Agenda

Date and TimeTitle
Apr 22, 2021 (Eastern)
8:00am - 9:00am
Exhibitor Hall Open

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

 
 
Apr 22, 2021 (Eastern)
8:15am - 8:56am
Get Beyond Compliance and Achieve Real Data Security

To keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.

We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.

Apr 22, 2021 (Eastern)
8:15am - 9:00am
Stay Ahead: Prep and Protect Your Workforce for a Post-Pandemic World

Organizations worldwide transformed their ways of working with the onset of the COVID-19 pandemic. Now, we’re all forced to face new uncertainties as we transition to a post-pandemic world. Meanwhile, threat actors and cybercriminals are evolving their tactics to take advantage of these hazy times and of the pandemic’s disruption as seen by recent surges in attacks across all industry sectors. This new phase of the modern workforce threatens more disruptive change and unpredictability. Join us to better understand what organizations such as yours should be focusing on to avoid being the next victim and stay a step ahead of the world’s leading cybercriminals.

 
Apr 22, 2021 (Eastern)
8:15am - 8:48am
Top 4 Reasons Why Privileged Access Management Implementations Fail

It is shocking that, year over year, stealing credentials is still the top tactic used by attackers to breach organizations. Why is this still happening? Hint: It isn’t only because of weak passwords. Organizations have invested heavily into privileged access management (PAM) technologies, but these solutions have struggled to address the problem for five key reasons. In this discussion, we will address the gaps in current access management approaches but, more importantly, show you how to quickly close the gaps and significantly reduce security risks without disrupting your current investments or systems.

Join Remediant in this discussion to:

  • Learn the five reasons why privileged access management implementations fail
  • Identify areas in your IAM program where you can reduce admin access risk
  • Capitalize on existing investments, while improving your risk posture

Presentation level: TECHNICAL (deeper dive including TTPs)

Apr 22, 2021 (Eastern)
9:00am - 9:47am
[Opening Keynote] Moving Forward in 2021: What We've Learned, Where Security Goes Next

Join this session to hear from security leaders in Atlanta and Charlotte discuss what kind of pandemic lessons will help fuel digital innovation going forward, how security teams are working together in the evolution of the workplace, and what security’s ideal role will be as we move forward.

Apr 22, 2021 (Eastern)
9:45am - 10:00am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 22, 2021 (Eastern)
10:00am - 10:30am
Faking It: Stopping Impersonation Attacks with Cyber AI

Today, 94% of cyber threats still originate in the inbox. “Impersonation attacks” are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or digital fakes, that expertly mimic the writing style of trusted contacts and colleagues.

Humans can no longer distinguish real from fake on their own, and businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response.

In an era when thousands of documents can be encrypted in minutes, “immune system” technology takes action in seconds—stopping cyber threats before damage is done.

Find out how in this session.

Apr 22, 2021 (Eastern)
10:00am - 10:59am
Incredible Email Hacks You'd Never Expect

Email is still the #1 attack vector the bad guys use. A whopping 91% of cyberattacks start with a phishing email, but email hacking is much more than phishing and launching malware! Join us as we explore 10 ways hackers use social engineering to trick your end-users into revealing sensitive data or enabling malicious code to run.

You will learn:

•  How silent malware launches, remote password hash capture, and how rogue rules work
•  Why rogue documents, establishing fake relationships and getting you to compromise your ethics are so effective
•  Details behind clickjacking and web beacons
•  Actionable steps on how to defend against them all

If all you were worried about were phishing attempts, think again!

Apr 22, 2021 (Eastern)
10:00am - 10:57am
Enemies Among Your Friends: Vendor Management in a Post SolarWinds World

We have had one of the most seismic shifts in the world of data privacy and cybersecurity in the SolarWinds breach. In this single incident, we see the convergence of what security and data privacy experts have been railing about for years: namely, the terrifying reality of prolonged access to a system and a robust supply chain breach.

One of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. You are only as strong as the weakest link in your vendor chain. The ease, convenience, and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third parties and vendors.

This presentation will include technology and legal perspectives as we “unpack” the SolarWinds breach. Providing interplay between the two worlds, we will begin with a technology overview of the “reach of the breach,” then discuss the legal ramifications in terms of contractual obligations, insurance coverage, and regulatory issues. Finally, we will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements. We will go through the steps involved in a vendor management program and explain how to get started (or how to get better) at managing vendors.

Apr 22, 2021 (Eastern)
10:00am - 10:37am
A Proven Approach to Embed Security into DevOps

The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach.

Join Stephen Gates, Checkmarx SME, where you’ll:

  • Discover the six proven steps of embedding software security into DevOps.
  • Learn how to ensure vulnerabilities and run-time risks are identified and remediated early in development.
  • Explore the benefits of AppSec integration and automation into the tooling your developers use.
  • Hear about new AppSec awareness and training approaches to improve developer secure coding skills.
Apr 22, 2021 (Eastern)
10:30am - 10:45am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 22, 2021 (Eastern)
10:45am - 11:27am
Cloud Encryption Dynamics

The emergence of cloud computing resulted in a boom in attention on encryption. Where has encryption benefited cloud computing, and where have hopes been dashed? What are today’s models, and what impact will the latest technologies—confidential computing, privacy preserving encryption, homomorphic encryption, for example—have in the years ahead? This session will provide an overview of cloud encryption dynamics that probably contradicts at least one thing you believe on that topic. Come join this session and learn from someone that’s lived in the trenches and values constructive debate.

Paul Rich is the Executive Director of Data Management & Protection at JPMorgan Chase & Co. From 1998 to 2019, he worked at Microsoft where he worked with encryption technologies and developed new features in Office 365 for protecting customer data. Paul aspires to evangelize unfortunate truths and debunk popular myths regarding encryption and cloud computing.

Apr 22, 2021 (Eastern)
10:45am - 11:25am
A Modern Approach to Information Protection

Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?

 
Apr 22, 2021 (Eastern)
10:45am - 11:15am
Hacking Exposed: Learning from the Adversaries

Fileless attacks and fileless malware have grown in sophistication, especially in their ability to obfuscate and hide from both traditional and next-generation anti-virus. With this ever growing threat, how do you train your systems to defend against it?

In this session, you will learn techniques to make your own weaponized document that is designed to not just bypass AV but also human threat hunters through a sophisticated method of obfuscation and the use of built-in trusted tools. The document is capable of allowing the attacker to gain remote access to the victim system and exfiltrate sensitive data. You will get to see, firsthand, the attack compromise both a Windows PC and a MacOS.

Join Blackberry’s Brian Robison to discover the techniques being used by APT32/OceanLotus to attack their victims and learn how to replicate them to better test your defenses.

Apr 22, 2021 (Eastern)
11:15am - 11:30am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 22, 2021 (Eastern)
11:30am - 12:07pm
The Implementation Journey of Zero Trust and SASE: Realizing the Benefits

Most organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?

In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?

In this session, James Christianson will discuss:
·  How to migrate your security controls to take advantage of SASE
·  Reducing cost while increasing your security posture
·  Implementing a road map for SASE / Zero Trust

Apr 22, 2021 (Eastern)
11:30am - 12:17pm
The Challenge of Detecting Threats in the Cloud

Detecting threats in the cloud presents several challenges: dealing with new technologies and facing new threat scenarios, exacerbated by the COVID-19 accelerated cloud adoption. Gartner indicates that organizations have been expanding their adoption of cloud security-oriented tools, such as Cloud Security Posture Management (CSPM) and Cloud Access Security Broker (CASB), as they try to keep cloud-related threats under control. However, not all organizations have an interest in adopting all these added technologies, and even when they do, the challenge of integrating them into their security monitoring infrastructure remains.

Join this discussion to learn:

  • What are the differences between traditional threats and cloud threats?
  • How to align your security monitoring architecture to the new cloud monitoring requirements
  • How to optimize cloud security monitoring with a cloud-first SIEM approach
Apr 22, 2021 (Eastern)
11:30am - 12:20pm
What We Need Now: A National Cybersecurity Safety Board

No system for investigating and reporting on cyber attacks is perfect, and incentives will often be misaligned in this context. However, creating a National Cybersecurity Safety Board (NCSB), similar to the National Transportation Safety Board (NTSB), could help protect organizations and critical infrastructure more effectively than ever before. But how would such a Board function, and could it succeed where past public-private collaborations have failed given the rapid pace of technical innovation in the cybersecurity field? This session will examine the possibilities and limitations of such an approach within the broader context of critical infrastructure protection.

Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

Apr 22, 2021 (Eastern)
11:30am - 12:07pm
Taking an APPSECond

Taking an APPSECond to understand security vulnerabilities in mobile application development. This presentation will show how mobile applications are being utilized to stand up parallel businesses by exploiting weaknesses in those applications. These exploits go unseen in most cases, however, through a series of live demonstrations, will show how the exposures can be detected and mitigated.

Learning objectives:

  • Understand the methodologies utilized by cybercriminals to create businesses using exploited mobile applications
  • How the business activity is hiding in plain sight
  • What steps can be taken to mitigate and potentially disrupt the cybercriminal’s business at the expense of your company’s applications.

Additional take-aways:

  • See how and where the “activity” is conducted to perform these criminal acts
  • How to identify malicious activity associated with mobile applications “beyond the scan”
  • Enhance current security practices on what controls are bypassed by utilizing existing company resources

Who should attend:
Anyone involved in defending critical infrastructure information networks and systems, those developing software for critical infrastructure systems, or organizational IT leaders and managers

Apr 22, 2021 (Eastern)
12:00pm - 12:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 22, 2021 (Eastern)
12:15pm - 1:05pm
Not Just a Checkbox Anymore: InfoSec Policies that Drive Accountability and Security-Mindedness

Security policies are a foundational requirement of any security program. Most of us have them, auditors review them, and we update them annually. That is a good start, but are your policies working for you in a way that advances your security program? A well-designed policy structure coupled with strategic communication, training, and processes will enable organizational clarity, gain executive buy-in, drive accountability, and even help advance security culture.

Tina Meeker, CISSP, CIPP/US, and Sr. Director of Information Security for Sleep Number, will share proven practices to help you take your policy design and operational practices to the next level (or build from scratch) based on her experience in this space for over 15 years across several organizations across various industries.

In this session, you will learn how to:

  • Architect a policy structure that fits your organization’s needs
  • Gain buy-in from the top and key stakeholders early and often
  • Identify key stakeholders to develop and deliver custom messaging (and training if needed) and drive ownership and accountability
  • Establish a simple “policy operations” process to help capture challenges and exceptions and to ensure proper visibility to risks
  • Evolve policy over time, staying in line with business capabilities and priorities
Apr 22, 2021 (Eastern)
12:15pm - 1:14pm
[Panel] The Rise of Ransomware

Even a pandemic didn’t slow the roll of hackers and other nefarious groups. Ransomware attacks are at an all-time high. It seems if a dollar is to be had, someone is trying to take it. So, how do we arm our clients, partners, and coworkers with the tools they need to identify these next-level threats?

 
 
Apr 22, 2021 (Eastern)
12:15pm - 1:15pm
[Panel] Workforce 2.0: The New Normal

Our panelists will discuss the continued challenges with managing the remote workforce securely. Whether people go back to an office again is up in the air, but InfoSec and Operations must have processes and technology in place to keep the business running with an acceptable risk. Bring your questions for our panel.

 
 
Apr 22, 2021 (Eastern)
12:15pm - 12:55pm
Success Factors for Securing a Multi- or Hybrid-Cloud Environment

More organizations are experiencing the benefits of public cloud infrastructure—all of which enables development teams to select the best infrastructure for their application, such as one cloud provider over another, or leveraging the data center to host a portion of their assets and resources. But it creates a security challenge, since the security tooling for one cloud service provider is often not portable to another, and the tooling for the data center is not optimized for the cloud. The result is multiple dashboards, reduced productivity, increased costs, and gaps in security controls. Join us to learn about better ways to secure these diverse and complex environments.

Apr 22, 2021 (Eastern)
1:00pm - 1:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 22, 2021 (Eastern)
1:15pm - 2:14pm
[Panel] Let's Talk About Clouds

It’s been a year now since many companies were forced to adopt cloud services or perish. For many, this was a huge shift and a leap of faith. This discussion will cover lessons learned, positives we have uncovered, and some of the new alphabet soup relating to cloud—CASB, SaaS, IaaS, etc.

 
Apr 22, 2021 (Eastern)
1:15pm - 1:59pm
How to Achieve Your Cybersecurity Career Goals So You Can Reclaim Your Joy

This inspirational and empowerment session will address steps to take to avoid persistent procrastination, how to activate those steps and identify destiny threats that can undermine your personal development. You want to achieve your career goals in the industry, but some things are hindering your progress. It is time to address them. You will be empowered to activate, implement your goals, and push through to elevate your career.

 
Apr 22, 2021 (Eastern)
1:15pm - 2:12pm
[Panel] Insider Threat: The Good, the Bad, and the Ugly!

 

 
Apr 22, 2021 (Eastern)
2:00pm - 2:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Apr 22, 2021 (Eastern)
2:15pm - 3:02pm
[Closing Keynote] Identity and Access Management: A Case Study from Harvard Medical School

Good identity management is one of the keys to good cyber hygiene within an organization, but it’s not without its fair share of challenges. Consider a large university with several schools within it, as well as a medical facility. You’ve got students, faculty, doctors, patients, and a host of random visitors all expecting access to your network.

In this keynote address from Joe Zurba, CISO at Harvard Medical School, we will hear first-hand insight about his team’s approach to developing a robust and cohesive identity strategy: how they give the right levels of access to the right people, and how they track all of the moving pieces. We will also evaluate best practices in managing key components of identities, including: verification, validation, lifecycle management, and password management. Join us for this unique opportunity to get an insider’s perspective on cybersecurity at one of the most prestigious institutions in the nation.
Presentation Level:
GENERAL (InfoSec best practices, trends, solutions, etc.)