Data Connectors is proud to host the New York City Virtual Cybersecurity Summit.
You must successfully register to access this event. Registered attendees will receive their login credentials via email when the event opens at 8AM ET on August 19th. Please be sure Data Connectors is on your email whitelist!
Day 1, Welcome / Introductions9:15 am - 9:20 am
Day 1, Session One9:20 am - 9:40 am
Continuous Vulnerability Management: Striving for a 14 Day SLA
The importance of having a continuous vulnerability management process as part of an overall security program such as that provided by the CIS controls framework.
When threat actors exploit weaknesses in an organization’s IT infrastructure, the consequences can be devastating to productivity, reputation, and financially. Without treating cybersecurity as an ongoing process, hackers can find, weaponize, deploy, and attack your infrastructure faster than your team can patch the vulnerability leaving your infrastructure unprotected. Your systems may be secure today, but next week, a cybersecurity criminal may discover and exploit a critical vulnerability in your environment. Join us as we discuss how continuous vulnerability management can be executed effectively.
Chris Goettl is the Director of Product Management for security products at Ivanti. Chris has over 15 years of experience working in IT, where he supports and implements security solutions for Ivanti customers and guides the security strategy and vision for Ivanti security products. He is also a security evangelist speaking at security events globally where he gives guidance around modern cyber threats and how to combat them effectively. Chris hosts a monthly webinar focusing on Patch Tuesday and security vulnerabilities, and frequently blogs about security topics. You can find bylines and commentary from Chris in notable security news sources like SC Magazine, Redmond Magazine, ComputerWorld, ThreatPost, Help Net Security, and more.
Day 1, Session Two9:40 am - 10:00 am
Credential Harvesting As a Service: How this Dark Web Organization Steals Your Microsoft Credentials Presentation
In this presentation, we will analyze the attack methods of a single advanced persistent threat organization that guarantees its dark-web customers that their messages will bypass Microsoft security. We will review the software they use to send email from anywhere in the world, their techniques that take advantage of both short- and long-lived vulnerabilities and the infrastructure to harvest credentials and perform attacks almost instantaneously. You will be surprised by the sophistication of the tools as well as their ease of use. Updated regularly with release notes and training videos, they are not ‘hackers’, so much as software developers with a very clear product offer: 100% access to your inbox. We will watch them over time and show how the tricks they use provide us with the indicators-of-attack we need to stop them.
Day 1, Session Three10:30 am - 10:50 am
Threat Hunting & Modern Security: 3 Fundamental Flaws
Security Operations is a discipline continuously evolving – with the evolution of tools and processes , there are still 3 fundamental flaws that exist with Modern Security Operations. We will examine 3 specific flaws of modern security operations:
- Risk Acceptance
- SOC Alert Overload
- Inability to mitigate all Zero-Day Attacks.
We will start the discussion with a quick SOC capacity expertise, review in detail the 3 fundamental security flaws, revisit the math from the SOC capacity exercise to understand “what is being missed based upon my current capacity?” We will also cover costs to the business for associated with these flaws and wrap up with some suggestions for mitigation.
Jim Rohde, Director of Presales Engineering at CRITICALSTART is responsible for leading a team of security experts supporting technical conversations for CRITICALSTART’s products & services, including their flagship offering: Managed Detection & Response.
Prior to CRITICALSTART, Jim held leadership roles at large Managed Security Service providers including Secureworks & Trustwave where he has received numerous awards for customer & company exceeding objectives. Jim’s expertise in a multitude of security domains over his career has made him a sought after Trusted advisor for organizations of all sizes.
Day 1, Session Four10:50 am - 11:10 am
Introduction to Risk-Based Vulnerability Management
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.
But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.
Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:
- Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
- Details the findings on how risk-based is the way to get ahead in vulnerability management
- Lays out several factors that drive better remediation performance
- Provides steps for setting up a successful risk-based vulnerability management program
Ed Bellis is a security industry veteran and expert and known in security circles as “the father of risk-based vulnerability management.” He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats.
Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dharma and former advisor to SecurityScoreboard.com and Society of Payment Security Professionals. Ed is a contributing author to the book, Beautiful Security (Oram, Andy & Viega, John, O’Reilly Media, 2009).
He is a frequent speaker at industry conferences. Recent engagements include the 2017 Enterprise Security Summit (Dos and Don’ts of Establishing Metrics that Cultivate Real Security) and InfoSec World (Amateur Hour: Why APT’s Are the Least of Your Worries).
panel #1 - Identity: the New Perimeter?11:10 am - 11:35 am
Identity: the New Perimeter?
The 2000’s view of “perimeter” in terms of security conjures up an analogy about castles and moats… but today, the question is, where is the moat? As we turbo-charged Work From Home this year, and BYOD is just a way of life – have your Identity and Access Management practices kept-up?
day 1, Lunch Break11:35 am - 12:10 pm
Lunch / Solutions Showcase Open
Day 1, keynote12:10 pm - 1:00 pm
Tom will discuss the USSS’ current posture during the COVID19 pandemic. He will discuss how the pandemic, and the current telework posture of the majority of the private and public workforce has had on effect on criminal activity, cyber hygiene, and the incident response process. He will discuss the continued importance of having a relationship with federal law enforcement and the need for timely reporting of incidents and events, especially if the incident involves the loss of money through U.S. and International financial systems.
Tom brings with him over 25 years of military and federal law enforcement experience with over 20 years dedicated to the United States Secret Service. He served as a Special Agent in assignments that included the Cleveland Field Office, New York Field Office, Presidential Protective Division, 2012 Presidential Campaign Operations Section, Dignitary Protective Division, and as a Supervisory Special Agent in the United States Secret Service’s Training Academy and the Newark Field Office. Tom’s Protective experience included permanent assignments on both the President Bush and President Obama protective details. He has investigated a wide range of financial crimes that include counterfeit money, identity theft, money laundering, and credit card fraud. Tom supervised the Cyber Fraud Task Force at the Newark Field Office from 2016-2020 where he oversaw complex international cyber investigations that include network intrusions, account takeovers, business email compromises and other cyber schemes that target the financial infrastructure of the United States. In April of 2020, Tom was promoted to the Assistant Special in Charge of the New York Field Office where he manages all USSS led investigations in the New York district. In his current position Tom remains an integral part NY/NJ Cyber Crimes Task Force where he acts as a liaison between the United States Secret Service and over 400 members from the private sector. Tom holds an undergraduate degree in Law and Society and a Master’s Degree in Public Administration.
Day 1, sesson five1:05 pm - 1:25 pm
Shifting PAM into High Gear with Zero Standing Privilege (ZSP)
Zero Standing Privilege (PAM) was a new term introduced in 2019 and might just be the best approach to shift your PAM strategy into high gear. In this short presentation, we’ll discuss how PAM projects were managed historically and highlight a new PAM approach to reduce the impact of compromised admin credentials.
Do you know what admin credentials exist today or even how they change over time in your organization? This is just one of several challenges we’ll discuss, offer a solution and discuss the need and value of frequent scanning of admin rights, reporting on current standing privileges and the adoption of a ZSP and Just-In-Time administration.
So, if you’re looking for quick wins in PAM, including removing local admin rights and support for DevOps+PAM use cases, join the discussion and learn how other organizations like yours have succeeded.
Paul Lanzi is the co-founder and COO of Remediant. Paul and Tim Keeler worked together in the IT departments of several biotechs including Genentech, Roche and Gilead Sciences before starting Remediant. At each of those organizations, they saw first-hand the drawback of the legacy approaches to PAM and were inspired to create something new. Paul’s previous corporate IT experience includes project and program management, corporate mobile app development team management and recruiting and managing full-stack web development teams. Paul has a passion for excellent user experience (UX) and project management, having held a PMP certification from the Project Management Institute since 2005. Paul also holds a BS with Honors in Computer Science from UC Davis.
day 1, session six1:25 pm - 1:45 pm
Get Rich Quick with Ransomware! A Lazy Hacker’s Perspective for Enterprises
Think Ransomware isn’t for you? In this enlightening talk, Gil Azrielant, co-founder of Axis Security, will quickly discuss the business opportunities, the technologies, the industry and the mechanics attracting hackers the world over to ransomware. In the process Gil will reveal how some enterprises can use new technologies to defend themselves against attack.
Gil Azrielant is co-founder and CTO of Axis Security. Gil is responsible for technology strategy and the development of the company’s cloud-based zero-trust application access platform. Prior to joining Axis Security, Gil was co-founder & CTO of Cool Cousin, a cloud-based platform for travelers looking to unlock outstanding travel experiences.
Gil’s cybersecurity career began in the elite Unit 8200 of the Israeli Army Intelligence Corps, where he worked on advanced cyber security and code decryption. He served five years inside this elite unit, working as a researcher and team leader.
Gil holds a Bachelor of Science degree in Computer Science and graduated magna cum laude from IDC Herzliya, one of Israel’s leading academic institutions.
day 1, Session seven2:15 pm - 2:35 pm
Deciphering SOC 2 Compliance in Cloud-Native Environments
How did a fairly straightforward endeavor – an IT audit – become that monster under the bed?
Compliance projects all too often feel a massive box checking exercise. You may be pulling staff and co-workers into a vast abyss, mapping arcane compliance controls, deciphering audit speak, all to hopefully pass an audit and maybe shore up security. So how can you, the IT experts, quickly tease out the essence of what an auditor needs to give them confidence that you have passed an audit?
In this presentation we will use the example of a SOC 2 Type 1 audit in a cloud-native environment to demystify all of the dots, dashes and control numbers, giving you a high level roadmap of key elements required to pass your own SOC 2 audit regardless of where you are on your cloud native or compliance journey.
Cynthia brings more than 15 years of IT and program-manager experience to Capsule8. Prior to joining Capsule8 as a program manager, Cynthia was an assistant director and program manager with KPMG‘s international audit division-leading projects to develop KPMGs audit-collaboration tools.
day 1, Session eight2:35 pm - 2:55 pm
Three Things You Need to Know About New CCPA Regulations
This presentation describes the many cyber security requirements of the California Consumer Privacy Act. Included is an analysis of additional requirements recently published by the California Attorney General.
Understand the most pressing elements of the Regulations
Learn how to prioritize and rationalize your compliance efforts
How to leverage your efforts in advance of CCPA 2.0
Scott M. Giordano is an attorney with more than 20 years of legal, technology, and risk management consulting experience. An IAPP Fellow of Information Privacy and a Certified Information Security Systems Professional (CISSP), Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management. Prior to joining Spirion, he served as Director, Data Protection for Robert Half Legal and established the global privacy program for Esterline Technologies Corporation in Bellevue, WA.
During his career, Scott has held senior positions at several legal technology firms and is listed as co-inventor on Intelligent Searching of Electronically Stored Information, patent application no. 13/842,910. In addition, he taught the first law school course anywhere on electronic evidence and e-discovery.
Scott is a member of the bar in Washington state, California, and the District of Columbia.
Panel #2 - AI & ML in Cybersecurity: Can we ‘Science the heck’ out of trouble?2:55 pm - 3:25 pm
AI & ML in Cybersecurity: Can we ‘Science the heck’ out of trouble?
We get it, Artificial Intelligence (AI) with particular focus on Machine Learning (ML) is one way to overcome advanced threats with particular attention to scale. That said, those terms are thrown at our executives to delight, amaze and confuse them. How do we really discern between them as tools in our kit versus ‘Weapons of Mass Distraction’?
Day 1, ciso panel
Day 1, closing session
Summary of Day one, what to expect tomorrow… And Remember
Solutions Showcase is Open until 6:00pm ET on Day One!
Day 2 - Welcome / introductions9:15 am - 9:20 am
Day 2, Session one9:20 am - 9:40 am
Cyber Resilience: Rethinking your data protection strategy in the age of ransomware.
Ransomware threats increased by 300% last year, and the industry is expecting it to get worse. Ransomware victims’ greatest pains are downtime and data loss. Current DR and Backup solutions aren’t equipped to help you manage it at the speed of business. Join us for this discussion on how to transform your data protection approach to ensure you can protect your data and resume operations almost instantly when facing a ransomware attack. See you there!
Andy Fernandez is a Global Product Marketing Manager at Zerto. With a focus on product marketing and launches, he strives to translate technical innovation to business value. After spending years in various technology companies and entrepreneurship pursuits, Andy is focused on launching industry-leading products and accelerating their adoption.
day 2, session two9:40 am - 10:00 am
Managing Digital Risk Amid Disruption
Digital transformation is not only changing how companies think about business. It is changing how we think about risk. We need to *act* on risk, not worry about it. We need to start and end with the basics. In this session we review several key areas of digital risk management to target as you are challenged to be a key contributor in your company’s digital journey.
Ben Smith is Field Chief Technology Officer (Field CTO – US) with RSA, a Dell Technologies business. With 25 years’ experience in the information security, networking and telecommunications industries, he regularly consults on RSA’s security and risk management solutions. His prior employers include UUNET, CSC, and the US Government, along with several technology-oriented startups. He holds industry certifications in information security (CISSP), risk management (CRISC), and privacy (CIPT), and has presented on RSA’s behalf internationally at cybersecurity events sponsored by Gartner, FS-ISAC, SANS, IANS, CERT/SEI, RSAC, ISSA, (ISC)2, ISACA, Infosecurity, IIA, RMA, BSides, ASIS, InfraGard, HTCIA, SecureWorld, MWCA, ICI and other organizations.
day 2, session three10:30 am - 10:50 am
Developing Your Identity Strategy
Remember when identity management meant creating new accounts and resetting user’s passwords? Over the years, digital identity has evolved into much, MUCH more. Your identity program now includes not just identity management, but also access management, privilege management, and even customer identity management, all of this falling under the umbrella of identity governance. More importantly, identity has shifted from being a basic operations function to the cornerstone for business enablement and digital transformation. In this presentation, Rob walks you through key considerations when developing your identity strategy to help you improve the current state of your program while building a solid foundation for the future of your identity program.
Rob is a veteran of the cybersecurity industry with over 20 years of experience. Throughout his career he has focused on Identity governance & access management, as well as APIs & microservices. Rob’s ability to address both business and technical requirements, and provide effective solutions has enabled him to become a trusted advisor for clients across multiple industries. Rob holds a Bachelor of Technology Management, a MSc in IT, and Advanced Certificates in Telecommunications Management and Enterprise Architecture. When not working with clients, he enjoys outdoor activities with family, gaming, and having lively conversations.
day 2, session four10:50 am - 11:10 am
How do you start a ML project? Finding the Breach with Infinity SOC
What is Machine Learning? Can you decipher buzzwords such as Artificial Intelligence, machine or deep learning, and differentiate between hype and fake news? Cyber-attacks are more prevalent than ever in our world today, with exponential, every-increasing variance, velocity, and volume of threat campaigns. This presentation aims to hopefully enable you to understand what lies beneath the words “AI-powered cloud” or more precisely “data driven security”.
The Security Operations Center (SOC) is often all that stands between an organization and a potentially financially devastating data breach. However, 98% of SOC teams face significant challenges in their mission to detect and shut down attacks. For many SOC teams, finding malicious activity inside their network is like finding a needle in a haystack. They are often forced to translate information from across a multitude of monitoring solutions and navigate through tens of thousands of daily alerts. This is crossroad where machine learning and security align to equip security analysts with relevant and actionable information to prevent and respond to threats in real time.
Elie Klein is a Security Engineer working with strategic accounts in the New York City area at Check Point Software for the last five years. Elie has consulted, designed, and overseen the implementation of global network security deployments within Fortune 500 companies across different verticals. Prior to joining Check Point, Elie worked as an Electrical Engineer at Gannett Fleming after serving as a Paratrooper in the IDF.
panel #3 - Users as the Attack Vector - People and Security11:10 am - 11:35 am
Users as the Attack Vector – People and Security
Users, those oft-confused carbon-based life forms usually roaming the halls of our office buildings, are the last line of defense. Training, tools, and education help – but what are we doing to make sure they are not the weakest link?
day 2, Lunch break11:35 am - 12:10 pm
day 2, ciso panel12:15 pm - 1:00 pm
Sajed NaseemCISONew Jersey Courts
James DawsonCISOFormer Head of Danske Bank / IT Risk Advisory, LLC for Danske Bank
Mike WilkesAdjunct Professor of CybersecurityNYU Tandon School of Engineering
Juan P. MoralesDeputy CISO, Global Information SecurityRealogy Holdings Corp.
Masha DemidovaSenior Information Security Risk ManagerN26
Jamie HermanCISOGeller & Company
day 2, session five1:05 pm - 1:25 pm
Shift Left – Building Security into the Application Development Lifecycle
By building security into your application development lifecycle you not only help reduce your attack surface, but also save roughly 30% in costs associated with resolving the application security vulnerabilities afterwards… never mind the costs associated with a breach, such as shareholder value and brand tarnishing.
Rob Aragao is a Cyber Security Strategist for the Americas within the Enterprise Security business unit of Micro Focus (merger of Hewlett Packard Enterprise Software). In this role, Mr. Aragao is responsible for working with organizations collaboratively to drive strategic initiatives around cyber security and alignment with business objectives and desired outcomes. He also provides thought leadership and insight regarding the ever changing global threat landscape.
Prior to joining Micro Focus, Mr. Aragao served as Vice President of Security Strategy at ReliaQuest with responsibilities for driving strategy, innovation and execution of a portfolio of security service offerings focused on the Fortune 1000. Previously, he was with eIQnetworks where he led security operations and services. Prior to eIQnetworks, he was with Altiris (acquired by Symantec), where he led the Worldwide Security Management Division. He has also held leadership roles with Level 3/Genuity, Stream International and Siemens.
Mr. Aragao brings over 20 years of information security experience with an emphasis in security and cyber risk best practices, threat intelligence, security monitoring and regulatory compliance initiatives.
Mr. Aragao’s experience has provided him with key insights into the challenges and approaches to combat today’s cyber threats. He is a frequent speaker and panel member and has presented at security conferences such as the International Conference on Cyber Security, FBI InfraGuard, SC Congress, Cloud Expo, Harvard IT Summit and other national and regional security events.
He earned a bachelor’s degree in Computer Information Systems and Business Management from Bryant University and is a Certified Information Systems Security Professional (CISSP).
day 2, session six1:25 pm - 1:45 pm
2020: The Passwordless Decade
As we enter the passwordless decade, more and more organizations are asking the question: How quickly can I move beyond passwords?
George Avetisov, CEO of HYPR, will discuss the rise of organizations moving to the cloud, how the perimeter fades and the attack surface gets larger.
Modern tools such as SNIPR and Modlishka make it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. How did we get here, and will mainstream adoption of passwordless security have an impact?
We will explore how the rise of virtual desktop infrastructure has affected workstation login and review how the evolution of authentication has impacted organizations’ identity and access management systems.
In this session, you’ll learn:
• Why is Credential Reuse at All-time Highs?
• How has Authentication Evolved?
• Why this is the Passwordless Decade
George Avetisov is Cofounder and Chief Executive Officer of HYPR, responsible for strategy and execution of the company’s vision. George sets forth the product and technical direction of the company, architects sales and marketing strategies, and works closely with team leads to build strong company culture. Under George’s leadership, HYPR has grown to become a leading provider of decentralized authentication with millions of users secured across the globe. Named Forbes 30 under 30 in 2018, George brings with him a decade of experience in e-commerce, digital payments, and fraud prevention that have served as the foundation for HYPR’s vision.
day 2, session seven2:15 pm - 2:35 pm
A People-Centric Approach to Cyber Risk Management
Today’s threat landscape is characterized by attacks which focus on humans. For the third straight year, Proofpoint Threat Research has confirmed that over 99% of attacks are human-activated.
Developing a holistic cyber security program involves educating end users on where and how they are exposed to cyber-attacks, gathering metrics, and highlighting key areas where proactive steps can be identified to minimize risks to cyber-attacks.
During this presentation, we’ll cover:
- The clearly defined risk areas that are frequently targeted in cyber-attacks, with clear examples and use cases
- How organizations can implement a People-Centric security approach, decreasing their vulnerability to cyber threats.
Jack Johnson has been enjoying his current role as a Sr. Solutions Engineer with Proofpoint for the past 3+ years and is a recognized subject matter expert in the information security industry. Specializing in detecting and mitigating Social Engineering attacks, Jack has over 25 years of experience having begun his adult career by serving 8 years in the US Navy as a Naval Cryptologist. Transitioning to his civilian career he leveraged skills learned in the Navy to obtain a role as an Enterprise Linux Systems Engineer where he learned OS and network security first hand. Ultimately Jack found himself in a role as a SOC Manager, where he managed a phishing takedown service for 13+ years before joining Proofpoint.
day 2, session eight2:35 pm - 2:55 pm
Reducing Friction and Managing Remote Work Environments
The business world has changed and many of those changes, like remote working, are here to stay. And keeping your teams safe during this period is a no-brainer—as is making sure their remote endpoints are managed and secure. But with these changes come a list of concerns and issues that many organizations just are not ready to address, sometimes highlighting legacy support policies and even out-of-standard technological needs. The friction of everyday management of the full enterprise has increased, putting a strain on the IT and support staff as well as the users.
During this presentation, I will address common areas of friction in endpoint management as well as ways to pinpoint friction in your environment, and finally ways to address the problems and setup your organization for scalability with endpoint management.
Richard Melick has spent over a decade advancing through the security industry with his considerable experience and considerable focus on the stories surrounding ransomware, hacking, and cyber attacks. He has been a security speaker on five continents and has even advised royalty on how to make and distribute ransomware.
Panel #4 - Ransomware - to Pay, or Not to Pay?2:55 pm - 3:25 pm
Ransomware – to Pay, or Not to Pay?
Ransomware has been a hot topic of 2020, as bad actors show there is no honor among thieves – as they target hospitals, health care organizations and other firms in the throws of COVID response. Moreover, sensitive data is put at risk, huge sums of money are in the balance, and organizations must struggle between expediency and the bottom line.
Day 2 - Keynote3:45 pm - 4:35 pm
This presentation will provide a basic overview of the mechanics of how various cryptocurrency and and blockchain technologies fundamentally work, and the role it plays in emerging cyber-enabled crimes such as Ransomware and Business Email Compromises (BEC).
Summit Final Closing Session
Solutions Showcase is Open until 6:00pm ET
Registration has closed for this conference
You must successfully register to access this event. Registered attendees will receive their login credentials via email when the event opens at 8AM ET on August 19th. Please be sure Data Connectors is on your email whitelist!