CHECK-IN AND OPENING INTRODUCTIONS8:00 am - 8:30 am
Data Connectors is proud to host the Cybersecurity Strategies Conference.
Session One8:30 am - 9:15 am
Password Reset (your way of thinking)
– How did we get here?
– Security guidelines for 2019 and beyond
– Hacking passwords
– Limited Trust
With 15 years’ experience as a security pen tester, consultant and team leader, Matt Repicky is the principal consultant at Security Management Partners. Matt’s past field-proven experience includes active penetration testing on hundreds of engagements against corporate, financial and healthcare networks as well as consulting on compliance and governance related to IT systems. Matt is particularly passionate about the weakest spot for most will walk through the most likely weak spot for your organizations: humans and their passwords.
Session Two9:15 am - 9:45 am
What is Robotic Decision Automation and Why Should I care?
Writing SIEM Rules and monitoring detection consoles is out. Not only do we not like it, it hasn’t proved to be particularly effective. The Respond Analyst is a new kind of analyst that increases capacity and improves the capability of any security team, regardless of size – without adding to the burden of an already overworked team. Powered by Robotic Decision Automation (RDA), the Respond Analyst is ideal for organizations that are collecting meaningful security data, but struggle with having the manpower and resources to properly analyze and triage security incidents.
Join us during this presentation to learn:
- Why traditional human-centric monitoring based on rules and queries has failed and leads to analyst fatigue.
- How the Respond Analyst uses RDA to eliminate concerns of ‘unattended alerts’ and missed clues by analyzing more security data – without filters or tuning.
- How the Respond Analyst integrates with your existing technologies and workflows to speed response, modernize, and automate security operations.
Thomas Ryan is a well known security expert currently working for Respond Software as a Solutions Architect. Prior to working for Respond Software, Mr. Ryan was a leader within the application security community for his work with OWASP, where he served on the NYC Chapter Board since its inception in 2003. His knowledge of application security led to his success at HP, HPE & Micro Focus building highly scalable automated application security programs using Fortify & WebInspect. His passions coming from a red team background help provide an adversarial point of view to the Respond Software team. An example of this was in 2010, where Mr. Ryan became widely recognized for the “Robin Sage Experiment.” Through this experiment, Mr. Ryan drew the attention of professionals around the world as they were awakened by the dangers of social media today. By creating a fictional persona online, Ryan’s experiment proved how seemingly harmless details via social networking sites could be destructive to both an individual’s protection and corporation’s security as well. Outside of work, Mr. Ryan’s passions include helping universities build their attack & defend training curriculum.
Break9:45 am - 10:15 am
Break / Vendor Booth Time
Session Three10:15 am - 10:45 am
Ransomware And How It Evades Your Defenses
Ransomware has long been a menace for organizations and consumers. Global damage cost estimates reach about 10 billion USD per year. After all these years, why does ransomware continue to be so good at being so bad?
In this talk we will review security industry’s history of largely ineffective responses to ransomware, including common ransomware detection methods with their pros and cons. You will see how ransomware developers use simple techniques to bypass each of those methods. This session will also highlight some of the latest attacks including Norsk Hydro and ransomware pretending to donate your Bitcoins to children charity.
After examining the bad, we will provide you with a no-nonsense defense strategy for hardening your defenses against ransomware.
Rene Kolga, CISSP, has over 15 years of cybersecurity experience in the areas of endpoint protection, insider threat, encryption and vulnerability management. He worked for both Fortune 500 companies and Silicon Valley startups, including Symantec, Citrix, Altiris, ThinAir and Nyotron. Rene earned his Computer Science degree from Tallinn University of Technology. He frequently speaks on security topics at industry conferences like Black Hat, BSides, InfoSecurity and (ISC)2 Security Congress.
Session Four10:45 am - 11:15 am
Digital Transformation Means Security Transformation
Many organizations are now in the throes of Digital Transformation, racing toward new security, architectural and operational models. They are adopting Zero Trust, aggressively increasing the maturity of their operational processes, and adopting automation tools like Security Orchestration and Automated Response (SOAR), all while moving workloads and applications into Cloud (IaaS and SaaS).
Learn about the risks that can accompany these changes; how to identify and avoid or prevent them; and how to adjust policies and standards to these new models.
George is a Senior Security Engineer at Nexum with over a decade’s experience with core network security-related systems including Application Delivery Controllers (ADCs); content caching and proxy; DNS, DHCP & IPAM (DDI); next generation firewalls; and time services. With a background in global financial institutions, George has been awarded two CIO Awards and invited twice to write manufacturer professional examinations as a subject matter expert. He has beta-tested new features and products valuable to enterprise clients. Fluent in a myriad of programming languages, George also possesses the ability to script middleware for integration of various manufacturer technologies via open APIs. In addition to working with clients, he is a manufacturer-certified instructor, bridging course materials and field experience for solutions for real-world enterprise concerns. George holds dual B.E. and M.E. degrees in Computer and Electrical Engineering from Stevens Institute of Technology.
Break11:15 am - 11:30 am
Lunch & Keynote Address11:30 am - 12:15 pm
How the DHS Can Help Protect Your Organization from Cybercrimes
Resilience is the ability to remain viable and sustainable during times of stress. Identification of organizational resilience are expressed in protection and sustainment requirements. The Department of Homeland Security will describe their cybersecurity resources used to support organizations in identifying, defining, and measuring resiliency capabilities.
Break12:15 pm - 12:45 pm
Break / Vendor Booth Time
Session Five12:45 pm - 1:15 pm
A Practical (low cost) Approach to Securing East-West Traffic & Critical Data
Despite best efforts organizations continue to struggle detecting and stopping attacks that lead to costly exposures of critical data.
Why is this? One reason is that organizations typically do not have a simple means to provide visibility to threat as they move East-West across their network. Leaving them blind to up to 80% of their threat surface.
Come learn how to leverage simple techniques to make your existing threat detection and investigation processes much more effective.
Learn also how to add layers of defense to protect your most critical assets.
With more than 25 years of network and cybersecurity experience, Jeff Hewson has had a successful career helping organizations bring security technology solutions to market. He has extensive experience on both the manufacturing and reseller side of the cybersecurity business, while also working in leadership positions in sales, channel management, operations, and marketing. Jeff has held key roles in successful startups, such as Empower Cybersecurity and Fidelis Cybersecurity, and has worked in leading networking companies including Bay Networks, Nortel Networks, and Juniper Networks. There are very few technology trends that he has not experienced, and he is now passionate about helping customers and prospects understand the benefits of a specific technology. As the Director of Channel Operations and Sales, Jeff is responsible for demonstrating how ARIA Cybersecurity Solutions are successfully overcoming challenges traditional security tools can’t, helping organizations protect their most important data and assets.
Session Six1:15 pm - 1:45 pm
The Human Deception Problem: Understanding and Defending Against Social Engineering Attacks
The most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.
Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by common criminals, to sophisticated social engineering and online scams. Additionally, he’ll look at how you can ethically use the very same levers when educating your users.
- The Perception vs. Reality Dilemma
- Understanding the OODA (Observe, Orient, Decide, Act) Loop
- How social engineers and scam artists achieve their goals by subverting critical thinking steps
- How you can defend your organization and create your human firewall
Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army’s 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in Information Security.
Break1:45 pm - 2:15 pm
Break / Vendor Booth Time
Session Seven2:15 pm - 2:45 pm
SSL Visibilty – If you can’t see the threat, you can’t protect against it.
With the ubiquity of encrypted traffic and increasingly secure protocols, our information and privacy is well protected while in transit. However, this leaves a dangerous blind spot for your security systems protecting your network from intrusion.
This session we will discuss the rationale for an SSL interception solution and how to overcome all of the challenges that could arise during implementation of an SSL visibility solution.
Session Eight2:45 pm - 3:15 pm
Your Last Line of Defense: A Guide to Disaster-proof Data Backup and Restore
While the importance of data backup is well established, the backup plans most companies use are decades old. The explosion of data in last 20 years has been matched by ever increasing storage capacity, a combination that creates one huge problem: how do you restore this ocean of data quickly when disaster strikes? In this session you’ll learn the techniques and technologies that will get your business back up and running quickly in an emergency while maintaining your long-term archives.
Morten Westerberg is the CEO and founder of Nordic Backup with branches in Denmark, Norway and the United States. Morten, who has dual Danish and US citizenship, began his professional career working with Managed IT Services and Business Continuity Planning in the late 90’s, which lead him to found Nordic Backup in Denmark in 2003, Norway in 2006, and the United States in 2009.
With over 20 years of experience in Business Continuity and data backup methods, Morten is an expert in cloud backup with a customer-centric focus on service and business recovery. His motto is, “Anyone can do a backup, but few know how to restore.”
Break3:15 pm - 3:30 pm
Break / Vendor Booth Time
8:30 am - 4:30 pm1335 Avenue of the AmericasNew York, NY 10019212-586-7000