Event Schedule

Times for this Event are in Central Time (CDT/CST)

The Summit will be open from 8AM to 6PM.

  • Breakfast Briefing: 4 Simple Steps for an Effective Threat Intelligence Program 9:00 am

    Presented by IntSights

    Many security executives and threat intelligence practitioners share a similar feeling that they invest a lot in threat intelligence, yet get limited results. 

    In this interactive session, we will review a simple 4-step framework for building an effective threat intelligence program. This innovative framework has been developed around the most up-to-date threat intelligence technologies and trends. 

    This will be delivered through a real life example of building a threat intelligence program for reducing risk from leaked credentials. Leaked credentials are involved in 37% of all breaches, and an intelligence program is one of the most important tools to mitigate this threat.

    Click to Expand

    Panel Participants:

    Alon Arvatz
    Alon Arvatz

    Alon Arvatz

    Co-Founder & Chief Product Officer

    Collapse This Item

  • Broken Authentication: Fixing one of the most critical web application security risks 9:25 am

    Presented by Auth0

    Authentication is a cornerstone capability of any application. Ensuring a user is who they say they are is crucial to maintaining data privacy and preventing fraud and data breaches. Consequently, improperly implemented authentication, known as broken authentication, is a potentially devastating application vulnerability. In fact, the Open Web Application Security Project (OWASP) lists broken authentication as the second most critical security risk to web applications.

     This session will provide:

    • An overview of broken authentication; 
    • Why it’s so dangerous;
    • The types of threats that can take advantage of this vulnerability;
    • How you can prevent this most critical application security risk.
    Click to Expand

    Panel Participants:

    Andrew Akers
    Andrew Akers

    Andrew Akers

    Senior Manager, Solutions

    Collapse This Item

  • How to Confront Supply Chain Attacks and Ransomware 9:45 am

    Presented by Cymulate

    Cybersecurity professionals operate in a dynamic environment driven by two accelerating forces;threat developments and the rapid adoption of new technologies and digital business initiatives. 

    And yet most companies still rely on discrete snapshots of their security performance. 

    CISO’s and security teams must be ready to confront new threat vectors including human powered ransomware and supply chain attacks with an agile, continuous approach to security validation and constant improvement. 

    Join this session to discover how to: 

    • Pinpoint and address security deficiencies related to supply chain attacks and ransomware. 
    • Validate EDR detection of lateral movement, command and control and privilege escalation techniques. 
    • Increase the operational efficiency of security teams with automated security testing.
    Click to Expand

    Panel Participants:

    Mike DeNapoli
    Mike DeNapoli

    Mike DeNapoli

    Lead of Solution Architecture

    Collapse This Item

  • Small businesses deserve big protection 10:20 am

    Presented by Cisco

    Small businesses are facing many of the same cybersecurity challenges as larger businesses. 66% of small businesses experienced a cyberattack in 2019, and 63% experienced a data breach. But securing your business doesn’t have to be complicated. Cybersecurity tools should be easy for a team of any size to deploy, use, and manage — letting you focus on more important things (like running your business!) Join Kate MacLean from Cisco to learn more about small business cybersecurity and how cloud-delivered security provides powerful protection against today’s biggest cyberthreats.

    Click to Expand

    Panel Participants:

    Kate MacLean
    Kate MacLean

    Kate MacLean

    Cloud Security Evangelist

    Collapse This Item

  • Out of the Shadows: ​ Real-time Asset Visibility and Security for Every Connected Device 10:45 am

    Presented by Ordr

    For many years now, enterprises have seen an explosive rise in connected devices, from traditional IT devices like servers, workstations and PCs to new and more vulnerable IoT, IoMT, and OT like building systems, medical equipment and manufacturing machines.  This myriad of devices from different manufacturers, operating systems and protocols expand the attack surface. IoT, IoMT, and OT bring their own challenges as they are typically not designed with security in mind. The bad news? Security teams are still responsible for all of them. It’s time for a modern approach. In this session, Ordr’s Chief Strategy Officer Danelle Au outlines why connected device security should be on your security initiatives in 2021, and presents a framework that starts with real-time asset inventory and ends with scalable security. Learn best practices and implementation considerations for device discovery, profiling and segmentation as you start your connected device security journey.

    Click to Expand

    Panel Participants:

    Danelle Au
    Danelle Au

    Danelle Au

    Chief Strategy Officer

    Collapse This Item

  • Keynote: Reduce the Risk of Ransomware 11:05 am

    Presented by CISA

    The Department of Homeland Security (DHS) Cyber Infrastructure Security Agency (CISA) is our nation’s risk advisor.  Working in conjunction with the US Secret Service and the FBI, CISA is the agency with the most practical experience that offers the most hands-on support for firms whose private networks are an important part the country’s critical infrastructure.

    In this exclusive briefing for the Chicago Virtual Cybersecurity Summit, Ms. Nicewick will review the components of CISA’s new Reduce the Risk of Ransomware Campaign. From certifications to communications, and valuable reference resources, her talk will give cybersecurity leaders in the region an outline of best practices around preparation, prevention, and putting plans into action.

    Ms. Nicewick will also provide important lessons learned from case studies relevant to the region, from useful landmarks like WannaCry to other recent ransomware evolutions. Additionally, Ms. Nicewick’s keynote will explore other hot-button ransomware related contingencies, including everything from “double extortion” attacks to the burgeoning business of ransomware negotiators to executive-level decision-making criteria to consider if your firm becomes a victim of a ransomware attack.

    Click to Expand

    Panel Participants:

    Alex Joves

    Alex Joves

    Regional Director, Region V (IL, IN, MI, MN, OH, WI)

    Amy Nicewick
    Amy Nicewick

    Amy Nicewick

    Section Chief, Cybersecurity Division, Cybersecurity and Infrastructure Security Agency

    Collapse This Item

  • Expert Panel Discussion: Ransomware 11:55 am

    Rescue from Ransomware - what to know before you get that nasty email

    Ransomware has been a hot topic, as bad actors show there is no honor among thieves – as they target hospitals, health care organizations and other firms in the throws of COVID response.  Moreover, sensitive data is put at risk, huge sums of money are in the balance, and organizations must struggle between expediency and the bottom line.  Whether you chose to pay the ransomware or not, industry experts tell you to treat your entire network as contaminated.  Rebuilding images, devices, re-formatting storage, and all the rest is part of this process.  In this panel, our experts will talk about what to do first – and what to avoid, and where the traps may lie.

    Click to Expand

    Panel Participants:

    Amy Nicewick
    Amy Nicewick

    Amy Nicewick

    Section Chief, Cybersecurity Division, Cybersecurity and Infrastructure Security Agency

    Gil Azrielant
    Gil Azrielant

    Gil Azrielant

    Co-Founder and CTO

    Mike DeNapoli
    Mike DeNapoli

    Mike DeNapoli

    Lead of Solution Architecture

    JT Clay
    JT Clay

    JT Clay

    Technical Engineer

    Paul Prudhomme
    Paul Prudhomme

    Paul Prudhomme

    Head of Threat Intelligence Advisory

    Collapse This Item

  • Lunch Break
  • The Dark Web: Exposing the Business of Cybercrime 1:00 pm

    Presented by Armor Defense

    The Dark Web is growing at an exponential rate, with hackers doubling down on cybercrime-as-a-service—allowing non-traditional and unskilled hackers to wreak havoc in ways previously unheard of. Criminals don’t have to be skilled to get your data;they just need to know where and who to go to for help. 

    This session aims to expose the inner workings and business of the cyber underground, focusing on the following: 

    Cryptocurrency – The impact digital currency has had on the rate of growth of cybercrime 

    Cybercrime-as-a-service – The expansion of services offered by skilled hackers and for low cost 

    Money laundering and money mules – Ways criminals are skirting around laws and regulations to get paid 

    Mitigating risk – How businesses can protect themselves from all levels of cybercriminals with an emphasis on the importance of investing in proactive threat-hunting

    Click to Expand

    Panel Participants:

    Joone Nijjar
    Joone Nijjar

    Joone Nijjar

    Product Manager

    Collapse This Item

  • Extortionware: Your Privacy Problems Made Public 1:20 pm

    Presented by OneLogin

    Over the last decade, ransomware has increasingly become the most popular option for hackers to monetize the access they’ve obtained to corporate computer systems around the world. Over the last few years, we’ve observed ransomware software and techniques adapt and evolve to include the theft and exposure of private information, creating extortionware as a new breed of malicious software. This talk will provide an overview of these techniques and discuss the potential privacy and security impacts you may face as a result.

    Click to Expand

    Panel Participants:

    Lonnie Benavides
    Lonnie Benavides

    Lonnie Benavides

    Head of Infrastructure and Application Security

    Collapse This Item

  • Moving Beyond Password to Delight & Secure Users 1:55 pm

    Presented by Okta

    Passwords have been a constant throughout the internet era. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources across the applications we use on a daily basis.

    But in this new digital age where data breaches are rampant, passwords are no longer good enough. Not only are they insecure, they are expensive and offer a poor user experience. Fortunately, there’s a better way to protect your applications and stop account takeover incidents.

    In this session, we’ll discuss the benefits of passwordless authentication and explain how eliminating the password can help improve user experience, admin visibility and control, and scalability. We’ll also walk through key considerations and first steps as you embark on your passwordless journey.

    Click to Expand

    Panel Participants:

    Michael Patterson
    Michael Patterson

    Michael Patterson

    Solutions Engineer

    Collapse This Item

  • Top 4 Reasons Why Privileged Access Management Implementations Fail 2:15 pm

    Presented by Remediant

    It is shocking that, year over year, stealing credentials is still the top tactic used by attackers to breach organizations. Why is this still happening? Hint: It isn’t only because of weak passwords. Organizations have invested heavily into privileged access management technologies, but these solutions have struggled to address the problem for five key reasons. In this discussion, we will address the gaps in current access management approaches but, more importantly, show you how to quickly close the gaps and significantly reduce security risks without disrupting your current investments or systems. 

    Click to Expand

    Panel Participants:

    JD Sherry
    JD Sherry

    JD Sherry

    Chief Strategy Officer

    Collapse This Item

  • The Rise of Secure Access Service Edge (SASE) 2:40 pm

    Presented by Bitglass

    Secure access service edge (SASE) offerings are cloud-delivered platforms that give consistent security across different applications, devices, web destinations, on-premises resources, and infrastructure. To achieve this, these platforms deliver a variety of functionality from complementary security solutions. As organizations operate in our frenetic business world, SASE becomes imperative. In this session, you will learn:

    • Why organizations need SASE
    • The key components of SASE offerings
    • How SASE architectures impact performance
    Click to Expand

    Panel Participants:

    Jacob Serpa
    Jacob Serpa

    Jacob Serpa

    Senior Product Manager

    Collapse This Item

  • Guest Keynote: SolarWinds & Regulation Changes: Is CMMC the answer? 3:10 pm

    SolarWinds & Regulation Changes: Is CMMC the answer?

    NIST 800-171 compliance was required in 2017 but work arounds were created.  The 2020 SolarWinds ORION Supply Chain Attack highlighted the weaknesses those work arounds opened. Now, the US Department of Defense is implementing the Cybersecurity Maturity Model Certification (CMMC) to normalize and standardize cybersecurity preparedness across the federal government’s defense industrial base (DIB). 

    This demands the Government know the level of compliance that exists at each company.  The results are not good

    Though not due until 2025, CMMC has no work-arounds.  You either “are” or “aren’t.”  If you are not CMMC then you cannot do DoD work. CMMC compliance is to begin to appear in DoD contracts starting in Fall 2021, Winter 2022.  If a company is not CMMC ready they will not be considered for the work. 

    From his long CISO and government agency experience, as well as his recent consulting engagements, EJ Hilbert has developed a body of knowledge on this subject, which he will share with the Data Connectors Cybersecurity Community for the first time at the Chicago Virtual Cybersecurity Summit on April 20th. 

    Click to Expand

    Panel Participants:

    E.J. Hilbert
    E.J. Hilbert

    E.J. Hilbert

    Former FBI Cyber Agent, CISO & Founder of KCECyber

    Deborah Watson
    Deborah Watson

    Deborah Watson

    Resident CISO

    Collapse This Item

  • Expert Panel Discussion: Regulations, SolarWinds & CMMC 3:40 pm

    Regulations, SolarWinds & CMMC

    NIST and the MITRE ATT&CK framework give us ways to talk about exposure, classify risks and talk to our teams about how to address.  CMMC is a solid requirement that can serve as a bar for an understanding of cybersecurity preparedness.  With all that said, how ready are most organizations to comply with the new requirements?  Do the regulatory changes go far enough? What else did we learn from the SolarWinds hack that cannot be addressed with regulation?  What changes have organizations put in place to address supply chain and other third-party risk in their environment?

    Our expert panel will review these points, as well as address live questions from our Summit audience during this interactive panel discussion.

     

    Click to Expand

    Panel Participants:

    E.J. Hilbert
    E.J. Hilbert

    E.J. Hilbert

    Former FBI Cyber Agent, CISO & Founder of KCECyber

    Deborah Watson
    Deborah Watson

    Deborah Watson

    Resident CISO

    Collapse This Item

  • Featured Keynote: Protecting Data in a Post-Pandemic World 4:00 pm

    Protecting Data in a Post-Pandemic World

    As more of our lives have moved online, our data has followed, providing companies with new revenue streams and insights to better meet their customers’ needs, but also carrying risks. If data is not responsibly handled and protected, the reputational and business ramifications can be catastrophic.

     

    The good news: while digital transformation may have initially outpaced cybersecurity and data governance practices in 2020, companies are catching up. According to PwC’s Digital Trust Insights Survey, 55% of executives are planning to increase their cybersecurity budgets, and 51% are planning to add full-time cyber staff in 2021. Moving forward, companies will need to build resilience around their cloud infrastructure, rethink their governance and compliance strategies for a cloud-centric world, and develop their security team’s skillset to prepare for threats coming both today and tomorrow. With a proper data governance framework, companies can maximize the benefits of new sources of data while minimizing risks and building trust with stakeholders.

    Click to Expand

    Panel Participants:

    Joe Nocera
    Joe Nocera

    Joe Nocera

    Leader of PwC's Cyber & Privacy Innovation Institute

    Collapse This Item

  • Day One Closing Session
  • Day Two
  • Breakfast Briefing: Security & Compliance from Endpoint to Cloud 9:00 am

    Presented by Armor Defense

    According to Enterprise Technology Research (ETR), 72% of the total global workforce is currently working remotely and the number of employees permanently working remotely will double in 2021 to 34.4%. With these figures, companies now more than ever must ensure their assets, especially their endpoints, are protected from threats.

    Armor now extends security protection and visibility beyond your public, private and hybrid cloud environments to your endpoint devices all in one solution. Armor Anywhere with EDR detects and blocks behavioral anomalies, fileless and signatureless malwares, ransomware, and more across your customers’ distributed endpoints in real time.

    Click to Expand

    Panel Participants:

    Ike Nwabah
    Ike Nwabah

    Ike Nwabah

    Vice President of Markets and Insights

    Collapse This Item

  • Welcome / Introductions
  • Tackling User Behavior Head-On 9:25 am

    Presented by Proofpoint

    Today’s popular attacks like phishing, credential compromise, and business email compromise have one thing in common: they need people to work. InfoSec professionals add technology on top of technology, but still the problems persist. How do you take people from the weakest link to active defenders of your organization? Based on our experiences with tens of millions of users, we’ll share with you best practices, strategies, and benchmarks to be successful. 

    Join our presentation to learn about: 

    • Best practices for running an effective security awareness program 
    • Strategies for driving behavior change and improving security culture 
    • Benchmarks for making real impacts to your risk posture
    Click to Expand

    Panel Participants:

    Mike Bailey
    Mike Bailey

    Mike Bailey

    Senior Product Manager

    Collapse This Item

  • THE LAST LINE OF DEFENSE: DATA PROTECTION 9:45 am

    Presented by Pure Storage

    With the growth of Ransomware and cybercrime, Data protection is experiencing a resurgence. Organizations are quickly having to modernize their data protection architecture and strategies to meet not only these demands but also the demand that digital transformation is placing upon them; current approaches are designed around a backup centric approach, whereas a new approach centered around restore and getting organizations back up and running as quickly as possible are critical. Join this session to learn about the latest innovations in the data protection space and how they can be implemented to provide a restore centric approach and provide a true last line of defense. 

    Click to Expand

    Panel Participants:

    David Huskisson
    David Huskisson

    David Huskisson

    Rapid Restore Solutions Lead

    Collapse This Item

  • Microsoft Teams Vulnerabilities 10:20 am

    Presented by Avanan

    Microsoft Teams has quickly become the go-to application for remote work, accelerating dramatically in usage over the last year. Millions of users turned to Microsoft Teams to help keep businesses going in 2020—and hackers have noticed. As Teams is still relatively new, much is unknown about how it operates and how hackers will approach it.

    While the increased usage has been well-documented, what’s not been documented is whether the app is vulnerable to hacking. We will talk about discoveries that have already been made, potential risks that we see in the future, and how to best secure this relatively new communication vector.

    This session will walk attendees through:

    The many inherent vulnerabilities in the platform
    The popular attack types
    How hackers act differently within Teams than they do on email

    Click to Expand

    Panel Participants:

    Jeff Raymond
    Jeff Raymond

    Jeff Raymond

    Senior Solutions Engineer

    Collapse This Item

  • Top tips for minimizing email security threats 10:45 am

    Presented by Cisco

    Email continues to be the most effective way to gain a foothold in a business network and is often where successful compromises or breaches start. It’s the primary vector for malware infection because it effortlessly puts malicious payloads in front of the user, putting them one click away from exploitation. In this session, email security expert, Rob Marchi, shares how to overcome these challenges and how you can proactively address these ongoing issues with top tips for minimizing email security threats.

     

    Click to Expand

    Panel Participants:

    Rob Marchi
    Rob Marchi

    Rob Marchi

    Sr Product Manager

    Collapse This Item

  • Expert Panel Discussion: Cybersecurity in IoT 11:05 am

    Cybersecurity in IOT

    The Internet of Things (IoT) poses entirely new challenges. With 35 billion IoT devices expected to be in operation by next year – weak passwords, insecure network services and a lack of secure update mechanisms concern every organization.

     

    Click to Expand

    Panel Participants:

    Jeff Horne
    Jeff Horne

    Jeff Horne

    CSO

    Collapse This Item

  • Lunch Break
  • CISO Panel 12:15 pm

    Panel Participants:

    Fred Kwong, Ph.D.
    Fred Kwong, Ph.D.

    Fred Kwong, Ph.D.

    CISO & AVP Security, Identity and Operations - Delta Dental Plans Association

    Matthew Zielinski
    Matthew Zielinski

    Matthew Zielinski

    Director, Technology Infrastructure & CISO at Vivid Seats LLC

    Ron Zochalski
    Ron Zochalski

    Ron Zochalski

    CTO/CISO at Lake County

    Jim Serr
    Jim Serr

    Jim Serr

    CIO - Joliet Junior College

    Stephenie Southard
    Stephenie Southard

    Stephenie Southard

    CISO - BCU

    Collapse This Item

  • Faking It: Stopping Impersonation Attacks with Cyber AI 1:10 pm

    Presented by Darktrace

    Today, 94% of cyber-threats still originate in the inbox. ‘Impersonation attacks’ are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or ‘digital fakes’, that expertly mimic the writing style of trusted contacts and colleagues.

    Humans can no longer distinguish real from fake on their own – businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response.

    In an era when thousands of documents can be encrypted in minutes, ‘immune system’ technology takes action in seconds – stopping cyber-threats before damage is done.

    Find out how in this session.

    Click to Expand

    Panel Participants:

    Marianna Pereira
    Marianna Pereira

    Marianna Pereira

    Director of Email Security Products

    Collapse This Item

  • Why Office 365 Backup is ESSENTIAL 1:30 pm

    Presented by Veeam Software

    The role IT professionals play in a landscape where data loss, security breaches, and invasion of privacy are the new normal has never been more critical. With that spotlight comes great pressure to deliver on the organization’s expectations that data is safe, privacy is not compromised, productivity is unencumbered, and brand reputation is intact.

    Join this session to review the data security challenges organizations face in today’s computing landscape, by  uncovering the gaps in the out-of-the-box security features found in Office 365, that require action to achieve an effective backup and recovery strategy.

    Click to Expand

    Panel Participants:

    Rick Vanover
    Rick Vanover

    Rick Vanover

    Senior Director, Product Strategy

    Karinne Bessette
    Karinne Bessette

    Karinne Bessette

    Global Technologist, Product Strategy

    Collapse This Item

  • Earn More Trust Through Vulnerability Management Best Practices 2:05 pm

    Presented by Synack

    COVID has brought on a set of security challenges that has security teams pivoting and spinning up new applications to meet the unique demands of quarantine and remote work. When external and even internal environments demand that you move quickly, how do you measure and communicate changes? And how do you build trust with customers, staff and the board, ensuring data and other investments are protected? Join Synack’s VP of Operations, Nick Harrahill, for a discussion on how to meet these unique demands.

    You’ll learn: 

    • Best practices security leaders can pursue to harden vulnerability programs
    • How leveraging a continuous crowdsourced testing model can help measure and communicate security posture
    • How to maximize trust with customers and throughout organizations
    Click to Expand

    Panel Participants:

    Nick Harrahill
    Nick Harrahill

    Nick Harrahill

    VP of Operations

    Collapse This Item

  • InfoSec Stories 2:25 pm

    Presented by CENSUS

    This presentation will focus on vulnerability exploitation examples that boosted the success of Social Engineering campaigns. Additionally, will present a Secure SDLC process and how many of our clients benefited from it. Data from our recent InfoSec adventures will be used during the presentation.

    Click to Expand

    Panel Participants:

    Nikos Tsagkarakis
    Nikos Tsagkarakis

    Nikos Tsagkarakis

    CEO

    Collapse This Item

  • Expert Panel Discussion: DevSecOps in the Cloud 2:50 pm

    DevOps Security and the Cloud

    DevOps enables you to release features and bug fixes faster than ever before. However, traditional security activities can’t seem to keep up with this fast-paced tempo. How can you make sure security doesn’t get left behind? Ignoring security bugs won’t make them go away. Slowing down the DevOps team isn’t an option. How can we make DevOps, and DevSecOps work well in the fast-paced cloud environment we live in?

    I think the challenges with devops fall into a couple buckets—

     

    Click to Expand

    Panel Participants:

    Maury Cupitt
    Maury Cupitt

    Maury Cupitt

    VP of Engineering

    Gavin Matthews
    Gavin Matthews

    Gavin Matthews

    Technical Product Manager

    Collapse This Item

  • Securing Legacy Hardware Architecture Apps in Modern Cloud Infrastructure 3:30 pm

    Presented by Stromasys

    Mission-critical applications running on legacy hardware, such as SPARC, Alpha, VAX, or PA-RISC, are posing a significant, ongoing threat to IT security in addition to risk of unplanned downtime, increasing costs, and diminishing support. Legacy hardware also complicates digital transformation brought about by embracing new technologies. In this presentation, we’ll discuss some effective strategies for migrating legacy apps away from aging hardware to a private or public cloud. We’ll also discuss bringing improved availability and enhanced security leveraging zero trust architecture to these previously brittle legacy apps.

    Click to Expand

    Panel Participants:

    Marlin McNeil
    Marlin McNeil

    Marlin McNeil

    Product Marketing Manager

    Collapse This Item

  • Keynote: Mitigating cyber security threats using Artificial Intelligence 4:00 pm

    Presented by Navy Personnel Command

    This presentation will focus on vulnerability exploitation examples that boosted the success of Social Engineering campaigns. Additionally, will present a Secure SDLC process and how many of our clients benefited from it. Data from our recent InfoSec adventures will be used during the presentation.

    Click to Expand

    Panel Participants:

    Justin Fanelli
    Justin Fanelli

    Justin Fanelli

    Chief Architect of Defense Medical Intelligence Data and the Technical Director at the Naval Information Warfare Center

    Collapse This Item

  • Summit Final closing Session

Registration

Tue. Apr 20 — Wed. Apr 21

Data Connectors events are for IT professionals only. Required fields are marked with an asterisk (*).

Register