The Monday Technical Sessions are offered at no charge and are open to all cyber professionals and those considering a career in cyber. This grouping also includes the Cyber Women Series. Sign-on early to network at 8:45 AM, and then spend the day exploring the variety of topics ranging from How to Streamline Security Operations to Panic Patching to Nation State Hacking. The Monday tech sessions offer a wide breath of learning opportunities thanks to the support of our sponsors and speakers. At the end of the day, beginning at 3:30 PM, please enter the EXPO Reception to connect with our Solution Strategy partners. Enjoy your day.
9:30 AM SESSIONS
Enhancing SecOp Practices with MITRE
Chris Boehm, Technology Strategist, SentinelOne
MITRE Engenuity ATT&CK Evaluations emulations are constructed to mimic an adversary’s known TTPs and are conducted in a controlled lab environment to determine each participating vendor’s product efficacy. After this informative session, you will understand how to continuously tune your security strategy and leverage the connection between TTPs, adversary emulation plans, and real-world adversary groups.
Your CEO NEEDS to KNOW! Uber Breach and More! Cyber Tech translated to Business Strategy
Dan Wolfford, CISO, Blue Team Alpha
John Mess, VP of Business Development, Blue Team Alpha
Your CEO and leaders in your organization should probably be on the Cybersecurity train by now! With numerous attacks exfiltrating data and dollars, it has sure to hit all departments in all organizations by now. Whether it came from a super sophisticated spear phishing or whaling attack, or a simple text or phone call, it can all yield the same result.
We will look at some of the most recent well-known attacks, speak to the technical aspects, then translate that into how it will affect your business moving forward. Implementing a Cybersecurity program or plan is not a single software program, a single pen test, or just having a Cyber Liability policy to CYA… it is a multilayered approach that will require cooperation and sponsorship from your entire organization. What will you do next with your program?
How to Streamline Security Operations with Automation
Jay Spann, Security Automation Evangelist, Swimlane
The job of a security operations professional has never been more daunting. As organizational attack surfaces expand, the tools and environments required to protect them are becoming increasingly complex. Fortunately, there are tactics and technologies like low-code security automation that can help security-forward firms streamline and level up their SecOps processes. During this seminar we will show how you can: – Integrate and automate virtually any security tool in your security stack – Reduce manual effort drastically with easy-to-create workflows and playbooks – Create a system of record for your entire security organization – Improve key metrics like MTTD and MTTR without any additional hiring Join Swimlane experts as we explore how you can use low-code security automation to streamline and bolster your security operations.
10:30 AM SESSIONS
Navigating Enterprise Security in a Post-Compromise Reality
Kanen Clement, Director, Specialist Sales Engineering, ExtraHop
Every organization gets compromised – it’s how fast you detect and respond to an incident that counts. This is especially important when you look at trends like the overnight move to remote work, the rise in encrypted traffic and acceleration of cloud adoption, as well as the proliferation of enterprise IoT that have expanded the attack surface and complicated the job of security professionals. We’ll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or an incident from becoming a full-scale data breach.
Critical Success Factor #1: Injecting Security into your organization’s DNA and Culture
Drew Koenig, Principal Security Architect, Federal Reserve of Minneapolis
The future of application security is here and it is called DevSecOps. Security can no longer be a “thing” you do at the end of a project and only if you have time. Security cannot be optional but integrated organically throughout the lifecycle from the start. Shifting security left is more than a process, it’s a shift in culture, mindset, development practices and project management. This discussion will cover the foundational practices to help you get started in the new security journey.
The Role of Modern Asset Management in Cybersecurity
Lenny Zeltser, CISO, Axonius
The line between IT and Security is blurring. What was once a simple delineation between keeping information safe and providing the tools necessary to get work done is no longer clear. A foundational understanding of what devices, user accounts, and cloud services exist in organizations have jumped to the top of CISO’s lists.
In this new enterprise, what role does asset management (once a pure IT play) play in cybersecurity? How can both the IT and Security teams benefit from a modern, cybersecurity-focused approach to asset management?
Join this session with Lenny Zeltser, CISO of Axonius to learn:
• How you can draw upon existing data sources to gather visibility into the state of your IT assets across data silos
• Which metrics you can gather based on your asset inventory to support IT and security initiatives
• Ways in which stakeholders throughout your organization can benefit from a modern approach to asset management
12:30 PM SESSIONS
Panic Patching: Managing the Volume & Velocity of Alerts
Matt Ambroziak, Director of Security Solutions, Virsec Systems
Christian Trujillo, Senior Solutions Architect – Partner Ecosystem, Red Hat
Unpatched vulnerabilities are the most prominent attack vectors exploited by ransomware groups. Every time a new security patch is issued by a vendor, IT and Security teams must rush to deploy the patch across several server workloads. As the volume and velocity of patches increases, competing priorities place the IT Operations, SOC, and triage teams in constant high-pressure situations. This rushed, unplanned manual patching is disruptive to the business, error-prone, and overrides the planned release cycles. It also does not allow for proper patch testing and validation.
Join this session to learn how to build and implement a proactive vs. reactive patching strategy with the right technology, collaboration, and automation to solve this problem. You’ll leave this session with a solution that will drive operational efficiency and improve morale and employee retention by allowing your experts to focus on more strategic security issues and improve your overall security posture.
The Data-First Approach; Managing the Tension Between Security and Productivity
Stephen Frethem, Senior Director of Sales Enablement, Varonis
Join me for a presentation covering risks and threats we’re seeing across the industry, what security would look like if it started with data, and how to reduce your ransomware blast radius or the damage a compromised user can do.
Stay SaaSy my friends; Zero Trust in a Modern World
Brandon Potter, Chief Technology Officer, ProCircular
Zero Trust isn’t a new concept. It’s a universally recognized practice that has evolved over time to address challenges of the remote workforce and adoption of the “cloud” and modernized technology stacks.
Still, the gap in most implementations is that organizations rely heavily on Multi-Factor Authentication (MFA) to authenticate users and devices, inherently trusting all further activity. Today’s threat actors combine older tactics and newer techniques to bypass these perimeter-focused zero trust implementations, wreak havoc as a trusted entity, and exfiltrate data undetected.
Join Brandon Potter, ProCircular’s CTO, as he takes you on a journey through the past and present and finally into a future that embraces a “never trust, always verify” mentality for business-critical data and systems.
Analyze two real-world examples of common bypasses used in the wild, and fortify your zero-trust approach to meet the challenges of modernized, cloud-focused, and SaaS-based technology stacks.
1:30 PM SESSIONS
Disrupting Nation State Hackers
Jake Iverson, Supervisory Special Agent, Cyber Program Coordinator, FBI
The FBI’s cyber strategy is to impose risk and consequences on cyber adversaries and change the behavior of nation states who believe they can compromise U.S. networks, steal financial and intellectual property, and put critical infrastructure at risk without facing risk themselves. Join us for a discussion about the unique challenges of investigating and disrupting nation state hackers.
ITDR (Identity Threat Detection and Response): Making Sense of the Buzz
Brian Freedman, Global Solutions Engineering Manager, QOMPLEX
This session provides an overview of the current security problems in the identity landscape and how industry analysts refer to the new ITDR category. Explore how existing security tools such as PAM, MFA, IDP, etc. fit in the mix. Learn what you can do today and what to look for as a security practitioner to improve your organization’s security posture as the threat of identity related attacks continues to rapidly expand year over year.
Breaking into Cyber: A Tale of Two Careers
Jessa Gegax, Information Security Testing Analyst, SurescriptsWill McCloskey, Threat Management Manager, Surescripts
Success in the cybersecurity realm is a journey, not a destination. The decisions security professionals make often tells a unique story that carves their career outcomes. Please join Jessa and Will as they talk about how they navigated the first years of their infosec path from distinguishing perspectives. Discover how frequently the choices we make can lead to unexpected opportunities that greatly influence one’s professional life.
2:30 PM SESSIONS
Armchair Cyberwarriors: The First 100 Days of Cybercriminal and Hacktivist Activities Related to the Russian War in Ukraine
Alexander Leslie, Associate Threat Intelligence Analyst, Recorded Future
Beginning on February 24, 2022, Recorded Future observed the rise—and, in some cases, downfall—of over 250 cybercriminal and hacktivist groups that became indirectly involved in the Russian war in Ukraine. This talk will cover the Conti and Trickbot leaks, the formation of the IT Army of Ukraine and Killnet, the operations of Anonymous and its allies, such as Distributed Denial of Secrets, AgainstTheWest, Network Battalion 65, GhostSec, and much more. Following the daily monitoring of approximately 100 active cybercriminal groups—with varying ideologies, motivations, nation-state allegiances, and hacktivist alliances—700,000 references in the Recorded Future Platform®, and regular threat actor engagements on dark web and special-access sources, this talk will document, summarize, and analyze the “armchair cyberwar” that took place over the first 100 days of the Russian war in Ukraine.
Not Your Average Bug Bounty: How an Email, a Shirt, and a Sticker Compromised a High Security Datacenter
Dalin McClellan, Senior Security Consultant, NetSPI
Earlier this year, the NetSPI social engineering team was tasked with attempting to gain physical access to a high security datacenter. With some small props to help them pose as a Pest Control company and significant background research, the team was successful.
But this assessment wasn’t just about gaining unauthorized access. Hear Dalin McClellan share the story and the they lessons learned, including:
– The most sophisticated controls can quickly become irrelevant when they meet the real-world complexities of human interactions
– Humans are not the greatest vulnerability. Its vital to evaluate your security at the systemic level
– And more
Building Your Personal Brand: Navigating A Career in Cybersecurity with Three Unique Approaches
Zinet Kemal, Associate Cloud Security Engineer, Best BuyLee Ann Villella, Security Consultant, ProofpointWendy Meadley, CEO, Next Phase Studio
With social media, podcast, blogs and other content creation, people who are looking to advance their career, find a job, network, or become a thought leader and present at conferences should be thinking about, and refining your personal brand.
How do you break into cybersecurity if you don’t have a background? Many successful security practitioners and leaders come from different backgrounds and made a pivot into cyber.
This presentation will include three unique approaches on how to successfully network, build your brand, and how to stand out from the crowd.
Join this session to learn:
Networking Reception with Vendors — Join us for networking and meeting with our Vendors!
Thank you to our Program Chair:
Tom Sheffield, Target