September 14 - 15, 2021
Agenda Day 2
9:00 am - 9:45 am
Evaluating Crytography
Vikram Chandrasekaran -
Senior Manager, Senior Data Security Engineer - Security Technology Services,
Standard Chartered Bank
- Performing an end-to-end data analysis and noting vulnerabilities
- Truly understanding the layers of critical data that must be secured
- Realizing that as complexity increases so does the time to breach
- Protecting critical data through global crytography projects
- Evaluating crytopgraphy project success by understanding the evolution of protection from the project starting point
Vikram Chandrasekaran
Senior Manager, Senior Data Security Engineer - Security Technology ServicesStandard Chartered Bank
10:00 am - 10:45 am
From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack
Joseph Carson -
Chief Security Scientist (CSS) & Advisory CISO,
Thycotic
Following in the footsteps of a cyber-criminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker’s response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show you the attacker’s techniques used and how they went from zero to full domain admin compromise that resulted in a nasty CryLock ransomware incident.In this session Joseph Carson will cover a real-world incident response to the CryLock ransomware showing the techniques used by the attackers. The footprints left behind and uncovering the techniques used.
- How attackers gained access to system
- Established staging
- What tools were used
- What commands were executed
- How the ransomware was delivered
- How AD elevation was achieved
Key Takeaways
- Learn best practices for moving your secured privileged environment from on prem to the cloud.
- Discover key methods to apply the same security controls and policies across your different cloud environments.
- Hear Identity and Access Management stories from the trenches of industry-leading financial corporations.
11:00 am - 11:45 am
From Novel Supply Chain Attacks to FinTech Threats
Ax Sharma -
Developer Advocate (Security,
Sonatype
2021 has been the year of various cyberattacks with attackers employing novel means and achieving widespread impact. Join Ax Sharma, Security Researcher and Advocate at Sonatype to learn about some relevant security FinTech incidents, ransomware and supply-chain attacks, and what can organizations do about them.
This session covers:
- Novel supply-chain attacks seen in the wild
- Cybersecurity threats and vulnerabilities relevant to FinTech
- Why are threat actors including ransomware groups targeting MSPs?
- What can organizations do about these attacks?
Sponsored by: Sonatype
12:00 pm - 12:45 pm
Seeing Security Through The Business Lens
Eric Staffin -
Partner and Senior Vice President, Chief Information Security Officer (CISO),
IHS Markit
- Investigating 5 points of importance
- The importance of resiliency
- The importance of velocity
- The importance of cost to maturity
- The importance of risk
- The importance of security
- Realizing that technology is not on that list and why
- Being able to speak with Engineers, Regulators, Lawyers and Clients without missing a beat
- Evolving from a waterfall to an agile mindset
Eric Staffin
Partner and Senior Vice President, Chief Information Security Officer (CISO)IHS Markit
