Agenda

Date and TimeTitle
Sep 23, 2021 (Eastern)
8:00am - 2:15pm
Exhibitor Hall Open

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

 
 
Sep 23, 2021 (Eastern)
8:15am - 9:00am
InfraGard Michigan Chapter Meeting

This session is open to all attendees. We welcome members and prospective members interested in the InfraGard Michigan Members Alliance. This meeting will consist of a “Fireside Chat” with Board Members, Infrastructure Section Chiefs, and our partners at the FBI.

AGENDA:

8:15-8:30 a.m.
Chris Christensen our VP will Open our session with a short slide presentation from the national office.

8:30-8:55 a.m.
Stephanie Scheuermann our President, Earl Duby, Nathan Faith, and Michael Glennon will have a roundtable discussion about what InfraGard the information sharing association is all about.

8:55 a.m.
Chris Christensen will close the meeting.

Sep 23, 2021 (Eastern)
9:00am - 9:58am
[Keynote] Ransomware as an Evolution of Cybercrime

The U.S. Secret Service has observed a marked uptick in the frequency, sophistication, and destructiveness of ransomware attacks against U.S. organizations. While this surge is due to a number of complex and interrelated factors, there are some key drivers of this cyberthreat that should be understood. Join this fireside chat with one of the leaders of the U.S. Secret Service to explore the origins of ransomware, how it continues to evolve, and steps that both the private and public sector can take right now to mitigate this risk.

Sep 23, 2021 (Eastern)
9:45am - 10:00am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Sep 23, 2021 (Eastern)
10:00am - 10:41am
Information Protection and Cloud Security Overview

Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?

Sep 23, 2021 (Eastern)
10:00am - 10:40am
How IoT Devices Are Driving Cyber Risk

In the new digital transformation age, companies are more susceptible to exposing their data to the internet. A recent research study conducted by RiskRecon and the Cyentia Institute found that firms with IoT devices exposed to the internet have a 62% higher prevalence of cyber risk issues and 86% of security findings related to IoT devices are rated as critical.

Learn how you can protect your organization from these IoT threats, and how to utilize continuous monitoring data to ensure that your vendors are not exposing their IoT devices to the internet, leaving you just as vulnerable.

Sep 23, 2021 (Eastern)
10:00am - 10:32am
Manual Processes, Be Gone: The Future of Third-Party Risk Management

Whether a start-up or an enterprise, you are probably working with multiple vendors, using their software and reliant on their systems. Yet while these external vendors provide invaluable services, they also introduce significant risk to your company’s information security.

How do you know if your vendors are meeting required contractual, security, and privacy obligations?

If you don’t have processes in place to assess the risks these third parties pose, then your answer is most likely you don’t. And this is critical: You need to know the risks of working with third parties and that you can trust them—because if they go down, your business may, too.

Assessing risk, however, can be incredibly complex. Traditional risk management approaches that rely on manual processes, spreadsheets and even survey methods don’t scale well and are not automated enough. And they certainly can’t support a third-party vendor network once it reaches a certain size: spreadsheets and email folders become overwhelming, ad hoc processes and reporting cycles create confusion, and manual reviews lead to missed issues and trends. In fact, the more successful an organization is—and the more third-party vendors they work with—the more automation and continuous monitoring are required.

Reciprocity works with companies of all sizes to help streamline and improve third-party risk management. Join Reciprocity CISO Scott McCormick and VP Rob Ellis as they walk you through:

  • Examples of vulnerabilities and common attack techniques
  • Steps to mature your third-party risk management program
  • How to implement automation and make your program more proactive (or continuous)
  • A case study detailing how ZenGRC helped Conversica drastically improve its compliance and risk posture, resulting in 60 saved days and $80k in hard savings
Sep 23, 2021 (Eastern)
10:00am - 10:43am
Modern Cyber Resiliance
Sep 23, 2021 (Eastern)
10:30am - 10:45am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Sep 23, 2021 (Eastern)
10:45am - 11:43am
Reducing Complexity While Increasing Data Protection in Financial Services

Financial service firms have a responsibility to provide fool-proof security to instill faith in customers, and send a strong message that combating threats is a prime objective. They cannot afford to be complacent, especially when the majority of information produced or utilized in financial services is private and sensitive, not to mention highly regulated. All this adds up to make cybersecurity vital to business.

Building sustainable ongoing security starts with all-inclusive optics into the sensitivity of data and automated organization-wide control of it. Organizations can assemble all this with multiple solutions, but doing so is time-consuming, expensive, and can be fraught with integration woes.

There’s a better way. This session takes a deep dive into reducing complexity in sensitive and private data protection, including:

  • How to dig deep across the enterprise into every place sensitive data may be stored, from data lakes to endpoint devices
  • The benefit of automatic policy-specific remediation, including masking, redaction, deletion, and encryption
  • How to scale data protection and compliance as data volumes increase
Sep 23, 2021 (Eastern)
10:45am - 11:11am
The Value of Continuous Security Validation

With cyber threats on the rise and the abundance of security controls and capabilities out there, how do you gain confidence in your ability to protect critical assets? Testing. Continuous validation of your controls and their capabilities. Let’s talk about how that looks and why it works.

Sep 23, 2021 (Eastern)
10:45am - 11:33am
Policies, Standards, Processes: Using a Free CSF to Create IS Policy Documents

Running an information security organization is often very reactive. As you fight your way through the jungle of chaos, you realize that you need rules, regulations, and controls to build a fortress to shelter your valuables against risks and threats. But how do you begin to get and keep everything under control? With your information security policy documents, of course. Creating usable policy documents is very tricky if you don’t know where to start or how to make them meaningful and enforceable. In this session:

  • We will discuss the differences between a policy, standard, process, and guideline.
  • You will receive an overview of how to use the free version of the HITRUST CSF to create Information Security policy documents.
  • We will view a sample of a policy and standard created from the free version of the HITRUST CSF.
Sep 23, 2021 (Eastern)
10:45am - 11:35am
Application Security: A Multi-Pronged Approach

If you’re reading this, it’s probably because you’ve been responsible at some level, or at some point in time, for protecting your enterprise applications. We are all aware that applications are subject to attackers’ attempts to either take an application offline or exfiltrate data from the application for sale on the Dark Web. So, how can you prevent application downtime or data exfiltration? Join us to look at the state of the art technologies used to prevent the most advanced attacks.

Sep 23, 2021 (Eastern)
11:15am - 11:30am
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Sep 23, 2021 (Eastern)
11:30am - 12:10pm
Getting Ahead of the Ransomware Operations Life Cycle

Join this session to learn about CrowdStrike’s most current understanding regarding the ever-prevalent ransomware threat and our observations around how the ransomware ecosystem has evolved over the last couple of years. Attendees of this session will benefit from the unique insights into the associated enablers of ransomware, including associated initial access techniques, ransomware-related business models, and our newest data around monetization schemes being leveraged by the eCrime extortion community. Lastly, CrowdStrike will close by proposing actionable recommendations that organizations can undertake in order to harden their cybersecurity environment against the ransomware threat.

Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

Sep 23, 2021 (Eastern)
11:30am - 12:10pm
Show Off the Skeletons in Your Closet

Blue Teams and cyber defenders do a great job at securing 95% of their assets, but everyone has skeletons in their closet—the legacy machines, unpatched software, and other security risks. Instead of pretending they don’t exist, let’s discuss how we can lead with this information to best secure the environment. Everyone has weaknesses; it’s time to highlight them and plan accordingly. We can all help each other in this process.

This is an action-oriented presentation that will help any defender identify, discover, and document their worst security issues and how to communicate the issues effectively to all levels of management. Once identified, now let’s address how to secure them as best as possible, especially when killing them is not an option.

Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

Sep 23, 2021 (Eastern)
11:30am - 12:08pm
A Critical Look at the Security Posture of the Fortune 500

The global pandemic has brought many changes to the IT landscape of corporations across the globe. To see how this has impacted the “best of the best,” Rapid7 Labs has reprised its seminal industry cyber exposure research from 2018 to see how the security posture of Fortune 500 organizations has evolved (or devolved), and to present solid advice to CISOs and practitioners looking to improve their cybersecurity practices.

Sep 23, 2021 (Eastern)
11:30am - 12:07pm
The Implementation Journey of Zero Trust and SASE: Realizing the Benefits

Most organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?

In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?

In this session, James Christianson will discuss:
·  How to migrate your security controls to take advantage of SASE
·  Reducing cost while increasing your security posture
·  Implementing a road map for SASE / Zero Trust

Sep 23, 2021 (Eastern)
12:00pm - 12:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Sep 23, 2021 (Eastern)
12:15pm - 12:58pm
Strategies for Client Cybersecurity Assurance
Sep 23, 2021 (Eastern)
12:15pm - 1:14pm
[Panel] It's a Zero Trust World

We used to go by the “trust but verify” philosophy, but that didn’t exactly secure the enterprise. It’s time to take a more proactive approach. The Zero Trust concept isn’t new, but it seems to address many of the current security and privacy needs of companies. This panel will highlight the pitfalls, wins, and what you need to know to live and work in a Zero Trust world.

 
 
Sep 23, 2021 (Eastern)
12:15pm - 1:15pm
[Panel] Cloud: Power and Peril

We are making history now, in the cloud. Organizations are utilizing cloud at record levels, revealing its power like never before. However, much of this shift was forced, and fast, which increased risk. And attackers are shifting, too. Join this panel as we unpack the power of the cloud and also its peril: current challenges, threats, and pitfalls.

 
 
Sep 23, 2021 (Eastern)
1:00pm - 1:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Sep 23, 2021 (Eastern)
1:15pm - 2:07pm
Demystifying Data Science for Modern Cyber Operations

With the explosion of connected devices, manual review of security events isn’t keeping pace (and hasn’t for a while). Data analytics is not a new concept to cybersecurity, and nearly all vendors proclaim its virtues. Then why do cyber professionals avoid unlocking the potential of data science techniques in daily operations?

This presentation tackles the fundamentals of data acquisition, graph analytics, artificial intelligence, and machine learning. Sound complicated? Don’t worry! This presentation isn’t for PhDs, it’s for real-world cyber operators. Practical examples in threat hunting, attack modeling, intelligence mapping, and event detection with open source tools included! Key takeaways will include:

  • How data science skills and techniques will further your career as a cyber operations professional
  • An introduction to the fundamentals of data science, including data acquisition, graph analytics, artificial intelligence, and machine learning
  • How to apply data science techniques to real-world cyber operations
  • An introduction to open source tools for network graphing and AI-enabled threat modeling

Presentation level: TECHNICAL (deeper dive including TTPs)

Sep 23, 2021 (Eastern)
1:15pm - 2:15pm
[Panel] Ransomware: Myths, Pitfalls, and New Insights

One thing we have learned over the past 18 months is that ransomware is very lucrative. Backups and cyber insurance have you covered, right? Not so fast. Misinformation abounds around digital extortion. Join our panel of experts as they unpack some of the myths and pitfalls around ransomware and offer valuable insight on how to keep your company out of the headlines!

 
Sep 23, 2021 (Eastern)
1:15pm - 1:41pm
Build vs. Buy: Advantages of a Pre-Built Solution

In this session, John Wilke will guide you through the advantages of a pre-built identity solution. He will review how identity used to be a cost center but now is viewed as a business enabler and strategic initiative. He will also help you compare the options when looking to build out a modern identity solution.

Sep 23, 2021 (Eastern)
1:15pm - 1:52pm
A Proven Approach to Embed Security into DevOps

The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach.

Join Stephen Gates, Checkmarx SME, where you’ll:

  • Discover the six proven steps of embedding software security into DevOps.
  • Learn how to ensure vulnerabilities and run-time risks are identified and remediated early in development.
  • Explore the benefits of AppSec integration and automation into the tooling your developers use.
  • Hear about new AppSec awareness and training approaches to improve developer secure coding skills.
Sep 23, 2021 (Eastern)
2:00pm - 2:15pm
Networking Break

Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.

Sep 23, 2021 (Eastern)
2:15pm - 3:14pm
[Closing Keynote] 2022 and Beyond Cyber Priorities