Welcome / Introductions9:00 am - 9:05 am
Data Connectors is proud to host the Capital Region Virtual Cybersecurity Summit.
Session One9:05 am - 9:30 am
Managing Digital Risk in Transformative Times
Digital transformation is not only changing how companies think about business. It is changing how we think about risk. We need to *act* on risk, not worry about it. We need to start and end with the basics. In this session we review several key areas of digital risk management to target as you are challenged to be a key contributor in your company’s digital journey.
Ben Smith is Field Chief Technology Officer (Field CTO – US) with RSA, a Dell Technologies business. With 25 years’ experience in the information security, networking and telecommunications industries, he regularly consults on RSA’s security and risk management solutions. His prior employers include UUNET, CSC, and the US Government, along with several technology-oriented startups. He holds industry certifications in information security (CISSP), risk management (CRISC), and privacy (CIPT), and has presented on RSA’s behalf internationally at cybersecurity events sponsored by Gartner, FS-ISAC, SANS, IANS, CERT/SEI, RSAC, ISSA, (ISC)2, ISACA, Infosecurity, IIA, RMA, BSides, ASIS, InfraGard, HTCIA, SecureWorld, MWCA, ICI and other organizations.
Session Two9:30 am - 9:55 am
Risk Management – Insights in a World Gone Crazy
Join Phil Richards, CISO for Ivanti, as we discuss key concepts and strategies for Risk Management. A few of the questions to be addressed in this session include: Is risk always a bad thing? How do you categorize risk according to your company’s objectives? Do data breaches really impact the big companies? What are the steps to recognizing, assessing and managing risk? The answers to these and many other questions will be discussed in this very important and timely session.
Phil has both breadth and depth of security experience. He currently works as the Chief Information Security Officer for Ivanti. He has held other senior security positions including the head of operational security for a medical manufacturing corporation, Chief Security Officer for financial services technology (FinTech) company, and Engineering Director at a regional healthcare corporation. In his security leadership roles, he has created and implemented information security policies based on industry standards. He has led organizations to clean PCI DSS and HIPAA compliance attestations, implemented security awareness training, and established a comprehensive compliance security audit framework based on industry standards. He has led Ivanti through their most recent FedRAMP authorization process. He has implemented global privacy policies, including addressing privacy issues in the European Union. Transforming an organization requires focus on the objectives, clear communication, and constant coordination with executive leadership, which is exactly what Phil has focused on during his security career.
session three9:55 am - 10:20 am
Developing Your Identity Strategy
Remember when identity management meant creating new accounts and resetting user’s passwords? Over the years, digital identity has evolved into much, MUCH more. Your identity program now includes not just identity management, but also access management, privilege management, and even customer identity management, all of this falling under the umbrella of identity governance. More importantly, identity has shifted from being a basic operations function to the cornerstone for business enablement and digital transformation. In this presentation, Jerod walks you through key considerations when developing your identity strategy to help you improve the current state of your program while building a solid foundation for the future of your identity program.
By day, Jerod Brennen (@slandail) is a storyteller, teacher, speaker, advisor, and security architect.
By night, he’s a husband, father, writer, filmmaker, martial artist, musician, and gamer. It’s fair to say that he’s earned every gray hair in his beard, having spent his career fulfilling infosec roles in consulting, higher education, retail, and public utilities.
Jerod loves to share what he’s learned over the years every chance he gets: at local and regional professional meetings, at larger conferences, and online via blogs and podcasts. He has published multiple online information security courses with Pluralsight and LinkedIn Learning, and he also teaches courses in person, both domestically and internationally.
At the end of the day, Jerod just wants to help folks get one step closer to doing what they want to do securely
Session Four10:35 am - 11:00 am
Credential Harvesting As a Service: How this Darkweb Organization Steals Your Microsoft Credentials
In this presentation, we will analyze the attack methods of a single advanced persistent threat organization that guarantees its dark-web customers that their messages will bypass Microsoft security. We will review the software they use to send email from anywhere in the world, their techniques that take advantage of both short- and long-lived vulnerabilities and the infrastructure to harvest credentials and perform attacks almost instantaneously.
You will be surprised by the sophistication of the tools as well as their ease of use. Updated regularly with release notes and training videos, they are not ‘hackers’, so much as software developers with a very clear product offer: 100% access to your inbox. We will watch them over time and show how the tricks they use provide us with the indicators-of-attack we need to stop them.
session five11:00 am - 11:25 am
Stopping Attacker Movement Before They Reach Crown Jewels
During a normal workday, credentials and connections proliferate within a network. Once inside, attackers use Mimikatz and other attack tools to automate and accelerate credential harvesting, network discovery, and privilege escalation. Until now, defenders have lacked the ability to get ahead of this process. Identifying and removing excess, high-risk, and rogue connections has been a manual effort and impossible to scale. The giant, sudden transition by millions of employees to working from home has only made the attack surface even more volatile.
In this webinar, we examine the various ways to deprive attackers of what they need to move laterally in your network by identifying and removing the riskiest pathways that lead to your crown jewels including:
- How normal business activity creates dangerous opportunities for malicious lateral movement
- The cyber hygiene functions needed to harden the network against modern APT attacks
- How continuous visibility into your attack surface can augment other core security functions, such as privileged access management (PAM) and vulnerability management
Wade Lance has been productizing new technologies in education, healthcare and information security for over 20 years. He has diverse experience in solution design for global 1000 cyber security teams, with an extensive background in advanced cyber-attack detection, and a specialty in cyber deception methods and platforms
Prior to his career in information technology, Lance was a professional mountain guide. As Program Director at Appalachian Mountaineering he developed a new method for technical rock and ice climbing instruction that is still used today to teach advanced skills for the most dangerous environments.
session Six12:00 pm - 12:45 pm
Cyber Resilience: Rethinking your data protection strategy in the age of ransomware.
Ransomware threats increased by 300% last year, and the industry is expecting it to get worse. Ransomware victims’ greatest pains are downtime and data loss. Current DR and Backup solutions aren’t equipped to help you manage it at the speed of business. Join us for this discussion on how to transform your data protection approach to ensure you can protect your data and resume operations almost instantly when facing a ransomware attack. See you there!
Andy Fernandez is a Global Product Marketing Manager at Zerto. With a focus on product marketing and launches, he strives to translate technical innovation to business value. After spending years in various technology companies and entrepreneurship pursuits, Andy is focused on launching industry-leading products and accelerating their adoption.
Morning Q&A session11:50 am - 12:20 pm
This session will feature all of the presenters from the morning agenda, answering questions from the audience live via video, in a panel format. Each presenter will take questions that pertain to their topic, and if there is time, they will also respond to a few questions about larger trends and directions that face all members of the cyber-security community.
lunch12:20 pm - 12:40 pm
Lunch / Solutions Showcase Open
session seven1:40 am - 2:05 pm
Implementing Security at the Speed of Innovation
There is no question that every organization is struggling to prevent cyber attacks, especially when it comes to their production environments. The mission critical information found in a modern Linux production infrastructure should be protected at all costs, unless that cost is stability and performance. The introduction of new innovations such as containers, the cloud, and hybrid environments have created an ever evolving attack surface that many struggle to keep up with and defend. This talk will discuss the challenges of and considerations you must make when securing an evolving production environment, all while trying to keep up security and operations teams happy.
Austin Britt is the director of solutions architecture at Capsule8. He was previously a Solution Architect at Veracode where he helped build and optimize application security programs across Fortune 100 organizations. Prior to Veracode, he was a technical services consultant for a Microsoft partner based in the Boston area. Austin is a Boston OWASP Chapter Member, as well as a CCSK from the Cloud Security Alliance.
session nine2:30 pm - 2:55 pm
Session Details Coming Soon
session ten3:10 pm - 3:35 pm
Session Details Coming Soon
session eleven3:35 pm - 4:00 pm
Session Details Coming Soon
afternoon Q&A Session4:00 pm - 4:20 pm
This session will feature all of the presenters from the afternoon agenda, answering questions from the audience live via video, in a panel format. Each presenter will take questions that pertain to their topic, and if there is time, they will also respond to a few questions about larger trends and directions that face all members of the cyber-security community.