Agenda

Date and TimeTitle
Jun 10, 2021 (Eastern)
10:00am - 11:00am
Exhibitor Hall Open

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

 
 
Jun 10, 2021 (Eastern)
10:15am - 10:43am
Protecting Government Organizations from Third-Party Breaches

The past year alone has revealed major vulnerabilities in critical infrastructure systems that resulted in immediate action to be taken by the White House. If there’s one lesson to be learned from the Colonial Pipeline attack and similar recent attacks such as the SolarWinds breach, it’s that companies must do everything they can to protect their critical infrastructure, environments, and networks.

Within the last year, nearly half of organizations were victims of a cyberattack that was caused by a third-party vendor. The effectiveness of hackers using third parties to infiltrate internal networks is still seen in attacks on critical infrastructure systems like water plants and gas pipelines. The only way to really know the threats emerging from sophisticated and advanced hacking methods is by assessing all points of vulnerability.

In this talk, Russell will discuss how government organizations can take action and put the right protocols in place to protect specifically against third-party breaches and provide actionable best practices using real life examples. With 54% of organizations not monitoring the security and privacy practices of third parties that they share sensitive or confidential information with on an ongoing basis, Russell will touch on why these organizations are so susceptible to attacks in the first place and the underlying issues when it comes to government entities using external vendors.

Jun 10, 2021 (Eastern)
10:15am - 10:54am
A Critical Look at the Security Posture of the Fortune 500

The global pandemic has brought many changes to the IT landscape of corporations across the globe. To see how this has impacted the “best of the best,” Rapid7 Labs has reprised its seminal industry cyber exposure research from 2018 to see how the security posture of Fortune 500 organizations has evolved (or devolved), and to present solid advice to CISOs and practitioners looking to improve their cybersecurity practices.

Jun 10, 2021 (Eastern)
10:15am - 11:14am
[Panel] How Industry, Government, and Higher Ed Can Collaborate to Train the Next Generation of Cyber Defenders

We have a well-known cybersecurity jobs gap, while at the same time, studies have shown that the current workforce is underemployed. Higher education institutions need to actively partner with companies and government organizations to co-create scalable cybersecurity education
that can bridge the skills gap, effectively prepare cybersecurity professionals to anticipate and adapt to evolving threats, and clear barriers to entry for a more diverse workforce.

Join a panel with leaders from higher education, government and industry who discuss best practices for co-creating scalable, relevant, and affordable cybersecurity training, including:

  • The skills and mindsets we need to be teaching our next generation of professionals
  • Partnership strategies for industry and government
  • Best practices for optimal co-curriculum design
  • How to find & nurture cybersecurity talent
Jun 10, 2021 (Eastern)
11:00am - 12:00pm
[Opening Keynote] Building the Future in Cybersecurity

Our panelists will explain their roles during COVID-19 and how they dealt with security challenges over the past year, then move on to discuss:

  • coming year priority projects
  • the ransomware surge and preparing for security incidents
  • their organization’s security culture and training to deal with issues
  • innovative, special projects they are most excited about moving forward
Jun 10, 2021 (Eastern)
11:45am - 12:00pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Jun 10, 2021 (Eastern)
12:00pm - 12:45pm
Using the CIS Controls to Measure and Support Your Security Program

In this session, you will learn what the CIS Controls are, why people use them, and how they can be used to grade the maturity of your security program. This will help you shape your security budget for the next few years.

Presentation Level: MANAGERIAL (security and business leaders)

Jun 10, 2021 (Eastern)
12:00pm - 12:38pm
Adapting Threat Management Strategy to Address Predator and Prey

The last year has forced us to make a paradigm shift to people as our perimeter. This evolution requires rethinking our approach to threat management and response. We will walk through an end-to-end method that incorporates the prey’s vulnerabilities concerning predatory threats.

You will leave with an understanding of how modeling adaptive threat management strategies differentiate responses for predators vs. prey.

Jun 10, 2021 (Eastern)
12:00pm - 12:57pm
The Evolution of Business Email Compromise

This session is led by two of the top Business Email Compromise (BEC) investigators at the U.S. Secret Service. BEC is rampant, and every agency or organization with funds to spend is at risk. Last year alone, the FBI Internet Crime Complaint Center (IC3) received more than 19,000 BEC/EAC (Email Account Compromise) complaints with adjusted losses of $1.8 billion.

How does this type of cyberattack start, how is it uncovered, and what should you do if you discover your organization is a victim? This session will use case studies to help answer these questions and explain practical steps your agency or organization can take to mitigate this risk.

Jun 10, 2021 (Eastern)
12:30pm - 12:45pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Jun 10, 2021 (Eastern)
12:45pm - 1:25pm
How to Accelerate Zero Trust Adoption Through End-to-End Visibility and Increased IT Ops Collaboration

It’s no surprise that Zero Trust initiatives are increasing in importance across federal, state, and local government institutions. New cybersecurity mandates and a boom in remote work due to COVID-19 are just two of the most common factors driving this demand. While the need for adopting Zero Trust is evident, the path to success is not.

In this presentation, Tom Roeh of ExtraHop’s Public Sector team will discuss important considerations for planning, implementing, operating, and securing a Zero Trust deployment. You’ll also learn practical steps Public Sector IT teams can take to achieve your Zero Trust mandate more rapidly and with lower risk. This includes the vital role end-to-end visibility and frictionless collaboration between IT ops teams play across Zero Trust rollout phases.

Jun 10, 2021 (Eastern)
12:45pm - 1:19pm
Top 4 Reasons Why Privileged Access Management Implementations Fail

It is shocking that, year over year, stealing credentials is still the top tactic used by attackers to breach organizations. Why is this still happening? Hint: It isn’t only because of weak passwords. Organizations have invested heavily into privileged access management (PAM) technologies, but these solutions have struggled to address the problem for five key reasons. In this discussion, we will address the gaps in current access management approaches but, more importantly, show you how to quickly close the gaps and significantly reduce security risks without disrupting your current investments or systems.

Join Remediant in this discussion to:

  • Learn the five reasons why privileged access management implementations fail
  • Identify areas in your IAM program where you can reduce admin access risk
  • Capitalize on existing investments, while improving your risk posture

Presentation level: TECHNICAL (deeper dive including TTPs)

Jun 10, 2021 (Eastern)
12:45pm - 1:42pm
What We Need Now: A National Cybersecurity Safety Board

No system for investigating and reporting on cyber attacks is perfect, and incentives will often be misaligned in this context. However, creating a National Cybersecurity Safety Board (NCSB), similar to the National Transportation Safety Board (NTSB), could help protect organizations and critical infrastructure more effectively than ever before. But how would such a Board function, and could it succeed where past public-private collaborations have failed given the rapid pace of technical innovation in the cybersecurity field? This session will examine the possibilities and limitations of such an approach within the broader context of critical infrastructure protection.

Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

Jun 10, 2021 (Eastern)
12:45pm - 1:20pm
A Holistic Cyber Defense Strategy

The threat landscape is evolving rapidly and so must the defense strategy. This presentation will walk through a holistic cybersecurity strategy for security and business leaders in today’s digital world. Key takeaways will include:

  • Understand what is the holistic cybersecurity approach and why it is important
  • Technology and technique involved in holistic cyber defense
  • Lessons learned and recommendations
Jun 10, 2021 (Eastern)
1:15pm - 1:30pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Jun 10, 2021 (Eastern)
1:30pm - 2:27pm
Zero to 60: Making Security Programmatic and Cultural at Princeton University

Join members of Princeton University’s Information Security Office as they discuss their mission, focus, and critical successes. Princeton’s multi-year program has already made an impact on the campus’s security mindset, including risk reduction, implementing new technologies, broadening security knowledge, and strengthening campus partnerships. From position papers, a secure password manager, and a creative awareness model, find out how this Ivy League institution went from zero to 60. Learn about Princeton’s approach to making security thinking both programmatic and cultural, and learn about ideas you can apply to your own organization.

Presentation level: MANAGERIAL (security and business leaders)

Jun 10, 2021 (Eastern)
1:30pm - 2:10pm
How IoT Devices Are Driving Cyber Risk

In the new digital transformation age, companies are more susceptible to exposing their data to the internet. A recent research study conducted by RiskRecon and the Cyentia Institute found that firms with IoT devices exposed to the internet have a 62% higher prevalence of cyber risk issues and 86% of security findings related to IoT devices are rated as critical.

Learn how you can protect your organization from these IoT threats, and how to utilize continuous monitoring data to ensure that your vendors are not exposing their IoT devices to the internet, leaving you just as vulnerable.

Jun 10, 2021 (Eastern)
1:30pm - 2:18pm
Code on Code Warfare

During this talk we will review some security metrics from 2020, which includes common ways organizations are approaching complex security issues such as ransomware and advanced threat groups. During the discussion, we will provide some insight into alternative methods or considerations whereby we can use the power of compute to prevent, discover, and recover from advanced attacks.

Jun 10, 2021 (Eastern)
2:00pm - 2:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Jun 10, 2021 (Eastern)
2:15pm - 3:15pm
[Panel] Government Workforce 2.0: The New Normal?

This panel will discuss the ongoing challenges for managing tele-work and the shifting workforce. InfoSec and Operations must have processes and technology in place to keep the agency or organization running while maintaining an acceptable level of risk. This discussion will explore best practices for securing the future of government work.

 
 
Jun 10, 2021 (Eastern)
2:15pm - 3:15pm
[Panel] No Perimeter: Securing Public Sector Work in the Cloud

The pandemic fueled massive digital adoption and increased the public’s willingness to interact virtually with government agencies and organizations. And cloud-based tools are also transforming the way Gov-Ed teams work. This panel will discuss trends, controls, and best practices for managing a secure cloud environment, to extend security well beyond the network’s perimeter.

 
 
Jun 10, 2021 (Eastern)
3:00pm - 3:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Jun 10, 2021 (Eastern)
3:15pm - 4:01pm
Ransomware Hindsight: As Attacks Surge, What Can We Learn from Previous Response?

Ransomware attacks are surging across the United States, often targeting government and education. That was certainly the case when 20 government agencies in Texas were attacked in a single day. Join this fireside chat as Texas CISO Nancy Rainosek shares what that day was like, how her team approached the attacks, and lessons they learned from remediating them. These insights could help your agency in the future.

 
Jun 10, 2021 (Eastern)
3:15pm - 4:10pm
Application Security: A Multi-Pronged Approach

If you’re reading this, it’s probably because you’ve been responsible at some level, or at some point in time, for protecting your enterprise applications. We are all aware that applications are subject to attackers’ attempts to either take an application offline or exfiltrate data from the application for sale on the Dark Web. So, how can you prevent application downtime or data exfiltration? Join us to look at the state of the art technologies used to prevent the most advanced attacks.

 
Jun 10, 2021 (Eastern)
3:15pm - 3:59pm
Examining the CMMC and the Reasoning Behind It

The Deputy Principal Cyber Advisor for the DoD recently told the Senate Armed Services Cybersecurity Subcommittee that the Cybersecurity Maturity Model Certification (CMMC) is part of a crucial effort: “Our goal must be to complicate and frustrate adversary planning and operations such that they cannot conduct them with impunity or at scale.”

In this session, join the Chairman of the Board at the CMMC Center of Excellence as he explores the logic behind the Cybersecurity Maturity Model Certification, its objectives, and its security benchmarks.

Jun 10, 2021 (Eastern)
3:15pm - 4:15pm
[Panel] Threat Landscape in Flux: Emerging Threats

The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.

 
Jun 10, 2021 (Eastern)
4:00pm - 4:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Jun 10, 2021 (Eastern)
4:15pm - 5:13pm
[Closing Keynote] Intel Briefing: How Cyber Goes to War—and Why You're in the Fight

Nations and trans-national organizations that would lose a military fight against the U.S. are using cyber as a weapon of choice and a way to level the playing field. In this presentation, CNN Military Analyst and strategic risk advisor Colonel Cedric Leighton (USAF, Ret.) will brief us on the evolution of the nation-state and trans-national cyber threat. He will examine the top four players, their methods, their motives, and their targets. Plus, we’ll look at how Israel targeted Hamas’ cyber capabilities in their most recent conflict. Then, Colonel Leighton will put forward his plan for better defending our government agencies and critical infrastructure against these threats.