| Date and Time | Title | |
|---|---|---|
| Nov 17, 2021 8:00am - 9:00am (Mountain) | Exhibitor Hall Open Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes. |  |
| Nov 17, 2021 9:00am - 9:59am (Mountain) | [Keynote] Taking a Fresh Look at Ransomware Risk Management A surge in successful ransomware attacks and a spike in related news headlines have security leaders, the C-Suite, and boards asking the same question: are we doing enough to mitigate our ransomware risk? As a result, many security teams are taking a fresh look at ransomware risk management, from defense to response. Join this panel discussion to consider ideas and strategies which you can apply at your own organization including how you can communicate these efforts to executive leadership. Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.) | |
| Nov 17, 2021 9:45am - 10:00am (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 17, 2021 10:00am - 10:49am (Mountain) | Application Security: A Multi-Pronged Approach If you’re reading this, it’s probably because you’ve been responsible at some level, or at some point in time, for protecting your enterprise applications. We are all aware that applications are subject to attackers’ attempts to either take an application offline or exfiltrate data from the application for sale on the Dark Web. So, how can you prevent application downtime or data exfiltration? Join us to look at the state of the art technologies used to prevent the most advanced attacks. | |
| Nov 17, 2021 10:00am - 10:43am (Mountain) | Suing the CISO: No Longer a Hypothetical A group of investors is suing SolarWinds following its supply chain cyberattack and naming the CISO in the lawsuit. They accuse him, and the company, of embracing “intentional or severely reckless deceit on investors” because of alleged claims about the company’s cybersecurity. Join this conversation between a Chief Information Security Officer and a cyber attorney to explore the impacts. How could this case alter future lawsuits? Is additional insurance needed for some security leaders? Is this the start of a trend or a one-off lawsuit? Plus, hear what other cybersecurity professionals are saying and share your opinion on this legal development. | |
| Nov 17, 2021 10:00am - 10:49am (Mountain) | Phishing: Is It Time to Cut Bait and Go Home? With phishing being an omnipresent threat to organizations, the strategy and execution of your phishing program can have a dramatic effect on reducing your risk of compromise. However, many organizations approach their program the same way: multiple assessments, pop-up training, computer-based training, and associated collateral material. But the question remains, “Is it time to cut bait and go home?” Does it work? This session will discuss human behavior, strategies you haven’t tried, and new approaches to teaching your population about the risk of phishing. | |
| Nov 17, 2021 10:30am - 10:45am (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 17, 2021 10:45am - 11:25am (Mountain) | What's the True Cost of Acquisition? Leveraging Cybersecurity Due Diligence in M&A Organizations continue to expand their market share, grow their presence in new markets, and enhance their capabilities and offerings through mergers with other organizations and acquiring companies. While mergers and acquisitions (M&A) bring a breadth of new services, solutions, products, and revenue streams into the acquiring organization, leadership needs to understand the target organization’s cybersecurity posture in order to determine the target’s cybersecurity capabilities and potential future state investments required to improve the target’s cybersecurity posture and address potential risks. This presentation will explore some of the industry trends, considerations, and common cybersecurity risk areas to review during M&A due diligence. Presentation level: MANAGERIAL (security and business leaders) | |
| Nov 17, 2021 10:45am - 11:14am (Mountain) | Managing Insider Risk without Compromising Speed of Business As companies double down on time to innovation, time to market, and time to revenue, they are inherently introducing more risk from the inside. The more cloud-based, collaborative, and fast an organization becomes, the greater the Insider Risks posed to its people, technology, and data. The upside is that cloud collaboration tools make employees more productive. The downside is that these same tools make it easier to exfiltrate data. Adding to the complexities of working from home and off the corporate network, more employees are routinely using unauthorized devices, tools, and cloud-based applications to share files and ideas with colleagues. Join us to discuss the growing Insider Risk problem and how the right data protection methods can set security teams up for success, without slowing down company productivity. | |
| Nov 17, 2021 10:45am - 11:24am (Mountain) | Going Passwordless: Authentication Fact or Fiction? Are your internal customers tired of passwords? Are you tired of easily breaking their passwords? Well, look no further. Passwordless authentication is upon us and can be achieved for multi-factor authentication (MFA), while making our internal customers happy. How is this possible? Come and listen with your colleagues as I share how we rolled it out, describe the lessons learned, and share who the players are. Passwords are one of the most loathed controls in the wild. If you can’t beat ’em, join ’em. Learn who the passwordless alphas are and the lessons learned to achieve a win-win strategy within your company. Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.) | |
| Nov 17, 2021 11:15am - 11:30am (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 17, 2021 11:30am - 12:04pm (Mountain) | Conquering Cloud Complexity Cloud security is hard, not least because cloud platforms change so quickly. This talk presents several lessons learned from security teams struggling to get their arms around the sprawl of modern infrastructure, using practical analogies from pandemics and earthquakes. | |
| Nov 17, 2021 11:30am - 12:24pm (Mountain) | InfoSec and DevOps: Security Practitioners and Software Engineering A summation of the journey by one information security practitioner into the world of DevOps. In particular, we’ll cover the importance of security practitioners walking towards the direction of DevOps (instead of waiting on DevOps to walk towards InfoSec). Importantly, as DevOps improves its ability to shift left, security professionals are left with a choice: either shift left with their software engineering colleagues or run the risk of becoming obsolete. Investment by security practitioners in improved understanding of software engineering best practice rewards both the enterprise and the individual. Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.) | |
| Nov 17, 2021 11:30am - 12:17pm (Mountain) | Policies, Standards, Processes: Using a Free CSF to Create IS Policy Documents Running an information security organization is often very reactive. As you fight your way through the jungle of chaos, you realize that you need rules, regulations, and controls to build a fortress to shelter your valuables against risks and threats. But how do you begin to get and keep everything under control? With your information security policy documents, of course. Creating usable policy documents is very tricky if you don’t know where to start or how to make them meaningful and enforceable. In this session:
| |
| Nov 17, 2021 12:00pm - 12:15pm (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 17, 2021 12:15pm - 12:54pm (Mountain) | Reasoning and Analysis in Incident Response A brief examination of data analysis methodologies for investigation in Incident Response. Three data analysis techniques will be presented: 1. Analysis of Competing Hypothesis Analysis of Competing Hypotheses is an analytic process that can help multiple analysts reason through an incident. It helps you to the appropriate hypothesis to further investigate when you have disparate options. It includes visualization, probability and cognitive psychology methods. The process is as follows: I will also show Structured Analysis of Competing Hypothesis, a more advanced method. Cone of Plausibility is scenario-based. Timeline Analysis is graphical. Presentation level: TECHNICAL (deeper dive including TTPs) | |
| Nov 17, 2021 12:15pm - 1:04pm (Mountain) | Human + Machine: The Future of Passwords Biometrics and other methods promise a passwordless future. But is the future of the password really so simple? How can you prepare for that future, whatever it holds? This session will cover:
| |
| Nov 17, 2021 12:15pm - 1:11pm (Mountain) | [Panel] Ransomware: Myths, Pitfalls, and New Insights One thing we have learned over the past 18 months is that ransomware is very lucrative. Backups and cyber insurance have you covered, right? Not so fast. Misinformation abounds around digital extortion. Join our panel of experts as they unpack some of the myths and pitfalls around ransomware and offer valuable insight on how to keep your company out of the headlines! | |
| Nov 17, 2021 1:00pm - 1:15pm (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 17, 2021 1:15pm - 1:50pm (Mountain) | How Deception Technology Works to Level the Playing Field The greatest threat to an enterprise is the length of time it takes to uncover an attack and then discover what has breached. Deception Technology provides a unique way to find, identify and enable a quick response to hacking without delays. This technology provides an early warning system that can function at multiple levels to serve as a sophisticated trip wire, which helps mitigate or prevent theft of data and associated damage. Discover how using this technology allows the tables to be turned on the attackers, so that they can be watched, their behavior analyzed and their targets identified. Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.) | |
| Nov 17, 2021 1:15pm - 2:14pm (Mountain) | [Panel] Cloud: Power and Peril We are making history now, in the cloud. Organizations are utilizing cloud at record levels, revealing its power like never before. However, much of this shift was forced, and fast, which increased risk. And attackers are shifting, too. Join this panel as we unpack the power of the cloud and also its peril: current challenges, threats, and pitfalls. | |
| Nov 17, 2021 1:15pm - 1:51pm (Mountain) | Business Email Compromise: Real Stories and Practical Defense Business Email Compromise (BEC) remains rampant, with annual losses in the billions of dollars. Every type of organization is at risk. During this presentation, we’ll discuss key things your organization and people should know about this cybercrime, plus the most effective way to respond in hopes of recovering some of the losses. | |
| Nov 17, 2021 2:00pm - 2:15pm (Mountain) | Networking Break Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge. | |
| Nov 17, 2021 2:15pm - 3:15pm (Mountain) | [Keynote] Cyber Insurance: Driving the Future of Cybersecurity Improvements What will drive the next big wave of information security improvements at U.S. organizations? Instead of regulation, it may be insurance. A two-pronged evolution is underway. Insurance policies are suddenly becoming more prescriptive for organizations, often requiring companies meet certain cybersecurity benchmarks before a policy can be written. At the same time, “InsureTech” is emerging on the scene. This involves a new breed of insurance company that provides cyber coverage and also scans the insured’s environment to constantly monitor for IT and cyber risk. Join this keynote panel as we discuss this evolution and look at future impacts of cyber insurance on security leaders and their teams. Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.) | |
 | |||
Agenda
|
|