Agenda

Date and TimeTitle
Apr 8, 2021 (Eastern)
8:00am - 9:00am
Exhibitor Hall Open

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

 
 
Apr 8, 2021 (Eastern)
8:15am - 8:54am
How to Effectively Manage the Modern Risks of Open Source Code

Today’s modern applications depend on of a substantial amount of open source components and third-party libraries, and developers acknowledge that utilizing open source allows them to focus more on unique code attributes instead of recreating what’s already been successfully established. Although organizations acknowledge a heightened level of security, license, and operational risk, unfortunately, many don’t effectively track or manage open source throughout their entire code base and cannot consistently address the widening hazards they face.

As a result, organizations desire automated, repeatable processes for open source usage, risk management, and vulnerability remediation that fit within modern development environments.

In this session, attendees will hear recommendations from Stephen Gates, Checkmarx SME, on how to effectively implement an approach to:

  • Identify open source with confidence
  • Minimize open source security and license risks
  • Prioritize exploitable vulnerabilities
  • Accelerate informed remediation
  • Integrate and automate open source analysis

Presentation level: MANAGERIAL (security and business leaders)

Apr 8, 2021 (Eastern)
8:15am - 9:05am
Cloud Security Alliance Delaware Valley Chapter: Town Hall Meeting

Open to all attendees.

Board members of the CSA Delaware Valley Chapter will talk about where we’ve been, what we’ve been doing successfully during the pandemic, and what we have planned for 2021/22.

CSA-DV is led by a volunteer network of local cloud and cybersecurity professionals. It is the go-to resource for industry practitioners to learn and maintain their Cloud Security best practices knowledge, as well as for any individual in the local community interested in Cloud Security awareness. CSA-DV offers events, webinars, and various Cloud Security certificate training courses (such as CCSK Foundation, CCSK+, CCAK, and much more).

For more details, please visit our booth in the Exhibitor Hall and speak with one of our board members.

Apr 8, 2021 (Eastern)
8:15am - 8:54am
A Critical Look at the Security Posture of the Fortune 500

The global pandemic has brought many changes to the IT landscape of corporations across the globe. To see how this has impacted the “best of the best,” Rapid7 Labs has reprised its seminal industry cyber exposure research from 2018 to see how the security posture of Fortune 500 organizations has evolved (or devolved), and to present solid advice to CISOs and practitioners looking to improve their cybersecurity practices.

 
Apr 8, 2021 (Eastern)
9:00am - 10:00am
[Opening Keynote] Marching on in 2021: Cyber Resiliency in Security

The past year has served as an accelerant for digital innovation and, unfortunately, nation-state cybercrime. However, cybersecurity professionals are up for the challenge! Come hear this panel of security leaders, working across several verticals, as they debate and discuss:

  • Return to the workplace priorities for workforce resiliency
  • Pandemic lessons learned to continue digital transformation
  • Practical strategies for combating nation-state cybercrime
  • Mental health and coping strategies
Apr 8, 2021 (Eastern)
9:45am - 10:00am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 8, 2021 (Eastern)
10:00am - 11:00am
The Threat from Within: Creating an Effective Cyber Awareness Program

The basic “people problem” needs to be redefined and updated using science. For years, cybersecurity and data privacy advocates have been arguing that training employees is the only way to safeguard the organization. However, many organizations engage in cybersecurity training are forced to stare down the barrel of a data breach caused by one of those trained employees. The question becomes, why do we continue to repeat the same exercise expecting a different outcome?

In addition, the global pandemic has caused many organizations to operate remotely. And many are planning to operate with at least a portion of their employees being remote. This causes another operational hurdle for IT and IT security professionals.

This presentation will explain how cyber awareness training, in a traditional method, is a complete failure. We will discuss how using this traditional method of training can cause greater liability and threats to an organization. Finally, we will review how measuring an employee’s  Knowledge (K), Attitude (A), and Behavior (B) (“KAB”) toward cybersecurity can help to create tailored solution for cyber awareness training and provide a workforce the weapons they need to effectively stave off cyberthreats.

Apr 8, 2021 (Eastern)
10:00am - 10:40am
A Modern Approach to Information Protection

Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?

 
Apr 8, 2021 (Eastern)
10:00am - 10:45am
The #1 Challenge in the Digital Transformation to the Cloud—You!

Using public clouds for enterprise datacenters is now mainstream; the advantages are significant and the gained agility undisputable. However, the number of services and options being offered is daunting. And with these choices come consequences; one misconfiguration can put your entire organization at risk… or worse.

Another reality you will face as you scale is the challenge of using a “one-size-fits-all” interface. Imagine trying to find a misconfigured or exposed S3 bucket when you have thousands; it’s finding a needle in a stack of needles.

And, if you’re like most enterprises, you have a resource gap and don’t have the experienced, trained security professionals maintaining your cloud environment(s). This gap exacerbates risks. The cloud environments available today are extremely comprehensive and powerful, but in unskilled hands, one fat-finger can have dire consequences. And, as you implement ephemeral cloud-native services like Lambda functions and other cloud-native platform components, new challenges will arise when conducting threat-detection and attribution.

In this session, you’ll see your future and what to expect managing your public cloud-based datacenter. You’ll learn why Gartner says “Through 2023, at least 99% of cloud security failures will be the customer’s fault.” We will highlight the top challenges you will face and show you what you should prepare for before you scale. We will also detail recommended best practices for securing and maintaining compliance in your public cloud data center.

Apr 8, 2021 (Eastern)
10:00am - 10:29am
Faking It: Stopping Impersonation Attacks with Cyber AI

Today, 94% of cyber threats still originate in the inbox. “Impersonation attacks” are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or digital fakes, that expertly mimic the writing style of trusted contacts and colleagues.

Humans can no longer distinguish real from fake on their own, and businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response.

In an era when thousands of documents can be encrypted in minutes, “immune system” technology takes action in seconds—stopping cyber threats before damage is done.

Find out how in this session.

Apr 8, 2021 (Eastern)
10:30am - 10:45am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 8, 2021 (Eastern)
10:45am - 11:33am
Code on Code Warfare

During this talk we will review some security metrics from 2020, which includes common ways organizations are approaching complex security issues such as ransomware and advanced threat groups. During the discussion, we will provide some insight into alternative methods or considerations whereby we can use the power of compute to prevent, discover, and recover from advanced attacks.

 
Apr 8, 2021 (Eastern)
10:45am - 11:32am
Multi-Cloud Identity Management

Join this session as CISO Michael Meyer discusses and debunks the common myths about Multi-Cloud Identity Authorization Management (IAM). He will also delve into the inherent risks that are present, and discuss key strategies to reduce them and increase your organization’s security posture.

Apr 8, 2021 (Eastern)
10:45am - 11:26am
Get Beyond Compliance and Achieve Real Data Security

To keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.

We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-

Apr 8, 2021 (Eastern)
10:45am - 11:45am
Incredible Email Hacks You'd Never Expect

Email is still the #1 attack vector the bad guys use. A whopping 91% of cyberattacks start with a phishing email, but email hacking is much more than phishing and launching malware! Join us as we explore 10 ways hackers use social engineering to trick your end-users into revealing sensitive data or enabling malicious code to run.

You will learn:

•  How silent malware launches, remote password hash capture, and how rogue rules work
•  Why rogue documents, establishing fake relationships and getting you to compromise your ethics are so effective
•  Details behind clickjacking and web beacons
•  Actionable steps on how to defend against them all

If all you were worried about were phishing attempts, think again!

Apr 8, 2021 (Eastern)
11:15am - 11:30am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 8, 2021 (Eastern)
11:30am - 12:23pm
Observability at Scale in All-Remote Environments: Principles and Practice

InfoSec practitioners understand that observability and time-to-detection are crucial pieces of the security puzzle. However, data is often collected indiscriminately, stored unnormalized, retained for arbitrary periods of time, and sometimes even poorly understood. These issues make processing, baselining, and alerting on data sources harder than it should be.

In this session, Jayson Salazar, Sr. Security Automation Engineer @GitLab, will discuss in detail the principles, best practices, and tooling he’s relied on to continuously improve GitLab’s observability capabilities into its infrastructure. We will discuss technical, architectural, procedural, and compliance aspects surrounding successful logging, monitoring, and alerting operations for all-remote environments at scale. From Terraform, Serverless, Data-Store alternatives and Python as building blocks, over finding an architecture that meets your needs, all the way to Alert Triaging and Compliance, this is meant to be a guiding companion for Security departments at the beginning or midst of their observability journey.

Apr 8, 2021 (Eastern)
11:30am - 12:14pm
Artificial Intelligence: Applicable Rules and Regulations

This presentation is on the topic of Artificial Intelligence and the related state, federal, or international laws. Salar Atrizadeh will discuss the technology and how it affects intellectual property rights and privacy laws. He will also cover which technologies are being affected and how the courts are handling the legal disputes.

The audience will take away the following:

  • What is artificial intelligence?
  • What are the applicable rules and regulations?
  • How does AI affect intellectual property rights?
  • How does AI affect privacy laws?
  • What technologies are being affected?
  • How are the courts handling the legal disputes?
  • What are the European Commission and United States doing about it?
Apr 8, 2021 (Eastern)
11:30am - 12:07pm
The Implementation Journey of Zero Trust and SASE: Realizing the Benefits

Most organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?

In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?

In this session, James Christianson will discuss:
·  How to migrate your security controls to take advantage of SASE
·  Reducing cost while increasing your security posture
·  Implementing a road map for SASE / Zero Trust

Apr 8, 2021 (Eastern)
11:30am - 12:00pm
Hacking Exposed: Learning from the Adversaries

A look inside the techniques of OceanLotus / APT32

Fileless attacks and fileless malware have grown in sophistication, especially in their ability to obfuscate and hide from both traditional and next-generation anti-virus. With this ever growing threat, how do you train your systems to defend against it?

In this session, you will learn techniques to make your own weaponized document that is designed to not just bypass AV but also human threat hunters through a sophisticated method of obfuscation and the use of built-in trusted tools. The document is capable of allowing the attacker to gain remote access to the victim system and exfiltrate sensitive data. You will get to see, firsthand, the attack compromise both a Windows PC and a MacOS.

Join Blackberry’s Brian Robison to discover the techniques being used by APT32/OceanLotus to attack their victims and learn how to replicate them to better test your defenses.

Apr 8, 2021 (Eastern)
12:00pm - 12:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 8, 2021 (Eastern)
12:15pm - 1:13pm
[Lunch Keynote] Stop Slouching! Correct the Top 5 Weak Spots in Your Cloud Security Posture

It’s time to “sit up straight” and make the proper adjustments to correct weak cloud security posture and keep your cloud workloads secure. In this presentation, cloud security experts from AccessIT Group and Check Point will focus on five of the most common weak spots that they are seeing and the corrections needed to strengthen your cloud security posture. Learn from the experts on how to identify and mitigate your cloud security weaknesses.

 
Apr 8, 2021 (Eastern)
1:00pm - 1:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 8, 2021 (Eastern)
1:15pm - 2:10pm
[Panel] We Need a New Plan: Business Continuity, GRC, and Privacy

The pandemic has taught InfoSec many lessons; among them, your IR/BC/DR plans must be scalable and flexible. Compliance and regulations still matter, and many states are initiating new data privacy and security laws. Our panel will go over some of the items you may have missed over the last year. Our experts will let you know which ones you need to really be concerned with and provide some guidance on what to include in your future Incident Response, Business Continuity, and Disaster Recovery plans.

 
 
 
Apr 8, 2021 (Eastern)
1:15pm - 2:15pm
[Panel] Workforce 2.0: The New Normal

Our panelists will discuss the continued challenges with managing the remote workforce securely. Whether people go back to an office again is up in the air, but InfoSec and Operations must have processes and technology in place to keep the business running with an acceptable risk. Bring your questions for our panel.

 
 
Apr 8, 2021 (Eastern)
1:15pm - 1:56pm
Continuous Security Validation: Exercise Your Environment More than the Adversary

With Incident Response as the new normal, ensuring that our systems and processes support that effort and threat hunting are working as expected. We will discuss why and how to establish a Continuous Security Validation (CSV) program within your organization. Specifically, how such a program evolves beyond Breach and Attack Simulation (BAS) and provides teams a continuous feedback loop to understand their posture and identify gaps as they arise.

 
Apr 8, 2021 (Eastern)
1:15pm - 1:57pm
Making Your Risk Management Program a Key Line of Defense

This session will explain how to build a Security Risk Management Program and how to raise awareness to your key stakeholders. You’ll learn where to start your lines of defense, and most importantly, how to mature the program where your stakeholders are comfortable discussing and making risk-based decisions.

 
 
Apr 8, 2021 (Eastern)
2:00pm - 2:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 8, 2021 (Eastern)
2:15pm - 3:13pm
[Panel] Let's Talk About Clouds

It’s been a year now since many companies were forced to adopt cloud services or perish. For many, this was a huge shift and a leap of faith. This discussion will cover lessons learned, positives we have uncovered, and some of the new alphabet soup relating to cloud—CASB, SaaS, IaaS, etc.

 
Apr 8, 2021 (Eastern)
2:15pm - 3:15pm
[Panel] Ransomware, BEC Attacks, and Insider Threats - What's Next?

Even a pandemic didn’t slow the roll of hackers and other nefarious groups. Ransomware and BEC attacks are at an all-time high, and insider threats (malicious and unknowing) are on the rise, as well. It seems if a dollar is to be had, someone is trying to take it. So, how do we arm our clients, partners, and coworkers with the tools they need to identify these next-level threats?

 
 
Apr 8, 2021 (Eastern)
2:15pm - 3:08pm
Human Resilience: A Myth

Humans are not resilient—they get sick, die, retire, and can choose not to work for an organization. Currently, a CISO changes jobs on average every 18 months. Burnout is at an all-time high. Cybersecurity professionals feel undervalued and underutilized. Diversity continues to fight for its place on the team. While the cybersecurity industry is full of useful cyber resiliency insights and research, the human role in the resiliency chain is often overlooked. Together, we will define human resilience and the four-part solutions to create human resilience: individual, team, company, and industry.

Cybersecurity managers and leaders will leave this talk with a proactive talent resilience approach plan that will keep their talent from being vulnerable and/or from nullifying their overall resilience plans.

Presentation level: MANAGERIAL (security and business leaders)

Apr 8, 2021 (Eastern)
3:00pm - 3:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 8, 2021 (Eastern)
3:15pm - 4:14pm
Reducing Complexity While Increasing Data Protection in Financial Services

Financial service firms have a responsibility to provide fool-proof security to instill faith in customers, and send a strong message that combating threats is a prime objective. They cannot afford to be complacent, especially when the majority of information produced or utilized in financial services is private and sensitive, not to mention highly regulated. All this adds up to make cybersecurity vital to business.

Building sustainable ongoing security starts with all-inclusive optics into the sensitivity of data and automated organization-wide control of it. Organizations can assemble all this with multiple solutions, but doing so is time-consuming, expensive, and can be fraught with integration woes.

There’s a better way. This session takes a deep dive into reducing complexity in sensitive and private data protection, including:

  • How to dig deep across the enterprise into every place sensitive data may be stored, from data lakes to endpoint devices
  • The benefit of automatic policy-specific remediation, including masking, redaction, deletion, and encryption
  • How to scale data protection and compliance as data volumes increase
Apr 8, 2021 (Eastern)
3:15pm - 4:09pm
Data Breaches: Two Tales, Two Motives - Financial vs. Espionage

Financially motivated data breaches are similar to yet different from espionage motived data breaches. In this session, Verizon—producers of the annual Data Breach Investigations Report (DBIR)—will compare and contrast financially-motived and espionage-motived data breaches. Verizon will present this session through the lens of VERIS (Vocabulary for Event Recording and Information Sharing) Framework, to include the A4 Threat Model: Actors, Actions, Attributes, and Assets, and highlight key controls to counter data breaches.

Industry accepted frameworks and tools can help improve capabilities to better prevent, mitigate, detect, and respond to data breaches with Financial motives or Espionage motives. These frameworks and tools include the VERIS framework, VIPR phases, NIST Cybersecurity Framework, and Center for Internet Security (CIS) Critical Security Controls (CSCs).

Join this session and discover:

• A4 Threat Models aspects of Financial Motive Breaches
• A4 Threat Models aspects of Espionage Motive Breaches
• Comparison between motives and the countermeasures to take

Apr 8, 2021 (Eastern)
3:15pm - 4:05pm
Cloud Security Checklist Manifesto

Inspired by the best-selling book “The Checklist Manifesto” by surgeon Dr. Atul Gawande, this talk will focus on identifying and focusing on a Cloud Security checklist. Like the medical field where checklists are necessary to make complex life and death situations a little more manageable, we need a robust set of tasks that are absolutely required for any cloud infrastructure. This session will also provide information to build up a starter checklist that can grow with the cloud workload. This will also help organizations meet their audit and compliance requirements.

 
Apr 8, 2021 (Eastern)
3:15pm - 3:59pm
Examining the CMMC and the Reasoning Behind It

Join the Chairman of the Board at the CMMC Center of Excellence as he explores the logic behind the Cybersecurity Maturity Model Certification (CMMC), explains its objectives, and discusses resources your organization can use to meet certain levels of CMMC certification.

 
Apr 8, 2021 (Eastern)
4:00pm - 4:49pm
[Closing Keynote] The Resilient Enterprise: Securing the Virtual Workforce

Throughout the course of 2020, organizations have seen a transformational shift in the way that businesses operate. As we adapt to new realities, digital transformation has been accelerated in many areas, including how we protect our information assets. From entirely new threats to exacerbating existing threats, Information Security teams are at the forefront of enabling businesses to operate efficiently and securely in the new virtual-first world. We’ll deep dive into considerations that your organization should be making in technology, process, and policy as you work to secure your virtual workforce.