Agenda

Date and Time	Title
Jun 14, 2023 9:00am - 9:38am (Eastern)	[Opening Keynote] That Moment When You Realize There Is Nowhere Left to Hide We’ve connected everything, everywhere, all the time, so how DO we more efficiently interact with a digital realm that continually measures our pulse in the real world? Let’s talk about some attack vectors that I’ve spent the last few years researching and helping others work on. And then let’s talk about what we CAN do about things. You’ll never look at your lights the same way again.
Jun 14, 2023 10:00am - 10:45am (Eastern)	Incredible Email Hacks You'd Never Expect and How You Can Stop Them If you think the only way your network and devices can be compromised via email is phishing, think again! A majority of data breaches are caused by attacks on the human layer, but email hacking is much more than phishing and launching malware. From code execution and clickjacking to password theft and rogue forms, cybercriminals have more than enough email-based tricks that mean trouble for your InfoSec team. In this webinar Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist and security expert with over 30-years of experience, explores many ways hackers use social engineering and phishing to trick your users into revealing sensitive data or enabling malicious code to run. Roger will show you how hackers compromise your network. You’ll also see incredible demos including a (pre-filmed) hacking demo by Kevin Mitnick, the World’s Most Famous Hacker and KnowBe4’s Chief Hacking Officer. Roger will teach you: How remote password hash capture, silent malware launches and rogue rules work Why rogue documents, establishing fake relationships and tricking you into compromising your ethics are so effective The ins and outs of clickjacking Actionable steps on how to defend against them all Email is still a top attack vector cybercriminals use. Don’t leave your network vulnerable to these attacks.
Jun 14, 2023 10:00am - 10:46am (Eastern)	Navigating the Insider Threatscape Threat methods and controls utilized for the corporate workforce that now expands beyond the office building and into remote locations is not as comprehensive and effective for those who are typically in the office. The intent of employees may not be malicious but rather inherent to poor practices; however, there are those who happen to begin unintentional but gradually become the intentional insider threat. This presentation is designed to help individuals identify how seemingly “innocent” activity can make them an insider threat and help organizations. Identify existing critical controls needed to develop an Insider Threat Program using a white hat hacking methodology. Through live demonstrations, learn simple techniques used to bypass various controls. Objectives: Learn the methodologies utilized by individuals within the organization that would be considered insider threat activity. How to identify system based behavioral indicators. Learn which existing or enhanced security layer can provide insider threat profile data. Take-Aways: How to identify business processes which can contribute to intentional or unintentional insider threats. Enhance procedures required to identify insider threat exposures. Enhance awareness training to include additional methods of insider threat. Enhance existing physical and digital security layers to better identify specific insider threat activity.
Jun 14, 2023 11:00am - 11:43am (Eastern)	Social Engineering: Training the Human Firewall Phishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.
Jun 14, 2023 11:00am - 11:46am (Eastern)	Succeeding in Succession Planning: The Future You Build Cybersecurity leaders are experiencing serious challenges on non-technical fronts with 8,000-10,000 Baby Boomers retiring every day, the loss of more than 100,000 technical jobs in the last six months, five generations in the workforce, and pressing needs to be more risk-focused. Many people are addressing the technical challenges, but few are truly addressing and developing solutions for the coming issues of non-technical leadership issues. Join Randy as he serves as a guide to help you learn how to Identify and Develop Cybersecurity Leaders and how to create a leadership pipeline in your organization.
Jun 14, 2023 11:00am - 11:31am (Eastern)	The Anatomy of a Cyberattack This session delves into the stages and workings of cyberattacks. Attendees gain a comprehensive understanding of attack methodologies, including motives, techniques, and tools employed by cybercriminals. Various attack vectors like phishing, malware, and social engineering are explored, emphasizing the need for a multi-layered defense strategy. The session covers the attack lifecycle, highlighting the importance of threat intelligence, proactive monitoring, and incident response planning. Participants learn to identify compromise indicators, conduct digital forensics, and implement effective mitigation measures. “Anatomy of a Cyberattack” equips attendees to anticipate vulnerabilities and build robust defense mechanisms for safeguarding critical assets.
Jun 14, 2023 12:00pm - 12:46pm (Eastern)	A Whole Lotta BS (Behavioral Science) About Cybersecurity Let’s be honest: people can frustrate us. They don’t always do the things we’d like, and they often do some things we’d rather they didn’t. New research from the National Cybersecurity Alliance reveals insights about the public’s attitudes and beliefs about security. We’ll explore the 2022 “Oh Behave! Cybersecurity Attitudes and Behaviors Report,” and some of the findings may surprise you! We’ll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see.
Jun 14, 2023 12:00pm - 12:51pm (Eastern)	[Fireside Chat] The Ethics of Technology "The pace of technological change has been accelerating at an unprecedented rate over the past few decades” (at least, according to ChatGPT). This creates a continuing stream of opportunities, and also causes considerable less-desirable disruption. Technology is about what “can be done,” whereas ethics are what “should be done.” This talk discusses our responsibilities viewed through the lens of providers, practitioners, users, and the U.S. legal system.
Jun 14, 2023 12:00pm - 12:48pm (Eastern)	A Healthier View on Compliance Too often, we see compliance as an adversarial process. We know that compliance is imperfect, but articulating the challenges is difficult. However, we can develop models for more appropriate compliance, while appreciating those limitations. Further, it is even possible that we can learn to appreciate compliance as an enabler to our organization’s core mission.
Jun 14, 2023 1:00pm - 1:40pm (Eastern)	The State of the Cybersecurity Workforce 2023 Job Data: It Will Surprise You!
Jun 14, 2023 1:00pm - 1:58pm (Eastern)	The Risks and Rewards of Deploying AI Technologies in Your Organization Data-driven technologies, including artificial intelligence (AI), machine learning (ML), and automated processes, increase operational efficiencies and can transform businesses. These technologies also present new and complex legal challenges along the way. This session will explore AI use cases and impacts on cybersecurity and privacy, and discuss emerging legal requirements businesses should be aware of when developing AI governance programs.
Jun 14, 2023 1:00pm - 1:45pm (Eastern)	Uncovering the Threat of Business Email Compromise The Evolution of Phishing and the Future of Business Security This session will present a high-level view of the problem, along with the common tactics used by scammers in their attempts to gain access to your organization’s systems. We will take a look at the role Artificial Intelligence plays in phishing attacks and how it can serve as both the problem and the solution in the fight against cybercrime.
Jun 14, 2023 2:00pm - 2:59pm (Eastern)	Cyber World on Fire: A Look at Internet Security in Today’s Age of Conflict This informative session analyses the growing threat of cyberattacks and risks to internet security in today’s world. Col. Leighton explores the various types of attacks and vectors, including how bad actors can impact businesses and individuals. The session also examines the role of governments and international organizations—partnering with public and private businesses—in protecting against cyber threats. Col. Leighton describes how nefarious actions are becoming increasingly more sophisticated and widespread, with hackers targeting not just large corporations but also smaller businesses and even individuals. He emphasizes the need for organizations to take proactive measures to protect their networks and data, including investing in advanced security technologies and providing regular training to employees. He shares examples of cyber activity—good and bad; offensive and defensive—from Ukraine, China, and around the globe.
Jun 14, 2023 2:00pm - 2:35pm (Eastern)	AI, DEI, and Ethical Guidance Security Awareness Month is an annual campaign that emphasizes the importance of cybersecurity and prepares individuals and organizations to tackle evolving cyber threats. In today’s interconnected world, where digital risks are pervasive, being proactive and informed about security practices is crucial. This month-long initiative aims to raise awareness, educate users about common threats, and empower them with knowledge and skills to protect themselves and their digital assets. Through workshops, training sessions, webinars, and awareness campaigns, individuals are equipped to identify and respond effectively to cyber threats. For organizations, Security Awareness Month offers an opportunity to reinforce cybersecurity as a fundamental aspect of their operations. By engaging employees in interactive programs and simulations, organizations can create a culture of security awareness and foster a collective responsibility towards protecting sensitive information. As Security Awareness Month approaches, it is essential for individuals and organizations alike to evaluate their preparedness and take proactive steps to strengthen their cybersecurity posture. Col. Leighton describes how nefarious actions are becoming increasingly more sophisticated and widespread, with hackers targeting not just large corporations but also smaller businesses and even individuals. He emphasizes the need for organizations to take proactive measures to protect their networks and data, including investing in advanced security technologies and providing regular training to employees. He shares examples of cyber activity—good and bad; offensive and defensive—from Ukraine, China, and around the globe.
Jun 14, 2023 2:00pm - 2:59pm (Eastern)	Cyber-Enabled Fraud and Business Email Compromise in 2023 This presentation will focus on the BEC fraud playbook and show how technical advancements and applications have reduced the red flags and defenses against cyber fraud, allowing threat actors to increase the efficacy of their attacks.