Agenda

Date and TimeTitle
May 6, 2021 (Central)
8:00am - 9:00am
Exhibit Hall Open

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

May 6, 2021 (Central)
8:15am - 9:05am
ISSA KC Chapter Meeting [Open to all attendees]

Join the ISSA KC Chapter meeting to hear the future of the organization from ISSA International President Candy Alexander, and stay for the panel discussion on technology risk versus business risk.

Aligning with the Business: Where Are We Going Wrong?

Many in our profession now operate under a “business enablement” mindset. We recognize the fact that we must align security efforts with the needs of the business, or we will continue towards becoming irrelevant. But what does “aligning with the business” really mean? Some believe we may be misunderstanding this concept and applying it incorrectly within our organizations. Attend this panel discussion with the ISSA International leadership for an honest and possibly controversial take on aligning security with the business.

May 6, 2021 (Central)
8:15am - 8:55am
A Modern Approach to Information Protection

Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?

May 6, 2021 (Central)
9:00am - 9:59am
[Opening Keynote] Fireside Chat with Pentesters Arrested for Doing Their Job

When an Iowa Sheriff arrested Coalfire pentesters Gary DeMercurio and Justin Wynn on the job, it sent shockwaves through the cybersecurity community. The two InfoSec professionals faced felony charges, jail time, and the possibility of a criminal record for doing what they were hired to do. And information security professionals faced a possible chilling effect around a common strategy for testing defenses. Now, Gary and Justin will tell their story on the SecureWorld New England virtual stage during a candid fireside chat. They will take us through what happened to them and share what they learned in the process.

For more background, read our original news story here.

May 6, 2021 (Central)
9:45am - 10:00am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

May 6, 2021 (Central)
10:00am - 10:58am
Reducing Complexity While Increasing Data Protection in Financial Services

Financial service firms have a responsibility to provide fool-proof security to instill faith in customers, and send a strong message that combating threats is a prime objective. They cannot afford to be complacent, especially when the majority of information produced or utilized in financial services is private and sensitive, not to mention highly regulated. All this adds up to make cybersecurity vital to business.

Building sustainable ongoing security starts with all-inclusive optics into the sensitivity of data and automated organization-wide control of it. Organizations can assemble all this with multiple solutions, but doing so is time-consuming, expensive, and can be fraught with integration woes.

There’s a better way. This session takes a deep dive into reducing complexity in sensitive and private data protection, including:

  • How to dig deep across the enterprise into every place sensitive data may be stored, from data lakes to endpoint devices
  • The benefit of automatic policy-specific remediation, including masking, redaction, deletion, and encryption
  • How to scale data protection and compliance as data volumes increase
May 6, 2021 (Central)
10:00am - 10:42am
Security as an Innovation Lab

Traditionally, security is seen as a cost center. What if we could flip that on its head by using security concepts to drive business revenue? Every department would want the security team at the table. In this session, I’ll talk about innovative ways to draw positive attention to information security in a way that makes people want to give time and resources to security.

May 6, 2021 (Central)
10:00am - 10:37am
The Implementation Journey of Zero Trust and SASE: Realizing the Benefits

Most organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?

In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?

In this session, James Christianson will discuss:
·  How to migrate your security controls to take advantage of SASE
·  Reducing cost while increasing your security posture
·  Implementing a road map for SASE / Zero Trust

May 6, 2021 (Central)
10:30am - 10:45am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

May 6, 2021 (Central)
10:45am - 11:20am
The Case for Security Automation

This presentation will highlight the cost and benefits of engaging in security automation. Pedro will discuss what’s needed to get started, potential applications, and how it can be tied to other security components.

May 6, 2021 (Central)
10:45am - 11:20am
Conquering Cloud Complexity

Cloud security is hard, not least because cloud platforms change so quickly.  This talk presents several lessons learned from security teams struggling to get their arms around the sprawl of modern infrastructure, using practical analogies from pandemics and earthquakes.

May 6, 2021 (Central)
10:45am - 11:27am
Ransomware in Focus: How AI Stays One Step Ahead of Attackers

As the world continues to endure ongoing global disruption, cyberattackers have been constantly updating their tactics in light of emerging trends. According to MIT Technology Review, 121 million ransomware attacks were recorded in the first half of 2020, each one attempting to encrypt private data and extort payment for its release. The automated elements of these attacks—malware that moves faster than security teams can respond—is one of the most damaging hallmarks of these ransomware campaigns.

Join Justin Fier, Director of Cyber Intelligence & Analytics at Darktrace, as he unpacks the nuances of some of today’s most costly and advanced ransomware and shares how self-learning AI uniquely empowers organizations across industries to fight back.

May 6, 2021 (Central)
11:15am - 11:30am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

May 6, 2021 (Central)
11:30am - 12:06pm
Securing the Cloud Control Plane: How to Make Security Predictable in the Cloud

In a new survey from Enterprise Strategy Group (ESG), 88% of respondents said their cybersecurity program needs to evolve to secure their cloud-native applications and use of public cloud infrastructure, with many citing challenges around maintaining visibility and consistency across disparate environments.

Join CrowdStrike’s session to learn about cloud-native security challenges and how to prevent inconsistency, uncover misconfigurations, and improve visibility. Spencer Parker and Sowmya Karmali will highlight best practices that DevOps and SecOps teams can employ to secure your applications in the cloud.

May 6, 2021 (Central)
11:30am - 12:14pm
[Panel] Operationalizing Your Knowledge for Maximum Impact

We have a lot of collective knowledge within security. However, we still have work to do to operationalize this for maximum impact within organizations. What kind of trends can we take advantage of given security’s rise in importance? Do organizations really know what they need when hiring cybersecurity leadership? What do organizations need to see more of from CISOs and information security teams? This panel will explore these questions and more.

 
May 6, 2021 (Central)
11:30am - 12:11pm
Get Beyond Compliance and Achieve Real Data Security

To keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.

We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.

May 6, 2021 (Central)
12:00pm - 12:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

 
 
 
May 6, 2021 (Central)
12:15pm - 12:45pm
Managing Insider Risk without Compromising Speed of Business

As companies double down on time to innovation, time to market, and time to revenue, they are inherently introducing more risk from the inside. The more cloud-based, collaborative, and fast an organization becomes, the greater the Insider Risks posed to its people, technology, and data. The upside is that cloud collaboration tools make employees more productive. The downside is that these same tools make it easier to exfiltrate data.

Adding to the complexities of working from home and off the corporate network, more employees are routinely using unauthorized devices, tools, and cloud-based applications to share files and ideas with colleagues.

Join us to discuss the growing Insider Risk problem and how the right data protection methods can set security teams up for success, without slowing down company productivity.

May 6, 2021 (Central)
12:15pm - 1:04pm
From Technologist to CISO

Are you a technician feeling the call towards leadership? Are you just interested in learning more about leadership? Just being a good tech is no guarantee of being a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge. Come to this session and join in a conversation about the path from the Information Security technical role to an IS leadership role. Learn the right knowledge that will be powerful in helping you become a great IS leader!

 
May 6, 2021 (Central)
12:15pm - 1:15pm
[Panel] Managing a Remote Workforce in the Cloud

Our panelists will discuss the continued challenges with managing the remote workforce securely. Whether people go back to an office again is up in the air, but InfoSec and Operations must have processes and technology in place to keep the business running with an acceptable risk. Bring your questions for our panel.

 
 
May 6, 2021 (Central)
1:00pm - 1:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

May 6, 2021 (Central)
1:15pm - 2:16pm
[Panel] The Current Threatscape

Even a pandemic didn’t slow the roll of hackers and other nefarious groups. Ransomware and BEC attacks are at an all-time high, and insider threats (malicious and unknowing) are on the rise, as well. It seems if a dollar is to be had, someone is trying to take it. So, how do we arm our clients, partners, and coworkers with the tools they need to identify these next-level threats?

 
May 6, 2021 (Central)
1:15pm - 2:14pm
VERIS A4 Threat Modeling

VERIS, the Vocabulary for Event Recording and Incident Sharing, is a set of metrics designed to provide a common language for describing cybersecurity incidents (and data breaches) in a structured and repeatable manner. VERIS provides cyber defenders and intelligence practitioners with the ability to collect and share useful incident-related information—anonymously and responsibly—with others. The VERIS Framework underpins the Data Breach Investigations Report (DBIR); it’s what Verizon uses to codify the data and build this annual report.

VERIS employs the A4 Threat Model to describe key aspects of incidents and breaches that affect victim organizations. Simply put, the A4 Threat Model seeks to answer: who (Actor) did what (Action) to what (Asset) in what way (Attribute) for threat modeling, intelligence analysis, breach mitigation, and detection / response improvement.

Takeaways from this session will include:
•  VERIS Framework Overview
•  A4 Threat Model Components
•  VERIS Use Cases

May 6, 2021 (Central)
1:15pm - 2:14pm
[Panel] We Need a New Plan: Business Continuity, GRC, and Privacy

The pandemic has taught InfoSec many lessons; among them, your IR/BC/DR plans must be scalable and flexible. Compliance and regulations still matter, and many states are initiating new data privacy and security laws. Our panel will go over some of the items you may have missed over the last year. Our experts will let you know which ones you need to really be concerned with and provide some guidance on what to include in your future Incident Response, Business Continuity, and Disaster Recovery plans.

 
May 6, 2021 (Central)
2:00pm - 2:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

May 6, 2021 (Central)
2:15pm - 3:14pm
[Closing Keynote] Digital Extortion Drama: Deconstructing the Ransomware Response Lifecycle

This session is part drama and part virtual tabletop exercise. Cyber attorney Shawn Tuma will make the lifecycle of a successful ransomware attack come alive. From initial discovery and ransom negotiation, to IR team activation, to data recovery and restoration, all the way through the process to lingering litigation. Attend this session to more fully understand the impact a ransomware attack can create for any organization, including yours.