Kickoff and Welcome
Preview Available
Identification: 1786703
Speaker(s):Keynote - Defend Today, Secure Tomorrow
Preview Available
Identification: 1786819
Chris Krebs calls it like he sees it, covering serious and timely issues with relatable stories, surprising insights, a little bit of paranoia, and a touch of humor. His engaging style and extensive expertise brings the audience along for the ride on emerging national security events, from the rise of ransomware, defending elections, major cyber attacks, and the growing challenges of disinformation. Krebs translates complex technology, business, and societal issues into straightforward and understandable terms, leaving audiences with actionable insights into how organizations can become more resilient and how leaders in any line of business can be more prepared for today's and tomorrow's threats.
Speaker(s):Teamwork: Law Enforcement, the FBI, and You
Preview Available
Identification: 1778696
With the frequency of incidents and breaches on the rise, you may be in a situation where you need assistance… but who do you call? Do you need law enforcement support? The Federal Bureau of Investigation? Exactly where should you start? How should you work with them? What steps do you need to take to protect your organization and the evidence? In this session, FBI representatives from the FBI Tampa Division, who focus on crimes such as BEC and ransomware, will share their insights and real-life stories on when to bring in law enforcement, how to work with them and how to make vital pre-incident connections. Learn from and about cybersecurity professionals at the FBI and how they help secure and defend the country.
Learning Objectives:Measuring Security Effectiveness
Preview Available
Identification: 1778680
How do you measure the effectiveness of security? In 2016, we established a security function within software engineering. Taking a software engineering approach to security, we created testing services, hired developers to build tools, conducted secure code reviews and created our AppSec training program. In 2020, we challenged ourselves to evaluate the effectiveness of our program by analyzing the impact of our team’s services on pen-test findings. A three-month data analysis found that development teams working with us fixed their pen-test findings faster and had significantly fewer new pen-test findings than teams we didn’t work with. In this talk, we will share the specific application security practices that led to these improved outcomes, and how we adjusted our services in response to our findings.
Learning Objectives:The Map and the Territory: MITRE ATT&CK In Theory and Practice
Preview Available
Identification: 1778681
Cybersecurity practitioners have often drawn insights and ideas from other domains, relying on their insights, adopting their maxims and terminology. Sun Tzu famously wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Carl Linneaus is credited with developing the standard taxonomy for naming organisms. Only recently, however, has our industry begun to effectively apply the synthesis of such ideas. The MITRE ATT&CK Framework, publicly released in 2015, has been growing in scope and influence, but it is not the first of its kind. How does it compare with its predecessors in improving our understanding of adversary behavior and our defenses? This talk describes key concepts and goals of MITRE ATT&CK to help support successful implementations.
Learning Objectives:Red Teaming with Dark Web and GitHub PoC Exploits
Preview Available
Identification: 1778544
Examined is a collection of open source tools that are used in an authorized red team engagement of a cloud-native Kubernetes cluster environment to discover application security defects. Our collection of dark web and GitHub proof-of-concept (PoC) tools provide a red team with an advanced adversarial advantage over traditional commercial tooling across all stages of an engagement. We report the results in relation to our understanding of the cloud shared responsibility model as it applies to IaaS, PaaS, and SaaS. Several flaw discovery and exploit tools with be demonstrated to show their utility. We explore how CVEs are weaponized on the internet and how having red team a-priori knowledge of them can help organizations create defense-in-depth mitigating controls.
Learning Objectives:How to make Black Swans extinct and why ISO31000 is the weapon of choice
Preview Available
Identification: 1778558
We lack an agreed definition for cybersecurity and even worse, despite an international risk management standard endorsed by more than 160 nations, our profession uses multiple differing security risk management frameworks. If every employer, client and supplier has a different view of risk management, how can we expect to keep up with the bad guys, let alone beat them consistently? Even if your cybersecurity framework is best in the world, we all need to be in alignment. When 100 security professionals developed the Security Risk Management Body Of Knowledge, we integrated best practice from around the world. And it started with the ISO31000 Risk Management Guideline. This presentation is about applying ISO31000 principles, framework and process in the real cybersecurity world, and in the internet of things.
Learning Objectives:Human Security Engineering: A Strategy to Address "The User Problem"
Preview Available
Identification: 1778566
When users make a harmful action, cybersecurity professionals believe that the solution is more awareness. This is like saying that if a canary dies in a coalmine, the solution is healthier canaries. When the user fails, it is a failure of the entire system. The problem is not that users cause a loss, but that they can potentially initiate a loss. The solution is to engineer the user out of the process, or at least filter out an attack. When a user is in the position of possibly initiating a loss, you create a user experience and provide awareness to avoid initiating a loss. You anticipate the loss being initiated and put detection and reaction in place. We call this Human Security Engineering.
Learning Objectives:Introducing Law, Regulation and its Increasing Intersections with Information Security
Preview Available
Identification: 1778578
Law and regulation are of increasing importance for information security programs and professionals. Cybersecurity risks are directly tied to legal and regulatory risk. This presentation provides a foundational knowledge of law and the specific laws applicable to cybersecurity programs. It demystifies and explains important legal concepts as well as the evolution of law and regulation applicable to cybercrime and cybersecurity. All of this empowers infosec pros to understand and comply with the growing body of legal rules, and have productive conversations about the law.
Learning Objectives:Just How Far Can We Trust ‘Zero Trust’
Preview Available
Identification: 1778586
SolarWinds and other recent cybersecurity events have brought renewed attention on zero trust architectures (ZTAs), and whether ZTAs can be a single solution to current and future threats. Organizations have become dependent on an ever-increasing number of third-party providers who do a greater percentage of overall services. Cybersecurity threat exposure is further complicated by the sage of cloud service providers, remote workers, Internet of Things (IoT) and Bring Your Own Device (BYOD). It is recognized that ZTA can be "a solution," but is it "the solution" for cybersecurity challenges of today and tomorrow? Organizations that partially or fully shift to ZTA need to understand the impacts to cybersecurity, and also the impacts to programmatics, organizational structures, financials and missions.
Learning Objectives: