Agenda

  • Wed 26th Sep 08:30 - 09:20
  • Hype or Reality? Your Workplace and Blockchain, Cryptocurrency, Artificial Intelligence, Machine Learning, & the Internet of Things Add to Schedule Theresa Payton  |   Fortalice Solutions  |   The Keynote

    The Keynote Theatre

    Wed 26th Sep 08:30 to 09:20

    Hype or Reality? Your Workplace and Blockchain, Cryptocurrency, Artificial Intelligence, Machine Learning, & the Internet of Things

    New technologies are in the news every day but is it all just hype or a true workplace reality? Are you leveraging Blockchain, Cryptocurrency, Artificial Intelligence, Machine Learning & the Internet of Things as part of your go to market strategy? You may wonder, are these data elements safe from hackers? Payton explains how to harness these newer technologies to achieve business goals while incorporating safeguards to fight cybercriminals and how the Blockchain could be your new security BFF and how Cryptocurrency, AI, and the Internet of Things have quickly become key drivers of global change.

    Speaker

    Photo Speaker Name Profile
    Theresa Payton Theresa Payton View Profile
  • Wed 26th Sep 09:30 - 10:00
  • Is the New Cybercriminal Mafia Winning? Recruitment, Retention and the Hire Add to Schedule Marcin Kleczynski  |   Malwarebytes  |   The Keynote

    The Keynote Theatre

    Wed 26th Sep 09:30 to 10:00

    Is the New Cybercriminal Mafia Winning? Recruitment, Retention and the Hire

    Without question, cybercriminals are the New Mafia of today’s world. The manner in which they operate is very similar to the traditional mafia of decades past. Today, there is an ongoing cybersecurity talent gap. And, cybercriminals are taking notice and capitalizing on white hat shortcomings. At the same time, it’s becoming increasingly hard to hire the right people with the acumen, training and know-how to protect today’s enterprises from security threats. Is the new cybercriminal mafia stealing all the good security talent? And, how?

    Speaker

    Photo Speaker Name Profile
    Marcin Kleczynski Marcin Kleczynski View Profile
  • SheLeadsTech: Strategies for Increasing Women's Representation in Technology Add to Schedule Alisha Wenc   |   ISACA  |   IoT Security

    IoT Security Theatre

    Wed 26th Sep 09:30 to 10:00

    SheLeadsTech: Strategies for Increasing Women's Representation in Technology

    Learn strategies to start your own women in tech program to increase the representation of women in technology leadership roles and the technology workforce.  Explore how to build global alliances to address workforce issues and gender parity. Discuss how engaging volunteers and liaisons to plan, build and grow inclusive diversity programs creates a grassroots network, and how to leverage events and subject matter expert content to promote women in the technology field and close workforce gaps.

    Speaker

    Photo Speaker Name Profile
    Alisha Wenc Alisha Wenc View Profile
  • The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks Add to Schedule Georgiana Wagemann  |   Darktrace   |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 26th Sep 09:30 to 10:00

    The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

    With machines fighting machines and increasingly sophisticated human attackers, we are now entering a new era of cyber-threats. The battle is no longer at the perimeter but inside of our organizations, and no security team can keep up with its speed. Cyber-attackers are quickly becoming silent and stealthy, and cyber defense has turned into an arms race.
     
    This new wave of cyber-threats has seen skilled attackers that may lie low for weeks or months. By the time they take definitive steps, their actions blend in with the everyday hum of network activity. These attacks call for a change in the way we protect our most critical assets.
     
    Self-learning and self-defending systems are now being deployed to continually assess business environments. Known as ‘immune system’ defense, this approach is used to uncover threats that have already penetrated the network border, and then automatically fight back. Unlike legacy approaches, which rely on rules or signatures, these technologies work autonomously, enable the security team to focus on high-value tasks, and can counter even fast-moving, automated attackers.

    Speaker

    Photo Speaker Name Profile
    Georgiana Wagemann Georgiana Wagemann View Profile
  • In Cyberwarfare, Speed Heals Add to Schedule Mark Contatore  |   Bomgar  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 26th Sep 09:30 to 10:00

    In Cyberwarfare, Speed Heals

    It’s been said that speed kills. But in cyber warfare, speed heals. That’s because with today’s advanced cyberattacks, you need to move faster than the attackers to minimize damage. You can’t stop every threat. Intruders will get in. But once they’re in, the right cybersecurity solution can stop them in their tracks. Think about what usually happens in a cyberattack. Someone breaks in, steals a credential, and sets up shop. What if that attacker came back just one day later and all your passwords were changed and he no longer had access? Attend this presentation to learn how it’s done.

    Speaker

    Photo Speaker Name Profile
    Mark Contatore Mark Contatore View Profile
  • How integrating Coverity Static Analysis IDE empowers developers and helps strengthen DevSecOps teams Add to Schedule Meera Rao  |   Synopsys Software Integrity Group  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 26th Sep 09:30 to 10:00

    How integrating Coverity Static Analysis IDE empowers developers and helps strengthen DevSecOps teams

    Software development teams use DevOps to accelerate software delivery. A common misconception is that security can slow this process—which is no longer the case. By integrating and automating security solutions early in the DevOps pipeline, teams can scan every build for security weaknesses and vulnerabilities without affecting velocity. This DevSecOps practice stands in sharp contrast to traditional software security methods where dynamic application security testing takes place later in the SDLC. Easily integrated within IDEs, Coverity provides accurate and comprehensive static analysis that finds critical security weaknesses in code with efficiency and agility. This presentation will illustrate just how that works to support DevSecOps.

    Speaker

    Photo Speaker Name Profile
    Meera Rao Meera Rao View Profile
  • How to Build Effective Defensive Strategies Against Privileged Attacks Add to Schedule Morey J. Haber  |   BeyondTrust  |   Cyber Hack

    Cyber Hack Theatre

    Wed 26th Sep 09:30 to 10:20

    How to Build Effective Defensive Strategies Against Privileged Attacks

    Cyber-attacks continue to increase in sophistication and are occurring in such volume that the daily newsfeed is littered with tales of new breaches and the cyber infonomics ramifications. Central to almost each of these stories is an element of privilege abuse and misuse that resulted in either the initial exploit, or that was implicated in allowing an initial foothold to metastasize into a security event inflicting widespread reputation and economic damage.

    Based on strategies developed by BeyondTrust and presented in the recently published book, “Privileged Attack Vectors,” security professionals will learn how privileges, passwords, and vulnerabilities are being leveraged as attack vectors, and how you can take measurable steps to defend against them.

    Speaker

    Photo Speaker Name Profile
    Morey J. Haber Morey J. Haber View Profile
  • Wed 26th Sep 10:10 - 10:40
  • Machine vs. Malware - Artificial Intelligence Workings Add to Schedule Aamir Lakhani  |   Fortinet  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 26th Sep 10:10 to 10:40

    Machine vs. Malware - Artificial Intelligence Workings

    It has never been easier for cybercriminals to build and deliver malicious software. With the ability to hire DarkWeb software engineers or simply purchase malware generating software, CISOs are challenged to keep up. Artificial Intelligence (AI) has emerged as a tool that will turn the tide and enable human resource-constrained security programs. This session will trace the history of AI and provide an insight into the workings of it. An example of a security-focused AI system will be examined and discussed in detail.

    Speaker

    Photo Speaker Name Profile
    Aamir Lakhani Aamir Lakhani View Profile
  • Cisco Cloud Security: Stepping Into the Cloud with Confidence Add to Schedule Adrienne McEwan  |   Cisco  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 26th Sep 10:10 to 10:40

    Cisco Cloud Security: Stepping Into the Cloud with Confidence

    Learn how Cisco’s Cloud Security Solutions can help secure your environment from the network to the cloud protecting everything from end-devices to content stored within sanctioned SaaS applications. Also, find out how attacks are staged and deployed during The Anatomy of An Attack and how Cisco’s Cloud Security Solutions can help you investigate and remediate attacks your environment may face.

    Speaker

    Photo Speaker Name Profile
    Adrienne McEwan Adrienne McEwan View Profile
  • Powering Adaptive Defense with Threat Intelligence Add to Schedule Bulent Teksoz  |   BAE Systems Applied Intelligence Inc   |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 26th Sep 10:10 to 10:40

    Powering Adaptive Defense with Threat Intelligence

    The digital immune system - Adaptive defense, self-adapting, AI, ML and automation are the buzzwords in every new security product. Should we be comfortable with the analogy of the immune system? Can we really put a product in, sit back and let it magically cope with changing scenarios? Explore how we cause immune system failure and think on how we can best support our immune system to thrive.

    Speaker

    Photo Speaker Name Profile
    Bulent Teksoz Bulent Teksoz View Profile
  • Wed 26th Sep 10:30 - 11:20
  • Preparing for the Unthinkable Add to Schedule David van Schravendijk  |   Cisco Meraki   |   Cyber Hack

    Cyber Hack Theatre

    Wed 26th Sep 10:30 to 11:20

    Preparing for the Unthinkable

    Past performance is no guarantee of future results. There are many trends in the cybersecurity landscape, that will be different tomorrow. Security professionals can effectively prepare themselves for unknown future events by delivering high-power Cisco security technologies via an all-inclusive, unique cloud-managed platform. This session will show you how new threats can be prevented dynamically without needing to configure or modify a network.

    Speaker

    Photo Speaker Name Profile
    David van Schravendijk David van Schravendijk View Profile
  • Wed 26th Sep 10:50 - 11:20
  • Doxxing, Dissidents, And Digital Extortion: Fortify Your Digital Risk Defenses Add to Schedule Nick Hayes  |   Forrester Research  |   The Keynote

    The Keynote Theatre

    Wed 26th Sep 10:50 to 11:20

    Doxxing, Dissidents, And Digital Extortion: Fortify Your Digital Risk Defenses

    In this session Nick will highlight tactics that cyberadversaries use to exploit and weaponize external digital channels in every phase of a cyberattack. For each tactic, he will offer proactive recommendations and defense strategies that security leaders can use to prepare, prevent, and protect against them.

    Speaker

    Photo Speaker Name Profile
    Nick Hayes Nick Hayes View Profile
  • Minimizing the detection to recovery time frame: Avoid the potential effects sophisticated threat actors can have on business operations Add to Schedule Joe Rogalski  |   eSentire   |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 26th Sep 10:50 to 11:20

    Minimizing the detection to recovery time frame: Avoid the potential effects sophisticated threat actors can have on business operations

    While recent trends have shown attackers are using simple tools and tactics for data breaches, sophisticated threat actors utilizing advanced techniques to avoid detection could potentially have the greatest impact on an organization’s bottom line in 2018. Commodity threats continue to make the case for investment in preventative technologies and stricter regulations around breach notifications all but mandates increased investment in advanced detection and response capabilities. Minimizing the detection to response timeframe is critical for an organization to not only detect threats, but contain and respond in a timeframe that minimizes the potential risk of affecting their clients and suffering the implications of compliance violations.

    Speaker

    Photo Speaker Name Profile
    Joe Rogalski Joe Rogalski View Profile
  • Thwarting a Cyberphysical Attack in the IoT Era Add to Schedule William Malik  |   Trend Micro   |   IoT Security

    IoT Security Theatre

    Wed 26th Sep 10:50 to 11:20

    Thwarting a Cyberphysical Attack in the IoT Era

    While businesses and consumers see opportunity and efficiency in the billions of devices now connected to the Internet of Things and Industrial Internet of Things, cyber criminals also see an opportunity in the vulnerabilities created with each connection. This session will outline three things you need to understand in order to prevent a cyberphysical attack in our digitally connected world. Walk away with best practices you can use to implement the right mix of policy, architecture, training and technology to keep your organization secure.

    Speaker

    Photo Speaker Name Profile
    William Malik William Malik View Profile
  • Yes, You Can Get Burned When Its Cloudy? Add to Schedule Kevin Malesky  |   Check Point Software  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 26th Sep 10:50 to 11:20

    Yes, You Can Get Burned When Its Cloudy?

    The dynamic shift by enterprises to the cloud redefines security posture—how do we secure hybrid environments and dynamic workloads?

    Speaker

    Speaker Name Profile
    Kevin Malesky View Profile
  • Security 2020: Change the Game Add to Schedule Gretchen Marx   |   IBM Security   |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 26th Sep 10:50 to 11:20

    Security 2020: Change the Game

    Gretchen will provide a view of what Security will look like in 2020 and beyond, addressing challenges like AI implementation, the current skills gap and hiring, and new threat vectors that organizations will face.

    Speaker

    Photo Speaker Name Profile
    Gretchen Marx Gretchen Marx View Profile
  • Wed 26th Sep 11:30 - 12:00
  • AI-Based Autonomous Response: Are Humans Ready?  Add to Schedule Andrew Tsonchev  |   Darktrace   |   The Keynote

    The Keynote Theatre

    Wed 26th Sep 11:30 to 12:00

    AI-Based Autonomous Response: Are Humans Ready? 

    Global ransomware attacks like WannaCry already move too quickly for humans to keep up, and even more advanced attacks are on the horizon. Cyber security is quickly becoming an arms race — machines fighting machines on the battleground of corporate networks. Algorithms against algorithms.

    Artificial intelligence-based cyber defense can not only detect threats as they emerge but also autonomously respond to attacks in real time. As the shortage of trained cyber analysts worsens, the future of security seems to be automatic. But are humans ready to accept the actions machines would take to neutralize threats? In this presentation, we will discuss our lessons learned and explore several use-cases in which autonomous response technology augmented human security teams.

    Speaker

    Photo Speaker Name Profile
    Andrew Tsonchev Andrew Tsonchev View Profile
  • Everything you always wanted to know about incident response (*but were afraid to ask and for a good reason) Add to Schedule Andy Singer  |   enSilo   |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 26th Sep 11:30 to 12:00

    Everything you always wanted to know about incident response (*but were afraid to ask and for a good reason)

    The threat landscape has changed yet again. What was several years ago an era of advanced attackers seeking valuable data, has transformed to be global disruptive data related plagues, backwinded by nation-states seeking to dictate agenda and terms. In respect to the evolving threat landscape, organizations came to realize that compromise is inevitable and have started to look for ways to respond quickly, automatically and in real-time in order to prevent the next data breach or disruption. The evolving incident response process holds in store a great challenge as the process effectiveness metric is fairly easy to measure. Do you actually know how effective is your current SOC/IR/MDR in detecting, validating, containing and remediating infections in the environment? Are you ready to win the race to your own data?

    Speaker

    Photo Speaker Name Profile
    Andy Singer Andy Singer View Profile
  • Third Party Software Vulnerability Assessment Add to Schedule Mark Hermeling   |   GrammaTech   |   IoT Security

    IoT Security Theatre

    Wed 26th Sep 11:30 to 12:00

    Third Party Software Vulnerability Assessment

    There are few tools to measure outstanding cyber security risk in third party software, which is a blind spot, especially for verticals such as IoT, automotive, or payment-based systems such as smartcards.
    In this presentation we will look at various types of automated assessments to measure outstanding risks for native binaries. We will look at three approaches: 1) automated detection of violation of policies such as PCI DDS, FISMA and ISO 27001; 2) software composition analysis to find N-day exploits; and lastly 3) manual analysis to find vulnerable paths through the application that leak data before authentication.

    Speaker

    Photo Speaker Name Profile
    Mark Hermeling Mark Hermeling View Profile
  • When cloud migrations become an annual event, what does it mean for IAM, PAM and audit? Add to Schedule David Dingwall  |   HelpSystems  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 26th Sep 11:30 to 12:00

    When cloud migrations become an annual event, what does it mean for IAM, PAM and audit?

    With the fast pace of development, companies are continually re-assessing which cloud infrastructures provide the most dynamic provisioning for their business units. Both enterprises and SMBs must constantly review how to balance cost and efficiency when choosing how to best manage their cloud.

    With public cloud price plans moving quickly, the technology for live migrations is also tantalizingly close to becoming frictionless. Keeping control of this shifting sand of technology stacks while keeping your business units under control poses new challenges for all who are involved in IAM, PAM, cloud provisioning, or audit.

    Speaker

    Photo Speaker Name Profile
    David Dingwall David Dingwall View Profile
  • Evergreen Development: Recent Tech Trends and Their Implications Add to Schedule Nathaniel Eliot  |   The Greenfield Guild  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 26th Sep 11:30 to 12:00

    Evergreen Development: Recent Tech Trends and Their Implications

    Recent innovations in open source software orchestration tools (e.g. Kubernetes, Terraform), and widespread adoption of the SRE model, have democratized a path for reliable online services. This session will explore what these changes are about, how to take advantage of them, and what this means for the shape of existing and new business in the coming years.
     
    It will discuss a development model called evergreen development, which relies on the capabilities these social and technical tools unlock. Evergreen uses simple, proven, and principled methods to reduce attack surfaces organization-wide. Standardized build pipelines, rapidly building immutable images that are automatically pinned to the latest stable version, can turn dependency drift from a hard-to-manage problem into an expected (and easily managed) exception. By defaulting builds to using the latest available version, security patches are more regularly deployed to production. Since the vast majority of exploits are known ones, this common sense approach can mitigate or prevent a wide variety of attacks.
     
    The session will also cover the non-security aspects of evergreen development, and how those might help pioneer this style of development at your organization.

    Speaker

    Photo Speaker Name Profile
    Nathaniel Eliot Nathaniel Eliot View Profile
  • Threats Don’t Kill Networks – People Do Add to Schedule David LePage  |   Forcepoint   |   Cyber Hack

    Cyber Hack Theatre

    Wed 26th Sep 11:30 to 12:10

    Threats Don’t Kill Networks – People Do

    Network security technology can often feel like it’s a hamster wheel, constantly turning just to keep up with the latest attacks. But, chasing after each threat, piling signatures into endpoint detection and response systems, and other archaic approaches just doesn’t cut it any more. And, with the growth of unmanaged devices like phones, tables, appliances and Internet of Things (IoT) gadgets, the network often is the only place where sensing and enforcement can be done consistently. Advances in behavioral monitoring, analytics and machine learning are converging, enabling security to go beyond the old black-and-white, threat-centric approach of separating activities into “good” and “bad.” Now, security is becoming context-based, addressing the fuzzy “gray” area where today’s greatest productivity and greatest risks are found.

    Speaker

    Photo Speaker Name Profile
    David LePage David LePage View Profile
  • Wed 26th Sep 01:00 - 01:30
  • Defense in depth: Achieving Detection and Response Everywhere Add to Schedule David Gold  |   ProtectWise   |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 26th Sep 01:00 to 01:30

    Defense in depth: Achieving Detection and Response Everywhere

    Past and current breaches have proven that a prevention-only strategy can’t ensure 100% protection. EDR has changed the game on the endpoint to provide complete visibility and forensics to find threats sooner, investigate their impact, and prevent them from happening again. Network Detection and Response (NDR) allows organizations to benefit from full packet forensics, threat detection and incident response workflows across the entire network - from traditional enterprise, to cloud, to industrial environments. By bringing together EDR and NDR we can enable the next generation of SOC analysts to gain complete visibility, detection and response from endpoint to network.

    Speaker

    Photo Speaker Name Profile
    David Gold David Gold View Profile
  • Hacking the Power Grid, why we should all be concerned about IoT Security Add to Schedule Lee Neubecker   |   Great Lakes Forensics   |   IoT Security

    IoT Security Theatre

    Wed 26th Sep 01:00 to 01:30

    Hacking the Power Grid, why we should all be concerned about IoT Security

    Cyber Security and Computer Forensics expert Lee Neubecker from GreatLakesForensics.com will share insights into how rogue hackers could take down the U.S. power grid and cause much damage and mayhem.  Learn how vulnerable IoT devices could be used to take down the power grid.  NotPetya and MadIoT malware and vulnerabilities demonstrate how much at risk the world remains to cyber attacks on the electric grid.  Important information will be shared including an overview of what needs to happen to prevent the next major cyber attack on the power grid from being successful.

    Speaker

    Photo Speaker Name Profile
    Lee Neubecker Lee Neubecker View Profile
  • Blowing the cover: Hands-on analysis of handcrafted Android malware Add to Schedule Alex Reshetniak  |   Lookout  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 26th Sep 01:00 to 01:30

    Blowing the cover: Hands-on analysis of handcrafted Android malware

    Since the first Android malware was publically reported back in 2010, threat actors and defenders have been playing a continuous game of cat and mouse -- developing their tools, techniques and tactics. While using freely available obfuscators or simply replacing variable names with gibberish are common ways to impede detection and analysis efforts of security researchers, in this talk we will unveil some novel approaches employed by malware authors to conceal their apps’ functionality and stay under the radar. We will cover multiple examples of such techniques, which include storing the payload in a generic, typeless binary file, using a file that looks legitimate, as well as having no visible payload file at all.

    Speaker

    Photo Speaker Name Profile
    Alex Reshetniak Alex Reshetniak View Profile
  • Cyber Security: a modern tale of a dissonant relationship Add to Schedule Ron Schlecht, Jr.  |   BTB Security  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 26th Sep 01:00 to 01:30

    Cyber Security: a modern tale of a dissonant relationship

    We know that most attacks exploit known vulnerabilities. The constant onslaught of information, security tools and techniques, compromise rational decision-making. Let’s explore the psychology behind mentally stabilizing our thoughts and actions in information security, and debunk new cognitions that we’re utilizing to protect and promote ourselves.

    Speaker

    Photo Speaker Name Profile
    Ron Schlecht, Jr. Ron Schlecht, Jr. View Profile
  • Please hack my car – Is bug bounty an appropriate way of testing autonomous vehicles? Add to Schedule Ian Glover  |   CREST  |   The Keynote

    The Keynote Theatre

    Wed 26th Sep 01:00 to 01:30

    Please hack my car – Is bug bounty an appropriate way of testing autonomous vehicles?

    Crowdsourcing the identification of vulnerabilities is attractive and has led to the development of bug bounty programmes. These programmes provide recognition to researchers for reporting vulnerabilities. Bug bounty programmes are being launched at a remarkable pace with evidence of both good and bad practice. Currently there is no definition of good practice and no guidelines for those procuring bug bounty programmes nor support or guidance for the researchers. There is also no clear view on the appropriateness of using such programmes to test safety critical systems such as those used on autonomous vehicles.
     
    Would you be comfortable travelling in an autonomous vehicle where suppliers are actively allowing the vehicle to be hacked; or do you feel more confident travelling in a vehicle that has been openly tested by the crowd?

    Speaker

    Photo Speaker Name Profile
    Ian Glover Ian Glover View Profile
  • Cybersecurity KPIs to Secure Your IT Environment Add to Schedule Steven Aiello  |   AHEAD  |   Cyber Hack

    Cyber Hack Theatre

    Wed 26th Sep 01:00 to 01:50

    Cybersecurity KPIs to Secure Your IT Environment

    Organizations spend an exceptional amount of time and money to keep their data secure, but the outcomes are less than exceptional. In the presentation, AHEAD security expert Steven Aiello will focus on simple KPIs that organizations can use to secure their environments. This will not be a theoretical approach to security; it will be an analysis of the most common attack vectors and patterns that are used to compromise IT assets.

    Speaker

    Photo Speaker Name Profile
    Steven Aiello Steven Aiello View Profile
  • Wed 26th Sep 01:40 - 02:10
  • Zero Trust & The Flaming Sword of Justice Add to Schedule Dave Lewis  |   Duo Security  |   The Keynote

    The Keynote Theatre

    Wed 26th Sep 01:40 to 02:10

    Zero Trust & The Flaming Sword of Justice

    Security breaches pervade the headlines. What was seen as a rare instance just 5 years ago now seems to occupy the daily news cycle. A lot of these data breaches are made possible due to missteps and misconfigurations. There are many security issues that are introduced into website authentication mechanisms that further compound the security issues in addition to enforcing bad behavior by the end users. Security debt is a real problem for the vast majority of organizations in the world today and the attackers will utilize this to their advantage. In addition to keeping system hygiene at front of mind defenders need to focus on proper network zone segmentation or, as it more popular term these days, zero trust networks. The old conceptual style of a castle wall and moat to defend a network was deprecated several years ago. As a result of the dissolution of the traditional perimeter a stronger focus has to be placed on the strength of authentication, authorization and trust models for the users. 

    The antiquated notion of an information security practitioner running through the office brandishing their flaming sword of justice above their heads screaming “thou shall not pass” has at long last reached it’s denouement. Whether you are responsible for the security in a financial organization or one that makes teddy bears it is necessary to adapt and learn to trust but, verify.

    Speaker

    Photo Speaker Name Profile
    Dave Lewis Dave Lewis View Profile
  • Lessons Learned from High Profile Breaches – And How to Stop the Next One Add to Schedule Dan Larson  |   CrowdStrike   |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 26th Sep 01:40 to 02:10

    Lessons Learned from High Profile Breaches – And How to Stop the Next One

    This exclusive session delves into details of some of CrowdStrike’s most eye-opening breach investigations of the past year, and their implications for organizations of all sizes, regardless of their industry or country of origin. Also: New research on “breakout time” –the time from initial  intrusion to the first signs of lateral movement that  precede a breach –and what defenders must do to respond before adversaries can press their attack.

    What the audience will learn:
    Dan will provide insights into the new methods of attacks such as credential theft and whitelist bypassing and other real-world examples of attacks against organizations. Attendees will learn the countermeasures that can be implemented to prevent such attacks.  

    Another take away for attendees is the meaning behind “breakout time”, and what it takes to respond in time to protect an organization’s data and networks.

    Speaker

    Photo Speaker Name Profile
    Dan Larson Dan Larson View Profile
  • Vulnerability Assessments: Are You REALLY Doing Them? Add to Schedule Roger Johnston  |   Right Brain Sekurity  |   IoT Security

    IoT Security Theatre

    Wed 26th Sep 01:40 to 02:10

    Vulnerability Assessments: Are You REALLY Doing Them?

    Many organizations don’t do vulnerability assessments (VAs), though they may do things that they THINK are VAs. While potentially useful, activities such as penetration testing, “Red Teaming”, security surveys, security audits, compliance checking, feature analyses, threat assessments, Risk Management, DBT, fault/event tree analysis, software assessment tools, etc. are not vulnerability assessments.

    They often fall short of the security benefits that a good VA can provide. This talk discusses why VAs are so important and how to do them. Unconventional security metrics and insider threat mitigation in the context of effective VAs will also be covered. The speaker is a professional vulnerability assessor with 30 years of experience.

    Speaker

    Photo Speaker Name Profile
    Roger Johnston Roger Johnston View Profile
  • Adopting an Automation-First Strategy for Identity and Access Management Add to Schedule Bryan Christ  |   Hitachi ID   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 26th Sep 01:40 to 02:10

    Adopting an Automation-First Strategy for Identity and Access Management

    Process automation within an IAM environment can be challenging. Many systems that excel at governance and certification tasks are simply not well suited for automation. Many organizations believe their requirements are simply too unique to be automated and/or their existing home grown solutions will suffice. A thorough data cleanup is often advocated for before automation technologies are deployed however this is the wrong approach as such technologies can actually help with the data cleansing effort. In this session we will explore many aspects of IAM automation and deliver concrete recommendations towards achieving the goal of identity management automation.

    Speaker

    Photo Speaker Name Profile
    Bryan Christ Bryan Christ View Profile
  • Everything you always wanted to know about incident response (*but were afraid to ask and for a good reason) Add to Schedule Andy Singer  |   enSilo   |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 26th Sep 01:40 to 02:10

    Everything you always wanted to know about incident response (*but were afraid to ask and for a good reason)

    The threat landscape has changed yet again. What was several years ago an era of advanced attackers seeking valuable data, has transformed to be global disruptive data related plagues, backwinded by nation-states seeking to dictate agenda and terms. In respect to the evolving threat landscape, organizations came to realize that compromise is inevitable and have started to look for ways to respond quickly, automatically and in real-time in order to prevent the next data breach or disruption. The evolving incident response process holds in store a great challenge as the process effectiveness metric is fairly easy to measure. Do you actually know how effective is your current SOC/IR/MDR in detecting, validating, containing and remediating infections in the environment? Are you ready to win the race to your own data?

    Speaker

    Photo Speaker Name Profile
    Andy Singer Andy Singer View Profile
  • Wed 26th Sep 02:00 - 02:50
  • It's the little things Add to Schedule Ben Sadeghipour  |   HackerOne  |   Cyber Hack

    Cyber Hack Theatre

    Wed 26th Sep 02:00 to 02:50

    It's the little things

    Reconnaissance plays a huge role while hacking. While there are 100s of different tools available to make this process easier, you may not be maximizing your recon process without a working methodology. In this session attendees will learn how the best hackers use recon to size up their targets. This methodology helps create an automated process that will actively look for vulnerabilities using OSINT and other well known recon tools.

    Speaker

    Photo Speaker Name Profile
    Ben Sadeghipour Ben Sadeghipour View Profile
  • Wed 26th Sep 02:20 - 02:50
  • Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation Add to Schedule Sandra Fathi  |   Affect  |   The Keynote

    The Keynote Theatre

    Wed 26th Sep 02:20 to 02:50

    Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation

    Cyber attacks can be devastating - resulting in loss of revenue, interrupted business continuity and significant damages to brand reputation and corporate morale. Incident response is no longer relegated to the IT department and must involve executives across the entire organization – from the board to the marketing department to technical teams.
    This session will address the critical tactics involved in communicating a cybersecurity incident to the public - focusing on the orchestration of technical, legal and communications executives. Sandra Fathi, president of Affect, will lead an interactive discussion on the corporate communications challenges that executives face in a cybersecurity incident.

    Speaker

    Photo Speaker Name Profile
    Sandra Fathi Sandra Fathi View Profile
  • Proactive Security: Data Breach Assessment Add to Schedule Mike Jack  |   Spirent   |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 26th Sep 02:20 to 02:50

    Proactive Security: Data Breach Assessment

    Cybersecurity is an ever-evolving target as attack techniques become more complex and aggressive. You’ve invested time, money, and effort in securing your organization. You’ve deployed firewalls, endpoint protection, intrusion prevention, and more. But how do you know if your organization is truly secure? No matter what security solutions are in place, the challenge is addressing the true unknowns of cybersecurity. This session will describe how adding data breach assessments to your cybersecurity arsenal can prepare you for inevitable security incidences and you will learn how automation can help your organization regularly—and rigorously—keep your defenses tuned and ready. 

    Speaker

    Photo Speaker Name Profile
    Mike Jack Mike Jack View Profile
  • Surviving the Cloud: How Big is Your Risk? Add to Schedule Prasidh Srikanth  |   Bitglass   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 26th Sep 02:20 to 02:50

    Surviving the Cloud: How Big is Your Risk?

    Is your organization moving to the cloud? Is BYOD (bring your own device) a growing trend in your workplace? Do you have users accessing corporate data from around the world? During this session, we will talk about cloud adoption's incredible momentum in the enterprise. Come learn about the security threats that organizations face in the cloud by discussing real-world examples. You will also learn how modern security vendors are reacting to cloud migration, adapting to evolving technology trends, and positioning themselves for a secure tomorrow.

    Speaker

    Photo Speaker Name Profile
    Prasidh Srikanth Prasidh Srikanth View Profile
  • Too Fast Less Furious - Accelerating Application Security with small teams in high flux environments Add to Schedule Aditya Balapure  |   Grubhub Inc  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 26th Sep 02:20 to 02:50

    Too Fast Less Furious - Accelerating Application Security with small teams in high flux environments

    The presentation is based on learnings of developing  an Application Security Program in small and medium sized companies. The talk discusses some of the challenges and fun times faced with evolving and scaling security with a small team. The conventional security in Continuous Integration/Continuous Delivery, vulnerability management and penetration testing have always been important for security but companies do need to plan for unconventional attack scenarios. The presentation focusses on how we start with the  conventional AppSec fundamentals and at the same time scale a small team to keep an eye on every aspect of high flux environments.

    Speaker

    Photo Speaker Name Profile
    Aditya Balapure Aditya Balapure View Profile
  • Wed 26th Sep 03:00 - 03:30
  • My Experience Teaching a Simple GDPR Implementation Approach on YouTube Add to Schedule Rocio Baeza  |   CyberSecurityBase  |   The Keynote

    The Keynote Theatre

    Wed 26th Sep 03:00 to 03:30

    My Experience Teaching a Simple GDPR Implementation Approach on YouTube

    In 2018, Rocio challenged herself to try and come up with a simplified GDPR implementation plan that she can teach online on YouTube. Why? In working with various security and privacy laws/regulations/frameworks, she has experienced first-hand the difficulty in translating requirements into clear and actionable steps. GDPR requires much-needed measures for the responsible management and use of personal data. As a data privacy advocate, she welcomed the measures that provide consumers with choice and transparency over the use of their personal data. As a data security professional, she appreciates the absence of technical jargon and assumption that all organizations are running on an “old-school” IT environment. This is a win for consumers, organizations, and the data privacy industry.

    As business and tech leaders decide on their approach for reaching and maintaining GDPR compliance, Rocio provides a simple implementation approach that doesn't conflict with creativity and innovation that rising tech companies are bringing to the table.

    Speaker

    Photo Speaker Name Profile
    Rocio Baeza Rocio Baeza View Profile
  • EvolveSec MEETUP: Iranian Cyber Operations – 2018 Update Add to Schedule Patrik Maldre  |   FireEye iSIGHT Intelligence  |   IoT Security

    IoT Security Theatre

    Wed 26th Sep 03:00 to 03:30

    EvolveSec MEETUP: Iranian Cyber Operations – 2018 Update

    Evolve Security alum, Patrik Maldre will present on APT33, APT34, and APT35 cyber operations, Iranian information operations, potential post-nuclear deal (JCPOA) developments, and the effects of U.S. indictments.

    Speaker

    Photo Speaker Name Profile
    Patrik Maldre Patrik Maldre View Profile
  • The Intersection of Cybersecurity & Digital Transformation: Strategic DevSecOps for Senior Leaders Add to Schedule Laszlo S. Gonc  |   Next Era Transformation Group  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 26th Sep 03:00 to 03:30

    The Intersection of Cybersecurity & Digital Transformation: Strategic DevSecOps for Senior Leaders

    Tremendous technology changes in recent years have made exponential leaps in the way we will communicate, interact and transact with each other for generations to come. Firewalls are becoming permeable, our data now lives in the cloud and it’s impractical to protect everything. With these technology risks, how do we balance culture change and innovation while implementing the highest security measures? How do we build in cybersecurity resilience? How do we securely engage our customers in an ever evolving marketplace?

    Learn about DevSecOps. This presentation is designed to provide senior leaders with strategic information on securing your organizations end-to-end value chain using DevSecOps, integrating cybersecurity with the alignment of development and operations. We have now entered the Transformative Age – are you ready to do business in the future?

    Speaker

    Photo Speaker Name Profile
    Laszlo S. Gonc Laszlo S. Gonc View Profile
  • Oktoberfest Add to Schedule

    Network Security and Ransomware Theatre

    Wed 26th Sep 03:00 to 03:30

  • Pitch it! by 1871 Add to Schedule Tech Leaders  |  Cyber Hack

    Cyber Hack Theatre

    Wed 26th Sep 03:00 to 03:50

    Pitch it! by 1871

    1871

    This unique presentation will see start-ups from 1871 sharing their latest cyber security innovations…

    1871 is the home of nearly 500 early-stage, high-growth digital startups and more than 1,500 members supported by an entire ecosystem focused on accelerating their growth and creating jobs in the Chicagoland area. Visit www.1871.com for more information. Located in a 150,000 square-foot space over four floors in The Merchandise Mart, 1871 has more than 600 current mentors available to its members, as well as more than 80 partner corporations, universities, education programs, accelerators, venture funds and other organizations that make its extensive matrix of resources possible.

    COMPANIES TAKING PART INCLUDE:

    accentedge

    Syed Alam, Founder & CEO, accentedge

    Securing Your Future: Using AI to Stop Cyber Criminals in Their Tracks
    In the ever-evolving digital landscape, your company’s data is exposed to internal and external threats every day. At Accentedge we use a world-wide network of sensors and software, including Machine Learning and AI, to detect patterns of potential problems and stop them in their tracks.

    Our information security platform is a comprehensive solution to defend against any kind of security theft, breaches or misuse of data and is continuously learning and improving over time. As a result, we can not only safeguard your corporate information, but also deliver major cost reductions, streamline workflows, automate processes and improve compliance.

    One-Me

    Brad Arlen, CEO, OneMe PBC

    Transforming Data Privacy From an Expense into an Asset
    Organizations willing to make a cultural shift that respects individual data privacy thru transparency, integrity, and self-sovereignty in the use of their data, will uncover entirely new product and service opportunities that transform the expense of data privacy into an asset.

    seamless

    Anil Saldanha, Founder and CEO, Seamless Technologies Inc

    Cyber Risk Management made easy
    Cyber Risk Management has become a critical need for companies that deal with sensitive data primarily in regulated industries such as Healthcare, Finance and HR. The session will focus on the elements of a successful cyber risk management strategy and a roadmap to adopt one. The session will highlight some critical use cases that the startup has successfully worked on.

    Speakers

    Photo Speaker Name Profile
    Anil Saldanha Anil Saldanha View Profile
    Brad Arlen Brad Arlen View Profile
    Syed Alam Syed Alam View Profile
  • Wed 26th Sep 03:30 - 04:30
  • MEETUP: Women in Cyber Secuirty Add to Schedule

    Network Security and Ransomware Theatre

    Wed 26th Sep 03:30 to 04:30

  • Thu 27th Sep 08:30 - 09:20
  • War By Other Means: How Cyber Technology Shapes Our New Shadow War with Russia Add to Schedule George Beebe  |   Center for the National Interest  |   The Keynote

    The Keynote Theatre

    Thu 27th Sep 08:30 to 09:20

    War By Other Means: How Cyber Technology Shapes Our New Shadow War with Russia

    Russia and the US are in an undeclared virtual war.  But it is not a hot war like World War II.  And it is not a Cold War.  Rather, it is something in between, a “shadow war,” in which we do things that once required physical force, but today can be accomplished through less violent but no less effective means.  Unlike the Cold War, this shadow war is being waged without rules, and neither side recognizes how easily it could spiral out of control. 

    Speaker

    Photo Speaker Name Profile
    George Beebe George Beebe View Profile
  • Thu 27th Sep 09:30 - 10:00
  • The Divine and Felonious Nature of Cyber Security Add to Schedule John Willis  |   SJ Technologies  |   The Keynote

    The Keynote Theatre

    Thu 27th Sep 09:30 to 10:00

    Speaker

    Photo Speaker Name Profile
    John Willis John Willis View Profile
  • How to Protect Next Generation Technology from Modern Threats Add to Schedule Morey J. Haber  |   BeyondTrust  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 27th Sep 09:30 to 10:00

    How to Protect Next Generation Technology from Modern Threats

    Next generation technology such as the cloud, DevOps, and IoT are not immune to privilege security threats, vulnerabilities, and poor cyber security hygiene. Managing privileges and vulnerability assessments are therefore critical layers in identity and asset centric cyber defense. Privileged Access Management (PAM) and Vulnerability Management (VM) together provide a complete approach to preventing NextGen breaches by unifying visibility and control across on-premise, cloud, IoT, and DevOps environments with reliable and predictable threat management.

    Based on a recent survey by BeyondTrust, security professionals will learn how privileges, passwords, and vulnerabilities are being leveraged against next generation technologies, and how you can take measurable steps to defend against them.

    Speaker

    Photo Speaker Name Profile
    Morey J. Haber Morey J. Haber View Profile
  • The Industrial Immune System: Using Machine Learning & AI for OT Cyber Defense Add to Schedule Andrew Tsonchev  |   Darktrace   |   IoT Security

    IoT Security Theatre

    Thu 27th Sep 09:30 to 10:00

    The Industrial Immune System: Using Machine Learning & AI for OT Cyber Defense

    There is an urgent need for a new approach to combat the next generation of cyber-threats, across both OT and IT environments. While total prevention of compromise is untenable, utilizing automated self-learning technologies to detect and respond to emerging threats within a network is an achievable cyber security goal, irrespective of whether the suspicious behavior originated on the corporate network or ICS.

    Speaker

    Photo Speaker Name Profile
    Andrew Tsonchev Andrew Tsonchev View Profile
  • Microsoft Office 365 – Make it a Secure Journey for Digital Transformation Add to Schedule Todd Bursch  |   Forcepoint   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 27th Sep 09:30 to 10:00

    Microsoft Office 365 – Make it a Secure Journey for Digital Transformation

    Office 365 adoption is continuing at a strong pace, and is often the corner stone for a company’s digital transformation journey.  The decision to implement Office 365 is often a top-down decision, resulting in lack of awareness in terms of security and capabilities when the platform is initially rolled out.  However, this rapid change puts pressure on departments to adapt, exposes weaknesses, and creates new security challenges as IT remodels its security posture to protect the new ecosystem.

    This session will provide insights into how only Forcepoint can secure Office 365 and all your other SaaS applications.

    Speaker

    Photo Speaker Name Profile
    Todd Bursch Todd Bursch View Profile
  • Preventing the Threats of Tomorrow and Beyond Add to Schedule Jonathan Kaftzan  |   Deep Instinct   |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 27th Sep 09:30 to 10:00

    Preventing the Threats of Tomorrow and Beyond

    AV based solutions that isolate suspicious files based on signatures, heuristic analysis and file reputation is only effective against known malware. As AI technologies mature, we entered the era of Machine Learning: Endpoint protection, detection & response based on features extraction – A big step forward but still limited by the knowledge of a security expert. Learn about the differences between deep learning and machine learning, and how deep learning is revolutionizing cybersecurity.
     

    Speaker

    Photo Speaker Name Profile
    Jonathan Kaftzan Jonathan Kaftzan View Profile
  • The Cyber Hack with SentinelOne Add to Schedule Jared Phipps  |   SentinelOne   |   Cyber Hack

    Cyber Hack Theatre

    Thu 27th Sep 09:30 to 10:20

    The Cyber Hack with SentinelOne

    Ransomware attacks continue to be popular among cyber criminals looking to compromise unsuspecting corporate networks. And it all happens at the endpoint. In a recent Enterprise Risk Index, fileless attacks rose 94% in the first half of the year, including exponential growth in PowerShell attacks.
    Learn how to defend your businesses where traditional AVs could not. SentinelOne's next-generation AV behavioral engines will help you understand and respond if there is ever a threat.

    Speaker

    Photo Speaker Name Profile
    Jared Phipps Jared Phipps View Profile
  • Thu 27th Sep 10:10 - 10:40
  • Machine vs. Malware - Artificial Intelligence Workings Add to Schedule Aamir Lakhani  |   Fortinet  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 27th Sep 10:10 to 10:40

    Machine vs. Malware - Artificial Intelligence Workings

    It has never been easier for cybercriminals to build and deliver malicious software. With the ability to hire DarkWeb software engineers or simply purchase malware generating software, CISOs are challenged to keep up. Artificial Intelligence (AI) has emerged as a tool that will turn the tide and enable human resource-constrained security programs. This session will trace the history of AI and provide an insight into the workings of it. An example of a security-focused AI system will be examined and discussed in detail.

    Speaker

    Photo Speaker Name Profile
    Aamir Lakhani Aamir Lakhani View Profile
  • Dealing with IoT Security – Do nothing, do simple things, or do it RIGHT! Add to Schedule Sameer Dixit  |   Spirent   |   IoT Security

    IoT Security Theatre

    Thu 27th Sep 10:10 to 10:40

    Dealing with IoT Security – Do nothing, do simple things, or do it RIGHT!

    Internet of Things (IoT) deployments have been growing at an astonishing pace - whether for data monitoring, facility management, manufacturing processes or supply chain. However, there continues to be a gap in understanding the potential risks, and hidden threats that exist. This presentation will describe the current state of IoT security, provide insights into the ever-evolving world of hidden threats, identify latest IoT cyber-security standards and its contribution in enhancing overall platform security. Attendees will also receive guidelines on securing various components of an IoT deployment.

    Speaker

    Photo Speaker Name Profile
    Sameer Dixit Sameer Dixit View Profile
  • Cisco Cloud Security: Stepping Into the Cloud with Confidence Add to Schedule Adrienne McEwan  |   Cisco  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 27th Sep 10:10 to 10:40

    Cisco Cloud Security: Stepping Into the Cloud with Confidence

    Learn how Cisco’s Cloud Security Solutions can help secure your environment from the network to the cloud protecting everything from end-devices to content stored within sanctioned SaaS applications. Also, find out how attacks are staged and deployed during The Anatomy of An Attack and how Cisco’s Cloud Security Solutions can help you investigate and remediate attacks your environment may face.

    Speaker

    Photo Speaker Name Profile
    Adrienne McEwan Adrienne McEwan View Profile
  • How integrating Coverity Static Analysis IDE empowers developers and helps strengthen DevSecOps teams Add to Schedule Meera Rao  |   Synopsys Software Integrity Group  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 27th Sep 10:10 to 10:40

    How integrating Coverity Static Analysis IDE empowers developers and helps strengthen DevSecOps teams

    Software development teams use DevOps to accelerate software delivery. A common misconception is that security can slow this process—which is no longer the case. By integrating and automating security solutions early in the DevOps pipeline, teams can scan every build for security weaknesses and vulnerabilities without affecting velocity. This DevSecOps practice stands in sharp contrast to traditional software security methods where dynamic application security testing takes place later in the SDLC. Easily integrated within IDEs, Coverity provides accurate and comprehensive static analysis that finds critical security weaknesses in code with efficiency and agility. This presentation will illustrate just how that works to support DevSecOps.

    Speaker

    Photo Speaker Name Profile
    Meera Rao Meera Rao View Profile
  • Thu 27th Sep 10:30 - 11:20
  • Measuring Security With A Bug Bounty Program - A Hackers Perspective Add to Schedule Jon Bottarini  |   HackerOne   |   Cyber Hack

    Cyber Hack Theatre

    Thu 27th Sep 10:30 to 11:20

    Measuring Security With A Bug Bounty Program - A Hackers Perspective

    In this session, Jon Bottarini, hacker and technical program manager at HackerOne will discuss the key factors influencing relationships between hackers and corporate security teams by unpacking hacker motives, internal security challenges, risks associated with working with hackers, competitive vulnerability pricing, and managing a mutually beneficial transaction.

    Speaker

    Photo Speaker Name Profile
    Jon Bottarini Jon Bottarini View Profile
  • Thu 27th Sep 10:50 - 11:20
  • Using Home-Court Advantage to Transform Your Security Approach Add to Schedule Dr. Rajiv Ramaswami   |   VMware  |   The Keynote

    The Keynote Theatre

    Thu 27th Sep 10:50 to 11:20

    Using Home-Court Advantage to Transform Your Security Approach

    When it comes to cyber security, the attacker is in an advantageous position. Defense is harder than offense and we’re fighting an asymmetrical battle. But we do have one piece of information the attacker doesn’t. We have exclusive knowledge of how our apps and data should behave on our own infrastructure. This knowledge can be used to create a home-court advantage that gives us crucial leverage and reduces our attack surface.
     
    Find out how the unique properties of cloud and mobile can be used to enable new security models never before possible – providing critical insights for that home court advantage.

    Speaker

    Photo Speaker Name Profile
    Dr. Rajiv Ramaswami Dr. Rajiv Ramaswami View Profile
  • Chicken Little has left the room: Security Beyond Fear Add to Schedule Doug Lhotka  |   IBM  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 27th Sep 10:50 to 11:20

    Chicken Little has left the room: Security Beyond Fear

    We’ve been managing risk in our business for hundreds of years, yet we continue to treat cyber threats as a special case. While it’s true that we’re in a time of escalating, industrialized threats, organizations still react and lurch from one crisis to another, cobbling together a security program based on yesterday's crisis. It’s time we move from a reactive, fear and compliance based program, to a business focused, risk-based approach to cyber security.

    Speaker

    Photo Speaker Name Profile
    Doug Lhotka Doug Lhotka View Profile
  • The Evolution of Cyber Crime: A new approach to risk is critical Add to Schedule Colin McKinty  |   BAE Systems Applied Intelligence  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 27th Sep 10:50 to 11:20

    The Evolution of Cyber Crime: A new approach to risk is critical

    Evolution never stops. This is most evident in the world of cyber crime. Threats constantly mutate, technology progresses and the lines of responsibility blur. Protecting against new forms of attack requires experience of how criminals change their methods. Defenders must use intelligence on adversaries and understand the vulnerabilities of their organization to build a picture of the situation.

    Speaker

    Photo Speaker Name Profile
    Colin McKinty Colin McKinty View Profile
  • Dealing with the Tsunami Of Unmanaged Devices  Add to Schedule Jamil (Jamie) Mneimneh  |   Armis   |   IoT Security

    IoT Security Theatre

    Thu 27th Sep 10:50 to 11:20

    Dealing with the Tsunami Of Unmanaged Devices 

    The explosive growth of “smart” devices—printers, routers, cameras, smart TVs, industrial devices, medical devices, Bluetooth speakers, etc.—provides a new attack surface which can’t be managed or protected by legacy security tools. Attackers are increasingly targeting these unmanaged and IoT devices as a way to penetrate enterprise networks without detection. Both the FBI and the U.S. Department of Homeland Security have issued multiple warnings.

    This session will explore the growth of unmanaged devices, provide several examples of attacks on these devices, and discuss new considerations of security architectures with a 'Zero Trust' philosophy to fill the gaps left by traditional security architectures.

    Speaker

    Photo Speaker Name Profile
    Jamil (Jamie) Mneimneh Jamil (Jamie) Mneimneh View Profile
  • Empower Your Workforce by Securing Mobile Technology Add to Schedule Otavio Freire  |   SafeGuard Cyber  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 27th Sep 10:50 to 11:20

    Empower Your Workforce by Securing Mobile Technology

    The reality is enterprise employees are using mobile apps on their own to do their work more efficiently, especially with international clients. This discussion will present ways in which management can secure these new technologies and align cybersecurity protocols with employee realities

    Speaker

    Photo Speaker Name Profile
    Otavio Freire Otavio Freire View Profile
  • Thu 27th Sep 11:30 - 12:00
  • Preventing the Next-Generation Data Breach Storms:  Human, Machines and the Art of Deception Add to Schedule Ina Wanca  |   AI Governance  |   The Keynote

    The Keynote Theatre

    Thu 27th Sep 11:30 to 12:00

    Preventing the Next-Generation Data Breach Storms:  Human, Machines and the Art of Deception

    Cyber risk uncertainties, due to the proliferation of human errors and behavior weaknesses, are not addressed by current cyber risk framework models. Case studies will examine the implications of the of artificial intelligence misuse for humans and machines’ deception. By the end of the session, the speaker will share lessons learned and the best predictive prevention tools for avoiding data breaches.

    Speaker

    Photo Speaker Name Profile
    Ina Wanca Ina Wanca View Profile
  • Focus Security where it Matters Most Add to Schedule Dave Ostertag  |   Verizon   |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 27th Sep 11:30 to 12:00

    Focus Security where it Matters Most

    Enterprises are navigating the perfect storm of digital convergence, struggling to enable digitization across every area of their business while also maintaining a secure environment. The attack surface has expanded, increasing internal/external pressure and security program complexity, while making it nearly impossible to prove return on investment or effectively quantify actual mitigation of risk.
     

    Speaker

    Photo Speaker Name Profile
    Dave Ostertag Dave Ostertag View Profile
  • Preparing for the Unthinkable Add to Schedule David van Schravendijk  |   Cisco Meraki   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 27th Sep 11:30 to 12:00

    Preparing for the Unthinkable

    Past performance is no guarantee of future results. There are many trends in the cybersecurity landscape, that will be different tomorrow. Security professionals can effectively prepare themselves for unknown future events by delivering high-power Cisco security technologies via an all-inclusive, unique cloud-managed platform. This session will show you how new threats can be prevented dynamically without needing to configure or modify a network.

    Speaker

    Photo Speaker Name Profile
    David van Schravendijk David van Schravendijk View Profile
  • Maginot Line – Common AppSec Anti-Patterns Preventing your Success Add to Schedule Peter Chestna  |   CA Technologies  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 27th Sep 11:30 to 12:00

    Maginot Line – Common AppSec Anti-Patterns Preventing your Success

    Is your AppSec program stalled? Is it failing to meet your expectations? You may be victim of some common anti-patterns that are keeping you from reaching your goals.  Are you achieving your goals or meeting your metrics but have a sinking suspicion that your ultimate goal of reducing your company’s risk isn’t being met? As the French learned in WWII, a partial defense is no defense at all. The Maginot Line will serve as our metaphor for failed or suspect AppSec programs.

    Speaker

    Photo Speaker Name Profile
    Peter Chestna Peter Chestna View Profile
  • The Five Laws of Cybersecurity Add to Schedule Nick Espinosa  |   Security Fanatics  |   Cyber Hack

    Cyber Hack Theatre

    Thu 27th Sep 11:30 to 12:10

    The Five Laws of Cybersecurity

    Based off Nick Espinosa's TEDx Talk and Forbes article of the same name, this presentation will dive into issues that non-technical users face and how we, as the technical community, can help create an easy framework of understanding for those we help in order to ensure their security. The Five Laws of Cybersecurity are designed to make everyone think and challenge that technology they use every day!

    Speaker

    Photo Speaker Name Profile
    Nick Espinosa Nick Espinosa View Profile
  • Thu 27th Sep 01:00 - 01:30
  • Turning Your Cybersecurity Toddlers Into Warriors! Proven field-tested methods to fill the knowledge gap within your staff Add to Schedule Shira Shamban  |   Dome9 Security  |   The Keynote

    The Keynote Theatre

    Thu 27th Sep 01:00 to 01:30

    Turning Your Cybersecurity Toddlers Into Warriors! Proven field-tested methods to fill the knowledge gap within your staff

    IT security is expanding rapidly. And, unlike the skill gap, there is no shortage of malicious actors trying to get data. In order to break this endless, downward spiral resulting in increased turnover and lower overall job satisfaction, IT organizations must implement updated strategies and methodologies towards security.

    This session will include insights and lessons learned from 13 years as an officer in the elite intelligence unit 8200 of the Israel Defense Force. I will share solutions I learned from the hands-on experience in cybersecurity and operations including CD/CR - Continuous Detection / Continuous Remediation.

    Speaker

    Photo Speaker Name Profile
    Shira Shamban Shira Shamban View Profile
  • The Anatomy of an Email-Borne Attack Add to Schedule Mike Shine  |   Mimecast  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 27th Sep 01:00 to 01:30

    The Anatomy of an Email-Borne Attack

    Let's face it: email is still the biggest entry point into your organization, even in secure environments. Security threats are real and debilitating, and they aren't going away anytime soon.

    Join us for Anatomy of an Email Born Attack, where Mimecast will paint the current threat landscape for email-borne attacks and demonstrate an actual live e-mail based 'hack' in real-time.

    Speaker

    Photo Speaker Name Profile
    Mike Shine Mike Shine View Profile
  • Thwarting a Cyberphysical Attack in the IoT Era Add to Schedule William Malik  |   Trend Micro   |   IoT Security

    IoT Security Theatre

    Thu 27th Sep 01:00 to 01:30

    Thwarting a Cyberphysical Attack in the IoT Era

    While businesses and consumers see opportunity and efficiency in the billions of devices now connected to the Internet of Things and Industrial Internet of Things, cyber criminals also see an opportunity in the vulnerabilities created with each connection. This session will outline three things you need to understand in order to prevent a cyberphysical attack in our digitally connected world. Walk away with best practices you can use to implement the right mix of policy, architecture, training and technology to keep your organization secure.

    Speaker

    Photo Speaker Name Profile
    William Malik William Malik View Profile
  • Secure All your Cloud Workloads in a Modern Enterprise Add to Schedule Kevin Stultz  |   Symantec   |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 27th Sep 01:00 to 01:30

    Secure All your Cloud Workloads in a Modern Enterprise

    As management of workloads/applications shifts from traditional IT Operations Management lifecycle to DevOps lifecycle there is a dramatic shift in right controls and right security lifecycle.  Gone are the days of building a server, bolting on a set security controls and then monitoring/maintaining the server for years. In DevOps the controls for the workload must be built into the CI/CD lifecycle.  The other big change is since the security is now built in and the environment is managed as immutable it enables the long sought holy grail of proactive security controls which provide vulnerability mitigation by enforcing the immutability of the applications and their data instead having to react and change every time a new vulnerability or attack is released. In this talk we will demonstrate how Symantec can insure workloads are immutable thus thwarting attacks.

    Speaker

    Photo Speaker Name Profile
    Kevin Stultz Kevin Stultz View Profile
  • Brought to you by Trustwave Add to Schedule Jeremy Batterman  |   TrustWave  |   Cyber Hack

    Cyber Hack Theatre

    Thu 27th Sep 01:00 to 01:50

    Speaker

    Speaker Name Profile
    Jeremy Batterman View Profile
  • Thu 27th Sep 01:40 - 02:10
  • Do you know your vendor dependencies? Add to Schedule Elizabeth Zalman  |   strongDM  |   The Keynote

    The Keynote Theatre

    Thu 27th Sep 01:40 to 02:10

    Do you know your vendor dependencies?

    You're only as secure as your weakest link. That includes not only your employees, but your vendors and their employees too. Most companies have no idea how many systems and people have access to their data. You can't protect your data if you can't tell who has access to it, nor what they're doing with it. In this talk, I'll share practical examples of breaches I've personally experienced along with advice on how to hold your vendors accountable.

    Speaker

    Photo Speaker Name Profile
    Elizabeth Zalman Elizabeth Zalman View Profile
  • Minimizing the detection to recovery time frame: Avoid the potential effects sophisticated threat actors can have on business operations Add to Schedule Joe Rogalski  |   eSentire   |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 27th Sep 01:40 to 02:10

    Minimizing the detection to recovery time frame: Avoid the potential effects sophisticated threat actors can have on business operations

    While recent trends have shown attackers are using simple tools and tactics for data breaches, sophisticated threat actors utilizing advanced techniques to avoid detection could potentially have the greatest impact on an organization’s bottom line in 2018. Commodity threats continue to make the case for investment in preventative technologies and stricter regulations around breach notifications all but mandates increased investment in advanced detection and response capabilities. Minimizing the detection to response time frame is critical for an organization to not only detect threats, but contain and respond in a time frame that minimizes the potential risk of affecting their clients and suffering the implications of compliance violations.

    Speaker

    Photo Speaker Name Profile
    Joe Rogalski Joe Rogalski View Profile
  • Static analysis for safety and security critical software Add to Schedule Mark Hermeling   |   GrammaTech   |   IoT Security

    IoT Security Theatre

    Thu 27th Sep 01:40 to 02:10

    Static analysis for safety and security critical software

    Software development managers are always looking to improve the efficiency of their software development teams. This is often needs to be balanced with functional safety and cyber security. Static analysis has been proven to improve code quality, improving efficiency, while at the same time improving safety and security. This presentation will show how GrammaTech CodeSonar can integrate advanced static analysis in a modern continuous integration/continuous deployment workflow and improve efficiency and safety and security all at the same time.

    Speaker

    Photo Speaker Name Profile
    Mark Hermeling Mark Hermeling View Profile
  • Risks Hiding in Plain Sight: Mobile App Cyber Threat & Vulnerability Benchmarks Add to Schedule Brian Reed  |   NowSecure  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 27th Sep 01:40 to 02:10

    Risks Hiding in Plain Sight: Mobile App Cyber Threat & Vulnerability Benchmarks

    We don’t trust all email. We don’t trust all websites. So why do we trust all mobile apps? 85% of appstore apps in have 1 or more serious vulns. Why don’t we know that? Why don’t we do something about that? In this session we will open pandora’s box, learn how to see the risks & deal with them.

    Speaker

    Photo Speaker Name Profile
    Brian Reed Brian Reed View Profile
  • The Future of Crypto Crime and the Threat it Poses to Organizational Security Add to Schedule Charles Stockwell   |   The Security Stronghold  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 27th Sep 01:40 to 02:10

    The Future of Crypto Crime and the Threat it Poses to Organizational Security

    Crypto Crime has existed for almost 30 years. Since Bitcoin's emergence in 2008, however, crypto crime has seen exponential growth that shows no signs of stopping. Now, in 2018, organizations face a plethora of crypto-related threats. As these threats continue to mature and multiply, it is vital that organizations understand and plan for what is to come. In this talk, Charles Stockwell, CEO of The Security Stronghold, will explore the future of crypto crime. He will then talk about the potential impacts to organizational security and best practices for mitigating risk.

    Speaker

    Photo Speaker Name Profile
    Charles Stockwell Charles Stockwell View Profile
  • Thu 27th Sep 02:20 - 02:50
  • Crypto Currency Security from the Frontlines: Hedge Funds, Nation State Threats & Technical Security Approaches Add to Schedule Adam Healy   |   Digital Asset Custody Company (DACC)  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 27th Sep 02:20 to 02:50

    Crypto Currency Security from the Frontlines: Hedge Funds, Nation State Threats & Technical Security Approaches

    Adam Healy, CISO at DACC, will spend 30 minutes providing his perspective on the state of enterprise-level institutional safe storage (“custody”) of crypto currencies. This discussion will outline the emerging threat landscape facing institutions entering the crypto currency asset class and best practices when selecting crypto currency service providers, including custody providers. Lastly, Adam will provide his outlook on the future of security in this space and unique technical risks associated with this asset class along with how to address a nascent industry with lacking standardization of security practices.

    Speaker

    Photo Speaker Name Profile
    Adam Healy Adam Healy View Profile
  • PANEL: The Year Ahead - GDPR, Ransomware, AI Security & the Next Big Threat Add to Schedule Panel  |  The Keynote

    The Keynote Theatre

    Thu 27th Sep 02:20 to 03:10

    PANEL: The Year Ahead - GDPR, Ransomware, AI Security & the Next Big Threat

    As little as 5 years ago Cyber Security Breaches were seen as relatively rare occurrence however we now see major breaches reported on a weekly, sometimes daily basis. This trend does not seem to be slowing so what do we need to be mindful of in the year ahead? In this session, a panel of experts each explain a trend they believe will be pivotal to staying safe and remaining compliant in 2019.

    Speakers

    Speaker Name Profile
    Adrienne McEwan Adrienne McEwan View Profile
    Charles Stockwell Charles Stockwell View Profile
    Jonathan Kaftzan Jonathan Kaftzan View Profile
    Martin Holste View Profile
  • The Student Sessions Add to Schedule Tech Leaders  |  IoT Security

    IoT Security Theatre

    Thu 27th Sep 02:20 to 03:30

    Speakers

    Photo Speaker Name Profile
    John Fatten John Fatten View Profile
    Kathy Cooke Kathy Cooke View Profile
    Shira Shamban Shira Shamban View Profile

Your schedule where you can plan your day, viewing all your scheduled seminars print or email them to yourself

Top