Boston Cybersecurity Conference

AI might be all the hype for consumers and “Business Transformation “experts” but we security professionals know that AI and ML is not just an arms race but perhaps the essential ingredient in your stack to stay ahead of the next attack. 

In this talk Tom Ertel, SEVP, Technical Sales & Strategic Accounts at Seceon, shares an anatomy of the MGM attack of September 2023. He will dig in and share the details of the attackers techniques and tactics. You’ll see how by combining social engineering, tools, 3rd party applications all failed what MGM thought was sophisticated recconnicnse. 

You will learn: 

AI vs. AI - How to determine real AI vs. a “veneer of AI” and LLMs vs. AI in the cybersecurity threat detection context. 

Why tools and time work against most teams. 

The most common failure point - people - how AI can break through biases and be a valuable indicator of behaviour.

SaaS based AI/ML solutions often use your users/company data to train themselves posing a serious privacy and data security challenge. Furthermore, AI/ML models trained on public data may get dumber with time. At the same time, your employees need and have access to a wide variety of your users’ data that improves their decision making but can pose massive data exposure challenges. 

A zero trust model enunciates that organizations should always be in complete control of their data. The session describes an approach to strengthen your organizational data security continuously. Your teams can train their AI/ML models on the context-rich data of your business, all within your premises with zero data exfiltration.

Attack surfaces for enterprises are constantly changing due to the integration of cloud-based infrastructure, interconnected devices, and third-party solutions. Every day, proactive cybercriminals are exploiting new vulnerabilities with skill. In this context, comprehensive Identity Security is crucial to managing risks. However, maintaining a strong Identity and Access Management (IAM) strategy can be a complex task given the multitude of tools involved. This session will address how a unified identity security strategy is key addressing the constantly evolving challenges of today and tomorrow’s cyber threats.

Information Security Enforcement (ISE) is a 4th generation Data Leak Prevention (DLP) 

solution that enables automated, comprehensive protection against malicious theft and 

inadvertent disclosure of confidential information. Whether deployed on-prem or in the 

cloud, ISE addresses critical gaps affecting typical DLP solutions and greatly simplifies 

implementation and management of data protection.

In cybersecurity, success is not solely defined by technical skills but also by the unwavering determination to overcome challenges. This talk, "Relentless Resolve: The 'Try Harder' Mindset," delves into the essence of OffSec's guiding principle—'Try Harder'—and its profound impact on both personal and professional growth in cybersecurity. 

We will explore how fostering a 'Try Harder' mindset empowers critical and creative thinking within your team enabling individuals to tackle complex problems with innovative solutions. This mindset transcends mere technical skills, cultivating a culture of perseverance and resilience. 

Attend this talk to learn: 

- How the 'Try Harder' mindset fosters critical and creative thinking within your team. 

- Strategies for leading your team through challenges and setbacks in cybersecurity. 

- Techniques to maintain team motivation and embrace continuous learning. 

- Ways to cultivate perseverance and resilience within your team's culture. 

- Real-world examples of turning obstacles into opportunities for team growth.

Key topics include an overview of the cyber risk landscape, identifying key metrics that insurers consider when evaluating coverage needs, and practical advice on enhancing cyber readiness. The session will also cover emerging trends in cyber insurance, such as the integration of AI and machine learning in risk assessment, and how these innovations are shaping the policies that protect businesses.

How to articulate cybersecurity program maturity, risk, and positive outcomes to executive leadership and BoDs.

What are the latest attacks, what has changed and where are things going?

Data breaches are skyrocketing. Ransomware is rampant. The threat landscape is more dangerous than ever. However, with the right strategies, you can build your organization's strongest defense against data disasters. In his presentation, Gary Sussman will address the escalating threat of ransomware. He will outline a comprehensive ransomware prevention strategy and delve into the enhanced 3-2-1-1 backup structure designed to bolster data resilience.

The convenience and efficiency of SaaS applications, cloud services, LLMs, and AI-driven platforms have become indispensable for everyday business operations. However, we’ve not taken the necessary steps to equip our teams for these complex challenges in safeguarding sensitive data, secrets, credentials, and code. Unauthorized sharing of files and information leakage has emerged as a prime threat, with potential repercussions ranging from financial losses to reputational damage. Teams need to be proactive in their approach to these new challenges so they can address them head on before suffering the consequences. Next generation technologies require next generation solutions that will arm organizations with the tools they need to prevent data leakage from their chat services, block sensitive data sharing on Slack and GDrive, and protect code or API keys from being shared on ChatGPT and LLMs. It’s a wake up call for practitioners and regulators because our sharing habits are making it too easy.

In the cybersecurity world, Red, Blue, and Purple teams have established their roles in fortifying defenses and improving organizational resiliency. However, the spotlight often bypasses a crucial player—the Yellow Teams—operating at the intersection of development, IT, and the cloud. 

Using the familiar color wheel analogy, this insightful discussion describes the yellow team’s pivotal role in fortifying software and infrastructure by seamlessly integrating Red and Blue techniques – improving tech resiliency. Key topics include: 

• Unveiling the essentials for tech-savvy professionals to integrate security 
• Crafting a vibrant palette: transforming Yellow Teams into dynamic orange and green forces 
• The collective advantage: reducing risk via confident, resilient teams

Book Signing by Keynote Speaker and Author Ed Adams: In See Yourself in Cyber: Security Careers Beyond Hacking, information security strategist and educator Ed Adams delivers a unique and insightful discussion of the many different ways the people in your organization—inhabiting a variety of roles not traditionally associated with cybersecurity—can contribute to improving its cybersecurity backbone. You’ll discover how developers, DevOps professionals, managers, and others can strengthen your cybersecurity. You’ll also find out how improving your firm’s diversity and inclusion can have dramatically positive effects on your team’s talent.