Reset

Advanced Filters
11:00am - 12:00pm EDT - October 18, 2021

Monday
11:00am - 12:00pm EDT - October 18, 2021 | Room: V1000- Owen Meldrum
Track: Zero Trust
Tags: Basic
Credits Available:
1.00 CPE
SolarWinds and other recent cybersecurity events have brought renewed attention on zero trust architectures (ZTAs), and whether ZTAs can be a single solution to current and future threats. Organizations have become dependent on an ever-increasing number of third-party providers who do a greater percentage of overall services. Cybersecurity threat exposure is further complicated by the sage of cloud service providers, remote workers, Internet of Things (IoT) and Bring Your Own Device (BYOD). It is recognized that ZTA can be "a solution," but is it "the solution" for cybersecurity challenges of today and tomorrow? Organizations that partially or fully shift to ZTA need to understand the impacts to cybersecurity, and also the impacts to programmatics, organizational structures, financials and missions.


Objectives:
  • Understand the impact Zero Trust Architectures (ZTAs) have on an organization's cybersecurity posture and related organization changes.
  • Conduct assessments of the impact of ZTA and other solutions that may be layered to achieve organization cybersecurity goals.
  • Quantify and prioritize the attributes of ZTA and recognize the problems they address and the common gaps that remain.
Monday
11:00am - 12:00pm EDT - October 18, 2021 | Room: V1200-Craig Ciccolella
Track: InclusionREADY
Tags: Basic
Credits Available:
1.00 CPE
The shortage in skilled cybersecurity workers is well documented. Conventional wisdom suggests that the shortage was historically related to low unemployment in developed nations. However, the increased spike in unemployment due to the Covid-19 pandemic put this idea to rest. As such, it is critical to consider why the information security industry is simply unable to recruit enough men and women to meet global demand, identified by the (ISC)2 Cyber Security Workforce Study at more than 3 million needed today. This presentation will consider some of the potential causes for the skills shortage, what the opportunities look like and what we as cybersecurity professionals can do to create a more positive vision of our industry to attract the best and brightest to the field.


Objectives:
  • Understand some of the perceptions and stereotypes related to cybersecurity careers by those not in the industry, and appreciate how these perceptions inhibit potential interest in a cyber career.
  • Better understand and appreciate the non-technical career options that exist in cybersecurity that will make the field more appealing to personalities that do not consider themselves as analytical / technical in nature.
  • Understand what a cyber career path can and should look like and better appreciate the value of tertiary education, on-the-job experience, vendor accreditations and industry certifications as part of a well-rounded skillset.
Monday
01:00pm - 02:30pm EDT - October 18, 2021 | Room: V200-Atticus Kaiser
Tags: Basic
Credits Available:
1.50 CPE
Join us for (ISC)2 Security Congress Town Hall to learn what’s next for (ISC)² and hear directly from members of the Board of Directors. CEO Clar Rosso will provide a strategic update for our association, including recent accomplishments and milestones, as well as what members can expect in 2022 and beyond. Then, a panel consisting of (ISC)² Board members and management will answer members’ questions about the association, membership, certifications, workforce trends and other cybersecurity issues and challenges facing the profession. Town Hall is open to (ISC)² members and associates, as well as all Security Congress attendees. Featuring: Clar Rosso, CEO, (ISC)² Zachary Tudor, CISSP, Board of Directors Chairperson Lori Ross O'Neil, CISSP Board of Directors Vice Chairperson Dr. Casey Marks, Chief Qualifications Officer, (ISC)²

02:45pm - 03:45pm EDT - October 18, 2021

Monday
02:45pm - 03:45pm EDT - October 18, 2021 | Room: V1000- Owen Meldrum
Track: Privacy
Tags: Basic
Credits Available:
1.00 CPE
This session will use a consumer-centricapproach to address the ethical concerns posed by COVID-19 contact tracing technologies and significant privacy harms due to the collection of sensitive personal information. We will outline the tradeoffs between the sharing of sensitive data to address the crisis and privacy implications due to the re-identifiability risk while responding to public health emergencies during the pandemic.  As we step through the data protection principles challenged while combatting the pandemic, we will consider possibilities for companies, researchers and regulators to recalibrate policies and support sharing of personal information to promote public health initiatives during outbreaks without jeopardizing individual privacy rights and freedom.


Objectives:
  • Understand trade-offs between protecting an individual's sensitive information and the public's right to information during a public health crisis.
  • Evaluate privacy-preserving mechanisms to protect, store and re-purpose geolocation data safely, following the resolution of the pandemic in a privacy-aware manner.
  • Learn possible considerations for managing regulatory compliance during the pandemic between various stakeholders interested in responsible data sharing to support public health response.
Monday
02:45pm - 03:45pm EDT - October 18, 2021 | Room: V700-Jeremy Becker
Track: Threats (Detection/Hunting/Intelligence/Mitigation/Monitoring)
Tags: Basic
Credits Available:
1.00 CPE
Every day companies - massive companies - get hacked. Why? Could it be what the company themselves leak through their own website, through DNS, through their staff. This talk will look at what operations security (OPSEC) is; how knowing your OPSEC can help protect your business, providing practical steps to better understand your leaks and what attackers will use to target you. We'll show real examples of OPSEC mistakes that impact the security of the organization and also show how attackers turn innocuous leaks into targeted attacks. Concluding, we'll outline how to mitigate some of your leaks and limit your exposures. Many of the secrets of the threat intelligence community are achievable yourself using basic open-source intelligence exercises. Get your Google-Fu on this will be fun!


Objectives:
  • Understand what OPSEC is and how that knowledge can benefit an organization and allow it to take practical steps to limit leaks and mitigate some of threats.
  • Make use of the simple tools and techniques provided during this session to start their OPSEC journey.
  • Return to your organization and practically demonstrate to senior staff how their respective organization may be leaking information that an attacker can use.
04:15pm - 05:15pm EDT - October 18, 2021

Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V2100-Sondley Cajuste
Track: Privacy
Tags: Basic
Credits Available:
1.00 CPE
Since EU supervisory authorities began GDPR enforcement, at least 600 companies and government agencies have been punished for privacy and security failures. These failures have resulted in excess of €275 million in fines, plus orders for remediation. Remarkably, only a few GDPR Articles, such as Articles 5 (Principles), 6 (Legal Basis), and 32 (Security) are consistently cited by those authorities. Moreover, in the majority of cases, the failures were attributable to basic privacy and security practices. In this follow up to last year’s presentation, a data protection industry legal veteran will review several new post-mortems, determine what went wrong, and discuss the implications for your security and privacy program.


Objectives:
  • Understand what regulators consider when issuing a GDPR-related penalty.
  • Appreciate the potential costs of mandatory remediation orders.
  • Apply these lessons for California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) compliance.
Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V1400-Brad Lutz
Track: Small/Medium-sized Business Security
Tags: Basic
Credits Available:
1.00 CPE
The recent pandemic has many seeking the outdoors, where we can all learn lessons from any environment. The saguaro cactus is a symbol of strength and perseverance within the harshest elements, just like the sole information security professional in a small / medium business. One must be willing to stand tall and put their experience on the line to help the business to not just know better, but to do better. This can be challenging in an SMB environment where the threats are not always obvious and there may not be clear regulatory requirements. We will share proven methods to encourage strong security practices in an SMB world without getting prickly.


Objectives:
  • Introduce security standards based on the NIST Cyber Security Framework that make sense for small and medium businesses.
  • Identify opportunities to encourage strong security practices and introduce them to the SMB even when they may not be required by regulations.
  • Leverage free materials to provide information security training that helps employees and their families in addition to the business. Security information that applies to both personal and professional life is the most likely to be used and remembered.
Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V1800- Salem Zarou
Track: Human Factors
Tags: Basic
Credits Available:
1.00 CPE

All too often we focus on how to test/train our staff with security awareness. In many cases we start to see a drift toward no trust of anything that comes in. In this discussion we will go over what it takes to train your staff to be security aware without being security afraid. Sometimes it's more than just slapping hands to get them to behave better.



Objectives:
  • Learn about what it means to train your staff versus make them afraid.
  • Learn about failures of security awareness programs.
  • Learn about how to move the ball toward awareness and active participation and away from frozen staff.
Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V200-Atticus Kaiser
Track: InclusionREADY
Tags: Basic
Credits Available:
1.00 CPE
The need for diversity in cybersecurity is firmly established. Diverse perspectives help generate innovative ideas needed to solve the complex problems facing our industry. (ISC)² is deeply committed to advancing diversity, equity and inclusion (DEI) across the cybersecurity industry and in everything we do as an organization. Earlier this year, (ISC)² convened a focus group of diverse professionals working in the cybersecurity industry around the globe who provided first-person accounts of their experiences working in the industry. In this session, we will discuss the findings from that research, as well as have an open discussion with some of the research participants into how we can improve and accelerate diversity, equity and inclusion in the workforce.


Objectives:
  • Provide insight into the experiences of women and people of color in the cybersecurity industry.
  • Offer suggestions on how to create a more inclusive workplace and how to recruit diverse talent.
  • Provide resources for participants to support their organizations in a DEI journey.
10:30am - 11:30am EDT - October 19, 2021

Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V1000- Owen Meldrum
Track: Security Architecture/Engineering
Tags: Basic
Credits Available:
1.00 CPE
Security teams cannot afford to continue utilizing outdated linear project execution practices such as waterfall. A security team that is forced to lock resources into a long running project is not able to effectively respond to major threats and events as they crest the horizon. This talk will focus on FirstBank's journey to and through a Pivotal Security model of Agile-based security projects and tasking. It will cover the genesis, hurdles, growing pains and successes that have been realized by applying Agile principles. FirstBank has been able to boost work throughput and create a process that is flexible enough to pivot to the ever-changing demands and priorities with which our security team is presented. We now go faster and do more work.


Objectives:
  • Identify opportunities in a security program to apply Agile principles to reduce wasted time and resources.
  • Break down security work into manageable chunk,s which will result in a better understanding of what their team is doing and at what velocity.
  • Prioritize the work that really matters to an organization.
Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V700-Jeremy Becker
Track: Cutting Edge
Tags: Basic
Credits Available:
1.00 CPE
...and then it all changed. In the past year many security clients have seen sweeping changes in how their information is protected--ranging from the adoption of strong authentication and new work patterns to accepting Zero Trust environments. Change is occurring at an unprecedented, often unplanned rate. This sudden burst of change has had security staff jumping to find solutions to security issues that were perceived as "off in the future." In this presentation we will look at real-life scenarios and how they were approached in the new workplace of highly distributed workers.


Objectives:
  • Communicate security changes to their office environment.
  • Exemplify technologies that can be adopted to secure a distributed workforce.
  • Discuss remote security tools and practices with senior management.
Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V800-Paul Jackino
Track: DevSecOp
Tags: Basic
Credits Available:
1.00 CPE
DevOps and DevSecOps pipelines are all the rage, and every day there is a seemingly increase in the number of uses of the term DevSecOps. A pure DevSecOps pipeline is ideal, but almost always unrealistic given organization-specific technical or business constraints (i.e., intra-organizational approvals, business cycles and objectives, regulatory approvals). Much like Donald Rumsfeld once said: "You go to war with the army you have, not the army you might want or wish to have at a later time." As leaders of the cybersecurity industry, we need to achieve actionable, high-quality cybersecurity solutions despite organizational imperfections. Automation of the Sec element within DevSecOps requires a delicate balance between speed and security, automation and human awareness, and great and good enough.


Objectives:
  • Define the critical processes and benchmarks involved in various automation approaches to the Sec element of a DevSecOps pipeline.
  • Understand the attributes of a successfully automated (fully automated or man-on-the-loop automated) Sec element of a DevSecOps pipeline, and recognize common attributes of unsuccessful Security automation practices.
  • Appreciate the operational, technical and financial advantages (to cybersecurity staff, projects, organizations, and user communities) of a successfully implemented automated Sec processes within a DevSecOps pipeline.
Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V1200-Craig Ciccolella
Track: InclusionREADY
Tags: Basic
Credits Available:
1.00 CPE
At 25% workforce penetration, women are still underrepresented in cybersecurity. The question is: Why? And what do we do about it? This panel of diverse women at different career stages and varying roles will share their experiences, goals and insights. They will discuss their journey, perspectives and visions for the future for women in cybersecurity. The panelists want to help more women find their way through what continues to be a male-dominant field; to inspire women to join in the opportunities that come with a career in cybersecurity.


Objectives:
  • Understand why various non-technical backgrounds are needed in cybersecurity.
  • Discover how to contribute to a growing field that needs more women.
  • Have conversations about why diversity and inclusion is necessary for a successful cybersecurity program.
Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V2400-Chad Ritter
Track: Governance, Risk & Compliance
Tags: Basic
Credits Available:
1.00 CPE

This session will go over the results of an independently conducted study that explores the relationship between a publicly traded company’s cybersecurity rating, and the performance of its stock price over time. Researchers from the Journal of Cyber Policy monitored security ratings and returns on share prices for companies listed within the S&P 500 index for a period of 52-weeks, and discovered surprising findings. Alex Heid, Chief Research Officer of SecurityScorecard, will discuss the results of the Journal's report, as well as the continously growing interconnected relationship between business risk and cyber risk.



Objectives:
  • Attendees will be given a deep dive into a case study conducted by the Journal of Cyber Policy about the relationship between stock prices and cyber ratings.
  • Attendees will learn about the emergences of new nuances of cyber risk that may directly impact business operations in unexpected ways.
  • Attenees will be armed with new information to put into action for risk management practices.
11:45am - 12:45pm EDT - October 19, 2021

Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V1800- Salem Zarou
Track: Human Factors
Tags: Basic
Credits Available:
1.00 CPE
How did the role of humans change with pandemic? Why do we always say that humans are the weakest link, and why we should start saying the opposite? During these difficult times, it is more than ever evident how humans are important to protecting our networks. This presentation walks the audience through some approaches to engagement and how this knowledge can help attendees protect themselves, their loved ones as well as their organizations. We will explain how attackers' approaches changed during pandemic, and how we should adjust too to defend ourselves in this new situation.


Objectives:
  • Understand how the pandemic changed social engineering attackers' tactics, techniques, and procedures.
  • Understand how to better protect yourself, loved ones and organizations against social engineering attacks.
  • 'Understand the importance of knowing the human threat landscape.
Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V2000-Alex Aarson
Track: Professional & Career Development
Tags: Basic
Credits Available:
1.00 CPE

Cyber organizations struggle to retain cyber talent. Why re-hire blue teams, red teams, CIRT and cyber analysts, if we can forge a team that stays? This case study describes how a 230-person cyber team supporting a major U.S. federal agency developed intrinsically rewarding programs that solidified commitment to a shared mission. Session participants receive guides with actions and flow charts needed to establish CyberLeaders 3.0 leadership development programs. Results: through the cohorts presented to date, our team decreased talent flight by 50% and boosted participation by female cyber professionals (>50%) and underrepresented demographics (>30%). We'll We'll include statistical analysis of program process metrics and outcomes. This CyberLeaders case study decreased cost as well as risk because our experts already know our adversaries.



Objectives:
  • Describe the three key performance indicators that distinguish a successful leadership development program tailored to cyber professionals, as measured by a virtual poll conducted at the start and end of the presentation.
  • Identify the two key ingredients needed to sustain a leadership development program, as measured by a virtual poll conducted pre- and post-presentation.
  • Identify the one unique component that needs to be included in cybersecurity leadership training to make it suitable for the cybersecurity arena, as measured by a virtual poll conducted pre- and post-presentation.
01:45pm - 02:45pm EDT - October 19, 2021

Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V1100-Jon Moody
Track: Mobile/Remote Workforce Security
Tags: Basic
Credits Available:
1.00 CPE
The shift to remote work during the COVID-19 pandemic forced our enterprise security awareness and training (A&T) program into an immediate and rapidly adaptive state in March 2020. Our traditional methods were made ineffective by prohibitions against live engagement and by our workforce being inundated with pandemic messaging. Effective A&T programs must by their nature be continually adaptive. We will present on the forced evolution of our approach, which resulted in a successful – and in many ways improved – strategy. We’ll show how this ultimately resulted in new initiatives, a more engaged community and a surprisingly very clean audit of the program. We’ll demonstrate what worked, what didn’t and why the pandemic actually moved our program to the next maturity level.


Objectives:
  • Identify steps to increase effectiveness of A&T programs.
  • Evolve A&T programs to meet the challenge of remote learners.
  • Structure an A&T program to successfully satisfy auditor assessment.
Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V900- Craig Carpenter
Track: Zero Trust
Tags: Basic
Credits Available:
1.00 CPE
You can learn a lot about cybersecurity best practices from studying honeybees. Organizationally--and operationally--honeybee colonies function a lot like cybersecurity teams. Like cybersecurity organizations, honeybee colonies are interconnected superorganisms. Individuals progress through lifecycle stages while protecting against external--and internal--threats. A honeybee colony’s No. 1 goal is good decision-making to ensure the security and propagation of the hive. This means continuously assessing risk, detecting threats, responding to attacks, preventing intrusions, and closing hive security gaps. Direct parallels to malware, data exfiltration, insider threats, viruses, using AI and machine learning, allocating resources, SASE, and even NIST 800.207 can be made. Join this informative talk that will teach you a little about bees while sharing how to look at your cybersecurity program from another paradigm.


Objectives:
  • Understand risk-based decision-making and frameworks in cybersecurity, told through a honeybee analogy.
  • Understand SASE and zero trust.
  • See your cybersecurity program through a new paradigm
Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V600-Taylor Rondenell
Track: Small/Medium-sized Business Security
Tags: Basic
Credits Available:
1.00 CPE
We know that exciting new technologies and advances in areas like AI/ML always generate attention, but even after three decades of incredible advancements in cybersecurity, most breaches still fall into one of two major categories: (1) APTs perpetrated by nation-states or other organized groups intent on succeeding by any means necessary; and (2) an entire panoply of malicious hacks largely resulting from human shortfalls or foundational vulnerabilities that could be secure if organizations kept their eye on the basics. Our panelists are all battle-tested CISOs who will use personal anecdotes, practical advice and the CIS 20 for approaching asset inventory and management, threat logs and alerts, prevention capabilities at the endpoint, and configuration management to fortify the defenses of any size organization.


Objectives:
  • Be armed with a checklist to better tackle their current challenges around asset inventory and management; they will also learn shortcuts for managing massive threat logs and alerting systems.
  • Have a quick shorthand method (ICARM) to ensure all solutions are installed and configured completely and correctly--and how to keep them that way.
  • Know how to defend against "automated drive-by hacks" with tools they may already own but are languishing in their arsenals--and the critical importance of continuous remediation.
Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V500- Joe Trusso
Track: Human Factors
Tags: Basic
Credits Available:
1.00 CPE
Creativity and innovation are critical in any rapidly changing field like infosecurity. Creativity includes coming up with new ideas, new applications of existing ideas and new ways of looking at existing challenges. There is plenty of scientific research on creativity. However, creativity alone is of limited use; we need innovation, the implementation and practical use of creativity, to produce any value. As innovation involves execution of creative ideas, planning is essential for innovation. In this talk we look at the research behind creativity and innovation, Ted Demopoulos’ multiyear long experimentation with various techniques, and their application to infosecurity. This is a practical talk, focused on techniques to increase creativity and implementing the most promising creative ideas.


Objectives:
  • Understand techniques to increase creativity and implement them in our daily lives.
  • List creativity killers and work towards avoiding them.
  • Effectively plan and execute promising creative ideas to provide practical value.
Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V300- Jeff Graham
Track: Professional & Career Development
Tags: Basic
Credits Available:
1.00 CPE
The (ISC)² Cybersecurity Workforce Study is well known for its annual workforce gap analysis, but our association’s flagship study offers a much deeper and unmatched dive into the challenges and opportunities facing today’s workforce. Join us for an exclusive first look at key findings from a global survey of your peers. In 2021, our study had record participation. Data provides insights into how cybersecurity professionals feel about their jobs, professional growth opportunities, anticipated future investments, strategies for overcoming staff shortages, hiring trends, advice for job seekers and much more. We will also share what we learned about the ongoing impact of COVID-19 and how it is impacting the cybersecurity workforce around the world.


Objectives:
  • Explore the opportunities and challenges facing the cybersecurity workforce.
  • Better understand the outlook on key issues and opinions of the global cybersecurity workforce.
  • Learn how cybersecurity professionals around the world are coping with the ongoing impact of COVID-19.
Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V2400-Chad Ritter
Track: Governance, Risk & Compliance
Tags: Basic
Credits Available:
1.00 CPE

Compliance is a required part of risk management. But are your compliance initiatives helping you bridge compliance and risk? Effective compliance is a catalyst for developing a proactive, risk management program by providing effective controls and tools that assess, manage, and monitor risk. Compliance isn’t about checking the box, it’s about proactively protecting your company and providing assurance so that others trust doing business with you. And, demonstrating trust will be the next market shaper.

● Challenges in Compliance and Risk Programs

● Five Best Practices in starting a Risk Program

● Compliance Considerations that will Improve Your Risk Posture


03:00pm - 04:00pm EDT - October 19, 2021

Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V2200- Jordan Garcia
Track: Professional & Career Development
Tags: Basic
Credits Available:
1.00 CPE
Cybersecurity is a stressful career. Practitioners are always one misstep away from being the victim of an attack and that leads to a stressful existence. Maintaining balance is critical. This panel will focus on pragmatic approaches to keeping a healthy work/life balance. With hobbies and activities ranging from exercise, gym classes and yoga, to reading, playing music and even taking up flying lessons – our panelists will engage in a lively discussion around keeping balance in our lives by doing things other than work and how those activities can even greatly improve the quality of your work.


Objectives:
  • Recognize the damage caused by an unhealthy work/life balance.
  • Identify some potential areas for improving their own work/life balance.
  • Recognize the value of external activities to the betterment of a career and current work.
04:30pm - 05:30pm EDT - October 19, 2021

Tuesday
04:30pm - 05:30pm EDT - October 19, 2021 | Room: V500- Joe Trusso
Track: ICS/Critical Infrastructure
Tags: Basic
Credits Available:
1.00 CPE
Control Systems Cyber Security Association International (CS2AI), in collaboration with a team of SMEs from an alliance of supporting cybersecurity organizations, conducts a yearly analysis on the current state of ICS cybersecurity. Leveraging the participation of multiple stakeholders across roles and industry sectors (from within its membership of 20,000+ security professionals and unaffiliated practitioners), the survey is designed to help answer key questions about how we can best protect critical systems in the face of ever-growing and -evolving threats and decision support tools that help guide control system cyber security practitioners, management and leadership teams to make well-informed and prioritized decisions regarding the protection of critical assets. This session will present key findings of the 2021 research project.


Objectives:
  • Determine how organizations compare against industry control system cybersecurity benchmarks.
  • Identify optimization targets within their control system cybersecurity programs based on real-world performance reporting on security budget allocation effectiveness.
  • Understand risks to an organization's control system operations and assets, and assess specific threats, vulnerabilities and controls.
Tuesday
04:30pm - 05:30pm EDT - October 19, 2021 | Room: V1100-Jon Moody
Track: InclusionREADY
Tags: Basic
Credits Available:
1.00 CPE
Building on last year's talk about retaining staff, this talk focuses on hiring - because you can retain staff members if you can't manage to successfully hire them. We'll dig into how we interview and the message your process gives potential future staff. In this talk you will understand: -What an attractive hiring process looks like. -Where to look for the best candidates. -How to build a team that is Diverse by Design. At the end of this talk you will leave with: -A list of next steps to take back to your business. -A blueprint for the ideal hiring process.


Objectives:
  • Describe what an attractive hiring process looks like.
  • Know where to look for the best candidates.
  • Build a team that is Diverse by Design.
Tuesday
04:30pm - 05:30pm EDT - October 19, 2021 | Room: V300- Jeff Graham
Track: Internet of Things (IoT)
Tags: Basic
Credits Available:
1.00 CPE
Artificial Intelligence and IoT technology implicate increasingly complex data security risks due to broadening device interrelationships (e.g., IoT webcams, health tracking, children’s toys, automobile software, wireless security equipment). The focus of this presentation is best practices for obtaining high value cybersecurity patents and the goal is to provide an overview regarding potential patent issues related to AI and IoT U.S. patent applications that focus on cybersecurity. This is not an exhaustive presentation, but it does include developing areas of law. We will cover claimed subject matter that resulted in patent damage awards in cybersecurity and potential hurdles that are unique to U.S. software/cybersecurity patents, such as subject matter eligibility and indefiniteness.


Objectives:
  • Be better prepared for potential issues in obtaining a software/cybersecurity patent in AI or IoT technology from the USPTO.
  • Understand how cybersecurity patents are categorized and at least one approach for monetizing cybersecurity technology via patents.
  • Understand the different types of enhancements that result in software patents being found to be more than an "abstract idea," which generally results in ineligibility.
Tuesday
04:30pm - 05:30pm EDT - October 19, 2021 | Room: V100-Jeremy Speakes
Track: Mobile/Remote Workforce Security
Tags: Basic
Credits Available:
1.00 CPE
As of 2021, there are 3 billion Android devices in use globally. Enterprise and government use of Android devices has surged in the last year due to an increase in remote working. Ensuring company data is secured and preserving users' privacy is paramount. In this session, we will provide insight into how modern Android security has evolved to broker more trust with verifiable third-party validations. Google requires all device manufacturers and carriers globally to adhere to mandatory standards including hardware-backed security, OS anti-exploitation and Google Security Services. Please join us to learn more about modern Android Security for enterprise use cases.


Objectives:
  • Describe how modern Android security safeguards company data with native built-in security services and to control those services with EMM solutions.
  • Describe to stakeholders the benefits of managing Android devices with Android Enterprise including complete application management. Customers will be able to conduct risk assessments more accurately by understanding the capabilities of modern Android devices.
  • Articulate and put into action best practices for deploying and managing Android devices and take advantage of built in services to include SafetyNet Attestation, Verify Apps and Google Play Protect.
Wednesday
08:00am - 09:00am EDT - October 20, 2021 | Room: V2400-Chad Ritter
Track: InclusionREADY
Tags: Basic
Credits Available:
1.00 CPE
Gender diversity in tech is a hot topic for organisations, as many understand the benefits that women can bring, such as greater profitability, innovation, and lower costs. However, when it comes to cybersecurity women offer another advantage. They think differently to men and this includes how they see risk. Join best-selling author, and 23-year cybersecurity veteran Jane Frankland to hear about the unique differences between men and women in terms of risk and how a failure to attract and retain women in cybersecurity is making us all less safe. Key takeaways include: Understand the current situation and why women in cybersecurity really matter. Learn how women see risk in a different way to men, and why this is advantageous. Gain a true understanding of the three main challenges the industry needs to overcome if it’s going to increase the numbers of women. Learn how to remove barriers to entry whilst obtaining the right calibre of professional. Discover how to cultivate talent through internal and collaborative programmes. Find out what cultural changes you can make in the workplace right now so you remain operating happily within it or cultivating a more diverse workforce.

10:30am - 11:30am EDT - October 20, 2021

Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V1100-Jon Moody
Track: Incident Response/Investigations/Forensics
Tags: Basic
Credits Available:
1.00 CPE
What are “supplementary measures” and why are my EU business partners asking me to implement them? Can law enforcement search my cellphone at border crossings? What qualifies as a breach vs. an incident? When does an investigation need attorney-client privilege? Do I need to make a bitstream copy, or is an image enough? Over the past five years, these questions have likely come up with regularity, underscoring the need for legal insight in infosec. Just some of the areas where attorneys can assist you include incident response/breach notification, contract negotiations, policy writing and review, and working with insurance carriers. In this follow up to last year’s presentation, infosec legal veterans will describe 10 more things that attorneys can do for your team.


Objectives:
  • Discern which infosec and privacy problems require legal involvement.
  • Understand how to work with counsel to achieve the best results.
  • Respond to the latest infosec trends that have legal implications
Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V1000- Owen Meldrum
Track: Incident Response/Investigations/Forensics
Tags: Basic
Credits Available:
1.00 CPE
This presentation will shift away from antiquated ways of handling incident response to modern-day approaches that are much more effective. Among discussion items: -There needs to be a paradigm shift of how incident response is handled. Stop just responding, start proactively threat hunting and threat modeling. -Incident Response is not centric to CSIRT teams. Mature incident response involves the entire organization, including the business (legal, privacy, HR, etc.) - A CSIRT that is purely built on technical skills is inefficient. Diverse backgrounds and especially soft skills on a CSIRT are imperative. -Stop trying to document/create a playbook for everything. Creativity and flexibility lend to much more effective incident response.


Objectives:
  • Conduct a holistic analysis of their incident response program and identify the weak areas that need improvement.
  • Understand the importance of diversifying an incident response (or CSIRT) team to include not just the technical folks, but those from other lines of business.
  • Describe what approaches to incident response are antiquated, and understand what new processes/ideas should be adopted.
Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V1200-Craig Ciccolella
Track: ICS/Critical Infrastructure
Tags: Basic
Credits Available:
1.00 CPE
We are all regularly buying, building and deploying vendor and contractor equipment, systems and services, but how do we know that the products and services purchased have appropriate levels of cybersecurity? Are vendors and contractors designing, building and operating their products with cybersecurity in mind? Are they consistently searching for and addressing cybersecurity weaknesses? Do they have secure supply chains ? This talk shares an approach for cybersecurity procurement language developed for the U.S. Army’s Office of Energy Initiatives that focuses on cybersecurity requirements for contractors designing, constructing and operating energy generating facilities within Army installations. These procurement cybersecurity requirements protect the installation lifecycle for operational technology networks and industrial control systems of contractor-owned and -operated systems.


Objectives:
  • Understand the current landscape of cyber-focused procurement language, gaps that exist, and what procurement clauses and processes would enable systems to be secure throughout their lifespan.
  • Identify well written, quantifiable cybersecurity procurement clauses that can be measured and enforced.
  • Identify and construct cybersecurity procurement clauses applicable to their particular installation and application, which will serve throughout the lifecycle of the implementation.
Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V200-Atticus Kaiser
Track: Small/Medium-sized Business Security
Tags: Basic
Credits Available:
1.00 CPE
Many organizations have small IT departments or maybe just one IT "guy" and no security personnel. These organizations understandably turn to third parties to outsource most and sometimes all IT. However, they don't ask for security and the outsourced IT companies don't always offer or provide secure IT solutions. Small and medium-sized businesses need to learn how to outsource IT that comes with security. They need to have the tools to ask the right questions and make sure they are not just getting IT, but getting secured IT with an organization that understands security. This talk will provide information organizations need to bring in secure IT vendors and help IT vendors think about why they should be including security in all IT outsourced services.


Objectives:
  • Understand the security controls their outsourced IT vendors should be providing.
  • Evaluate their current outsourced IT services for security gaps.
  • Compare IT outsourced service offerings to ensure they are getting a complete and secure service.
Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V300- Jeff Graham
Track: InclusionREADY
Tags: Basic
Credits Available:
1.00 CPE
An advanced society requires complex human interactions. We now need teamwork skills at a greater scale than ever before which means our emotional intelligence (EQ) skills need strengthening. This starts with a set of common behavioral standards. EQ is a (noun) meaning “the capacity to be aware of, control, and express one's emotions, and to handle interpersonal relationships judiciously and empathetically.” Hence, the standards for interactions depend greatly on our EQ skills. This talk will define the standards for interactions, and together, we will grow our EQ. Our security, privacy, economic well-being and mental health depend on the ability to engage others positively, for example win-win communication. When we establish a baseline of standards for human interactions, with win-win communication, humans will excel.


Objectives:
  • Share with others the Human Behavior Inclusion Standard.
  • Lead the charge on creating strong culture allies in the workplaces and professional networks.
  • Empower those around them to participate in inclusion on an ongoing basis.
Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V2400-Chad Ritter
Track: Cyber Crime
Tags: Basic
Credits Available:
1.00 CPE

With the number of attacks on the rise it’s fair to say that ransomware happens, there’s unfortunately no way to avoid it. The trick is to try and prevent the spread of breaches through your network. During this presentation we’ll offer simple approaches for mitigating the damage ransomware and other cyberattacks can have across your hybrid cloud network, data estate and endpoints.

Points we’ll discuss include learning how to:

• Gain the visibility required to quickly identify the most vulnerable applications and workloads

• Block risky ports and non-compliant data flows commonly abused by ransomware and other cyberattacks

• Find deprecated services and see how legacy unpatched systems can be reached

• Reduce internal frictono and forge tighter collaboration across NetOps, SecOps, and DevOps

• Integrate real-time Illumio data into your SIEM/SOAR during SecOps investigation



Objectives:
  • How to visualize communications across your applications, devices and the cloud, to better understand your systems at risk, and easily enforce least privilege access to prevent the spread of breaches.
  • How to limit your breach exposure and improve your digital defenses by pinpointing the applications and systems most at risk.
  • Proactive (before breach) and reactive (after breach) capabilities that stop malicious code from spreading and isolate critical systems from infection.
11:45am - 01:00pm EDT - October 20, 2021

Wednesday
11:45am - 01:00pm EDT - October 20, 2021 | Room: V1800- Salem Zarou
Track: Privacy
Tags: Basic
Credits Available:
1.25 CPE
The ePrivacy Regulation is still not there, but cookies (and other tracking mechanisms) have been under close scrutiny from European Data Protection Authorities. This sessions will review the actual scopes and requirements of the “cookie law” implementation in various EU member states, along with the requirements changed by the GDPR. Some common pitfalls and misconceptions will be explained and pragmatic solutions presented. The session will also review how Isabel Group proceeded to the selection and implementation of its cross website cookie consent management solution, and how the solution has helped the company and the changed it triggered.


Objectives:
  • Understand better the scope and requirements of the EU "Cookie Law."
  • Identify applicable requirements of the EU "Cookie Law."
  • Put in place measures to comply with the EU "Cookie Law."
Wednesday
11:45am - 01:00pm EDT - October 20, 2021 | Room: V1400-Brad Lutz
Track: ICS/Critical Infrastructure
Tags: Basic
Credits Available:
1.25 CPE
The advent of Industry 4.0 will require secure ICS, IoT and cloud architectures to embrace an agile methodology to meet industrial and business demands. These architectures will need to take into consideration the security of embedded components and SCADA systems, sending traffic to the cloud as well as the security of cloud environments. Data privacy can impact architecture if personal identifiable information is collected to aid in analysis in these cloud environments. Furthermore, we will look at the ISA/IEC 62443 standard and its impact on and applicability to these architectures. Concepts on network architecture design, defense-in-depth network, component selection and hardening, as well as the security development lifecycle’s importance on IoT, the edge and cloud architecture, will be presented and solutions discussed.


Objectives:
  • Describe the particulars of embedded ICS components and the challenges they present when architecting security solutions and how these devices interact within an edge computing environment.
  • Understand the ISA/IEC 62443 standard's relevance in helping design and define secure architectures for the IoT and the cloud.
  • Conduct proper network segmentation, utilizing security architecture safeguarding critical functionality to ICS processes during cloud communications.