needs to radically change. Securing the cloud requires a total re-think as well. Although security teams still need to manage access rights, fix vulnerabilities, and detect runtime threats, the techniques have evolved.

  Learn how the largest financial services, media and software companies address cloud security. You will gain insight into the top security challenges and pragmatic techniques to manage cloud risk without slowing down application delivery. Alexander Lawrence, Sysdig Solutions Director, will share our customers’ best practices for securing containers, Kubernetes and cloud services. 

  Click to Expand

  Panel Participants:

  Alexander Lawrence

  Alexander Lawrence

  Principal Security Architect at Sysdig

  Collapse This Item

• Expert Panel Discussion: Identity & Access 2022 3:05 pm

  The 2000’s view of “perimeter” in terms of security conjures up an analogy about castles and moats… but today, the question is, where is the moat? As we turbo-charged Work From Home this year, and BYOD is just a way of life – have your Identity and Access Management practices kept-up?

  Click to Expand

  Panel Participants:

  Adam Fisher

  Adam Fisher

  Principal Security Engineer at Salt Security

  David Bullas

  David Bullas

  Director of Solutions Engineering at AUTHOMIZE

  Konnor Andersen

  Konnor Andersen

  Vice President of the Global Email and SaaS Security Business Units at Darktrace

  Gatewood Green

  Gatewood Green

  Principal Security Architect at Auth0

  Collapse This Item

• Remote Work – The Wild West of Endpoint Management 3:50 pm

  Presented by baramundi

  The pandemic forced many of us to switch to working remotely overnight. At the time this was and continues to be an ongoing challenge for IT Departments that need to manage and maintain their remote endpoints. Now that companies are trending towards long-term remote work options, IT Infrastructure has to continue to adapt to the new and demanding ways of working from home. During this session we will cover what remote work has to do with the Wild West and what you need to be aware of to tame these challenges.

  Click to Expand

  Speaker:

  Axel Peters

  Axel Peters

  VP West Operations, baramundi

  Collapse This Item

• Cyber Executive RoundTable 4:15 pm

  Submit your bio for consideration to participate on our Cyber Executive RoundTable

  to [email protected] or fill out our Call for Speakers form here.

  Click to Expand

  Panel Participants:

  Ira Winkler

  Ira Winkler

  Chief Security Architect at Walmart

  Richard Gardner

  Richard Gardner

  Cyber Security Advisor, Region VIII Integrated Operations Division, Cybersecurity and Infrastructure Security Agency at CISA

  Blaine Carter

  Blaine Carter

  Global CIO at FranklinCovey

  Chris Williamson

  Chris Williamson

  Sr VP Information Systems and Security at Myriad Genetics

  Rob Gray

  Rob Gray

  Sr. Leader, Global Cybersecurity at Henry Schein

  Collapse This Item

• Conference Closing Session
• Networking Reception