Session Details - September 26th, 2024
The conference featured educational talks and a panel to expand your knowledge and foster security discussions.
 

Keynotes

Keynotes Careers AI Frameworks Operations Case Studies

Opening Keynote: Building Trust, Managing Expectations: Strengthening Cybersecurity Collaboration U.S. Army Colonel (ret) JC Vega - Founder, Executive Security Advisors, LLC Slides

Video

In an increasingly complex cybersecurity landscape, where threats evolve at machine speed, the key to success lies not just in technology and response time, but in building a community of practice based on trust and effective expectation management. This talk will explore how trust and expectation management form the foundation of strong collaborative relationships and how they can drive success in cybersecurity, particularly in large-scale, multi-stakeholder environments.

We will examine a pivotal case from 2012, during the early days of U.S. cyber operations, when the U.S. Government and the Department of Defense recognized the urgent need to enhance their cybersecurity capabilities. The establishment of U.S. Cyber Command (USCYBERCOM) in 2010 and U.S. Army Cyber Command (ARCYBER) in 2012 marked a significant milestone. General Keith Alexander and Lieutenant General Rhett Hernandez, commanders of these new organizations, identified a critical gap: the need to "fix cyber" to prevent strategic surprises in cyberspace. Their recommendation to the Chief of Staff of the Army, General Raymond Odierno, led to the creation of the Army Cyber Institute at West Point, a testament to the power of proactive trust-building and clear expectation management.

This use case highlights the essential role that trust-building and expectation management play in cybersecurity. Just as USCYBERCOM and ARCYBER forged a path for the future of U.S. cyber operations through clear communication, mutual trust, and aligned expectations, today's cybersecurity professionals must do the same within their own organizations. Through practical strategies and real-world examples, this session will empower attendees to build stronger, more resilient collaborative relationships under the pressures of today's cyber threats. By fostering trust and effectively managing expectations, we can collectively strengthen our defenses and protect critical infrastructure in an interconnected digital world.

Sessions

Topic: Career Advancement

Keynotes Careers AI Frameworks Operations Case Studies

IT Professional Guide to Cybersecurity Career Transition Adnan Rafique - Sr. Advisor Cloud Security Governance, Elevance Health Slides

Video

This career talk is designed for IT professionals (sys admin, developers, network engineer etc.) who are looking to transition into the dynamic and rapidly growing field of cybersecurity. With the increasing demand for skilled cybersecurity experts, this session will provide a comprehensive guide to making a successful and swift career shift from IT development roles to cybersecurity positions.

By the end of this talk, attendees will have a clear understanding of how to leverage their existing IT skills to avoid starting from scratch in the cybersecurity field, the steps needed to gain the necessary knowledge and experience, and practical tips for landing a cybersecurity role. The session aims to empower IT professionals to confidently pursue a rewarding career in cybersecurity.
The Future of Cybersecurity Entry Roles in the Age of AI Adrianna Iadarola - Vice President of Sales, VerTalents Slides

Video

As artificial intelligence (AI) continues to revolutionize the cybersecurity landscape, the nature of entry-level roles in the field is rapidly evolving. This session will explore how AI is reshaping the demand for cybersecurity professionals, with a particular focus on the skills and competencies required for future entry-level positions. We will discuss the automation of routine tasks, the need for specialized knowledge in AI-driven tools, and the growing importance of strategic thinking and problem-solving abilities. Attendees will gain insights into how aspiring cybersecurity professionals can prepare for these changes, ensuring they are equipped to navigate the challenges and opportunities presented by AI. The session will also consider the implications for training and education programs, emphasizing the need for curricula that align with the future demands of the cybersecurity industry.
Empowering Cybersecurity Careers: Alternative Paths to Success Patrick Slattery (moderator) - Professor, Zicklin School of Business at Baruch College
Brian Erickson - Head of Cyber Strategy, SS&C
Dr. Keith Clement - Professor of Criminology, Fresno State University
Vlad Brodsky - CIO & CISO, OTC Markets Group
David Raviv - Founder, The New York Information Security Meetup
Slides

Video

The presentation explores practical pathways for building a successful cybersecurity career without a college degree. It will cover essential steps such as developing foundational IT skills, obtaining key certifications, and gaining hands-on experience through challenges and internships. The presentation will also emphasize the importance of continuous learning, staying current with industry trends, and the value of mentorship within the cybersecurity community. Attendees will gain insights into navigating the job market, identifying entry-level opportunities, and planning for long-term career growth in cybersecurity, all without relying on a traditional educational background.

Key Takeaways:
  • Building a Cybersecurity Career Without a College Degree: Exploring alternative pathways to entering the cybersecurity field, including certifications, hands-on experience, and self-directed learning. This topic would resonate with those looking to break into the industry without a traditional educational background.

  • The Importance of Continuous Learning in Cybersecurity: Discussing the necessity of staying current with evolving threats, tools, and technologies. This topic could cover strategies for lifelong learning, including advanced certifications, online challenges, and engaging with the cybersecurity community.

  • Mentorship and Community Building in Cybersecurity: Highlighting the role of established professionals in mentoring newcomers and fostering a supportive community. This topic could focus on how experienced individuals can contribute to the growth of the field by sharing knowledge and resources.

  • Hands-On Experience: The Key to Cybersecurity Success: Emphasizing the value of practical, real-world experience in cybersecurity training. This could include discussions on Capture The Flag (CTF) competitions, internships, and open-source contributions as critical components of a cybersecurity education.

  • Navigating the Cybersecurity Job Market Without a Degree: Offering strategies for job searching, resume building, and interview preparation tailored to individuals without a college degree. This topic would provide actionable advice for breaking into the field and advancing in a cybersecurity career.
Trends in Cybersecurity and the Growing Talent Gap Kiran Bhujle CISA, CRISC, CDPSE, CMMC RP - Global Managing Director, SVAM Security Slides

Video

In the last 25 years, attacks and security protection have advanced rapidly. Looking back, it is easy to identify the different generations of attacks and security products that protect against them. However, today the velocity of attack evolution is far outpacing the level of security that businesses have deployed. This is a problem. The level of security deployed by businesses cannot be behind the level of attacks coming at them. But there's another issue that's surfaced: talent. The New York Times recently published an article estimating that over 3.5 million cybersecurity jobs are available globally, with nearly a million in the United States alone. The cybersecurity skills shortage is getting worse. Given the dangerous threat landscape, this means the skills shortage represents an existential threat to our nation, a nation that relies on technology as the backbone of our economy, critical infrastructure, and society at large. In this session we'll discuss the evolution of cyberthreats and how the educational institutions of the world can help address the growing cyber talent gap.

Key Takeaways:
  • Understand the historical evolution of cyber threats and security solutions.
  • Recognize the urgency of the current cyber talent gap in facing advanced attacks.
  • Explore strategies for institutions to address the cyber talent shortage.
  • Discuss the role of education in shaping the future of the cybersecurity workforce.

Topic: Artificial Intelligence

Keynotes Careers AI Frameworks Operations Case Studies

Panel: AI & Cybersecurity William H. Murray (moderator),
Jim Ambrosini, vCISO, CompassMSP
Frederick Scholl, Program Director Cybersecurity, Quinnipiac University
Bill Malik, Former Research Director, Gartner
Dora Gomez, FinCrime, Fraud, and Compliance Leader, EY
Slides

Video

This is a panel about AI and Cybersecurity. While all the panelists have thought about and have something to say about AI, they are not AI experts. Rather they are security experts, your peers who share your Interests and concerns. They have been asked to talk to you about the short term opportunities and risks of AI and to give you their thoughts about the long term and how we should prepare for it. While much of what we will say will be, of necessity, speculative, we promise to be both entertaining and provocative.
Poking AI in the Eye: A Practical Intro to Adversarial AI David Rhoades - VP of Security Consulting, Palindrome Technologies - Chapter Lead for OWASP Delaware Slides

Video

Artificial intelligence (AI) systems are becoming ubiquitous in our daily lives, but how secure are they? In this presentation, I will introduce the audience to some of the techniques used by hackers and researchers to attack AI systems, such as data poisoning, model stealing, and prompt injection. I will also demonstrate some of these attacks live.

The presentation will be interactive and engaging, with a few light challenges for those audience members who want to try their hands at breaking AI (from the comfort of your mobile phone). I will also highlight some real-world case studies of successful attacks. Whether you are an AI enthusiast, a security professional, or just curious about how AI fails, this presentation will give you a practical and fun introduction to the fascinating world of adversary AI techniques, along with ample resources to get you started with practicing these techniques legally.

Key Takeaways:
  • Major attack categories facing AI systems, and their potential impacts.
  • Real-world examples of successful attacks against AI systems.
  • Resources will be provided to allow hands-on activities after the presentation.
Unmasking Digital Deception: Defending Your Organization Against AI-Powered Misinformation Nick Loui - Co-Founder and CEO, PeakMetrics Slides

Video

AI-powered misinformation is now deemed the biggest short-term threat to the global economy, according to a recent World Economic Forum report. Detecting online threats like misinformation, disinformation, deepfakes, and bots can be daunting. Even the rumor of a breach can erode trust in a brand's security, impacting every facet of the organization.

As narrative-based threats grow more sophisticated, organizations must enhance their detection and defense capabilities. Join Nick Loui, for an enlightening session on how security teams can uncover and address emerging online threats before they impact your organization. Nick will share key strategies and insights to protect your brand from digital deception.

Key Takeaways:
  • Understanding the Threat Landscape: A comprehensive overview of the current digital threat landscape, including the rise of AI-powered misinformation and its economic implications.
  • Detection Strategies: Proven methodologies for detecting online threats such as misinformation, disinformation, deepfakes, and bot activity.
  • Response Mechanisms: Effective tactics for mitigating the impact of detected threats and maintaining organizational trust and security.
  • Case Studies: Real-world examples of how organizations have successfully used advanced detection tools to safeguard against narrative-based threats.
  • Future-Proofing: Insights into emerging technologies and trends in the digital security space to stay ahead of potential threats.
Building Blocks of Secure AI Governance Framework Rahul Bhardwaj - Head Information Security Americas, EXL Slides

Video

Building a robust Secure AI Governance Framework is essential for managing the ethical, legal, and operational aspects of artificial intelligence systems. The session will cover a structured approach to creating a comprehensive framework to secure or design Secure AI framework. The session will cover key components to be addressed while designing and implementing Secure AI governance program.

Key Takeaways:
  • List of key components of Secure AI governance framework
  • Reviewing existing framework or blueprint to design Secure AI governance framework to address key security and privacy risks while developing or implementing AI program or solutions in respective organization
  • List and awareness of key security and privacy risk to assess while reviewing AI programs or solutions and learning key controls and framework related to AI security governance like NIST AI RFM, ISO 42001 etc.
New AI and Quantum Risk and Security Michael Melore, CISSP - IBM Public Sector Security Ambassador Slides

Video

AI/Deep Fakes and Quantum Computing introduce new risk to organizations. We'll discuss new threats and effective approaches to this new frontier upon us. Data has become the intellectual property for organizations, their competitive differentiator, and critical to their success and livelihood. The new technologies are fundamentally used in analyzing, modeling and forecasting massive amounts of critical information quickly. Data has become consolidated treasure the bad actors want. These new technologies leverage an organization's most critical and sensitive information and must be kept safe and secure.

Key Takeaways:
  • New Threats from AI/Deep Fakes and Quantum Computing
  • AI's Impact from the recent 2024 Ponemon Institute's Cost of a Data Breach Study and Report
  • Effective data protection strategies and techniques for the new era of AI/Deep Fakes and Quantum Computing risk

Topic: Frameworks

Keynotes Careers AI Frameworks Operations Case Studies

Understanding CMMC 2.0 Compliance: Improving Cybersecurity Hygiene to do business with the U.S. Government Allen Ureta, Managing Director, Deltamine Inc.
Dave Solano, Cyber Security Practitioner, Deltamine Inc.
Slides

Video

An overview of the CMMC 2.0 Program and cybersecurity framework based on NIST SP 800-171 and 172 to improve the overall cybersecurity hygiene of the Defense Industrial Base in the protection of Confidential Unclassified Information (CUI). This program is serving as an entry point for improving the overall cybersecurity culture of not only the DoD, but for the entire federal government agencies.
Key Takeaways:
  • Overview of CMMC 2.0 Program;
  • Importance of Cybersecurity to improve culture and hygiene for modern digital enterprises;
  • Opportunities for individuals and businesses.
Center for Internet Security Controls Tom Brennan - CIO, Mandelbaum Barrett PC - CEO, Proactive Risk Slides

Video

In today's rapidly evolving cyber threat landscape, businesses of all sizes face increasing challenges in safeguarding their critical assets and maintaining compliance with regulatory requirements. The Center for Internet Security (CIS) Version 8 Controls provide a comprehensive framework designed to enhance an organization's cybersecurity posture. This presentation aims to offer businesses practical guidance and real-world insights into implementing CIS V8 Controls, leveraging the expertise of a seasoned enterprise consultant.

Attendees will gain an understanding of the foundational principles of CIS V8 Controls, including how to prioritize and implement these controls effectively within their organizations. The presentation will cover key topics such as risk assessment, asset management, access control, and incident response. Real-world case studies will be shared to illustrate common challenges and successful strategies for overcoming them.

By the end of this session, business leaders and IT professionals will be equipped with actionable steps to enhance their cybersecurity defenses, mitigate risks, and ensure compliance. This presentation is ideal for organizations seeking to strengthen their security framework with proven methods and expert guidance.

Join us to learn how to navigate the complexities of cybersecurity with confidence and protect your business from emerging threats using the CIS V8 Controls.

Key Takeaways:
  • Prioritization and Implementation Strategies: Attendees will learn how to effectively prioritize and implement the CIS V8 Controls within their organizations, ensuring that critical security measures are addressed first to maximize impact and resource efficiency.
  • Real-World Case Studies and Practical Insights: Through real-world case studies and the consultant's extensive experience, participants will gain practical insights into common challenges and successful approaches to applying the CIS V8 Controls in diverse business environments.
  • Actionable Steps for Enhanced Cybersecurity: The session will provide clear, actionable steps for businesses to enhance their cybersecurity posture, mitigate risks, and achieve compliance with regulatory standards, empowering them to confidently protect their critical assets against evolving cyber threats.

Topic: Operations

Keynotes Careers AI Frameworks Operations Case Studies

Insider Threats Do More Harm Than External Attackers Tim Schnurr (CRISC) - Founding Partner, Inquisitive IT Slides

Video

Insider threats are a major drain on the global economy, responsible for 82% of cyber losses. But most reports focus on accidental mistakes (56%) rather than deliberate theft (26%), which leads to underestimating the true damage. This article dives into the malicious or deliberate insider threat, where employees steal or misuse company assets without outside help.

These insiders have unique advantages: access to valuable data, knowledge of its worth, and connections to potential buyers (like competitors). Think of a departing employee taking customer lists to help a rival gain market share. External attackers often target generic privacy data like social security numbers or credit cards, creating legal trouble and leverage for themselves. But malicious insiders know where the real jewels are, causing much bigger losses.

Mature cybersecurity programs recognize the non-technical dimensions of risk mitigation, including governance, policies, and personnel training. Embedding IP and insider threats within risk frameworks empowers leadership to delegate responsibility and encourage corporate adoption of protective measures.

By implementing a transparent system of incentives and consequences ("carrots and sticks"), organizations can foster alignment between individual contributions, employee performance, and an overall culture of innovation. This approach motivates employees to identify, protect, and contribute to valuable IP, ultimately strengthening the organization's competitive advantage.
Cyberbowl: Red Team vs Blue Team! Herbert Decker Jr III - Physical Security Support Engineer II, Amazon Slides

Video

In the world of cybersecurity, the dynamic between the red team and the blue team is crucial. The blue team's primary focus lies in fortifying digital systems through defensive measures, employing technologies such as intrusion detection systems and firewalls. They adeptly wield coding languages like PowerShell and Python to bolster defenses and proactively monitor for signs of intrusion. Conversely, the red team assumes an offensive stance, utilizing their coding expertise to simulate attacks and identify system vulnerabilities. Their mission is to expose weaknesses that may evade detection by the blue team, fostering a culture of continuous improvement in cybersecurity strategies. Through collaborative efforts and innovative approaches, these teams synergize to erect robust defenses against evolving cyber threats, underscoring the significance of teamwork and skill diversity in safeguarding digital assets.

Attendees will gain insight into the dynamic interplay between the red and blue teams within cybersecurity. By grasping the distinct roles and methodologies employed by each team, participants will appreciate the value of collaboration and skill diversity in fortifying digital defenses. The keynote emphasizes the importance of fostering a culture of continuous improvement and innovation to stay ahead of emerging cyber threats, showcasing the critical role played by both the red and blue teams in defending against evolving cybersecurity challenges.

Key Takeaways:
  • Understanding Team Roles: Grasp the distinct roles and responsibilities of the red and blue teams in cybersecurity.
  • Collaboration: Recognize the importance of teamwork and collaboration between the red and blue teams in strengthening cybersecurity defenses.
  • Continuous Improvement: Appreciate the necessity for continuous improvement and innovation in cybersecurity strategies to stay ahead of emerging threats.
Cybersecurity Strategy under the Microscope: Measuring Cyber Program Effectiveness Vishal Chawla - Founder & CEO, BluOcean Digital
Katie Reilly - Senior Consultant, BluOcean Digital
Slides

Whitepaper

Video

Cyber maturity Programs are failing. We need to shift to measuring Cyber Program Effectiveness. The cyber criminal has moved from just stealing information to business disruption like UHG etc. However, our cyber programs were designed for cyber breach, not cyber attacks on business operations. This requires a shift to a business centric cyber security strategy and Planning. The session will share case study from recent client.

Key Takeaways:
  • How to use Scenario Planning to predict disruptions and prepare effective mitigation strategies.
  • How to develop a materiality framework of your business to understand what really matters
  • Build a cyber security plan that would address direct risk, tail risk, and align with the organization's risk appetite.
Application Security: New Attack Vectors Daniel Shechter - CEO and Co-Founder, Miggo Slides

Video

Application security has always been a challenge, but the transition to distributed architectures has introduced new and complex vulnerabilities. This talk will explore how modern applications and their intricate chains of trust create unprecedented attack vectors, often outpacing traditional security measures. We'll examine the complications introduced by the shared responsibility model, including the risks of undisclosed updates and changes. Attendees will gain insights into the evolving security landscape and practical strategies for navigating these emerging challenges.

Key Takeaways:
  • New Attack Vectors: Explore how the distributed nature of modern applications and their chains of trust introduce novel vulnerabilities that traditional security solutions may overlook.
  • Complexity and Breaches: Examine how high-profile breaches expose critical security gaps in complex application frameworks and how these gaps evolve over time.
  • Impact of Shared Responsibility: Understand how the shared responsibility model-particularly issues like undisclosed updates and silent changes-complicates security efforts, and discover strategies to effectively manage these challenges.
Data Killed My Threat Model:The Effect of Data Starvation and Gluttony in AppSec Tony "UV" UcedaVelez - Founder, VerSprite Slides

Video

Reliable data is inherently critical for application threat models. As threat modeling continues to proliferate across security programs, bad habits in feeding threat models with relevant data is becoming prevalent. This session will explore top 3 mistakes of "data starvation/gluttony" with respect to application threat models and how to achieve a contextualized, balanced data diet.
Securing the Cloud: Strategies for Comprehensive Cloud Security Management Adnan Rafique - Sr. Advisor Cloud Security Governance, Elevance Health Slides

Video

As organizations increasingly migrate to the cloud, the security landscape becomes more complex and challenging. This talk aims to equip experienced cybersecurity professionals, IT managers, and cloud practitioners with a deep understanding of the unique security concerns in cloud environments and advanced strategies to address them. Attendees will gain insights into the major risks associated with cloud security and learn how to apply cutting-edge techniques and industry best practices to mitigate these risks effectively.

Key Takeaways:
  • Gain insight into the unique challenges of securing data and systems in the cloud.
  • Learn practical strategies to reduce risks and keep their organization's information safe in the cloud.
  • Empower cybersecurity professionals, giving them confidence to tackle cloud security complexities effectively.

Topic: Case Studies

Keynotes Careers AI Frameworks Operations Case Studies

Cyber Incident Masterclass: Real-World Response Tactics from Industry Leaders Tom Ryan (moderator) - Founder and CEO, Asymmetric Response
Vlad Brodsky - CIO & CISO, OTC Markets Group
Michelle Schaap - Leads CSG's Privacy & Data Security practice
Alex Waintraub - SOC Director, Simulint
Slides

Video

In the relentless battle against cyber adversaries, the ability to respond with precision and effectiveness is not just a necessity-it is a mandate. This masterclass unites some of the most formidable minds in cybersecurity to share their hard-won insights and proven tactics for managing and mitigating cyber incidents. As we dissect real-world scenarios, you'll gain an unfiltered view of what it takes to safeguard your organization in the face of relentless threats. Whether you're a veteran in the cybersecurity trenches or an emerging leader, this panel will arm you with the strategies needed to fortify your defenses and respond with authority.

Key Takeaways:
  • Comprehensive Incident Response Frameworks: Learn to build and implement an unassailable incident response framework that spans the entire lifecycle of a cyber incident. From detection and analysis to containment, eradication, and recovery, you'll gain insights into assembling and leading an incident response team with the precision of a military operation.
  • Advanced Mitigation Techniques: Dive into the advanced mitigation techniques employed by industry leaders. Understand how to harness the power of threat intelligence, automate response actions, and deploy cutting-edge technologies. These strategies will enable you to stay one step ahead of the adversary, turning the tide in your favor.
  • Post-Incident Review and Continuous Improvement: Recognize the critical importance of post-incident reviews. Learn how to conduct thorough evaluations, extract actionable lessons, and fortify your defenses. Continuous improvement is the hallmark of a resilient organization, and you'll discover how to embed this ethos into your incident response processes.
Learning from History: What Past Cyber Attacks Can Teach Us Jeff Foresman - President of Services, Quadrant Information Security Slides

Video

This presentation will analyze previous incidents, breaches, and ransomware attacks to understand how we can learn from these situations and prevent them from happening again. The presenter will discuss the attack techniques, vulnerabilities, new trends observed, what could have been done to avoid these attacks, and how organizations should respond in such cases. Attending this presentation will give you insights into improving your organization's prevention, detection, and response procedures to identify and stop modern attacks more effectively.

Key Takeaways:
  • New attack techniques and commonly attacked vulnerabilities
  • Brief overview of the most prevalent threat actors
  • Recommended security program changes to prevent breaches
From Shoestring Budget to Unified Front: Building cybersecurity resilience across diverse subsidiaries. Matthew Webster - Founder / CEO / CISO, Cyvergence Slides

Video

This presentation dives into a real-world success story of establishing robust cybersecurity governance in a geographically dispersed group of companies, even with limited resources. Drawing on my experience as a global CISO, I'll detail a step-by-step approach to achieving cross-company alignment on security standards, navigating varying levels of expertise, and overcoming resistance to change. Discover how we leveraged tools like cyberinsurance, an enhanced NIST Cybersecurity Framework, and strategic risk alignment to achieve a unified security posture despite resource constraints. Join me to learn practical strategies for fostering collaboration and building effective cybersecurity governance across complex organizational structures.

Key Takeaways:
  • From Boardroom to Budget: Using Cyber Insurance to Champion Security Investments
  • Bridging the Expertise Gap: Aligning Security Standards Across Subsidiaries
  • NIST as a Roadmap, Not a Rulebook: Tailoring the Framework for Maximum Impact


[ Home ]