Agenda

Tracking technologies are proliferating at an increasingly high rate in apps, IoT devices, websites, and in a wide range of files. They are not only impacting privacy in wider and more harmful ways, but they have also extended far beyond the digital world and are also impacting physical safety. Such tools can certainly be very beneficial, when used responsibly and with informed awareness of the cybersecurity and privacy risks. However, when they are used without establishing technical and non-technical boundaries, and without taking risk mitigation actions, the associated surveillance activities can, and have, brought physical harms. I was an expert witness for a case a couple of years ago involving a stalker’s use of his victim’s smart car to find and almost fatally assault her. I’m currently an expert witness for two separate cases involving the use of Meta Pixels, Conversion APIs, cookies, and other types of tracking tech for surveillance of online activities. Virtually daily there are news articles reporting privacy invasions by digital trackers, drones, security cameras, and more. I will provide several real-life use cases, and provide discussion for the technical and non-technical capabilities that possibly could have been identified through risk assessment activities prior to making such products publicly available and informed the needed associated security and privacy capabilities, that would have supported privacy and cybersecurity protections and physical safety.

Identity security has quickly become the keystone for strong cybersecurity programs. But many identity security programs suffer from the same challenges as others – a series of disjointed point solutions that do little to simplify management and governance, limiting overall program effectiveness. Lack of cohesive programs increase costs, complicate tech stacks, and limit buy-in from the rest of the organization which does little to minimize enterprise risk.

In this presentation, Saviynt Vice President of Product Management John Wang will discuss the key concepts that have proven successful for organizations adopting converged identity platforms and how they can streamline security programs, limit enterprise risk, and reduce total cost of ownership – all while increasing ROI.

Discussion topics for this session will include:

• Today’s identity security challenges
• Drawbacks of point solutions
• Defining convergence
• The business benefits of CIPs
• Choosing the right CIP for you

With the increased reliance and use of machine learning across all industries, the attack surface in many organizations’ environments has increased. Although machine learning has many benefits, it also leads to new risks. It is crucial to understand the new security risks that machine learning brings in order to protect systems that rely on these technologies. In this presentation, attendees will learn about the different types of attacks that machine learning is vulnerable to. In addition, attendees will gain an understanding of the difference between artificial intelligence and machine learning, what adversarial machine learning is, how machine learning attacks occur, real-world case studies, and an introduction to current open-source tools offered by the industry to ensure that machine learning has been secured. By the end of the presentation, attendees will have an understanding of machine learning and its contributions to the cyber threat landscape as well as some measures they can take to increase the security of machine learning.

In late July, the U.S. Securities & Exchange Commission (SEC) finally announced its long-anticipated cybersecurity updates. With the new rules, public companies operating in the U.S. will have to adapt the way they manage cybersecurity incidents and reporting.

Benjamin Corll and Petri Kuivala will discuss the new rules and explain how security teams need to adapt their processes to make sure their organizations meet compliance.

In a time of decreasing budgets, CISOs are increasingly faced with the challenge of doing more with less. In this informative keynote, Michael Gregg discusses how he grew his state’s cyber coverage from 25,000 to 250,000 endpoints. Learn how he optimized SOC operations and embraced AI to increase efficiencies and improve response times while reducing costs.

2023 has seen the emergence of class action lawsuits filed against businesses for their use of AI/ML technologies.  Other actions are sure to follow as plaintiffs firms find novel ways to fit the use of AI tools into existing legal regimes prohibiting discrimination and requiring product safety, transparency and fairness.  This presentation will give an overview of some of the litigations and enforcement actions seen in the AI/ML space to date, with legal strategies for how businesses can work to develop a legally defensible compliance program, including AI assessments, in line with emerging AI regulatory and risk management frameworks.  The presentation will feature Philip Dawson from Armilla Assurance, the first company to offer a warranty product backed by major insurers that seeks to verify and warrant certain features of an AI tool.