| Date and Time | Title | |
|---|---|---|
| Nov 12, 2020 8:30am - 9:00am (Mountain) | Exhibit Floor Open |  |
| Nov 12, 2020 9:00am - 9:57am (Mountain) | [Opening Keynote] The Human Aspect of Security Leadership Security leadership is largely misunderstood, and many organizations struggle to define their expectations from their security leaders. During times of peace, businesses want a diplomat that talks about business objectives in non-technical terms; but when all hell breaks loose, they want a Commander in Chief to just make it all go away. From convoluted CISO job descriptions, to interviews that take many months to complete, the real struggle begins when one finally gets the job. Why is being a CISO one of the most difficult leadership roles? What do many CISOs struggle with? And why should CISOs focus on people skills in order to deliver their mission? In this talk, Yaron Levi—CISO of Blue Cross and Blue Shield of Kansas City and co-host of the Cyber Security Leadership podcast—will share his views and experiences from the front lines and provide a path for security leaders to keep their sanity. | |
| Nov 12, 2020 9:45am - 10:00am (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 12, 2020 10:00am - 10:47am (Mountain) | The New National Cyber Power Index: Which Nations are Truly the Most Powerful in Cyber? Think you know which countries are the most powerful in the cyber realm? You may have some surprises coming. Julia Voo and her fellow researchers just published a first of its kind ranking called the National Cyber Power Index (NCPI). The research ranks cyber super-powers on a “whole of country approach.” The NCPI measures government strategies, capabilities for defense and offense, resource allocation, the private sector, workforce, and innovation. And its assessment is both a measurement of proven power and potential. Julia will unpack key findings, including areas where the U.S. and Canada are ranked lower than countries like Russia and China. Following this presentation and fireside chat, you may view cyber power in a brand new light. | |
| Nov 12, 2020 10:00am - 10:48am (Mountain) | [Panel] Lessons Learned from a Cloud-Based Remote Workforce The global pandemic forced us all into the cloud; some for the first time, while others have been enjoying its features for a while. The difference is those employees were going to work remote anyway. Now, we have people all over the place. What are we seeing as the dust settles around us? Are you finding someone didn’t configure things correctly? Do you know who all the vendors are now? Did the security team purchase these services or is someone using shadow IT? What about DevSecOps in the cloud? How do you manage multiple cloud providers? Is VPN the right way to go? We’ll task our panel with these questions and get a few insights into 2021. | |
| Nov 12, 2020 10:00am - 10:55am (Mountain) | Practical Considerations When Verifying Your Vendors’ Cybersecurity Controls As businesses grow, it becomes increasingly cheaper, more convenient, and more efficient to rely on third parties to take on certain business functions. However, the security of your organization’s assets is only as strong as the weakest link in your vendor chain. Embracing the “trust-but-verify” approach, this session offers helpful tips and areas to focus on when validating your vendors’ cybersecurity controls. Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.) | |
| Nov 12, 2020 10:30am - 10:45am (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 12, 2020 10:45am - 11:39am (Mountain) | The Changing Legal Enforcement in Cyber and Privacy With the changing legislation, here in the U.S. and globally, there is an increasing emphasis on enforcement of data privacy and cybersecurity, both by regulators and individuals. The ability to bring a private right of action by individuals is a sword that data subjects are using to enforce their rights, both in the U.S. and Europe. This session will provide a detailed update on key enforcement actions, with the courts and by agencies, to ensure that companies understand the challenges and their potential liabilities. | |
| Nov 12, 2020 10:45am - 11:21am (Mountain) | Detect Everything: Bringing Google Scale Threat Detection to Your SOC Skillful threat detection and investigation starts with a diverse hub of security telemetry to draw from. The Chronicle platform allows security teams to cost effectively store and analyze petabytes of security data in one place, and perform investigations in seconds. Join this session to learn all about what’s new in Chronicle and see it in action with a live demo. | |
| Nov 12, 2020 10:45am - 11:40am (Mountain) | Pivoting Your Information Security Program for the New World We are living in different times that demand different ways of thinking. Many existing Information Security tools have lost some visibility and viability. How has your thinking changed about your Information Security program? Maybe more important, what are you thinking the future will look like and how are you posturing your next purchase, hire or action to be prepared for the next pivot? We will talk about some questions you should be asking yourself, your team, your peers and your Executives. | |
| Nov 12, 2020 11:15am - 11:30am (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 12, 2020 11:30am - 12:07pm (Mountain) | The New NIST Phish Scale: Revealing Why End-Users Click Developed based on over four years of NIST phishing training data, the NIST Phish Scale is a DIY method for rating human phishing detection difficulty—key to understanding variability in phishing click rates. This talk will cover why end-users click, why it’s important to understand phishing detection difficulty, and how to use the NIST Phish Scale. Understanding what emails your end-users are susceptible to will help you better defend against phishing attacks in the wild. | |
| Nov 12, 2020 11:30am - 12:23pm (Mountain) | Ransomware and Digital Extortion: Legal Issues and Practical Responses Ransomware incidents increased sharply in 2019 due to organizations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses. This presentation will examine case studies of how ransomware is evolving, how organizations should prepare and respond to ransomware, and the legal issues surrounding payment of ransom demands, the compromise of sensitive information, and how to recover from an attack. | |
| Nov 12, 2020 11:30am - 12:30pm (Mountain) | [Panel] Threat Landscape in Flux: Emerging Threats The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing. | |
| Nov 12, 2020 12:15pm - 12:30pm (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 12, 2020 12:30pm - 1:22pm (Mountain) | [Mid-Day Keynote] Criminal Minds 401: A Glimpse into the Darkness How do our cyber adversaries think? Easy: like the rest of us. Well, with a slightly different optic. In this interactive presentation, Michael Anaya exposes the audience to real-world criminality and his observations of each. Michael will hone in on four critical elements (exhibited by all of his subjects) used to explain criminality. One key factor that the audience will learn is context. Understanding the context of one’s decision-making process is critical to explain their rationale and motivation. “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” — Sun Tzu | |
| Nov 12, 2020 1:00pm - 1:15pm (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 12, 2020 1:15pm - 2:00pm (Mountain) | Modern Cloud Security Considerations Transformational projects typically occur when an organization is ready to make significant investments in changing and updating technology. These projects are usually sponsored by the technology group and involve moving to the cloud and reevaluating all legacy platforms, applications, database, and business intelligence functions. This much change presents opportunities to modernize information security controls, but also challenges for the information security team. Modern Cloud Security Considerations will be presented within the context of a transformation project involving the Colorado Healthcare Exchange. | |
| Nov 12, 2020 1:15pm - 2:15pm (Mountain) | Cyber-Espionage: Out of the Shadows, into the Digital Crosshairs Cyber-espionage breaches pose a unique challenge. Through advanced techniques and a specific focus, cyber-espionage threat actors seek to swiftly gain access to heavily defended environments, laterally move with stealth, efficiently obtain targeted assets and data, and move out smartly (or even stay back and maintain covert persistence). The Verizon Cyber-Espionage Report is our first-ever data-driven publication that focuses on advanced cyberattacks. We’ve examined seven years of DBIR data for Cyber-Espionage breaches and all breaches. We identify the frameworks and tools needed to help improve capabilities to better prevent, mitigate, detect, and respond to these cyberattacks. The audience will take away the frameworks and tools needed to help improve capabilities to better prevent, mitigate, detect, and respond to these cyberattacks. These frameworks and tools include the VERIS framework, VIPR phases, NIST Cybersecurity Framework, and Center for Internet Security (CIS) Critical Security Controls (CSCs). | |
| Nov 12, 2020 1:45pm - 2:00pm (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 12, 2020 2:00pm - 2:55pm (Mountain) | [Closing Keynote] Wake Up Inspired: Cultivating Trust and Value for Your Team’s Success While “first, do no harm” is attributed to the ancient Greek physician Hippocrates, there is a similar calling for security practitioners. “Human Safety,” above all else, online or in-person, is a shared purpose amongst us, which includes the emotions, thoughts, and actions that security practitioners experience every minute of every day. As a student of Simon Sinek’s teachings, Cindi shares her own experiences that trust, and helping people feel valued and cared for, is key for leaders to inspire true loyalty on their teams and achieve outstanding results—no matter what the circumstances. Expect to walk away from this presentation feeling inspired. “We imagine a world in which the vast majority of people wake up inspired, feel safe wherever they are, and end the day fulfilled by the work they do.” | |
 | |||
Agenda
|
|