
Conference
New York City
Cybersecurity Conference
Connect with your peers and industry experts at the NYC Cybersecurity Conference for live, in-person sessions on topics ranging from cloud security, to protecting your organization from advanced threat actors. These engaging sessions will help you better navigate each new cyber threat that emerges.
At the NYC Cybersecurity Conference, you’ll hear insightful keynotes on vital security topics to help learn the skills needed to stay ahead of cyber threats, while having the opportunity to network with fellow cybersecurity professionals.
Book your room at the Conrad NY Downtown here!
Date
Wed. Jun 01 — Thu. Jun 02
Location
102 North End Avenue
New York, New York 10282
212-945-0100
-
Featured Speakers
Ira Winkler
Human Security Engineering: Stop Relying on the Failed Human Firewall
Jim AmbrosiniCyber Executive Panel
Dimitri McKayCyber Executive Panel
Ira WinklerCyber Executive Panel
Farid AbdelkaderCyber Executive Panel
Jim AmbrosiniCyber Executive Panel
Thomas RyanProtest-ware and The Risks to Open Source
David SchwartzInter-Agency Collaboration Panel
Kevin McClearyInter-Agency Collaboration Panel
Rich RichardInter-Agency Collaboration Panel
Darren McCormackInter-Agency Collaboration Panel
Event Schedule
Times for this Event are in Eastern Time (EDT/EST).
The Conference will be open June 1st from 10:00 AM to 6:00 PM and June 2nd from 8:00 AM to 3:15 PM.
- DAY ONE
- Welcome / Introductions
-
Delivering Zero Trust at Scale (Twice): Lessons Learned 11:00 am
As we settle into life with COVID, the topic of zero trust security and a remote workforce is top of mind for all enterprise security teams. During this session you’ll hear from security practitioners who were responsible for the zero trust strategy and implementation at two Fortune 500 global enterprises – Adobe & Cisco. They will share their experiences and tips for rolling out zero trust methodologies at scale.
The audience will gain understanding in:
- How to get started: Selling the strategy, people, process and technology
- How to make real progress in months, not years. Demonstrating continued business value
- Real world examples. Highlighting improvements to user experience and security posture.
- Tips and tricks, lessons learned and what to avoid
Speaker:
-
The State of Secure Identity 11:20 am
Digital identities control access to an ever-growing number of applications, services, and critical systems. This makes identity an interesting attack vector for threat actors, and highlights the importance of authentication and authorization in preserving trust and security. The Auth0 State of Secure Identity report highlights the latest trends in identity security, including what types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected, and the adoption rates for identity protection technologies.
During this session, we’ll provide greater insight into which industries are:
- Most highly targeted by credential stuffing attacks
- Most highly targeted by SQL injection attacks
- Leading the way in MFA adoption to improve overall security posture
We’ll also shed light on: fake account creation, MFA bypass attacks, and what defensive measures are being adopted to combat these identity security threats.
Speaker:
-
Protecting Against Cyber Attacks 11:40 am
We’ve seen the real-world consequences of cyberattacks – from the shutdown of the Colonial Pipeline to the slowing of care for hospital patients, to major disruptions in the food supply lines. The impact of a single attack can be far-reaching and devastating to all those affected. When paired with unprecedented geopolitical uncertainty, it’s never been more important for organizations to be vigilant against bad actors.
Learn the latest techniques for developing your security posture with this expert panel discussion. Come prepared with your thoughts and questions and gain an insider’s perspective on the latest threats and most effective security strategies during this thoughtful, interactive session.
Panel Participants:
- Lunch Break
-
Human Security Engineering: Stop Relying on the Failed Human Firewall 12:45 pm
While the main perception is that the “user problem” is due to a malicious party trying to trick well intentioned users, users who are unaware, apathetic, careless, etc, are more likely to be the cause of loss. Either way, the cybersecurity industry realizes this and develops tactics such as awareness, MFA, DLP, etc. to mitigate the problem. Despite all of these tactics, 90%+ of all losses result from attacks targeting users. What this talk proposes is a comprehensive strategy to address the insider threat, whether it results from malicious or well meaning insiders.
I refer to the comprehensive strategy as Human Security Engineering (HSE) and it involves creating a model that looks similar to the MITRE ATT&CK framework. The strategy involves identifying how a user loss is enabled, how it is initiated, and how loss is ideally mitigated before it can be realized. Applying HSE, security professionals can look at the entire sequence of a potential loss and determine what and where are the most cost effective countermeasures to implement. Applying individual tactics has proved to be ineffective in stopping the problem on a large scale. At least one company has begun to implement HSE and has drastically cut phishing losses.
Questions & Discussion Points
- What about those that tout the “human firewall”
- Are users really our best last line of defense?
- What is a practical way for implementing what you have described here?
Speaker:
-
Email Security Reinvented - Securing Cloud Email and Collaboration 1:50 pm
Presented by Check Point Software Technologies
Harmony Email and Collaboration’s AI continues to reinvent successful email security and remains the best in the industry. Its products cover cloud email and collaboration suites from cyber attacks that evade default and advanced security tools. Its invisible, multi-layer security enables full-suite protection for cloud collaboration solutions such as O365, Gmail, OneDrive, G-Suite, Teams, Slack, and many others. The platform deploys in 5 minutes via API to preventatively block phishing, spam, malware, data leakage, account takeover, BEC, and shadow IT across the organization.
Speaker:
-
The Growing Problem of Leaked Credentials - Facing Up to Secrets Sprawl 2:10 pm
Secrets like API keys, certificates and credentials are sprawling through public spaces and in internal systems at an alarming rate. These secrets are the crown jewels of organizations providing access to critical infrastructure and systems. Secrets sprawl, as it is known, provides an opportunity for adversaries to break into our organization by using these unprotected secrets. In 2021 a research project from GitGuardian uncovered 6 million leaked secrets publicly on GitHub.com only. This presentation reviews that research and uses recent high profile breaches to show how adversaries find and exploit these secrets practically as well as how we can mitigate this risk.
Speaker:
-
Low Hanging Fruit: Improve Ad Hygiene For the Easy Win 2:50 pm
We read about successful cyber and ransomware attacks every day. Most organizations do not realize that these attacks all have ONE thing in common and that there are simple, rapid, and inexpensive/free actions they can take which will dramatically improve their defense. This presentation will discuss key challenges with improving AD security and offer real solutions.
Speaker:
-
Seize the Breach: Why Breaches Still Occur and How to Mitigate Them 3:10 pm
Breaches happen and 2021 was a record-breaking year for them. According to Identity Theft Resource Center (ITRC) research, there were 1,291 breaches publicly reported in 2021 as of Sept. 2021 compared to 1,108 breaches in 2020;that’s a 17% year-over-year increase. Meanwhile, millions are spent on security operations centers that aren’t stopping the breaches from happening. Join us for a presentation on:
- Why breaches are usually occurring
- How machine learning-driven analytics and automation technologies provide unmatched threat detection, investigation, and response (TDIR) capabilities so security teams can respond more quickly and accurately to seize the breach and mitigate damage
- A simple maturity model based on outcomes and use cases that can vastly improve Security Operations
Attendees will learn how machine learning-driven analytics and automation technologies provide unmatched threat detection, investigation, and response (TDIR) capabilities so security teams can respond more quickly and accurately to seize the breach and mitigate damage.
Speaker:
-
Disrupting the Means To Prevent the End 3:50 pm
Senior Solutions Engineer, Marcel Mograbi discusses how the threat landscape has evolved over the last year, including prevalent trends, threats, and adversary techniques.
Speakers:
-
Cyber Executive Panel 4:10 pm
Submit your bio for consideration to participate on our Cyber Executive Panel
to [email protected] or fill out our Call for Speakers form here.
Moderator:
Panel Participants:
- Day One Closing Session 4:55 pm
- Networking Reception and Happy Hour 5:00 pm
- DAY TWO
- Welcome / Introductions
-
Redefining the MSSP Relationship: Partner With A Co-Fiduciary 10:00 am
A Managed Security Service Provider (MSSP) has increasingly become the foundation of an organization’s security program; however, the traditional relationship may be based on simple alerts and reporting as opposed to providing security outcomes. While the concept of a fiduciary is understood in the finance industry, it has yet to gain traction in third-party relationships in the information security space. When organizations partner with an MSSP as a co-fiduciary, as opposed to ”yet-another-outsourced-service,” they can be empowered to strategically drive positive security outcomes. This session will revisit the traditional MSSP relationship, discuss various considerations, and provide thought-provoking questions to evaluate if your security program is built on a solid foundation.
Speaker:
-
Cyberattacks and Business: Bridging the Gap Through Zero Trust 10:20 am
As dependence on digital technologies continues to surge at a rapid rate, so does cybercrime. Cybercriminals are seizing every opportunity to exploit vulnerabilities against people and organizations through technology. They are more agile than ever;swiftly adapting new technologies, tailoring their attacks using novel methods and cooperating closely with each other. Zero Trust is a framework for securing infrastructure and data for today’s modern digital transformation. It uniquely addresses the modern challenges of today’s business, including securing remote workers, hybrid cloud environments, and ransomware threats. In this webinar you will learn a few tips and tricks to safeguard your environment.
Speaker:
-
2022 Trends & Directions 10:40 am
If 2022 has taught us anything so far, it’s that cybercriminals are still coming up with new ways to cash in. But with nearly half the year behind us, what can we anticipate for the rest of the year? Following a Shields Up warning from the Cybersecurity and Infrastructure Security Agency (CISA) in February, organizations and individuals have been encouraged to be more vigilant than ever.
Get insights on the latest in security from experts who live on the leading edge of cybersecurity technology. You’ll hear from industry luminaries on some of the newest tactics for defending against unprecedented attacks. Get a better sense of how your organization can spend the rest of 2022 with a security strategy that will set you up for success during this insightful discussion.
Panel Participants:
-
Stopping Attacks, Not Your Business: AI & Autonomous Response 11:35 am
Fast-moving cyberattacks can strike at any time, and security teams are often unable to react quickly enough. Join to learn how Autonomous Response takes targeted action to stop in-progress attacks without disrupting your business. The discussion includes real-world threat finds.
Explore today’s threats and challenges and learn how advances in AI have been leveraged to allow for very surgical actions to be taken autonomously –– where humans can no longer react fast enough.
Speaker:
-
Ransomware Prevention (or the Closest You Can Come to It): Pre-Attack Practices 11:55 am
So much has been said about ransomware – advice on prevention/preparation comes from government agencies, solution providers and industry pundits. Ransomware-as-a-service changes the way many cyber leaders think about this topic, and changes some of the economics related to it. Sensitive data is put at risk, huge sums of money are in the balance, and organizations must struggle between expediency and the bottom line.
This discussion will focus on PRE-ATTACK scenarios… while everyone needs to take a “not if, but when” approach – there are tools, policies, and best practices that can be done in preparation and have led to prevention of nasty attacks.
Panel Participants:
- Lunch Break
-
Protest-ware and The Risks to Open Source 1:00 pm
The recent events in Ukraine drew a lot of attention to the risks of using open-source software and the beginning of a new trend called Protest ware. With over 80% of the applications of the world using open-source software, the associated risk can be benign or pose a seriously higher risk. We will discuss how hackers use SBOMs (software bill of materials) against us with the intended outcome of impacting the software supply chain.
Speaker:
-
Protect Your Organization’s Most Sensitive Data: Using Modern Security Practices for Databases 2:00 pm
For most organizations, data repositories hold our most sensitive information. When the Internet first became accessible to businesses, security threats and our attack surface increased dramatically, but teams learned to protect sensitive business assets with network segregation, firewalls, and VPNs.
These days companies are mostly cloud native and older companies are moving to the cloud at a rapid rate. With this shift to the cloud, traditional roles like IT are often being deprioritized in favor of DevOps and SRE teams taking on a broader scope, including traditional networking and DBA duties. Once again the threat landscape and attack surface are changing and a new approach using modern security patterns is required for databases.
In this session we’ll address how organizations can safely democratize access to your data repositories, while implementing modern security controls such as single sign on and multifactor authentication. We’ll also discuss ensuring sufficient artifacts are being collected to help deal with, inevitable, unauthorized data access and usage issues in the future.
Key Takeaways:
– Strategies your teams can use to reduce risk to your organization’s most sensitive data
– How to gain consistent security across all data repositories, including on-prem and in the cloudPanel Participants:
-
Leveraging a Single Identity Tool as a Foundation for a Unified Identity Security Framework 2:20 pm
Identity sprawl is on the rise. Humans, devices, bots, and other forms of identities have more than doubled in 85% of organizations surveyed. Most of these identities have elevated access and are a target breach point for one of the most common forms of attack today, ransomware. Stand-alone Identity tools are unable to address this current threat surface, and must be integrated with other identity security tools to attain 360-visibility across all identities and address this growing problem in a holistic manner. Learn how to leverage any identity tool as a foundational component of a complete, identity-based ecosystem to ultimately improve your overall cybersecurity posture.
Speaker:
- Inter-Agency Collaboration Panel 2:40 pm
- Conference Closing Session 3:25 pm
-
Partners
Gold Partners
Silver Partners
Bronze Partners
Exhibiting Partners
Affiliate Partners