welcome / introductions8:50 am - 8:55 am
Data Connectors is proud to host the Phoenix Virtual Cybersecurity Summit.
Session One8:55 am - 9:15 am
The Evolution of Ransomware:
One constant truth Sophos has found over our 30 years of creating effective defenses against ever-changing threats: there is no silver bullet in security. Solutions need to evolve and adapt to new and emerging threats all the time. When it comes to ransomware, the same rules apply. Bad actors are finding ways to exploit your organization’s weaknesses and their bag of tricks is continuously growing. You need an adaptive approach to keep up and defend your organization. Join our experts as they discuss ways you can navigate the dangerous waters where bad actors lurk.
With over 22 years of experience in IT Infrastructure/Security & training, Brian currently is a Senior Solutions Engineer at Sophos. Throughout his career, he has been an IT/MSP small business owner, a technology trainer involved with startups and more recently an enterprise WAN Infrastructure Manager & Project Manager at the VA.
Brian will bring his experience working with organizations all over the greater Florida area, and talk about how new developments have impacted the way those firms interdict ransomware.
Session Two9:15 am - 9:35 am
Risk Management – Insights in a World Gone Crazy
Join Phil Richards, CISO for Ivanti, as we discuss key concepts and strategies for Risk Management. A few of the questions to be addressed in this session include: Is risk always a bad thing? How do you categorize risk according to your company’s objectives? Do data breaches really impact the big companies? What are the steps to recognizing, assessing and managing risk? The answers to these and many other questions will be discussed in this very important and timely session.
Phil has both breadth and depth of security experience. He currently works as the Chief Information Security Officer for Ivanti. He has held other senior security positions including the head of operational security for a medical manufacturing corporation, Chief Security Officer for financial services technology (FinTech) company, and Engineering Director at a regional healthcare corporation. In his security leadership roles, he has created and implemented information security policies based on industry standards. He has led organizations to clean PCI DSS and HIPAA compliance attestations, implemented security awareness training, and established a comprehensive compliance security audit framework based on industry standards. He has led Ivanti through their most recent FedRAMP authorization process. He has implemented global privacy policies, including addressing privacy issues in the European Union. Transforming an organization requires focus on the objectives, clear communication, and constant coordination with executive leadership, which is exactly what Phil has focused on during his security career.
session three9:35 am - 9:55 am
Cybercrime, Inc. The Business of the Dark Web
The Dark Web is growing at an exponential rate, with hackers doubling down on cybercrime-as-a-service – allowing non-traditional and unskilled hackers to wreak havoc in ways previously impossible. Criminals don’t have to be skilled to get your data; they just have to hire someone who is.
The webinar aims to expose the inner workings and business of the cyber underground, focusing on the following:
Cryptocurrency – the impact digital currency has had on the rate of growth of cybercrime
Cybercrime-as-a-service – the expansion of services offered by skilled hackers & for low costs
Money laundering & money mules – ways criminals are skirting around laws/regulations to get paid
How businesses can protect themselves from all levels of cybercriminals; emphasis on the importance of investing in proactive threat hunting
Michael Mayes is a senior writer and researcher at Armor in Richardson, Texas. His career in technology communications includes work with the Human Genome Project, handheld software during the Palm and Pocket PC era, blockchain development, and cybersecurity. He began his research in black markets in 2013 during a PhD year in professional and technical writing at the University of Memphis where he wrote on the early days of Bitcoin and its defining proof of concept, the Silk Road.
Session Four10:20 am - 10:40 am
Get Rich Quick with Ransomware: A Lazy Hacker’s Perspective for Enterprises
Think Ransomware isn’t for you? In this enlightening talk, Gil Azrielant, co-founder of Axis Security, will quickly discuss the business opportunities, the technologies, the industry and the mechanics that attract hackers to ransomware. In the process Gil will reveal how some enterprises can use new technologies to defend themselves against attack.
Gil Azrielant is co-founder and CTO of Axis Security. Gil is responsible for technology strategy and the development of the company’s cloud-based zero-trust application access platform. Prior to joining Axis Security, Gil was co-founder & CTO of Cool Cousin, a cloud-based platform for travelers looking to unlock outstanding travel experiences.
Gil’s cybersecurity career began in the elite Unit 8200 of the Israeli Army Intelligence Corps, where he worked on advanced cyber security and code decryption. He served five years inside this elite unit, working as a researcher and team leader.
Gil holds a Bachelor of Science degree in Computer Science and graduated magna cum laude from IDC Herzliya, one of Israel’s leading academic institutions.
session five10:40 am - 11:00 am
The Last Line of Defense:
The Importance of having a robust and comprehensive Data Protection strategy
Data protection is experiencing a resurgence. Historically its been seen as an innovation backwater and as “insurance”, but with the growth of ransomware and cyber crime, and increasing risk, organisations are having to modernize their data protection architectures and strategies to ensure that data can be recovered quickly to ensure that an Organisation can survive an attack. Join this session to learn about the latest innovations in the data protection space and how they can be deployed to provide a comprehensive last line of defence.
David joined Pure Storage in October 2018 as the Rapid Restore Solutions Director and is responsible for the Rapid Restore solutions road map, working with our Data Protection partners (Veritas, Veeam, CommVault & Rubrik) and making sure the Pure sales field have all the tools and enablement they need to be successful. Previously, David spent a year at Amazon Web Services building a competitive team to work directly with Amazon’s sellers and customers. Before that David spent 17 years at Veritas Technologies in a number of roles – SE, SE Manager and later was responsible for building a Competitive Intelligence team. He left Veritas as the Director of Competitive and Market Intelligence in 2017.
session six11:00 am - 11:20 am
Stopping Attacker Movement Before They Reach Crown Jewels
During a normal workday, credentials and connections proliferate within a network. Once inside, attackers use Mimikatz and other attack tools to automate and accelerate credential harvesting, network discovery, and privilege escalation. Until now, defenders have lacked the ability to get ahead of this process. Identifying and removing excess, high-risk, and rogue connections has been a manual effort and impossible to scale. The giant, sudden transition by millions of employees to working from home has only made the attack surface even more volatile.
In this webinar, we examine the various ways to deprive attackers of what they need to move laterally in your network by identifying and removing the riskiest pathways that lead to your crown jewels including:
- How normal business activity creates dangerous opportunities for malicious lateral movement
- The cyber hygiene functions needed to harden the network against modern APT attacks
- How continuous visibility into your attack surface can augment other core security functions, such as privileged access management (PAM) and vulnerability management
Wade Lance has been productizing new technologies in education, healthcare and information security for over 20 years. He has diverse experience in solution design for global 1000 cyber security teams, with an extensive background in advanced cyber-attack detection, and a specialty in cyber deception methods and platforms
Prior to his career in information technology, Lance was a professional mountain guide. As Program Director at Appalachian Mountaineering he developed a new method for technical rock and ice climbing instruction that is still used today to teach advanced skills for the most dangerous environments.
morning q&a session11:20 am - 11:45 am
This session will feature all of the presenters from the morning agenda, answering questions from the audience live via video, in a panel format. Each presenter will take questions that pertain to their topic, and if there is time, they will also respond to a few questions about larger trends and directions that face all members of the cyber-security community.
Lunch Break11:45 am - 12:10 pm
Lunch / Solutions Showcase Open
Keynote12:10 pm - 1:00 pm
The U.S. Secret Service will discuss their role in defending our critical financial infrastructure, and also discuss the USSS’s role in responding to financial threats during the COVID 19 virus.
session seven1:00 pm - 1:20 pm
About Sherpa Software
Sherpa Software is the cost-effective solution for information security, data governance, GDPR/California Consumer Privacy Act (CCPA), and eDiscovery compliance. Our SaaS platform, Altitude IG, is the first step in cybersecurity: it is scalable, affordable data governance and eDiscovery software that provides complete transparency and visibility into your unstructured data, including on all local workstations.
Session Eight1:20 pm - 1:40 pm
Identity and Access Management: Embracing the complexity
Admittedly, IAM can be intimidating. Ensuring company assets are being accessed only by those who are authorized is a crucial, non-trivial task but we should embrace the challenge. In this session we will discuss the complexities of IAM by reviewing what digital identity really is, and what challenges exist when implementing access management controls. We will discuss a typical IAM use-case and how we can embrace its complexities while avoiding the need for large architectural changes.
Matthew Marji is a Senior Product Security engineer for Auth0, an identity platform for application builders. He possesses the natural ability to simplify difficult security concepts; empowering the engineering teams he works with to build secure applications. In his free time, he lifts weights, enjoys espresso, and reads the OAuth2 RFC.
session ten2:25 pm - 2:45 pm
Introduction to Risk-Based Vulnerability Management
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.
But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.
Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:
- Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
- Details the findings on how risk-based is the way to get ahead in vulnerability management
- Lays out several factors that drive better remediation performance
- Provides steps for setting up a successful risk-based vulnerability management program
Ed Bellis is a security industry veteran and expert and known in security circles as “the father of risk-based vulnerability management.” He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats.
Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dharma and former advisor to SecurityScoreboard.com and Society of Payment Security Professionals. Ed is a contributing author to the book, Beautiful Security (Oram, Andy & Viega, John, O’Reilly Media, 2009).
He is a frequent speaker at industry conferences. Recent engagements include the 2017 Enterprise Security Summit (Dos and Don’ts of Establishing Metrics that Cultivate Real Security) and InfoSec World (Amateur Hour: Why APT’s Are the Least of Your Worries).
session eleven2:45 pm - 3:05 pm
Building Cyber Resilience: Finding Factors not Fault
Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of corporate security, or worse, bury the true causes of incidents and lead to repeated data breaches or business disrupting cyber incidents. In this session, we will explore real-world incidents and threats to assemble an actionable cyber resilience framework that adapts to distributed assets, remote workers, and virtual workloads.
As a member of the LegalSec Council with the International Legal Technology Association (ILTA), Mark Sangster is a cybersecurity evangelist who has spent significant time researching and speaking to peripheral factors influencing the way that legal firms integrate cybersecurity into their day-to-day operations. In addition to his passion for cybersecurity, Mark’s 20-year sales and marketing career was established with industry giants like Intel Corporation, BlackBerry, and Cisco Systems. Mark’s experience unites a strong technical aptitude and an intuitive understanding of regulatory agencies. During his time at BlackBerry, Mark worked on the first secure devices for government agencies. Since then, he has continued to build mutually beneficial relationships with regulatory agencies in key sectors. Mark holds a Bachelor’s degree in Psychology from the University of Western Ontario and a Business Diploma from Humber College.
session twelve3:05 pm - 3:30 pm
Your CEO is Not Your CEO! How to defend against email fraud
Email fraud leads to two main threats- one is Business Email Compromise (BEC) where attackers pretend to be you; the other one is Email Account Compromise (EAC) where attackers actually become you. BEC/EAC scams have cost the victimized businesses over $26 billion since 2016. What they have in common is that they both target people. They both rely on social engineering and are designed to solicit fraudulent wire transfers or payment. Unlike malware attacks, BEC and EAC don’t typically include detectable malicious payload. These types of threats can be hard to recognize because to the target these business requests sent by the impostors seem very routine and reasonable.
Join our session and learn about:
- What is BEC and EAC? And how do they work?
- What are the common attack tactics regarding this new form of email threats?
- Best practices to defend against BEC and EAC
Denis Ryan is Senior Director, Email Fraud for Proofpoint, Inc. Previously, Denis held management positions at several well-known high-tech companies including Nominum (now part of Akamai), Tellabs (now Coriant), Verizon and IBM. As a sales leader of the fastest growing business unit in Proofpoint, Denis oversaw the go to market sales and sales engineering strategy post the Return Path business unit acquisition. The diverse background of IT and security solutions allows Denis to overlay the Proofpoint sales efforts in multiple verticals, most notably Healthcare as Proofpoint has ramped this specialized team to improve email authentication practices. He resides in the Dallas-Fort Worth metroplex, mentors undergraduates for his alma mater (University of Dallas) and volunteers his time for various local charities.
Afternoon Q&A session3:30 pm - 4:00 pm
This session will feature all of the presenters from the afternoon agenda, answering questions from the audience live via video, in a panel format. Each presenter will take questions that pertain to their topic, and if there is time, they will also respond to a few questions about larger trends and directions that face all members of the cyber-security community.
ciso panel4:10 pm - 5:00 pm
closing session + prize drawing
Solutions Showcase Open until 6:00 pm