Risky Business – New Enterprise Normal

An attacker can secretly hide in a network collecting data and obtaining login credentials that will allow further access to your IT framework.

Should they elude detection and launch an attack, many organizations lack the advanced detection skills needed to remove those threats from the network. Threat hunting is one answer to this invasive issue.

Attend this session to learn the latest information on threat hunting for networks, endpoints, and datasets.

You will also learn:

• Specific techniques companies are using to build scalable threat hunting programs
• How emerging industry trends affect threat detection
• Ways companies are uncovering malicious, suspicious, or risky activities that have evaded detection by existing tools
• How a threat hunt is conducted and the most common attack types

Matthew Russett

Threat Hunter & Content Engineer

Multi-Billion Dollar Defense Contractor

“Software is eating the world” is a common refrain describing the oversized influence software has in how we run our businesses. Third party software usage is on the rise, accelerated by WFH initiatives and digital transformation to application development demands.  This has resulted in the challenge for many organizations to uncover and manage the inherent risk that this code introduces.

Vince Arneja, Chief Product Officer at GrammaTech, share his insights into how to uncover and understand the risk of third party software within the software supply chain.

You’ll learn:

• How to analyze the risk or vulnerabilities that may be introduced if an institution were to deploy COTS products like video conferencing throughout all of the employees’ devices in an organization
• Why you should extend the FOSS process to scan for non-source code libraries or binaries being brought into applications by your developers
• Ways to identify vulnerabilities in third party software or purchased libraries while creating a software bill of materials

Vince Arneja

Chief Product Officer

GrammaTech

The role of Chief Information Security Officer (CISO) is evolving. Both managerial and strategic leaders, CISOs are increasingly tasked with molding an innovative, security-minded company culture.

During this panel discussion, senior cybersecurity professionals will weigh in on their most pressing issues, goals, objectives, and priorities, and discuss:

• How the perceptions and realities of their role are changing
• How CISOs are better aligning their roles with business goals and objectives
• The latest challenges CISOs face and how these challenges take them beyond the traditional CISO role
• What CISO roles will look like in the future

Moderator:

Sajed Naseem

Chief Information Security Officer, Former

New Jersey Judiciary

Panelists:

Melissa Bendana

Sr. Global GRC Cybersecurity & TPRM Leader

Hitachi Vantara

Keith Tresh

Chief Information Security Officer

The State of Idaho

Configuring applications based on the container in which they will run to keep interactions between containers secure is a best practice. However, with containers and container orchestration technologies like Docker and Kubernetes, there can be a lot of buzzwords that obscure what’s going on from a security standpoint.

Attend this session to learn more about the technical underpinning of how containers operate, and:

• Some of the common security pitfalls in both Docker and Kubernetes
• Why they’re essentially Remote Code Execution as a service
• How to avoid the most common mistakes in deploying and securing containers

Rory McCune

Cloud Native Security Advocate

Aqua Security

Social engineering attacks, impersonation, phishing, email/domain spoofing! Email security alone could be a full-time endeavor for cybersecurity professionals.

As attacks become more frequent, it is essential that cybersecurity teams understand the latest tools, processes and strategies for email security.

Attend this session to learn trends and solutions for email security, and;

• How to maximize existing security controls, capabilities, and investments for email security
• What’s new in tactics and strategies for protecting email servers
• The age old ‘Zero Trust’ question and email access
• How companies are using cyber AI to reduce email vulnerabilities

Sujeet Bambawale

Chief Information Security Officer

7-Eleven

The deluge of cyber-attacks (Solarwinds, Colonial Pipeline, etc.) earlier this year forced the US Cybersecurity and Infrastructure Security Agency (CISA) to come up with new methods for securing cloud instances. This rapid advancement of incidents and new federal focus on cloud-related security should give every cybersecurity leader pause.

The powerful technological capabilities and popularity of cloud computing/storage comes with a slew of issues related to managing visibility, access, and risk.

Attend this panel to learn how organizations are improving cloud security, eliminating risky misconfigurations, and:

• Addressing multi-cloud visibility
• Managing the multi-tier issues surround cloud access
• Common types of attacks targeting cloud infrastructure platforms
• Identifying and addressing cloud threats and vulnerabilities
• Detecting cloud-related misconfigurations to reduce the overall attack surface

Moderator:

Sajed Naseem

Chief Information Security Officer, Former

New Jersey Judiciary

Panelists:

Partha Chakraborty

Head of Enterprise Security Architecture, Engineering and Innovation

Humana

Micah Czigan

Chief Information Security Officer

Georgetown University