26 - 27 SEPTEMBER 2018 / McCormick Place, Chicago
  • Wed 18th Oct 08:25 - 09:40
  • THE ART OF DECEPTION: How Hackers and Con Artists Manipulate You and What You Can Do About It Add to Schedule Kevin Mitnick   |   Mitnick Security Consulting   |   The Keynote

    The Keynote Theatre

    Wed 18th Oct 08:25 to 09:40

    THE ART OF DECEPTION: How Hackers and Con Artists Manipulate You and What You Can Do About It

    People are the weakest security link. They can be manipulated or influenced into unknowingly helping hackers break into their organization’s computers. You’ll learn how easily you can be an unsuspecting victim who can be manipulated into handing over the keys the kingdom, if you haven’t done so already. Kevin Mitnick will entertain and educate you by performing his "live technology magic show" of the latest hacking techniques. You just might realize that you—like almost everyone else on the planet—have a misplaced reliance on security technology, which has now become ineffective against a motivated hacker using a technique called "social engineering."
     
    Social engineering is a technique used by hackers and con artists that leverages your tendency to trust. Trust is a truly noble human characteristic; however, in terms of personal and organizational security, it’s also a significant weakness because trust can be exploited. Kevin is the worldwide authority on social engineering and constantly improves and updates this highly acclaimed "security awareness" presentation with the latest threats and risks most people don’t even know exist.
     
    You’ll learn how to detect manipulation and take steps to protect yourself and your organization. Gain the power to think defensively.

    Speaker

    Photo Speaker Name Profile
    Kevin Mitnick Kevin Mitnick View Profile
  • Wed 18th Oct 09:45 - 10:10
  • The State of Internet Security – And Steps to a Safer Future Add to Schedule Andy Ellis  |   Akamai Technologies  |   The Keynote

    The Keynote Theatre

    Wed 18th Oct 09:45 to 10:10

    The State of Internet Security – And Steps to a Safer Future

    In a world of increasingly sophisticated cyberthreats, getting to a secure web experience can pose a challenge. Citing results of the state of the internet security report, based on his company’s birds eye view of Internet activity, Andy Ellis, Chief Security Officer of Akamai, will help attendees understand the hazards we all face, and the steps forward towards a safer future.

    Speaker

    Photo Speaker Name Profile
    Andy Ellis Andy Ellis View Profile
  • Wed 18th Oct 10:10 - 10:40
  • Next-Gen Application Security Add to Schedule Alex Mathews  |   Positive Technologies   |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 18th Oct 10:10 to 10:40

    Next-Gen Application Security

    Application security is rapidly moving into top gear. Not only is this caused by ever-evolving attacks aimed at the application layer, but also driven by the constantly growing number and complexity of web applications as a result of digital transformation.

    To stay one step ahead of competitors, companies must deliver value faster, without putting their customers at risk while remaining compliant.

    This takes a fundamental shift in the way application security should be approached: during our session, we’ll share our expert vision of how smart application security strategy should be implemented to protect companies without disrupting their business processes.

    Speaker

    Photo Speaker Name Profile
    Alex Mathews Alex Mathews View Profile
  • Six Steps to Secure Access for Privileged Insiders and Vendors Add to Schedule Sam Elliott  |   Bomgar  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 18th Oct 10:10 to 10:40

    Six Steps to Secure Access for Privileged Insiders and Vendors

    Many organizations trying to secure privileged access for employees or vendors focus solely on the privileged credentials or identities. But this is only half the battle. Securing the access pathways is just as crucial to protect your critical systems and data from cyber threats. This session will outline the six steps companies need to take to secure privileged access, while simultaneously improving business productivity.

    Speaker

    Photo Speaker Name Profile
    Sam Elliott Sam Elliott View Profile
  • The Hidden Threats of Weak IoT Security within the Enterprise Add to Schedule Sameer Dixit  |   Spirent  |   IoT Security

    IoT Security Theatre

    Wed 18th Oct 10:10 to 10:40

    The Hidden Threats of Weak IoT Security within the Enterprise

    Most enterprises have Internet of Things (IoT) deployments, whether for data monitoring, supply chain, facility management, or manufacturing processes. Unfortunately, many don’t realize how extensive these deployments actually are—or the attack surface they represent. In fact, IoT deployments have a higher number of security breaches, with costlier consequences, than traditional enterprise breaches. This presentation will describe the current state of IoT security, provide insight into attack methods, and identify unique challenges of securing IoT deployments. Attendees will also receive suggested best practices for securing new IoT deployments, increasing system layer security, or enhancing security in production deployments.

    Speaker

    Photo Speaker Name Profile
    Sameer Dixit Sameer Dixit View Profile
  • The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks Add to Schedule Nicole Eagan  |   Darktrace  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 18th Oct 10:10 to 10:40

    The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

    With machines fighting machines and increasingly sophisticated human attackers, we are now entering a new era of cyber-threats. The battle is no longer at the perimeter but inside of our organizations, and no security team can keep up with its speed. Cyber-attackers are quickly becoming silent and stealthy, and cyber defense has turned into an arms race.
     
    This new wave of cyber-threats has seen skilled attackers that may lie low for weeks or months. By the time they take definitive steps, their actions blend in with the everyday hum of network activity. These attacks call for a change in the way we protect our most critical assets.
     
    Self-learning and self-defending systems are now being deployed to continually assess business environments. Known as ‘immune system’ defense, this approach is used to uncover threats that have already penetrated the network border, and then automatically fight back. Unlike legacy approaches, which rely on rules or signatures, these technologies work autonomously, enable the security team to focus on high-value tasks, and can counter even fast-moving, automated attackers.
     

    Speaker

    Photo Speaker Name Profile
    Nicole Eagan Nicole Eagan View Profile
  • Insider Threats Add to Schedule Morey J. Haber  |   BeyondTrust  |   Cyber Hack

    Cyber Hack Theatre

    Wed 18th Oct 10:10 to 10:40

    Insider Threats

    The risks of the one can easily outweigh the needs of the many. Privileged account abuse is a leading cause of insider threats in cybersecurity and the risks of one unmanaged privileged account can jeopardize the mission for all others. In this session, we will explore the top privileged account risks, how they can be leveraged against an organization, and security best practices from NIST to PCI that can help ensure that privileged accounts are never dismissed from accountability.

    Speaker

    Photo Speaker Name Profile
    Morey J. Haber Morey J. Haber View Profile
  • Wed 18th Oct 11:00 - 11:30
  • No Silver Bullets - Cybersecurity in the Cognitive Era Add to Schedule Doug Lhotka  |   IBM  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 18th Oct 11:00 to 11:30

    No Silver Bullets - Cybersecurity in the Cognitive Era

    It's no surprise that our organizations are under attack by industrialized threats from highly skilled adversaries.   At same time we're drowning in information, facing a growing skills shortage, and often dealing with security infrastructures from the dark ages.  It's no wonder that the industry is looking for the latest magic bullet, and Cognitive security is now the king of the hype curve.  We'll talk about the threats in more detail, the growing migration from compliance to risk-focused security, and how security is fundamentally an information management problem.  We'll investigate how cognitive technology is being applied in real organizations today, and try to get beyond the marketing and hype to understand this fundamental shift in how we approach cybersecurity.

    Speaker

    Photo Speaker Name Profile
    Doug Lhotka Doug Lhotka View Profile
  • The Future of Authentication with FIDO Add to Schedule Adam Lewis  |   Motorola Solutions  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 18th Oct 11:00 to 11:30

    The Future of Authentication with FIDO

    Identity is the new perimeter - but the perimeter is most often a password - responsible for 81% of data breaches in 2016.  Current MFA solutions like SMS and other OTP are just as broken, still phishable and suffering from a poor UX.  FIDO is one of the most exciting innovations in identity & access management, which for the first time brings a multi-factor authentication standard to the mass market combining military-grade security, awesome UX, privacy, and interoperability - all in a single stack that will soon be baked into the computing platforms we already own.  This presentation will include a live demo.

    Speaker

    Photo Speaker Name Profile
    Adam Lewis Adam Lewis View Profile
  • The way we work has changed. Has your security? Add to Schedule Adrienne McEwan  |   Cisco  |   IoT Security

    IoT Security Theatre

    Wed 18th Oct 11:00 to 11:30

    The way we work has changed. Has your security?

    By 2018, Gartner estimates that 25% of corporate data traffic will bypass the perimeter. As organisations evolve their IT stack, traditional security approaches/architectures need to be reconsidered. This interactive session will review some of the new risks introduced by SaaS/IaaS adoption and show how to effectively mitigate these risks using new approaches to security architecture. Presenters will review best practices around the transition of a security architecture itself to the cloud, utilizing customer case studies.

    Speaker

    Photo Speaker Name Profile
    Adrienne McEwan Adrienne McEwan View Profile
  • M2M: Machine Learning and the war against the machines Add to Schedule Aamir Lakhani  |   Fortinet  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 18th Oct 11:00 to 11:30

    M2M: Machine Learning and the war against the machines

    Machine Learning is the new buzzword in the cyber security industry. Many security firms are claiming it gives them an advantage in catching cyber threats. How does machine learning work in regards to cyber security? How is used to actually determine a cyber threat? This talk will examine what machine learning means to cyber security, how it is succeeding, and some of the common short comping and challenges it presents.

    Speaker

    Photo Speaker Name Profile
    Aamir Lakhani Aamir Lakhani View Profile
  • IoT and the Physically Dangerous Add to Schedule Jeff Kitson  |   Trustwave  |   Cyber Hack

    Cyber Hack Theatre

    Wed 18th Oct 11:00 to 12:00

    IoT and the Physically Dangerous

    IoT devices and outdated software are being used globally in ways that can create physical threats for consumers. Many see this as little more than a small risk and a consumer inconvenience.  This session will focus on one particular vulnerability and a suite of HVAC and ICS products that are in use everywhere from schools to nursing homes and why these physically dangerous vulnerabilities are not getting the attention they deserve.
     

    Speaker

    Photo Speaker Name Profile
    Jeff Kitson Jeff Kitson View Profile
  • Wed 18th Oct 11:15 - 12:00
  • PANEL: The Future of Cyber Security Add to Schedule Panel  |  The Keynote

    The Keynote Theatre

    Wed 18th Oct 11:15 to 12:00

    PANEL: The Future of Cyber Security

    As cybersecurity continues to climb the mainstream agenda security professionals face an arms race within businesses and organisations to defend against the ever more sophisticated threats whilst understanding the realistic capabilities of the latest cyber defence technologies. It’s practically an impossible job.

    Our stellar panel of experts will help you navigate a route through the new technologies and the shifting threat landscape.

    Speakers

    Photo Speaker Name Profile
    Colin McKinty Colin McKinty View Profile
    Joe Slone Joe Slone View Profile
    John McClurg John McClurg View Profile
    Scott Kitun Scott Kitun View Profile
  • Wed 18th Oct 11:40 - 12:10
  • The #1 Threat: Weak or Stolen Credentials – Analyzing and Combating the Risk Add to Schedule David Aucsmith  |   root9B   |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 18th Oct 11:40 to 12:10

    The #1 Threat: Weak or Stolen Credentials – Analyzing and Combating the Risk

    The number one technique used by attackers in a data breach is leveraging weak or stolen credentials. To combat this technique, organizations are embracing methods to include multifactor authentication and improved access control for domain administrator accounts. Companies fall short in assessing their pre-attack risk and in failing to take into consideration non-administrator accounts and local accounts. Organizations must implement proactive measures to minimize risk of an attack. Once a breach occurs, it is too late. This talk will address techniques organizations should use to assess risk prior to an attack and
    approaches to better defend the network from credential-based attacks.

    Speaker

    Photo Speaker Name Profile
    David Aucsmith David Aucsmith View Profile
  • Cloud, AI, Big Data... OH MY! How the Growing Scale of Systems is Changing the Game Add to Schedule Mark Lambiase  |   Fox Technologies  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 18th Oct 11:40 to 12:10

    Cloud, AI, Big Data... OH MY! How the Growing Scale of Systems is Changing the Game

    There are a number of favorite topics today that all have one thing in common. Cloud, AI, Big Data, IoT and other 'buzzword' technology buckets are driving the scale of deployments. Organizations are able to buy more computing power than ever before in history, and they are using it. Virtualization, Containers and other similar technologies are unleashing this newfound power by allowing powerful hosts to be broken apart in to discreet systems and services, amplifying the volume of tasks on a single host to scales unseen before and growing at (what should be) an alarming rate. Looking at history, there are many examples of how taking a working 'engine' and making it bigger doesn't usually work. There are either important tweaks to get things working smoothly, or in the worst case, a complete melt-down.

    Speaker

    Photo Speaker Name Profile
    Mark Lambiase Mark Lambiase View Profile
  • Intelligent Security and Deep Visibility with Meraki Add to Schedule Tony Carmichael  |   Cisco Meraki  |   IoT Security

    IoT Security Theatre

    Wed 18th Oct 11:40 to 12:10

    Intelligent Security and Deep Visibility with Meraki

    Come learn about the latest security capabilities offered by the Cisco Meraki MX Security Appliances, including a look at cloud sandboxing with Cisco Threat Grid. You will get an opportunity to see a live demo of the Meraki Security Center, a comprehensive and intuitive dashboard for all-things-security. Finally, experience just how easy it is to setup and monitor SD-WAN capabilities on the Meraki MX, for one or even thousands of locations.

    Speaker

    Photo Speaker Name Profile
    Tony Carmichael Tony Carmichael View Profile
  • Layered Security is expensive and isn’t reliable – So how can Automated Endpoint Response be the Answer? Add to Schedule Jeffrey Duran   |   enSilo  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 18th Oct 11:40 to 12:10

    Layered Security is expensive and isn’t reliable – So how can Automated Endpoint Response be the Answer?

    Traditional cybersecurity detection and response methods are not working. Attackers consistently find ways to compromise endpoint systems regardless of the time, tools, and expense. It is time to look at the promise and challenges of automated incident response and how autoIR will reduce your security operations costs.

    Speaker

    Photo Speaker Name Profile
    Jeffrey Duran Jeffrey Duran View Profile
  • Wed 18th Oct 12:20 - 12:50
  • How to simplify identity for your employees, contractors, partners and customers Add to Schedule Tech Leaders  |  Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 18th Oct 12:20 to 12:50

  • The internet of (too many) connected things Add to Schedule Steve Overko  |   Kaspersky Lab  |   IoT Security

    IoT Security Theatre

    Wed 18th Oct 12:20 to 12:50

    The internet of (too many) connected things

    Are your headphones really spying on you?
     
    We have passed the first phase of the Internet of Things. Everything we own now is connected to backend systems we know nothing about. The second phase, M2M communication, is already underway.
     
    Can we secure everything, or are we too late?
     
    Join us for a journey through the current threat landscape and a closer look at the newest Kaspersky Lab solutions.
     

    Speaker

    Photo Speaker Name Profile
    Steve Overko Steve Overko View Profile
  • To Pay or Not to Pay, That Should Never Be the Question Add to Schedule Eldon Sprickerhoff  |   eSentire  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 18th Oct 12:20 to 12:50

    To Pay or Not to Pay, That Should Never Be the Question

    Until recently, ransomware is something many of us heard about, but never had to deal with. But with recent strains like WannaCry and Petya, firms that handle high-value information must ensure they have the proper defenses in place. In this session, eSentire’s Chief Security Strategist and Founder, Eldon Sprickerhoff reviews the risks of ransomware and provides best practices for protecting against the inevitable breach.

    Speaker

    Photo Speaker Name Profile
    Eldon Sprickerhoff Eldon Sprickerhoff View Profile
  • Wed 18th Oct 13:15 - 13:40
  • HUNT: Securing the Commercial Sector Since 2013 Add to Schedule Keith Smith  |   Root9B  |   The Keynote

    The Keynote Theatre

    Wed 18th Oct 13:15 to 13:40

    HUNT: Securing the Commercial Sector Since 2013

    The current approach of cybersecurity is not working. This has been made abundantly clear by the multitude of recent media reports and breaches. The damage caused by these events has affected every business sector: energy, retail, manufacturing, finance, medical, insurance, private and public. As the organization that first introduced proactive HUNT operations to the commercial community, root9B has developed and refined their proprietary capabilities and methodologies to facilitate the necessary shift from automated passive technologies. Learn how many organizations within the cyber community are embracing the future that HUNT provides.

    Speaker

    Photo Speaker Name Profile
    Keith Smith Keith Smith View Profile
  • Wed 18th Oct 13:40 - 14:40
  • Adaptive Pentesting & Domain Trust Exploitation Add to Schedule Mark Kikta  |   Redlegg   |   Cyber Hack

    Cyber Hack Theatre

    Wed 18th Oct 13:40 to 14:40

    Adaptive Pentesting & Domain Trust Exploitation

    Pentetration Testing has become an important and necessary part of information security strategy.  Driven by compliance, governance, and the uprise in successful data breaches, pentesting helps emulate real world attack scenarios and identifies exploitable vulnerabilities within the infrastructure.  But what makes for a quality pentest?  What elements are necessary to truly emulate an attack?  This talk goes though the anatomy of a simulated attack on a target, highlighting some of the techniques used by skilled testers and attackers alike to obtain their objectives.  

    Speaker

    Photo Speaker Name Profile
    Mark Kikta Mark Kikta View Profile
  • Wed 18th Oct 13:45 - 14:10
  • Overhauling your recruiting and retention strategy for cyber security Add to Schedule Blake Angove  |   LaSalle Network  |   The Keynote

    The Keynote Theatre

    Wed 18th Oct 13:45 to 14:10

    Overhauling your recruiting and retention strategy for cyber security

    The war for cyber security talent is tight. If you’re looking to attract the best and the brightest, and retain them for the long term, this is the session for you. You will get real tips and actionable solutions for how to recruit top talent and keep them engaged.

    Speaker

    Photo Speaker Name Profile
    Blake Angove Blake Angove View Profile
  • Wed 18th Oct 14:15 - 14:45
  • DevSecOps and Beyond: A Cybersecurity Journey Add to Schedule Joe Slone   |   1WorldSync  |   The Keynote

    The Keynote Theatre

    Wed 18th Oct 14:15 to 14:45

    DevSecOps and Beyond: A Cybersecurity Journey

    Bad guys love it when we don’t learn from history. As cybersecurity becomes an increasingly more prevalent concern for data companies all over the world, leaders must take what they learned yesterday and apply it to today and tomorrow.
    To spotlight the key security lessons learned over the last 20 years in IT, Joe Slone will journey through the evolution of cybersecurity at 1WorldSync, the leading provider of product content solutions. Joe will walk through his experience seeing the company through two acquisitions and major global expansion, focusing on how data security has changed, the threats that are most pervasive today, and emerging security trends that will dictate the future.

    Speaker

    Photo Speaker Name Profile
    Joe Slone Joe Slone View Profile
  • Wed 18th Oct 14:20 - 14:50
  • Navigating Threat Intelligence: How Open Source Intelligence Applies to Security Add to Schedule Or Schwartz  |   Digital Shadows  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 18th Oct 14:20 to 14:50

    Navigating Threat Intelligence: How Open Source Intelligence Applies to Security

    Within the cyber security industry, threat intelligence as a concept, while not a new subject area, continues to evolve and expand. As technology progresses, new software and applications are being introduced and adopted on a large scale, resulting in an ever-increasing amount of information being shared across networks. While abundant, traditional cyber defenses may not always satisfactorily provide the monitoring and protection of entities needed to protect from accidental exposures or targeting by external adversaries. In this talk, Or will describe how Open Source Intelligence (OSINT) can enable organizations to better understand what relevant information is in the public domain and how that data can be used against the organization. Or will also discuss what is needed to remediate specific scenarios and ultimately how to counter a wide array of adversaries.

    Speaker

    Photo Speaker Name Profile
    Or Schwartz Or Schwartz View Profile
  • Information Centric approach to Security Add to Schedule Chris de los Reyes  |   Symantec  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 18th Oct 14:20 to 14:50

    Information Centric approach to Security

    Protection strategies are constantly evolving with business demand stretching far beyond managed network, device and systems but today your data, your IP have breached all available controls. With cloud, direct to network enables your data to be accessed from anywhere by almost any device. Mobility and the versatility it offers go far beyond the boundaries of practical management. How can you ensure your data resides in your control?
     
    In this session, we’ll discuss latest approach to data Protection with Information Centric approach to security.
     

    Speaker

    Photo Speaker Name Profile
    Chris de los Reyes Chris de los Reyes View Profile
  • Securing IoT Devices & Staying Out of Legal Trouble Add to Schedule Steve Wernikoff  |   Honigman Miller Schwartz and Cohn LLP  |   IoT Security

    IoT Security Theatre

    Wed 18th Oct 14:20 to 14:50

    Securing IoT Devices & Staying Out of Legal Trouble

    IoT devices are flooding the consumer market, and many of the products have basic security issues.  The problem can have serious consequences for device manufacturers, consumers, and the connected infrastructure.  Both the Federal Trade Commission and private attorneys have sued device manufacturers for failing to build reasonable security into their products.  In addition, armies of compromised consumer devices have caused havoc on significant Internet services.  This presentation looks at common security issues appearing in connected devices and also considers policy and educational initiatives aimed at helping improve the issue.
     

    Speaker

    Photo Speaker Name Profile
    Steve Wernikoff Steve Wernikoff View Profile
  • Defending against Email Borne Cyber-Attacks Add to Schedule Mike Shine  |   Mimecast  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 18th Oct 14:20 to 14:50

    Defending against Email Borne Cyber-Attacks

    91% of attacks start with an Email.  In this session we’ll review the six most common email-borne attacks, including spear-phishing, credential phishing, weaponized attachments, URL hijacking and a ROPEMAKER, a newly-discovered remote CSS phishing technique.  Simple prevention techniques will be shared with the audience.

    Speaker

    Photo Speaker Name Profile
    Mike Shine Mike Shine View Profile
  • Wed 18th Oct 15:00 - 15:30
  • Automating Security in SDLC with DevSecOps Add to Schedule Mir Ali   |   FitchRatings  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 18th Oct 15:00 to 15:30

    Automating Security in SDLC with DevSecOps

    In today's business environment, application security is emerging as a leading factor impacting a company's reputation and even its bottom line. We have all heard stories of well-known companies and systems that we use are being hacked from Whole Foods Market, to Verizon, and to the famous Equifax story. It's now becoming critical that every company that is developing an application has to embed security into its development efforts. In this session, we will discuss how you can build security into every stage of the DevOps process, so you can produce higher quality code faster, more secure, while meeting compliance.

    Speaker

    Photo Speaker Name Profile
    Mir Ali Mir Ali View Profile
  • Mapping the Modern Security Program with NIST, GDPR, and Cloud Platforms Add to Schedule Nathan Lasnoski  |   Concurrency, Inc.  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 18th Oct 15:00 to 15:30

    Mapping the Modern Security Program with NIST, GDPR, and Cloud Platforms

    In this session, we’ll discuss how the Digital Transformation is changing the way businesses articulate their security program, manage it, and map to modern cloud technologies.  This is a must-attend for any security professional looking to better engage their executives, plan a modern backlog, and understand how cloud technologies fit into their plan.

    Speaker

    Photo Speaker Name Profile
    Nathan Lasnoski Nathan Lasnoski View Profile
  • Duct Tape, Chewing Gum and Cyber Evolution Add to Schedule Tom Brennan  |   OWASP Foundation/CREST International  |   IoT Security

    IoT Security Theatre

    Wed 18th Oct 15:00 to 15:30

    Duct Tape, Chewing Gum and Cyber Evolution

    Kinetic cyber attacks are a real and growing threat that is generally being ignored as unrealistic or alarmist. These types of attacks have been validated experimentally in the laboratory environment, they have been used operationally in the context of espionage and sabotage, and they have been used criminally in a number of attacks throughout the world. This presentation will focus on the industry evolution and provide forward-looking guidance.

    Speaker

    Photo Speaker Name Profile
    Tom Brennan Tom Brennan View Profile
  • Your Firewall and Evasions: THE Thing to Worry About Add to Schedule David LePage  |   Forcepoint   |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Wed 18th Oct 15:00 to 15:30

    Your Firewall and Evasions: THE Thing to Worry About

    The 2017 NSS Labs NGFW Test was startling: despite strong claims of efficacy across the industry, there’s an expanding gap between NGFWs that are truly secure and those that are vulnerable to Advanced Evasion Techniques (AETs).

    Introducing Evader by Forcepoint

    Evader is Forcepoint’s premier, software-based testing environment for AETs, which give exploits and malware (including aggressive ransomware attacks like WannaCry) undetected access into your network. Use Evader to interactively launch a variety of attacks at your firewalls and IPS devices, to learn the full extent of their security capabilities — or lack thereof.

    Speaker

    Speaker Name Profile
    David LePage View Profile
  • 1871OffCampus: Innovation in Cybersecurity Add to Schedule

    Cyber Hack Theatre

    Wed 18th Oct 15:00 to 16:15

    1871OffCampus: Innovation in Cybersecurity

    1871_plate_logo_1in_trans

    This unique presentation will see start-ups from 1871 sharing their latest cyber security innovations…

    1871 is the home of nearly 500 early-stage, high-growth digital startups and more than 1,500 members supported by an entire ecosystem focused on accelerating their growth and creating jobs in the Chicagoland area. Visit www.1871.com for more information. Located in a 150,000 square-foot space over four floors in The Merchandise Mart, 1871 has more than 600 current mentors available to its members, as well as more than 80 partner corporations, universities, education programs, accelerators, venture funds and other organizations that make its extensive matrix of resources possible.

    COMPANIES TAKING PART INCLUDE:

    logo512

    Binfer is an early stage high-tech startup that has developed a direct device to device, secure communication platform. Binfer’s innovative platform allows messaging, collaboration, file sharing, synchronization and more without storing user’s data on any cloud/external servers.

    OneMe Logo

    One Me is a public benefit corporation, that enables organizations & individuals to harness the power of personal data privacy through the decentralization of personal identity.
    Our personal identity management platform, helps organizations comply with US and EU data privacy & security regulations, and at the same time, access a richer and more accurate set of data from their customers, clients, & employees.

    evolve-primary large 3

    Evolve Security is a technical cyber security services firm dedicated to improving your security posture where you are most vulnerable. Web applications, networks and people are most susceptible to cyber-attacks. Evolve Security is focused on working alongside and educating your current security, DevOps and IT staff on how to assess, test and resolve your security vulnerabilities throughout the full security lifecycle.

  • Wed 18th Oct 15:15 - 15:40
  • Cyber Threats from an FBI Perspective Add to Schedule Daniel Wierzbicki  |   FBI - Chicago Division  |   The Keynote

    The Keynote Theatre

    Wed 18th Oct 15:15 to 15:40

    Cyber Threats from an FBI Perspective

    The session will discuss how FBI is thinking about current cyber threats.  Information presented will include a discussion of the types of cyber actors, how these actors are conducting the activity, and current threats.  Discussion on how the FBI responds to a computer intrusion will also be included.

    Speaker

    Photo Speaker Name Profile
    Daniel Wierzbicki Daniel Wierzbicki View Profile
  • Wed 18th Oct 15:45 - 16:25
  • PANEL: Re-thinking How to Build Trust in the Vendor Eco-system Add to Schedule Panel  |  The Keynote

    The Keynote Theatre

    Wed 18th Oct 15:45 to 16:25

    PANEL: Re-thinking How to Build Trust in the Vendor Eco-system

    Organizations have increasingly utilized third party vendors in order to promote cost efficiency, bolster innovation, and to remain competitive. For enterprises, the expansion of vendor networks has caused an increase in cyber security risk. It's time to rethink the old ways of vendor risk management and create an approach outside of the bounds of peer to peer assessments. In today's digital world, trust is mapped in supporting data and objective analysis. The question is "How do we better use data, network approaches and machine learning to trust vendors?"

    Speakers

    Photo Speaker Name Profile
    Anders Norremo Anders Norremo View Profile
    Fawaz Rasheed Fawaz Rasheed View Profile
    Matt Dechant Matt Dechant View Profile
  • Wed 18th Oct 16:00 - 18:00
  • Computer Society Meet Up Add to Schedule Tech Leaders  |  Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 18th Oct 16:00 to 18:00

    Computer Society Meet Up

    Join the Computer Society after the Wednesday programme at Cyber Security Chicago for presentations and networking in the Cloud Mobile & IAM Theater presentation theater.

    Presented by IEEE

    ieee_tag_blue

    SPEAKERS

    - Dmitri Vellikok, Senior Principal Consultant , F-Secure North America

    - Bob Timpany, Chief, Idaho Operations, NCCIC-ICS-CERT at US Department of Homeland Security

     

    Dmitri Vellikok

    This presentation looks into the concept of layered security and the challenges an IT environment transforming from on-prem to cloud paradigm faces in maintaining it. Secondly, we’ll look at the disappearance of clear barriers between a secured company network and external unsecure internet. Collaboration between companies, partners and ecosystems and the value of information moving freely but safely between the different actors has become a critical success factor. Partner portals, customer communities, cloud platforms and crowdsourcing have brought unquestionable benefits but have also expanded the attack surface. From the problem setting we’ll move onto how F-Secure approaches the security and keeps the organizations protected. Finally we’ll look into a case study: How to protect a partner portal running on a Salesforce Community Cloud with F-Secure Cloud Protection for Salesforce solution. The case study has all the elements of complexity identified above: A cloud based solution providing access to registered partners, crowdsourced contributors and company employees paired with the need to keep all of them secure and protected. The learnings are applicable to a number of business processes from helpdesk agents to CRM and from claim/application processes to vendor/supplier network management.

    Bob Timpany

    ICS-CERT works to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local and tribal governments, as well as industrial control systems owners, operators and vendors. In collaboration with the other NCCIC components the ICS-CERT responds to and analyzes control systems related incidents, conducts vulnerability and malware analysis, and shares and coordinates vulnerability information and threat analysis through products and alerts.

    Speakers

    Photo Speaker Name Profile
    Bob Timpany Bob Timpany View Profile
    Dmitri Vellikok Dmitri Vellikok View Profile
  • Wed 18th Oct 16:30 - 16:55
  • Win The Cyberwar With Zero Trust Add to Schedule John Kindervag   |   Palo Alto Networks  |   The Keynote

    The Keynote Theatre

    Wed 18th Oct 16:30 to 16:55

    Win The Cyberwar With Zero Trust

    Zero Trust is revolutionizing network security architecture: it is data and device-centric and designed to stop data breaches while protecting critical infrastructure. In this session, John will discuss the concept of Zero Trust and explains why Zero Trust is the world's only true cybersecurity strategy.  It has been both adopted and advocated by Google and it has been called out and its adoption encouraged by the United States House of Representatives as a result of their OPM data breach investigation.

    Zero Trust is both strategically resonant to the highest levels of the business, but also practically and tactically implementable using commercial off-the-shelf technologies. Because Zero Trust focus on providing granular protections around sensitive assets, this architectural model - which designs the network from the inside out - is perfectly positioned to solve the security challenges of modern critical infrastructure and IOT networks. For example, Zero Trust networks protect East-West traffic by default by enforcing micro-perimeters around critical assets or data.  Therefore, internal malware propagation is stopped automatically. Zero Trust innovations also add a layer of agility to modern networks that is impossible to achieve in traditional network designs. This means that your network can respond to the speed of business. These 21st century networks have been adopted by large enterprises and government entities around the world. John will explain how a Zero Trust Network Strategy will achieve tactical and operational goals that make security organizations a business enabler, not a business inhibitor.

    Speaker

    Photo Speaker Name Profile
    John Kindervag John Kindervag View Profile
  • Cyber Security Open Mic with Evolve Security Add to Schedule

    Cloud, Mobile & IAM Theatre

    Wed 18th Oct 16:30 to 17:30

    Cyber Security Open Mic with Evolve Security

    evolve-primary large 3

    Are you passionate about cyber security? Come network with security experts, hackers, students, and engineers at Evolve Security’s Open Mic event from 4:30-5:30 at the Cloud, Mobile and IDAM room. If you have an area of expertise or want to share your security tips and tricks sign up for a 5-10 open mic session. Submit talks to info@evolvesecurity.io.
     

    Open Mic is open to everyone! Refreshments provided.

  • Thu 19th Oct 08:45 - 09:00
  • Welcome Address Add to Schedule

    The Keynote Theatre

    Thu 19th Oct 08:45 to 09:00

  • Thu 19th Oct 09:00 - 09:40
  • Confessions of a Hacker Add to Schedule Classified  |     |   The Keynote

    The Keynote Theatre

    Thu 19th Oct 09:00 to 09:40

    Confessions of a Hacker

    Confessions of a Hacker is a rare opportunity to hear from a professional hacker who will share their techniques and examples of how they have defeated the latest cyber security technologies as well as physical security measures. There is nothing that has stopped our hacker. They are your worst nightmare.

    Speaker

    Photo Speaker Name Profile
    Classified Classified View Profile
  • Thu 19th Oct 09:45 - 10:10
  • Machine Learning’s Effect on Cybersecurity Add to Schedule Ed Cabrera  |   Trend Micro  |   The Keynote

    The Keynote Theatre

    Thu 19th Oct 09:45 to 10:10

    Machine Learning’s Effect on Cybersecurity

    Find out how the use of machine learning changing the security industry – both in the way malicious threats are deployed and in the ability of the industry to detect and block attacks in-line in real-time.  Join, Chief Cybersecurity Officer of Trend Micro as he describes our need for layered threat detection and how the machine learning trend will continue to shape cybersecurity over the next several years.
     

    Speaker

    Photo Speaker Name Profile
    Ed Cabrera Ed Cabrera View Profile
  • Thu 19th Oct 10:10 - 10:40
  • How to avoid another Equifax-like Data Breach – OSS Management in your DevOps process Add to Schedule Utsav Sanghani  |   Black Duck Software  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 19th Oct 10:10 to 10:40

    How to avoid another Equifax-like Data Breach – OSS Management in your DevOps process

    This session will discuss Apache Struts, the popular open source package that lead to the Equifax breach and help understand how proactive monitoring and control of your OSS packages can avoid such breaches. This session will walk you through an end to end workflow of how Black Duck can integrate into your existing DevOps processes with CI tools like Jenkins, TeamCity to facilitate open source identification and security exception handling. This presentation will feature a live demo.

    Speaker

    Photo Speaker Name Profile
    Utsav Sanghani Utsav Sanghani View Profile
  • How to Keep a Productive Pace with the Risk in Your Cloud Add to Schedule Bradley Philp  |   Forcepoint CASB  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 19th Oct 10:10 to 10:40

    How to Keep a Productive Pace with the Risk in Your Cloud

    As traditional cybersecurity perimeters dissolve, the HUMAN POINT is what remains. Most of your employees have adopted the cloud. And while your BYOD policy has increased productivity and lowered operating costs, cloud-based apps like Office 365, Dropbox and Salesforce need protection to prevent account-centric threats, meet compliance requirements and protect critical data. How can companies maintain their productive pace while maintaining regulatory and security controls?

    Speaker

    Photo Speaker Name Profile
    Bradley Philp Bradley Philp View Profile
  • Understanding and evaluating IoT in today’s organizations Add to Schedule Chris Martincavage  |   BAE Systems  |   IoT Security

    IoT Security Theatre

    Thu 19th Oct 10:10 to 10:40

    Understanding and evaluating IoT in today’s organizations

    IoT is everywhere watching and interacting with us dozens of times a day.  We use and rely on these technologies every day, but what is the risk we expose ourselves to by using these devices? How do we properly identify and assess the risks they introduce to our organization? During this session, we will examine common IoT use cases, understand where the threats exist in these technologies, how to evaluate these technologies, and what considerations you should be thinking about when looking at implementing IoT technologies.

    Speaker

    Photo Speaker Name Profile
    Chris Martincavage Chris Martincavage View Profile
  • Managing Privilege Risks Add to Schedule Morey J. Haber  |   BeyondTrust  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 19th Oct 10:10 to 10:40

    Managing Privilege Risks

    Despite continued investments in IT security, many organizations still struggle to identify real, critical risks buried within massive amounts recommendations and internally generated data. CISOs need to focus on strategies that assess, prioritize, and address both internal and external risks in business context. Please join our presentation to discuss the top 6 methods to manage these risks. We will cover how aligning vulnerability management and privilege management programs can shed new light on risk in terms of compliance, asset integrity, data confidentiality, and other unique business requirements, while enabling IT and security teams to efficiently collaborate on risk reduction efforts enterprise-wide.

    Speaker

    Photo Speaker Name Profile
    Morey J. Haber Morey J. Haber View Profile
  • 7 Steps to Building a SOC with Limited Resources Add to Schedule Richard Conley  |   LogRhythm  |   Cyber Hack

    Cyber Hack Theatre

    Thu 19th Oct 10:10 to 10:40

    Speaker

    Speaker Name Profile
    Richard Conley View Profile
  • Thu 19th Oct 10:15 - 10:40
  • Hack the Planet ... for real this time Add to Schedule Nick Percoco   |   Uptake  |   The Keynote

    The Keynote Theatre

    Thu 19th Oct 10:15 to 10:40

    Hack the Planet ... for real this time

    Attackers have begun to shift their focus from traditional Information Technology systems to the systems and machines that run our planet (think: the technology widely used in refineries, power plants, hospitals and transportation systems, for example). As a result, major industries are facing a daunting reality: Conventional information security tools and techniques are no longer effective in the detection and prevention of cybersecurity incidents.
     
    The impact of these attacks will touch virtually every person on the planet, and the result is not a social media account takeover or credit card information being stolen; the “asset” under attack has the potential to be human lives.
     
    The lack of uniformity in the protocols, operating systems and hardware introduce a major fragmentation issue for those responsible in developing and managing security programs aimed at defending the planet. The emerging fields of Data Science, Machine Learning and Artificial Intelligence may be our best path forward, but still, we must ask ourselves: What are the implications we face when working to get ahead of this problem, and how do we need to reinvent ourselves to defend the hackable planet? 

    Speaker

    Photo Speaker Name Profile
    Nick Percoco Nick Percoco View Profile
  • Thu 19th Oct 11:00 - 11:30
  • Data Segregation, End-to-End encryption and Blockchain enabled Chains of Custody: Protecting High value data in the Cloud Add to Schedule Omar Refaqat  |   Ercom  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 19th Oct 11:00 to 11:30

    Data Segregation, End-to-End encryption and Blockchain enabled Chains of Custody: Protecting High value data in the Cloud

    Throughout the Enterprise space, teams like internal Audit, Boards of Directors, HR and Legal regularly need to:

    - Share confidential information internally and with external parties like regulators, investors and partners
    - Work under tight time constraints where mobility and access to the information anytime and from anywhere is essential
    - Keep unfalsifiable proof of who has accessed what information and made what changes.

    Therefore, having a secure and efficient Cloud based collaboration mechanism to share data internally and externally is essential.

    In this session, we examine these requirements and how they can be addressed by Data Segregation, state-of-the-art encryption and blockchain technology.

    Speaker

    Photo Speaker Name Profile
    Omar Refaqat Omar Refaqat View Profile
  • The way we work has changed. Has your security? Add to Schedule Adrienne McEwan  |   Cisco  |   IoT Security

    IoT Security Theatre

    Thu 19th Oct 11:00 to 11:30

    The way we work has changed. Has your security?

    By 2018, Gartner estimates that 25% of corporate data traffic will bypass the perimeter. As organizations evolve their IT stack, traditional security approaches/architectures need to be reconsidered. This interactive session will review some of the new risks introduced by SaaS/IaaS adoption and show how to effectively mitigate these risks using new approaches to security architecture. Presenters will review best practices around the transition of a security architecture itself to the cloud, utilizing customer case studies.

    Speaker

    Photo Speaker Name Profile
    Adrienne McEwan Adrienne McEwan View Profile
  • M2M: Machine Learning and the war against the machines Add to Schedule Aamir Lakhani  |   Fortinet  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 19th Oct 11:00 to 11:30

    M2M: Machine Learning and the war against the machines

    Machine Learning is the new buzzword in the cyber security industry. Many security firms are claiming it gives them an advantage in catching cyber threats. How does machine learning work in regards to cyber security? How is used to actually determine a cyber threat? This talk will examine what machine learning means to cyber security, how it is succeeding, and some of the common short comping and challenges it presents.

    Speaker

    Photo Speaker Name Profile
    Aamir Lakhani Aamir Lakhani View Profile
  • Why Hackers Still Get In Add to Schedule Trevor O'Donnal  |   Rapid7  |   Cyber Hack

    Cyber Hack Theatre

    Thu 19th Oct 11:00 to 12:00

    Why Hackers Still Get In

    In this session, Trevor O’Donnal demonstrates the tools and techniques hackers use to defeat the expensive security safeguards used in many corporate environments today. Low tech and high tech methods will be presented in an effort to help attendees understand the true level of risk faced by their organizations and where the gaps may be in their defense perimeter. Topics discussed will include well-known attack vectors such as phishing and social engineering, but will also cover topics that may be less well known such as the ‘SMB Shakedown’, USB attacks, payload encoding, and the leveraging of common system misconfigurations.

    Speaker

    Photo Speaker Name Profile
    Trevor O'Donnal Trevor O'Donnal View Profile
  • Thu 19th Oct 11:15 - 12:00
  • PANEL: The Future of Identity and Access Management Add to Schedule Panel  |  The Keynote

    The Keynote Theatre

    Thu 19th Oct 11:15 to 12:00

    PANEL: The Future of Identity and Access Management

    As modern enterprises drive forwards into the digital cloud and mobile first world empowering users to work anywhere and at any time the critical challenge becomes how can you tell who is actually accessing your network? What technologies are available to help balance the growing security requirements against the impatience of the modern user? This landmark panel session will bring together the leading technical brains behind the very latest game changing solutions. Don’t miss this rare opportunity to hear from the world class experts who can help you plot a path through to finally and securely embracing the digital era.

    Speakers

    Photo Speaker Name Profile
    Bill Mann Bill Mann View Profile
    Karl McGuinness Karl McGuinness View Profile
    Sachin Gupta Sachin Gupta View Profile
    Steve Tuecke Steve Tuecke View Profile
    Thomas Pedersen Thomas Pedersen View Profile
  • Thu 19th Oct 11:40 - 12:10
  • The Future of Cyber Technologies, App&Sec, and DevOps: Importance of Application Security in DevOps Add to Schedule Tej Aulakh  |   Spirent Communications  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 19th Oct 11:40 to 12:10

    The Future of Cyber Technologies, App&Sec, and DevOps: Importance of Application Security in DevOps

    Most organizations have well-established software development lifecycle (SDLC) processes for analysis, design, development, testing and production releases of software products and packages. But typically rely on the costlier approach of software patching to fix the security related issues. Furthermore, with the upsurge of DevOps, rapid application delivery is dramatically shifting the approach of integrated security processes during continuous integration (CI) and continuous delivery (CD) with increased focus on agility, speed, and innovation. Thus, DevOps requires a fundamental transformation in the implementation of secure coding practices to make security a vital part of development in the early stages of the SDLC. This presentation will discuss the security steps that organizations can take to develop and deploy secure applications with the convergence of DevOps. Attendees will learn about the key challenges in structural and process barriers, best practices for secure application development and steps to enhance the integration between application security and DevOps.

    Speaker

    Photo Speaker Name Profile
    Tej Aulakh Tej Aulakh View Profile
  • Brought to you by Check Point Add to Schedule Rick Crane  |   Check Point  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 19th Oct 11:40 to 12:10

    Speaker

    Speaker Name Profile
    Rick Crane View Profile
  • Hacking Everything - The Dark Side of the Internet of Things Add to Schedule Jeff Crume  |   IBM  |   IoT Security

    IoT Security Theatre

    Thu 19th Oct 11:40 to 12:10

    Hacking Everything - The Dark Side of the Internet of Things

    With the Internet of Things (IoT), essentially everything becomes a computer. We know that computers can be hacked. This means that everything can be hacked including cars, home appliances, medical devices and more. This session will give examples of IoT hacks and the consequences of not getting security right as we move to this important new technology.
     

    Speaker

    Photo Speaker Name Profile
    Jeff Crume Jeff Crume View Profile
  • Thu 19th Oct 12:20 - 12:50
  • PANEL: The Path from DevOps to DevSecOps Add to Schedule Panel  |  Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 19th Oct 12:20 to 12:50

    PANEL: The Path from DevOps to DevSecOps

    Automated security is a critical part of any DevOps pipeline. In this panel discussion, Shannon Lietz, head of DevSecOps at Inuit and founder of DevSecOps.org, will be talking with John Willis, one of the founding member of DevOpsDays and the coordinator of a global DevSecOps learning initiative. The panel will be hosted by Mark Miller, DevOps Evangelist at Sonatype and co-founder of All Day DevOps, the world's largest DevOps conference. The discussion will center on why you would integrate automated security into your DevOps pipeline and the cultural transformations that will have to happen in order to have your DevSecOps initiative be successful.

    Speakers

    Photo Speaker Name Profile
    John Willis John Willis View Profile
    Mark Miller Mark Miller View Profile
    Shannon Lietz Shannon Lietz View Profile
  • Becoming Cloud-Ready: Art and Science of Advanced Multicloud Security Add to Schedule Mike Ichiriu  |   Zentera Systems Inc.   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 19th Oct 12:20 to 12:50

    Becoming Cloud-Ready: Art and Science of Advanced Multicloud Security

    83% of datacenter traffic will be in the cloud by 2019 (Cisco), and production workloads are moving into the public cloud. Yet, the cloud lacks enterprise-grade security that best practice requires. Conventional on-premise security is “hard shell and soft core”, which does not extend well into the cloud. Defense in depth in particular has been difficult to implement in cloud environments. Multicloud security across on-premise and cloud datacenters requires new approaches, such as overlays, to support compliance as well as defense-in-depth, including a new approach called application interlock.

    Speaker

    Photo Speaker Name Profile
    Mike Ichiriu Mike Ichiriu View Profile
  • The Nine Most Terrifying Worlds Add to Schedule Westley McDuffie  |   IBM  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 19th Oct 12:20 to 12:50

    Speaker

    Photo Speaker Name Profile
    Westley McDuffie Westley McDuffie View Profile
  • Brought to you by Nexum, Inc. Add to Schedule Chandler Howell  |   Nexum, Inc.  |   Cyber Hack

    Cyber Hack Theatre

    Thu 19th Oct 12:20 to 13:20

    Brought to you by Nexum, Inc.

    While the Internet Of Things continues to grow and insert itself into both visible and hidden aspects of our homes, workplaces, and infrastructure, security remains a challenge. Chandler Howell will provide an overview of the IoT security landscape, along with analysis of how we've gotten to this point and guidance on how to manage the influx of not-so-smart devices into our lives.

    Speaker

    Photo Speaker Name Profile
    Chandler Howell Chandler Howell View Profile
  • Thu 19th Oct 13:15 - 13:40
  • You Build It, You Secure It Add to Schedule John Willis  |   SJ Technologies  |   The Keynote

    The Keynote Theatre

    Thu 19th Oct 13:15 to 13:40

    You Build It, You Secure It

    Early on in the "cloud" era, Werner Vogels offered his famous quote "You Build It, You Run It". With DevOps this has become a mantra for shared responsibility between developers and operations.  Operations learned how to process infrastructure as code and participate early in the supply chain of a service's life cycle. Developers learned that they had responsibilities to enable and in many cases operationalize their service.  Now there is a new movement to include and collaborate in a similar way with Security.  This is all part of the ideal approach where we "shift everything left" in the delivery pipeline.

    Speaker

    Photo Speaker Name Profile
    John Willis John Willis View Profile
  • Thu 19th Oct 13:45 - 14:45
  • Phishing, Vishing and SmSHing – Oh my! The way you get hacked daily Add to Schedule Christopher Hadnagy  |   Social Engineer Inc  |   The Keynote

    The Keynote Theatre

    Thu 19th Oct 13:45 to 14:45

    Phishing, Vishing and SmSHing – Oh my! The way you get hacked daily

    The world of hacking has taken a turn to the human element. With more than 90% of all breaches involving phishing as a vector, social engineering is a new buzzword on everyone’s tongues. What is social engineering? Are you really secure? Is there any protection?

    Speaker

    Photo Speaker Name Profile
    Christopher Hadnagy Christopher Hadnagy View Profile
  • Thu 19th Oct 14:20 - 14:50
  • Maginot Line – Common AppSec Anti-Patterns Preventing your Success Add to Schedule Peter Chestna  |   Veracode  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 19th Oct 14:20 to 14:50

    Maginot Line – Common AppSec Anti-Patterns Preventing your Success

    Is your AppSec program stalled? Is it failing to meet your expectations? You may be victim of some common anti-patterns that are keeping you from reaching your goals.  Are you achieving your goals or meeting your metrics but have a sinking suspicion that your ultimate goal of reducing your company’s risk isn’t being met? As the French learned in WWII, a partial defense is no defense at all. The Maginot Line will serve as our metaphor for failed or suspect AppSec programs.

    Based on years of experience helping companies build their application security programs, there are several behaviors that Pete has seen repeated by a number of them.  Some companies have created strategies that were logical, but did not work in practice, others were unable to see the forest for the trees and created plans that were too myopic.

    In this talk Pete will review the most common anti-patterns and suggest ways to make corrections for a more effective AppSec program.

    Speaker

    Photo Speaker Name Profile
    Peter Chestna Peter Chestna View Profile
  • GDPR is a ticking time bomb – What CISOs need to know, and do, to get prepared” Add to Schedule Gary Southwell  |   CSPi  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 19th Oct 14:20 to 14:50

    GDPR is a ticking time bomb – What CISOs need to know, and do, to get prepared”

    The countdown to GDPR is on and companies are just now thinking about how to ensure their incident response strategies can meet data privacy compliance requirements, especially the strict 72-hour breach notification.  Not meeting this requirement leaves organizations subject to staggering fines in addition to lost business.  More confusing is how GDPR impacts US companies, even if they do not conduct business in the EU. 

    What does a CISO need to know to get their houses in order prior to the May 2018 deadline?

    Luckily, there are best practices to not only help organizations improve their incident investigation techniques but also be ready constantly changing landscape of global data privacy.  

    Speaker

    Photo Speaker Name Profile
    Gary Southwell Gary Southwell View Profile
  • The Keys to Repelling Ransomware Add to Schedule Steve Overko  |   Kaspersky Lab  |   Network Security and Ransomware

    Network Security and Ransomware Theatre

    Thu 19th Oct 14:20 to 14:50

    The Keys to Repelling Ransomware

    Your screen freezes. A dialogue box pops up. It says that your computer is locked, and your files will all be gone forever … unless you pay up.
     
    Since many victims are willing to pay the ransom, this type of cryptomalware continues to rise, netting millions of dollars for cybercriminals looking for a substantial return on their minimal investment.
     
    During this session, Kaspersky Lab’s Steve Overko will take you behind the front lines of cybersecurity to provide insights into this growing area of focus for vendors and cybercriminals alike.
     

    Speaker

    Photo Speaker Name Profile
    Steve Overko Steve Overko View Profile
  • Thu 19th Oct 15:00 - 15:30
  • You Have the Best GRC Tool in the Market? Great! Um...are your employees even reading that security policy? Add to Schedule Rocio Baeza  |   Jemurai  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 19th Oct 15:00 to 15:30

    You Have the Best GRC Tool in the Market? Great! Um...are your employees even reading that security policy?

    Information Security Policy is the cornerstone of a GRC program. As professionals in this area, our responsibilities include helping our peers align to the organizational security posture. Rocio has observed that the security market is filled with noise, pushing out the latest tool, framework, or certification with grand promises. The result: Complexity.

    Let’s change the conversation. The status quo with security policy needs to be challenged.

    Employees are not reading these policies, leaving organizations throwing money at the problem with little results. This is leaving the consumer in a VERY vulnerable position. We need to change that.

    Speaker

    Photo Speaker Name Profile
    Rocio Baeza Rocio Baeza View Profile
  • Women in Big Data Meet Up Add to Schedule Tech Leaders  |  IoT Security

    IoT Security Theatre

    Thu 19th Oct 15:00 to 17:00

    Women in Big Data Meet Up

    ChiWiBD logo

    15:00 - 16:00 Women in Big Data Panel - The Power of Leadership in Today's Cybersecurity-Focused World

    Security is more critical now than ever. With the advancements in technology across industries, the threats are only going to grow. It takes powerful and talented leaders to see the threats of today and tomorrow, and guide organizations successfully through the ever-changing minefield of security threats and risks while supporting business growth and innovation. With this expert panel, we'll explore how different industries are operating in this space, learn the challenges each has overcome and opportunities seen on the horizon, and gain insights into their professional success and advice for young professionals entering the industry.
    Panellists:

    - Julia Hamilton, Director of Security Compliance Forsythe Hosting Solutions
    - Gail Holmberg, Area Managing Partner, Midwest Fortium Partners
    - Katia Lock, Senior Director – Risk & Compliance  GE Digital

    16:00- 16:30 Growing Your Cyber Security Career - Kathy Cooke, Huxley Banking & Financial Services

    Cybersecurity is one of the fastest growing employment segments in IT. According to Forbes magazine, the cybersecurity job market is expected to grow to more than $170 billion in just four years. With the promise of big salaries and upward mobility, it is an incredible place to be. Kathy Cooke, Recruitment Consultant - Information Security Specialist, Huxley, will show you how to maximize your career potential and rise to the top in this exciting industry - from knowing what hiring managers are looking for, positioning yourself for success and the benefits of partnering with a recruiter. Learn the top "hacks" to growing your cyber security career!

    - Discover what hiring managers look for
    - How to position yourself in the space
    - Benefits of working with a recruiter

    16:30 – 17:00 Networking

    Speakers

    Photo Speaker Name Profile
    Gail Holmberg Gail Holmberg View Profile
    Julia Hamilton Julia Hamilton View Profile
    Kathy Cooke Kathy Cooke View Profile
    Katia Lock Katia Lock View Profile
  • Thu 19th Oct 15:15 - 15:40
  • Establishing a Secure Software Development Program Add to Schedule Paul Cotter  |   West Monroe Partners  |   The Keynote

    The Keynote Theatre

    Thu 19th Oct 15:15 to 15:40

    Establishing a Secure Software Development Program

    A secure development training program is a requirement under the PCI DSS, yet organizations often do not maximize the value that it can provide.  We’ll discuss how a well-established program can increase development efficiency, provide direct business value, and incite executive sponsorship for continuing and/or expanding investment in the organization’s security program.

    Speaker

    Photo Speaker Name Profile
    Paul Cotter Paul Cotter View Profile
  • Thu 19th Oct 15:45 - 16:25
  • From Home Cocoon to Enterprise Moth - The evolution of Ransomware Add to Schedule Roy Katmor  |   enSilo  |   The Keynote

    The Keynote Theatre

    Thu 19th Oct 15:45 to 16:25

    From Home Cocoon to Enterprise Moth - The evolution of Ransomware

    Ransomware is a rapidly proliferating form of malware that encrypts files on PCs, servers, and smartphones preventing its victims from being able to access their data or share it nonconsensually unless a ransom is paid. To most users, it must look as if the recent ransomware plagues arrived out of the blue. Reality check draws a little different picture indicating that ransomware campaigns were circulating as early as 2006, and yet it wasn’t until 2013, that this type of malware suddenly spiked globally. Fast forward four years later, ransomware makers profits have soared, reaching a total ransom figure of $1 billion. The consumer targeting, spray and pray ransomware campaigns were replaced with targeted ransomware, backed by nation grade door opening exploitations targeting mission-critical enterprise assets. Are we destined to move back to hard-copies?

    Speaker

    Photo Speaker Name Profile
    Roy Katmor Roy Katmor View Profile
  • Thu 19th Oct 16:30 - 16:55
  • Adversary Interest: Why you should be interested in what adversaries are interested in… Add to Schedule Shannon Lietz   |   Intuit  |   The Keynote

    The Keynote Theatre

    Thu 19th Oct 16:30 to 16:55

    Adversary Interest: Why you should be interested in what adversaries are interested in…

    Everyone is taking on the challenge of adding Security to DevOps… which means DevSecOps is becoming a real thing.  With the intention of speeding up how we all operate to make software better, it’s time to turn our attention towards adversaries and what they are doing so we can pay attention to the most important work.  You’ll learn how to prioritize what is a seemingly endless supply of security defects to get ahead and stay ahead of adversaries.

    Speaker

    Photo Speaker Name Profile
    Shannon Lietz Shannon Lietz View Profile

Your schedule where you can plan your day, viewing all your scheduled seminars print or email them to yourself

Register Interest

Register
Top