August 21 - 23, 2019
Marriott Georgetown, Washington, DC
Marriott Georgetown, Washington, DC
Day Two: Thursday, August 22, 2019
7:40 am - 8:15 am Breakfast Peer-to-Peer Meetings
Sponsored by: PacketViper
8:15 am - 8:20 am Chairperson’s Opening Remarks
8:20 am - 8:55 am Cloud AI, Jet Packs and Minority Report Keyboards: Critical Cyber Leadership Priorities and Issues from 2020 to 2025
Security trends, attack vectors and emerging technology continue to evolve in the changing security landscape. In this dynamic keynote, explore changing leadership priorities and benchmark practical solutions.
The global cyber security market is expected to reach $169 billion by 2020, so how do CISOs benchmark the best technologies and how do cutting edge vendors stand out in the crowded marketplace? During this session three cybersecurity vendors will convey the benefits of their technologies to a panel of three security executives. The CISOs will follow up with questions, advice on go-to-market strategies and how to cut through the noise to increase market traction and adoption by the security team.
Real-Time Emerging Tech Take
Panel
8:55 am - 9:40 am Making the Case for Deception as Practical Cyber Defense SolutionDeception is a potentially powerful, but underutilized cyber security technology. Currently, many CISOs evaluating cyber tool stacks think deception is too costly and impractical. In this session, PacketViper founder and CEO Francesco Trama will share a different perspective and client experiences on internal and external facing deception technology acting earlier in the cyber kill chain to greatly strengthen a dynamic defense posture
Panel
8:55 am - 9:40 am Malware Protection: Staying Ahead of HackersDespite the heavy investment in cybersecurity, protection from never-seen-before cyber threats is still a key challenge for most organizations. Why? Because current solutions are based on knowledge of previous attacks, limiting their ability to detect unknown threats.
BitDam introduces a whole new approach to detecting content-borne threats pre-delivery. Its attack-agnostic technology provides remarkably higher protection - from both known and unknown threats - with no need for security updates.
If you are looking for a ground-breaking technology that will change the way you think about your cyber defenses, join us in this session. You will learn:
· How BitDam makes Email, Cloud Storage and Instant Messaging platforms safe to click
· Why BitDam detects malware that bypass other solutions
· How organizations save millions using this approach
Panel
8:55 am - 9:40 am How to Better Prepare for Sophisticated Cyber HeistsDue to their multi-vector nature, defending against sophisticated cyber heists launched as Advanced Persistent Threats, or APTs, requires seamless configuration and integration of solutions across your digital estates. With critical assets like consumer-facing applications, SWIFT and ATM servers, BFSIs are a prime target for APTs, as demonstrated by the Cosmos bank cyberheist.
Join us to learn:
- The difference between APT cyber heists and opportunistic attacks
- Where traditional testing methods fall short
- How objective KPI metrics enhance security ROI
9:40 am - 10:15 am Embracing the Privacy Imperative- Navigating Regulations and Requirements
Companies must navigate complex and rapidly evolving data privacy regulations and compliance requirements. Various state, national and global regulations along with high profile breaches have made consumers look deeper at which data they share and with whom. The panel will explore the evolving patchwork of privacy and security regulations and how they affect big data, Artificial Intelligence, advertising and litigation. In this discussion, explore the emerging world of privacy with data as a currency. Look at who owns and controls the flow and use of data. This session will discuss planning, preparedness and response to evolving compliance requirements including operational, strategic and proactive communications.
In this session:
· Integrating privacy by design
· Empowering privacy in enterprise risk management
Determining which state regulations to apply
Ignite Session- 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!
10:15 am - 10:25 am How Real-Time Asset Intelligence Enables Full Posture ControlIn order to understand the business risk associated with critical systems and applications one needs to understand the state of controls within the ecosystem. This means absolute knowledge of physical and virtual devices on the network inclusive of access, configuration and protective controls. Forescout provides a continuous, real-time, and extendable device visibility platform to enable posture consistency and measurement from campus to datacenter to cloud. Key learnings you will take away from this session include:
- How to achieve continuous control of inventory – real-time, reconciled, and trusted CMDB accuracy
- Why 100% compliance to basic posture configurations should be the goal
- How to coordinate dynamic, unified network segmentation planning and enforcement
Sponsored by: Forescout
Ignite Session- 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!
10:25 am - 10:35 am Security or Revenue? Aligning Security to Business Strategy to Drive Success
10:35 am - 10:50 am Networking Break
Sponsored by: Duo Security
10:50 am - 11:20 am Business Meetings
11:20 am - 11:50 am Business Meetings
11:50 am - 12:20 pm Business Meetings
BrainWeave
12:25 pm - 1:10 pm Cyber Criminals Have an Ally- YouPhishing is big business. Threat actors easily craft attacks that impersonate executives, evade the best security defenses, downloading exploits that infect systems, harvesting credentials from unsuspecting victims and causing billions of dollars of damage every year.
But fundamental to the attacker's success is a core principle: let's target the Human and take advantage of their inherent trust and desire to contribute to their organization’s success, their team’s success and ultimately their own success.
By focusing on the Human, phishing attacks are easily bypassing existing defenses. And based on what is ongoing, it is clear that we are failing this war. To win this war, we need an ally that is better and more powerful than the ally the Cybercriminals have.
We need better Machines.
Join this interactive session for a discussion on:
- How attackers construct campaigns to easily bypass existing automated and human defenses?
- How attacks are increasingly being masked as legitimate business communications?
- What is the balance of Human vs Machine defense against Human-focused Attacks?
- Who should be primary in this exceedingly sophisticated battle?
- Are their learnings that we as Cybersecurity professionals, should be taking from other industries facing similar dichotomies (eg: Aircraft Systems, Autonomous Vehicles, Medical Imaging Systems etc.)?
- What best practices can we bring to bear against this seemingly intractable problem?
MasterClass
12:25 pm - 1:10 pm CMMI® Institute: Building Resilience Through a Risk-Based ‘Cybermaturity’ ApproachThe CMMI Institute interviewed CISOs/CSOs seeking
to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to
provide a holistic solution that seeks to align
pragmatic insights with business objectives, the
CMMI Institute built a risk-based capability maturity platform. The platform is an enterprise platform that
can support organization of varying complexity and
security demands while providing a clear
understanding of the priorities an organization should attack first.
Key Takeaways:
- Understand the challenges global
organizations are facing and how leading
organizations are solving
- Understand a risk-based approach for
prioritizing investment for organizations
with varying complexity and security
demands
- Understand the CMMI Institute’s holistic
approach of assessing the maturity of an
organization’s security capability maturity
Sponsored by: CMMI Institute
1:10 pm - 2:10 pm Networking Lunch
2:15 pm - 2:45 pm Planning for the Future- The Next-Gen CISO
It’s no secret that we need more cybersecurity professionals to keep our organizations safe and secure. What’s even more challenging? Finding the next generation of cybersecurity leadership. Join Kirsten Davies as she shares her strategies for developing effective and successful teams for the future. In this session you will:
- Discover how you can tap into energy and ideas that millennials bring to the table
- Learn how to uncover hidden talent in your team and your enterprise
- Find out how to create a powerful pipeline that can deal with the expanding threat landscape and your expanding enterprise-wide role
Assess your team’s skill sets to enhance skills multiplication, skills transfer, and talent mobility.
Roundtable Discussions- Please choose your topic and join the relevant discussion.
Roundtable
2:45 pm - 3:45 pm Zero Trust Access: Five Steps to Securing the Extended Enterprise The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps.
Sponsored by: Duo Security
Roundtable
2:45 pm - 3:45 pm Protecting Your VIPs and VAPs (Very Attacked People) in the CloudThere has been a material shift toward attacks that exploit people, with threat actors tricking their targets into running their malware for them, handing over their credentials, or simply sending data or money to an impostor.
In this session, we’ll explore strategies for gaining visibility and mitigating risk in a people-centric threat landscape. You’ll learn how to build a security program & maturity model around protecting people, why nearly all threat actors have shifted away from technical exploits to compromise their targets, how organizations can leverage threat data to understand which people and departments are highly targeted, and how to design effective protection for highly attacked, highly vulnerable, and highly privileged users.
Sponsored by: Proofpoint
BrainWeave
3:45 pm - 4:30 pm Internet Isolation: A Key Requirement for the Modern Security ArchitectureModern security technologies are unable to protect companies. The industry seems to have accepted that prevention fails, and detection and response are the answer. The problem is once prevention fails, it’s too late, and detection is bound to fail as well. Internet isolation disrupts this paradigm, and it is a key requirement for any organizations modern security architecture.
In this session:
•Learn how to eliminate phishing and malware breaches 100%
•Understand how Internet isolation can separate enterprise networks from the public web while providing seamless Internet access to employees
•Discover how to measure the volume of phishing links and malicious sites that bypass existing defenses including when users click or visit links from emails
Session By Menlo Security
MasterClass
3:45 pm - 4:30 pm How Programmable Data Security and Governance Addresses Insider Breach and Privacy ThreatsWith the DevSecOps movement, security is moving more and more into the world of application development. By working with developers to embed data security into new applications or retrofitting old ones, not only is data security and privacy protected by design, it also becomes portable so workloads can move into any infrastructure and maintain that level of protection.
Sponsored by: ALTR Solutions
4:30 pm - 4:40 pm Networking Break
Sponsored by: Duo Security
4:40 pm - 5:10 pm Business Meetings
5:10 pm - 5:40 pm Business Meetings
5:40 pm - 6:10 pm Business Meetings
6:15 pm - 7:00 pm Evaluation Criteria for Cloud Access Security Brokers (CASBs)
Cloud computing is ubiquitous and forms the foundation for digital transformation to facilitate business change. Cloud technologies introduce dissolving perimeters, service delivery via software, and a sophisticated threat landscape. This session will discuss the selection criteria for one of the many security controls - Cloud Access Security Broker (CASB). Hear about drivers, selection criteria, and how to effectively evaluate CASBs.
7:00 pm - 7:30 pm Networking Reception
Sponsored by Menlo Security