Data Connectors is proud to host the Salt Lake City / Denver Virtual Cybersecurity Summit.

Times for this Event are in Mountain Standard Time (MST)

A new Spin on Securing Active Directory

CISOs, Penetration Testers, and Incident Responders all agree that Active Directory is a primary target for attackers. So why isn’t AD defended more effectively? Join us in this session to learn who is attacking AD, why AD Security has traditionally been so difficult, and some groundbreaking new techniques for securing Active Directory.

Speaker’s Bio:

Tom Atkins is a veteran Information Security professional with over 25 years of experience. Tom specializes in guiding young technology companies successfully into new markets. He works closely with leading companies to identify and resolve their core security challenges. At FireEye, he was the first customer-facing employee for the East Coast and at OpenDNS held a similar role building the Enterprise sales organization and strategy and managing the transition through the acquisition by Cisco in 2015. Tom is currently leading the East sales team for Attivo Networks, the leading deception company in the market.

Your Ransomware Hostage Rescue Guide

Ransomware attacks are on the rise and are estimated to cost global organizations $20 billion. As ransomware attacks become more targeted and more damaging, your organization faces increased risk that can leave your networks down for days or even weeks. So, how can your organization avoid getting held hostage? 

Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he looks at concerning features of new ransomware strains, provides actionable info that you need to prevent infections, and gives you tips on what to do when you are hit with ransomware.

In this webcast we will cover:

• What new scary ransomware strains are in the wild
• Am I infected?
• I’m infected, now what?
• Proven methods of protecting your organization
• How to create your human firewall

Don’t get held hostage by ransomware and become a statistic!

Speaker’s Bio:

Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. He has managed the technical integration and functional testing of multi-million-dollar enterprise level technology projects within the Department of Defense, as well as large military security programs. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in the InfoSec industry.

The Last Line of Defense: The Importance of having a robust and comprehensive Data Protection strategy

Data protection is experiencing a resurgence. Historically it’s been seen as an innovation backwater and as “insurance”, but with the growth of Ransomware and cybercrime, and increasing risk, organizations are having to modernize their data protection architectures and strategies to ensure that data can be recovered quickly to ensure that an Organization can survive an attack. Join this session to learn about the latest innovations in the data protection space and how they can be deployed to provide a comprehensive last line of defense.

Speaker’s Bio:

David joined Pure Storage in October 2018 as the Rapid Restore Solutions Director and is responsible for the Rapid Restore solutions roadmap, working with our Data Protection partners (Veritas, Veeam, CommVault & Rubrik) and making sure the Pure sales field has all the tools and enablement they need to be successful.

Previously, David spent a year at Amazon Web Services building a competitive team to work directly with Amazon’s sellers and customers. Before that David spent 17 years at Veritas Technologies in a number of roles – SE, SE Manager and later was responsible for building a Competitive Intelligence team. He left Veritas as the Director of Competitive and Market Intelligence in 2017.

Cyber Resilience: Rethinking your data protection strategy in the age of ransomware.

Ransomware threats increased by 300% last year, and the industry is expecting it to get worse. Ransomware victims’ greatest pains are downtime and data loss. Current DR and Backup solutions aren’t equipped to help you manage it at the speed of business. Join us for this discussion on how to transform your data protection approach to ensure you can protect your data and resume operations almost instantly when facing a ransomware attack. See you there!

Speaker’s Bio:

Andy Fernandez is a Global Product Manager at Zerto. With a focus on product marketing and launches, he strives to translate technical innovation to business value. After spending years in various technology companies and entrepreneurship pursuits, Andy is focused on launching industry-leading products and accelerating their adoption.

2021 Trends & Directions

What will define cybersecurity in 2021?  What carries over from 2020?

Risk comes from all angles in 2020 users, vendors, partners, systems.  In this panel, we will discuss some of the many facets encountered by security leaders in organizations of all sizes, with particular focus to the threat landscape seen across the continent.

Obviously, COVID and the associated rush to work-from-home played a big part. Beyond that, what are the key cybersecurity trends we need to watch out for in 2021?

Introduction to Risk-Based Vulnerability Management

Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.

But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.

Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:

• Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
• Details the findings on how risk-based is the way to get ahead in vulnerability management
• Lays out several factors that drive better remediation performance
• Provides steps for setting up a successful risk-based vulnerability management program

Speaker’s Bio:

Ed Bellis is a security industry veteran and expert and known in security circles as “the father of risk-based vulnerability management.” He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats.

Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dharma and former advisor to SecurityScoreboard.com and Society of Payment Security Professionals. Ed is a contributing author to the book, Beautiful Security (Oram, Andy & Viega, John, O’Reilly Media, 2009).

He is a frequent speaker at industry conferences. Recent engagements include the 2017 Enterprise Security Summit (Dos and Don’ts of Establishing Metrics that Cultivate Real Security) and InfoSec World (Amateur Hour: Why APT’s Are the Least of Your Worries). RSA, BlackHat, SecTor, BSides, Metricon, and more.

The Cloud Requires an Evolution Beyond the Secure Email Gateway

Cloud email requires a new approach to security. If your corporate email relies on Microsoft or Google, you may have deployed (or are considering) a Secure Email Gateway (SEG). Originally designed as a perimeter solution for on-premise email, you should ask these questions:

• Why do you disable the native security in our platform?
• How can my configuration allow attackers to bypass the gateway?
• How do we block insider email attacks?
• How can we quarantine a compromised account?
• How can we prevent Business Email Compromise (BEC) or impersonation email attacks?

Our cloud security expert Jeff will explain where an SEG approach falls short protecting cloud-hosted email. Touch upon fundamental architectural weaknesses of a proxy design, and arm attendees to help them make smart decisions to protect their users.

Speaker’s Bio:

Jeff Raymond is a Seattle, WA based Cloud Security Engineer at Avanan. While working for companies ranging from security giants to start-ups, he has found his passion in protecting organizations from phishing attacks and securing their cloud applications. Outside of work, he can be found snowboarding or wake surfing (depending on the season) or geeking out in his home lab.

Lunch / Solutions Showcase open

CISA Briefing – Emergency Directive 21-01: SolarWinds Supply Chain Compromise

• Previous Supply Chain Compromises
• Timeline of Significant Events
• National Cyber Incident Response Plan in Action
• Public / Private Partnerships during Cyber IR
• Adversary Targeting Cyber Incident Responders
• What to take away moving forward
• CISA Cybersecurity Service Offerings Overview

Cybersecurity and Infrastructure Security Agency (CISA)

The Cybersecurity and Infrastructure Security Agency (CISA) is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating with industry to build more secure and resilient infrastructure for the future. CISA is at the heart of mobilizing a collective defense as we lead the Nation’s efforts to understand and manage risk to our critical infrastructure. Our partners in this mission span the public and private sectors. Programs and services, we provide are driven by our comprehensive understanding of the risk environment and the corresponding needs identified by our stakeholders. We seek to help organizations better manage risk and increase resilience using all available resources, whether provided by the Federal Government, commercial vendors, or their own capabilities.

Speaker’s Bio:

Dave currently serves as the one of the Cybersecurity Advisors within region VIII with Rick Gardner. Rick primarily covers UT, WYO, and Montana while Dave has CO, SD, and ND. The CISA Cybersecurity Advisor program includes promoting cyber resilience with public and private sectors partners through various engagements and performing risk and resilience-based assessments. Mr. Sonheim began his federal career in 2002 with DoD in the Information Management Directorate for the COLO National Guard G6 office. Serving as the Deputy CIO for the last seven years at the agency. As part of his connection to the National Guard he is also an actively drilling National Guard Officer with over 25yrs of service. His current role is the Defensive Cyber Operations Team Chief where he runs the Cyber incident response Blue team. He served as the TF Cyber Commander for the CDOT SamSam ransomware event in 2018. Early in 2019 Mr. Sonheim transitioned to DHS/CISA in his current role as a CSA for region VIII.

Building Cyber Resilience: Finding Factors not Fault

Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of corporate security, or worse, bury the true causes of incidents and lead to repeated data breaches or business disrupting cyber incidents. In this session, we will explore real-world incidents and threats to assemble an actionable cyber resilience framework that adapts to distributed assets, remote workers, and virtual workloads.

Speaker’s Bio:

Mark Sangster is the author of NO SAFE HARBOR: The Inside Truth About Cybercrime and How to Protect Your Business. He is an award-winning speaker at international conferences and prestigious stages including the Harvard Law School and RSAConference, and author on various subjects related to cybersecurity. His thought provoking work and perspective on shifting risk trends has influenced industry thought leader, and is a go-to subject matter expert for leading publications and media outlets including the Wall Street Journal when covering major data breach events.

Institutionalizing Incident Response

The 3 keys for incident response are risk reduction, crisis preparation, and communication. Listen as Cloudflare CSO Joe Sullivan shares his thoughts on how security leaders can implement incident response in their organizations.

Speaker’s Bio:

Joe Sullivan, SVP, Chief Security Officer, joined Cloudflare as its first CSO in 2018. Previously, he was the CSO at Uber and Facebook, and held security and legal roles at eBay and PayPal. Joe also served with the U.S. Department of Justice as a prosecutor in the Silicon Valley U.S. Attorney’s Office, where he was focused on technology-related crimes. In 2016, he served on President Obama’s Commission on Enhancing National Cybersecurity. Joe works with several organizations that promote Internet safety and security and has been an active investor and advisor to technology start-ups.

Identity & Users

The 2000’s view of “perimeter” in terms of security conjures up an analogy about castles and moats… but today, the question is, where is the moat? As we turbo-charged Work From Home this year, and BYOD is just a way of life – have your Identity and Access Management practices kept-up?

Ramping up with FedRAMP– Best practices using real-world examples for your compliance projects

So many acronyms such little time – FISMA, FedRAMP, OBM, 3PAO – you may have heard these acronyms uttered in the same sentence, but at the end of the day, what compliance standards and controls are required when an organization intends to do business with Federal agencies and institutions? 

In this session, Cynthia Burke, compliance expert from Capsule8, will give a high level overview of the Federal Risk and Authorization Management Program (FedRAMP) landscape and will discuss some of the challenges of and best practices for FedRAMP compliance using specific case study examples to help guide you and your team up the compliance hill with FedRAMP.

Speaker’s Bio:

Cynthia is Capsule8’s resident compliance expert and brings more than 15 years of IT and program-manager experience to the company as Compliance Manager. She gets projects across the finish line-collaborating across the company with engineers, product managers, marketing, and the executive team to keep things on track and deliver value to Capsule8’s customers. Prior to joining Capsule8, Cynthia was an assistant director and program manager with KPMG‘s international audit division-leading projects to develop KPMGs audit-collaboration tools. Prior to KPMG, Cynthia was responsible for implementing compliance controls across all IT disciplines for large bank, developing and executing a three-year IT strategy for the financial institution. Outside of work, Cynthia is an avid gardener.

Challenges of cloud: How it makes an already difficult situation even harder

Cloud adoption is accelerating dramatically and extending many new benefits to organizations, but at the same time introducing many new challenges. This is especially true at the database security level, as the Cloud introduces a long list of new concerns: New database types (Yugabyte ?), more dynamic environments, no agents allowed, multicloud/hybrid and many others. This session will focus on better understanding these challenges and highlight strategies for incorporating Cloud into your data security model while introducing new capabilities and efficiencies.

Speaker’s Bio:

Marc has been in security for over twenty years. Working with network security, database security, identity access, as well as cybersecurity products over his career. Currently working for Imperva focusing on data access monitoring and security.

Intro to MITRE ATT&CK for Assessing and Mitigating Risk

The MITRE ATT&CK framework has been growing dramatically in both popularity and scope in recent years. Their adversary emulation planning, evaluations, and matrices can offer great value to businesses as they assess their risk and plan their defense strategies. However, it is often difficult for organizations to know where to begin, especially when every business has unique constraints, assets, and threats to manage. This talk offers pragmatic guidance on how any organization can begin using MITRE ATT&CK for a personalized assessment and mitigation.

Speaker’s Bio:

Dan Petrillo is the Director of Security Strategy for Morphisec. Dan’s years of experience in cybersecurity strategy began when he was the Product Manager for an Industrial IoT company that needed to figure out a way to secure the IoT devices and software that remotely controlled the lighting and machinery for manufacturing facilities. This eventually led him to work for Cybereason just before taking his current position with Morphisec. Dan attended Northeastern University for his bachelor of science degree in Electrical Engineering.