Monday, December 10, 2018
11:00 am - 11:45 am Registration
11:45 am - 11:55 am Orientation
11:55 am - 12:00 pm Chairperson's Opening Remarks
12:00 pm - 12:30 pm Opening Keynote: Open Apertures and Unauthenticated Input in Non-Traditional Technologies-- Information Security Risks and Protection StrategiesIan Schneller - Senior Vice President Global Information Security, Bank of America
In this presentation, we will first explore a set of commonly used technologies that may not be closely examined as part of traditional information security programs. However, they likely introduce critical risks via open apertures allowing for unauthenticated inputs by anonymous users. For a moment consider how a malicious user could potentially use modified content on their license plate to exploit a sensitive information system. In this presentation, I will show you how to see vulnerabilities in a new light in this in this increasingly-connected world. Heavily based upon lessons learned from a 20+ year cyber career in the public sector, this presentation will provide new strategies through exciting examples that will shape how you interpret additional technologies around you and design security controls to uplift your defenses.
Ian SchnellerSenior Vice President Global Information Security
Bank of America
1:30 pm - 2:05 pm Keynote: Unleash Your Program's Full Potential Through DiversityChad Teat - CISO, Floor & Decor
What common trait produces astonishing results at tech-giant Hewlett-Packard, consumer goods Kimberly-Clark, and the hyper-growth retailer Floor & Decor? Industry-defying diversity. Attacking Cybersecurity’s largest cultural issue, diversity, greatly reduces a CISO’s troubles with Cybersecurity’s largest operational issue, labor shortage. Learn more about the status of diversity in Cybersecurity, hear examples of success and failure, and take home high-impact improvements for your program.
Floor & Decor
2:10 pm - 2:40 pm Business Meetings
2:40 pm - 3:10 pm Business Meetings
3:10 pm - 3:20 pm Networking Break
Master Class3:20 pm - 4:05 pm Levers of Human Deception: The Science and Methodology Behind Social Engineering Perry Carpenter - Chief Evangelist and Strategy Officer, KnowBe4
No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.
Join this session for fun and engaging examples of mental manipulation in everyday life: from the tactics used by car dealers, to sophisticated social engineering and online scams. Additionally, look at how to ethically use the very same levers when educating our users.
•The Perception vs. Reality Dilemma
•Understanding the OODA (Observe, Orient, Decide, Act) Loop
•How social engineers and scam artists achieve their goals by subverting OODA Loop's different components
•How we can defend ourselves and our organizations
Perry CarpenterChief Evangelist and Strategy Officer
BrainWeave3:20 pm - 4:05 pm A Phishful of Dollars - How to Automate and Standardize Response Bill Butler - Regional VP Sales, Demisto
Phishing emails are one of the most frequent, easily executable, and harmful security attacks that organizations face today. Due to an expanded threat surface, a single system falling prey to a phishing email can lead to harmful lateral movement and enterprise-spanning attack campaigns. Security teams struggle to execute standardized enrichment and response due to disparate tool sets, rising alert and false positive numbers, time-consuming manual actions, and human capital crunches. Teams need a tool stack that centralizes security data, increases analyst productivity, and primes the SOC for scalable response.
The panel discussion will highlight how a Security Orchestration, Automation, and Response (SOAR) platform can plug critical gaps in the phishing response lifecycle and review a phishing use case. You’ll learn how to:
- Correlate standard and custom threat intelligence across tools,
- Automate repeatable actions with human review and oversight,
- Improve investigation quality by weeding out false positives, and
- Shave down response times from hours to seconds.
Attend the session and learn how a robust phishing response plan is the first step to reduced security and business risk.
Bill ButlerRegional VP Sales