
Conference
Seattle 2022
Cybersecurity Conference
Join the Seattle Cybersecurity Conference to connect with your fellow cybersecurity professionals and industry experts for live, in-person sessions. Topics will range from cloud security to protecting your organization from advanced threat actors. You’ll hear from industry experts and luminaries, as well as representatives from some of the world’s top cybersecurity solutions providers.
Attendees will hear from insightful keynotes on vital security topics and learn the skills needed to stay ahead of cyber threats, all while networking with peers at the Seattle Cybersecurity Conference!
Book your room at the Fairmont Olympic Hotel here!
Room Rate: $249 (plus tax and fees)
Available: May 17-19
Book by May 10!
Date
Wed. May 18 — Thu. May 19
-
Featured Speakers
Ronald Watters
CISA Briefing: Shields Up Initiative
John FelkerCybersecurity Leadership Lessons, from Hawaii to Afghanistan
Bob KiersteadU.S. Secret Service’s Seattle Electronic Crimes Task Force: Establishment, Development, and Operational Successes
John FelkerCyber Executive Panel
Bryan HurdCyber Executive Panel
James TopelCyber Executive Panel
Ronald WattersCyber Executive Panel
Mark SangsterCyber Executive Panel
Mark SangsterWar Games Aren’t Just for Warriors Anymore
Jamie PortellPseudonymity: Catching Cyber-Criminals via Crypto-Tracing
John FelkerCyber Inter-Agency Cooperation Panel
Ronald WattersCyber Inter-Agency Cooperation Panel
Jamie PortellCyber Inter-Agency Cooperation Panel
Bob KiersteadCyber Inter-Agency Cooperation Panel
Chris HansenCyber Inter-Agency Cooperation Panel
Event Schedule
Times for this Event are in Pacific Time (PDT/PST).
The Conference will be open from 11:00 AM May 18th to 5PM and 8:30 AM May19th to 3PM.
- DAY ONE
- Welcome / Introductions
-
The Reason Why Ransomware is Really HEATing Up 12:00 pm
When entire workforces went remote in 2020 because of the global pandemic, organizations pivoted quickly to new business models by migrating apps and services to the cloud to enable the anywhere, everywhere workforce. That’s resulted in business users spending an average of 75% of their workday working in a browser. These same digital enhancements, however, also ushered in widespread transformation that expanded attack surfaces and created new opportunities for cyber miscreants, giving rise to Highly Evasive Adaptive Threats (HEAT), which are used as beachheads for initiating ransomware, data theft, and account takeovers.
Speaker:
-
Making Music From Cloud Security Noise 12:20 pm
The volume and types of security noise being generated across a cloud ecosystem can be deafening, bordering on unmanageable. In this session, Doug will discuss how context-aware security intelligence can enable practitioners to make music from the noise by prioritizing the top attack paths that matter most.
Speaker:
-
Fast and Furious Attacks: Using AI to Surgically Respond 1:05 pm
Fast-moving cyber-attacks can strike at any time, and security teams are often unable to react quickly enough. Join Konner Anderson to learn how Autonomous Response takes targeted action to stop in-progress attacks, without disrupting your business. Includes real-world threat finds, case studies and attack scenarios.
Speaker:
-
Embracing Top 5 CIS Security Controls to Maintain Resilience 1:25 pm
The present-day workforce poses multiple challenges, from implementing hybrid work to deploying layered security. IT leaders are witnessing an exponential rise in cyber attacks among other hurdles such as enforcing Zero Trust and facing back-to-the-office struggles. In this session, we will learn the current threat landscape, prophecies for 2022 and beyond, and strategize the Top 5 CIS controls towards cyber resilience.
Speaker:
-
Cloud Clarity in 2022: Strategy, Execution & Alignment 1:45 pm
Securely optimizing the cloud for better business outcomes is the product of clear communication of terms and expectations, alignment with business processes and functions, and partnerships among multiple internal and external stakeholders. “Activity” does not equal “progress.” In this panel, experts will discuss creating definitional clarity, building adaptability, and creating cross-functional, business-wide alignment.
Requirements for the security OF the cloud, and the security IN the cloud have accelerated, particularly in the past 18 months.
Panel Participants:
- CISA Briefing: Shields Up Initiative 2:40 pm
-
Cybersecurity Leadership Lessons, from Hawaii to Afghanistan 2:50 pm
If it’s not Illegal, immoral, or unethical – it’s on the table. John Felker led some of our nation’s largest and most important groups within consequential missions related to security, defense and protection. Pulling from his experiences at CISA, NCCIC, the US Coast Guard Cyber Command, and more, he will share with the Conference audience his most prescient takeaways from a lifetime of service, with a specific focus on cybersecurity.
Today, cybersecurity leaders are uniquely positioned to lead their peers and the organizations they serve as we are among the most sought-after, read-in, and connected executives in our respective firms. Patching together a depth of technical knowledge, Mr. Felker will focus on further developing information gathering practices, leadership style, and effective decision making in team-based environments that will embody your character as a leader and at the same time encourage the loyalty and compliance of staff at all levels.
Look for best practices on delegation, setting metrics, training, accountability, and building effective teams in this unique presentation from a monumental executive leader.
Speaker:
-
U.S. Secret Service’s Seattle Electronic Crimes Task Force: Establishment, Development, and Operational Successes 3:40 pm
Cybercrime presents an ever-evolving threat on a global scale. In 2021, the United States was the leading nation for the cost of data breaches, which include stolen PII, financial assets, and other types of data, at a cost of nearly $7 billion. Despite challenges posed by persistent and sophisticated transnational threat actors, U.S. law enforcement and their counterparts abroad have been successful in apprehending many to face justice. The U.S. Secret Service’s Electronic Crimes Task Force (SECTF), established in 2007, has worked a multitude of large-scale investigations, and had proven to be adept at locating, arresting, extraditing and prosecuting perpetrators of cybercrimes. This discussion will include some historical background on the SECTF and will highlight two prominent cases involving transnational threat actors: Roman Seleznev of Russia and Muhammad Fahd of Pakistan and Genada.
Speaker:
-
Cyber Executive Panel 4:10 pm
Submit your bio for consideration to participate on our Cyber Executive Panel
to [email protected] or fill out our Call for Speakers form here.
Moderator:
Panel Participants:
- Day One Closing Session 4:55 pm
- Networking Reception and Happy Hour 5:00 pm
- DAY TWO
- Welcome / Introductions
-
Common Attacks & How to Respond to Them 10:00 am
Everyone’s worried about the next cyber-attack, the next zero day, or the next novel exploit they’ll have to frantically patch or mitigate through some kind of work around – and then hope for the best. But patches and mitigations take time, and when exploits are out there in the wild – how can you feel less vulnerable to unknown beasts roving the internet?
The truth is that most attacks have similar operational models, similar tactics, techniques, and procedures (TTPs), and use polymorphic wrappers in order to evade the common security protection tools. Although the indicators of compromise (IoCs) are new and novel, the TTPs are often the same. Whether it’s exploiting an old known vulnerability like NTLM authentication or a new one like Log4J, there are still methods of catching and caging fantastic attackers. Machine Learning looks at patterns – especially behavior of credentials and assets – to see what is abnormal, and recognize it as an attack.
Join Jeannie Warner, CISSP from Exabeam to learn more about:
- The difference between chasing IoCs and leveraging TTPs
- Why credential theft and subsequent usage is key to detect virtual pickpockets
- Automated threat analytics – how it helps outsmart the fantastic and turn it into commonplace
Speaker:
-
Delivering Zero Trust at Scale (Twice): Lessons Learned 10:20 am
As we settle into life with COVID, the topic of zero trust security and a remote workforce is top of mind for all enterprise security teams. During this session you’ll hear from security practitioners who were responsible for the zero trust strategy and implementation at two Fortune 500 global enterprises – Adobe & Cisco. They will share their experiences and tips for rolling out zero trust methodologies at scale.
The audience will gain understanding in:
- How to get started: Selling the strategy, people, process and technology
- How to make real progress in months, not years. Demonstrating continued business value
- Real world examples. Highlighting improvements to user experience and security posture.
- Tips and tricks, lessons learned and what to avoid
Speakers:
-
Put Your Business Ahead of Disruption: MDR In Action 11:05 am
As new threats are constantly born, how proactive is your company about cybersecurity? Put your business ahead of disruption and build a more responsive cybersecurity operation to protect your business from cybercrime. Mike Longenecker, Senior Solutions Architect at eSentire will share how eSentire’s Managed Detection and Response solution stops threats before they become a business disrupting event. He will cover real, recent attacks and how we stopped them in their tracks.
Speaker:
-
2022 Threat Review: Cyberprotection Starts With Understanding the Latest Attacks, Cybercrimes, and Privacy Breaches 11:25 am
The Malwarebytes 2022 Threat Review is an annual report highlighting internal threat research findings and trends. The report highlights top threats across operating systems, how privacy has shifted, and the ways cybercriminals and crimes are evolving, with the goal of giving readers the tools to make informed cyber protection decisions.
Speaker:
- Lunch Break
-
Demo Session: Dynamic Scanning - No Longer an Option 12:00 pm
Informative talk on the importance of dynamic scanning at speed. The excuse that we don’t scan because it takes too long is no longer an option. Phishing attempts are up three times since last year. Ransomware costs are at an all time high and will continue to grow. Hackers only need to be right once.
Speaker:
-
Demo Session - Addressing the Blind-Side in 3rd Party Risk - the Client-Side 12:10 pm
The client-side is an area of 3rd party risk management that is often neglected. It is an area that deserves attention – both for its potential to cause material losses in the form of response costs and fines and judgments, and for the ease in which it can be mitigated. It is a risk introduced by the 3rd party vendors you rely upon (and the nth parties they work with) to power and enhance your website. The threat of JavaScript based attacks – click-jacking, digital skimming, formjacking, defacement, “Magecart” – exists for any organization collecting sensitive data or conducting transactions through their web properties.
This is an area of exposure introduced through first party code, and by digital supply chain partners, that can only be addressed at the client-side. It remains widely unaddressed, as a focus in website security to this point has been on securing the server-side.
Join us for an exploration of the threat of these attacks, real-world examples of the material impact they have caused, and dialogue on the approaches to mitigating this risk with pros and cons of each.
-
War Games Aren’t Just for Warriors Anymore 12:20 pm
Recently NATO’s Cooperative Cyber Defense Center of Excellence hosted cyber war exercises that come weeks into the Russian invasion of Ukraine that has demonstrated the strategic advantages of waging a hybrid cyber-kinetic warfare. In this hybrid era, civilian targets across all industries are in the crosshairs. Join Adlumin Chief of Strategy and cybersecurity author, Mark Sangster, as he explores why companies need to run cyber war games to prepare their business for an inevitable attack. As Winston Churchill famously said, “Never let a good crisis go to waste.”
Speaker:
-
Leading Across the Aisle: Achieving DevSecOps Through and Across Teams 1:15 pm
As technology advances to achieve new levels of efficiency, Security and Engineering leaders alike are taking a fresh look at the processes they have in place. “Shifting security left” means making fixes earlier in application development where less time is required from developers and software becomes more secure before it even goes out the door. But for decades, AppSec has evolved around slow and siloed tools. As automation takes over and AppSec becomes an integrated part of DevOps, a new culture of collaboration and enablement between Security and Engineering is necessary for success.
Speaker:
-
Solving the Human Element of SaaS Data Security 1:35 pm
It is human nature to improve the way in which we all work together to achieve a common goal. Many Software as a Service (SaaS) applications (i.e. Google Drive, Slack, Box, etc.) that modern organizations are utilizing strive to achieve the same result. In order to drive business enablement, these business-critical applications are leveraged by many different identities such as employees, contractors, third-party vendors, and more. Unfortunately, it’s also human nature to make mistakes. Join this session to learn how to reduce the overall risk profile of your SaaS estate through the right people, process and technology.
Speaker:
-
Recover from Ransomware: Coming Back After an Attack 1:55 pm
A recent survey claimed that ransomware attacks hit 80% of the organizations studied in 2021; more than 60% of those who were hit by the attacks paid the ransom. Whether you chose to pay the ransomware or not, the entire network may be contaminated. Attackers often put in “back door” access which is hard to discover, and many organizations are repeatedly attacked.
In the POST-ATTACK scenario, rebuilding images, devices, re-formatting storage, software upgrades, patches, and even new equipment are all part of this process. In this panel, our experts will talk about what to do first – and what to avoid, and where the traps may lie.
Panel Participants:
-
Rethink Your Third-Party Risk Strategy in an Uncertain World 2:45 pm
As organizations begin to recover from the pandemic, third-party risk management (TPRM) is more important than ever before. Faced with supply chain disruption and cyber threats, businesses are re-assessing their dependence on partners and taking a closer look at the risk they introduce. According to a recent study by KPMG, third-party risk management is a strategic priority for 85 percent of businesses.
How you identify and manage the risks of working with third parties is critical because your compliance, revenue, and company reputation are dependent on all parties fulfilling their contractual, security and privacy obligations. Yet, managing the risk associated with your partners is increasingly challenging.
Join Reciprocity experts as we share and discuss with you:
· Market Dynamics driving the risk vs. opportunity balance
· 5 key considerations to better identify, manage and mitigate third party risk
· Real world examples of improving TPRM visibility and efficiencySpeaker:
-
Defining a Secure Cloud Network 3:05 pm
With the increased threat landscape of cloud deployments, customers are often unaware of compromised hosts which may be participating in data exfiltration and bot net operations left unchecked by traditional security constructs. At Aviatrix, we believe that network security belongs in the network, and that the most secure network is the one that you own.
This discussion will showcase how to obtain multi-cloud native network security that can enable every network node to provide traffic inspection and enforcement. We will cover:
– An overview of Aviatrix ThreatIQ with ThreatGuard and how it complements existing security solutions
– Real-world customer examples on how Aviatrix is preventing data exfiltration and malicious activityPanel Participants:
-
Pseudonymity: Catching Cyber-Criminals via Crypto-Tracing 3:30 pm
While most cyber-crime investigations are along the lines of “follow the money to the servers, then from the servers to the cybercriminals,” pseudonymous crypto-currency makes this a tricky business. Jamie Portell, Special Agent, USPS, OIG, CCU will share details of the take-down of “Wall Street Market.” This Dark Web marketplace was one of the biggest networks for contraband sales of various goods.
This exclusive keynote will answer the question “Are Criminals Anonymous?” While their transactions through crypto-wallets may seem to protect them, savvy investigators who use some of the same tactics your SOC can leverage to counter cybercrime have a lot to share that can benefit cybersecurity leaders across the private sector.
Special Agent Portell will also talk about some of the key Advanced Persistent Threats (APTs) important to organizations. He’ll bring that together with a discussion of best practices, and government and private sector collaboration that can help combat threat actors of all shapes and sizes.
Speaker:
-
Cyber Inter-Agency Cooperation Panel 4:00 pm
Moderator:
Panel Participants:
- Conference Closing Session 4:30 pm
-
Partners
Gold Partners
Silver Partners
Bronze Partners
Exhibiting Partners
Affiliate Partners