- Need Technical Assistance? virtualcybersecuritysummit@getvfairs.io
- Need Technical Assistance? nshss-event@getvfairs.io
This agenda is preliminary. Check back weekly for updates.
8:00 AM - 8:15 AM
Rohit Tandon Rohit Tandon, CISO, Minnesota and Carlos Kizzee, MS-ISAC Stakeholder Engagement will introduce the Public Sector Summit; outlining key challenges, requirements, capabilities, and solutions being implemented to address and mitigate the cyber security concerns for this unique sector.
8:15 AM - 8:45 AMEugene Kipniss, MS-ISAC Federal Engagement and SLTT Assessments will keynote the Public Sector Summit with critical observations from this year’s Nationwide Cybersecurity Review (NCSR); an anonymous cybersecurity maturity self-assessment completed by thousands of SLTT governments and presented to Congress bi-annually. His presentation will include a brief on the threats and trends currently observed by the MS-ISAC and impacting SLTT governments; providing a summary threat landscape of the community. He will explore what the NCSR data can tell us about our risk reduction priorities in light of increasing threats to SLTT, and help the audience consider how we can best leverage the NCSR to communicate those priorities to our law makers.
8:45 AM - 9:15 AMGovernment has a higher level or responsibility to protect data, as they force people to provide the data.
9:15 AM - 9:45 AMIrrespective of whether the organization is public or private sector, any information security management program relies on several requirements and expectations at the organizational level to be successful. The degree of success is dependent upon the extent that these success factors are supported by the organization. This presentation will discuss the nature of these success factors.
9:45 AM - 10:00 AMConverse and connect with our Solution Strategy Providers.
10:00 AM -10:30 AM 10:30 AM - 11:00 AMIntegrating cyber practices for both givers and receivers of funding. Funding is generally associated with services for residents of your community. Technology plays a critical role in delivering critical services and protecting that technology from cyber threats also requires investment. What are some of the approaches to seek out investment opportunities that defend the technology and protect recipients data around social services.
11:00 AM - 11:30 AMCyber Zeros and Ones should not be red or blue. Explaining to your legislatures how technology has a corner stone impact to all citizens. Consumers have a choice to interact with private sector and provide personal data, however in the public sector the data collected is not optional for residents. This should place a higher burden on public sector to protect the sensitive data. There are also public disclosure expectations. (In the event of a data breach - how does the state rebuild confidence). Purpose - describe the why, and suggest how
11:30 AM - 12:30 PMHost a round table based on a topic from the public sector track committee members
12:30 PM - 1:00 PMProtecting citizens, service programs, infrastructure. How can we prapare for the smart cities that both public and private entities are responsbile for defending. What are some strategies to ensure there is a good foundation to build on to protect privacy and defend they way of life
1:00 PM -1:30 PMHiring restrictions, tight budgets, cut-throat hi-tech competition? How can public sector organizations find, attract, develop and retain cyber talent? Lessons Learned, Best Practices. Diversity of thought and experience when recruiting RSV Methods to retain talent (Training opportunities, e.g. discounted SANS)
1:30 PM - 2:00 PMPresentation on cyber risk insurance in general and how public sector entities are approaching this issue. Attendees will learn the different approaches public entities can consider for insurance and how some select states and groups work together to share the cost and reduce the risk of cyber incidents.
2:00 PM - 2:30 PMIn this session we will learn about real life examples of attacks to our utilities and SCADA systems. We hope to offer real steps on what the future holds for this important sector and what our public officials are doing to meet this real and rapidly evolving threat to our citizens.
2:30 PM - 3:00 PMConverse and connect with our Solution Strategy Providers.
3:00 PM - 3:30 PMState government leaders must manage risk within a context where authority is distributed across sectors and levels and branches of government. Regardless of the structures and local culture that a governor and state legislature must operate within, they must establish cybersecurity governance that provides the mix of control and influence necessary and appropriate for their state, and that includes mechanisms for mitigating and responding to risk.
3:30 PM - 4:00 PMThe cloud adoption efforts will shift the balance of IT operations and cybersecurity for public sector entities that must select both. The benefits from the higher utilization of cloud services and what cyber risks should you start to navigate to ensure the value is in both.
4:00 PM - 4:30 PMAs a national leader in energy and agriculture with a significant military footprint, North Dakota's cybersecurity strategy involves a whole-of-government approach - including training the next generation of cybersecurity professionals. The state's "PK-20W" Initiative aims to make “every student, computer science and cybersecurity educated, Kindergarten through PHD.” Shawn will talk through a model that can be applied to any state to bring their students to 21st Century Skills while also protecting the economy of the state, data of citizens, and security of all residents.
3:30 PM - 5:00 PMJoin us in the EXPO to network with fellow attendees and connect with our Solutions Strategy Partners.
8:45 AM - 9:15 AMLearn about WiCyS and how to get involved
9:00 AM - 9:20 AMClark Whiting, CISSP is a highly experienced and renowned information security architect with deep experience over XX years across many industries. Besides his important cybersecurity work for Best Buy, Clark is also a board-certified meditation and mindfulness instructor. To mix it up this year, Clark will host a meditation and mindfulness session designed to teach beginners (and experts) about meditation and mindfulness best practices. We will even meditate as a group through Clark’s expert guidance. Namaste!
9:30 AM - 10:20 AMMentorships are the circle of life throughout a cybersecurity or business career, and it is even more critical in providing support and unlocking career opportunities to advancing our profession to be the best it can be. Join this panel of impressive information security and business executive as they share stories and strategies to how mentorship helped boost their growth both as mentors and mentees.
9:30 AM - 10:20 AMThe session will showcase leaders in cyber security to discuss the career opportunities, salary ranges, and broad range of industries in which you can be employed, how a non-traditional tech background can be valuable and the growth opportunity for women in this traditionally male dominated field.
9:30 AM - 10:20 AMToday’s threat landscape is constantly evolving, and securing your remote workforce is critical to success. Understanding people risk and protecting your most important asset—your people— with a people-centric approach to security, should be the fundamental focus of your cybersecurity program.
9:30 AM - 10:20 AM 10:30 AM - 11:20 AM 10:30 AM - 11:20 AM 10:30 AM - 11:20 AMWe are all trained in our jobs and personal lives to be weary of suspicious emails and never click links or open attachments in them. But what happens when you do? We will look at phishing emails we have received and actually click links and/or open attachments to see what they try to do to our systems and accounts. Afterwards we’ll try and answer any security questions around phishing campaigns and or phishing in general.
10:30 AM - 11:20 AMBuilding & Leading Diverse teams is an artform. Success means making a clear and visible commitment through recruiting, leading, and guiding team members through change and evolution while positioning your organization to pivot quickly to changing demographics, team member needs and market trends. Learn strategies and practices from this panel of proven architects of diverse teams
11:30 AM - 12:30 PMAs a technology executive, Louise McEvoy likes taking risks outside of work - mountainbiking on weekends and climbing the world’s highest mountains on vacations. Louise’s personal life goal was to climb Everest and she realized that goal when she summited on May 16, 2018. Louise is dedicated to helping others reach their “summit” and has spoken to many groups and organizations on that topic, knowing that sometimes the hardest things in life are also the most fulfilling.
11:30 AM - 12:30 PM 12:30 PM - 1:20 PM 12:30 PM - 1:20 PM 12:30 PM - 1:20 PM 12:30 PM - 1:20 PM 1:30 PM - 2:20 PMWhat does an effective SOC look like? How do you sucessfully measure whether its working or not working?
1:30 PM - 2:20 PM 1:30 PM - 2:20 PM 1:30 PM - 2:20 PM 2:30 PM - 3:20 PM 2:30 PM - 3:20 PM 2:30 PM - 3:20 PMJoin us to hear Target's journey to adopt FIDO as a primary authentication capability across the Enterprise. We will share stories of some of the challenges and obstacles we had to overcome along the way. Our goal was not to drive users to our help desk so clarity of messages was key requirement in our program so we will talk about the importance of clear communication. We will share some of the key metrics that we identified along the way and how they helped to influence our program execution.
2:30 PM - 3:20 PMDevelopers dislike security and won't always admit it. In a DevSecOps world, devs become security people, but did anyone ask dev? Devs dislike security because security doesn't understand, and often tries to force a process and toolset. Explore the ten main frustrations that cause a security dislike, dev empathy, and a collaborative- and culture-focused solution to address these frustrations.
3:30 PM - 5:00 PMJoin us in the EXPO to network with fellow attendees and connect with our Solutions Strategy Partners.
9:30 AM -9:40 AM 9:40 AM - 10:10AMThis session will be a high-level summary of current security threats to medical devices and healthcare, and the efforts in place to address the risks. The end result will be a general understanding of the situation, terminology and players.
10:10 AM - 10:40AMThe healthcare industry is continuously on the bleeding edge of innovation, deploying connected medical devices that significantly improve the quality and delivery of care. With nearly 15 connected devices per bed, the need for visibility and security of these devices is more critical than ever. But, while healthcare technology management (HTM), cybersecurity, and information technology teams share a common objective, there are still barriers to building a successful medical device security program. Join Ben Stock, Director of Healthcare Product Development at Ordr, to discuss ways to build a successful medical device security program and getting HTM, IT, and cybersecurity to work together.
10:40 AM - 11:10AMJoin this session to learn more about the emerging area of cybersecurity asset management, why all major security frameworks consider asset management to be foundational, and how healthcare organizations can use data from the tools already in place to solve asset management for cybersecurity.
11:10 AM - 11:40AMMayo Clinic will share its journey to develop and implement a proactive, ongoing asset “certification/validation” process spanning the life-cycle of an asset. The talk will focus on one foundational asset, Windows servers, and key deliverables: secure baseline requirements, certification program, asset drift, and risk measurement. The program measures cybersecurity risk empirically at the asset level, which is consolidated to a fleet view.
11:40 AM - 12:45AM 12:45 PM - 1:15PMRansomware has been frighteningly pervasive in the news over the past months. Through the lens of medical device security, we’ll scope out what ransomware is, box in legitimate fears, and drive out uncertainty and doubt.
1:15 PM - 1:45PMRansomware is but one type of “incident.” Now, incidents are defined in various ways and contractual provisions can (and typically do) add a layer of complexity and urgency to getting it done right. To that end, it is necessary to begin by referencing the incident response plan and assembling the response team, which includes the company’s legal counsel. This presentation will highlight the critical legal aspects relative to an incident response and is aimed to assist in how to properly leverage legal counsel’s assistance.
1:45 PM - 2:15PMLearn practical examples of how to leverage information security data to enable improvements to clinical risk and patient safety. Extending beyond the medical device security, we will showcase insights that require a holistic approach to what security in the next 2 to 3 years will look like related to healthcare device ecosystems.
2:15 PM - 2:30PM 2:30 PM - 3:00PMHealthcare and medical device companies are some of the most targeted organizations in the world. Humans, when appropriately involved in your phishing defense, can be very effective sensors against these attacks. Through empowering people, we can create a resilience not achieved by technology alone. The power of this collective is achieved through a comprehensive, positive, human-focused program looking at the issues from end to end. Join us to discuss how you can build a better employee: one who can better identify, report, mitigate and remediate zero-day attacks.
3:00 PM - 3:30PM 3:30PM - 4:00PMThe global demand for Cybersecurity professionals is high, and the need for experts in cyber for medical devices is at the top of that list. This panel will discuss options and opportunities for employees from a wide variety of backgrounds to transition or prepare for a career in med device cybersecurity. The conversation will include perspectives from those who have made the transition as well as hiring managers.
12:30 PM - 3:30 PMShowcasing thought leaders, strategies, opportunities, and use and business cases of implementing Industrial Internet of Things (IIoT) security solutions across this broad spectrum of industries. IT, OT and IoT cybersecurity decision-makers and practitioners will discuss and evaluate the security risks in the context of IoT/IIoT/ICS/SCADA, to create insights into new technologies and best practices for securing smart, connected operations and facilities.
1:30 PM - 5:00 PM 1:30 PM - 5:00 PM 1:30 PM - 5:00 PM 1:30 PM - 5:00 PM 1:30 PM - 5:00 PM
Christopher Gabbard 1:30 PM - 5:00 PM 1:30 PM - 5:00 PM 1:30 PM - 5:00 PM The Cybercrime Support Network is developing a national reporting and support system for victims of cybercrime. https://cybercrimesupport.org/ Standardize reporting formats nationally; linking local response, Law Enforcement, social services into a nationwide network. There are lots of numbers about scope of victimization, but a good session could help personalize this issue for individuals and small businesses. Possibilities (I can write an abstract for anything):
• A talk on the victim issues, and the development of resources for victims; Kristin Judge, CEO of CSN.
• A panel on the topic: Cybercrime Support Network, maybe AARP (from their FraudWatch program, I don’t have a contact there), “Bits and Bytes” (a non-profit cyber frontline education thing, run by a teenage intern who works for CIS- amazing!).
7:30 AM - 8:00 AMRohit Tandon 
Nancy Skuta Deputy CISO for the State of Minnesota presents timely advice and career-shaping insights for future cyber security professionals.
8:00 AM - 8:20 AMAn eleven year journey brings us to today. Eleven years ago the University of MN, Technological Leadership Institute had the foresight to raise concerns that cyber security was to become a household concern, and the Summit was born.
8:00 AM - 8:35 AMConnections are powerful. Most of us realized the value of our interpersonal connections in 2020 as the pandemic changed the way we interact with colleagues, friends and family. The proliferation of mobile devices and sensors in everyday items has created the most powerful network of interconnected devices imaginable. But with great power comes great responsibility. Protecting the estimated 21.5 Billion devices in use today requires security professionals to adapt and learn faster than ever before.
8:35 AM - 9:15 AM 9:15 AM - 9:45 AMNow a cybersecurity leader at EY, Brian Levine served for the last 20 years as a cybercrime prosecutor with the U.S. Department of Justice, National Coordinator for all 300 federal cybercrime prosecutors, an Assistant Attorney General with the New York Attorney General’s Office, and a civil litigator. Brian will address how those of us in security can stay out of legal and regulatory trouble, including discussing such topics as breach communications, incident reports, informed consent, ransom payments, hack back, bug bounty programs, and more.
9:30 AM - 10:15 AMTo pay or not to pay, protection from. German hospital where patient died last year being transferred from another hospital. Contrast FEDS saying don't pay and then people dying. Reclaimed Funds. Practical Application.
10:15 AM - 10:45 AMConverse and connect with our Solution Strategy Providers.
10:45 AM - 11:15 AMGeneral overview of what cyber insurance is and is not. Discussion of how cyber insurance is different than general business liability insurance and how businesses should use cyber insurance products as a part of their overall business resiliency strategy.
Panelists:
General overview of what cyber insurance is and is not. Discussion of how cyber insurance is different than general business liability insurance and how businesses should use cyber insurance products as a part of their overall business resiliency strategy.
11:15 AM - 11:45 AMNo matter how much we automate, we still rely on people to prevent incidents. So how do we get our users to understand how important their role is and to keep security top of mind? Based on the bestseller, Made to Stick, we will address how to help your security messages not only get through to your users but how to change behaviors. We will walk through basics you can put into use immediately to get your users on board and soaring as security advocates.
11:45 AM - 1:00 PM 1:00 PM - 2:00 PMModerator
Sean CostiganPanelists
Andrew Borene 
Rebecca Morgan Whether as a malicious act or inadvertent actions by careless employees, the greatest threat to an organization's information system is often on the inside. Subject matter experts from the National Counterintelligence and Security Center (NCSC) and the Department of Justice will examine the role of insider threat mitigation in cybersecurity. Join our panelists for a discussion on the threats and vulnerabilities of insiders operating in the cyber realm and the role of insider risk programs in deterring, detecting, and mitigating risk while protecting the privacy and civil liberties of the workforce. Discussion will cover the current risk environment, including heightened vulnerabilities created by the Global Pandemic; potential threats posed by trusted insiders and the adversaries and competitors who seek to co-opt or exploit them; best practices and resources to mitigate risk; and a live Q&A with audience.
2:00 PM - 2:30 PMShift Left. A phrase that is easy to say, but a strategy that many organizations struggle to effectively implement. This talk, presented by industry expert Larry Maccherone, will discuss the top 5 reasons that "shift left" is hard and the best ways to overcome the challenges.
2:30 PM - 3:00 PMConverse and connect with our Solution Strategy Providers.
3:00 PM - 3:30 PM Open Source Software (OSS) is being distributed and consumed today on a massive scale through software supply chains. While OSS delivers tremendous benefit in terms of accelerated development and innovation, it is an increasing common target of cyber adversaries. Join Derek for a discussion of how OSS is developed, distributed, maintained, and attacked.
Derek will reveal insights on how open source projects with 1.5x more frequent releases and 530x faster open source dependencies upgrades harness this speed to dramatically improve security within their code. He will also share insights on how high performance enterprise software development teams simultaneously boost productivity and security - achieving 15x faster deployments and 26x faster remediation of application security vulnerabilities. Derek then will show how you can apply these exemplary practices to stay a step (or more) ahead of your adversaries using by sharing a set of best practices and attack countermeasures.
3:30 PM - 4:00 PMWe must improve our system performance to defend American interests in the cyber domain. Defragging our current strategy involves reorganizing individuals and companies in a position of strength, and removing the seams and gaps cyber criminals use to attack. BG Horvath combines military strategic examples and cybersecurity analysis to visualize a stronger defensive cyber strategy.
4:00 PM - 4:40 PM 4:40 PM - 5:00 PMThe Summit is developed to both enlighten and provide actionable takeaways, reviewed in this closing session.
5:00 PM - 6:00 PMJoin us in the EXPO to network with fellow attendees and connect with our Solutions Strategy Partners.
6:00 PM - 9:00 PMThe Morries™ Visionary Leadership Awards recognize innovative practitioners from across the cybersecurity ecosystem working to develop and foster strategies that protect critical systems and data. Join us as we honor the exemplary leadership of our colleagues in the field, including security awareness leaders, audit leaders, academic leaders, governance champions and more. This year’s expanded awards program featured a lively environment offering refreshments, networking, compelling photo opportunities, dinner and entertainment from The Cyber Rocks Band!
8:00 AM - 8:10 AMStart the day inspired by the accomplishments of the Morries.
8:10 AM - 8:45 AM
Shayla Treadwell With the evolution of technology, cyber threats continue to impact people and organizations daily even with enhanced technical controls in place. Because of this, there is a heightened importance on the direction that information security executives provide organizations to ensure timely and proactive remediation. However, research indicates that the leadership methodologies deployed by security leaders are not always the same as other leadership roles within organizations. This presentation explores the methodologies behind the roles and decisions of these executives and how they impact the strategic futures of information security.
8:45 AM - 9:30 AM Information Sharing & Analysis Centers (ISACs) have been an integral part of the nation’s cyber defenses since the very late 1990’s. Within each of the nation’s critical infrastructures, they bring together owners and operators to collect analyze, and share information on cyber and physical threats, as well as develop best practices for mitigation. At their best ISACs are active, ongoing communities of trust that cut through the noise and complexity of cyber issues and help their members focus on things that really matter to their sector and their enterprise.
Since the public sector touches all critical infrastructures, in this session we’ll look at the wide range of activities, partnerships, and business models seen across the ISAC community. We’ll then focus in on the Multi-State ISAC in more detail and explore examples of actionable information sharing, products and services that are available, and success stories of cybersecurity improvements. To get full value from an ISAC requires active engagement, and we’ll also discuss what you have to do and have in place to make best use of ISACs.
And don’t let “Sharing and Analysis” in the name mislead you – ISACs are a powerful means to our real goal of action leading to better, higher confidence delivery of public sector services.
9:30 AM - 10:00 AMZoom has a unique Case Study. The company rose to prominence in the midst of a pandemic. How were they able to react so quickly. All the factors they had to work through while also onboarding more users every day compared to any competitor. How did they do it? Cyber-security veteran Katie Moussouris from Luta Security helped revamp their Bug Bounty program, growing pains around the revamp. Through everything they still improved their product. How did they rise to the challenge. How you have an agile environment to be so responsive
10:00 AM - 10:20 AMConverse and connect with our Solution Strategy Providers.
10:20 AM - 10:50 AMCyber-attacks happen, and the last six months have seen more groundbreaking hacks from Solar Winds to the Exchange hack we have continued to chart new territory. In reaction to that the Federal government is driving new regulations and accountability across the Defense Industrial Base (DIB), Critical Infrastructure, and in the future all Federal contractors. A leader in that space is the Cybersecurity Maturity Model Certification (CMMC). CMMC is the new DoD standard for contractor cybersecurity and has the potential to expand to more or all of the Federal Government. Join our panel of experts to hear perspectives on the new standard, what the key components are, and what business and counsel should be concerned about in the emerging compliance environment.
10:50 AM – 11:45 AMModerator:
Panelists:
Once considered an esoteric domain of cybersecurity, Software Supply Chain security is now a Board Room conversation. Action must be taken to protect and safeguard us. The conversation will cover the current policy landscape, which includes actions from all branches of government, as well as how thinking on risk has evolved over the past several years. Our panel will touch on the notion of shared risk and how to think through responsibilities for government, the private sector, software vendors and the consumer.
11:45 AM – 1:00 PMWhile taking a session break, please converse and connect with our Solution Strategy Providers.
1:00 PM - 1:30 PMSolarWinds defined the attack of the cyber supply chain. One of the most extensive, stealthy attacks ever discovered, organizations were attacked through trojanized updates to legitimate monitoring and management software. SolarWinds provides a discussion opportunity of the infinite horizon, the importance of attribution, and improvements to information sharing.
1:30 PM - 2:00 PMHave you ever wondered about Artificial Intelligence (AI) in Cybersecurity? Maybe you are curious to know how it is currently being applied or how it might be applied in the future? Better yet, how AI relates to the current threat landscape and even your environment. If so, join us! Where we will break it down using real-world examples. This is a zero to hero session so you don’t need a PhD in math or data science to enjoy the topic and learn something new.
2:00 PM - 2:30 PM 2:30 PM - 3:00 PMConverse and connect with our Solution Strategy Providers.
3:00 PM - 3:30 PMThe benefits the connected world gives. The human experience is enriched. Company mission is to reverse the hacker advantage. Intro what we all want, what does it mean, why its at risk. Examination of trends and future proof. Improve our skills - a race of speed. Find tools and techniques that survive skills of the enemy. Heart of EDR, .... How do you access, what should you be doing with your supply chain. TCall to innovation. Takeaway slide...
3:30 PM - 4:00 PMThe speed of adversarial advancement is at an all time high. Cyber Defense Operations must mature almost in real time to keep pace. The added complexity of defending remote workers in the faces of unprecedented ransomware attacks puts the potential business impact of a miss at severe levels. In this talk we’ll examine ideologies and real-world war stories of organizational defense in 2021. We’ll look at lessons learned where cyber defense operations were key to effective defense with approaches from the organizations that are succeeding.
4:00 PM - 4:30 PMThe adversarial landscape has broadened and deepened in recent years. Enterprises are expected to defend against complex, protracted attacks like SolarWinds while also protecting users from lightning-fast, adaptable ransomware attacks. We’ll review the latest trends in adversaries including what we see on the horizon from attackers, and discuss how intelligence can be leveraged throughout the enterprise to plan and maximize an effective response.
4:30 PM - 5:00 PM
