Agenda

Date and TimeTitle
Oct 8, 2020
8:30am - 9:00am (Eastern)
Exhibit Floor Open
Oct 8, 2020
9:00am - 10:00am (Eastern)
[Opening Keynote] The Resilient Enterprise: Securing the Virtual Workforce

Throughout the course of 2020, organizations have seen a transformational shift in the way that businesses operate. As we adapt to new realities, digital transformation has been accelerated in many areas, including how we protect our information assets. From entirely new threats to exacerbating existing threats, Information Security teams are at the forefront of enabling businesses to operate efficiently and securely in the new virtual-first world. We’ll deep dive into considerations that your organization should be making in technology, process, and policy as you work to secure your virtual workforce.

Oct 8, 2020
9:45am - 10:00am (Eastern)
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Oct 8, 2020
10:00am - 10:45am (Eastern)
Cybercrime: What Is the State of Support for Consumer and SMB Victims?

How can you support your end users if they are a victim of cybercrime in their personal lives? What kind of resources are available to help SMBs report cybercrime, recover, and reinforce their security? Cybercrime Support Network is the leading public-private partnership serving the victims and coordinating federal, state, and local resources.

Join Kristin Judge and James Ellis of Cybercrime Support Network as we explore the current state of cybercrime reporting and recovery, work being done on common language for cybercrime among law enforcement, and a national pilot to build a reporting and information sharing program to capture threats facing consumers and SMBs.

Oct 8, 2020
10:00am - 10:45am (Eastern)
A Hitchhiker’s Guide to the 2020 National Industry Cloud Exposure Report (NICER)

Rapid7 has built upon four years of work measuring the internet for National Exposure Index (NEI) and Industry Cyber Exposure (ICER) reports to create the most comprehensive, modern atlas of internet-facing services to date. This session will provide an overview of the findings, including a comparison of the internet pre- and post-pandemic, along with a guide for how to digest the 150-page deep dive into 24 critical internet protocols and services.

Oct 8, 2020
10:00am - 10:55am (Eastern)
Practical Considerations When Verifying Your Vendors’ Cybersecurity Controls

As businesses grow, it becomes increasingly cheaper, more convenient, and more efficient to rely on third parties to take on certain business functions. However, the security of your organization’s assets is only as strong as the weakest link in your vendor chain.
Embracing the “trust-but-verify” approach, this session offers helpful tips and areas to focus on when validating your vendors’ cybersecurity controls.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)

Oct 8, 2020
10:00am - 10:50am (Eastern)
[Panel] Data Threats in the Cloud

We all know that COVID-19 has forced us into the cloud. We had to, to keep the economy and business going. The cloud can be a wonderful tool for organizations to thrive in, but there are many threats and pitfalls that should be addressed. Do you know what services your staff bought? Did anyone review the terms and conditions? How are you handling identity in the cloud? Is a Zero Trust mindset working in the cloud? Our panelists will dive into the threats to be prepared for and some you might not be aware of!

 
Oct 8, 2020
10:30am - 10:45am (Eastern)
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Oct 8, 2020
10:45am - 11:30am (Eastern)
Approaches to Justifying Cybersecurity Projects and Spend

Feel like you’re not getting enough funding for your security projects or program? Learn to stack the deck in your favor by following four basic rules. Lots of examples will be presented!

Oct 8, 2020
10:45am - 11:40am (Eastern)
[Panel] Remote Workforce: Lessons Learned

Companies had no real choice as we all moved to the “new normal” and a fledgling at home workforce due to the coronavirus outbreak. If you stop and think about it, it was quite the feat—a massive cloud migration the likes of which had never been seen before. Now that things are somewhat settled into a pattern, what are you discovering that should have been done differently? Realizing that a lot of the same things need to be done? How is the network perimeter now? How many devices are suddenly on your networks? IoT devices from the remote workers piggybacking on the home connections? What are the legal challenges now (think reasonable security)? Join us for a panel discussion of security experts.

 
Oct 8, 2020
10:45am - 11:30am (Eastern)
Being Our Own Worst Enemy: Sloppy IT Causing Security Incidents

IT and the IT Security Team have put in countless controls and tools to protect the enterprise, but are their daily operations and practices causing security incidents? Are the ones with the most privilege the most successful targets in the environment? This topic will shift the focus on the care given to staying safe by the ones who are keeping the environment safe. Don’t be the one who causes the next security incident!

Oct 8, 2020
10:45am - 11:30am (Eastern)
Navigating Maze: Can You Recover from Ransomware?

One-fifth of companies have been hit with ransomware, and yet most companies still rely on hoping they won’t be hit rather than addressing shortcomings and following best practices. The industry has said for years that “it is not if, but when you will be breached,” so let’s set some goals and follow some simple steps to at least make ourselves a less desirable target than the companies that are “giving in.” If we agree that protection is not a guarantee, then we must also accept that recovery is CRITICAL and that the work starts now.

Presentation Level:

GENERAL (InfoSec best practices, trends, solutions, etc.)

Oct 8, 2020
11:15am - 11:30am (Eastern)
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Oct 8, 2020
11:30am - 12:25pm (Eastern)
The Changing Landscape of Cybercrime and Its Impact

The onset of COVID-19 has changed the way we all live, work, and interact. It has been the single most impactful contributing factor to the constantly evolving cybersecurity landscape and the cybercrime threats being faced by private citizens and corporations both large and small in recent history. This impact has been on a global scale as cybercriminals increase the rate, diversity, and complexity of their attacks in the wake of this unprecedented pandemic. Join me for this presentation as I share what I hope will be some valuable insight into what we are seeing and how we must react.

Oct 8, 2020
11:30am - 12:30pm (Eastern)
Developing an Effective Security Awareness Program

Security Awareness is well known for being the “best bang for the buck” out of all the risk mitigation techniques, but is it really? For Security Awareness to be effective, it must change the behaviors of employees and ideally lead to a mature security culture in your organization. Many programs that do not use adult education techniques and neuroscience fail to achieve behavior change—and can even make things worse. Once employees start to have a negative impression about information security, feel helpless, or begin to consider remediation as punitive, great damage has been done to the security culture and this can be difficult to reverse.

This fun presentation will help you to gain an understanding about effective Security Awareness program creation and implementation, as well as to build buy-in for a mature security culture.

Oct 8, 2020
11:30am - 12:30pm (Eastern)
[Panel] No Perimeter: Security in the Cloud

Worldwide events have accelerated cloud adoption trends. Organizational reliance on the cloud is at an all-time high. This panel will explore cloud security risks, controls, and best practices to help ensure a secure cloud computing environment. 

Oct 8, 2020
11:30am - 12:10pm (Eastern)
Detect Everything: Bringing Google-Scale Threat Detection to Your SOC

Skillful threat detection and investigation starts with a diverse hub of security telemetry to draw from. The Chronicle platform allows security teams to cost effectively store and analyze petabytes of security data in one place, and perform investigations in seconds. Join this session to learn all about what’s new in Chronicle and see it in action with a live demo.

Oct 8, 2020
12:15pm - 12:30pm (Eastern)
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Oct 8, 2020
12:30pm - 1:15pm (Eastern)
The Paradigm Shift: HIPAA, PCI-DSS, Home, and Work

Much of the security training that we have put in place has assumed that the large majority of employees would be working at their desk in an office building. In the space of several weeks, that completely changed. The bulk of healthcare workforces now work from home. This has changed the security paradigm, as many healthcare providers based their security around the office. This requires healthcare providers to change security awareness training to refocus on what can be done given the new environment. This session will cover what your organization needs to address in awareness training for work-from-home staff in healthcare, specifically covering HIPAA, printing, home networks, split tunneling, Payment Card Industry – Data Security Standards (PCI-DSS), phishing, and scams.

Oct 8, 2020
12:30pm - 1:20pm (Eastern)
Cybersecurity in Canada: The Evolution of Legal Trends & How to Respond

As cybersecurity and privacy laws evolve, there is a growing need to stay abreast of the changing regulations and compliance obligations. This session will provide an overview of recent legal developments in Canada and best practices for addressing these regulatory changes within your organization.

We will explore:

  • Recent cybersecurity and privacy legal developments in Canada
  • Governance-related best practices for responding to these new developments
  • Best practices for managing vendors
  • Making strategic decisions regarding cyber insurance
    Presentation Level:GENERAL (InfoSec best practices, trends, solutions, etc.)
Oct 8, 2020
12:30pm - 1:15pm (Eastern)
Security For, From, and With Machine Learning and Artificial Intelligence Technologies

As companies look to increase their operational efficiencies and competitive advantage, many are turning to machine learning (ML) and artificial intelligence (AI) to make better decisions faster. With this shift comes new challenges for businesses and security professionals to ensure these technologies remain effective, safe, unbiased, and ethical. Additionally, as AI and ML become more accessible to the masses, there is a growing risk that these technologies could be leveraged to launch sophisticated attacks. In this presentation, we will explore emerging threats related to AI and ML, as well as how security leaders can utilize these emerging technologies to better defend their organizations and respond to sophisticated attacks.

Presentation Level: MANAGERIAL (security and business leaders)

Oct 8, 2020
12:30pm - 1:15pm (Eastern)
How an XDR Approach Helps Speed Response & Improve MITRE ATT&CK Coverage

XDR is an emerging industry approach that extends EDR’s insight to a broad range of sources (endpoint, servers, network, email and more). Learn how the XDR approach takes advantage of detailed activity telemetry (not just alerts) from its sources, enabling more meaningful correlation and enabling rapid detection of subtle chains of malicious activity. Higher-fidelity correlated detections mean that alert volumes decrease, enabling faster response. See how network and email telemetry help XDR expand your coverage of MITRE’s ATT&CK frameworks, without resorting to painstaking manual correlation across security toolsets.

Oct 8, 2020
1:00pm - 1:15pm (Eastern)
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Oct 8, 2020
1:15pm - 2:00pm (Eastern)
When Cyber Attacks Get Physical

Advancements in technology, especially over the past decade, have resulted a significant increase in the number of connected devices worldwide. While there are plenty of conversations on cybersecurity of connected devices, they are mainly around data protection and privacy issues. The fact of the matter is, a percentage of these cyberattacks can cause physical harm to humans. Although this issue is important, it does not often get the attention it deserves.

 

This presentation focuses on a few cyberattack scenarios on connected devices which may pose safety risks for the user/operator,

including: medical devices, connected cars and car wash systems.

Oct 8, 2020
1:15pm - 2:05pm (Eastern)
[Panel] Threat Landscape in Flux: Emerging Threats

The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.

Oct 8, 2020
1:15pm - 2:05pm (Eastern)
Hey, Information Security: Be Part of the Digital Transformation or Be Left Behind!

“Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust.

 

Join this session to learn how you can:
•  Embed security into your culture, technologies and processes
•  Empower innovation and expedite time-to-market through consistent security risk governance
•  Assess the impacts, goals and methods of likely cyber attacks and incidents
•  Align IT and security professionals with business objectives and risk tolerance
•  Prepare now for effective detection and response to reduce business impacts of incidents

Presentation level: MANAGERIAL (security and business leaders)

Oct 8, 2020
1:15pm - 2:10pm (Eastern)
The DoD’s Cybersecurity Maturity Model Certification (CMMC) Is Coming – Are You Ready?

To achieve better security across the US DIB supply chain, the DoD is developing the Cybersecurity Maturity Model Certification (CMMC). Companies will be required to acquire a CMMC Certification Level ranging from basic hygiene to “State-of-the-Art”. A required CMMC level will be contained in each contract and will be a “go/no-go decision”.

The model architects will present:
• The call to action for the development of CMMC
• A look at included sources and standards
• A detailed explanation of the maturity aspect of CMMC, both technical capability and process institutionalization
• A look at current references available to DIB contractors on CMMC

Presentation Level: MANAGERIAL (security and business leaders)

Oct 8, 2020
1:45pm - 2:00pm (Eastern)
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Oct 8, 2020
2:15pm - 3:05pm (Eastern)
[Closing Keynote] The New National Cyber Power Index: Which Nations are Truly the Most Powerful in Cyber?

Think you know which countries are the most powerful in the cyber realm? You may have some surprises coming. Julia Voo and her fellow researchers just published a first of its kind ranking called the National Cyber Power Index (NCPI). The research ranks cyber super-powers on a “whole of country approach.” The NCPI measures government strategies, capabilities for defense and offense, resource allocation, the private sector, workforce, and innovation. And its assessment is both a measurement of proven power and potential. Julia will unpack key findings, including areas where the U.S. and Canada are ranked lower than countries like Russia and China. Following this presentation and fireside chat, you may view cyber power in a brand new light.