Welcome / Introductions9:00 am - 9:05 am
Data Connectors is proud to host the Capital Region Virtual Cybersecurity Summit.
Session One9:05 am - 9:30 am
Managing Digital Risk Amid Disruption
Digital transformation is not only changing how companies think about business. It is changing how we think about risk. We need to *act* on risk, not worry about it. We need to start and end with the basics. In this session we review several key areas of digital risk management to target as you are challenged to be a key contributor in your company’s digital journey.
Ben Smith is Field Chief Technology Officer (Field CTO – US) with RSA, a Dell Technologies business. With 25 years’ experience in the information security, networking and telecommunications industries, he regularly consults on RSA’s security and risk management solutions. His prior employers include UUNET, CSC, and the US Government, along with several technology-oriented startups. He holds industry certifications in information security (CISSP), risk management (CRISC), and privacy (CIPT), and has presented on RSA’s behalf internationally at cybersecurity events sponsored by Gartner, FS-ISAC, SANS, IANS, CERT/SEI, RSAC, ISSA, (ISC)2, ISACA, Infosecurity, IIA, RMA, BSides, ASIS, InfraGard, HTCIA, SecureWorld, MWCA, ICI and other organizations.
Session Two9:30 am - 9:55 am
Risk Management – Insights in a World Gone Crazy
Join Phil Richards, CISO for Ivanti, as we discuss key concepts and strategies for Risk Management. A few of the questions to be addressed in this session include: Is risk always a bad thing? How do you categorize risk according to your company’s objectives? Do data breaches really impact the big companies? What are the steps to recognizing, assessing and managing risk? The answers to these and many other questions will be discussed in this very important and timely session.
Phil has both breadth and depth of security experience. He currently works as the Chief Information Security Officer for Ivanti. He has held other senior security positions including the head of operational security for a medical manufacturing corporation, Chief Security Officer for financial services technology (FinTech) company, and Engineering Director at a regional healthcare corporation. In his security leadership roles, he has created and implemented information security policies based on industry standards. He has led organizations to clean PCI DSS and HIPAA compliance attestations, implemented security awareness training, and established a comprehensive compliance security audit framework based on industry standards. He has led Ivanti through their most recent FedRAMP authorization process. He has implemented global privacy policies, including addressing privacy issues in the European Union. Transforming an organization requires focus on the objectives, clear communication, and constant coordination with executive leadership, which is exactly what Phil has focused on during his security career.
session three9:55 am - 10:20 am
Developing Your Identity Strategy
Remember when identity management meant creating new accounts and resetting user’s passwords? Over the years, digital identity has evolved into much, MUCH more. Your identity program now includes not just identity management, but also access management, privilege management, and even customer identity management, all of this falling under the umbrella of identity governance. More importantly, identity has shifted from being a basic operations function to the cornerstone for business enablement and digital transformation. In this presentation, Rob walks you through key considerations when developing your identity strategy to help you improve the current state of your program while building a solid foundation for the future of your identity program.
Rob is a veteran of the cybersecurity industry with over 20 years of experience. Throughout his career he has focused on Identity governance & access management, as well as APIs & microservices. Rob’s ability to address both business and technical requirements, and provide effective solutions has enabled him to become a trusted advisor for clients across multiple industries. Rob holds a Bachelor of Technology Management, a MSc in IT, and Advanced Certificates in Telecommunications Management and Enterprise Architecture. When not working with clients, he enjoys outdoor activities with family, gaming, and having lively conversations.
Session Four10:35 am - 11:00 am
Credential Harvesting As a Service: How this Darkweb Organization Steals Your Microsoft Credentials
In this presentation, we will analyze the attack methods of a single advanced persistent threat organization that guarantees its dark-web customers that their messages will bypass Microsoft security. We will review the software they use to send email from anywhere in the world, their techniques that take advantage of both short- and long-lived vulnerabilities and the infrastructure to harvest credentials and perform attacks almost instantaneously.
You will be surprised by the sophistication of the tools as well as their ease of use. Updated regularly with release notes and training videos, they are not ‘hackers’, so much as software developers with a very clear product offer: 100% access to your inbox. We will watch them over time and show how the tricks they use provide us with the indicators-of-attack we need to stop them.
session five11:00 am - 11:25 am
Stopping Attacker Movement Before They Reach Crown Jewels
During a normal workday, credentials and connections proliferate within a network. Once inside, attackers use Mimikatz and other attack tools to automate and accelerate credential harvesting, network discovery, and privilege escalation. Until now, defenders have lacked the ability to get ahead of this process. Identifying and removing excess, high-risk, and rogue connections has been a manual effort and impossible to scale. The giant, sudden transition by millions of employees to working from home has only made the attack surface even more volatile.
In this webinar, we examine the various ways to deprive attackers of what they need to move laterally in your network by identifying and removing the riskiest pathways that lead to your crown jewels including:
- How normal business activity creates dangerous opportunities for malicious lateral movement
- The cyber hygiene functions needed to harden the network against modern APT attacks
- How continuous visibility into your attack surface can augment other core security functions, such as privileged access management (PAM) and vulnerability management
Wade Lance has been productizing new technologies in education, healthcare and information security for over 20 years. He has diverse experience in solution design for global 1000 cyber security teams, with an extensive background in advanced cyber-attack detection, and a specialty in cyber deception methods and platforms
Prior to his career in information technology, Lance was a professional mountain guide. As Program Director at Appalachian Mountaineering he developed a new method for technical rock and ice climbing instruction that is still used today to teach advanced skills for the most dangerous environments.
session Six12:00 pm - 12:45 pm
Cyber Resilience: Rethinking your data protection strategy in the age of ransomware.
Ransomware threats increased by 300% last year, and the industry is expecting it to get worse. Ransomware victims’ greatest pains are downtime and data loss. Current DR and Backup solutions aren’t equipped to help you manage it at the speed of business. Join us for this discussion on how to transform your data protection approach to ensure you can protect your data and resume operations almost instantly when facing a ransomware attack. See you there!
Andy Fernandez is a Global Product Marketing Manager at Zerto. With a focus on product marketing and launches, he strives to translate technical innovation to business value. After spending years in various technology companies and entrepreneurship pursuits, Andy is focused on launching industry-leading products and accelerating their adoption.
Morning Q&A session11:50 am - 12:20 pm
This session will feature all of the presenters from the morning agenda, answering questions from the audience live via video, in a panel format. Each presenter will take questions that pertain to their topic, and if there is time, they will also respond to a few questions about larger trends and directions that face all members of the cyber-security community.
lunch12:20 pm - 12:40 pm
Lunch / Solutions Showcase Open
keynote12:45 pm - 1:40 pm
Resilience Matters: Cyber Threat Landscape and CISA Cybersecurity Resources Available for Building Operational Resilience
When it comes to cyber-attacks, It’s not a matter of if. It’s no longer even a matter of when. More so, it’s how frequent and how impactful will cyber-attacks be to operations. It’s not enough for organizations to simply focus on what protective measures to deploy. Organizations need to take a more holistic approach to managing cybersecurity risks in order to limit impacts to their operations. This presentation will provide a brief on cyber threats that cause impacts to operations, a discussion on operational resilience, cybersecurity risk management practices that enables operational resilience, and no-cost CISA cybersecurity resource available to public and private sector partners for building operational resilience.
Mr. Gilbert serves as a Cybersecurity Advisor in the Cybersecurity and Infrastructure Security Agency (CISA). He supports the Cybersecurity Advisor (CSA) program and CISA’s mission through the goal of strengthening the security, reliability and resilience of the Nation’s critical cyber infrastructure and serves in this role across the states of Virginia and West Virginia, as well as the District of Columbia.
As a CSA, Mr. Gilbert conducts various cyber preparedness, risk mitigation and incident response coordination activities though public and private partnerships and outreach efforts in support of CISA’s mission. Prior to this appointment, Mr. Gilbert had served as a senior analyst with the CSA program’s headquarters where he led the development of various tools used by the CSA program to measure and strengthen the cybersecurity management capabilities of critical infrastructure organizations.
Mr. Gilbert has been with CISA, and the Department of Homeland Security for over 10 years and has over 16 years of experience in cybersecurity spanning the commercial, federal civilian, and DoD communities. He currently holds the Certified Information Systems Security Professional (CISSP) certification, the Certified in Risk and Information Systems Control (CRISC) certification, the Certified Ethical Hacker (CEH) certification. Prior to joining DHS, Mr. Gilbert had served as an IT Specialist with the Virginia Army National Guard, and as an Airborne Infantryman in the U.S. Army’s 82nd Airborne Division.
session seven1:40 am - 2:05 pm
Implementing Security at the Speed of Innovation
There is no question that every organization is struggling to prevent cyber attacks, especially when it comes to their production environments. The mission critical information found in a modern Linux production infrastructure should be protected at all costs, unless that cost is stability and performance. The introduction of new innovations such as containers, the cloud, and hybrid environments have created an ever evolving attack surface that many struggle to keep up with and defend. This talk will discuss the challenges of and considerations you must make when securing an evolving production environment, all while trying to keep up security and operations teams happy.
Austin Britt is the director of solutions architecture at Capsule8. He was previously a Solution Architect at Veracode where he helped build and optimize application security programs across Fortune 100 organizations. Prior to Veracode, he was a technical services consultant for a Microsoft partner based in the Boston area. Austin is a Boston OWASP Chapter Member, as well as a CCSK from the Cloud Security Alliance.
session nine2:30 pm - 2:55 pm
A Modern Approach to Deception
Modern threat deception does not rely upon signatures nor behavioral patterns. It flips the paradigm on the attacker to be perfect or be detected. History and experience have shown us that human attackers can bypass next-gen perimeter and endpoint controls. Threat deception provides early detection of external, insider, and 3rd party attackers – protecting against new types of Active Directory attacks, delivering actionable alerts, strengthening overall defensive posture, while being simple to deploy and maintain with a small staff. Whether your organization is a Fortune 10 or one with less than 1000 employees, organizations across the globe are deploying modern Attivo Deception both on-prem and the cloud as a proactive measure to combat cyber criminals.
Jonathan Randall, CISSP has been on the business side of Cyber Security for more than 20 years, working at large global technology vendors, and small US based startups.
He is an advocate of clear communication, and unique approaches to security problem solving.
session ten3:10 pm - 3:35 pm
Your CEO is Not Your CEO! How to defend against email fraud
Email fraud leads to two main threats- one is Business Email Compromise (BEC) where attackers pretend to be you; the other one is Email Account Compromise (EAC) where attackers actually become you. BEC/EAC scams have cost the victimized businesses over $26 billion since 2016. What they have in common is that they both target people. They both rely on social engineering and are designed to solicit fraudulent wire transfers or payment. Unlike malware attacks, BEC and EAC don’t typically include detectable malicious payload. These types of threats can be hard to recognize because to the target these business requests sent by the impostors seem very routine and reasonable.
Join our session and learn about:
- What is BEC and EAC? And how do they work?
- What are the common attack tactics regarding this new form of email threats?
- Best practices to defend against BEC and EAC
Denis Ryan is Senior Director, Email Fraud for Proofpoint, Inc. Previously, Denis held management positions at several well-known high-tech companies including Nominum (now part of Akamai), Tellabs (now Coriant), Verizon and IBM. As a sales leader of the fastest growing business unit in Proofpoint, Denis oversaw the go to market sales and sales engineering strategy post the Return Path business unit acquisition. The diverse background of IT and security solutions allows Denis to overlay the Proofpoint sales efforts in multiple verticals, most notably Healthcare as Proofpoint has ramped this specialized team to improve email authentication practices. He resides in the Dallas-Fort Worth metroplex, mentors undergraduates for his alma mater (University of Dallas) and volunteers his time for various local charities.
session eleven3:35 pm - 4:00 pm
The Anatomy of A Cyber Incident Response – Dissecting A Real-World Event & Critical Mitigation Steps
It’s the day IT leaders dread — Ransomware has taken control of your entire network. A few hours ago, everyone was working productively, and now the entire company has come to a screeching halt. The network, email, CRM, ERP, internal and customer databases are down. Could this have been prevented? The answer is almost always: Yes
With cybersecurity and network experience spanning more than two decades, Michael C. Sullivan is focused on keeping an organization’s data healthy and safe. Michael’s core capabilities include network security, routing, switching, wireless, and WAN optimization with an emphasis in cybersecurity. He is a CISSP and Certified Ethical Hacker along with 4011 and 4013 recognitions from the National Security Agency (NSA) and Committee on National Security Systems (CNSS). Under his leadership, the network and security teams provide in-depth consulting and implementation services to architect complex security and network solutions for government and private sector organizations.
Michael holds a BS in computer science from Framingham State University, in Framingham, MA and is a native of the Boston area.
afternoon Q&A Session4:00 pm - 4:20 pm
This session will feature all of the presenters from the afternoon agenda, answering questions from the audience live via video, in a panel format. Each presenter will take questions that pertain to their topic, and if there is time, they will also respond to a few questions about larger trends and directions that face all members of the cyber-security community.