Reset

Advanced Filters
11:00am - 12:00pm EDT - October 18, 2021

Monday
11:00am - 12:00pm EDT - October 18, 2021 | Room: V600-Taylor Rondenell
Track: Cutting Edge
Tags: Intermediate
Credits Available:
1.00 CPE
Examined is a collection of open source tools that are used in an authorized red team engagement of a cloud-native Kubernetes cluster environment to discover application security defects. Our collection of dark web and GitHub proof-of-concept (PoC) tools provide a red team with an advanced adversarial advantage over traditional commercial tooling across all stages of an engagement. We report the results in relation to our understanding of the cloud shared responsibility model as it applies to IaaS, PaaS, and SaaS. Several flaw discovery and exploit tools with be demonstrated to show their utility. We explore how CVEs are weaponized on the internet and how having red team a-priori knowledge of them can help organizations create defense-in-depth mitigating controls.


Objectives:
  • Plan a penetration test using open source tools.
  • Recall specific dark web toolkits for red teaming.
  • Demonstrate an understanding of GitHub proof-of-concept (PoC) exploits and their applicability to red teaming engagements.
Monday
11:00am - 12:00pm EDT - October 18, 2021 | Room: V700-Jeremy Becker
Track: Governance, Risk & Compliance
Tags: Intermediate
Credits Available:
1.00 CPE
We lack an agreed definition for cybersecurity and even worse, despite an international risk management standard endorsed by more than 160 nations, our profession uses multiple differing security risk management frameworks. If every employer, client and supplier has a different view of risk management, how can we expect to keep up with the bad guys, let alone beat them consistently? Even if your cybersecurity framework is best in the world, we all need to be in alignment. When 100 security professionals developed the Security Risk Management Body Of Knowledge, we integrated best practice from around the world. And it started with the ISO31000 Risk Management Guideline. This presentation is about applying ISO31000 principles, framework and process in the real cybersecurity world, and in the internet of things.


Objectives:
  • List the internationally agreed six-word definition of risk, explain the key implications of this risk definition, and describe the key components of the ISO31000 Risk Management Guideline.
  • List the key limitations of existing risk management frameworks and describe why some of the current approaches to risk management enable attackers to breach systems far too easily.
  • Argue for a better risk management framework, explain the critical importance of objectives and describe the implications of the internet of things in the context of risk management.
Monday
11:00am - 12:00pm EDT - October 18, 2021 | Room: V1100-Jon Moody
Track: Cloud Security
Tags: Intermediate
Credits Available:
1.00 CPE
In the on-premises world, cybersecurity risks were limited to your organization’s network perimeter. In the era of cloud computing, both the impact and likelihood of potential risks are significantly higher. With the corresponding rise of DevOps methodology, security is now the responsibility of everyone who is part of the application development lifecycle, not just security specialists. In this session, we will present findings on methods and processes to build the cloud security framework that make sense for both your business and your developers. The session is based on real-life experiences from implementing cloud security programs in some of the largest enterprises in the world.


Objectives:
  • List key components of succesful cloud security programs.
  • Identify new gaps in their current public clouds security state.
  • Translate existing security requirements to the cloud.
Monday
11:00am - 12:00pm EDT - October 18, 2021 | Room: V200-Atticus Kaiser
Track: ICS/Critical Infrastructure
Tags: Intermediate
Credits Available:
1.00 CPE
Digitalization is here to stay and critical infrastructures are not an exception. Even before the pandemic, we have seen an increased number of connected OT systems to the internet. It leads to no separation of IT and OT networks due to the increase in data, connectivity, complexity and costs. What makes the protection for the digitalization of critical infrastructure difficult is the convergence between IT and OT. Threats that normally impact IT can move between cyber and physical environments. Therefore, cybersecurity is a key factor for the success of digitalized critical infrastructure. The presentation will share key principles and guidelines the presenter developed and refined over the years working in several industries. The application of the principles has helped prepare and secure critical infrastructure for the future of digitalisation.


Objectives:
  • Better assess environments for the future of critical infrastructure digitalization.
  • Determine key initiatives for long-term protection.
  • Identify actions to better information their cybersecurity programs.
Monday
11:00am - 12:00pm EDT - October 18, 2021 | Room: V400-Kyle Lewis
Track: Research
Tags: Intermediate
Credits Available:
1.00 CPE
How do you measure the effectiveness of security? In 2016, we established a security function within software engineering. Taking a software engineering approach to security, we created testing services, hired developers to build tools, conducted secure code reviews and created our AppSec training program. In 2020, we challenged ourselves to evaluate the effectiveness of our program by analyzing the impact of our team’s services on pen-test findings. A three-month data analysis found that development teams working with us fixed their pen-test findings faster and had significantly fewer new pen-test findings than teams we didn’t work with. In this talk, we will share the specific application security practices that led to these improved outcomes, and how we adjusted our services in response to our findings.


Objectives:
  • Identify the key application security practices that have been shown to reduce risk.
  • Understand how to analyze the security data and adjust a program in response.
  • Know how to set up and run a experiment to evaluate the effectiveness of a security control.
Monday
11:00am - 12:00pm EDT - October 18, 2021 | Room: V500- Joe Trusso
Track: Governance, Risk & Compliance
Tags: Intermediate
Credits Available:
1.00 CPE
Cybersecurity practitioners have often drawn insights and ideas from other domains, relying on their insights, adopting their maxims and terminology. Sun Tzu famously wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Carl Linneaus is credited with developing the standard taxonomy for naming organisms. Only recently, however, has our industry begun to effectively apply the synthesis of such ideas. The MITRE ATT&CK Framework, publicly released in 2015, has been growing in scope and influence, but it is not the first of its kind. How does it compare with its predecessors in improving our understanding of adversary behavior and our defenses? This talk describes key concepts and goals of MITRE ATT&CK to help support successful implementations.


Objectives:
  • Understand the origins, design goals and components of the MITRE ATT&CK Framework.
  • Compare and contrast the MITRE ATT&CK Framework with other frameworks in order to judge appropriateness for and applicability to an organization's security programs.
  • Use the MITRE ATT&CK Framework to correlate between offensive actions and defensive capabilities and measure coverage of ATT&CK techniques.
Monday
11:00am - 12:00pm EDT - October 18, 2021 | Room: V2400-Chad Ritter
Track: Cyber Crime
Tags: Intermediate
Credits Available:
1.00 CPE

We all want a perfect environment to operate securely. In a perfect world, we would have all the resources we need to successfully defend our networks. Reality though paints a much more complex picture. We beg the desktop support team to deploy our endpoint security agents. There is a Windows 2000 server hosting a critical business application stuffed in an old cabinet which no one will take responsibility for upgrading but cannot be removed. Matthew Aubert, a Manager on the Cisco Talos Incident Response team will present a short, but informative talk on what immediate actions should be taken when there is an active adversary on a network. How do you protect your critical resources, contain the adversary, and deal with a possible worse-case-scenario?



Objectives:
  • Demonstrate the need for leadership in a crisis.
  • Identify critical containment measures in the middle of a breach.
  • Reinforce the requirement for stakeholder communication.
02:45pm - 03:45pm EDT - October 18, 2021

Monday
02:45pm - 03:45pm EDT - October 18, 2021 | Room: V1100-Jon Moody
Track: Cutting Edge
Tags: Intermediate
Credits Available:
1.00 CPE
Supply chain security is challenging due to the inherent complexity of global supply chains. The challenge of supply chain security programs is the ability to manage the interdependencies of hardware, software, firmware, and the human relationships and factors that introduce the product into your environment. In Secure SCM, you are only seen as a snippet of code lifted from Github by a coder paid for by a junior developer through an odd-job posted on Fiverr. This same complexity was inherent when the Open Systems Interconnection (OSI) model set a standard communication and data processing structure that is used today. We will propose a model to articulate supply chain risk, mitigating controls, and a risk scoring methodology for the security of the supply chain.


Objectives:
  • Articulate the complex process of supply chain management.
  • Identify a model to manage supply chain risk.
  • Define mitigating controls and a risk scoring methodology for supply chain security risk.
Monday
02:45pm - 03:45pm EDT - October 18, 2021 | Room: V1200-Craig Ciccolella
Track: Application Security/Software Assurance
Tags: Intermediate
Credits Available:
1.00 CPE
This session sets out an approach that combines the security, IT risk and assurance domains to create a sustainable secure software development process. The approach first defines a set of common audit controls and designs them into the process, where they can be inherited by every change. Then it defines a set of tailored controls to satisfy the security requirements of each of the changes that flow through the process. Finally, it creates a virtual-first line of defense, ensuring that as the change flows through the process,security requirements are met and common audit controls are inherited, resulting in every change passing through the development process being secure, compliant and authorized.


Objectives:
  • Define a set of common audit controls to satisfy the audit requirements of each phase of the software development process.
  • Define a set of tailored baseline controls to satisfy the security requirements of each development change.
  • Use a process integrity tool to create a virtual first line of defence that designs these controls into the software development process and manages there day-to-day execution.
Monday
02:45pm - 03:45pm EDT - October 18, 2021 | Room: V800-Paul Jackino
Track: Cyber Crime
Tags: Intermediate
Credits Available:
1.00 CPE
Ransomware is a combination of social engineering, deception, technology, encryption algorithms, stealth, data analytics, business analysis, high-pressure negotiation, and a highly unusual manifestation of customer service. Defending against ransom and ransomware is still a moving target. Every day organizations that believe their ransomware defense is under control must deal with the cruel reality of breaches and long-lasting consequences. We take a new look at ransom-based attacks based on recent, real-life events. Learn about current trends and discuss detection/prevention techniques. We provide a practical example of what to do if you are ever faced with a successful ransom(ware) attack, and how to resolve the most difficult and stressful situation to the most acceptable outcome.


Objectives:
  • Understand current ransom and ransomware attacks.
  • Create an action plan for approaching ransom and ransomware defenses.
  • Effectively prevent ransom and ransomware attacks.
Monday
02:45pm - 03:45pm EDT - October 18, 2021 | Room: V600-Taylor Rondenell
Track: DevSecOp
Tags: Intermediate
Credits Available:
1.00 CPE
Kubernetes has been the de-facto standard at T-Mobile, deployed across AWS, Azure, on-prem and using managed kubernetes services to support critical production workload applications at scale. Containers do offer many opportunities for building and deploying more secure applications and environments, but they also trigger new security challenges. This talk demonstrates how we took the challenge of securing 150+ clusters running 200,000+ containers in a strategic way to achieve shift-left security design coupled with flawless implementation, and backed by solid operational excellence guidelines in managing the T-Mobile Container Security Platform.


Objectives:
  • Learn how to handle container security in real-world to secure production workloads with out the risk of downtime.
  • Learn what are the guiding principles T-Mobile has adopted, in securing clusters at scale, that can well be mapped to their organization environment running platforms at scale.
  • Understand the design and policy rollout strategy that is key for implementing container security in iterative fashion.
Monday
02:45pm - 03:45pm EDT - October 18, 2021 | Room: V300- Jeff Graham
Track: Healthcare Security
Tags: Intermediate
Credits Available:
1.00 CPE
HITRUST is the most-sought certification by healthcare organizations but the cost, resources, and time required are daunting. On average, the direct and indirect costs and time of achieving the HITRUST certification are more than $300K+ and 18 months. At Ginger, we took a different approach and completed our HITRUST assessment in less than half that budget and 11 months. This presentation will outline how nine best practices and projects implemented at Ginger helped us in our HITRUST journey. These practices include the best course for obtaining management support, implementing cross-functional projects between technical and governance teams, starting an organization-wide security program, pre-work required for the audit, tools that helped us, and lessons learned.


Objectives:
  • Learn to conduct a HITRUST assessment on a budget and in a timely manner.
  • Initiate a successful organization-wide security program and cross-functional projects between technical and compliance teams.
  • Shortlist the tools (vendor-neutral) that are must haves to expedite the audit process and strengthen the security controls.
Monday
02:45pm - 03:45pm EDT - October 18, 2021 | Room: V500- Joe Trusso
Track: Threats (Detection/Hunting/Intelligence/Mitigation/Monitoring)
Tags: Intermediate
Credits Available:
1.00 CPE
It is very important nowadays to stay up to date with all of the cyber threats from around the world. It is widely known that there are not enough resources to be found to fill up every security operations center (SOC). Therefore, many organizations struggle with the massive amount of new type of attacks and generated alerts from their tooling. During this session, you will learn how to hunt (and automate your hunt) for active cyber threats in your environment and contain them using integrated connections to network, endpoint and cloud products. This session is targeted at SOC management, cybersecurity engineers, threat hunters and analysts. It will touch on threat detection, investigation and response.


Objectives:
  • Effectively hunt for active cyber threats in an environment and contain them using integrated connections to network, endpoint and cloud products.
  • Efficiently use the necessary code which will be made available after the session.
  • Properly educate your team on how to effectively execute threat detection, investigation and response within an organization.
Monday
02:45pm - 03:45pm EDT - October 18, 2021 | Room: V2400-Chad Ritter
Track: Governance, Risk & Compliance
Tags: Intermediate
Credits Available:
1.00 CPE

The amount of data being generated on a daily basis has been growing rapidly over the last few years. For most organizations, this data is both indispensable and invaluable.

The problem is two-fold: (1) regulations are changing all the time and (2) methods for data management and governance range from manual records to privacy tools with all the bells and whistles. This program will bring together the observations and experiences of two perspectives, one legal-centric and one tech-centric, on how to assess and evaluate this problem. The goal is to create a discussion that will leave the participant with a high-level overview of state-by-state privacy requirements while arming them with a framework for determining the best methods to achieve defensible compliance.



Objectives:
  • Provide Background and Update on GDPR, CCPA and CCPA-like regulations in the US.
  • Compare Baseline Requirements of Different Schemes
  • Discuss Different Approaches/Tips to Designing/Implementing a Compliance Plan
04:15pm - 05:15pm EDT - October 18, 2021

Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V1900-Jacob Fish
Track: 3rd Party Risk
Tags: Intermediate
Credits Available:
1.00 CPE
Cybersecurity risk posture only considers the capability of bad guys to penetrate network defenses, but risks resulting from doing business with third-party vendors who have unvetted access to company data pose just as great a risk. Communicating this to a board of directors may pose the biggest challenge of all to cybersecurity leaders. Whether your company outsources software developers not properly trained in security or uses a payment processing vendor whose cyber defenses are not as stringent as their customers', you are exposing your data to exploitable vulnerabilities. This session will detail the third-party risk issues that are fundamental to a mature cyber risk program and offer a process you can take to effectively communicate this to your board.


Objectives:
  • Discover how to evaluate a third party's security posture and perform a gap analysis to uncover any cyber gaps.
  • Explore tactics for explaining third-party risk type of risk to company board members.
  • Learn how to monitor vendors throughout the business relationship to identify any new cyber gaps and provide updates to the board.
Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V2000-Alex Aarson
Track: Security Automation/Artificial Intelligence/Machine Learning
Tags: Intermediate
Credits Available:
1.00 CPE
This presentation combines the findings of a doctoral study into security automation in the financial sector with real-world experiences in implementing security automation. The research focused on strategies financial institutions need to reduce the gap between the attacker's time to compromise and the defender's time to detect and respond. Learn from the experiences of companies that have implemented or are implementing security automation. This session will look at what to expect from security automation (and what not to expect), how to decide what to automate, strategies to help ensure a successful security automation program and lessons learned from successes and failures.


Objectives:
  • Describe the strategies for a successful security automation initiative based on the experiences of cybersecurity professionals from the financial services industry.
  • Demonstrate how to select practical use cases to achieve success and quick wins with security automation.
  • Describe common challenges and pitfalls of implementing security automation and how to avoid them.
Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V2200- Jordan Garcia
Track: Application Security/Software Assurance
Tags: Intermediate
Credits Available:
1.00 CPE
Today in cloud environments, it is possible to create and destroy services on demand. Yet, most application security programs focus on tried and true methods of scanning, blocking and throwing vulnerabilities over the wall. Today, application security teams have more capabilities and methods available to them to bring application security to the next level. It's time to move to a developer-centric style of application security through education, automation, artificial intelligence, chatbots and ultimately, application security as a service. This model of application security as a service provides engineers the tools needed to access security information while they are developing and prior to code being integrated and deployed.


Objectives:
  • Understand the current state of application security in most organizations.
  • Understand what capabilities are available to application security teams to be able to provide better services to the development organizations they partner with.
  • What an AppSec as a Service model looks like and how to get started.
Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V100-Jeremy Speakes
Track: Cloud Security
Tags: Intermediate
Credits Available:
1.00 CPE
What are the threats to your cloud application? A survey conducted in 2021 looked at major issues that have caused business/financial/reputational impacts to users of cloud services. In the past, the Cloud Security Alliance’s “Top Threats to Cloud Computing: Egregious Eleven” provided an excellent resource for threats and issues that cloud services have to deal with. Documents such as the CSA Top Threat Working Group’s “Cloud Threat Modeling Guidance” provides an excellent basis to perform threat modeling. These new threats can be applied to this guidance with considerations of mitigating controls (such as the Cloud Controls Matrix) to determine one's attack surface and residual risk.


Objectives:
  • Visualize a detailed description of the 2021 Cloud Security Alliance's Top Threats survey.
  • Apply the CSA's Top Threats Working Group's Threat Modeling Guidance with consideration of the new survey threats.
  • Utilize the Cloud Controls Matrix to minimize one's attack surface.
Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V1500-Nicholas Kogut
Track: Small/Medium-sized Business Security
Tags: Intermediate
Credits Available:
1.00 CPE
Many franchisor/franchisee environments do not clearly delineate compliance ownership. In many instances the delineation is either blurry, non-existing or suffocated by legal language. Ultimately, the franchise brand will be the most impacted in the event of a breach - in terms of financial liability and reputational loss. We'll share lessons gained from collaborating with the franchisor/franchise ecosystem of 150+ members to pragmatically and operationally implement security controls and best practices that would collaterally facilitate PCI DSS compliance.


Objectives:
  • Define and understand compliance challenges in the franchise ecosystems.
  • Define and understand compliance custody/ownership in the franchise business.
  • Have research and steps from lessons learned after implementing a PCI DSS compliance program to implement in their own work.
Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V1600-Charlene Budziszewski
Track: ICS/Critical Infrastructure
Tags: Intermediate
Credits Available:
1.00 CPE
Discussions about cybersecurity concerns in critical infrastructure quite often have an alarmist approach. Threats may employ cyberspace for actions that generate kinetic and non-kinetic effects on national defense. In this context, we will outline how the Cyber Guardian Exercise coordinated by the Cyber Defense Command to establish cyber protections around important national and critical infrastructure sectors in Brazil. This was done by building a strong cybersecurity community based on the exchange of experiences and partnerships among 38 government and military agencies, defense-related firms, academic entities, and representatives from the financial, energy, telecommunications and other critical sectors.


Objectives:
  • The need for rapid information sharing to cope with the dynamism and uncertainties of cyber threats, as well as identify subsidies important to the National Network Incident Treatment Plan.
  • The importance of a permanent exchange of experiences relating to best practices and mutual knowledge that make up the cyberspace.
  • The importance of the National Cybersecurity Strategy for the integration of initiatives, normative alignment and maturity of society on the cybersecurity efforts.
Monday
04:15pm - 05:15pm EDT - October 18, 2021 | Room: V1700-Ryan Baill
Track: Privacy
Tags: Intermediate
Credits Available:
1.00 CPE
Privacy engineers are an integral part of ensuring that privacy risk is mitigated and privacy implications are addressed. The efficacy of privacy engineers is fundamentally dependent on their ability to influence. The cross-functional nature of privacy engineering dictates that privacy risk and impact assessments shall consider third-party risk, legal and compliance requirements, security as well as business drivers to build a culture of privacy by design over time. Security plays a significant role in implementing risk mitigation strategies to address privacy risk. While privacy principles are high level, a common governing framework integrating privacy and cybersecurity aligned with the enterprise-level risk management framework can assure that privacy considerations are embedded at the design phase and monitored on an ongoing basis.


Objectives:
  • Gain an understanding of the comprehensive security and privacy framework, NIST Privacy Framework and its relationship to NIST CSF.
  • Learn about measuring and reporting on efficacy of privacy mitigation strategies and understand how the outcome of privacy risk/impact assessment feeds into security risk mitigation strategies.
  • Understand the significance of establishing a Privacy by Design mindset integrated into security by design as part of product design.
10:30am - 11:30am EDT - October 19, 2021

Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V1100-Jon Moody
Track: Zero Trust
Tags: Intermediate
Credits Available:
1.00 CPE
With a full scale ZTA implementation, it is unlikely that adversaries will be able to spread through a corporate network using a compromised endpoint. However, the already authenticated and authorised session of the compromised endpoint can be leveraged to perform limited malicious activities, ultimately rendering endpoints the Achilles heel of ZTA. In order to effectively detect such attacks, distributed intrusion detection systems with an attack-scenario-based approach have been developed. That said, APTs have demonstrated their ability to bypass this approach with high success ratio. Motivated by the convergence of ZTA and blockchain-based intrusion detection and prevention, we examine how ZTA can be augmented onto endpoints.


Objectives:
  • Understand the why behind the needed transition to borderless networks from perimeter-based networks and therefore defenses.
  • Understand, describe and further discuss a major weakness in ZTA, namely the endpoint itself. This will provoke further discussion into a proposed solution via blockchain, including when and where it might be most useful.
  • Gain understanding and insights of the available ZTA deployments models as well as their mapping to real world implementations (such contains vendor reference but can be removed and stick to available models and their attributes).
Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V900- Craig Carpenter
Track: Threats (Detection/Hunting/Intelligence/Mitigation/Monitoring)
Tags: Intermediate
Credits Available:
1.00 CPE
Actionable threat intelligence should provide organizations with the ability to quickly detect (and react to) current threats beyond using the traditional signature and behavior-based security tools. Many organizations, however, currently only view threat intelligence as generic free or paid feeds containing indicators of compromise related to historical attacks used to enrich their own data. Although this approach is common, information gathered through it is of limited use for the organizations and cannot be thought of as “actionable intelligence”. In this presentation, we will look at how raw, freely available data and tools may be used in a DIY fashion to create a tailored threat intelligence program that supplies the organization with data of real actionable value.


Objectives:
  • Create an effective threat intelligence program tailored to the needs of their organization.
  • Differentiate between specific types of threat intelligence.
  • Select appropriate tools for use in security architectures that will provide both detection and/or reaction capability as well as threat intelligence data.
Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V300- Jeff Graham
Track: Zero Trust
Tags: Intermediate
Credits Available:
1.00 CPE
We will discuss NIST Zero Trust Architecture (ZTA) guidelines, reviewing the pros and cons of the three ZTA methodologies discussed within those guidelines. We will cut through buzzwords and the noise and discuss an agnostic POV on the most efficient Zero Trust controls. We will examine both the technology and business impact of ZTA in the era of the remote workforce and multi-cloud environments. Additionally we will review recent security breaches, discuss lessons learned from current cyber trends. We will explain how Zero Trust controls provided a strong defense against breaches. Finally, we will wrap up the session with recommendations for evaluating ZTA initiatives within your organization.


Objectives:
  • Describe the pros and cons of the three Zero Trust architecture approaches.
  • Demonstrate an understanding of NIST Zero Trust Architecture guidelines, and how those guideline can be applied to the enterprise.
  • Define controls that provide an effective defense in the current climate (remote workforce, threat landscape, hybrid multi-cloud).
Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V600-Taylor Rondenell
Track: Workforce Trends (Diversity/Recruiting)
Tags: Intermediate
Credits Available:
1.00 CPE
The presentation will focus on drivers to develop a digital-first model, including problems / pain points Giesecke+Devrient encountered with the "old" model during its digital transformation process. We'll discuss: -Requirements we needed to take into consideration (regulatory, internal, etc.). -Definition of terms in this context. -Positioning of information security as a corporate center in the company (mission, vision, added value proposition, etc.). -The organizational model (information security and IT organizations and the role of the Cyber Defense Center). -Challenges encountered since its introduction, adaptations to the model since its definition/implementation in 2018 and the influence of the pandemic on accelerated digitization and subsequently information security.


Objectives:
  • Explain why diversity is a key to the continuous improvement of information security and its support of digitization initiatives within a global company.
  • Explain to senior management and the business how information security can be a true enabler adding value to the digitization process.
  • Embark on a similar successful journey to a modern digital-first information security organization by providing a blueprint for a modern organization.
Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V400-Kyle Lewis
Track: Cyber Crime
Tags: Intermediate
Credits Available:
1.00 CPE
Email protocols (such as SMTP, POP, IMAP, MIME) were designed to deliver messaging functionality rather than security. It is relatively simple to spoof a sender and/or their domain using email. Yet, the bulk of business communication remains driven through email. Email is also the primary vector used for malware attacks, phishing attacks, business email compromise and other attacks. What to do? Can you trust the source of that the email you received? We discuss strengths and drawbacks of existing technical standards (such as SPF, DKIM, DMARC) to prevent email spoofing and secure email protocols such as S/MIME. We discuss AI/ML- and reputation-based approaches to improve confidence in email origination as well as a novel known-sender-profiling approach that can further protect a user against email spoofing.


Objectives:
  • Identify the weaknesses of standard email protocols and how spoofed emails can result in serious cybersecurity and business compromise.
  • Identify and implement existing technical protocols that prevent attackers from spoofing their domain and/or senders, while realizing that these techniques are not very helpful in preventing attackers from sending spoofed emails to users within their own domain.
  • Learn about and apply additional existing tools and techniques as well as a novel known-sender profiling technique to achieve a higher level of protection against email spoofing.
Tuesday
10:30am - 11:30am EDT - October 19, 2021 | Room: V100-Jeremy Speakes
Track: Incident Response/Investigations/Forensics
Tags: Intermediate
Credits Available:
1.00 CPE
Time and again, we see that the key hosts implicated in cyber incidents, those where threat actors gain initial access or exploit to spread throughout the network, aren't even supposed to BE there anymore. These are testing servers that were stood up during testing and were supposed to have been shut down afterward. They are old development systems that linger, long forgotten, unmatched and unmonitored. They are legacy application servers "temporarily" exempted from security requirements. In this talk, we will look at several examples of how this can happen even in large, well-resourced organizations with otherwise mature IT operations. We will discuss how we can avoid this phenomenon in our organizations and use our awareness of this phenomenon in defending and threat-hunting on our networks.


Objectives:
  • Describe how cyber threat actors seek out and take advantage of vulnerable hosts in enterprise networks.
  • Determine the most likely hosts in their enterprise that could be used by a cyber threat actor to gain or maintain access.
  • Describe the reasons why vulnerable hosts linger in organizations and how to detect and avoid this in their own organizations.
11:45am - 12:45pm EDT - October 19, 2021

Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V200-Atticus Kaiser
Track: Governance, Risk & Compliance
Tags: Intermediate
Credits Available:
1.00 CPE
In 2020, FAIR Institute membership passed 10,000, representing more than 40% of the Fortune 1000, and spanning 118 countries. In only five years, use of this open standard approach to risk quantification has reached critical mass and is now recognized by NIST, COSO and HITRUST. Boardrooms are increasingly averse to risk colors and heat maps using ambiguous, ordinal scales. For centuries, the language of business risk has been in dollars and time. IT and cybersecurity risk must embrace the next evolutionary step and learn to speak this language with accuracy and confidence. This session will explore foundational measurement and quantification concepts, failures of current models and enlightening research. It will also introduce the global standard Factor Analysis of Information Risk (FAIR) concepts and ontology.


Objectives:
  • Solidify understanding of typically ambiguous terms and concepts surrounding current IT risk management practice.
  • Demonstrate the failures of current qualitative risk management standards and processes.
  • Understand the basic concepts of the FAIR risk quantification framework and how its use can integrate IT/cyber risk into the broader business risk construct and discussion.
Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V1500-Nicholas Kogut
Track: 3rd Party Risk
Tags: Intermediate
Credits Available:
1.00 CPE
COVID-19 demonstrated to the world that supply chains are critical to our society and are vulnerable to many different types of disruptions. Not just cybersecurity disruptions. We must understand that supply chains are more than logistics, more than risk assessments orSOC reports on a vendor’s cybersecurity, or due diligence. Today’s supply chains need ongoing monitoring and attention. They require third-party risk management. This presentation will explain the processes and procedures needed to properly select a vendor, perform due diligence, determine inherent risk, calculate residual risk, manage contracts, establish ongoing monitoring, document and report to senior management and the board, maintain oversight & accountability and terminate vendors. All while protecting their supply chains.


Objectives:
  • Create secure supply chains for an organization.
  • Identify the weak links in supply chains and develop business continuity management measure to protect organizations from loss.
  • Accurately assess the risk in their third-party risk management programs, apply those metrics to the entire supply chain and determine the overall risk to their enterprise.
Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V1400-Brad Lutz
Track: Malware
Tags: Intermediate
Credits Available:
1.00 CPE
No doubt, you've heard about the recent attack that leveraged a technology software supplier, SolarWinds, to compromise a large number of organizations, including many in the IT industry and U.S. government agencies. This was one of the world’s most serious nation-state cyberattacks, and has raised a number of questions, including "How do I know if I was impacted?" In this session, we''ll talk about how the attack was carried out, and, more importantly, how customers can identify the TTPs indicating a compromise in their own environment.


Objectives:
  • Understand how the SolarWinds breach was carried out.
  • Understand what the attackers were able to do.
  • Understand how to threat hunt for attacks like SolarWinds in an environment.
Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V1600-Charlene Budziszewski
Track: Cloud Security
Tags: Intermediate
Credits Available:
1.00 CPE
Pen testing is standard security practice for simulating attacks to identify system vulnerabilities, and most industry compliance audits require them. But most pen testing efforts overlook the No. 1 risk in the cloud: misconfiguration. In this session, we will walk through pen testing your cloud security posture - what it looks like, how to approach it in-house, and how to evaluate vendors to ensure they understand cloud misconfiguration and how to exploit it. This session will provide security professionals with a framework for approaching pen testing cloud environments and feature real-world misconfiguration exploits and actionable information you can use to begin incorporating your cloud attack surface in your pen testing plan.


Objectives:
  • Define the differences between traditional pen testing and cloud pen testing and how to think like a hacker in pen testing cloud environments.
  • Describe cloud misconfiguration attacks, and perform internal cloud security testing and vulnerability assessments.
  • Define a bounty-driven exercise to employ white hat hackers to probe your cloud environment to identify vulnerabilities that compliance and security tools can miss.
Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V1700-Ryan Baill
Track: Professional & Career Development
Tags: Intermediate
Credits Available:
1.00 CPE
This presentation discusses the definition and value of Cybersec Data Science (CSDS) and why it is more than threat intelligence and risk analysis. We'll look at nine main types of CSDS work and how organizations leverage CSDS in the public sector, finance and health industries and marketing. We'll key in on actionable outcomes and dealing with dirty or half-relevant data. Additionally, we'll discuss how to clean, cross-reference, and bucketize security data, as well as use machine learning, statistical models and data-pivots to construct metrics. From there, we'll demonstrate how to communicate findings and more.


Objectives:
  • Have a clear understanding of Cybersec Data Science and how can it be used in a variety of organizations and missions. Specific tasks and operational examples will be provided, such as how large financials integrate it into adversary assimilation and real-world risk decision support.
  • Learn effective techniques derived from Cybersec Data Science practices such as cross-referencing internal metrics with industry norms, tracing cybercrime monetization strategies, attack flow modeling, conducting results-driven analysis, and prioritizing control efforts. Tips will also be given on clearly communicating findings to executives.
  • Explain how can become a cybersecurity data scientist (or hire a good one), which skills are necessary (and how to learn them), what goes into building an effective team (and where the team should sit within an organization), and the proper mindset and mission of the team.
Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V1900-Jacob Fish
Track: Human Factors
Tags: Intermediate
Credits Available:
1.00 CPE
Cybersecurity is primarily concerned with protecting the value of information, directly or indirectly against theft. Yet we see increasing attacks designed to cause suspicion and uncertainty and undermine confidence in, or promote a particular narrative or ideology. Recently we have seen misinformation attacks intended to undermine confidence in the U.K.'s fights against COVID-19, influence the U.S. elections and destabilize Ukraine’s democratic government. In this session we explore the relationship between the subjective truth and objective facts in the context of fake news and new forms of subtle attacks. We discuss the role that social media, psychology and culture plays. We'll also talk about how, while traditionally an information security problem, this increasingly requires AI-based cybersecurity techniques and technology to detect and mitigate.


Objectives:
  • Understand the difference and relationship between the objective facts and subjective truth and the ways attackers exploit these to spread misinformation, often using fake news and subtle influences in order to promote their own agenda.
  • Recognize more clearly signs of misinformation and fake news, the rationale behind them, how they manifest, and the different techniques and attack vectors used, often so subtle that they are not immediately obvious on their own.
  • Recognize and assess the risk of misinformation and fake news attacks and decide on what cybersecurity tools, techniques and strategies are available for identifying, analyzing and mitigating these as well as how to implement these tools as part of a wider strategy.
Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V2100-Sondley Cajuste
Track: Small/Medium-sized Business Security
Tags: Intermediate
Credits Available:
1.00 CPE
Big companies have all these security resources we hear, while small companies just don’t have the money or people. But does size equal security? Small and large companies have much more in common than they realize. With all the solutions that large companies have implemented and tried, what lessons can a small security team take from these? Small companies have to be nimble and think differently; what can a large company learn from them? Come join us to learn how much security everyone has in common and some learnings that could help your organization take things to the next level.


Objectives:
  • Appreciate the challenges of different-sized security teams and what we can learn from those differences.
  • Demonstrate that security issues impact organizations regardless of size.
  • Define strategies to learn from the successes and failures of other security teams.
Tuesday
11:45am - 12:45pm EDT - October 19, 2021 | Room: V2300-Nick Malczewsky
Track: ICS/Critical Infrastructure
Tags: Intermediate
Credits Available:
1.00 CPE
Cyber-physical systems are delivering an increasing portion of the infrastructure services at the heart of our economy and national security, and you don’t have to look far for examples of technology-enabled, industrial control, and the internet-of-things in the core operations of healthcare, food and agriculture, energy, transportation, or manufacturing. Further, one has only to look at the contemporary examples of our systems under stress, such as the JBS and Colonial Pipeline cyber attacks, to understand the fragile risk ecosystem confronting infrastructure owners and operators of cyber-physical systems. In fact, the title of this talk is purposefully a catch-22, meaning that just as infrastructure resilience is inherently dependent on safe and secure cyber-physical systems, so too is the collective work to see cyber and physical security achieve resilience tethered to the great steps we take in the 21st century to automate and make more complex operating environments within critical infrastructure.

01:45pm - 02:45pm EDT - October 19, 2021

Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V1000- Owen Meldrum
Track: 3rd Party Risk
Tags: Intermediate
Credits Available:
1.00 CPE
Reading about supply chain attacks can cause anxiety when companies today procure much of their software and services from third parties. The tick-box approach of vetting suppliers with cursory audits misses many of the pain points that are often leveraged in real attacks. This session will cover integrating offensive security into traditional third party vetting approaches or using offensive security as its own benchmark prior to integrating third-party software and services into your environment. We'll cover examples of how to apply this approach to your own third-party vetting, and include some real-life success stories of vulnerabilities found in products already in use by many companies.


Objectives:
  • Understand how and when to apply offensive security in third-party risk assessments.
  • Know and appreciate the limitations of current third-party onboarding.
  • Apply this knowledge within your own third-party onboarding.
Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V700-Jeremy Becker
Track: Cyber Crime
Tags: Intermediate
Credits Available:
1.00 CPE
Experience the cybercrime victim navigation process, or journey to recovery. Explore symptoms, experiences, pressure and challenges experienced during the crisis and learn industry techniques, best-practices and processes you can take to protect your business.


Objectives:
  • Comprehend/understand the journey to recovery from a ransomware attack.
  • Understand/comprehend the lessons learned from impact to recovery after a cybercrime is committed.
  • Apply best practices, tools and techniques to mitigate the threat vector[s].
Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V800-Paul Jackino
Track: Supply Chain Security
Tags: Intermediate
Credits Available:
1.00 CPE
The SolarWinds hack represented a very public example of what can happen with a compromised or insecure supply chain. Unfortunately, SolarWinds is not unique. Consider the number of Java and OpenSSL vulnerabilities disclosed during the past decade. Solarwinds does drive home the importance of monitoring your environment and, more particularly, its software supply chain. Of course this raises the question: How can we monitor our supply chain? This session will provide a soup-to-nuts example of the elements you need to build your supply chain analysis tool. It will also identify where you might get some of those elements (for free) and explain key decisions you will need to make along the way.


Objectives:
  • Understand the components required to develop and implement a strategy to track application components in their environment or products.
  • Evaluate and communicate application component risks to an internal environment.
  • Conduct environmental component audits and respond to risks faster.
Tuesday
In April of 2021, the FBI executed a search warrant upon a series of “Certain Microsoft Exchange Servers Infected with Web Shells.” This warrant was different from typical ones, however: it authorized the FBI to not only find and copy the malware instances, but to delete them entirely from the servers. These actions were undertaken in the ongoing battle against state-sponsored malicious actors but have come to be seen as unprecedented. In this session, information security legal veterans will review why the U.S. government took this action, whether it was legally justified, and why your organization might be on the receiving end of such a warrant.


Objectives:
  • Understand the circumstances that prompted this new tactic.
  • Evaluate the scope of the search warrant and underlying affidavit.
  • Determine what legal recourse your organization may have in such a case.
Tuesday
01:45pm - 02:45pm EDT - October 19, 2021 | Room: V100-Jeremy Speakes
Track: Small/Medium-sized Business Security
Tags: Intermediate
Credits Available:
1.00 CPE
Ever wondered what a vCISO is or does? Ever wanted to know what they have the opportunity to see as they move from company to company on a daily basis? Sit down with two professionals who bring decades of information security Experience to the discussion. From defining the role and value of a vCISO to exploring what they're seeing as they get a unique perspective of a constantly moving view of the industry, bring your questions and be ready for an interesting talk.


Objectives:
  • Learn what vCISOs are, what they do and how they bring value to an organization.
  • Learn about what two vCISOs with decades of experience are seeing, not from being stuck in one trench but moving from place to place.
  • Learn what type of threats you might be missing, whether in a large company or a small company, if you only have a limited view.
03:00pm - 04:00pm EDT - October 19, 2021

Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V1600-Charlene Budziszewski
Track: Application Security/Software Assurance
Tags: Intermediate
Credits Available:
1.00 CPE
Developers dislike security but won't tell you that to your face. Developers think differently, and security keeps saying that developers need to embrace security in a DevSecOps world. Developers make the most meaningful security decisions, and many times, they are doing it without us. Why do developers dislike security? How can security meet developers where they are in a collaborative approach? Security doesn't understand development and often tries to force a process and toolset that is not optimized. Developers are indifferent towards security and, in extreme cases, detrimental to security's success. Explore the ten main frustrations that cause security dislike and a collaborative and culture-focused solution to address these frustrations. Learn to walk a mile in your developers' shoes, practicing developer empathy as a security person.


Objectives:
  • Understand the ten frustrations that impact developers in regards to security.
  • Apply the ten resolutions to build stronger application security programs.
  • Practice developer empathy, walking a mile in the shoes of a developer.
Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V1700-Ryan Baill
Track: Security Architecture/Engineering
Tags: Intermediate
Credits Available:
1.00 CPE
As more organizations move towards using a cloud-native architecture (e.g., microservices, containers, orchestration), they come to the realization that their security controls are also changing. They are moving from being perimeter-based to also being cloud-native. The firewall is dead, and zero trust architecture is here to replace it. Zero trust security is a model where application components or microservices are considered discrete from each other and no component or microservice trusts any other. Implementing and migrating towards a zero trust strategy for cloud is an engineering effort, to say the least. But the payoff is huge in terms of scalability and resilience to attack. We explore the design principles and then illustrate them in reference architectures for AWS, Azure and GCP that are reusable.


Objectives:
  • Describe the zero trust model as it applies to cloud architecture and cloud-native applications.
  • List the threats associated with zero trust architectures.
  • Plan the migration of a legacy cloud environment to a design that is based upon a zero trust architecture.
Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V1500-Nicholas Kogut
Track: 3rd Party Risk
Tags: Intermediate
Credits Available:
1.00 CPE
These days it is not unusual to walk too far before you see the endpoint of a video surveillance system. Consider the cameras you have seen on homes, at traffic stoplights (look up), in stores, at the gym, in your workplace (when you are back in the office), transportation centers, warehouse facilities ... the list can go on and on. Video surveillance is a necessity in many environments. There are many use cases for video surveillance that make security sense. This session will provide a background into the steps a team can take to self-assess their physical security video surveillance infrastructure to avoid being hacked as in the case of Verkada.


Objectives:
  • Awareness to IoT and video surveillance infrastructure.
  • Practical steps an organization's IT and security team[s] can take to evaluate their hardware solution.
  • Practical steps organizations can take to evaluate their software and cloud video surveillance solution.
Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V1900-Jacob Fish
Track: Governance, Risk & Compliance
Tags: Intermediate
Credits Available:
1.00 CPE
Since the beginning of information technology systems, there have been informal systems developed by users to compensate for shortcomings in the official systems. This presentation will examine the cause of informal business systems; how they can be identified in the IT environment; and how they can be properly evaluated as asset or threat. The discussion will include drivers and causes of shadow and rogue IT, and how organizations are modifying their governance structures to take advantage of the user-driven innovation often represented by these DIY systems. Ultimately, participants will understand how to evaluate user-derived IT solutions for their potential and risk, encouraging innovation while meeting regulatory and data protection obligations.


Objectives:
  • Understand the forces that result in unsanctioned IT systems operating in the business environment.
  • Discuss how to identify, through audit and inquiry, when and where shadow IT systems are being used.
  • Implement changes in governance that will enable the organization to realize the benefits from user-driven IT innovation while still controlling the risk and costs related to the unmanaged use and development if unsanctioned IT systems.
Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V1800- Salem Zarou
Track: Governance, Risk & Compliance
Tags: Intermediate
Credits Available:
1.00 CPE
The bad guys are once again held at bay, everything is locked down, the incident is wrapped and your work here is done. Or is it? More and more of today's cyber incidents are leading into civil litigation where your best defense strategy starts with the first steps of incident response. Litigation preparedness needs to be a key aspect of your incident response plan; and if it's not, you are likely leaving your organization open to significant risk and future expense. Join us while we cover the basics of litigation, the rules you need to prepare to follow and why actions you take during incident response can be deciding factors on how that future litigation unfolds.


Objectives:
  • Describe the actions needed during incident response to prepare an organization for potential future litigation.
  • Describe how to avoid the pitfalls and simple mistakes that can cause significant adverse assumptions against an organization during litigation.
  • Update incident response plans to include litigation preparedness aspects to help protect an organization against the risk of incident-related litigation.
Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V2000-Alex Aarson
Track: Governance, Risk & Compliance
Tags: Intermediate
Credits Available:
1.00 CPE
Many client organizations are confused by our industry's lingo and particularly similar or interchangeable terms. This session will discuss cybersecurity vs. cyberresiliency in the following context: --What's the difference in definitions and scope? --Why is this important to the practitioner to explain and communicate to clients? --What are potential negative impacts of not differentiating for your clients? --Is it time for a terminology refresh to accommodate new technologies and updated terminology among various industry sectors?


Objectives:
  • Define cyber resiliency vs. cybersecurity.
  • Communicate effectively to clients the importance of understanding and addressing both.
  • Discuss or demonstrate examples of negative impacts of not fully addressing both in risk assessment and continuity planning.
Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V1300- Josh Ensley
Track: DevSecOp
Tags: Intermediate
Credits Available:
1.00 CPE
DevSecOps is a major pillar for a successful security program as organizations are growing their ecosystems through interconnected information systems. The consequences of a poorly implemented program can render organizations insolvent as a single application-level data breach can impact an organization’s reputation, customer retention, and financial performance. Building a DevSecOps program is an insurmountable challenge for many security teams already struggling to meet a plethora of regulatory requirements. This presentation, representing a year of research with security professionals from companies around the world, helps you to understand DevSecOps. We will provide a clear description of what a DevSecOps program looks like based on our research including the systems, processes, governance, team, and environment needed to deliver a well-built DevSecOps program for your organization.


Objectives:
  • Describe what DevSecOps is and how it integrates with DevOps, including the system architecture, governance models, team structures and process integrations.
  • Describe the pillars of a well-built DevSecOps program, including how to measure the program's effectiveness.
  • Describe some of the potential challenges in developing a DevSecOps program.
Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V1400-Brad Lutz
Track: Privacy
Tags: Intermediate
Credits Available:
1.00 CPE
Implementation and certification to the Information Security Management System under ISO 27001:2013 provides organizations with a consistent framework of risk management and governance and forms a foundation of sound information security practices. With stricter privacy requirements, both in the United States and internationally, adding the Privacy Information Management System under ISO 27701:2019 provides further adherence to privacy requirements and adds specific controls for data controllers and/or data processors. This standard requires ISO 27001 certification. The combination of these two standards provides an organization with ongoing compliance and sustainability of evolving technologies and requirements. We'll present a review of each standard and quick review of current privacy legislation with case studies of organizations that reduced risk, increased efficiencies and boosted customer confidence.


Objectives:
  • Identify critical relationships between privacy and information security and how common controls can provide a greater value to managing legal, regulatory, contractual requirements.
  • Learn strategy to gain management and customer confidence through applying a standardized, systematic method for the protection of multiple types of information as a data custodian, data processors or data collector.
  • Analyze the current privacy and information security program within your organization to determine potential gaps and areas of improvement
Tuesday
03:00pm - 04:00pm EDT - October 19, 2021 | Room: V2100-Sondley Cajuste
Track: Security Automation/Artificial Intelligence/Machine Learning
Tags: Intermediate
Credits Available:
1.00 CPE
Due to advances in machine learning, the tools for making deepfake audio and video content are becoming both more refined and more accessible at a rapid pace. These factors are leading to an increased incidence of deepfakes and, as a result, increased security risks. This talk will explain the fundamentals of deepfakes, including describing different types of deepfakes and the machine learning techniques used to create them. Further, security concerns relevant to deepfakes will be presented along with discussion of real-world incidents. Building on this foundation, we'll present current approaches for deepfake detection such as practical human detection methods and automated machine learning-based detection processes. A look at deepfake detection methods will include a summary of the current state of the art.


Objectives:
  • Understand the processes for creating deepfake audio and video files, and list different types of deepfake creation techniques.
  • Describe methods for detecting deepfakes, including both human achievable approaches and machine learning-enabled automated solutions.
  • Appreciate the security and safety risks that deepfakes pose and understand preventive actions that can be taken.
04:30pm - 05:30pm EDT - October 19, 2021

Tuesday
04:30pm - 05:30pm EDT - October 19, 2021 | Room: V1000- Owen Meldrum
Track: Professional & Career Development
Tags: Intermediate
Credits Available:
1.00 CPE
As a cybersecurity professional, there are many opportunities for those with a cyber skillset. With more people are looking to change their career or advance within a cybersecurity space, they begin to ask: How will I stand out from the other cybersecurity professionals applying for the same job opportunities? Think of your career development like training for the Tour de France. There are several stages that must be achieved before you can get closer to wearing the yellow jersey and stand on the podium, i.e., achieve your career goal. Training for the stages of a Tour de France is similar to training for the stages of your own career development. However, the stages in your development will be measured in years vs. miles.


Objectives:
  • Learn and understand that professional development and growth, in cybersecurity, is a multi-year process with planned milestones for success. Every stage of your development must be deliberate with experiences and knowledge that must be obtained before moving to the next stage.
  • Understand that personal growth starts from within. It will require mental and physical development to endure career challenges/obstacles when becoming a cybersecurity professional. And that getting ahead doesn't always mean moving up.
  • Learn to be better positioned for success when when grooming others through leadership, mentoring and motivating. When you make it an objective to develop the cyber skillset of those around you, your yellow jersey becomes easier to obtain.
Tuesday
04:30pm - 05:30pm EDT - October 19, 2021 | Room: V900- Craig Carpenter
Track: Human Factors
Tags: Intermediate
Credits Available:
1.00 CPE
In the past several years, dark web activities have spread far beyond traditional boundaries. Today’s competition and overabundance of stolen data broke traditional dynamics and forced a rapid evolution of cybercrime. One stolen users’ credential may bring down an entire company, as ransom and ransomware continues to evolve. Stolen data is drawing record sale prices. Zero-day vulnerabilities are more effective and expensive. Social engineering attacks are complex and often impossible to distinguish from real activities. Insider threats are even more dangerous. All of these threats and changes in cybercrime make the dark web more dangerous and impactful than ever. Our deep dive into the current state of the dark web should provide a better background for improving defenses today and tomorrow.


Objectives:
  • Understand current dynamics of the dark web.
  • Recognize new attack patterns and abuse techniques.
  • Defend infrastructures from new waves of attacks.
Tuesday
04:30pm - 05:30pm EDT - October 19, 2021 | Room: V600-Taylor Rondenell
Track: DevSecOp
Tags: Intermediate
Credits Available:
1.00 CPE
After having every job in information security (from log review to CISO), I took a break to spend time running production engineering for a major PaaS vendor. I learned a lot about the fine details of engineering management, but I learned a whole lot more about how security could be done more effectively. I'm back in the security world and starting to implement what I learned. Here's a little bit of insight that might make a difference in your world. But I might not stay - there are a lot of good ways to accomplish things, but I'm even less sure that security should be a separate discipline. Hard-won lessons to share.


Objectives:
  • Clearly describe the key points of interaction failure between engineering and security organizations.
  • Demonstrate an awareness of the knowledge and perception gap between engineering and security cultures.
  • Conduct analysis of their own organizational interactions to find opportunities for improvement.
10:30am - 11:30am EDT - October 20, 2021

Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V800-Paul Jackino
Track: Governance, Risk & Compliance
Tags: Intermediate
Credits Available:
1.00 CPE
Based upon the published OMG discussion paper, "The State and Future of Cyber Insurance," the co-authors will briefly present a synopsis of the paper, leaving ample time for open discussion with attendees regarding the current cyber insurance market and its shortfalls. We will then cover the emerging market that includes the embedded sale of cyber for the cloud market and the potential for streamlining the underwriting process, resulting in a more dynamic insurance product. Finally, we will dive into parametric insurance products and areas it can remedy in cyber insurance, including the new market for non-fungible tokens (NFTs).


Objectives:
  • Understand the cyber insurance market and its current shortfalls, as well as the importance of a quantified risk assessment in the process and understanding the policy.
  • Understand how elastic cyber insurance, embedded in cloud agreements, will shape the future of the cloud market.
  • Describe parametric insurance and its many advantages and obtain an early education on the product and how it will change the cyber insurance market.
Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V700-Jeremy Becker
Track: Security Automation/Artificial Intelligence/Machine Learning
Tags: Intermediate
Credits Available:
1.00 CPE
The explosion of machine learning, data science and artificial intelligence research and applications in the past few years present both great opportunities and great risks for cybersecurity managers and practitioners. Organizations need to clearly understand the fundamentals of machine learning algorithms, including their current capabilities and limitations, before facing the vast array of tools, applications and groups eagerly offering solutions. This presentation will discuss some of the recent advances and applications of machine learning and artificial intelligence capabilities for the cybersecurity of critical infrastructure. We will focus on understanding the limitations of the algorithms (and implementations) to determine the potential impacts to both security and safety. Most importantly, we will discuss ways to assess and evaluate these capabilities from an overall risk management perspective.


Objectives:
  • Identify machine learning capabilities that can improve the cybersecurity of critical infrastructure.
  • Discuss the potential risks with machine learning capabilities and their implications.
  • Discuss the ways to assess whether a machine learning algorithm (or system) will work to improve the cybersecurity of their critical infrastructure assets.
Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V900- Craig Carpenter
Track: Threats (Detection/Hunting/Intelligence/Mitigation/Monitoring)
Tags: Intermediate
Credits Available:
1.00 CPE
VERIS, or the Vocabulary for Event Recording and Incident Sharing, is a set of metrics designed to provide a common language for describing cybersecurity incidents (and data breaches) in a structured and repeatable manner. VERIS provides cyber defenders and intelligence practitioners with the ability to collect and share useful incident-related information - anonymously and responsibly - with others. The VERIS Framework underpins the annual Data Breach Investigations Report (DBIR). VERIS employs the A4 Threat Model to describe key aspects of incidents and breaches that affect victim organizations. Simply put, the A4 Threat Model seeks to answer: who (actor) did what (action) to what (asset) in what way (attribute) for threat modeling, intelligence analysis, breach mitigation and detection / response improvement.


Objectives:
  • Understand data breaches and cybersecurity incidents through the VERIS lens.
  • Identify the four components of the VERIS A4 Threat Model: actors, actions, assets, attributes.
  • Apply use cases for the VERIS A4 Threat Model.
Wednesday
10:30am - 11:30am EDT - October 20, 2021 | Room: V400-Kyle Lewis
Track: Cloud Security
Tags: Intermediate
Credits Available:
1.00 CPE
Which leading cloud provider has the most effective security features -- AWS, Azure or Google Cloud (GCP)? We'll look at three common use cases and provide live demonstrations to compare security architectures and features across all three cloud platforms. The discussion includes: Identity: Cloud customers typically create multiple AWS accounts, Azure subscriptions or GCP projects. How should a centralized source of identity be architected? Private Networking: Security-conscious cloud customers use private networking as part of a defence in depth strategy. How can this be achieved with cloud services such as storage or serverless functions which are internet-facing by default? Content Delivery Network: How can a web application be presented to global users with low latency and a high level of security?


Objectives:
  • Develop a knowledge of practical implementations around cloud security principles studied for the CCSP certification.
  • Compare security services and features across AWS, Azure and GCP with real-world examples.
  • Demonstrate an understanding of centralized identity architectures across multiple AWS accounts, Azure subscriptions and GCP projects.
11:45am - 01:00pm EDT - October 20, 2021

Wednesday
11:45am - 01:00pm EDT - October 20, 2021 | Room: V1600-Charlene Budziszewski
Track: Human Factors
Tags: Intermediate
Credits Available:
1.25 CPE

A former CIA intelligence officer with over two decades of experience breaching the security of his targets overseas identifies the threat actors behind today's data breaches along with their motivations and objectives. He reveals human hacking methodologies that increasingly incorporate OSINT, especially social media platforms, to identify, assess and manipulate key insiders to facilitate the breach.

This presentation will demonstrate several advanced social engineering techniques going far beyond commonly known phishing attacks. It also identifies and promotes a two-pronged risk mitigation strategy incorporating organizational and personal information control along with a "verify, then trust" discipline when confronted by potential human hacking attempts.



Objectives:
  • Identify five distinct categories of human hackers (threat actors) behind successful data breach attempts along with their respective motivations and objectives.
  • Describe the methodologies utilized by human hackers for the selection, assessment and manipulation of insiders to successfully accomplish the breach.
  • Mitigate human hacking threats by adopting a two-pronged strategy.
Wednesday
11:45am - 01:00pm EDT - October 20, 2021 | Room: V1500-Nicholas Kogut
Track: Application Security/Software Assurance
Tags: Intermediate
Credits Available:
1.25 CPE
Many threat modeling approaches exist with new techniques and tools to perform the same activity for different scenarios. However, methodologies like DevSecOps pose a huge challenge for threat modelers in incorporating the demands of different teams including scaling and quality issues and in successfully demonstrating business value. This requires moving away from traditional practices to fit DevSecOps needs. After an elaborative study, we introduce a Maturity Model for Threat Modeling, focused on how it can be integrated with the enterprise. You will witness threat modeling as a central tool for security risk management, how various functions in the enterprise can be involved to address risk and finally preparing organizations to experience the right outcome for recommended tool categories at every maturity level.


Objectives:
  • Address the challenges in traditional threat models to suit DevSecOps methodology.
  • Describe a maturity model to prepare organizations for the right levels of threats.
  • Recommend the right tool categories for every maturity level.
Wednesday
11:45am - 01:00pm EDT - October 20, 2021 | Room: V1300- Josh Ensley
Track: Incident Response/Investigations/Forensics
Tags: Intermediate
Credits Available:
1.25 CPE
Follow in the footsteps of a cybercriminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker’s response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show you the attacker’s techniques used and how they went from zero to full domain admin compromise that resulted in a nasty ransomware incident.


Objectives:
  • How attackers gained access to systems.
  • What tools were used.
  • How "AD elevation" was achieved.
Wednesday
11:45am - 01:00pm EDT - October 20, 2021 | Room: V1900-Jacob Fish
Track: Incident Response/Investigations/Forensics
Tags: Intermediate
Credits Available:
1.25 CPE
Cyber insurance? Do we need it? Who better to discuss cyber insurance than with actual underwriters. Go behind the scenes to learn about the current cyber liability landscape. We know insurance forms are complex, coverages are vague, and there are often hidden exclusions. We provide you with the knowledge to understand these issues, highlight how you can efficiently work through the application process, understand what insurance companies look for, and ask the right questions to effectively negotiate your coverages and premium. Additionally, we discuss real-life scenarios that lead to denial of claims.


Objectives:
  • Understand the current cyber liability market.
  • Identify common coverages and exclusions, and understand why claims may be denied.
  • Identify key factors to determine how much insurance you need, what insurers look for, and know the do's and don'ts when filling out your application.
Wednesday
11:45am - 01:00pm EDT - October 20, 2021 | Room: V2000-Alex Aarson
Track: Governance, Risk & Compliance
Tags: Intermediate
Credits Available:
1.25 CPE
Compliance means conforming to rules, such as specifications, policies, regulations or standards and laws. As information security professionals, we know that things are not black and white and that controls, however well intended, may break a system or render it unable to perform it's business function. But how do we make sure that we understand the true intent behind a control in order to effectively demonstrate compliance? Where engineers are left not understanding a control's intent or unable to effectively explain mitigating controls, auditors have a hard time breaking down the components of a control to make them understandable. Each scenario can lead to false positives and erroneous findings. Let's explore how to effectively translate between technology speak and audit jargon.


Objectives:
  • Define the gaps in understanding that accompany failing controls.
  • List the common pitfalls in effectively communicating a compliance need.
  • Effectively challenge vague and indistinct controls in order to build a stronger control framework.
Wednesday
11:45am - 12:45pm EDT - October 20, 2021 | Room: V2200- Jordan Garcia
Track: Privacy
Tags: Intermediate
Credits Available:
1.25 CPE
Cryptography is commonly used to protect the secrecy and integrity of data. It is a good thing that secure transportation is now commonly used. However, usually the owner of the data does not know with certainty which of their data is transferred. The transportation is guarded by cryptographic techniques so it is impossible for the owner to inspect the data-stream. The only way to inspect this process is to inspect the source code and to verify that the used program matches the inspected code. Not all parties are willing to have their code inspected. We are presenting the early findings for possibilities and feasibilities for the data owner to temporarily inspect the encrypted transportation for a limited time and we will demonstrate the prototype.


Objectives:
  • At the end of this session participants will be understand the initial phase of TLS in particular "key exchange".
  • At the end of this session participants will be understand how "the shared secret" can be obtained by auditing parties.
  • At the end of this session participants will be understand how this mechanism has only impact on a few connections (restricted in time)). So the general protection of TLS is not compromised.
Wednesday
11:45am - 01:00pm EDT - October 20, 2021 | Room: V2300-Nick Malczewsky
Track: Threats (Detection/Hunting/Intelligence/Mitigation/Monitoring)
Tags: Intermediate
Credits Available:
1.25 CPE
The security market is full of solutions to support threat detection and response: EDR, NDR, SIEM, XDR, SOAR, you name it. But just deploying tools is not enough to get results. Organizations must ensure they have the appropriate coverage of threats and technologies to detect and respond to incidents and minimize impact. This session introduces the coverage concept and how it affects the performance of threat detection and response, as well bringing some important lessons learned from real world deployments.


Objectives:
  • At the end of this session participants will be able to understand what coverage is in relation to threat detection and response practices.
  • At the end of this session participants will be able to apply the MITRE ATT&CK framework to map and expand the threat coverage of their threat detection and response practices
  • At the end of this session participants will be able to comprehend what parts of their technology environment must be covered by their threat detection and response practices.