- Need Technical Assistance? virtualcybersecuritysummit@getvfairs.io
- Need Technical Assistance? nshss-event@getvfairs.io
Times are in CDT. The agenda is preliminary, so check back often for updates.
8:00 AM - 8:15 AM
Rohit Tandon Rohit Tandon, CISO, Minnesota and Carlos Kizzee, MS-ISAC Stakeholder Engagement will introduce the Public Sector Summit; outlining key challenges, requirements, capabilities, and solutions being implemented to address and mitigate the cyber security concerns for this unique sector.
8:15 AM - 8:45 AMEugene Kipniss, MS-ISAC Federal Engagement and SLTT Assessments will keynote the Public Sector Summit with critical observations from this year’s Nationwide Cybersecurity Review (NCSR); an anonymous cybersecurity maturity self-assessment completed by thousands of SLTT governments and presented to Congress bi-annually. His presentation will include a brief on the threats and trends currently observed by the MS-ISAC and impacting SLTT governments; providing a summary threat landscape of the community. He will explore what the NCSR data can tell us about our risk reduction priorities in light of increasing threats to SLTT, and help the audience consider how we can best leverage the NCSR to communicate those priorities to our law makers.
8:45 AM - 9:15 AM
Gary Buonacorsi Government agencies and Educational institutions are challenged to secure and manage a new kind of hybrid network. Not on-prem and cloud, but work in the office, work from home, work from anywhere. Your organization is more dispersed than ever — leaving you with an incomplete picture of your cyber and data risk. Start by focusing on one of the greatest challenges you face: endpoint devices. Endpoints have expanded beyond your organization's perimeter and are operating in the badlands of the outside world. This makes them and the data that is on them ideal targets for cyber attackers. Traditional risk scoring systems do not factor endpoint data and may create a false sense of security. Your organization needs visibility to help break down the data silos and close the accountability, control and resiliency gaps to improve your cyber risk. This webinar will discuss why it is critical to move beyond basic vulnerability and threat data and calculate a dynamic risk score using key metrics across operational, security and regulatory domains.
9:15 AM - 9:45 AMIrrespective of whether the organization is public or private sector, any information security management program relies on several requirements and expectations at the organizational level to be successful. The degree of success is dependent upon the extent that these success factors are supported by the organization. This presentation will discuss the nature of these success factors.
9:45 AM - 10:00 AMConverse and Converse and connect with our Solution Strategy Providers.
10:00 AM -10:30 AMHow someone working at a city and county level can better collaborate across the State and Nation.
10:30 AM - 11:00 AMRohit TandonIntegrating cyber practices for both givers and receivers of funding. Funding is generally associated with services for residents of your community. Technology plays a critical role in delivering critical services and protecting that technology from cyber threats also requires investment. What are some of the approaches to seek out investment opportunities that defend the technology and protect recipients data around social services.
11:00 AM - 11:30 AM
Jacqui IrwinCyber Zeros and Ones should not be red or blue. Explaining to your legislatures how technology has a corner stone impact to all citizens. Consumers have a choice to interact with private sector and provide personal data, however in the public sector the data collected is not optional for residents. This should place a higher burden on public sector to protect the sensitive data. There are also public disclosure expectations. (In the event of a data breach - how does the state rebuild confidence). Purpose - describe the why, and suggest how
11:30 AM - 12:30 PM 12:30 PM - 1:00 PMProtecting citizens, service programs, infrastructure. How can we prepare for the smart cities that both public and private entities are responsible for defending? What are some strategies to ensure there is a good foundation to build on to protect privacy and defend the way of life.
1:00 PM -1:30 PMHow can the public sector find, attract, develop, and retain cyber talent in this competitive market? This session will cover how the Minnesota Judicial Branch and Montana have built their cyber security programs from the ground up, incorporating novel approaches to find talent and cost-effective ways to develop skills, while retaining employees by providing meaningful work in a diverse culture.
1:30 PM - 2:00 PMPresentation on cyber risk insurance in general and how public sector entities are approaching this issue. Attendees will learn the different approaches public entities can consider for insurance and how some select states and groups work together to share the cost and reduce the risk of cyber incidents.
2:00 PM - 2:30 PMIn this session we will learn about real life examples of attacks to our utilities and SCADA systems. We hope to offer real steps on what the future holds for this important sector and what our public officials are doing to meet this real and rapidly evolving threat to our citizens.
2:30 PM - 3:00 PMThe work of the public sector is always about people – people delivering services to people. And the same is true for cyber security. Our industry tends to focus on technology and threats, but people are the key to making defenses work, or not work. And whether people or technology, this is inherently a distributed problem. Like in a team sport, we need to coordinate the improvement of each person in a way that is focused on, and contributes to, a single goal. Traditional approaches to security leave the CISO playing a game he/she can’t win while those around them do their best individually, but are not organized or directed to the enterprise goal. We need to empower people and the enterprise in a way that is clear, specific, trainable, measurable, and manageable. Programmatic Distributed Empowerment for Information Security (or PDEIS™) is the method to change the game and put us all in a better position to win.
3:00 PM - 3:30 PMState government leaders must manage risk within a context where authority is distributed across sectors and levels and branches of government. Regardless of the structures and local culture that a governor and state legislature must operate within, they must establish cybersecurity governance that provides the mix of control and influence necessary and appropriate for their state, and that includes mechanisms for mitigating and responding to risk.
3:30 PM - 4:00 PMPublic sector and healthcare sector organizations have been repeatedly targeted by nation-state and ransomware threat actors. Good tools are important, but the best protection against these attacks isn’t extra security products, but a focus on excellence in IT hygiene and IT operations.
4:00 PM - 4:30 PMAs a national leader in energy and agriculture with a significant military footprint, North Dakota's cybersecurity strategy involves a whole-of-government approach - including training the next generation of cybersecurity professionals. The state's "PK-20W" Initiative aims to make “every student, computer science and cybersecurity educated, Kindergarten through PHD.” Shawn will talk through a model that can be applied to any state to bring their students to 21st Century Skills while also protecting the economy of the state, data of citizens, and security of all residents.
4:30 PM - 5:00 PMJoin us in the EXPO to network with fellow attendees and connect with our Solutions Strategy Partners.
8:45 AM - 9:15 AMLearn about WiCyS and how to get involved
9:00 AM - 9:20 AMClark Whiting, CISSP is a highly experienced and renowned information security architect with deep experience over several years across many industries. Besides his important cybersecurity work for Best Buy, Clark is also a board-certified meditation and mindfulness instructor. To mix it up this year, Clark will host a meditation and mindfulness session designed to teach beginners (and experts) about meditation and mindfulness best practices. We will even meditate as a group through Clark’s expert guidance. Namaste!
9:30 AM - 10:20 AMModerator:
Panelists:
Mentorships are the circle of life throughout a cybersecurity or business career, and it is even more critical in providing support and unlocking career opportunities to advancing our profession to be the best it can be. Join this panel of impressive information security and business executive as they share stories and strategies to how mentorship helped boost their growth both as mentors and mentees.
9:30 AM - 10:20 AMModerator:
Panelists:
Stefanie Horvath
Faisal KaleemThe session will showcase leaders in cyber security to discuss the career opportunities, salary ranges, and broad range of industries in which you can be employed, how a non-traditional tech background can be valuable and the growth opportunity for women in this traditionally male dominated field.
9:30 AM - 10:20 AMToday’s threat landscape is constantly evolving, and securing your remote workforce is critical to success. Understanding people risk and protecting your most important asset—your people— with a people-centric approach to security, should be the fundamental focus of your cybersecurity program.
10:30 AM - 11:20 AMWe are all trained in our jobs and personal lives to be weary of suspicious emails and never click links or open attachments in them. But what happens when you do? We will look at phishing emails we have received and actually click links and/or open attachments to see what they try to do to our systems and accounts. Afterwards we’ll try and answer any security questions around phishing campaigns and or phishing in general.
10:30 AM - 11:20 AMBuilding & Leading Diverse teams is an artform. Success means making a clear and visible commitment through recruiting, leading, and guiding team members through change and evolution while positioning your organization to pivot quickly to changing demographics, team member needs and market trends. Learn strategies and practices from this panel of proven architects of diverse teams
10:30 am - 11:20 am Cloud Email and Collaboration tool has quickly become the go-to applications for remote work, accelerating dramatically in usage over the last year. Millions of users turned to Cloud Email and Collaboration Tools to help keep businesses going since the start of the pandemic —and hackers have noticed. As these tools are still relatively new, much is unknown about how it operates and how hackers will approach it. While the increased usage has been well-documented, what’s not been documented is whether the app is vulnerable to hacking. We will talk about discoveries that have already been made, potential risks that we see in the future, and how to best secure this relatively new communication vector. This session will walk attendees through:
The many inherent vulnerabilities in the platforms
The popular attack types
How hackers act differently within Teams than they do on email
11:30 AM - 12:30 PMAs a technology executive, Louise McEvoy likes taking risks outside of work - mountainbiking on weekends and climbing the world’s highest mountains on vacations. Louise’s personal life goal was to climb Everest and she realized that goal when she summited on May 16, 2018. Louise is dedicated to helping others reach their “summit” and has spoken to many groups and organizations on that topic, knowing that sometimes the hardest things in life are also the most fulfilling.
11:30 AM - 12:30 PM 12:30 PM - 1:20 PMArtificial intelligence (AI) has become a security industry buzzword so broadly applied as to become almost meaningless. When every product boasts AI capabilities, security decision makers may quickly become cynical, even in the face of the most exciting innovation shaping cybersecurity today. What is the benefit of a cybersecurity solution powered by Artificial Intelligence and Machine Learning? Why does the number of generations of AI matter? How smart is the AI machine? How does AI provide a predictive advantage to prevent breaches for my organization? How can a ‘Prevention First’ cybersecurity approach help my business?
12:30 PM - 1:20 PMOver the past few years, Ransomware attacks have evolved from an economic nuisance to a full-blown threat to public health, safety, and even national security. Ransomware has taken over as the malware of choice for financially motivated attacks. Ransomware groups have become professional enterprises with very profitable businesses and brands built around encrypting and holding your data hostage. While ransomware attacks are not new, many organizations are not properly prepared to handle a ransomware attack. This talk will dig into the history of ransomware, the groups and methods being used to target you, and a discussion on how to better prepare your organization to stop ransomware attacks.
12:30 PM - 1:20 PMJoin us to hear Target's journey to adopt FIDO as a primary authentication capability across the Enterprise. We will share stories of some of the challenges and obstacles we had to overcome along the way. Our goal was not to drive users to our help desk so clarity of messages was key requirement in our program so we will talk about the importance of clear communication. We will share some of the key metrics that we identified along the way and how they helped to influence our program execution.
1:30 PM - 2:20 PM 1:30 PM - 2:20 PMIn today’s uncertain world, organizations must find ways to ensure their customers can engage with their services at any time, from any device, in a secure and safe manner. That is where customer identity and access management comes in or “CIAM”. A CIAM solution must not only meet today’s security and compliance standards, but also create frictionless customer experiences to meet customers where they are and in the ways they need. Join our sessions as we discuss CIAM in more detail, how priorities have shifted this year and what CIAM maturity looks like.
1:30 PM - 2:20 PMRisk programs, and especially third-party risk programs, are made up of a lot of components. Based on our experience, we will talk about both the challenges and solutions we see working in the marketplace today, and give attendees some helpful ideas to help improve their risk programs in practice.
2:30 PM - 3:20 PMThis talk will initially define the different dimensions of hacktivism and provide an overview of its history up to the present day. It will then discuss the organizational and tactical aspects of hacktivist groups and will highlight some lessons we can learn from past examples regarding dealing with hacktivism in the future.
2:30 PM - 3:20 PMEveryone wants to improve application security in their organization, but what if you don't have a million dollars to spend? How do small/medium organizations make any progress with application security? What if you could experience a catalog of application security open-source projects and receive advice on knitting them together into a program? Explore the various application security open-source projects that exist in the OWASP universe. Learn how to choose suitable projects to match your organizational needs. Training/ awareness, process/measurement, and tools are the categories available. Each project includes purpose, a plan for use, a risk rating, human resources for success, and impact. Explore how to engage your organization with a plan, experience enormous advances, and change application security forever.
2:30 PM - 3:20 PMDespite the fact that every major cybersecurity framework lists asset management as the most foundational element, security teams still struggle with the downstream impact of incomplete, inaccurate, and outdated asset data. Without an accurate understanding of everything in an environment, all other initiatives suffer.
But there's good news. It doesn't have to be this way.
Join this session to learn:
• How security frameworks like the CIS 20 and industry-specific mandates like NIST and HIPAA approach asset management requirements
• How previous approaches to solving asset management fall short
• How cybersecurity initiatives like incident response, vulnerability management, and CMDB reconciliation are impacted
• A new approach that leverages existing data to solve the asset management challenge for cybersecurity"
3:30 PM - 5:00 PMJoin us in the EXPO to network with fellow attendees and connect with our Solutions Strategy Partners.
9:30 AM -9:40 AM 9:40 AM - 10:10AMThis session will be a high-level summary of current security threats to medical devices and healthcare, and the efforts in place to address the risks. The end result will be a general understanding of the situation, terminology and players.
10:10 AM - 10:40AMThe healthcare industry is continuously on the bleeding edge of innovation, deploying connected medical devices that significantly improve the quality and delivery of care. With nearly 15 connected devices per bed, the need for visibility and security of these devices is more critical than ever. But, while healthcare technology management (HTM), cybersecurity, and information technology teams share a common objective, there are still barriers to building a successful medical device security program. Join Ben Stock, Director of Healthcare Product Development at Ordr, to discuss ways to build a successful medical device security program and getting HTM, IT, and cybersecurity to work together.
10:40 AM - 11:10AMJoin this session to learn more about the emerging area of cybersecurity asset management, why all major security frameworks consider asset management to be foundational, and how healthcare organizations can use data from the tools already in place to solve asset management for cybersecurity.
11:10 AM - 11:40AMMayo Clinic will share its journey to develop and implement a proactive, ongoing asset “certification/validation” process spanning the life-cycle of an asset. The talk will focus on one foundational asset, Windows servers, and key deliverables: secure baseline requirements, certification program, asset drift, and risk measurement. The program measures cybersecurity risk empirically at the asset level, which is consolidated to a fleet view.
11:40 AM - 12:45AM 12:45 PM - 1:15 PMRansomware has been frighteningly pervasive in the news over the past months. Through the lens of medical device security, we’ll scope out what ransomware is, box in legitimate fears, and drive out uncertainty and doubt.
1:15 PM - 1:45PMRansomware is but one type of “incident.” Now, incidents are defined in various ways and contractual provisions can (and typically do) add a layer of complexity and urgency to getting it done right. To that end, it is necessary to begin by referencing the incident response plan and assembling the response team, which includes the company’s legal counsel. This presentation will highlight the critical legal aspects relative to an incident response and is aimed to assist in how to properly leverage legal counsel’s assistance.
1:45 PM - 2:15PMLearn practical examples of how to leverage information security data to enable improvements to clinical risk and patient safety. Extending beyond the medical device security, we will showcase insights that require a holistic approach to what security in the next 2 to 3 years will look like related to healthcare device ecosystems.
2:15 PM - 2:30PMConverse and connect with our Solution Strategy Providers.
2:30 PM - 3:00PMHealthcare and medical device companies are some of the most targeted organizations in the world. Humans, when appropriately involved in your phishing defense, can be very effective sensors against these attacks. Through empowering people, we can create a resilience not achieved by technology alone. The power of this collective is achieved through a comprehensive, positive, human-focused program looking at the issues from end to end. Join us to discuss how you can build a better employee: one who can better identify, report, mitigate and remediate zero-day attacks.
3:00 PM - 3:30PMTo be able to successfully utilize public cloud platforms with healthcare applications one has to address a number of foundations items in which we transforms the way we look at risk. Security, Risk and Compliance now spans a variety of stakeholders between the Cloud Service provider, Technology teams and the Healthcare Provider. Understanding the basic platform consumption models, your responsibilities and expectations are critical for safe and secure use of public cloud. In this session, we cover the basic tenets of using public cloud hosted healthcare solutions differentiating between IaaS, PaaS, SaaS consumption patterns and what you should be aware of.
3:30PM - 4:30PMThe global demand for Cybersecurity professionals is high, and the need for experts in cyber for medical devices is at the top of that list. This panel will discuss options and opportunities for employees from a wide variety of backgrounds to transition or prepare for a career in med device cybersecurity. The conversation will include perspectives from those who have made the transition as well as hiring managers.
Daniel Mooradian 1:00PM - 1:30PMThe Nation’s critical infrastructure consists of industrial control systems delivering today’s essential electricity, oil, gas, agriculture, and transportation. Sophisticated threats against an expanded attack surface require government and executive teams to address risk management strategies, realign operations safety and engineering accountability, and deliver comprehensive business and cyber resiliency solutions from top to bottom.
1:25PM - 2:00PMThe merger of the physical and virtual worlds is underway. A confluence of technologies has made this possible under the rubric known as the Internet of Things (IoT). This merger brings sensors and devices in the billions to cyberspace, already dwarfing the Internet of People. A vast increase in hackable devices will create profound vulnerabilities in the physical world, creating new opportunities for cybercrime and a pressing need for standards and action.
2:00PM - 2:30PMWhat worked well, what didn’t work; and lessons learned.
2:30PM - 2:45PMConverse and connect with our Solution Strategy Providers.
2:45PM - 3:15PMControl system cyber security is composed of networks (IT and OT) and field devices (engineering). Cyber security is network-focused with technologies, training, and cyber logging available under the purview of the CISO. Control system devices have no cyber security, authentication, cyber logging, training for control system engineers, and engineering management is not involved. There have been almost 12 million actual control system cyber incidents that have killed more than 1,500 with more than $90Billion in direct damage. How can we reconcile the technical and cultural gaps between networking and engineering?
3:15PM - 3:45PMIn an era of increasing vulnerability depth in IOT ecosystems, risk stakeholders and technical teams are challenged with developing systems and capabilities to identify and manage IoT device security. This discussion will focus on ways to incorporate training, standards, and tools from a business-centric perspective. Attendees will walk away actionable guidance they can implement in their business within 30-60d.
3:45PM - 4:15PMIn order to avoid what is commonly known as pilot purgatory, companies must use an architecture that supports Industry 4.0 concepts. This presentation will cover four sections. The first will define the objectives of a digital transformation strategy. The second will provide an overview of business and manufacturing data and how it is organized. The third will introduce the concept of a unified namespace and how business and manufacturing systems will interact with it. The final section will present the steps to a successful digital transformation.
4:15PM - 4:45PMThe role of cyber resilience is to avoid production disruption due to a cyber event and clearly, we are failing. Through this talk we will explore a few cases where negative bias has improperly influenced risk calculations and led to disruptions and leave you with techniques to create a whole enterprise risk strategy.
1:00 PM - 1:10 PMThe deeply interconnected nature of today’s world means that cyber security can have a direct impact on a small businesses bottom line. Developing a good cyber security culture in your business can help protect profits and enable your organization to thrive in today’s modern business environment. The sessions today will detail tactics, tools and approaches you can adopt to ensure your success.
1:10 PM - 1:25 PMSmall business owners have embraced digital tools to manage and grow their businesses, but those tools potentially open them to increasingly sophisticated cyber-attacks. We’ll introduce SBA resource partners and free resources that can be used to start on a path to protecting your organization.
1:25 PM - 2:15 PMModerator:
Panelists:
Small businesses are an attractive target for cybercriminals. Having a financial partner that can help you to identify, understand, and manage these cyber risks is critical. Hear from a Bremer Bank panel with backgrounds in cyber security, operations, fraud, and insurance as they share practical information and resources with real customer stories. This session will help to increase your knowledge of cyber security threats and what small businesses should be concerned about when it comes to banking and cyber security.
2:15 PM - 2:45 PMMany small businesses further down the supply chain are getting caught off guard. They are getting notification of requirements and have no idea of why or how to begin implementing them. This talk will identify how that pipeline works. DOD has released new cybersecurity requirements that are being flowed down through purchase orders to the entire Defense Industrial Base. Thinking this may not apply to your small company? Well, GSA, NASA and DHS have all announced plans to create a similar program. Today’s cybersecurity threats make this mandatory.
2:45 PM - 3:00 PMConverse and connect with our Solution Strategy Providers.
3:00 -3:30 PMWhat is CISA, threat landscape, what can you do to help fix it – risk management, resources available before the attach happens. Managed service provider resources recently released. Patch, IOT
3:30 -4:30 PM
Earl GregorichSmall businesses know the cybersecurity challenges, threats and weaknesses they face in the digital economy. What they need is a way to navigate these issues without burning through their time and money. The SBDC Cybersecurity Task Force has put together simple, non-technical tools and guidance to help entrepreneurs understand the basics of cybersecurity awareness, how to get started and how to do it all at a reasonable cost. This session will explain how you can use the no-fee services of the SBDC network to plan and launch a realistic approach to good cyber-hygiene. The session will also provide tools you can use today to help protect the value in your small business.
4:30 -5:00 PMModerator:
Panelists:
Earl Gregorich This session will address your questions such as
• What are some easy cyber hygiene practices I can quickly put in place?
• What is the first step to take if I get a message that my system has been compromised?
• What are the signs that something may be going wrong?
• Your IT Department is not always your best line of defense
• If I have critical information that needs to be defended and how do I defend that?
7:30 AM - 8:00 AMRohit Tandon 
Nancy Skuta Deputy CISO for the State of Minnesota presents timely advice and career-shaping insights for future cyber security professionals.
8:00 AM - 8:20 AMAn eleven-year journey brings us to today. Eleven years ago, the University of MN, Technological Leadership Institute had the foresight to raise concerns that cyber security was to become a household concern, and the Summit was born.
8:00 AM - 8:35 AM
Wade Van Guilder Connections are powerful. Most of us realized the value of our interpersonal connections in 2020 as the pandemic changed the way we interact with colleagues, friends and family. The proliferation of mobile devices and sensors in everyday items has created the most powerful network of interconnected devices imaginable. But with great power comes great responsibility. Protecting the estimated 21.5 billion devices in use today requires security professionals to adapt and learn faster than ever before.
8:35 AM - 9:00 AMJen Easterly serves as the Director of the Cybersecurity and Infrastructure Security Agency (CISA), where she’s leading the national effort to understand, manage and mitigate risk to our physical and cyber infrastructure. Under Director Easterly’s leadership, CISA is working to change the thinking on cybersecurity through imagination and to increase our national cyber preparedness through collaboration with the public and private sectors. She’ll provide insight into the benefits of a truly unified effort to secure the nation from cyber threats and how we can act now, together, to realize the greatest impact. Key themes will include how promoting better collaboration and strengthening cooperation between public and private sectors are the most critical pieces to solving the cybersecurity puzzle.
9:00 AM - 9:30 AMNow a cybersecurity leader at EY, Brian Levine served for the last 20 years as a cybercrime prosecutor with the U.S. Department of Justice, National Coordinator for all 300 federal cybercrime prosecutors, an Assistant Attorney General with the New York Attorney General’s Office, and a civil litigator. Brian will address how those of us in security can stay out of legal and regulatory trouble, including discussing such topics as breach communications, incident reports, informed consent, ransom payments, hack back, bug bounty programs, and more.
9:30 AM - 10:15 AMModerator:
Dan HansonRansomware, to pay or not to pay? Hear from experts from the FBI, Incident Response, Insurance Industry and Healthcare during this dialogue on issues surrounding response to a ransomware attack.
10:15 AM - 10:45 AMConverse and connect with our Solution Strategy Providers.
10:45 AM - 11:15 AMPanelists:
In this fireside chat, a top cyber insurance broker will answer 5 hard-hitting questions about coverage and underwriting trends, and best practices for companies to better navigate the buying and claims process.
11:15 AM - 11:45 AMBrigadier General Stefanie Horvath We must improve our system performance to defend American interests in the cyber domain. Come hear Cyber Command’s BG Horvath combine military strategic examples and cybersecurity analysis to visualize a stronger defensive cyber strategy with a focus on how to lead with collaboration while solving hard security problems our nation faces.
11:45 AM - 1:00 PMConverse and connect with our Solution Strategy Providers.
1:00 PM - 2:00 PMModerator
Panelists
Andrew Borene 
Rebecca Morgan Whether as a malicious act or inadvertent actions by careless employees, the greatest threat to an organization's information system is often on the inside. Subject matter experts from the National Counterintelligence and Security Center (NCSC) and the Department of Justice will examine the role of insider threat mitigation in cybersecurity. Join our panelists for a discussion on the threats and vulnerabilities of insiders operating in the cyber realm and the role of insider risk programs in deterring, detecting, and mitigating risk while protecting the privacy and civil liberties of the workforce. Discussion will cover the current risk environment, including heightened vulnerabilities created by the Global Pandemic; potential threats posed by trusted insiders and the adversaries and competitors who seek to co-opt or exploit them; best practices and resources to mitigate risk; and a live Q&A with audience.
2:00 PM - 2:30 PMShift Left. A phrase that is easy to say, but a strategy that many organizations struggle to effectively implement. This talk, presented by industry expert Larry Maccherone, will discuss the top 5 reasons that "shift left" is hard and the best ways to overcome the challenges.
2:30 PM - 3:00 PMConverse and connect with our Solution Strategy Providers.
3:00 PM - 3:30 PMOpen Source Software (OSS) is being distributed and consumed today on a massive scale through software supply chains. While OSS delivers tremendous benefit in terms of accelerated development and innovation, it is an increasing common target of cyber adversaries. Join Derek for a discussion of how OSS is developed, distributed, maintained, and attacked. Derek will reveal insights on how open source projects with 1.5x more frequent releases and 530x faster open source dependencies upgrades harness this speed to dramatically improve security within their code. He will also share insights on how high performance enterprise software development teams simultaneously boost productivity and security - achieving 15x faster deployments and 26x faster remediation of application security vulnerabilities. Derek then will show how you can apply these exemplary practices to stay a step (or more) ahead of your adversaries using by sharing a set of best practices and attack countermeasures.
3:30 PM - 4:00 PM2020 was a year of learning, with surges in ransomware, nation states infecting supply chains from Solar Winds to Microsoft, and radical new work models that might presage a “new normal.” The biggest problem in security, though, continues to be a lack of alignment between security functions and their core businesses or organizational missions. In this session, we’ll examine how to automate the automatable, what to do to secure the apparently insecurable, and how to future-proof security programs. Preparing in peacetime for the crisis is important, and getting the hygiene right matters, but that’s where the game starts. The advanced game tunes the SOC for efficiency and scale and focuses on application of Human, carbon-based intelligence as ruthlessly as possible to make life miserable for attackers. We’ll make some predictions for the future, but the choice for attendees is critical: will they choose to build future-proof programs or remain with the strategies of the last cyber generation?
4:00 PM - 4:40 PM"The User Problem" is the most costly problem to most security programs. The perceived solution is to create "The Human Firewall" through improved awareness. While awareness is important, it is a tactic and not a comprehensive strategy to address the problem, Using strategies from accounting, counterterrorism, safety sciences, etc., which have all been addressing human issues, Ira provides a comprehensive and workable strategy to apply to cybersecurity to significantly reduce losses from user actions.
4:40 PM - 5:10 PMMany federal, state, local, and tribal law enforcement agencies are facing challenges due to the phenomenon sometimes referred to as “warrant-proof” encryption. Commercial service providers, device manufacturers, and application developers are increasingly deploying and aggressively marketing products and services with a form of strong encryption that can only be decrypted or accessed by the end users or device owners. Because of warrant-proof encryption, the government often cannot obtain the electronic evidence necessary to investigate and prosecute threats to public and national safety, even with a warrant or court order. End-to-end encryption and other forms of warrant-proof encryption create, in effect, lawless spaces that criminals, terrorists, and other bad actors can exploit.
5:10 PM - 5:30 PMJoin us in the EXPO to network with fellow attendees and connect with our Solutions Strategy Partners.
8:00 AM - 8:30 AMStart the day inspired by the accomplishments of the 2021 honorees. The Morries™ Visionary Leadership Awards recognize innovative practitioners from across the cybersecurity ecosystem working to develop and foster strategies that protect critical systems and data. Join us as we honor the exemplary leadership of our colleagues in the field, including security awareness leaders, audit leaders, academic leaders, governance champions and more.
8:30 AM - 9:15 AM
Shayla Treadwell With the evolution of technology, cyber threats continue to impact people and organizations daily even with enhanced technical controls in place. Because of this, there is a heightened importance on the direction that information security executives provide organizations to ensure timely and proactive remediation. However, research indicates that the leadership methodologies deployed by security leaders are not always the same as other leadership roles within organizations. This presentation explores the methodologies behind the roles and decisions of these executives and how they impact the strategic futures of information security.
9:15 AM - 10:00 AMInformation Sharing & Analysis Centers (ISACs) have been an integral part of the nation’s cyber defenses since the late 1990’s. ISACs operate within many of the nation’s critical infrastructures, bringing together practitioners and operators to share information, intelligence, collection and analysis on cyber and physical threats, as well as develop best practices for mitigation. ISACs are designed to be active, ongoing communities of trust that cut through the noise and complexity of cyber issues and help their members focus on things that really matter to their sector and organizations. “Sharing and Analysis” can be misleading – however ISACs can be powerful resources leading to better engagement and collaborative environments - delivering higher confidence public sector services. The public sector touches all aspects of critical infrastructures, and in this session we’ll look at the wide range of activities, partnerships, and business models seen across the ISAC community. Representatives from the Multi-State ISAC (MS-ISAC), and Retail & Hospitality ISAC (RH-ISAC) will provide detailed insight and explore examples of actionable information sharing, products and services that are available, and success stories of cybersecurity improvements. ISACs require active engagement to maximize value, so we’ll also focus on how to make the best use of being a member of an ISAC.
10:00 AM - 10:20 AMConverse and connect with our Solution Strategy Providers.
10:20 AM - 10:50 AMWe’ve demonstrated that we can be incredibly productive in multiple constructs - together - and apart; so, how do we make sure that we get the most of both? We have an opportunity to reimagine how we use the space we work in and optimize our workforce and that's an exciting place to be. In this presentation, we will discuss how to prepare your company for as offices reopen to be successful in this new work from anywhere model.
10:50 AM – 11:45 AMModerator:
Panelists:
Once considered an esoteric domain of cybersecurity, Software Supply Chain security is now a Board Room conversation. Action must be taken to protect and safeguard us. The conversation will cover the current policy landscape, which includes actions from all branches of government, as well as how thinking on risk has evolved over the past several years. Our panel will touch on the notion of shared risk and how to think through responsibilities for government, the private sector, software vendors and the consumer.
11:45 AM – 1:00 PMConverse and connect with our Solution Strategy Providers.
1:00 PM - 1:30 PMSolarWinds defined the attack of the cyber supply chain. One of the most extensive, stealthy attacks ever discovered, organizations were attacked through trojanized updates to legitimate monitoring and management software. SolarWinds provides a discussion opportunity of the infinite horizon, the importance of attribution, and improvements to information sharing.
1:30 PM - 2:00 PMHave you ever wondered about Artificial Intelligence (AI) in Cybersecurity? Maybe you are curious to know how it is currently being applied or how it might be applied in the future? Better yet, how AI relates to the current threat landscape and even your environment. If so, join us! Where we will break it down using real-world examples. This is a zero to hero session so you don’t need a PhD in math or data science to enjoy the topic and learn something new.
2:00 PM - 2:30 PMCybercriminals, like criminals in many other domains, show unique capabilities to adapt to controls emplaced to thwart their criminal efforts. Most recently, the world has seen an adaptation from the ‘lone wolf’ attacker to more structured, specialized groups focused on specific areas of cybercrime. Consider Ransomware today. There are groups that specialize in targeting and compromising an organization and other groups who specialize in receiving, and laundering the money. These tactics are not new and reflect threat adaptation and security cycle theory. Learn about some of the more advanced attacks and concepts that underpin the commercialization of cybercrime. Examples will be used from BEC, and Ransomware, among others.
2:30 PM - 3:00 PMConverse and connect with our Solution Strategy Providers.
3:00 PM - 3:30 PMHear from 3M’s CISO Tris Lingen as she reviews how the past year has changed how we work. It taught us that we can and need to reimagine how our organizations operate. We learned that a more flexible way of working is essential for continued growth. Our workforce security considerations and cybersecurity capabilities are aligned to support working differently.
3:30 PM - 4:00 PMTim is a seasoned security leader with over 20 years of experience building and running cyber security programs, large and complex incident response and breach investigations, and threat and vulnerability assessments. He has deep experience in cyber-threat intelligence, reverse engineering, computer forensics, intrusion detection, breach prevention, and applying six sigma/lean process to security. He is author/co-author of 17 books to date as well as regular training and speaking engagements at information security conferences. Currently Tim is Chief Security Officer for Mandiant. There he and his team defend Mandiant from some of the most sophisticated adversaries in the world.
4:00 PM - 4:30 PMJason Steer is a Principal Security Strategist at Recorded Future, where he’s responsible for employee education & awareness, monitoring our key technology partners and a member of the CSIRT. He has previously held positions at a number of successful security companies over the past 15 years, including IronPort, Veracode, and FireEye. Jason’s expert commentary has been featured in BBC, CNN, and Al Jazeera, and he has worked with both the EU and UK Governments on cyber security strategy. Jason holds a Degree in Management Information Systems.
4:30 PM - 4:45 PMWade Van Guilder Review Summit Highlights and takeaways and Call to Action to solidify action items to take back to your organization.
