Agenda

Date and Time	Title
Oct 14, 2021 8:00am - 9:00am (Central)	Exhibitor Hall Open Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.
Oct 14, 2021 8:15am - 9:03am (Central)	Data Protection: Action and Reaction Protecting data is a critical component of any enterprise security strategy. We will discuss trends observed in a survey and presented in the 2021 Thales Data Threat Report. Ransomware has been a topic of significant concern recently, given the increasing number of targeted attacks. We’ll offer some recommendations to address this menace. Finally, we’ll go over the recent Executive Order in response to increasing security incidents, discuss sections of the executive order that pertain to data protection, and present Thales’ perspective to address it.
Oct 14, 2021 8:15am - 8:50am (Central)	Conquering Cloud Complexity Cloud security is hard, not least because cloud platforms change so quickly. This talk presents several lessons learned from security teams struggling to get their arms around the sprawl of modern infrastructure, using practical analogies from pandemics and earthquakes.
Oct 14, 2021 8:15am - 8:40am (Central)	The Value of Continuous Security Validation With cyber threats on the rise and the abundance of security controls and capabilities out there, how do you gain confidence in your ability to protect critical assets? Testing. Continuous validation of your controls and their capabilities. Let’s talk about how that looks and why it works.
Oct 14, 2021 8:15am - 9:00am (Central)	Ransomware Hindsight: As Attacks Surge, What Can We Learn from Previous Response? Ransomware attacks are surging across the United States, often targeting government and education. That was certainly the case when 20 government agencies in Texas were attacked in a single day. Join this fireside chat as Texas CISO Nancy Rainosek shares what that day was like, how her team approached the attacks, and lessons they learned from remediating them. These insights could help your agency in the future.
Oct 14, 2021 9:00am - 10:00am (Central)	[Opening Keynote] Cybersecurity Habits to Help Secure Your Organization Cybersecurity should be understood as a series of nine habits that we must pursue. Doing so can greatly increase the security posture of an organization. Join author and CISO George Finney as he explores implementing these habits, changing our behaviors, and the power of these shifts to help combat most information security problems. George’s new book, “Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future,” is available for purchase here: https://www.amazon.com/Well-Aware-Master-Cybersecurity-Protect/dp/1626347352
Oct 14, 2021 9:45am - 10:00am (Central)	Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
Oct 14, 2021 10:00am - 10:40am (Central)	Anatomy of a Ransomware ATT&CK This session will dive into a ransomware attack, from initial compromise through the detection opportunities leading up to widespread infection.
Oct 14, 2021 10:00am - 10:46am (Central)	Staying Resilient: Small and Medium Enterprises (SMEs) and Cybersecurity Small and Medium Enterprises (SMEs) are the backbone of U.S. and European economies. SMEs are significant drivers of economic growth, job creation, and new innovation. Technology enables businesses to increase connectivity and engagement with their customers, and can provide SMEs with a better understanding of their customer base. Today’s digitally connected environments lead to greater risk of data breach or service disruptions. One of the greatest challenges for SMEs is to keep running the operations while keeping themselves protected from ongoing attacks. Cybercriminals are no longer targeting larger enterprises alone. Larger enterprises have overall better security, so targeting them requires more resources in terms of time and money, whereas 90% of cybercriminals are lazy and want to get easy access and do quick damage. SMEs are lucrative to cybercriminals as they can be easy targets, and also, due to digital connectivity, are a step closer to larger organizations that SMEs partner with. Key questions we will cover: What does downtime due to a cyberattack mean to an SME? What data resides in SME networks that needs to be secured? How do SMEs build cyber resilience? What should an SME budget for a cybersecurity program be? Presentation level: MANAGERIAL (security and business leaders)
Oct 14, 2021 10:00am - 10:51am (Central)	Different, Yet Better Together: Data Security and Data Privacy Standard data security controls are excellent at ensuring that data stays secure and is only accessed by those with appropriate permissions. But where security fails is knowing the information that privacy requires, such as where the data came from, why the data is being stored, who the data belongs to, who it’s shared with, and how long it will be retained. The answers to those questions for every system or data element has an impact on which security controls a company needs to have in place. In this session, data expert Akshay Kumar details the crucial intersection between data security and data privacy, including: The key differences between data security and data privacy Why it’s possible to have security without privacy, but impossible to have privacy without security How to enable and support both security and privacy when it comes to data
Oct 14, 2021 10:00am - 10:40am (Central)	Getting Ahead of the Ransomware Operations Life Cycle Join this session to learn about CrowdStrike’s most current understanding regarding the ever-prevalent ransomware threat and our observations around how the ransomware ecosystem has evolved over the last couple of years. Attendees of this session will benefit from the unique insights into the associated enablers of ransomware, including associated initial access techniques, ransomware-related business models, and our newest data around monetization schemes being leveraged by the eCrime extortion community. Lastly, CrowdStrike will close by proposing actionable recommendations that organizations can undertake in order to harden their cybersecurity environment against the ransomware threat. Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)
Oct 14, 2021 10:30am - 10:45am (Central)	Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
Oct 14, 2021 10:45am - 11:24am (Central)	From Authentication to Audit: How to Secure Third-Party Connectivity The risks associated with third-party remote access into an organization’s network grow daily. We regularly see breaches in the headlines that, time and time again, turn out to be the result of unsecured remote access. While the risks and the damages are growing, so is the need for secure third-party remote access. In this session, we’ll review the third-party lifecycle, discuss how to identify vulnerabilities in remote access, and hone in on managing connectivity from authentication to audit. If you manage an enterprise network and can’t identify every third-party user on your network by name and tie their identity back to their session activity, then join us to learn about the gaps in the lifecycle you can address to protect your organization.
Oct 14, 2021 10:45am - 11:22am (Central)	A Proven Approach to Embed Security into DevOps The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach. Join Stephen Gates, Checkmarx SME, where you’ll: Discover the six proven steps of embedding software security into DevOps. Learn how to ensure vulnerabilities and run-time risks are identified and remediated early in development. Explore the benefits of AppSec integration and automation into the tooling your developers use. Hear about new AppSec awareness and training approaches to improve developer secure coding skills.
Oct 14, 2021 10:45am - 11:32am (Central)	Zero Trust and Battling Insider Threats Remote work has soared, and organizations are facing rapid change in their workforces. What’s really different about the situation? What can we do about ransomware, data exfiltration, and other threats given the new realities?
Oct 14, 2021 10:45am - 11:31am (Central)	We Are All Collateral Damage Casualties of the Ongoing Cyber War Today, one can make the argument that on some level all commerce is eCommerce and that the safety and prosperity of the places we work and communities we live in depend on a safe and secure internet. But how safe can we be when the titans for global geopolitics are engaged in an undeclared asymmetrical conflict that uses all aspects of national power that operate in the cyber domain? The old school modalities of propaganda, disinformation, espionage, intellectual property theft, and sabotage have greater reach and capabilities in our digitally connected world. Let’s look at a brief history of the conflict from Estonia, NotPetya, to Colonial Pipeline and then ask the question: is there a technical solution to the conflict, or is it time to consider cyber arms control?
Oct 14, 2021 11:15am - 11:30am (Central)	Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
Oct 14, 2021 11:30am - 12:29pm (Central)	[Panel] Third-Party Risk: Managing Your Partners At any given moment, a company could take a snapshot of its risk and stay busy trying to seal up all of its own holes (or accept them for what they are) in security. But what about the businesses that support you? How do you know that Fred’s band has a secure API for its clients? Does ACME really need access to our HR files? Why do we keep getting old invoices from ABC Parts Company? Dive into third-party risk, networking security with a focus on data exfiltration, and how Zero Trust could eliminate this costly issue.
Oct 14, 2021 11:30am - 12:10pm (Central)	Lessons from Emergency Response for IT and Cybersecurity For years, Information Technology and Cybersecurity departments within organizations have been struggling to develop plans and procedures for mitigating, responding to, and recovering from cybersecurity events. Although some strides have been made at the federal and state government level to integrate cybersecurity into the “all hazards approach” to incident management, many organizations outside of traditional emergency management are hard pressed to develop incident response, recovery, and mitigation/preparedness procedures. In this presentation, Andrew Jarrett will discuss a brief history of NIMS/ICS, federal and state doctrine that has been developed to coordinate cybersecurity incident response in the public sector, and how organizations in both the public and private sector can implement a model inspired by the core tenants of incident command and other lessons in emergency response to manage cybersecurity risk and organize for the response and recovery from cybersecurity disasters.
Oct 14, 2021 11:30am - 12:11pm (Central)	Information Protection and Cloud Security Overview Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?
Oct 14, 2021 11:30am - 11:56am (Central)	Never Trust. Always Verify. Humans are inherently both trusting and distrusting, without even knowing it! We pick up on innumerable subtle micro expressions and nuances of our environment, instantly spotting what’s out of place. Without a second thought, our computer brains process and alert us to “things out of place” and focus our attention, silencing distractions so we can verify trust. In this session, Eddie Doyle will demonstrate that when we design systems after our neuro-biology, we can focus our networks to eliminate threats in much the same manner as our natural born instincts.
Oct 14, 2021 12:00pm - 12:15pm (Central)	Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
Oct 14, 2021 12:15pm - 1:14pm (Central)	Ripples Across the Risk Surface: New Waves in 2021 Join the head of strategy from RiskRecon for a presentation based on exclusive research with Cyentia on multi-party breaches and the effect it can have on your firm and its supply chain, including: how multi-party incidents have hurt organizations financially since 2008 the differences in impact between multi-party and single-party security incidents the number of days for a typical ripple event to reach 75% of its downstream victims
Oct 14, 2021 1:00pm - 1:15pm (Central)	Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
Oct 14, 2021 1:15pm - 1:55pm (Central)	Breach Walkthroughs and Lessons Learned Cybersecurity tools aren’t enough to stop cybercrime. We need an operational approach to truly minimize our cyber risk. Let’s walk through three major breaches from last year. You’ll see what the consequences were and what was the true root cause. (Hint: it wasn’t the security tools). We will dive into some of the struggles security teams are dealing with right now and how you can move your organization toward an operational approach to security to truly minimize your risk.
Oct 14, 2021 1:15pm - 2:15pm (Central)	[Panel] Ransomware: Myths, Pitfalls, and New Insights One thing we have learned over the past 18 months is that ransomware is very lucrative. Backups and cyber insurance have you covered, right? Not so fast. Misinformation abounds around digital extortion. Join our panel of experts as they unpack some of the myths and pitfalls around ransomware and offer valuable insight on how to keep your company out of the headlines!
Oct 14, 2021 1:15pm - 2:00pm (Central)	The Unified Controls Framework In this presentation, Mia Boom-Ibes, Allstate Vice President, will explore the Secure Software Development Life Cycle and how you can deliver secure products—making the easy thing the right thing to do for your product development teams. You’ll get examples that you can put into practice, and leave armed with the knowledge and skills on how to improve code quality and gain transparency into the residual risks. The presentation will also cover a future focus on the unified control framework program and how the world of secure software development is innovating to stay in front of emerging threats.
Oct 14, 2021 1:15pm - 2:12pm (Central)	[Panel] Cloud: Power and Peril We are making history now, in the cloud. Organizations are utilizing cloud at record levels, revealing its power like never before. However, much of this shift was forced, and fast, which increased risk. And attackers are shifting, too. Join this panel as we unpack the power of the cloud and also its peril: current challenges, threats, and pitfalls.
Oct 14, 2021 2:00pm - 2:15pm (Central)	Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
Oct 14, 2021 2:15pm - 3:11pm (Central)	[Closing Keynote] 2022 and Beyond Cyber Priorities