| Date and Time | Title | |
|---|---|---|
| May 6, 2021 8:00am - 9:00am (Central) | Exhibit Hall Open Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes. |  |
| May 6, 2021 8:15am - 9:05am (Central) | ISSA KC Chapter Meeting [Open to all attendees] Join the ISSA KC Chapter meeting to hear the future of the organization from ISSA International President Candy Alexander, and stay for the panel discussion on technology risk versus business risk. Aligning with the Business: Where Are We Going Wrong?Many in our profession now operate under a “business enablement” mindset. We recognize the fact that we must align security efforts with the needs of the business, or we will continue towards becoming irrelevant. But what does “aligning with the business” really mean? Some believe we may be misunderstanding this concept and applying it incorrectly within our organizations. Attend this panel discussion with the ISSA International leadership for an honest and possibly controversial take on aligning security with the business. | |
| May 6, 2021 8:15am - 8:55am (Central) | A Modern Approach to Information Protection Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021? | |
| May 6, 2021 9:00am - 9:59am (Central) | [Opening Keynote] Fireside Chat with Pentesters Arrested for Doing Their Job When an Iowa Sheriff arrested Coalfire pentesters Gary DeMercurio and Justin Wynn on the job, it sent shockwaves through the cybersecurity community. The two InfoSec professionals faced felony charges, jail time, and the possibility of a criminal record for doing what they were hired to do. And information security professionals faced a possible chilling effect around a common strategy for testing defenses. Now, Gary and Justin will tell their story on the SecureWorld New England virtual stage during a candid fireside chat. They will take us through what happened to them and share what they learned in the process. For more background, read our original news story here. | |
| May 6, 2021 9:45am - 10:00am (Central) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| May 6, 2021 10:00am - 10:37am (Central) | The Implementation Journey of Zero Trust and SASE: Realizing the Benefits Most organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems? In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition? In this session, James Christianson will discuss: | |
| May 6, 2021 10:00am - 10:58am (Central) | Reducing Complexity While Increasing Data Protection in Financial Services Financial service firms have a responsibility to provide fool-proof security to instill faith in customers, and send a strong message that combating threats is a prime objective. They cannot afford to be complacent, especially when the majority of information produced or utilized in financial services is private and sensitive, not to mention highly regulated. All this adds up to make cybersecurity vital to business. Building sustainable ongoing security starts with all-inclusive optics into the sensitivity of data and automated organization-wide control of it. Organizations can assemble all this with multiple solutions, but doing so is time-consuming, expensive, and can be fraught with integration woes. There’s a better way. This session takes a deep dive into reducing complexity in sensitive and private data protection, including:
| |
| May 6, 2021 10:00am - 10:42am (Central) | Security as an Innovation Lab Traditionally, security is seen as a cost center. What if we could flip that on its head by using security concepts to drive business revenue? Every department would want the security team at the table. In this session, I’ll talk about innovative ways to draw positive attention to information security in a way that makes people want to give time and resources to security. | |
| May 6, 2021 10:30am - 10:45am (Central) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| May 6, 2021 10:45am - 11:27am (Central) | Ransomware in Focus: How AI Stays One Step Ahead of Attackers As the world continues to endure ongoing global disruption, cyberattackers have been constantly updating their tactics in light of emerging trends. According to MIT Technology Review, 121 million ransomware attacks were recorded in the first half of 2020, each one attempting to encrypt private data and extort payment for its release. The automated elements of these attacks—malware that moves faster than security teams can respond—is one of the most damaging hallmarks of these ransomware campaigns. Join Justin Fier, Director of Cyber Intelligence & Analytics at Darktrace, as he unpacks the nuances of some of today’s most costly and advanced ransomware and shares how self-learning AI uniquely empowers organizations across industries to fight back. | |
| May 6, 2021 10:45am - 11:20am (Central) | Conquering Cloud Complexity Cloud security is hard, not least because cloud platforms change so quickly. This talk presents several lessons learned from security teams struggling to get their arms around the sprawl of modern infrastructure, using practical analogies from pandemics and earthquakes. | |
| May 6, 2021 10:45am - 11:20am (Central) | The Case for Security Automation This presentation will highlight the cost and benefits of engaging in security automation. Pedro will discuss what’s needed to get started, potential applications, and how it can be tied to other security components. | |
| May 6, 2021 11:15am - 11:30am (Central) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| May 6, 2021 11:30am - 12:06pm (Central) | Securing the Cloud Control Plane: How to Make Security Predictable in the Cloud In a new survey from Enterprise Strategy Group (ESG), 88% of respondents said their cybersecurity program needs to evolve to secure their cloud-native applications and use of public cloud infrastructure, with many citing challenges around maintaining visibility and consistency across disparate environments. Join CrowdStrike’s session to learn about cloud-native security challenges and how to prevent inconsistency, uncover misconfigurations, and improve visibility. Spencer Parker and Sowmya Karmali will highlight best practices that DevOps and SecOps teams can employ to secure your applications in the cloud. | |
| May 6, 2021 11:30am - 12:14pm (Central) | [Panel] Operationalizing Your Knowledge for Maximum Impact We have a lot of collective knowledge within security. However, we still have work to do to operationalize this for maximum impact within organizations. What kind of trends can we take advantage of given security’s rise in importance? Do organizations really know what they need when hiring cybersecurity leadership? What do organizations need to see more of from CISOs and information security teams? This panel will explore these questions and more. | |
| May 6, 2021 11:30am - 12:11pm (Central) | Get Beyond Compliance and Achieve Real Data Security To keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future. We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate. | |
| May 6, 2021 12:00pm - 12:15pm (Central) | Networking Break Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge. | |
| May 6, 2021 12:15pm - 1:04pm (Central) | From Technologist to CISO Are you a technician feeling the call towards leadership? Are you just interested in learning more about leadership? Just being a good tech is no guarantee of being a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge. Come to this session and join in a conversation about the path from the Information Security technical role to an IS leadership role. Learn the right knowledge that will be powerful in helping you become a great IS leader! | |
| May 6, 2021 12:15pm - 1:15pm (Central) | [Panel] Managing a Remote Workforce in the Cloud Our panelists will discuss the continued challenges with managing the remote workforce securely. Whether people go back to an office again is up in the air, but InfoSec and Operations must have processes and technology in place to keep the business running with an acceptable risk. Bring your questions for our panel. | |
| May 6, 2021 12:15pm - 12:45pm (Central) | Managing Insider Risk without Compromising Speed of Business As companies double down on time to innovation, time to market, and time to revenue, they are inherently introducing more risk from the inside. The more cloud-based, collaborative, and fast an organization becomes, the greater the Insider Risks posed to its people, technology, and data. The upside is that cloud collaboration tools make employees more productive. The downside is that these same tools make it easier to exfiltrate data. Adding to the complexities of working from home and off the corporate network, more employees are routinely using unauthorized devices, tools, and cloud-based applications to share files and ideas with colleagues. Join us to discuss the growing Insider Risk problem and how the right data protection methods can set security teams up for success, without slowing down company productivity. | |
| May 6, 2021 1:00pm - 1:15pm (Central) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| May 6, 2021 1:15pm - 2:14pm (Central) | [Panel] We Need a New Plan: Business Continuity, GRC, and Privacy The pandemic has taught InfoSec many lessons; among them, your IR/BC/DR plans must be scalable and flexible. Compliance and regulations still matter, and many states are initiating new data privacy and security laws. Our panel will go over some of the items you may have missed over the last year. Our experts will let you know which ones you need to really be concerned with and provide some guidance on what to include in your future Incident Response, Business Continuity, and Disaster Recovery plans. | |
| May 6, 2021 1:15pm - 2:16pm (Central) | [Panel] The Current Threatscape Even a pandemic didn’t slow the roll of hackers and other nefarious groups. Ransomware and BEC attacks are at an all-time high, and insider threats (malicious and unknowing) are on the rise, as well. It seems if a dollar is to be had, someone is trying to take it. So, how do we arm our clients, partners, and coworkers with the tools they need to identify these next-level threats? | |
| May 6, 2021 1:15pm - 2:14pm (Central) | VERIS A4 Threat Modeling VERIS, the Vocabulary for Event Recording and Incident Sharing, is a set of metrics designed to provide a common language for describing cybersecurity incidents (and data breaches) in a structured and repeatable manner. VERIS provides cyber defenders and intelligence practitioners with the ability to collect and share useful incident-related information—anonymously and responsibly—with others. The VERIS Framework underpins the Data Breach Investigations Report (DBIR); it’s what Verizon uses to codify the data and build this annual report. VERIS employs the A4 Threat Model to describe key aspects of incidents and breaches that affect victim organizations. Simply put, the A4 Threat Model seeks to answer: who (Actor) did what (Action) to what (Asset) in what way (Attribute) for threat modeling, intelligence analysis, breach mitigation, and detection / response improvement. Takeaways from this session will include: | |
| May 6, 2021 2:00pm - 2:15pm (Central) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| May 6, 2021 2:15pm - 3:14pm (Central) | [Closing Keynote] Digital Extortion Drama: Deconstructing the Ransomware Response Lifecycle This session is part drama and part virtual tabletop exercise. Cyber attorney Shawn Tuma will make the lifecycle of a successful ransomware attack come alive. From initial discovery and ransom negotiation, to IR team activation, to data recovery and restoration, all the way through the process to lingering litigation. Attend this session to more fully understand the impact a ransomware attack can create for any organization, including yours. | |
 | |||
Agenda
|
|