event-agenda


Public Sector Workshop

October 24, 2022 08:00

Welcome Kickoff

October 24, 2022 08:15

Speaker 1

Coming Soon!

October 24, 2022 08:50

Speaker 2

Coming Soon!

October 24, 2022 09:15

Speaker 3

Coming Soon!

October 24, 2022 10:00

Speaker 4

Coming Soon!

October 24, 2022 10:30

Speaker 5

Coming Soon!

October 24, 2022 11:00

Speaker 6

Coming Soon!

October 24, 2022 11:30

Speaker 7

Coming Soon!

October 24, 2022 12:30

Speaker 8

Coming Soon!

October 24, 2022 13:00

Speaker 9

Coming Soon!

October 24, 2022 13:30

Speaker 10

Coming Soon!

October 24, 2022 14:00

Speaker 11

Coming Soon!

October 24, 2022 14:30

Speaker 12

Coming Soon!

October 24, 2022 15:00

Speaker 13

Coming Soon!

October 24, 2022 15:30

Speaker 14

Coming Soon!

Technical Sessions

October 24, 2022 09:30

Enhancing SecOp Practices with MITRE

MITRE Engenuity ATT&CK Evaluations emulations are constructed to mimic an adversary’s known TTPs and are conducted in a controlled lab environment to determine each participating vendor’s product efficacy. After this informative session, you will understand how to continuously tune your security strategy and leverage the connection between TTPs, adversary emulation plans, and real-world adversary groups.

 

October 24, 2022 09:30

Tech Track 2

Coming Soon!

October 24, 2022 09:30

Tech Track 3

Coming Soon!

October 24, 2022 10:30

The Role of Modern Asset Management in Cybersecurity

Lenny Zeltser
CISO, Axonius

The line between IT and Security is blurring. What was once a simple delineation between keeping information safe and providing the tools necessary to get work done is no longer clear. A foundational understanding of what devices, user accounts, and cloud services exist in organizations have jumped to the top of CISO's lists.

In this new enterprise, what role does asset management (once a pure IT play) play in cybersecurity? How can both the IT and Security teams benefit from a modern, cybersecurity-focused approach to asset management?

Join this session with Lenny Zeltser, CISO of Axonius to learn:
• How you can draw upon existing data sources to gather visibility into the state of your IT assets across data silos
• Which metrics you can gather based on your asset inventory to support IT and security initiatives
• Ways in which stakeholders throughout your organization can benefit from a modern approach to asset management

 

October 24, 2022 10:30

Tech Track 2

Coming Soon!

October 24, 2022 10:30

Tech Track 3

Coming Soon!

October 24, 2022 12:30

Stay SaaSy my friends; Zero Trust in a Modern World

Brandon Potter
Chief Technology Officer, ProCircular

Zero Trust isn't a new concept. It's a universally recognized practice that has evolved over time to address challenges of the remote workforce and adoption of the "cloud" and modernized technology stacks.

Still, the gap in most implementations is that organizations rely heavily on Multi-Factor Authentication (MFA) to authenticate users and devices, inherently trusting all further activity. Today's threat actors combine older tactics and newer techniques to bypass these perimeter-focused zero trust implementations, wreak havoc as a trusted entity, and exfiltrate data undetected.

Join Brandon Potter, ProCircular's CTO, as he takes you on a journey through the past and present and finally into a future that embraces a "never trust, always verify" mentality for business-critical data and systems.
Analyze two real-world examples of common bypasses used in the wild, and fortify your zero-trust approach to meet the challenges of modernized, cloud-focused, and SaaS-based technology stacks.

 

October 24, 2022 12:30

Tech Track 2

Coming Soon!

October 24, 2022 12:30

Tech Track 3

Coming Soon!

October 24, 2022 13:30

ITDR (Identity Threat Detection and Response): Making Sense of the Buzz

Brian Freedman
Global Solutions Engineering Manager, QOMPLEX

This session provides an overview of the current security problems in the identity landscape and how industry analysts refer to the new ITDR category. Explore how existing security tools such as PAM, MFA, IDP, etc. fit in the mix. Learn what you can do today and what to look for as a security practitioner to improve your organization's security posture as the threat of identity related attacks continues to rapidly expand year over year.

October 24, 2022 13:30

Tech Track 2

Coming Soon!

October 24, 2022 13:30

Breaking into Cyber: A Tale of Two Careers

Jessa Gegax
Information Security Testing Analyst, Surescripts

Will McCloskey
Threat Management Manager, Surescripts

Success in the cybersecurity realm is a journey, not a destination. The decisions security professionals make often tells a unique story that carves their career outcomes. Please join Jessa and Will as they talk about how they navigated the first years of their infosec path from distinguishing perspectives. Discover how frequently the choices we make can lead to unexpected opportunities that greatly influence one’s professional life.

October 24, 2022 14:30

Not Your Average Bug Bounty: How an Email, a Shirt, and a Sticker Compromised a High Security Datacenter

Dalin McClellan
Senior Security Consultant, NetSPI

Earlier this year, the NetSPI social engineering team was tasked with attempting to gain physical access to a high security datacenter. With some small props to help them pose as a Pest Control company and significant background research, the team was successful.

But this assessment wasn't just about gaining unauthorized access. Hear Dalin McClellan share the story and the they lessons learned, including:

- The most sophisticated controls can quickly become irrelevant when they meet the real-world complexities of human interactions
- Humans are not the greatest vulnerability. Its vital to evaluate your security at the systemic level
- And more

 

October 24, 2022 14:30

Tech Track 2

Coming Soon!

October 24, 2022 14:30

Building Your Personal Brand: Navigating A Career in Cybersecurity With Three Unique Approaches

Zinet Kemal
Associate Cloud Security Engineer, Best Buy

Lee Ann Villella
Security Consultant, Proofpoint

Wendy Meadley
CEO, Next Phase Studio

With social media, podcast, blogs and other content creation, people who are looking to advance their career, find a job, network, or become a thought leader and present at conferences should be thinking about, and refining your personal brand.

How do you break into cybersecurity if you don't have a background? Many successful security practitioners and leaders come from different backgrounds and made a pivot into cyber.

This presentation will include three unique approaches on how to successfully network, build your brand, and how to stand out from the crowd.

Join this session to learn: 

  • Tools and tips on building your personal brand for a career in cybersecurity 
  • How to successfully network and find your next job in cyber
  • Becoming a cybersecurity thought leader with your personal and business brand
  • Advanced tips for building your LinkedIn profile with SEO, hashtags, with digital best practices
  • Resource recommendations and how to use the Cyber Security Summit for building your network and career options

Healthcare & Med Device Seminar

October 24, 2022 09:30

Health Care & Medical Device Opening Remarks

Mary Diner
Information Security Director, Optum

Judd Larson
Medical Device Security, Medtronic

We built this agenda with the help of global healthcare cybersecurity experts and hope that you’re looking forward to it as much as we are! We focused on the needs of Medical Device and Healthcare Infosec leaders and other professionals. The people who solve unique and challenging problems in healthcare cybersecurity space that other cybersecurity experts have nightmares over. We’re keeping our Eyes Wide Open more than most ;-)

This one day special track includes presentations from infosec managers, regulators, medical device companies, and leading edge suppliers that address these unique challenges. Even the most seasoned professional will find a new angle or ….something…. to take back to their organizations and put into practice.

Minnesota - Home to the Medical Alley Association, strong support from the University of Minnesota (Technological Leadship Institute, Archimedes, and Medical School), large medical device companies, world leading healthcare delivery organizations, strong innovation pipeline and history of world-changing healthcare technology.

October 24, 2022 09:40

Frictionless & Secure Patient Care

Brian Kenyon
Chief Strategy Officer, Island.io

Healthcare and Care organizations spend significant time and capital in provisioning third-party care specialists access to web applications and critical systems. The process of sending physical hardware devices or asking care specialists to access via Virtual Desktop or Desktop as a Service offerings are costly, time-consuming and result in an unsatisfactory user experience. In this session learn how an Enterprise Browser can simplify access and security with your patient health information. In this talk we will discuss:
• Seamless onboard of care professionals
• Full control and visibility of all actions when accessing critical patient information
• Native and modern access and usage models

October 24, 2022 10:10

Approach to Segmenting Medical Devices

Stefan Boehme
Medical Device Security Specialist, Children's Healthcare of Atlanta

We’ve all heard the term “segmentation”. We’ve all learned that it is an important piece to our security program, but what does it mean? How do you turn it from a talking point to a list of actionable items? Where do you start? What is the goal? How do you maintain it? Stefan Boehme, Medical Device Security Specialist, will share his story on how he guided the segmentation of wired connected medical devices at Children’s Healthcare of Atlanta.

October 24, 2022 10:40

A Single Source of Truth in Healthcare Asset Management

Derek Loomis
Subject Matter Expert, Axonius

Modern hospitals now have 10 to 15 connected devices per patient bed. This increase in devices, along with strict regulations around cybersecurity and personal health information security, create more challenges for healthcare security teams. Enter: cybersecurity asset management. Cybersecurity asset management can help healthcare organizations easily get a comprehensive, up-to-date inventory of their complex environment — one single source of truth that all teams can work from.
Join this session led by IT security expert Derek Loomis to learn:
• A typical organization's various sources of truth — from HR, to network, to overall IT
• The challenges of maintaining a source of truth
• The value of all teams working from a single source of truth

October 24, 2022 11:10

Ransomware Readiness & Resilience

Adi Sitnica
Security Leader, Optum

Dave Dobrotka
Senior Director, Cyber Defense, United Health Group

Ransomware attacks have spread over the last decade without boundaries, impacting everything from everyday life (Colonial Pipeline) to patient care (Wood Ranch Medical, National Health Service). The FBI's 2021 Internet Crime Report highlighted that the healthcare sector fell victim to ransomware far more than any other critical infrastructure sector, making them an especially acute issue for healthcare organizations due to their potentially catastrophic consequences. Along with a short history lesson and some stories from the trenches, this talk will offer strategic guidance intended to help attendees build resilience against ransomware in a healthcare setting.

October 24, 2022 12:45

Securing and Managing Connected Healthcare From Asset Inventory and Device Utilization to Zero Trust

Ben Stock
Director of Healthcare Product Management, Ordr

In the connected healthcare system, robots perform complex surgery, voice commands to Alexa devices are used as the nurse call button, and HVAC systems monitor air quality in surgery rooms. Telehealth and Telesitters are being used and will continue to be used across health systems to minimize patient movement and enable care.

These transformative hospital of the future initiatives vastly increase the stakes for healthcare cybersecurity. Connected medical devices can range widely, and often run outdated software even though they are a critical part of everyday operations and patient care. Unmanaged and unknown devices on the network create even more vulnerabilities, leaving hospitals open to ransomware and other malicious cyber-attacks.

Every conversation about the future of healthcare must include a strategy for securing medical technology. How can hospital leaders take responsibility now for determining what is connected to their networks and take the steps necessary to secure every IT, IoT and OT device on them?

Attend this session to learn about:

  • Challenges securing connected devices
  • Responsibilities and collaboration between HTM, IT and cybersecurity teams
  • Security and operational use cases including asset inventory, risk identification, and device utilization
  • Practical approaches to zero trust segmentation for security and cost avoidance
October 24, 2022 13:15

Security Resilience Program and Medical Devices

Debra Breummer
Senior Manager, Mayo Clinic

Building upon its medical device security program, Mayo Clinic will share its journey to develop and implement a proactive, ongoing asset “certification/validation” process spanning the life-cycle of an asset. The program measures cybersecurity risk empirically at the asset level, which is consolidated to a fleet view. The talk will focus on key deliverables: secure baseline requirements, certification program, asset drift, and risk measurement. This program enables vulnerable assets to be identified and risks to be assessed and quantified.

October 24, 2022 13:45

Crowdsourced Email Defense

Tonia Dudley
VP, CISO, Cofense

Phishing continues to be the preeminent approach attackers use to exploit an enterprise. Whether it’s ransomware, or credential theft, falling for email and social media attacks continues to cost people and businesses millions of dollars in damages and lost information. Attackers are constantly changing tactics and tradecraft against unwitting humans. Fortunately, there are people equipped to recognize and report these threats to their security teams. Cofense is in the business of preparing humans to be a first-line of defense, and equipping those humans and security professionals with information and tools to recognize and even stay ahead of attackers. Keith Ibarguen will be discussing how Cofense leverages crowdsourced email threat intelligence to proactively position detection and mitigation tools to stop attacks, and how your employees play a critical part in your enterprise defense.

October 24, 2022 14:30

Highlights from the new FDA Premarket Cybersecurity Guidance: Impacts that Medical Device Manufacturers Need to Know

Michelle Jump
Chief Regulatory Strategist, MedSec Security Services

The FDA released a new premarket cybersecurity guidance, Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Draft Guidance for Industry and Food and Drug Administration Staff, on April 8, 2022. This guidance is the follow-up draft from the 2018 draft premarket cybersecurity guidance and significantly expands on several key areas, such as threat modeling, security risk management, SBOM, security architecture documentation, and overall security lifecycle processes. The FDA has paid particular attention to aligning these expectations to existing quality system regulations. As such, some of these expectations are currently being requested as part of submissions. This presentation will review the notable expectations in the guidance and identify those elements that are currently recommended to be included in an FDA submission even though the guidance is still draft.

October 24, 2022 15:00

Essential Contract Provisions

Eran Kahana
Cybersecurity, AI and IP Attorney, Maslon LLP

Properly drafting data security language in a contract is essential for ensuring the data is protected from public exposure and misuse. All too often, however, parties opt for vague security provisions. Sometimes this is a result of the "drafting-by-momentum," a tendency that relies on what's been done before, by the organization, or other drafters. Other times it is just the result of carelessness. This session will highlight proper drafting considerations that can help effectively handle the various challenges organizations face in normal times and a pandemic environment.
October 24, 2022 15:30

Translating G-speak to C-speak

Andrew Bomett
VP, CISO, Boston Scientific

Coming Soon!

Industrial Cyber Security Track

October 24, 2022 08:00

Int'l Soc. of Automation: ISASecure Intro & Overview of ISA/IEC 62443 Solution Sets for Systems (3-1, 3-2, 3-3) and Components (4-1, 4-2)

Andre Ristaino
Managing Director, ISA

ISA is an ANSI accredited standards development organization (SDO) and the publisher of the international ISA/IEC 62443 cybersecurity standards for automation and control systems. These standards are now the de-facto standards for securing critical infrastructure in the USA and globally.

You will learn about the history of the standards and current status. In 2021 the IEC designated ISA/IEC 62443 as a ‘technical horizontal’ standard which will be discussed during Mr. Ristaino’s presentation.

Mr. Ristaino oversees ISA consortiums including three related to cybersecurity: ISCI, LOGIIC, and ISAGCA. Consortium missions and activities will be presented along with other programs ISA oversees related to critical infrastructure cybersecurity including ISA’s world-class training and education.

ISA offers many ways to participate in industry programs for advancing the state of control systems cybersecurity.

We strive to elevate OT cybersecurity from an art, to a science, to an engineering discipline.

October 24, 2022 09:00

Idaho National Labs (INL) Overview of Cybersecurity Research, ICS COP w/focus on Cyber-CHAMP©

Shane Stailey
Organizational Cybersecurity Development & Training Strategist, Idaho National Laboratory

Glenn Merrell
CAP, Owner & Freelance Consultant, Industrial Control System Security

Problem Statement: There is a pervasive talent deficit in the cybersecurity industry that prevents employers from being able to fill their open positions effectively. Additionally, it is often very difficult for employers to understand how to upskill current employees to work in cyber, and/or maintain appropriate levels of cyber cognizance and competency within their organization. Without an understanding of the deficits, particularly those lacking in programs, risk cognizance training, and resources, a company may not efficiently plan and, develop and deploy, effective security programs.

Contribution: The Cyber-Competency Healthy and Maturity Progression (Cyber-CHAMP©) model provides a customized solution for businesses to:
1.) Understand their security gaps
2.) Align the organization to close on current security gaps
3.) Align education/training needs to fulfill security gaps
4.) Continually monitor and improve by having at the ready, cybersecurity workforce development visua
ls, metrics, and measurements

Rationale: The Cyber Security Framework for Improving Critical Infrastructure Security (CSF) v1.1 does not offer a measurement of cybersecurity maturity or clear methods to ascertain an organization’s current risk profile. Cyber-CHAMP© provides several visuals products, metrics, and measurements to help an organization build their current and target risk profiles. The NICE Workforce Framework provides a structure for planning an IT cybersecurity workforce, but OT aspects of IT security are only briefly discussed. The Cyber-CHAMP© framework provides a structure to examine competencies across an organization’s workforce, which includes IT, OT, … roles. Current frameworks do not offer next steps to increase an organization’s cybersecurity. The Cyber-CHAMP framework offers recommendations and roadmaps for improvement, across the organization, to increase the organization’s cybersecurity via improving the cyber cognizance and competency of individuals across the organization.

October 24, 2022 10:00

Cyber Ranges – For Gaining the Valuable Experience Needed now and Henceforward

Craig Cocciola
VP Cyber Range Operations, ABL Cyber Range and Academy

Susan Morris
SVP, Co-Owner, ABL Cyber Academy and Cyber Range

The job roles in both OT and IT Cybersecurity require the highest levels of competency and proficiency in situational awareness, critical thinking, and job role task specific actions.
Education through a cyber range supports multiple cyber strategies. Cases in point:
- INL’s Consequence-driven Cyber-informed Engineering (CCE)
- ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC)
- NIST Framework 800-82 Rev. 3 - Guide to Operational Technology (OT) Security
- NICE recommendation for the use of cyber ranges in cybersecurity education and training

Cyber ranges are different in terms of quality, price, and ability to customize. With new ranges regularly arriving on the market, more than ever, due diligence is required before choosing a range product.
An OT cybersecurity range is one of the most invaluable tools for hands on learning transfer and skills building. The most valuable and compelling cyber range must offer the learner industry specific training, relevant to the job role being performed, and the range design must have:

  • Learning experiences that are constantly changing and being updated to meet the AI and threat actors’ advanced persistent attack strategies and tools
  • Influence and persuasiveness, ensuring the learner chooses to invest the effort in acquiring new skills
  • Transcendence of graphical based design to digital twin technology to imitate reality
  • The capability to map job role skills’ development using the NICE Framework Mapping Tool
  • The ability to meet the needs of the 16 Critical Infrastructure Sectors
  • Dynamic learning for ongoing, rapid upskilling and verifiable transfer of skills to the job
  • Ease of measuring and reporting learners’ actions to verify competency acquisition against industry standards
  • Skills and tools to scan systems and devices for vulnerabilities, more efficient recognition, mitigation and obstruction of attacks
  • Nexus of multi-level learning for:
    • New hires and all incumbent levels
    • OT workforce pipeline to gain job role experience during critical OT/IT education at colleges, universities, and inside organizations
    • Filling organizational job role skills gaps identified from, for example, Cyber-CHAMP©

Close: ABL Range Demo

October 24, 2022 11:00

Dunwoody Presentation: New OT Cybersecurity & Cloud Computing Initiatives

Julie McFadden
Director of Computer Technology Problems, Dunwoody College of Technology

E.J. Daigle
Dean of Robotics & Manufacturing, Dunwoody College of Technology

Cybersecurity, compliance, and risk have become the world’s most pressing issues. Lack of shared norms, rampant cybercrime, uneven knowledge and competency, and the threat landscape of connected devices create pressing challenges for the future. Drawing on Dunwoody College of Technology's national acclaim, expertise, and programs in both Information Technology (IT) and Operational Technology (OT), the New Cybersecurity Initiatives steps into this landscape, highlighting the recent teaming of Dunwoody's computer and industrial automation programs to bridge the gap between IT and OT cybersecurity. This session will include a demonstration of Dunwoody's newest educational asset, the Process Controls & Instrumentation Lab, that provides students and educators the opportunity to play out real-world scenarios, preparing the next generation of cybersecurity graduates and practitioners for immediate impact across industries and critical infrastructure.

October 24, 2022 13:00

International Society of Automation (ISA) Deeper Dive: Working Group 10 Details and new Technical Report Rollout

Glenn Merrell
CAP, Owner & Freelance Consultant, Industrial Control System Security

Shane Stailey
Organizational Cybersecurity Development & Training Strategist, Idaho National Laboratory

Problem Statement: Non-control system professionals may feel application of the ANSI/ISA/IEC 62443 program and lifecycles are somewhat burdensome and/or confusing, certainly those with a discipline in Information Technology.

Dissertation: Extreme Risk injected into your IACS Security Lifecycle may not be hackers, but rather from the absence of cognizance, knowledge and recognition training of the risks inherent in the IACS/ICS. The idea, the "conceptualization" of risk, stems from the position of one's perceptions and training. Without proper focused training, without a foundational cognizance of the physical vulnerabilities that can endanger or restrict control system functions, a control system cannot be properly secured, and more important, securing control system functions using techniques not specifically engineered to secure control system functions is in fact and in practice dangerous that imposes significant risk to exploits.

The upcoming ANSI/ISA TR62443-1-4 Program, Lifecycles and Use Cases proposes a deeper review of the application of ANSI/ISA/IEC 62443 explaining its program's, its lifecycle's, and then to reference application examples through various use cases.

This Technical Report explains why a properly designed, instituted, deployed and practiced security management system is critical to the success of securing control system functions. Additionally, a set of use cases are in process to show examples of deployment of the Standard's series requirements.

In addition to information showing risk differences inherent between Information Systems and IACS cybersecurity, an outline overview of the upcoming Standard series Technical Report; TR62443-1-4 Program, Lifecycle and Use Cases will be presented covering this in-development Technical Report, progressing toward release in early 2023.

October 24, 2022 14:00

Idaho National Labs (INL) Cyber-CHAMP Use Cases

Shane Stailey
Organizational Cybersecurity Development & Training Strategist, Idaho National Laboratory

Glenn Merrell
CAP, Owner & Freelance Consultant, Industrial Control System Security

  1. The need for cybersecurity workforce development (in OT, in IT…) to bolster/build:
    • Current workforce opportunities
    • Pipeline opportunities
    • Mitigation of risk through targeted workforce training
  2. Current state of cybersecurity workforce development
    • As discovered in research from the last 4 years
    • As found in applying Cyber-CHAMP in the last 4 years
  3. Use cases for improving cybersecurity workforce development in the following Critical Infrastructure sectors (as Cyber-CHAMP process has been applied), with more Adopters "coming to the party" all the time:
    • Municipalities
    • Energy
    • Water/Wastewater
    • Health/Healthcare
    • Critical Manufacturing
    • Transportation (Aviation sub-sector)
    • Information Technology
October 24, 2022 15:00

ABL Virtual Cyber Range Implementation Details

Craig Cocciola
VP Cyber Range Operations, ABL Cyber Range and Academy

Susan Morris
SVP, Co-Owner, ABL Cyber Academy and Cyber Range

Each organization, college, and university require an implementation plan, unique to their sector, OT or IT systems, and current state of cyber OT and/or IT workforce competence.

The foundational tenet of a range implementation plan is the alignment of supporting organizations who interconnect for success assurance. The common steps for a range implementation across industries and sectors will be presented and discussed in three basic steps:

Step 1: Preparation

Step 2: Initial deployment

Step 3: Ongoing maintenance and update training content

Subordinate steps will change based on the organization’s and/or educational institution’s current and desired state of skills offerings and workforce development strategies and paths.

A Cyber Range may be out of reach for many SMB's (Small-Medium Businesses) and ABL has implemented a Virtual Cyber Range configurable to most IT scenarios and now growing into OT Cybersecurity for Critical Infrastructure. This subscriber service is a flexible model enabling customized content creation. Please join us to learn more and make a connection!

October 24, 2022 16:00

A Roundtable discussion: What do Critical Infrastructure Executives, Managers & Technologists see as their three (3) highest priority OT cybersecurity challenges?

Julie McFadden
Director of Computer Technology Problems, Dunwoody College of Technology

E.J. Daigle
Dean of Robotics & Manufacturing, Dunwoody College of Technology

Bring your cybersecurity knowledge and desires to the next generation of IT/OT professionals.
Dunwoody’s educators and curriculum planners in Computer Science, Robotic & Manufacturing, and Building Automation & Management are collaborating on a new OT Cybersecurity & Cloud Computing College to create graduate-resources who can make positive and more immediate impact to their employer’s overall cybersecurity stance.
Dunwoody College of Technology has the legacy, resources, and associations to work directly with your company to structure vocational workforce development with training, education, and certification. We have a historically 100% hire rate of Engineering graduates trained to be hands-on ready for work challenges from Day-1. Georgetown University’s recent study of colleges with fast ROI of their student’s education investment ranked Dunwoody College of Technology #2 in the nation (A First Try at ROI: Ranking 4,500 Colleges - CEW Georgetown).
This roundtable focus group will allow attendees to help characterize the current state of the IT/OT cybersecurity landscape. Dunwoody faculty are looking to define the next level of cybersecurity competencies as we develop new courses, certificates, and degrees that better align to industry needs.
Come join the Roundtable discussion in person on Monday October 24th or virtually from the comfort of your home office or beach hut!

Small Business Seminar

October 25, 2022 13:00

Cyber and Small Business Opening

David Notch
CISO, Castlelake L.P.

Brian McDonald
District Director, SBA

Lyle Wright
Associate State Director, Minnesota Small Business Development Center

Perception vs. Reality

“We’re too small to be a target.”
“This company has bigger issues.”
“Defending against cyber attacks costs too much.”
“I’ll worry about it when it happens.”
These sentiments and more are often heard when discussing the impact of cyber security risks to small businesses. Cyber and Small Business Chair David Notch will dive briefly into the facts and help set the stage for a full afternoon of sessions about ways to address the situation and dispel these perceptions.

Essential Small Business Resources

Cyberattacks are a growing threat to the U.S. economy. Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses.
This welcome session from the U.S. Small Business Administration will provide information about no-cost programs that SBA provides to support small businesses. You will also learn about resources available from other federal agencies and organizations that will start you on a path to becoming more cyber-savvy.

America’s SBDC North Star Cybersecurity Program

The ASBDC North Star Cybersecurity Program provides a baseline to promote cybersecurity awareness to small businesses nationwide through the SBDC (Small Business Development Center) national network. No matter where the small business is in the US, there is a SBDC center to provide guidance for effective cyber/data hygiene.

October 25, 2022 13:30

CISA Resources for Small Businesses

Chris Gabbard
Cyber Security Advisor Region V, Office of Cybersecurity & Communications, Cybersecurity and Infrastructure Security Agency (CISA)

Learn from Cybersecurity and Infrastructure Security Agency's (CISA) Chris Gabbard what 5 things you can do in the next 5 days? What can be implemented in five days, five weeks, five months?

CISA Resources – risk assessments, pen tests, critical infrastructure, and Threat vs. Response.

October 25, 2022 14:00

DHS Resources for Small Businesses

Karissa Zamora
Intelligence Officer, Department of Homeland Security

This presentation will provide an overview of the Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA) including the services that can be provided. Information on current cyber threats and mitigation strategies will be covered. It will also provide actions to enhance an organizations’ cybersecurity posture.

October 25, 2022 15:00

Panel > Cyber Risk and the Small Business Owner: What you Need to Know

Milinda Rambel Stone
CISO, Bremer Bank

Muhammad Khokhar
CISA, Bremer Bank

Kristin Hines
AVP, Loss Prevention Services Manager, Bremer Bank

Jarrod Hutchinson
Business Solutions Market Leader, Bremer Bank

Joel Quam
Commercial Insurance Advisor, Bremer Bank

Financial fraud is now a common reality in the world of cyber security. It is prevalent in the Small & Medium Sized Business Space and new scams only continue to transpire.

As a small business owner, join Bremer Bank as we discuss Fraud techniques you need to be aware of. We will also focus on no to low-cost take-aways to secure your company that you can immediately implement for additional safety and protection.

• Business Owners Need to challenge vendors. Are they secure/how?
• Why SMB Owners Need to Think Differently/defensively
• Use of Modern Technology. Faster Payments and money movement. How is your business being protected?
• Why it's in your best interest to be your own advocate for Secure transactions
• Asking/Demanding Secure Tech for your business transactions
• Need to think about how you handle your confidential documents
• The Basics.... What we need to understand as Small Business Owners

October 25, 2022 15:45

Securely and Responsibly Disposing of your IT Equipment

Rebecca Duvick
Business Development Manager, PCs for People

With frequent headlines of electronics recycling vendors (Commonly known as ITADs) being fined and even jailed for fraudulent business practices, how do you keep your company from becoming a victim?

In this session we’ll explore the current standard in data sanitization and considerations for selecting a vendor to recycle your IT Assets. As well as the opportunity for your organization to improve your ESG (Environment, Social, Governance) score through your equipment disposition.

October 25, 2022 16:00

Breaches and how to Manage Them

Aaron Campbell
FBI Computer Scientist, FBI

Eileen Manning
CEO, The Event Group / Cyber Security Summit

Join the Small Business Seminar Committee for inside stories of breaches and their impacts.

October 25, 2022 16:45

What to Look for in IT and Security Service Providers

David Notch
CISO, Castlelake L.P.

Coming Soon!

Full Summit Agenda - Tuesday

October 25, 2022 07:15

Student Career Breakfast with the CISO of the State of Minnesota

Rohit Tandon
CISO, State of Minnesota

Meet the CISO for the State of Minnesota, Rohit Tandon as he presents sage advice and career-shaping insights for newer and future cyber security professionals.
October 25, 2022 08:00

Welcome to the 2022 Twelfth Annual Cyber Security Summit > The 2022 Theme is Eyes Wide Open!

Eileen Manning
CEO, The Event Group / Cyber Security Summit

Judy Hatchett
VP, CISO, Surescripts

Jeffrey Norem
Deputy CISO, Freddie Mac

Eileen Manning, Executive Producer and Founding Partner of the Cyber Security Summit and the 2022 Summit Co-Chairs, Judy Hatchett VP, CISO, Surescripts and Jeff Norem Deputy CISO, Freddie Mac, will officially kick-off this year’s summit sharing why you need Eyes Wide Open!

October 25, 2022 08:30

Stronger Together: Lessons from 21 Years of Intelligence Integration

Andrew Borene
Associate Vice President for Research, National Intelligence University

Andrew Borene will discuss insights from his role at the National Intelligence University and set the stage for our morning keynote speaker, Beth Sanner. Ms. Sanner is an innovator, change agent, and c-suite level leader with more than three decades of experience in national security who has briefed the President of the United States on Cyber for several years.

October 25, 2022 09:00

Adversaries Turning to Cyber as Weapon of Choice

Beth Sanner
Deputy Director of National Intelligence, Department of National Intelligence

Growing global competition and conflict, amplified by Russias invasion of Ukraine, are shifting the threat environment for nations and the private sector alike. Many of our adversaries are using, sponsoring, or planning to use cyber attacks on Western companies and critical infrastructure for a variety of reasons, including moneymaking, stealing intellectual property, revenge, and potential war. As a result, companies in every sector need to be prepared for a larger range of threats than ever before. But there is some good news. The US government and it's Allies are focusing on these challenges more than ever before and partnering with private sector firms to more quickly understand and address cyber threats.

October 25, 2022 09:30

The Often-Ignored Cyber Attack Vector that is as Prevalent as the Air we Breathe: Your Browser

Michael Fey
Co-Founder, CEO, Island.io

The application enterprises use the most is the browser. In fact, it has become our primary work environment, but the browser we most often use was built for consumers. So, we have surrounded it with an endless, complex and expensive stack that overwhelms your security teams and interrupts end users.


But what if the browser was designed for the enterprise? What could that do for security, productivity and work itself?


Join this session to discover how an enterprise browser can:
• Protect critical SaaS and internal web applications
• Streamline and secure third-party contractor access and BYOD strategies
• Free you from the cost and poor user experience of VDI and DaaS solutions
• Give you last-mile control to protect users activity with critical applications and underlying data
• Deliver it all in a familiar, Chromium-based application

October 25, 2022 10:00

Here Be Dragons - Navigating An Ocean of Security Frameworks

Tony Sager
Senior Vice President & Chief Evangelist, Center for Internet Security

Thomas Sager
Associate Cybersecurity Engineer, Center for Internet Security

Cybersecurity frameworks, requirements, regulations, and standards must be wonderful, because we have so many of them. But enterprises today often need to report to several of them, each with its own focus, language, level of abstraction, and assessment/audit approach. Cross-mapping among them has become a way of life for many enterprises, and has led to a sea of mappings that include commercial services, vendor tools, volunteer donated, hand-crafted one-offs, and everything else you can imagine. While some of this is inevitable, we believe the creators of such frameworks need to simplify this problem for adopters.

At the Center for Internet Security (CIS), we’re doing our part by creating and openly sharing authoritative and vetted cross-mappings from our products and services (like the CIS Benchmarks and Controls) into the ocean of similar schemes. We’ll describe how we go about creating, validating, and sharing these – as well as our thoughts on how to make this simpler and more valuable for everyone.

October 25, 2022 10:30

Break & Expo

Meet with solution providers in the Expo Hall while enjoying a networking break

October 25, 2022 11:00

Adjust your Cybersecurity Approach to Today's Rapidly Changing Macro-Environment

Ross Rosenzeig
Sr. Director of Engineering, BlackBerry

Security has become a board level topic for many organizations and we know the balance of budget, technology and staff continues to challenge IT. Industry reporting, including a recent ISSA report, shows over 50% of increased workload, over 25% of staff burnout and over 90% report cyber skill set shortage within their business and in the market. Combine these challenges with increased threat dynamics and risk profiles that cover both external and internal threat actors we need to look at our security approach and practices in context around how, with who and with what we stay secure.

October 25, 2022 11:45

Lunch Buffet & Expo

Lunch & Networking
October 25, 2022 11:45

VIP Lunch > Invite Only > Why CSOs and CISOs are Critical in the Boardroom / And How to Accelerate Your Way to a Board Director Role. If you've ever thought, "Theres no place on a Corporate Board for Someone with my Background, You are Wrong."

Tissa Richards
Executive Coach, Tissa Richards

If you’ve ever thought, “There’s no place on a corporate board for someone with my background,” You are wrong.

88% of boards view cybersecurity as a business risk, according to Gartner. Addressing cyber risk must start at the top: in the boardroom. The time is now for CSOs and CISOs to take a seat at the table. Boards are identifying and bringing on more directors than ever before with technology and security expertise, strategizing how to protect brand reputation, revenue, continuity and resilience.

Learn proven strategies to launch your board journey or expand your existing board portfolio from a repeat cybersecurity tech founder, former CEO, and leadership expert, Tissa Richards. Tissa works with the world’s largest private and public companies and investment management firms to diversify their boards by successfully identifying critical board candidates.

In this keynote, you’ll learn how to:

• Translate your operational experience into a compelling board story
• Talk about security in a way that resonates with non-technical board members
• Create a crisp, concise, and effective narrative about your career successes
• Get started on your journey with the right board materials
• Leverage your network to identify board opportunities and scale your search

And, more important than anything, you’ll discover how to communicate your value in a way that is memorable and clear – allowing you to be the first to come to mind when opportunities arise.

October 25, 2022 13:15

Technology Alone Cannot Solve our Greatest Cybersecurity Challenges. How to Effectively Leverage Technology to Maximize the Value of Human Creativity, Experience, and Ingenuity.

Cody Chamberlain
Head of Product, NetSPI

Cody Wass
Vice President of Services, NetSPI

Technology cannot solve our greatest cybersecurity challenges. At least not on it's own. All too often in the cybersecurity industry, we view technology as the ‘silver bullet’ against today’s threat actors. But at the end of the day, it’s the combination of people and technology that will solve the greatest challenges we face. In this session, Cody Wass and Cody Chamberlain from Netspi will take a deep dive into the intersection of technology and talent and why both are necessary to combat the world’s greatest adversaries. Attendees will explore:
• Where tech-only and human-only solutions fall short
• Technology’s role in overcoming the cybersecurity talent / skills shortage
• How to effectively leverage technology to maximize the value of human creativity, experience, and ingenuity
• Real stories and examples from our penetration testing team

October 25, 2022 13:45

CISA Keynote

Nitin Natarajan
Deputy Director, CISA

Stay Tuned!

October 25, 2022 15:10

BREAKOUT ROOM 1 > EDINA > Translating Risks to Business Terms to Drive Support and Gain buy-in: Conveying Complex Risk Topics in Simple Business Language that garners Board of Directors Confidence and Support

John Valente
Security Consultant

Ivan Fong
Executive Vice President, General Counsel and Secretary, Medtronic

Todd Hartman
Executive Vice President, Best Buy

Melissa Krasnow
Partner, VLP Law Group

A board of directors has many duties, but its first is to protect shareholder assets. The protection of assets includes the management of Business Risk, including Cyber Security Risks. The panel will discuss how best to responsible present Cyber Security Risks to the Board of Directors in business terms that relate to protecting the organizations assets. As well as preparing company specific actions being taken again current media coverage of Cyber Security issues.

October 25, 2022 15:10

BREAKOUT ROOM 2 > ATRIUM 4 > Ukraine and the Three Bears (Not A Fairytale)

Mike Kearn
VP, Business Information Security Officer, U.S. Bank

This talk will walk through how offensive cyber operations performed by Russia's three intelligence units directly supported the invasion of Ukraine in early 2022. We will discuss each of the three units, their missions, past notable attacks, and the operations they completed in support of the invasion. All information presented will be open source and unclassified.

Attendees will take away:

  • An understanding of the FSB, SVR and GRU within Russia’s intelligence apparatus
  • Familiarity of the tradecraft leveraged by FSB. SVR and GRU based upon open sources
  • Comprehension of how each of these agencies supports the larger nation state objectives for Russia
October 25, 2022 15:10

BREAKOUT ROOM 3 > ATRIUM 6 > Adapting your Strategy to a Higher Degree of Risk Tolerance

Eli Davis
Information Security Architect, Vista Outdoor Inc.

This talk will be focused on personal observations, experiences, and lessons learned from seeing a company transform it's security posture from that of a defense contractor to a consumer goods manufacturer. Subtopics include team culture, learning to embrace risk instead of avoiding it, overhauling your entire tech stack, and steering the work culture over multiple years. The talk will be primarily non-technical, directed toward management, and from the perspective of boots-on-the-ground Information Security Engineers and individual contributors.

October 25, 2022 16:00

BREAKOUT ROOM 1 > EDINA > How Kindness Builds Effective Security Operations

Nathan Caldwell
Managed Awareness Evangelist, Arctic Wolf

Cybersecurity professionals are responsible for keeping companies secure but security should never end with technology. Only those who also focus on effectively leading people with kindness will be able evolve their cybersecurity from a technology safety net into a mesh network of cyber-wise diligent defenders who understand how to protect themselves and their organization.

Kindness is the key to helping people:

  • Understand WHY they must care
  • Understand HOW to proactively identify risks and take measures to ensure their organization is powerfully secure
  • Increase motivation while reducing stress
  • Develop into trustworthy teammates
October 25, 2022 16:00

BREAKOUT ROOM 2 > ATRIUM 4 > Identity Governance Transformation Partnership: A Case Study with Edgile & Sleep Number

Mercy Schroeder
Director, Business Development, Edgile

Devan Koss
Director of Information Security GRC, Sleep Number

Josh Oldham
Senior Engineering Manager - Datacenter Infrastructure and Identity Engineering, Sleep Number

Becky Sandberg
Director, Edgile

Join Sleep Number’s Information Security and Identity Leaders along with Edgile’s Identity expert to learn about their ongoing journey to transform and modernize Sleep Number’s identity program and practices. This session will feature an overview of the initiative, unique challenges faced, advice on pitfalls to avoid and how to keep your teams engaged. If you are thinking about investing in an Identity Modernization initiative, this is a must attend!

Attendees will take away:
• The decision point that led Sleep Number to choose to invest in a new identity platform
• The Identity Governance platform and Integrator(s) selection process
• Unexpected challenges that were overcome/pitfalls to avoid
• Best practices on deploying a modern cloud Identity solution
• How the teams at Sleep Number and Edgile collaborated successfully on this initiative
• The benefits already realized and future benefits to come
• Q&A

October 25, 2022 16:00

BREAKOUT ROOM 3 > ATRIUM 6 > Reducing Cyber Risk by Taking Care of the Human Beings in Your Organization

Laurie Naughton
Sr. Technology Auditor, Target

Utilizing empathy and vulnerability will help employees feel a sense of belonging and inclusion in their organizations. When they feel this way, they are more likely to want to take action to protect their organizations and make the right choices. A culture of inclusions helps create a culture of care where employees truly begin to care about the impacts of negative events on the organization including cyber impacts.
October 25, 2022 16:45

Expo Reception

Join us for refreshments and networking!

October 25, 2022 17:00

Visionary Leadership Awards > VIP Reception

Invite only: Private Networking Session for Visionary Leadership Award Nominees and Invited Guests.

October 25, 2022 18:00

Visionary Leadership Awards Dinner

Join us for the 2022 Visionary Leadership Awards Dinner preceding the Awards Ceremony

October 25, 2022 20:00

Cyber Warrior Tribute Program at the Visionary Leadership Awards

Domenick Allen
Musician

Legendary rock musician, Domenick Allen (formerly of "Foreigner") will perform for the Cyber Warrior Tribute portion of the Visionary Leadership Awards Banquet.

October 25, 2022 21:00

Visionary Leadership Awards Ceremony

Chris Buse
CISO, Old Republic Title

Betty Elliott
Senior VP, CISO, Freddie Mac

Naomi Hospodarsky
Security & Compliance Analyst, Minnesota Supercomputing Institute

Laura Johnson
Enterprise Endpoint Manager, Minnesota IT Services

Chip Laingen
Executive Director, Defense Alliance

Alyssa Maki
IT/InfoSec Analyst, Kimley-Horn and Associates

William Rankin
Director of Governance and Compliance, ECS

Nadia Rizk
Director of Technology Audit & Data Analytics, Target Corporation

Prasenjit Saha
Executive Vice President and Global Cyber Security Business Head, L&T Infotech

Terry Seiple
Senior Information Security and Cloud Architect, State of Minnesota

Natascha Shawver
Information Security Architect, University of Minnesota

Join us for the 2022 Visionary Leadership Awards Presentation.

Full Summit Agenda - Wednesday

October 26, 2022 07:00

Have you ever Considered a Career with the FBI?

Brenda Kane
Recruiter, FBI

Colleen Peña
Cyber Special Agent, FBI

Join us early for this not to miss breakfast. Featuring representatives from the Federal Bureau of Investigation who will be on hand to speak about the application process, IT, Cyber and Tech Careers in the FBI.

October 26, 2022 07:00

Learn about Women In Cybersecurity (WiCyS) Minnesota Chapter

Judy Hatchett
VP, CISO, Surescripts

Tina Meeker
Sr. Director of Information Security, Sleep Number

Start your morning with WiCyS MN. The WiCyS Minnesota chapter was launched in 2019. Learn all about WiCyS MN, events planned throughout the year and how to get involved.

The Women in Cybersecurity Minnesota (WiCyS MN) is a regional affiliate that covers these geographic areas: Minnesota with outreach into Wisconsin, Iowa, North and South Dakota. As a WiCyS Affiliate, we will undertake activities to promote recruitment, retention, and advancement of women in cybersecurity.

 

October 26, 2022 08:00

2022 Cyber Security Summit Intern Showcase

Jeffrey Peal
Information Security Officer, Clinician Nexus

Aynura Berdyyeva
Cyber Summit Coordinator, Cyber Security Summit

Sherwin Bothello
Cyber Summit Coordinator/Product Security Engineer II, Security Summit/Medtronic

Joseph Mathias
Cyber Summit Coordinator, Cyber Security Summit

As the Cyber workforce faces challenges, here at the Summit we started a unique internship program that is giving soon-to-graduate and recently graduated students a jumpstart on their careers. Hear firsthand from some of our executive coordinators on their background, Summit experiences, skill sets, and how you can hire them. Additionally, the Summit offers an ongoing scholarship program and is seeking corporate support.

October 26, 2022 09:30

The Intersection of Privacy and Security: How you can use Existing Security Tools to Build an Adaptive Privacy Program

Jerrod Montoya
Principal, Truvantis

Privacy and security were historically two separate disciplines. Over the years, the two have grown closer together. As the landscape of privacy regulations continues to evolve, the most recent comprehensive privacy laws continue to close that gap even more. With this convergence, there’s opportunity to blend what are known as best security practices and incorporate them into best privacy practices.

In this presentation, you will hear about upcoming legal changes in privacy with an emphasis on US privacy laws, how these laws converge with best security practices, and how you can use security practices to make privacy programs more resilient to frequent changes in the law. Whether you are responsible for privacy or just a resource to a privacy group in your organization, this presentation will leave you with actionable steps to get your program on the right track.

Hear expert advice on how you can develop and maintain a risk-based program designed to evolve with changing regulatory, threat landscape and business requirements.

October 26, 2022 10:00

Morning Keynote

Stay Tuned!

October 26, 2022 10:30

Third-Party Risk: Evolving and Tailoring your Approach to Address this top Attack Vector for your Organization

Gretchen Block
CISO, SVP, United Health Care, Optum

Cyber-attacks continue to disrupt critical supply chain and business partners, impacting key business processes. Hackers are targeting larger enterprises through their smaller, less-sophisticated partners and subcontractors as attack vectors into their larger clients’ networks. To manage this risk, it is important to build an organization wide Supplier Risk Management Program that oversees the risk and ensures the appropriate capabilities are in place to respond and recover rapidly from potential attacks. As the threat landscape continues to shift, it is crucial for the Supplier Risk Management program to evolve and tailor approach commensurate with advancing risk.

October 26, 2022 11:00

Hindsight is 20/20

Jeremy Treadwell
COO, Treadwell Agency

"Hindsight is 20/20" is usually what most cyber leaders say after falling victim to an attack. As we all know, cybercrime is on the rise, and Cybersecurity Ventures estimates the annual economic toll to be approximately $6 trillion; by 2025.

Every organization has a cyber approach to ensure compliance with regulatory requirements, and most companies analyze attack vectors to strengthen critical that requires defense. Frequently these activities happen after an attack.

However, how do we look to the horizon to determine the future security needs of our systems, data, and information assets?

Foresight has a role in cybersecurity. It requires a long-term view of cyber risks, which requires organizations to adopt a strategic and proactive approach to managing them. In this talk, we will discuss practices that leverage scenario planning designed to help your organization develop robust strategies for building security-first cultures utilizing foresight.

Key Takeaways:

  • Understand the art of foresight and how to see change
  • Critical methodologies to leverage scenario planning with foresight
  • Best ways to build cyber strategies of the future that drive security-driven cultures.
October 26, 2022 13:30

Wednesday Seminar 8

Coming Soon!

October 26, 2022 14:00

Wednesday Seminar 9

Coming Soon!

October 26, 2022 14:30

Wednesday Seminar 10

Coming Soon!

October 26, 2022 14:30

Wednesday Seminar 11

Coming Soon!

October 26, 2022 15:30

Ready Set RUN – the New Offense is a Collective Defense!

Teri Williams
Brigadier General, Vice Director of Operations (CYBER), National Guard Bureau

America doesn’t play defense very well when it comes to cyber security! A great defense is a collective defense. Brigadier General Williams will share her efforts in a holistic approach to cyber resiliency!

October 26, 2022 16:15

Summit Wrap Up and Take Away

Judy Hatchett
VP, CISO, Surescripts

Jeffrey Norem
Deputy CISO, Freddie Mac

Join Judy and Jeff as they review Summit highlights, share key take aways, and help define your call to action items to take back to your organization.