Agenda

  • Wed 17th Oct 08:30 - 09:30
  • Cyber-Enabled Economic Warfare: 21st Century Battleground Add to Schedule Mark Weatherford  |   vArmour  |   ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Wed 17th Oct 08:30 to 09:30

    Cyber-Enabled Economic Warfare: 21st Century Battleground

    Economic warfare has been practiced since almost the beginning of time through various means including blockades, trade embargoes, and freezing capital assets. The Foundation for the Defense of Democracies has defined a new kind of warfare termed Cyber-Enabled Economic Warfare (CEEW). CEEW is distinguished from other types of cyber-attacks by the motivation and strategy of the nation-state attacker. CEEW is a hostile strategy involving attack(s) against a nation using cyber technology with the intent to weaken its economy and thereby reduce its political and military power. This talk will provide a foundation for what CEEW is, along with some classic examples and justification for broadening our scope to view certain cyber events not as isolated security incidents, but rather as events that when aggregated, form campaigns of 'death by a thousand cuts.'

    Speaker

    Photo Speaker Name Profile
    Mark Weatherford Mark Weatherford View Profile
  • HOW HACKERS ATTACK AND HOW TO FIGHT BACK: With Live Hacking Demonstrations of the Current Threats to You and Your Organization Add to Schedule Kevin Mitnick  |   Mitnick Security  |   The Keynote

    The Keynote Theatre

    Wed 17th Oct 08:30 to 10:00

    HOW HACKERS ATTACK AND HOW TO FIGHT BACK: With Live Hacking Demonstrations of the Current Threats to You and Your Organization

    It takes one to know one.

    People are the weakest link. They can be manipulated or influenced into unknowingly helping hackers break into their organization’s computers. You’ll learn how easily you can be an unsuspecting victim who can be manipulated into handing over the keys the kingdom, if you haven’t done so already. In this engaging and demonstration-rich experience, Kevin Mitnick illustrates how a hacker’s thought process works and how they ply their tradecraft. You just might realize that you—like almost everyone else on the planet—have a misplaced reliance on security technology, which has now become ineffective against a motivated hacker using a technique called "social engineering."

    Kevin is uniquely qualified to take you inside the mind of a hacker, as it takes one to know one. He was once the FBI’s Most Wanted, although he never stole for profit or damaged systems. He is the most elusive computer break-in artist in history because he hacked into the NSA and more than 40 major corporations just for the fun and adventure.  Kevin is `now a trusted security consultant to Fortune 500 companies and governments worldwide, and he leads the world’s top security penetration testing team and they maintains a 100 percent successful track record of being able to penetrate the security of any system they are paid to hack into using a combination of technical exploits and social engineering. 

    Kevin is the worldwide authority on social engineering and constantly improves and updates this highly effective and acclaimed "security awareness" presentation that illustrates the latest threats and risks most people don’t even know exist.

    Speaker

    Photo Speaker Name Profile
    Kevin Mitnick Kevin Mitnick View Profile
  • Wed 17th Oct 09:40 - 10:30
  • The Rise of the Robot Analyst Add to Schedule Sam Pickles  |   RedShield Security  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 09:40 to 10:30

    The Rise of the Robot Analyst

    Humans are in short supply. This talk will present practical learnings from 6 years of research, using machines to correlate application vulnerabilities and threats; from low level packet drops and vulnerability scan results, to high level APT campaigns lasting months and targeting multiple attack surfaces. An approach is discussed which uses graph structures to represent related security data points, and attribute risk from the perspective of human analysts who must investigate increasing numbers of events, with limited time and resources. Graph structures are further associated together to gain broader views of attack coordination and persistence. Further categorization is applied to graph structures, to initiate those actions which may be safely automated - such as updating an application firewall policy, activating DDoS defenses, or blocking an IP address, without a human in the loop. No specific platform or vendor technology is emphasized. Concepts are illustrated with examples which may refer to common commercial and/or open source tools. 

    Speaker

    Photo Speaker Name Profile
    Sam Pickles Sam Pickles View Profile
  • It’s a Small World: Global Privacy Regulation in 2018 Add to Schedule Felice Flake  |   ScySec LLC  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 09:40 to 10:30

    It’s a Small World: Global Privacy Regulation in 2018

    2018 is shaping up to be the year of watershed moments in data privacy regulations throughout the world. From the European Union’s long-awaited Global Data Privacy Regulation (GDPR) to the recent passages of legislation in Brazil and California, we will cover the highlights, the similarities, and the political pressures surrounding privacy regulation throughout our international community.

    Speaker

    Speaker Name Profile
    Felice Flake View Profile
  • IoT Wireless Network Threats and Counter-measures Add to Schedule Michael Raggo  |   802 Secure, Inc.   |   ISSA Theater 4 - Emerging Technology

    ISSA Theater 4 - Emerging Technology Theatre

    Wed 17th Oct 09:40 to 10:10

    IoT Wireless Network Threats and Counter-measures

    Current attack vectors indicate that nefarious attacks are increasingly targeting IoT wireless infrastructures. 95% of IoT is wireless, yet most organizations lack a defense-in-depth strategy to address the growing wireless threat landscape consisting of a plethora of new protocols and frequencies including: WiFi, ZigBee, Z-Wave, Bluetooth, P25, M2M communications, and more. This has generated a new wireless threat landscape, as these risks and threats target not only the enterprise network, but Shadow IoT networks. Additionally, this increases the risk from nearby threats such as drones, spy cameras, and more. In this presentation we’ll explore the anatomy of these attacks and categorize these threats to develop an updated defense-in-depth strategy for the evolving IoT wireless threat landscape.

    Speaker

    Speaker Name Profile
    Michael Raggo View Profile
  • Women in Security Panel: Strategies to Step up Your A-Game Add to Schedule Tech Leaders  |  ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Wed 17th Oct 09:40 to 11:10

    Women in Security Panel: Strategies to Step up Your A-Game

    This panel's purpose is to showcase achievements by women in security in technology and innovation, and presents a picture that others can follow into the future. We will demonstrate the diverse segments of the field, opportunities, and talents and skills that open the doors. We will present developments and advancements in cybersecurity, and share these women's insights who are leading the way. This panel examines core areas of development in security, emphasizing the pivotal contributions of women to the field’s evolution, how security is created, where innovation occurs, what the underpinnings are, and who supports it and how. We will present an overview of the cyber security field. Female security professionals will share their own stories of technology and innovation in security today; the foundation, where research is headed, and the emerging trends. Women currently make up a very small pocket of cyber security staffing. We aim to increase the visibility of women in the field and their contributions and encourage other females to join the field, from executive leadership, to engineers, analysts and researchers.

    Speakers

    Photo Speaker Name Profile
    Anne Marie Colombo Anne Marie Colombo View Profile
    Debbie Christofferson Debbie Christofferson View Profile
    Dr. Curtis Campbell Dr. Curtis Campbell View Profile
    Mary Ann Davidson Mary Ann Davidson View Profile
  • Wed 17th Oct 10:10 - 10:40
  • A New Approach to Managing Digital Risk Add to Schedule Rohit Ghai  |   RSA (a Dell Technologies Business)  |   The Keynote

    The Keynote Theatre

    Wed 17th Oct 10:10 to 10:40

    A New Approach to Managing Digital Risk

    Technology continues to propel entire industries through digital transformations, escalating digital risk, and prompting questions from the C-suite, the BOD, regulators and policy makers. Cyber-risk is the largest facet of digital risk we face going forward. Since cybersecurity is now squarely a business issue; it needs to be managed as such. A business-driven approach to managing digital risk entails taking a risk orientation to designing and operating your security operations. This approach is the only way to ensure that technologies like machine learning and data continue to propel us to our digital future.
     

    Speaker

    Photo Speaker Name Profile
    Rohit Ghai Rohit Ghai View Profile
  • Data Privacy by Design Add to Schedule Dillip Thakur  |   Dimension Data  |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Wed 17th Oct 10:10 to 10:40

    Data Privacy by Design

    The session will cover establishing a data privacy program that protects the data as assets and providing adherence with privacy laws. In this regard it is imperative that Organizations’ need to understand in detail how sensitive data is collected, stored, processed, and otherwise retained. Some key ingredients for success and how Data Privacy by Design can be a valuable framework to ensure privacy is at the center of our data processing lifecycles to be discussed.

    Speaker

    Speaker Name Profile
    Dillip Thakur View Profile
  • Automated Cyber Defense: Leveraging Identity Management to Get to Acceptable Losses Add to Schedule Chris Stoneff  |   Bomgar  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 17th Oct 10:10 to 10:40

    Automated Cyber Defense: Leveraging Identity Management to Get to Acceptable Losses

    Today's world of cyber warfare is one of continuous zero-day attacks, targeted phishing scams and malicious insiders. Anyone trying to deal with these threats manually has already lost the game. You can't stop cyberattacks from occurring. But, you can limit the damage when these inevitable attacks strike. When you're under attack, blocking intrusions with automated identity management makes a huge difference in keeping your organization's name out of the data breach headlines. Based on my years of experience I'll cover how to redesign and automate your identity management (especially privileged identities) to achieve acceptable losses, even while under constant cyberattack.

    Speaker

    Photo Speaker Name Profile
    Chris Stoneff Chris Stoneff View Profile
  • Faster vs Secure: Threats, risks, governance and containerized applications Add to Schedule Tim Mackey  |   Black Duck by Synopsys  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 17th Oct 10:10 to 10:40

    Faster vs Secure: Threats, risks, governance and containerized applications

    When deploying containerized applications at scale, a trust model is a key component of secure deployments. Defining that trust model requires an understanding of the risk factors impacting both application development and assumptions imposed by the orchestration solution. This trust model needs continual reassessment guided by the evolving threat landscape. For example, modification of existing patch management and continuous monitoring processes are often required for containerized applications and should include information from the trust model.

    Speaker

    Photo Speaker Name Profile
    Tim Mackey Tim Mackey View Profile
  • Wed 17th Oct 10:30 - 11:20
  • How to Build Effective Defensive Strategies Against Privileged Attacks Add to Schedule TaI Guest  |   Beyond Trust (Bomgar)  |   Cyber Hack

    Cyber Hack Theatre

    Wed 17th Oct 10:30 to 11:20

    How to Build Effective Defensive Strategies Against Privileged Attacks

    Cyber-attacks continue to increase in sophistication and are occurring in such volume that the daily newsfeed is littered with tales of new breaches and the cyber infonomics ramifications. Central to almost each of these stories is an element of privilege abuse and misuse that resulted in either the initial exploit, or that was implicated in allowing an initial foothold to metastasize into a security event inflicting widespread reputation and economic damage.Based on strategies developed by BeyondTrust and presented in the recently published book, “Privileged Attack Vectors,” security professionals will learn how privileges, passwords, and vulnerabilities are being leveraged as attack vectors, and how you can take measurable steps to defend against them

    Speaker

    Photo Speaker Name Profile
    TaI Guest TaI Guest View Profile
  • Wed 17th Oct 10:40 - 11:30
  • Transcending Cyber / Privacy / Compliance Silos with a Corporate Compliance Framework Add to Schedule Paul Flanagan  |   Drexel Law School  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 10:40 to 11:30

    Transcending Cyber / Privacy / Compliance Silos with a Corporate Compliance Framework

    The need for privacy and cybersecurity compliance measures has become a paramount consideration as businesses becomes more digitally driven, data breaches become more publicized and regulation continues to increase. Company executives, boards of directors, employees, customers, and third-party providers all have data security obligations. It is critical for compliance, privacy and cyber security to work together to develop a proactive compliance framework to minimize risk as the technology continues to grows by leaps and bounds. In this session, learn how to navigate through complex regulatory environments and enhance policies that adapt to this ever-changing technology footprint. Define cybersecurity measures in the compliance and audit plan
    Assess the rise of privacy concerns across the globe
    Prepare for the risks associated with emerging technologies (IoT, social media, cloud computing, mobile applications, social engineering, etc.)
    Discuss the increasing regulatory requirements to ensure compliance

    Speaker

    Photo Speaker Name Profile
    Paul Flanagan Paul Flanagan View Profile
  • Securing endpoints using analytics and a proven framework Add to Schedule Loren Roberts  |     |   ISSA Theater 4 - Emerging Technology

    ISSA Theater 4 - Emerging Technology Theatre

    Wed 17th Oct 10:40 to 11:30

    Securing endpoints using analytics and a proven framework

    The breadth of IoT technology is only going to continue to expand, so how do we protect all those endpoints? Most companies invest millions in protecting laptops, servers and creating a robust perimeter, and often times overlook the importance of locking down their endpoint infrastructure. Of those organizations that take into consideration endpoint security, many report having only basic measures. Below the surface, these IoT devices can provide data intelligence to detect unknown threats to your network even if the devices have closed firmware. Loren Roberts, HP Senior Security Advisor will use real-world examples of how some of the most secure organizations are still lagging in security beyond the firewall, and share how to use data analytics and a proven framework, to secure endpoint devices. Join Loren at this session to see how you can defend your endpoints from the next wave of hackers.

    Speaker

    Photo Speaker Name Profile
    Loren Roberts Loren Roberts View Profile
  • The Art of the Nudge: Helping Users Make Secure Choices Add to Schedule Dr. Branden Williams  |   Union Bank  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 10:40 to 12:30

    The Art of the Nudge: Helping Users Make Secure Choices

    People are almost always the weakest link when it comes to securing our enterprises. We invest millions into controls that prevent data from leaking outside the company in an email, but someone printing out sensitive stuff and leaving it in a coffee shop. What if we could tap into their bias and human nature to influence them in a good way? Behavioral economist Richard H. Thaler and law professor Cass R. Sunstein introduced the concept of the Nudge in 2008, stemming from their work on libertarian paternalism and decades of research and theory before them. They describe a concept of altering human behavior, almost subconsciously, to influence humans to make choices that benefit them. Cybersecurity is full of opportunities to for us to build nudges into daily work, such that we encourage our associates to choose the path that is best for the company, and best for the individual. This session will help the audience become better choice architects, designing choices in a way that take advantage of users automatic brains, thus making better and safer choices for the organization.

    Speaker

    Photo Speaker Name Profile
    Dr. Branden Williams Dr. Branden Williams View Profile
  • Wed 17th Oct 10:50 - 11:20
  • Minimizing the detection to recovery timeframe Add to Schedule Sean Blenkhorn  |   eSentire   |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Wed 17th Oct 10:50 to 11:20

    Minimizing the detection to recovery timeframe

    While recent trends have shown attackers are more frequently using simple tools and tactics to make a big impact to the overall global cost of data breaches, sophisticated threat actors utilizing advanced techniques to avoid detection could potentially have the greatest impact to an organization’s bottom line in 2018. While commodity threats continue to make the case for investment in preventative technologies, stricter regulations around breach notifications all but mandates increased investment in advanced detection and response capabilities. Now more than ever is minimizing the detection to response timeframe of utmost importance to ensure an organization is able to not only detect threats but contain and respond in a timeframe that minimizes the potential risk of impacting their clients and suffering the business altering implications of compliance violations.

    As organizations begin to address this transition, knowing where to start is a challenge. We invite you to join, Sean Blenkhorn, eSentire Director of Solution Engineering for Managed Detection and Response services who will cover the best path going forward and real-life examples of how advanced detection and response capabilities were able to thwart attackers and satisfy even the most stringent emerging regulatory requirements.

    Speaker

    Photo Speaker Name Profile
    Sean Blenkhorn Sean Blenkhorn View Profile
  • IoT: Internet of Things, or Internet of Threats? Add to Schedule Paul Willard  |   Cisco Security   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 17th Oct 10:50 to 11:20

    IoT: Internet of Things, or Internet of Threats?

    With the global IoT opportunity predicted to reach nearly $9T by 2020, organizations are under extreme pressure to evaluate IoT and digitation initiatives that can deliver unprecedented customer outcomes and efficiencies.  Move too slow, and be left behind.  Move too fast, neglecting the unique cybersecurity risks IoT devices introduce, and be hit with a crippling security breach.  In this session, Paul will explore how the exponential increase in cyberattacks on IoT and digital assets is forcing the entire cybersecurity industry to evolve, and how this evolution will reshape the way organizations defend against large-scale, coordinated attacks on digital and IoT assets.

    Speaker

    Photo Speaker Name Profile
    Paul Willard Paul Willard View Profile
  • Wed 17th Oct 11:20 - 12:10
  • The Changing Role of the CSO in Today's Corporate Landscape Add to Schedule Tracy Reinhold  |   Everbridge  |   ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Wed 17th Oct 11:20 to 12:10

    The Changing Role of the CSO in Today's Corporate Landscape

    The role of the Chief Security Officer has continued to evolve in complexity, but also in terms of its importance to the creation of business value. In order to remain successful and keep up with today’s technology landscape, CSOs must reinvent themselves to bridge the gap between the office of the CIO, the office of the CISO, and the office of the CSO--between business optimization and business resiliency. This session will discuss how CSOs can reinvent their security programs to support their organization’s services, processes and facilities to optimize their business for resiliency and success. The session will incorporate Tracy's role as CSO of Everbridge, the leader in critical event management, as well as lessons learned from Fannie Mae’s creative approach to leveraging new technology in the age-old financial industry. It will provide best practices for CSOs looking to be seen as a key partner by leadership, such as focusing on innovation, ROI and new technological advancements.

    Speaker

    Speaker Name Profile
    Tracy Reinhold View Profile
  • Wed 17th Oct 11:30 - 12:00
  • AI-Based Autonomous Response: Are Humans Ready? Add to Schedule

    The Keynote Theatre

    Wed 17th Oct 11:30 to 12:00

    AI-Based Autonomous Response: Are Humans Ready?

    Global ransomware attacks like WannaCry already move too quickly for humans to keep up, and even more advanced attacks are on the horizon. Cyber security is quickly becoming an arms race — machines fighting machines on the battleground of corporate networks. Algorithms against algorithms.
     
    Artificial intelligence-based cyber defense can not only detect threats as they emerge but also autonomously respond to attacks in real time. As the shortage of trained cyber analysts worsens, the future of security seems to be automatic. But are humans ready to accept the actions machines would take to neutralize threats? In this presentation, we will discuss our lessons learned and explore several use-cases in which autonomous response technology augmented human security teams.

  • Adopting an Automation-First Strategy for Identity and Access Management Add to Schedule Bruce Macdonald  |   Hitachi ID   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 17th Oct 11:30 to 12:00

    Adopting an Automation-First Strategy for Identity and Access Management

    Process automation within an IAM environment can be challenging. Many systems that excel at governance and certification tasks are simply not well suited for automation. Many organizations believe their requirements are simply too unique to be automated and/or their existing home grown solutions will suffice. A thorough data cleanup is often advocated for before automation technologies are deployed however this is the wrong approach as such technologies can actually help with the data cleansing effort. In this session we will explore many aspects of IAM automation and deliver concrete recommendations towards achieving the goal of identity management automation.

    Speaker

    Photo Speaker Name Profile
    Bruce Macdonald Bruce Macdonald View Profile
  • How containerization makes security and compliance instantly easier Add to Schedule Keith Mokris  |   Twistlock  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 17th Oct 11:30 to 12:00

    How containerization makes security and compliance instantly easier

    As containers become the commonplace method for delivering and deploying applications, we’ve seen more of our customers taking a “lift-and-shift” approach to migrating their existing applications. In this session, we'll discuss a company that provides environmental science and engineering consulting to some of the world’s largest civil waterworks projects. This company has the typical data collection, modeling, and other core line-of-business applications – but also provides a critical 14-year old app that models storm surge. The move to containers for this application delivered immediate benefits, including consistency, security and compliance.

    Speaker

    Photo Speaker Name Profile
    Keith Mokris Keith Mokris View Profile
  • Threats Don't Kill Networks, People Do Add to Schedule Timo Tiitinen  |   Forcepoint   |   Cyber Hack

    Cyber Hack Theatre

    Wed 17th Oct 11:30 to 12:10

    Threats Don't Kill Networks, People Do

    Network security technology is shifting from just being a way to keep threats out of your network to providing operational insights that can make your people more effective and your organization more efficient. With the growth of unmanaged devices like phones, tablets, appliances and Internet of Things (IoT) gadgets, the network often is the only place where sensing and enforcement can be done consistently. Advances in behavioral monitoring, analytics and machine learning are converging, enabling security to go beyond the old black-and-white, threat-centric approach of separating activities into “good” and “bad.” Now, security is becoming context-based, addressing the fuzzy “gray” area where today’s greatest productivity and greatest risks are found.

    Speaker

    Photo Speaker Name Profile
    Timo Tiitinen Timo Tiitinen View Profile
  • Wed 17th Oct 11:40 - 12:30
  • All Your Cloud Are Belong to Us: Using AWS for Attack and Defense Add to Schedule Cornel du Preez  |   NorthState Technology Solutions  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 11:40 to 12:30

    All Your Cloud Are Belong to Us: Using AWS for Attack and Defense

    Today’s trendy race-to-the-cloud mentality is burdening today’s security teams. Quantifying risk is an assumption nightmare and securing an ever-changing environment feels like a lost cause. Worst of all, this break-neck migration often results in misconfigured services that leave organizations exposed to breach. Without tools and strategies to protect, detect and respond to cloud threats, security teams are drowning in the noise. Instead of chasing the cloud, this talk highlights the practical tools and strategies for red and blue teams to leverage the cloud.

    Speaker

    Photo Speaker Name Profile
    Cornel du Preez Cornel du Preez View Profile
  • New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response Add to Schedule Michael Melore CISSP  |   IBM  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 11:40 to 12:30

  • Wed 17th Oct 12:00 - 01:00
  • Help! My Coffee Maker is trying to hurt me! Or When Security becomes a matter of Safety! Add to Schedule Candy Alexander  |     |   ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Wed 17th Oct 12:00 to 01:00

    Help! My Coffee Maker is trying to hurt me! Or When Security becomes a matter of Safety!

    Not too long ago, not implementing good security was just that. Sure, it may have led to the theft of your identify and ruined your credit, but today we are entering into a new world – that of the IoT (Internet of Things). This new world we are moving towards will mean the interconnectivity of innocuous objects to provide convenience beyond our imaginations. BUT, at what cost to our personal safety. In this panel discussion, we will explore the potential safety concerns and how we can address them before our coffee makers unite against us!

    Speaker

    Photo Speaker Name Profile
    Candy Alexander Candy Alexander View Profile
  • Wed 17th Oct 01:00 - 01:30
  • Cloud Security: Adopt Zero Trust by Putting Asset-Level Safeguards in Place Add to Schedule John Summers   |   Akamai   |   The Keynote

    The Keynote Theatre

    Wed 17th Oct 01:00 to 01:30

    Cloud Security: Adopt Zero Trust by Putting Asset-Level Safeguards in Place

    Information systems security is intended to protect assets that matter – infrastructure, data, applications, and users. But network perimeters are permeable, and assets are increasingly distributed in the cloud. Today's challenge is to implement security policies and controls that are effective, consistent, and portable to wherever the assets are. John Summers will discuss how to take security to the next level with zero trust approaches that raise visibility, protect key assets, simplify network and infrastructure management, and enable fast-paced digital business.

    Speaker

    Photo Speaker Name Profile
    John Summers John Summers View Profile
  • Defense in depth: Achieving Detection and Response Everywhere Add to Schedule Roger Harris  |   ProtectWise   |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Wed 17th Oct 01:00 to 01:30

    Defense in depth: Achieving Detection and Response Everywhere

    Past and current breaches have proven that a prevention-only strategy can’t ensure 100% protection. EDR has changed the game on the endpoint to provide complete visibility and forensics to find threats sooner, investigate their impact, and prevent them from happening again. Network Detection and Response (NDR) allows organizations to benefit from full packet forensics, threat detection and incident response workflows across the entire network - from traditional enterprise, to cloud, to industrial environments. By bringing together EDR and NDR we can enable the next generation of SOC analysts to gain complete visibility, detection and response from endpoint to network.

    Speaker

    Photo Speaker Name Profile
    Roger Harris Roger Harris View Profile
  • Develop an Overarching Holistic Risk Management Program: Data Privacy, Data Security and Cyber Insurance Add to Schedule

    Cloud, Mobile & IAM Theatre

    Wed 17th Oct 01:00 to 01:30

    Develop an Overarching Holistic Risk Management Program: Data Privacy, Data Security and Cyber Insurance

    Managing information security, data privacy and risk is often an inconsistent and dispersed process for businesses. Learn how to identify and categorize risk to the organization. This session will provide an overview of industry standards that can be utilized to unify all areas of risk management. Learn how to unify risk management into a core function of the business and operationalize its components.  Finally, Greg will discuss how organizations can perform risk triage and treatment based on business goals. 

  • A Token Walks Into a SPA... Add to Schedule Ado Kukic  |   Auth0  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 17th Oct 01:00 to 01:30

    A Token Walks Into a SPA...

    Between Angular, React, & Vue it can be hard NOT to build SPAs these days. But having to deal with cookies, tokens, auth, & resource access - you may even feel like you need a second page (gasp!) for security! Fear not, for the technology to create truly secure SPAs is there and I’ll show you how.

    Speaker

    Photo Speaker Name Profile
    Ado Kukic Ado Kukic View Profile
  • The Cyber Hack with SentinelOne Add to Schedule Ryan Merrick  |   SentinelOne   |   Cyber Hack

    Cyber Hack Theatre

    Wed 17th Oct 01:00 to 01:50

    The Cyber Hack with SentinelOne

    Ransomware attacks continue to be popular among cyber criminals looking to compromise unsuspecting corporate networks. And it all happens at the endpoint. In a recent Enterprise Risk Index, fileless attacks rose 94% in the first half of the year, including exponential growth in PowerShell attacks.
    Learn how to defend your businesses where traditional AVs could not. SentinelOne's next-generation AV behavioral engines will help you understand and respond if there is ever a threat.

    Speaker

    Photo Speaker Name Profile
    Ryan Merrick Ryan Merrick View Profile
  • Achieving Compliance Quickly and at Scale Add to Schedule Faraz Aladin  |   Illumio  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 01:00 to 01:50

    Achieving Compliance Quickly and at Scale

    Compliance regulations can be challenging to understand and implement. Many of these regulations have cybersecurity requirements that are focused on protecting critical infrastructure with aggressive timelines - and without disrupting the very business-critical systems you're trying to protect. Jumping from one set of requirements to another, and to subsequent internal and external audits, can feel like a never-ending cycle. In this session, Faraz Aladin, will share thoughts on different approaches to handling the unique challenges a security practitioner can expect. He’ll highlight Illumio's unique position helping organizations across the world solve regulatory and compliance challenges quickly and at scale

    Speaker

    Speaker Name Profile
    Faraz Aladin View Profile
  • From Passive to Active Analytics: Risks, Opportunities, and Methodologies of moving to Risk-Adaptive Protection Add to Schedule Guy Fillippelli  |   Forepoint  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 01:00 to 01:50

  • Panel; Emerging Technologies – New Challenges Balancing the Needs of the Business with Cyber Security Risk Add to Schedule Tech Leaders  |  ISSA Theater 4 - Emerging Technology

    ISSA Theater 4 - Emerging Technology Theatre

    Wed 17th Oct 01:00 to 02:30

  • Wed 17th Oct 01:40 - 02:10
  • Brain Wars: Simple Cyber Terrorism Life Hacks for Everyday People Add to Schedule

    The Keynote Theatre

    Wed 17th Oct 01:40 to 02:10

    Brain Wars: Simple Cyber Terrorism Life Hacks for Everyday People

    Explicitly designing cyberterrorist attacks that bypass physical harm to individuals and focus on their psychological aspects are here to stay. These types of cyberattacks are deemed as less harmful types of cyberattacks or cybercrime as opposed to non-lethal cyberterrorism. The perception of disruption associated with these types of cyberattacks is much lower than cyberterrorism attacks resulting in actual physical damage. Exploiting human vulnerabilities is easier than exploiting system vulnerabilities and the potential outcome of such cyberattacks is grossly underestimated. Humans are the critical infrastructure of society and the effects of phycological disruption can outweigh the effects of physical harm.

  • The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks Add to Schedule Cameron Armstrong  |   Darktrace   |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Wed 17th Oct 01:40 to 02:10

    The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

    With machines fighting machines and increasingly sophisticated human attackers, we are now entering a new era of cyber-threats. The battle is no longer at the perimeter but inside of our organizations, and no security team can keep up with its speed. Cyber-attackers are quickly becoming silent and stealthy, and cyber defense has turned into an arms race.
     
    This new wave of cyber-threats has seen skilled attackers that may lie low for weeks or months. By the time they take definitive steps, their actions blend in with the everyday hum of network activity. These attacks call for a change in the way we protect our most critical assets.
     
    Self-learning and self-defending systems are now being deployed to continually assess business environments. Known as ‘immune system’ defense, this approach is used to uncover threats that have already penetrated the network border, and then automatically fight back. Unlike legacy approaches, which rely on rules or signatures, these technologies work autonomously, enable the security team to focus on high-value tasks, and can counter even fast-moving, automated attackers.
     

    Speaker

    Photo Speaker Name Profile
    Cameron Armstrong Cameron Armstrong View Profile
  • The GDPR Effect on North America and the Land Mines Currently Being Planted Add to Schedule Tony Perri  |   Perri Marketing, Inc.  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 17th Oct 01:40 to 02:10

    The GDPR Effect on North America and the Land Mines Currently Being Planted

    The current national data privacy law was enacted in 1974, long before we had the world wide web. The current General Data Protection Regulation from the European Union is an update to the Data Protection Directive of 1995, another statute made obsolete by the explosion of accessible data from the Internet.

    The GDPR is a monumental piece of legislation out of the EU that is creating a domino effect of state’s legislation in the US. This session will review the GDPR’s affect here in the U.S., what’s on the radar for U.S. legislation and a use case of a breach that spans pre- and post-GDPR, where the fine could be $640k or $22 million. With this new E.U. legislation, data security compliance and auditing will never be the same.

    Speaker

    Photo Speaker Name Profile
    Tony Perri Tony Perri View Profile
  • Baking in Security: The passing of the Network Security Era Add to Schedule Julie Starr   |   Google Cloud  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 17th Oct 01:40 to 02:10

    Speaker

    Photo Speaker Name Profile
    Julie Starr Julie Starr View Profile
  • Wed 17th Oct 02:00 - 03:30
  • PANEL; Security Automation Simplified Today For Enhanced Security Tomorrow: Nist Open Security Controls Assessment Language (Oscal) Add to Schedule Panel  |  ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 02:00 to 03:30

    PANEL; Security Automation Simplified Today For Enhanced Security Tomorrow: Nist Open Security Controls Assessment Language (Oscal)

    Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of container technology employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions.

    Speakers

    Photo Speaker Name Profile
    Andrew Weiss View Profile
    Brian Ruf Brian Ruf View Profile
    David Walterrmire View Profile
    Michaela Iorga Michaela Iorga View Profile
  • Panel; Incident Response on a Cloudy Day Add to Schedule Tech Leaders  |  ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Wed 17th Oct 02:00 to 03:30

    Panel; Incident Response on a Cloudy Day

    Enterprises are moving more workloads to the cloud every day. While this helps speed and agility, what happens when there is an incident? How do you run your incident response process in an environment that you don’t own? Do you have the visibility you need to respond effectively? This panel will examine our new cloud world, what we can do to adapt our processes, and how we can respond to security incidents in the cloud.

    Speakers

    Photo Speaker Name Profile
    Alex Wood View Profile
    Brandon Levene View Profile
    Cameron Williams Cameron Williams View Profile
    Ricardo Johnson Ricardo Johnson View Profile
  • Wed 17th Oct 02:20 - 02:50
  • Shifting the Human Factors Paradigm in Cybersecurity Add to Schedule Dr. Calvin Nobles  |     |   The Keynote

    The Keynote Theatre

    Wed 17th Oct 02:20 to 02:50

    Shifting the Human Factors Paradigm in Cybersecurity

    This presentation emphasizes the need to break the inertia regarding human factors in cybersecurity by leveraging organizational platforms to educate and address human-centric problems in cybersecurity. Shifting the paradigm on human factors in cybersecurity centers on developing an executive-led platform to address (a) human-centered cybersecurity approaches, (b) the need for human factors assessments, (c) increased appreciation for humans factors as a science, and (d) human derailments in information security. Cybersecurity leaders and practitioners continue to admire the human factors problem without exploring the root-level causes of human-enabled mistakes. One way to address human factors is through an organizational platform. 

    Speaker

    Photo Speaker Name Profile
    Dr. Calvin Nobles Dr. Calvin Nobles View Profile
  • Make Compliance Management a Competitive Advantage Add to Schedule Ryan Spelman  |   Center for Internet Security  |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Wed 17th Oct 02:20 to 02:50

    Make Compliance Management a Competitive Advantage

    Often we fall back on examples of penalties to explain our security justifications. But what if we could talk about it as a market mover? What if we could explain how customers are looking for security, and that if we show them that we may get their business? Equally, when we tackle a compliance requirement, we fail to see how it touches on others. By using a central guidance document such as the free critical security controls, we can both see how the work we are doing is improving our security posture and also how it can satisfy other requirements. 

    Speaker

    Photo Speaker Name Profile
    Ryan Spelman Ryan Spelman View Profile
  • Left of Boom Add to Schedule Brian Contos   |   Verodin  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Wed 17th Oct 02:20 to 02:50

    Left of Boom

    The term “Left of Boom” was made popular in 2007 in reference to the U.S. military combating improvised explosive devices (IEDs) used by insurgents in Afghanistan and Iraq. The U.S. military spent billions of dollars developing technology and tactics to prevent and detect IEDs before detonation, with a goal of disrupting the bomb chain. This is an analog to cybersecurity as we strive to increase the incident prevention capabilities of our security tools and where we can’t prevent attacks, augment prevention with incident detection and response tools. This presentation is all about getting cybersecurity evidence to know, empirically, what’s working, what’s not, how to fix it, how to keep it working, and most importantly, stay left of boom.

    Speaker

    Photo Speaker Name Profile
    Brian Contos Brian Contos View Profile
  • Serverless security: the untold story. Add to Schedule Tal Melamed   |   Protego Labs  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 17th Oct 02:20 to 02:50

    Serverless security: the untold story.

    Serverless applications have seen a significant rise in adoption in the past year. Along with its advantages, serverless architecture presents new security challenges. Some of these security threats are equal to those we know from traditional application development and some take a new form. For better and for worse.

    In this talk I will describe how these threats are different from the traditional attacks we all know so well, aiming at shedding light upon the security risks under this rather new technology.

    Speaker

    Photo Speaker Name Profile
    Tal Melamed Tal Melamed View Profile
  • Wed 17th Oct 02:40 - 03:30
  • Does DoD Level Security Work in the Real World? Add to Schedule Jeffrey Man  |   Online Business Systems  |   ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Wed 17th Oct 02:40 to 03:30

    Does DoD Level Security Work in the Real World?

    After spending nearly 13 years working for the Department of Defense, I ventured out into the private sector to consult and advise on matters of information security. On many occasions, after explaining some basic security concept to a customer and outlining what they need to do to be secure, I often heard the retort, “yeah, but we don’t need DoD level security.” Well, after twenty years in the private sector, and especially over the past 2-3 years with the proliferation of data breaches against major companies, I find myself wanting to reply, “yeah, you really DO need DoD level security!” What does this mean? Probably not what you are thinking. This talk will start with an overview of the foundational nature of data security, highlight the major tenets or goals of data security, introduce the risk equation, discuss how and why so many companies so often fail at implementing the basics of data security, and explore some ways that a DoD-centric approach to data security might be implemented in the private sector. Brainstorming, discussion, dissension all welcome. Hint: This ain’t about Cyber!   

    Speaker

    Photo Speaker Name Profile
    Jeffrey Man Jeffrey Man View Profile
  • Wed 17th Oct 03:00 - 03:30
  • IoT Cybersecurity: Litigation Risks and Realities Add to Schedule

    Network Security, Ransomware & IOT Theatre

    Wed 17th Oct 03:00 to 03:30

    IoT Cybersecurity: Litigation Risks and Realities

     A tidal wave of litigation over defective IoT cybersecurity is just over the horizon. Everyone involved in any aspect of the supply chain for a defective IoT device is potentially in the cross-hairs. Drawing on his experience as lead counsel in the federal class action lawsuit stemming from Charlie Miller and Chris Valasek’s famous hack of a Jeep Grand Cherokee in 2015, the presentation will explore the legal rules, litigation realities, and exceptional risks associated with IoT litigation, and will provide concrete guidance regarding steps organizations can take now to minimize legal exposure, and what organizations should do if they’re sued.

  • Providing Access as well as Protection in a Hyper-Connected World Add to Schedule

    The Keynote Theatre

    Wed 17th Oct 03:00 to 03:50

    Providing Access as well as Protection in a Hyper-Connected World

    As employees and customers demand improved connectivity, mobile solutions and instant access to information, IT leaders face the issue of privacy in an increasingly connected world. How should CIOs think differently to better protect valuable corporate assets while providing access and service? In this session, Ryan Loy surveys the current digital landscape, offering an overview of behavioral risks to security, mitigation strategies and key questions to benchmark yourself and your organization. Learn how to break away from traditional methods and embrace the societal shift toward a digital generation.

  • Rethinking branch security Add to Schedule Mark Stanford  |   Cisco Security   |   Cyber Hack

    Cyber Hack Theatre

    Wed 17th Oct 03:00 to 03:50

    Rethinking branch security

    Today, security teams and IT departments are under pressure to do more with less. With limited budgets and smaller teams, the race is on to deliver more effective branch office security without any reduction in performance. And with more and more branch locations using direct internet access, how can you quickly and easily protect users on any device, in every office? With Cisco Umbrella, say hello to simple and effective protection for branch offices.

    Speaker

    Photo Speaker Name Profile
    Mark Stanford Mark Stanford View Profile
  • Cloud, Mobile & IAM Theatre

    Wed 17th Oct 03:00 to 03:50

  • The Power of Your People: How to Rally Your Troops Against Phishing Add to Schedule Todd O’Boyle  |   Watchguard  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Wed 17th Oct 03:00 to 03:50

    The Power of Your People: How to Rally Your Troops Against Phishing

    This presentation will walk you through how to build a phishing protection program for your company. We reach beyond technical solutions to provide tips on getting management buy-in and how to architect the program so that it’s both effective and engaging. We wrap with some simple steps you can kick off as soon as you get back to the office!

    Speaker

    Photo Speaker Name Profile
    Todd O’Boyle Todd O’Boyle View Profile
  • Wed 17th Oct 03:30 - 04:30
  • Women in Cyber Security Add to Schedule

    Network Security, Ransomware & IOT Theatre

    Wed 17th Oct 03:30 to 04:30

  • Wed 17th Oct 03:40 - 04:30
  • Secure Tomorrow’s Promotion Today Add to Schedule CA Washington  |   Image & Etiquette Institute  |   ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Wed 17th Oct 03:40 to 04:30

    Secure Tomorrow’s Promotion Today

    “Secure Tomorrow's Promotion Today” is an interactive session designed to equip attendees with the tools they need to use their Appearance, Relationships and Credibility (A.R.C.) to support their most important career goals.
    The Art of A.R.C. is the flagship training program of The Image & Etiquette Institute and participants interested in securing leadership roles, and upward mobility should attend. Although technical skills are of the utmost importance, this session will help information security professionals pair their brain power with brand power to build relationships more authentically and create the credibility they need to excel.

    Speaker

    Photo Speaker Name Profile
    CA Washington CA Washington View Profile
  • Asymmetric Cyberwarfare: The Business Case for Insecurity Add to Schedule Reg Harnish  |   GreyCastle Security  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 03:40 to 04:30

    Asymmetric Cyberwarfare: The Business Case for Insecurity

    It's time to face one simple truth - cybersecurity just doesn't make sense. Despite skyrocketing budgets, advances in technology and growing cybersecurity investments, corporate America is no more secure than it was decades ago. The fact of the matter is - cybersecurity doesn't work. The time, money and energy we spend on cybersecurity efforts hasn't paid off, and it never will. In fact, most of us would have more success selling legal advice to attorneys. And like Wesley Snipes, we're less concerned about winning than we are about looking good while we lose. It's time to pack it in, call it a wrap and throw in the towel. If you're still reading this, you know that all of this is true - but it doesn't matter. We know the odds are stacked against us, but we still play the game. For some of us, it's the very reason we play the game. Offense is easier than defense, and we can't win. So it's time to redefine losing. We can do this. Join GreyCastle Security as we explore the lopsided, unending tournament we call cybersecurity and strategies to win on defense.

    Speaker

    Photo Speaker Name Profile
    Reg Harnish Reg Harnish View Profile
  • The New and Improved Big Data Analytics: Good Enough to Solve a Murder? Add to Schedule Tyler Cohen Wood  |   CyberVista  |   ISSA Theater 4 - Emerging Technology

    ISSA Theater 4 - Emerging Technology Theatre

    Wed 17th Oct 03:40 to 04:30

    The New and Improved Big Data Analytics: Good Enough to Solve a Murder?

    There’s been a murder! After detailed forensic data collection, law enforcement officials begin to piece together the facts. They parse through physical data, social media, digitally collected data from witnesses and suspects and other open source intelligence (OSINT) to attempt to piece together the “who done it and why” in order to solve what seems to be an unsolvable case. There’s been a murder! After detailed forensic data collection, law enforcement officials begin to piece together the facts. They parse through physical data, social media, digitally collected data from witnesses and suspects and other open source intelligence (OSINT) to attempt to piece together the “who done it and why” in order to solve what seems to be an unsolvable case.

    Speaker

    Photo Speaker Name Profile
    Tyler Cohen Wood Tyler Cohen Wood View Profile
  • Thu 18th Oct 08:30 - 09:20
  • Panel: What happened Atlanta? Add to Schedule Tech Leaders  |  The Keynote

    The Keynote Theatre

    Thu 18th Oct 08:30 to 09:20

    Panel: What happened Atlanta?

    In March of this year the city of Atlanta was hit by a Ransomware attack that crippled many of the city’s services and programs. The exact monetary cost of the attack is yet to be accurately assessed however it is thought to be in the millions. In this lively discussion find the answers to the questions that dominate the aftermath.

    What is Ransomware and why is it so dangerous?

    • Is it ever acceptable to pay a ransom?
    • Why did it take so long to get Atlanta up and running again?
    • Are we going to see a similar attack in another US city?
    • Can Atlanta now be confident that a similar attack will never occur again?

    Speakers

    Photo Speaker Name Profile
    Brandon Helms Brandon Helms View Profile
    DeBrae Kennedy-Mayo DeBrae Kennedy-Mayo View Profile
    Elizabeth Wharton Elizabeth Wharton View Profile
    Madison Hogan Madison Hogan View Profile
    Wes Knight Wes Knight View Profile
  • Keynote Speaker Add to Schedule Winn Schwartu  |   The Security Awareness Company’  |   ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Thu 18th Oct 08:30 to 09:30

    Speaker

    Photo Speaker Name Profile
    Winn Schwartu Winn Schwartu View Profile
  • Thu 18th Oct 09:30 - 10:00
  • The Most Stressful CIO job in the World – being CIO of the Clinton White House Add to Schedule Mark Gelhardt  |   Gelhardt Group, LLC   |   The Keynote

    The Keynote Theatre

    Thu 18th Oct 09:30 to 10:00

    The Most Stressful CIO job in the World – being CIO of the Clinton White House

    Colonel Mark Gelhardt is the Former CIO of The White House during President Clinton's administration. He will talk about what it takes to handle the most stressful CIO job in the world. Working so closely with President Clinton, Colonel Gelhardt has a rare insight to the inner working of the White House, and the outstanding military support provided to the Commander-in-Chief. He has some great stories that he will share from his book “My Time at the Clinton White House”.

    Speaker

    Photo Speaker Name Profile
    Mark Gelhardt Mark Gelhardt View Profile
  • How to Protect Next Generation Technology from Modern Threats Add to Schedule TaI Guest  |   Beyond Trust (Bomgar)  |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Thu 18th Oct 09:30 to 10:00

    How to Protect Next Generation Technology from Modern Threats

    Next generation technology such as the cloud, DevOps, and IoT are not immune to privilege security threats, vulnerabilities, and poor cyber security hygiene. Managing privileges and vulnerability assessments are therefore critical layers in identity and asset centric cyber defense. Privileged Access Management (PAM) and Vulnerability Management (VM) together provide a complete approach to preventing NextGen breaches by unifying visibility and control across on-premise, cloud, IoT, and DevOps environments with reliable and predictable threat management.Based on a recent survey by BeyondTrust, security professionals will learn how privileges, passwords, and vulnerabilities are being leveraged against next generation technologies, and how you can take measurable steps to defend against them.

    Speaker

    Photo Speaker Name Profile
    TaI Guest TaI Guest View Profile
  • Microsoft Office 365 – Make it a Secure Journey for Digital Transformation Add to Schedule Todd Bursch  |   Forcepoint   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 18th Oct 09:30 to 10:00

    Microsoft Office 365 – Make it a Secure Journey for Digital Transformation

    Office 365 adoption is continuing at a strong pace, and is often the corner stone for a company’s digital transformation journey.  The decision to implement Office 365 is often a top-down decision, resulting in lack of awareness in terms of security and capabilities when the platform is initially rolled out.  However, this rapid change puts pressure on departments to adapt, exposes weaknesses, and creates new security challenges as IT remodels its security posture to protect the new ecosystem.

    This session will provide insights into how only Forcepoint can secure Office 365 and all your other SaaS applications.

    Speaker

    Photo Speaker Name Profile
    Todd Bursch Todd Bursch View Profile
  • Rethinking branch security Add to Schedule Mark Stanford  |   Cisco Security   |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 18th Oct 09:30 to 10:00

    Rethinking branch security

    Today, security teams and IT departments are under pressure to do more with less. With limited budgets and smaller teams, the race is on to deliver more effective branch office security without any reduction in performance. And with more and more branch locations using direct internet access, how can you quickly and easily protect users on any device, in every office? With Cisco Umbrella, say hello to simple and effective protection for branch offices.

    Speaker

    Photo Speaker Name Profile
    Mark Stanford Mark Stanford View Profile
  • How to Stop Fake News, Phishing, Spam and All Sorts of Internet Evil Using Analogue Network Security Add to Schedule Winn Schwartu  |   The Security Awareness Company’  |   Cyber Hack

    Cyber Hack Theatre

    Thu 18th Oct 09:30 to 10:20

    How to Stop Fake News, Phishing, Spam and All Sorts of Internet Evil Using Analogue Network Security

    Winn’s latest book, Analogue Network Security, seeks to cure major issues that plague the internet today. He will discuss the ideas from his book and answer many challenging questions. Like how can we be SURE online claims are true even when they are from anonymous sources? Should technical vulnerabilities be exposed and what is the impact on the tech company? Can we believe governments when they say “trust us…it’s confidential”, and is there a way to prove trust or to regain it once it’s lost? Winn asks a lot of bold questions but he makes up for it with bold answers.

    Speaker

    Photo Speaker Name Profile
    Winn Schwartu Winn Schwartu View Profile
  • Thu 18th Oct 09:40 - 10:10
  • Introduction to the IoT Security Maturity Model Add to Schedule Sandy Carielli  |   Entrust Datacard  |   ISSA Theater 4 - Emerging Technology

    ISSA Theater 4 - Emerging Technology Theatre

    Thu 18th Oct 09:40 to 10:10

    Introduction to the IoT Security Maturity Model

    As the Internet of Things (IoT) becomes an integral part of business strategy, the question of securing the IoT environment has come to the forefront. How can you tell if your IoT solution is sufficiently secure to address your needs? Does it address your requirements and threat environment? How do you evaluate the risk consistently? Not all systems need the same level of security: a manufacturing floor is different from a smart lighting system. The Industrial Internet Consortium (IIC) created the IoT Security Maturity Model (SMM) to help organizations address these issues and provide a framework that addresses IoT requirements, the merging of information technology (IT) with operational technology (OT), and the overarching security and trustworthiness goals. The goal of the SMM is to enable IoT providers to invest appropriately in security mechanisms to meet their requirements. In this session, led by one of the authors of the SMM, we will discuss the work done to date and provide an overview of the structure, purpose, usage and extensibility of the model.

    Speaker

    Photo Speaker Name Profile
    Sandy Carielli Sandy Carielli View Profile
  • Putting the SEC in DevSecOps: Security as the Keystone to Collaboration Add to Schedule Marnie Wilking  |   Orion Health  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Thu 18th Oct 09:40 to 10:30

    Putting the SEC in DevSecOps: Security as the Keystone to Collaboration

    There's a reason SEC is in the middle of DevSecOps. Security is truly a unifying force. We have our fingers in every aspect of the business, giving us the visibility and position to drive collaboration and provide change leadership needed for the move to DevSecOps. but leveraged that success to achieve industry certification. We'll also discuss strategies for using infosecurity as a unifier to drive collaboration and break down the silos in your business.

    Speaker

    Photo Speaker Name Profile
    Marnie Wilking Marnie Wilking View Profile
  • Shooting Phish in a Barrel Add to Schedule Michael Wylie  |   Corporate Blue  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 09:40 to 10:30

    Shooting Phish in a Barrel

    With millions of phishing Emails caught be spam filters and users properly trained by well-defined cybersecurity programs, it’s getting harder and harder to properly phish users. Spear phishers must come up with new and improved methods for increasing success. Typosquatting, doppelganger domains, and IDN homograph attacks will be explored and demonstrated during this presentation. Most fully patched modern browsers and Email systems are susceptible to these attacks. This talk will discuss the problem and how to avoid falling victim to some of the best recently discovered domain named based attacks designed to inject malware and steal your passwords. The goal of this presentation is to make IT and Security professionals aware of newly identified techniques used to get high click rates during phishing campaigns. The talk will introduce new research conducted using typosquatting, doppelganger domains, and IDN homograph attacks. Current research and demonstrations will show how the attacks working against current and patched applications.

    Speaker

    Photo Speaker Name Profile
    Michael Wylie Michael Wylie View Profile
  • The Future of the CISO: Championing Security, Driving Business and Promoting Diversity Add to Schedule Marci McCarthy  |     |   ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Thu 18th Oct 09:40 to 11:10

    The Future of the CISO: Championing Security, Driving Business and Promoting Diversity

    The role of the Chief Information Security Officer has evolved significantly over the last decade. According to the 2017 State of Cyber Security study, the percentage of organizations with a CISO increased from 50% to 65% between 2016 and 2017. The need for highly skilled and dedicated information security leaders has become a crucial necessity. Despite this, minority representation in cybersecurity continues to lag behind at 26%, with only 23% of that amount holding a role of director or above, according to (ISC)²’s 2018 report, “Innovation Through Inclusion: The Multicultural Cybersecurity Workforce.” As the roles and functions expected of a CISO continue to change to encompass not only championing security but also driving and enabling business, does that also leave room for promoting diversity in leadership roles throughout the tech industry? Join our panel as we look at the evolving role of the CISO and discuss what the future of security, business and diversity holds for this increasingly critical role.

    Speaker

    Photo Speaker Name Profile
    Marci McCarthy Marci McCarthy View Profile
  • Thu 18th Oct 10:10 - 10:40
  • The Industrial Immune System: Using Machine Learning & AI for OT Cyber Defense Add to Schedule Craig Kaplan   |   Darktrace   |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Thu 18th Oct 10:10 to 10:40

    The Industrial Immune System: Using Machine Learning & AI for OT Cyber Defense

    There is an urgent need for a new approach to combat the next generation of cyber-threats, across both OT and IT environments. While total prevention of compromise is untenable, utilizing automated self-learning technologies to detect and respond to emerging threats within a network is an achievable cyber security goal, irrespective of whether the suspicious behavior originated on the corporate network or ICS.

    Speaker

    Photo Speaker Name Profile
    Craig Kaplan Craig Kaplan View Profile
  • IoT: Internet of Things, or Internet of Threats? Add to Schedule Paul Willard  |   Cisco Security   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 18th Oct 10:10 to 10:40

    IoT: Internet of Things, or Internet of Threats?

    With the global IoT opportunity predicted to reach nearly $9T by 2020, organizations are under extreme pressure to evaluate IoT and digitation initiatives that can deliver unprecedented customer outcomes and efficiencies.  Move too slow, and be left behind.  Move too fast, neglecting the unique cybersecurity risks IoT devices introduce, and be hit with a crippling security breach.  In this session, Paul will explore how the exponential increase in cyberattacks on IoT and digital assets is forcing the entire cybersecurity industry to evolve, and how this evolution will reshape the way organizations defend against large-scale, coordinated attacks on digital and IoT assets.

    Speaker

    Photo Speaker Name Profile
    Paul Willard Paul Willard View Profile
  • Thu 18th Oct 10:30 - 11:20
  • Vishing: Not just for Extroverts! Add to Schedule Brandon Helms  |   Rendition Infosec  |   Cyber Hack

    Cyber Hack Theatre

    Thu 18th Oct 10:30 to 11:20

    Vishing: Not just for Extroverts!

    Many attackers use many different social engineering techniques to gain initial footholds into networks but when asked to interact directly with the humans of these companies, the tend to fall short. This talk will focus on using vishing and abusing MFA habits in order to gain initial entry into networks.

    Speaker

    Photo Speaker Name Profile
    Brandon Helms Brandon Helms View Profile
  • Thu 18th Oct 10:40 - 11:30
  • Turning your Compliance program for fun and profit Add to Schedule Gordon Shelvin  |   Security and Analytics, LLC  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Thu 18th Oct 10:40 to 11:30

    Speaker

    Speaker Name Profile
    Gordon Shelvin View Profile
  • You’re Under Attack, Now Live the Response Add to Schedule Matthew Dobbs  |   IBM Security  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 10:40 to 11:30

    You’re Under Attack, Now Live the Response

    Cyber Incident is a business issue, not just a security issue. To combat this danger, you need to create a security culture for your organization, and that starts with a comprehensive plan of preparedness. Using a state-of-the-art cyber range can train your security team, business leaders, and communications, human resources, public relations and legal representatives to act on a cyber attack as it’s happening—by showing them what it’s like to live through an attack. To help your firm survive, the cyber range gives your team the tools they need through a completely immersive security experience that tests skills, process and leadership competence.

    Speaker

    Photo Speaker Name Profile
    Matthew Dobbs Matthew Dobbs View Profile
  • Securing the Chain of Evidence With Blockchain Add to Schedule Jeff Neithercutt  |   Public Consulting Group  |   ISSA Theater 4 - Emerging Technology

    ISSA Theater 4 - Emerging Technology Theatre

    Thu 18th Oct 10:40 to 11:30

    Securing the Chain of Evidence With Blockchain

    This will be a discussion of the emerging Blockchain technology and it's use to verify evidence from the moment it is collected to the final presentation in court. Particular attention will be paid to the essential need for non-repudiation in the chain of evidence for both civil and criminal proceedings.

    Speaker

    Photo Speaker Name Profile
    Jeff Neithercutt Jeff Neithercutt View Profile
  • Thu 18th Oct 10:50 - 11:20
  • Cybersecurity and Data Breaches from a Business Lawyer’s Perspective Add to Schedule Kathy Winger  |   Law Offices of Kathy Delaney Winger  |   The Keynote

    The Keynote Theatre

    Thu 18th Oct 10:50 to 11:20

    Cybersecurity and Data Breaches from a Business Lawyer’s Perspective

    The session covers recent data breach cases, the significant change to the legal landscape that is occurring in the cybersecurity and data breach arena and the fact that no company, whether small, medium or large, is immune from liability. It  discusses current and future cybersecurity/data breach legislation and the FTC’s role in regulatory and enforcement actions related to cybersecurity and data breaches. It covers steps that businesses can take to protect themselves before, during and after a data breach and the legal significance of cybersecurity best practices. Finally, it discusses liability for third party vendor breaches and the ins and outs of cyber insurance.  

    Speaker

    Photo Speaker Name Profile
    Kathy Winger Kathy Winger View Profile
  • Minimizing the detection to recovery timeframe Add to Schedule Sean Blenkhorn  |   eSentire   |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Thu 18th Oct 10:50 to 11:20

    Minimizing the detection to recovery timeframe

    While recent trends have shown attackers are more frequently using simple tools and tactics to make a big impact to the overall global cost of data breaches, sophisticated threat actors utilizing advanced techniques to avoid detection could potentially have the greatest impact to an organization’s bottom line in 2018. While commodity threats continue to make the case for investment in preventative technologies, stricter regulations around breach notifications all but mandates increased investment in advanced detection and response capabilities. Now more than ever is minimizing the detection to response timeframe of utmost importance to ensure an organization is able to not only detect threats but contain and respond in a timeframe that minimizes the potential risk of impacting their clients and suffering the business altering implications of compliance violations.

    As organizations begin to address this transition, knowing where to start is a challenge. We invite you to join, Sean Blenkhorn, eSentire Director of Solution Engineering for Managed Detection and Response services who will cover the best path going forward and real-life examples of how advanced detection and response capabilities were able to thwart attackers and satisfy even the most stringent emerging regulatory requirements.

    Speaker

    Photo Speaker Name Profile
    Sean Blenkhorn Sean Blenkhorn View Profile
  • Cyber Risk Insurance: get it, before they get you Add to Schedule Adrejia L. A. Boutté Swafford   |   Christovich & Kearney, LLP   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 18th Oct 10:50 to 11:20

    Cyber Risk Insurance: get it, before they get you

    This presentation will address what cyber threat and cyber risk are; cyber risk insurance policies versus standard homeowners and commercial policies; the role of agents/brokers and legal counsel here; and sample litigation on cybercrime related claims. This presentation will also cover the role of organizational compliance on an entity's degree of risk

    Speaker

    Photo Speaker Name Profile
    Adrejia L. A. Boutté Swafford Adrejia L. A. Boutté Swafford View Profile
  • Thu 18th Oct 11:30 - 12:00
  • How to Rob a Bank over the Phone Add to Schedule Joshua Crumbaugh  |   PeopleSec  |   The Keynote

    The Keynote Theatre

    Thu 18th Oct 11:30 to 12:00

    How to Rob a Bank over the Phone

    This talk is 50% real audio from a social engineering engagement and 50% lessons learned from the call. During this call, Joshua talks a VP at a bank into giving up full access to his computer and eventually facilities. At one point during the call, the antivirus even triggers. This is an intense call with a ton of valuable lessons for any social engineer or defender looking to enhance tradecraft or better detect social engineering attacks.

    Speaker

    Photo Speaker Name Profile
    Joshua Crumbaugh Joshua Crumbaugh View Profile
  • A Proactive Approach to Ransomware Add to Schedule Kevin Dempsey  |   Dimension Data  |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Thu 18th Oct 11:30 to 12:00

    A Proactive Approach to Ransomware

    The session will describe the characteristics, historical development, and organizational impacts of ransomware. We will cover key risk factors and recommended steps to reducing the likelihood and impact of ransomware attacks.

    Speaker

    Speaker Name Profile
    Kevin Dempsey View Profile
  • Dear Blue Team: Proactive Steps to Supercharge Your IR Add to Schedule Joe Gray  |   Advanced Persistent Security  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 18th Oct 11:30 to 12:00

    Dear Blue Team: Proactive Steps to Supercharge Your IR

    In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics and Incident Response (DFIR). In doing so, there are many things that Administrator, Enterprise Defenders, and Security Operations Centers can do proactively to not only enhance the security of an organization, but also assist the DFIR personnel in performing their duties in a more expeditious manner. During this presentation, blue teamers and management will be armed with actionable advice as to how to pre-emptively capture artifacts as baselines BEFORE anything ever happens and the actions to take WHEN something happens.

    Speaker

    Photo Speaker Name Profile
    Joe Gray Joe Gray View Profile
  • Cybersecurity Attacks are Evolving and So Must We: Enter AI-Driven Autonomous Security Add to Schedule Chris Calvert   |   Respond Software  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 18th Oct 11:30 to 12:00

    Cybersecurity Attacks are Evolving and So Must We: Enter AI-Driven Autonomous Security

    Cyber security attacks are increasing in frequency, each one becoming more potentially harmful than the last. Traditional methods of threat prediction and mitigating risks cannot keep pace with the increased sophistication of attacks, requiring a fundamental shift in security technology. Respond Analyst leverages Probability Theory and advanced algorithms to analyze all relevant cyber observables, ultimately making fully contextualized and informed decisions at the scale, speed and consistency no human can match.

    Speaker

    Photo Speaker Name Profile
    Chris Calvert Chris Calvert View Profile
  • How to rob a bank over the phone Add to Schedule Joshua Crumbaugh  |   PeopleSec  |   Cyber Hack

    Cyber Hack Theatre

    Thu 18th Oct 11:30 to 12:10

    How to rob a bank over the phone

    This talk is 50% real audio from a social engineering engagement and 50% lessons learned from the call. During this call, Joshua talks a VP at a bank into giving up full access to his computer and eventually facilities. At one point during the call, the antivirus even triggers. This is an intense call with a ton of valuable lessons for any social engineer or defender looking to enhance tradecraft or better detect social engineering attacks.

    Speaker

    Photo Speaker Name Profile
    Joshua Crumbaugh Joshua Crumbaugh View Profile
  • Thu 18th Oct 11:40 - 12:30
  • Integrated Operations at NSA – How Defense is Constantly Challenged to Stay Ahead of the Adversary Add to Schedule Tech Leaders  |  ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 11:40 to 12:30

    Integrated Operations at NSA – How Defense is Constantly Challenged to Stay Ahead of the Adversary

    NSA addresses cybersecurity issues from both a defensive and offensive perspective. NSA’s Cybersecurity Operations Center (NCTOC) has one of the largest 24*7*365 footprints across the US Government as they defend over 3 million Department of Defense users across the globe. Mr. Dave Hogue, Technical Director, will discuss how innovations in policy, technology, and people can lead to break-through results in this operational environment. Computer Network Operations (CNO) is NSA’s premier Computer Network Exploitation (CNE) organization. CNO conducts CNE operations on foreign targets and supports Computer Network Defense (CND) and other computer network operations for the US. Mr. Tim Kosiba is Chief, CNO, and will discuss how a sophisticated adversary would attempt to get around cybersecurity defenses.

    Speakers

    Photo Speaker Name Profile
    David Hogue David Hogue View Profile
    Timothy Kosiba Timothy Kosiba View Profile
  • Orchestration & Automation in Real World Add to Schedule Ken Dunham  |   Optiv  |   ISSA Theater 4 - Emerging Technology

    ISSA Theater 4 - Emerging Technology Theatre

    Thu 18th Oct 11:40 to 12:30

    Speaker

    Speaker Name Profile
    Ken Dunham View Profile
  • Thu 18th Oct 01:00 - 01:30
  • The Confluence Of Data Security Challenges Add to Schedule

    The Keynote Theatre

    Thu 18th Oct 01:00 to 01:30

  • Aviation Cybersecurity: Beyond The Runway Add to Schedule Elizabeth Wharton  |   Prevailion, Inc.   |   Network Security, Ransomware & IOT

    Network Security, Ransomware & IOT Theatre

    Thu 18th Oct 01:00 to 01:30

    Aviation Cybersecurity: Beyond The Runway

    Ticketing system glitches, frequent flyer data breaches, other technology issues highlight that aviation and airports are mini ecosystems, mini cities, where one issue can derail air traffic around the country. Connected devices, data, and networks improve safety and efficiency but provide a larger security attack surface. Former senior technology attorney for the World’s Busiest Airport and current VP of Strategy, Prevailion (a cyber threat intelligence company), Elizabeth will discuss the evolving approach to protecting the systems and technology in aviation, beyond the aircraft and runways.

    Speaker

    Photo Speaker Name Profile
    Elizabeth Wharton Elizabeth Wharton View Profile
  • Igloo Security. Hard and crunchy on the outside. Soft and chewing on the inside Add to Schedule Wes Knight  |   Georgia Department of Revenue  |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 18th Oct 01:00 to 01:30

    Igloo Security. Hard and crunchy on the outside. Soft and chewing on the inside

    Let’s discuss deploying a new strategy to keep the bad guys out – deception technology. We will discuss how this new set of tools and products are helping detect, analyze and defend against zero-day and advanced attacks. Automated and real-time, deception technology provides a more proactive security posture by deceiving, detecting and defeating attackers.

    Speaker

    Photo Speaker Name Profile
    Wes Knight Wes Knight View Profile
  • Not a free lunch – Managing your open source program Add to Schedule Peter Chestna   |   Veracode  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 18th Oct 01:00 to 01:30

    Not a free lunch – Managing your open source program

    No one builds software completely from scratch anymore. The use of open source software is at an all-time high. The benefits in terms of time to market are too great to ignore. Once incorporated, they are orphaned and left to fend for themselves. That’s a huge problem when a CVE is announced and we are left with a hugely expensive upgrade or uncontrolled exposure to risk. Let's talk strategy.

    Speaker

    Photo Speaker Name Profile
    Peter Chestna Peter Chestna View Profile
  • The Cyber Hack with SentinelOne Add to Schedule Ryan Merrick  |   SentinelOne   |   Cyber Hack

    Cyber Hack Theatre

    Thu 18th Oct 01:00 to 01:50

    The Cyber Hack with SentinelOne

    Ransomware attacks continue to be popular among cyber criminals looking to compromise unsuspecting corporate networks. And it all happens at the endpoint. In a recent Enterprise Risk Index, fileless attacks rose 94% in the first half of the year, including exponential growth in PowerShell attacks.
    Learn how to defend your businesses where traditional AVs could not. SentinelOne's next-generation AV behavioral engines will help you understand and respond if there is ever a threat.

    Speaker

    Photo Speaker Name Profile
    Ryan Merrick Ryan Merrick View Profile
  • Alphabet Soup: Assessing Your High Risk Vendors Add to Schedule David Schroth  |   Design Compliance and Security, LLC  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Thu 18th Oct 01:00 to 01:50

    Alphabet Soup: Assessing Your High Risk Vendors

    Do you use third parties in your business? How do you trust but verify their security practices? Enter the world of third party audit reports (which is more like a bowl of Alphabet Soup) - We will go through an overview of what companies are using to obtain assurance over the security practices of their vendors. We will talk about SOC 1, SOC 2, SOC 3, SSAE 18, HITRUST, ISO 27001 and other assessments and audits along with the pros and cons of each so you can use them effectively in your vendor management processes. We will also discuss the pros and cons of each report and how to interpret the results.

    Speaker

    Photo Speaker Name Profile
    David Schroth David Schroth View Profile
  • Brains over Brawn: Intelligent Password Recovery Add to Schedule Rick Redman  |   KoreLogic Inc.  |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 01:00 to 01:50

    Brains over Brawn: Intelligent Password Recovery

    Attendees will leave this session with new ideas that can immediately be applied to their password cracking needs ranging from recovery of password-protected documents needed for forensics, incident response, law enforcement, and legal cases to improving password compliance in large organizations. We will share our experience running the DEFCON password cracking contest "Crack Me If You Can", our security R&D work for DARPA and for the Carnegie Mellon University CyLab Usable Privacy and Security Laboratory. This experience has helped us to develop "intelligent recovery" methods (those that are most likely to succeed first thereby increasing recovery speed and success) as well as cutting-edge cracking logic (rules, patterns, & dictionaries) created from analyzing millions of cracked passwords. The presentation will cover the following topics:
    Present real-world use cases:
    Best practice password compliance monitoring by information security and audit teams
    Quantifying organizational improvement in password strength. A rare opportunity to show security ROI to management
    Recovering password-protected documents needed for forensics, incident response, law enforcement, and legal cases
    The importance of password cracking in penetration testing
    Share what we have learned about cutting edge cracking techniques, architectures and rules from the DEFCON password cracking contest run by KoreLogic (including new tools, techniques, GPU password cracking, etc)
    Brains or brawn: Brute forcing passwords vs. rule based logic, extensive dictionaries (and horsepower)
    Briefly review password hashing methods and password cracking methods

    Speaker

    Photo Speaker Name Profile
    Rick Redman Rick Redman View Profile
  • The Role of Malware in Intelligence Operations Add to Schedule Kenneth Geers  |   Comodo Cybersecurity  |   ISSA Theater 4 - Emerging Technology

    ISSA Theater 4 - Emerging Technology Theatre

    Thu 18th Oct 01:00 to 01:50

    The Role of Malware in Intelligence Operations

    Imagine you are King or Queen for a day. How would you employ the time and talent of computer hackers? Whom would you target, with what type of malware, and for what purpose? Where would you set technical, legal, and ethical constraints? Information Technology continuously transforms the nature of statecraft, from internal security to external threats. This presentation will examine the role of malicious software in real-world nation-state intelligence operations. We will discuss the attack and defense of everything in a modern state, from elections to electricity, and clarify the roles and risks of law enforcement, counterintelligence, and foreign intelligence in the Internet era. Finally, we will address how enterprises should respond to a threat that has no fear of prosecution or retaliation.

    Speaker

    Photo Speaker Name Profile
    Kenneth Geers Kenneth Geers View Profile
  • IT & InfoSec Support to the Commander-in-Chief Add to Schedule Mark Gelhardt  |   Gelhardt Group, LLC   |   ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Thu 18th Oct 01:00 to 02:30

    IT & InfoSec Support to the Commander-in-Chief

    Colonel Gelhardt is a retired Army Officer and war veteran. While in the Army Colonel Gelhardt was nominated and selected to work at the White House as the Chief Information Officer (CIO) equivalent for the Clinton White House from 1995 through 1999. Colonel Gelhardt was responsible for all classified Information Technology and Communications used by the President, Vice President, White House Staff, and the Secret Service. Colonel Gelhardt's mission was to provide safe and secure instantaneous communications and 5 minute hard copy, anytime, anywhere in the world to the Commander-in-Chief. Colonel Gelhardt, will explain not only the support he provided to the Command-in-Chief but will explain all the military support it takes to make sure your government works. Since Mark’s retirement from the Army he has been a successful CIO, CTO, CSO, and CISO in several global companies. Mark Gelhardt is a speaker and Author.

    Speaker

    Photo Speaker Name Profile
    Mark Gelhardt Mark Gelhardt View Profile
  • Thu 18th Oct 01:40 - 02:10
  • In Praise of Private Clouds: A Case Study Add to Schedule Robert Gibbons  |   Datto  |   The Keynote

    The Keynote Theatre

    Thu 18th Oct 01:40 to 02:10

    In Praise of Private Clouds: A Case Study

    Robert Gibbons, Datto’s CTO, will discuss the security and infrastructure advantages of migrating data from a public to a private cloud based on his own experience. Having recently transferred 12 PB of data out of Amazon Web Service, Gibbons will discuss the motivations, challenges, and lessons learned from moving billions of SaaS data objects, one of the largest data migrations in history.

    Speaker

    Photo Speaker Name Profile
    Robert Gibbons Robert Gibbons View Profile
  • GDPR/CCPA Crash Course: What You Need to Know About Current Privacy Regulations Add to Schedule

    Network Security, Ransomware & IOT Theatre

    Thu 18th Oct 01:40 to 02:10

    GDPR/CCPA Crash Course: What You Need to Know About Current Privacy Regulations

    Data Privacy is currently one of the hottest topics within information security.  For this session, attendees will get a crash course in the European Union (EU) General Data Protection Regulation (GDPR) which recently went into enforcement. This session will cover trends and insights garnered from working in the field preparing customers to comply with these regulations.

  • Cloud, Mobile & IAM Theatre

    Thu 18th Oct 01:40 to 02:10

  • How to Use Intelligence to Automate & Scale Network Prevention Add to Schedule Todd Weller  |   Bandura Systems  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 18th Oct 01:40 to 02:10

    How to Use Intelligence to Automate & Scale Network Prevention

    Security organizations have access to large volumes of actionable threat intelligence. However, many organizations experience significant challenges putting threat intelligence into action to improve network defense and security operations. These challenges are driven by a combination of technology limitations in existing network security controls and the use of threat intelligence primarily focused on manual detection and response processes. This presentation will focus on how organizations are using Threat Intelligence Gateway technology and automation to overcome these challenges allowing them to put threat intelligence into action to better protect networks.

    Speaker

    Photo Speaker Name Profile
    Todd Weller Todd Weller View Profile
  • Thu 18th Oct 02:00 - 02:50
  • Anatomy of an attack Add to Schedule Mark Stanford  |   Cisco Security   |   Cyber Hack

    Cyber Hack Theatre

    Thu 18th Oct 02:00 to 02:50

    Anatomy of an attack

    Cyber criminals are increasingly exploiting the Internet services to build agile and resilient infrastructures, and consequently to protect themselves from being exposed and taken over. This session will explain how the correlation of Internet data on multiple levels (DNS, BGP, ASN, Prefixes/IPs) can be used to build and deliver a new model of security that is pervasive and predictive, and that allows us to expose the attackers' infrastructure. Detection models that can be built and applied (such as co-occurrences, NLPRank, and Spike Detectors), and how the different detectors can be integrated to expose malicious infrastructures and advanced threats

    Speaker

    Photo Speaker Name Profile
    Mark Stanford Mark Stanford View Profile
  • SDLCMM & Residual Risk the next chapter Add to Schedule Michael Angelo  |   Microfocus/NetIQ  |   ISSA Theater 4 - Emerging Technology

    ISSA Theater 4 - Emerging Technology Theatre

    Thu 18th Oct 02:00 to 02:50

    SDLCMM & Residual Risk the next chapter

    As we continue to secure our environments external attackers continue to be successful. This is true even with new developments and enhancements to our infrastructure’s security. The subsequent analysis and deployment of changes to our internal and generic Security Development Lifecycle (SDLC) don’t seem to even slow them down. The question on everyone’s mind is ‘why are they successful?’. The answer is as because we have gaps in our defenses. Phrased differently we have unmitigated residual risks in our defenses or environment. While the answer sounds easy, the solution isn’t… Or maybe it is.

    Speaker

    Speaker Name Profile
    Michael Angelo View Profile
  • Thu 18th Oct 02:20 - 02:40
  • Role Based Access Control (RBAC) Best Practices and Tips for Successful Implementation Add to Schedule Bhavdip Rathod   |   Sailpoint Technologies, Inc.   |   Cloud, Mobile & IAM

    Cloud, Mobile & IAM Theatre

    Thu 18th Oct 02:20 to 02:40

    Role Based Access Control (RBAC) Best Practices and Tips for Successful Implementation

    One of the main goals of RBAC is to establish the Principle of Least Privileges and grant employees only the access they need to do their jobs. Grouping common access permissions into roles provides a secure and efficient way of managing access and helps keep things simple for administrators the users requesting access. RBAC has become the standard for managing access to IT resources in industry and government. Implementation of RBAC in an enterprise often becomes a major and daunting task. Adopting some of the best practices early in the implementation of RBAC program will ensure successful delivery of the program within the enterprise.

    Speaker

    Photo Speaker Name Profile
    Bhavdip Rathod  Bhavdip Rathod View Profile
  • Panel The Year Ahead Add to Schedule Tech Leaders  |  The Keynote

    The Keynote Theatre

    Thu 18th Oct 02:20 to 02:50

    Panel The Year Ahead

    As little as 5 years ago Cyber Security Breaches were seen as a relatively rare occurrence however we now see major breaches reported on a weekly and sometimes even daily basis. This trend does not seem to be slowing so what do we need to be mindful of in the year ahead?

    Join a team of experts for a in depth discussion about what security managers need to be mindful of in the year ahead

    Speakers

    Photo Speaker Name Profile
    Cameron Armstrong Cameron Armstrong View Profile
    Chris Calvert Chris Calvert View Profile
    IJay Palansky IJay Palansky View Profile
    Peter Chestna Peter Chestna View Profile
    Wes Knight Wes Knight View Profile
  • Top Tips for Implementing an Effective AppSec Program Add to Schedule Nikhil Ollukaren  |   Optiv Security Inc.  |   Future Cyber Tech, Application Security & DevOps

    Future Cyber Tech, Application Security & DevOps Theatre

    Thu 18th Oct 02:20 to 02:50

    Top Tips for Implementing an Effective AppSec Program

    Attend this session to learn how forward-thinking clients are implementing mature AppSec programs. We’ll also discuss how modern development teams are overcoming the traditional challenges around deploying applications rapidly and securely.

    Speaker

    Photo Speaker Name Profile
    Nikhil Ollukaren Nikhil Ollukaren View Profile
  • Student Session Add to Schedule

    Network Security, Ransomware & IOT Theatre

    Thu 18th Oct 02:20 to 03:30

    Student Session

    In this session we are offering those people in full-time study in computer science and cyber security related education the chance to access the conference to help them on their journey towards qualification and ultimately employment. These 15 minute lightning slots sessions delivered by cyber security professionals offer students a chance to gain insights into a career in information security and speak to professionals already working in the industry.

  • Thu 18th Oct 02:40 - 03:30
  • Death by a Thousand Paper Cuts: The Small Business Security Problem Add to Schedule Daniel Ziesmer  |   Centripetum  |   ISSA Theater 1 - Professional Development

    ISSA Theater 1 - Professional Development Theatre

    Thu 18th Oct 02:40 to 03:30

    Death by a Thousand Paper Cuts: The Small Business Security Problem

    Imagine a massive technology infrastructure that is barely secured, seldom monitored, and its security risks almost completely unknown... more critically, it supports 1/3 of the entire U.S. workforce every day, and is used by 98% of all businesses in the United States. There’s just one problem, it’s real: it is the infrastructure of U.S. businesses with less than 100 employees. Small businesses are absolutely critical to every economic sector and the success of every large enterprise in existence, but seldom have the resources to invest in expensive technical solutions or security and risk management staff. In this session, the presenter unveils a potential security disaster waiting to happen, its importance to the future of security for all businesses, and how even small and large organizations can work together to find cost-effective solutions to establishing critical security controls.

    Speaker

    Photo Speaker Name Profile
    Daniel Ziesmer Daniel Ziesmer View Profile
  • Thu 18th Oct 03:00 - 03:50
  • Are You Protecting Your Machine Identities? Add to Schedule Kevin Bocek  |     |   ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness

    ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre

    Thu 18th Oct 03:00 to 03:50

    Are You Protecting Your Machine Identities?

    There are two kinds of actors on every network—people and machines—and both need to be secured. People rely on usernames and passwords, but machines use keys and certificates for machine-to-machine communication and authentication. Billions are spent each year securing identity and access management, but virtually all of it is spent securing usernames and passwords, almost none on protecting keys and certificates. Unprotected machine identities are lucrative targets for cyber criminals. They use unprotected keys and certificates to eavesdrop on private communications, make phishing sites or malicious code look valid, and hide their nefarious activity in encrypted traffic—getting malware in and sensitive data out. In this presentation, we’ll discuss the different types of machines identities and where they proliferate in your network. You’ll see the role and lifecycle of machine identities, and where we’re falling short in protecting them. We’ll then look at where there are current risks as well as where new risks are emerging. We’ll conclude with steps you can take immediately to get these risks under control.

    Speaker

    Speaker Name Profile
    Kevin Bocek View Profile

Your schedule where you can plan your day, viewing all your scheduled seminars print or email them to yourself

Top