2020: The Passwordless Decade
As we enter the passwordless decade, more and more organizations are asking the question: How quickly can I move beyond passwords?
George Avetisov, CEO of HYPR, will discuss the rise of organizations moving to the cloud, how the perimeter fades and the attack surface gets larger.
Modern tools such as SNIPR and Modlishka make it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. How did we get here, and will mainstream adoption of passwordless security have an impact?
We will explore how the rise of virtual desktop infrastructure has affected workstation login and review how the evolution of authentication has impacted organizations’ identity and access management systems.
In this session, you’ll learn:
George Avetisov is Cofounder and Chief Executive Officer of HYPR, responsible for strategy and execution of the company’s vision. George sets forth the product and technical direction of the company, architects sales and marketing strategies, and works closely with team leads to build strong company culture. Under George’s leadership, HYPR has grown to become a leading provider of decentralized authentication with millions of users secured across the globe. Named Forbes 30 under 30 in 2018, George brings with him a decade of experience in e-commerce, digital payments, and fraud prevention that have served as the foundation for HYPR’s vision.
Data Connectors is proud to host the Atlanta Virtual Cybersecurity Summit.
Times for this Event are in Eastern Standard Time (EST)
Humans are the Weakest Link – the Corona Edition
Tell the dogs to lie down, grab a fresh coffee from the kitchen, kick your shoes off, and join CyberSecurity Evangelist and Podcast host Brian Linder for a journey into the dark corners of an interwoven mission of bad actors, SpongeBob, face masks, and a few other surprises.
Plan on leaving with:
Warning: You might be asked to raise your hand even though nobody can see you except the cat. We will be polling the cats afterwards, so your full cooperation is needed.
Brian is a CyberSecurity Evangelist with Check Point’s Office of the CTO, and is also the host of Check Point’s global BTP CoffeeTalks podcast. A 25-year veteran of CyberSecurity, Brian regularly consults with customers and partners as part of Check Point’s remote workforce enablement strategy team in the Mid-Atlantic and Federal regions in the US. Brian holds a masters’ degree from Penn State University, and a Bachelors’ of Science from Drexel University.
Your 2020 Ransomware Hostage Rescue Guide
Ransomware attacks are on the rise and are estimated to cost global organizations $20 billion by 2021. As ransomware attacks become more targeted and more damaging, your organization faces increased risk that can leave your networks down for days or even weeks.So, how can your organization avoid getting held hostage?
Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he looks at concerning features of new ransomware strains, provides actionable info that you need to prevent infections, and gives you tips on what to do when you are hit with ransomware.
In this webcast we will cover:
· What new scary ransomware strains are in the wild
· Am I infected?
· I’m infected, now what?
· Proven methods of protecting your organization
· How to create your human firewall
Don’t get held hostage and become a statistic!
Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. He has managed the technical integration and functional testing of multi-million-dollar enterprise level technology projects within the Department of Defense, as well as large military security programs. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in the InfoSec industry.
Identifying Risky Vendors: 7 Warning Signs You Shouldn’t Ignore
For individuals managing third-party risk, there is one primary question that needs answering: Are your vendors safe to do business with? Answering that question is not so straightforward. Third-party risk comes loaded with complexities and compromises. However, there are “red flags” you can look for when evaluating the security, privacy, and compliance programs of your vendors.
The Rise of Secure Access Service Edge (SASE)
Secure access service edge (SASE) offerings are cloud-delivered platforms that give consistent security across different applications, devices, web destinations, on-premises resources, and infrastructure. To achieve this, these platforms deliver a variety of functionality from complementary security solutions. As organizations operate in our frenetic business world, SASE becomes imperative. In this session, you will learn:
Defense-in-Depth: 3rd Party Risk
Layering Defense in Depth (DiD) with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors. From individual laptops, to VPN to the WAN, the old paradigm of “castles and moats” is soooo 1999. How are organizations defending against inventive hackers penetrating their systems in 2020?
Lunch Briefing – Starts at 12 noon
Securely Connecting the Right People to the Right Technologies
As global enterprises adapt to the new reality of cloud-first infrastructure, the rise of different types of accounts and identities has asymmetrically complicated things. Cloud, mobile, social, and personal networks have types of identities, platforms, services, and technologies not traditionally addressed by enterprise IAM. Where an employee may have once had one email password, now IT manages dozens of credentials for SaaS platforms on multiple devices.
Knowing one security slip-up can be the end of business, identity access management solutions give IT the ability to manage access control and identity with the same speed and confidence for 10 employees as for 10,000. This frees them from time-consuming manual tasks – like password resets – and allows them to focus on more challenging, fulfilling projects to drive company growth.
Join us for this short presentation to learn how optimizing your IAM provides a seamless way to manage user identities and access while protecting against credential-focused attacks.
Customer-oriented, passionate sales engineer, with over 7 years experience in Unified Endpoint Management, Identity and Access Management, enterprise software implementation.
Specialties include Enterprise Mobility Management (EMM), Public key infrastructure (PKI) integration, Identity and Access Management, large-scale enterprise software implementation, requirements elicitation, use case modeling, requirements traceability, and converting business requirements to technical specifications.
Lunch / Solutions Showcase Open
Klint Walker is the Cyber Security Advisor for Region IV which covers Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, and Tennessee. As the CSA, Klint is the liaison between Federal services and State, Local, territorial and Tribal Governments, Critical Infrastructure and Private Industry. He serves as the focal point for communications to promote Cyber Preparedness, incident response, risk mitigation and situational awareness. He provides direct coordination, outreach, and regional support in order to protect cyber components essential to the sustainability, preparedness, and protection of the Nation’s Critical Infrastructure and Key Resources (CIKR) and State, Local, Territorial, and Tribal (SLTT) governments
Mr. Walker has previously held positions as an Information Systems Security Officer for the Department of Health and Human Services where he assisted in establishing the Computer Security Incident Response Center (CSIRC).
Mr. Walker also held the position of Chief Information Security Officer for the National Air and Space Intelligence Center (NASIC). In this role he was responsible for the operational resiliency of classified networks and facilities in adherence with DoD Standards and guidelines.
Developing Your Identity Strategy
Remember when identity management meant creating new accounts and resetting user’s passwords? Over the years, digital identity has evolved into much, MUCH more. Your identity program now includes not just identity management, but also access management, privilege management, and even customer identity management, all of this falling under the umbrella of identity governance. More importantly, identity has shifted from being a basic operations function to the cornerstone for business enablement and digital transformation. In this presentation, Rob walks you through key considerations when developing your identity strategy to help you improve the current state of your program while building a solid foundation for the future of your identity program.
Rob is a veteran of the cybersecurity industry with over 20 years of experience. Throughout his career he has focused on Identity governance & access management, as well as APIs & microservices. Rob’s ability to address both business and technical requirements, and provide effective solutions has enabled him to become a trusted advisor for clients across multiple industries. Rob holds a Bachelor of Technology Management, a MSc in IT, and Advanced Certificates in Telecommunications Management and Enterprise Architecture. When not working with clients, he enjoys outdoor activities with family, gaming, and having lively conversations.
Cyber Resilience: Rethinking your data protection strategy in the age of ransomware.
Ransomware threats increased by 300% last year, and the industry is expecting it to get worse. Ransomware victims’ greatest pains are downtime and data loss. Current DR and Backup solutions aren’t equipped to help you manage it at the speed of business. Join us for this discussion on how to transform your data protection approach to ensure you can protect your data and resume operations almost instantly when facing a ransomware attack. See you there!
Andy Fernandez is a Global Product Marketing Manager at Zerto. With a focus on product marketing and launches, he strives to translate technical innovation to business value. After spending years in various technology companies and entrepreneurship pursuits, Andy is focused on launching industry-leading products and accelerating their adoption.
The Fear Factor: Reducing Risk in Your Environment
Security is a top priority for organizations today. In this session, attendees will learn how to improve their organization’s security posture in the following ways:
This session will help attendees to understand that fear should not be a factor in their approach to security.
Greg has 18 years’ experience as an IT Director for organizations in compliant environments including healthcare, medical device, and pharmaceuticals. He has an undergraduate degree in Computer Information Systems from Indiana University and an MBA from UNC-Wilmington. Greg is an ISACA Certified Information Systems Auditor, passing his exam in the 90th percentile. Greg’s initiative led to the creation of our Security Audit and Compliance team, which now focuses on framework-based assessments (NIST, HIPAA, ISO), Internal Audit as a Service (IAaaS), Penetration Testing and Virtual CISO offerings.
Rise of the Machines: Best Practices for Securing Unmanaged and IoT Devices
For many years now, enterprise networks have seen an explosive rise in devices that are challenging for security teams to secure. These include not only unmanaged devices, but also the extensive portfolio of Internet of Things (IoT) in enterprises such IP cameras, conference room TVs, smart building systems, manufacturing machines and medical devices.
Join Ordr CSO Jeff Horne in this webinar to learn:
Jeff Horne is currently the CSO at Ordr where he is responsible for security direction both within Ordr products and internal security.
He was the VP of Information Security for Optiv where he was responsible for all Security Operations, Governance Risk and Compliance, Endpoint, Internal Incident Response, Physical Security, and Employee Security Awareness groups.
Jeff was the Senior Director of Information Security for SpaceX where he was responsible for the overall security strategy of SpaceX and managing the Information Security, Compliance (ITAR), Security Operations, and Physical Security groups.
Jeff was the Vice President of R&D and Chief Architect for Accuvant LABS where he managed teams of researchers and consultants specializing in reverse engineering, malicious code, incident response, breach analysis, and vulnerability assessment.
Jeff was the Director of Threat Research at Webroot Software where he led several teams of malware researchers, reverse engineers, and a development organization specializing in creating anti-malware functionality and detection signatures for all Webroot products.
Jeff began his career as a Vulnerability Researcher at Internet Security Systems where he was responsible for vulnerability discovery, exploit creation, IDS evasion research, and behavioral detection of malware. Jeff is well known for his insight in interviews for numerous news channels and publications, speaking roles at various security conferences, as well as authoring several vulnerability disclosures and patents.
Users as the Attack Vector – People and Security
Users, those carbon-based life forms usually roaming the halls of your buildings, are the last line of defense. Training, tools, and education help – but what are we doing to make sure they are not the weakest link?
CyberSecurity Ratings: Market Forces and Future Considerations
In this session, David will examine the most prevalent issues that attribute to third party breaches. He will review the challenges surfaced by the current work from home requirements, new COVID-19 risks, and additional concerns posed by the necessity for expanded collaboration.
He will explain what is a cybersecurity rating, and what are the major factors that comprise one. Comparing this with traditional Vendor Risk Management, he will revisit some of the challenges due to questionnaire exchange, manual processes, third-parties with access to sensitive data, and risk mitigation strategies.
David will explain the key elements included in a Cyber Risk Management solution, and contrast the drawbacks of point-in-time solutions that try to address these risks. Highlighting a recent case study, he discusses key requirements–such as automation, collaboration, centralized insights, prevention, and maximizing ROI–which led to multi-million dollar savings.
Looking to the future, David will share some cybersecurity rating predictions, discussing the major tailwinds in vendor risk management. He will explain how these solutions enable organizations to make more informed, less risky, and decisions faster.
David Ortiz is the Senior Director of Systems Engineering, Western United States and Asia territories, at SecurityScorecard.
With over 20 years in Network and Security industries, David has worked closely with Fortune 500 and SMB companies and partners to architect security solutions, including SaaS, Cloud, Mobile, and Security technologies. He has previously held management positions at HPE, Symantec, and Novell in strategic roles within Engineering, Business Development, Sales, and Services. In addition, he holds certifications from Cisco, Oracle, VMware, Fortinet, to name a few. He has trained hundreds of professionals in networking and security technologies. David holds an MBA from Santa Clara University.
Security & Privacy: CCPA, CCPA 2.0 and CPRA
In this short session, our CSO Michael will interview Scott Giordano, an attorney and data privacy expert. They will discuss the changes expected due to the recent passage of “Prop 24” in California, which puts CCPA 2.0 on track to become law. This, along with the California Privacy Rights Act (CPRA), is expected to have far-reaching effects across the country – not just in California, and may be seen as a model for future compliance and privacy regulations going forward. Michael and Scott will preview the loger discussion that will be the subject of a CISO Panel and Web Briefing later this month for the Data Connectors Community.
Learn More here: https://info.dataconnectors.com/spirion_compliance
Summary of Day one, what to expect tomorrow… And Remember the Solutions Showcase is Open until 6:00pm ET on Day One!
Data Connectors is proud to host Day 2 of the Atlanta Virtual Cybersecurity Summit.
Times for this Event are in Eastern Standard Time (EST)
Understanding and Combating Credential Stuffing Attacks
Credential stuffing attacks are the most common threats observed at Auth0. These attacks can lead to fraud, loss of reputation, and ultimately, loss of revenue.
In credential stuffing attacks, threat actors use stolen credentials from one breach to take over users’ other accounts. This is effective because, according to Google, 65% of people reuse passwords across multiple accounts. On some days, these attacks originate from more than 50,000 IP addresses and may account for as much as half of all login attempts using our platform. Even the most mature companies are vulnerable if they don’t have the right preventative measures in place.
Join Auth0 to learn:
Chris Scott is a Senior Solutions Engineer at Auth0. Leveraging his past experience in both software development and enterprise sales, Chris provides education and guidance to security professionals looking to strengthen their identity strategy.
Building Cyber Resilience: Finding Factors not Fault
Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of corporate security, or worse, bury the true causes of incidents and lead to repeated data breaches or business disrupting cyber incidents. In this session, we will explore real-world incidents and threats to assemble an actionable cyber resilience framework that adapts to distributed assets, remote workers, and virtual workloads.
As a member of the LegalSec Council with the International Legal Technology Association (ILTA), Mark Sangster is a cybersecurity evangelist who has spent significant time researching and speaking to peripheral factors influencing the way that legal firms integrate cybersecurity into their day-to-day operations. In addition to his passion for cybersecurity, Mark’s 20-year sales and marketing career was established with industry giants like Intel Corporation, BlackBerry, and Cisco Systems. Mark’s experience unites a strong technical aptitude and an intuitive understanding of regulatory agencies. During his time at BlackBerry, Mark worked on the first secure devices for government agencies. Since then, he has continued to build mutually beneficial relationships with regulatory agencies in key sectors. Mark holds a Bachelor’s degree in Psychology from the University of Western Ontario and a Business Diploma from Humber College.
Securing Legacy Hardware Architecture Apps in Modern Cloud Infrastructure
Mission-critical applications running on legacy hardware, such as SPARC, Alpha, VAX, or PA-RISC, are posing a significant, on going threat to IT security in addition to risk of unplanned downtime, increasing costs, and diminishing support. Legacy hardware also complicates digital transformation brought about by embracing new technologies. In this presentation, we’ll discuss some effective strategies for migrating legacy apps away from aging hardware to a private or public cloud. We’ll also discuss bringing improved availability and enhanced security leveraging zero trust architecture to these previously brittle legacy apps.
Marlin is the Co-founder and Managing Partner of the Yucca Group and specializes in application high availability, enterprise architecture, and enterprise workload performance in vSphere. He pioneered virtualizing Oracle RAC on VMware and has expertise in virtualizing Tier 1 Oracle RAC on VMware and migrating workloads to AWS using RDS and EC2, Oracle Cloud, and on prem VMWare. Previously, Marlin was the Technical Services Director at Justice Systems and was the Technical Editor for “Virtualizing Oracle Databases on vSphere”. Marlin has a B.S. in Computer Science and a M.B.A from The University of New Mexico and resides in Albuquerque, New Mexico.
The Anatomy of A Cyber Incident Response – Dissecting A Real-World Event & Critical Mitigation Steps
It’s the day IT leaders dread — Ransomware has taken control of your entire network. A few hours ago, everyone was working productively, and now the entire company has come to a screeching halt. The network, email, CRM, ERP, internal and customer databases are down. Could this have been prevented? The answer is almost always: Yes
With cybersecurity and network experience spanning more than two decades, Michael C. Sullivan is focused on keeping an organization’s data healthy and safe. Michael’s core capabilities include network security, routing, switching, wireless, and WAN optimization with an emphasis in cybersecurity. He is a CISSP and Certified Ethical Hacker along with 4011 and 4013 recognitions from the National Security Agency (NSA) and Committee on National Security Systems (CNSS). Under his leadership, the network and security teams provide in-depth consulting and implementation services to architect complex security and network solutions for government and private sector organizations.
Michael holds a BS in computer science from Framingham State University, in Framingham, MA and is a native of the Boston area.
Compliance, Automation and Cybersecurity
Managing compliance needs as a continuous, organizational process (as opposed to a reactive response), amid the ever-increasing myriad of industry regulations and legislation has become a full time job for most CISOs. Automation – including artificial intelligence and machine learning will help, and are perhaps more critical than ever.
In this panel, our experts will discuss the current issues with regard to compliance, monitoring, and reporting. They’ll also talk about policy decisions and regulations that have kept their clients busiest in 2020, and how much help we can expect from automation.
Lunch Briefing – Starts at 12 noon
The Last Line of Defense: The Importance of having a robust and comprehensive Data Protection strategy
Data protection is experiencing a resurgence. Historically it’s been seen as an innovation backwater and as “insurance”, but with the growth of Ransomware and cybercrime, and increasing risk, organizations are having to modernize their data protection architectures and strategies to ensure that data can be recovered quickly to ensure that an Organization can survive an attack. Join this session to learn about the latest innovations in the data protection space and how they can be deployed to provide a comprehensive last line of defense.
David joined Pure Storage in October 2018 as the Rapid Restore Solutions Director and is responsible for the Rapid Restore solutions roadmap, working with our Data Protection partners (Veritas, Veeam, CommVault & Rubrik) and making sure the Pure sales field has all the tools and enablement they need to be successful. Previously, David spent a year at Amazon Web Services building a competitive team to work directly with Amazon’s sellers and customers. Before that David spent 17 years at Veritas Technologies in a number of roles – SE, SE Manager and later was responsible for building a Competitive Intelligence team. He left Veritas as the Director of Competitive and Market Intelligence in 2017.
Lunch / Solutions Showcase Open
Reducing Friction and Managing Remote Work Environments
The business world has changed and many of those changes, like remote working, are here to stay. And keeping your teams safe during this period is a no-brainer—as is making sure their remote endpoints are managed and secure. But with these changes come a list of concerns and issues that many organizations just are not ready to address, sometimes highlighting legacy support policies and even out-of-standard technological needs. The friction of everyday management of the full enterprise has increased, putting a strain on the IT and support staff as well as the users.
During this presentation, I will address common areas of friction in endpoint management as well as ways to pinpoint friction in your environment, and finally ways to address the problems and setup your organization for scalability with endpoint management.
Jay Goodman is a product marketing expert and intelligence consultant with experience working with Fortune 500 companies and startups alike. Jay joined Automox in 2019 and is responsible for the messaging and intelligence gathering functions within the company. Previously, Jay was a Product Manager for McAfee and an avid participant in the cybersecurity and competitive intelligence communities.
Why do Small Businesses Need Big Protection?
As a Small and Medium Business (SMB), it’s easy to feel like some of the biggest cybersecurity challenges are aimed at large organizations. The opposite is true. Small businesses face many of the same cybersecurity challenges as larger businesses: 66% experienced a cyberattack in 2019, and 63% experienced a data breach.
Yet, 75% of SMBs know they need more security – and 41% say they worry about breaches from SaaS Apps, which they rely heavily on. At the base of many of these challenges lies DNS Security. DNS protection is easier to add, and more impactful on reducing overall threats than any other single upgrade that can be made to an average system.
Rohit will discuss a simple, cloud-delivered security service that is cost-effective for a team of any size to deploy, use, and manage.
Rohit Sawhney leads the DNS Product Management team for Cloud Security at Cisco, with expertise in Cisco Umbrella and surrounding technologies. Rohit has vast experience in product development disciplines in leading global hi-tech organizations for over 20 years. Rohit has rich experience in presenting breakout sessions at Cisco Live events and representing Cisco at numerous other customer and partner events, trade shows, and exhibitions. Rohit holds degrees in Electrical & Computer Engineer and a Business MBA.
Reducing Risk in 2021, While Spending Less
This session will provide a roadmap for reducing risk in 2021. Preventing a breach in the coming year is going to be particularly difficult because most risk reduction strategies require significant increases in security spending, while analysts predict decreased security budgets. Using the MITRE ATT&CK framework, Netta will run through the anatomy of a modern attack to articulate this problem. Through this lens, she will explore the reasons why spending more doesn’t necessarily equate to stopping more attacks. More importantly, she will demonstrate some ways in which you can make impactful improvements to your security posture while managing to cut costs.
Netta Schmeidler, VP Product at Morphisec, has more than 25 years of experience delivering complex enterprise applications and managing global development groups and product teams. Her broad expertise includes all aspects of defining, building and successfully bringing solutions to market. Prior to Morphisec, Netta held senior product management and engineering roles at VMware (Digital Fuel), BMC, Identify Software, and Mercury. She received an MBA from Tel Aviv University, and a BSc in Computer Science from Hebrew University.
Why Zero Trust Architecture Will Be the New Normal in 2021
The COVID-19 pandemic brought changes no IT team was ready for: employees were sent home, customer interaction models changed, and cloud transformation efforts abruptly accelerated. Cloudflare recently commissioned Forrester Consulting to explore the impact of 2020 disruptions on security strategy and operations among companies of all sizes. To do so, they surveyed 317 global security decision makers from around the world.
Join Brian Parks, for an in-depth discussion of the survey results, followed by practical guidance for next year’s planning.
Brian Parks has two decades of experience helping technology companies grow revenues including diverse responsibilities managing Direct and Channel Sales, Partnerships, Marketing, Customer Success, Product Management & Engineering.
IAM + WFH: Changing face of Identity in a WFH World
By now, we’re tired of talking about how everyone had to do a rush job to prepare for everyone Working From Home (WFH). Many of us have hired new staff, who have never set foot in our office – and may never be on the corporate LAN. Going forward, as this is the new reality – how will our security practices around identity and access management and in particular authentication and authorization change?
Our panel are experts in these topics, and we will discuss various aspects of this challenge.
How to protect your enterprise the way the U.S. Secret Service protects the President
The United States Secret Service has been investigating financial crimes since its inception in 1865. Over time, the agency’s mission has expanded to include the protection of our nation’s leaders. Protecting the President of the United States is very similar to the Cybersecurity strategies used by most major businesses, but why are breaches so prevalent?
Throughout our long history of protection, several incidents like the attempted assassination of President Ronald Reagan, have prompted the Secret Service to implement lessons learned to harden the security of the commander and chief. Learn how to protect your business by employing the same methodology applied by the United States Secret Service. Even when you encounter a cyber incident, you can still prevail!
Additionally, this session will highlight some of the typical schemes used by cybercriminals, BEC, romance scams, and their new conversion to COVID-19 scams.
Hazel Cerra is a twenty year veteran with the United States Secret Service. Agent Cerra was assigned to the Former President William Clinton Protective Detail in Chappaqua, NY, where she spent four years traveling around the world in support of the Clinton Global Initiative.
Agent Cerra works out of the Philadelphia Field Office and is assigned to the Financial and Electronic Crimes Squad, where she investigates counterfeit currency, credit card fraud, identity theft, and cybercrime cases.
She earned a Bachelor of Science in Criminal Justice from New Jersey City University and she is also currently pursuing an MBA at Johns Hopkins University. Also, Cerra volunteers her time coaching a CyberPatriot and Girls Go Cyber team.
Solutions Showcase is Open until 6:00pm ET