August 21 - 23, 2019
Marriott Georgetown, Washington, DC
Marriott Georgetown, Washington, DC
Day One: Wednesday, August 21, 2019
10:30 am - 11:10 am Registration
11:10 am - 11:20 am Orientation
11:20 am - 11:30 am Thoughtexchange Welcome — App Introduction
During this segment, attendees will learn how to glean greater insights from business partners using the
Thoughtexchange social learning tool. Later in the Exchange, we will put these insights to action by developing
solutions to ultimately improve financial operations.
11:30 am - 11:35 am Chairperson's Opening Remarks
11:35 am - 12:15 pm True Security Partnerships- Speaking the Language of Business and Technology
Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront - translating and communicating risk in a way that resonates with the business stakeholders. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn:
- Engaging, managing, and exceeding expectations
- Top-down focus on risk management
- Evolving roles of the CISO, CIRO, and CIOs
12:15 pm - 1:30 pm Creating a Culture of Data Security & Privacy
Learn how innovative and dynamic leaders are leading the way by having courageous conversations within their organization. Discover how organizations are creating a culture that promotes openness, transparency and collaboration by empowering their employees to share their voice and consider the thoughts and ideas of others; shifting the corporate paradigm from closed and knowing to open and learning. In this session you’ll learn what collaborative and courageous leadership means to you and those around you.
12:30 pm - 1:30 pm Welcome Lunch
1:30 pm - 2:05 pm Overcoming Security Challenges Created by the Internet of Things
The sheer number of connected devices continues to grow and with it so do the security challenges. Powered by the convenience and benefits the Internet of Things (IoT) can deliver; the devices continue to permeate all aspects of enterprise and personal existence without necessarily concerns over potential consequences and related security and privacy concerns. Hackers continue to deploy sophisticated attack methodologies to bypass existing security measures. Common attacks include: ransomware, which prevents the legitimate user from accessing a device or network and malware which infects known device vulnerabilities.
In this session explore:
- Gaining visibility and classifying all connected devices
- Detecting real-time alerts about cyber attacks
- Instilling proactive prevention including micro-segmentation of the enterprise network
2:05 pm - 2:35 pm The Path to Transformation via ML
In this session you will be exposed to lessons learned by QOMPLX on how to transform your business and security operations with ML. This session will cover a proven process of transforming a security organization from a cost center into your organizations central hub for analytics and business value generation. We will cover the journey from strategic goals alignment, to data capture, data analysis, to the ultimate goal of leveraging ML to drive decisioning. This will be a no holds barred crash course in data transformation.
MasterClass
2:40 pm - 3:25 pm The Human Deception Problem: Understanding and Defending Against Social Engineering AttacksThe most successful method of cyber-attacks continues to be phishing. These attacks cost organizations millions of dollars each year and things are just getting worse. As these attacks intensify and become more refined, technology is failing to keep up and your users will continue to fall prey. To effectively defend yourself against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different levers that social engineers and scam artists pull to make your users more likely to do their bidding.
Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by common criminals, to sophisticated social engineering and online scams. Additionally, he'll look at how you can ethically use the very same levers when educating your users.
Key Takeaways:
· The Perception vs. Reality Dilemma
· Understanding the OODA (Observe, Orient, Decide, Act) Loop
· How social engineers and scam artists achieve their goals by subverting critical thinking steps
· How can you defend your organization and create your human firewall
In modern environments, the corporate security program utilizes an increasingly complex inter-relationship of people, processes, and technology in detection and response operations. However, incident response capabilities must be balanced against budgetary constraints and other requirements the security program must meet. How do you measure the effectiveness of your incident response program, and the investments your organization has made? What measure of confidence do you have in your organization’s ability to detect and respond to the worst of circumstances? These are not questions that can be answered by yet another technical solution, yet are critical in understanding how your organization is oriented against the adversary.
This discussion will include:
- Programs that can be utilized to measure the efficacy of the security and incident response technology, people and processes.
- Identifying deficiencies in enterprise adversary detection programs, and pursue continuous improvement in organization-wide detection capability.
Methods to determining new investments to be made in incident response capabilities.
3:25 pm - 3:40 pm Networking Break
3:40 pm - 4:10 pm Business Meetings
4:10 pm - 4:40 pm Business Meetings
4:40 pm - 5:10 pm Business Meetings
5:10 pm - 5:40 pm Reactive vs Proactive Security – A Balancing Act for CISOs
Reactive and proactive security methods do not have to be mutually exclusive — we must plan how to respond when an intrusion does occur, whether it comes from worms and viruses, DDOS attacks, social engineering or even from disgruntled employees with insider knowledge of the network. For comprehensive defense, a reactive security strategy should be paired with a proactive strategy and effective tools for uncovering, identifying, and responding to potential threats before they have the chance to damage a company. Every business needs to decide the appropriate mix of resources to devote to proactive security measures (to deter attacks), and reactive measures (to respond to attacks that get through).
3 Quick Fire Presentations in 30 Minutes. Talk about getting to the crux of the matter, fast!
Ignite Sessions
Ignite Session
5:40 pm - 6:00 pm SOARing above Security Operations’ Biggest ChallengesIgnite Session
5:40 pm - 6:00 pm The Industrial Revolution of Penetration TestingAll the drawbacks of manual penetration testing, cost-efficiency, time, and scope limitations, have now been solved.
A major leap in technology has, for the first time, enabled machine-based penetration testing.
Now, with a click of a button, you can perform daily pen-tests without the need for third-party consultants.
Explore how to implement automated penetration testing and its effect on the world of risk validation.
Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement.
6:00 pm - 7:00 pm Practitioner Roundtables
Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement.