- This event has passed.
Washington, D.C. (Cybersecurity)
August 10, 2017 @ 8:15 am - 5:15 pm
The Washington, D.C. Tech-Security Conference features 40-60 vendor exhibits and 8-12 educational speaker sessions discussing current tech-security issues such as cloud security, email and social media security, VoIP, LAN security, wireless security, USB drives security & more. Numerous door prizes such as iPads, Kindles, $25, $50 and $100 gift cards and lots more! You'll come away with advice and knowledge so you can start proactively protecting your environment from the latest security breaches. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area. THIS CONFERENCE QUALIFIES FOR CPE CREDITS. Scroll down to view the full conference agenda.
For information on participating as a vendor: firstname.lastname@example.org
Data Connectors is proud to host the Tech-Security Strategies Conference.
Vice President, Technology
How to Quickly, Easily and Cost-Effectively Comply with NIST SP800-171
The need for strong security measures to protect sensitive government data from hackers has never been more intense. To address this problem, the Department of Commerce National Institute of Standards and Technology has released NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. If you do business with the government, SP800-171 impacts you. Implementation deadline is December 31, 2017. Our session will help you (or the organizations you support) prepare to comply with the mandate and consider the following:
- Why NIST SP800-171 was established
- Who needs to think about NIST SP800-171 compliance and what is at risk?
- What are the challenges of implementing technologies such as Authentication and Privileged Access Management?
Three different use cases sharing a common goal: comply with the mandate, reduce complexity, and contain costs.
Gurpreet leads Axiad’s technology roadmap with more than 17 years of experience in cutting-edge network security and identity management technologies and methods. Prior to joining Axiad IDS in 2017, Gurpreet served in variety of management and senior technical roles at IBM, Lenovo, Oberthur, SafeNet, and SecuEra. His contributions included the development of the many hardware and software products for Cybersecurity, Identity and Access Management for people, devices, and internet of things.
Regional Sales Director – Mid-Atlantic
Leverage the Cloud to Minimize the Impact of Ransomware
Elton Juter has been in the IT Industry for 20 years. Starting out as a programmer, and deciding to move into client-facing roles, he has worked in Storage, Security, and Systems Management roles with IBM Tivoli and HP Information Management Software. For the last 10 years, he has focused his efforts in the data availability, information governance/eDiscovery space working with Symantec/Veritas and most recently, Druva. In his current role, Elton has responsibility for Large Enterprise organizations throughout the Mid-Atlantic region along with national coverage of our US Federal Agencies. He looks forward to helping shed light on how Druva InSync and Phoenix are able to protect, manage, and preserve your endpoint, cloud-application, and server data, all while utilizing the industry’s leading public/private cloud, and therefore providing the lowest possible total cost of ownership.
Director – Partners & Soultions Engineering
A New Way to Look at IT Security with Endpoint Modeling
Endpoint compromise has been a consistent theme in nearly every modern security breach. This discussion makes the case for a new approach to IT security yielding compelling results and visibility into all network Endpoint behavior. With great accuracy, extremely low noise, and supporting evidence, endpoint modeling discovers and tracks the regular behavior of each device in a way that makes possible the automatic recognition of potentially harmful activities. Join us as we introduce endpoint modeling, discuss why this is feasible and necessary for enterprises today, and how this solution is being used successfully in organizations large and small, in traditional networks and cloud environments including AWS VPCs, Azure and others.
Disaster Happens – Don’t Be Held Hostage
Finding your organization at the center of a data heist used to be the burden of enterprise IT, but in today’s data-centric world, no business is safe. IT security incidents have nearly doubled since 2011, according to PricewaterhouseCoopers, and concern among small and midsize businesses has risen alongside this risk. Join us to learn more about Carbonite’s newest additions to their arsenal – EVault & DoubleTake. We’ll also cover best practices for backing up your data and how you can take your defenses to the next level with DRaaS.
VP of Business Development
Making Information Security Strategic through GRC
Area Security Specialist – Southeast
In this day of risks, vulnerabilities and advanced persistent threats, it’s important to understand why perimeter protection simply just isn’t enough, and why a comprehensive assumed breach methodology ensures the greatest defense. Ivanti security provides a proactive defense-in-depth approach to protecting ones corporate brand and integrity, reputation, data, devices & users from risks and potential attack. Join us for a discussion about the ever-changing threat landscape and how you can more effectively protect your company from these threats.
Keeping the Enterprise Always On with IT Resilience
Your organization is always running and can’t afford downtime during a disaster or the traditional time it takes to recover from one. Backup solutions don’t solve these problems as they are not true disaster recovery for the business. What types of disasters will impact the business? Learn about disaster recovery scenarios, and also the questions to ask and answer when planning your disaster recovery solution to drive true IT resilience. Learn about which decisions impact the business in which ways, and how to avoid making sacrifices for your always-on organization.
Social Engineering Team Lead
Social Engineering Assessments: Insider Threat Simulation VS. Adversarial Simulation
Social Engineering is the most common attack vector utilized to breach organizations, however, historically, it has been overlooked. According to the 2017 Verizon Data Breach Investigations Report “social has been on top and trending upward for the last few years, and it does not appear to be going away any time soon”. Today, it is not only imperative for organizations to conduct Social Engineering assessments, but in order to be effective, these assessments should be customized to each organization’s unique environment.
During this presentation, Stephanie will discuss the common Social Engineering attack vectors that are being used today (via email, phone and in person) and why organizations should be conducting Social Engineering assessments. Stephanie will also explain why organizations should not pursue cookie-cutter assessments and discuss the benefits of developing customized assessments by providing an understanding of the different assessment style approaches (insider threat simulation and adversarial simulation).
- Insight to different types of Social Engineering attacks
- Why organizations should be conducting Social Engineering assessments
- Threat Simulation style assessments
- Adversarial Simulation style assessments
After winning a black badge at DEF CON 22 for the Social Engineering Capture The Flag, Stephanie pursued her career as a full time Social Engineer. Stephanie focuses on services such as Open-Source Intelligence (OSINT) gathering, Phishing, Vishing, and Physical security assessments. Stephanie has taught and presented at numerous security conferences including BSidesSLC, CircleCityCon, SAINTCON, ISACA (Salt Lake City), Hackfest Canada, and NolaCon – as well as guest webcasts for SANS. In her free time, she enjoys going to theme parks and playing table top games. Stephanie currently works for cybersecurity firm, MindPoint Group and resides in Salt Lake City, Utah with her family.
CEO and Founder
Cybersecurity War Stories: Tales from the Trenches
In today’s world, it’s imperative for organizations of all sizes to have an online presence to succeed in business. But there’s a risk to always being connected—organizations are prime targets for cyber attacks. Recent ransomware strains like Petya and WannaCry demonstrate how business can be brought to a grinding halt by encrypting your business critical data.
Join CEO and Founder of Arctic Wolf Networks (AWN), Brian NeSmith, as he highlights some of the most interesting attacks that Arctic Wolf Networks has seen in 2017. You’ll also hear why a robust SOC-as-a-service with human augmented machine learning is critical to bolster your defenses against the most advanced of threats.
Director of Security Product Management
Six Steps to Secure Access for Privileged Insiders and Vendors
Many organizations trying to secure privileged access for employees or vendors focus solely on the privileged credentials or identities. But this is only half the battle. Securing the access pathways is just as crucial to protect your critical systems and data from cyber threats.
This session will outline the six steps companies need to take to secure privileged access, while simultaneously improving business productivity.
o The risks associated with privileged access for internal employees and external vendors
o Why just securing privileged accounts or credentials isn’t enough
o How a layered security approach can enhance security without affecting productivity
o Steps for implementing a comprehensive privileged access solution
At Bomgar, Sam is responsible for the product management group that is driving product strategy for Bomgar’s security products. He has more than a decade of information security, ITSM, and IT operations management experience. He also is a seasoned expert in the areas of cyber-security, data center discovery, systems configuration management, and ITSM. Sam has a Bachelor of Science from Florida State University and is certified in ITIL v3 and Pragmatic Marketing. He resides in Atlanta, GA, with his family and can be found on twitter @samelliott.
Founder & CEO
Accidental Insider – How Hackers Target Your IT Staff & How Your IT Staff Makes It Easy For Them
System Administrators, Domain Administrators, and Network Engineers may not create intellectual property; but to hackers, they are high value targets. This presentation will cover tactics hackers use to conduct pre-exploitation reconnaissance on your IT and corporate staff, initial network penetration, lateral movement, and finally, the ultimate objective: network destruction, or data theft. In addition, this presentation will cover the importance of an integrated detection model that not only focuses on detecting malware itself, but also the tradecraft used by hackers and privileged insiders to analyze their environment and ultimately spread.
Mr. Murchison, the founder and CEO of Blackpoint, started his career in Network Engineering and IT operations, but quickly made the switch to the quiet world of the intelligence community. Since, he has spent over twelve years planning, conducting, and executing high priority national security missions. As a former NSA computer operations expert and IT professional, he is bringing a unique perspective to the mission of developing cyber defense software effective at detecting and detaining purposeful cyber intrusions and insider threats. Murchison holds multiple patents in methods of network analysis, defense, pattern analytics, and mobile platforms.
Sr Manager, Systems Engineer
Evolved Requirements: A business-driven security strategy for threat detection & response
Security teams need to evolve to stay in front of attackers and the latest threats, but in recent years this has become much more difficult. Attackers continue to advance and use sophisticated techniques to target and infiltrate organizations while spending significant resources performing reconnaissance to develop techniques specifically designed to bypass the security tools being used. Complicating this, most organizations no longer have well defined perimeters as they shift to more modern IT infrastructures that include a variety of environments some on premise, some in the cloud. Finally, to add even more challenges, security teams suffer from a skills gap that make it difficult to fully staff a team and even more difficult when they add more and more security tools and devices that only add to the noise for the staff trying to find the truly significant attacks.
Given these challenges, we see a mindshift occurring within the organizations running sophisticated security operations. Specifically a shift in focus on preventative controls that promise to keep the bad guys out to an increased focus on rapid detection and response, to shorten the dwell time and reduce or even prevent business damage when breaches occur. In simple terms, these organizations recognize it’s no longer feasible to think you can prevent all attacks from getting in.
In order reduce the impact of attacks, security operations needs to be able to tie critical asset and identity information into both the detection and response capabilities, so they can focus their efforts on the threats that matter most.
Kevin Brownstein is the Senior Manager of Sales Engineering for RSA. He has over 20 years of experience in the security industry, serving both as a U.S. government employee and government contractor. During his tenure with the U.S. government, Mr. Brownstein specialized in network security and computer forensics. He currently leads RSA Sales Engineering supporting the Southeast US and Federal Government. Sales Engineering is responsible for identifying solutions, design, and implementation of proof of concept security solutions to meet critical customer requirements.
He holds a Master of Business Administration degree in Information Management from Aspen University in Denver, Colorado and a Bachelor of Arts in Government and Politics from the University of Maryland, College Park. In addition, he holds multiple industry certifications including, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Federal IT Security Professional Manager (FITSP-M).