Share This Article
Sign up to stay
Wednesday, September 6
Presented by Kiersten Todt – Counselor to the Director, Cybersecurity and Infrastructure Security Agency
Presented by Roger Grimes – Data-Driven Defense Evangelist, KnowBe4
Most people think MFA is pretty secure and definitely a stronger defense than a password. For most MFA that most people use this isn’t true. I can hack, bypass, or socially engineer you out of the most popular MFA as easy as if it were a password. Come see how. Come learn how to better defend your MFA and what MFA is strong and resilient
Presented by Bill Malik – VP Infrastructure Strategies, Trend Micro
There is ample information on how to prepare for a data breach, but we rarely discuss how to manage the security team’s Breach Post-Traumatic Stress Disorder. This session will highlight the steps leaders can take to ensure that their security teams are mentally prepared – and staffed for the next potential attack. Building unit cohesion before the attack is paramount to keeping a resilient team. The session will offer tips on organizational restructuring, how to conduct a COBIT-styled process analysis, cross training and procedural reframing. We will also discuss the criticality of empathy and how to build it into the culture.
Presented by Oz Alashe – CEO, Cybsafe
In this lighthearted and entertaining talk, Oz Alashe will introduce the audience to the world’s most comprehensive security behaviour database, SebDB. Freely accessible, open to all and vendor agnostic, SebDB is a digital compendium that contains information on every security behaviour known to reduce human cyber risk. It’s an open source research initiative that’s been developed by the global security community. It’s now on its third iteration.
Presented by Danny Jenkins – CEO & Co-Founder, Threatlocker
Risk of data loss and operational disruption can stem from more than the ransomware in news headlines. Join ThreatLocker’s Co-Founder and CEO for a live hacking demonstration of a Rubber Ducky and discussion on methods of control to minimize data exfiltration.
Luke Lack – Special Agent, United States Secret Service
Chris McMahon – Special Agent, United States Secret Service
This presentation takes a deep dive into cyber investigative techniques utilized to target, identify, and prosecute cyber criminals participating in an international sextortion scheme, including working with foreign LE counterparts while facing the challenges that come along with having no mutual legal assistance treaty (MLAT) between our countries.
Presented by Dr. Sadia Afroz – Lead Scientist, Gen
Despite recent hype, AI has been built into cybersecurity tools to spot threats and keep consumers safe for decades. While cybersecurity companies are always evolving to adopt new technology and stay one-step ahead of bad actors, we know that many of the tried-and-true cybersecurity best practices we used 10 and 20 years ago still work. No matter how advanced tech and AI get, the biggest threat – and the best defender – to security is always the person behind the device.
The future of cybersecurity will require a holistic approach that combines AI-enhanced tools and foundational basics to protect internet users.
Presented by Lynsey Wolf – Global i3 Investigations Team Lead, DTEX
With the increasing number of vulnerabilities to data theft, protecting sensitive IP is becoming challenging, and current responsive action isn’t working. The key to staying left of boom begins by defining the problem and understanding the difference between insider risks and insider threats. In this presentation, DTEX will provide a pragmatic approach to understanding and influencing human behavior. The discussion will explore three key pillars to reducing insider risk in today’s evolving threat landscape:
– Communication – cultivating a trusted workforce.
– Information – capturing the right data to accurately identify risk.
– Technology – collecting/correlating datasets that accelerate proactive risk detection.
Shelby Flora – Managing Director, Accenture
Aaron Cohen, AVP, Global Strategic Alliances, Immersive Labs
Security Awareness leaders recognize the importance of reducing the human attack surface to protect their organization, but those attack vectors go well beyond phishing or social engineering. As businesses shift to the digital realm, security skills should be federated across the organization to ensure proper resilience and integration of security best practices. But how do you engage these cyber champions? By identifying hidden talent and interests, as well as providing access to best-in-class learning opportunities. Cyber acumen is the new business acumen… how do we get ready?
Hosted by David Spark – Executive Producer, CISO Series Podcast
- Aaron Hughes – CISO, Albertsons Companies
- Rob Duhart – Deputy CISO, Walmart
Two special guests will join host David Spark to discuss topics in cybersecurity leadership, dealing with security issues, and how cybersecurity practitioners work with security vendors, with a few games and audience participation too!
Thursday, September 7
Presented by John Elliott – Author, Educator, Pluralsight
Whenever we ask someone to do a “security thing”, we also affect their perception of the security function in our organisation, and their perception of security things more generally. We also require them to spend some of their limited compliance budget. Using interaction journey maps we can explore what people are thinking and feeling when they are required to interact with security-related applications and functions. A focus on improving these interactions reduces the demand on someone’s compliance budget, and also avoids driving people to adopt shadow IT or shadow security.
Presented by Ashley Jones, Cybersecurity Advisor, Region 3, Cybersecurity and Infrastructure Security Agency
Secure by design means building technology products and systems with security in mind from the start. It’s time to build cybersecurity into the design and manufacture of technology products. Find out what it means to be secure by design and what that looks like. We will discuss this proactive approach to addressing security that emphasizes the importance of building security into the design of products and systems.
Presented by Dr. Lance Hayden – Chief Information Security Strategist, Vericast
ChatGPT and similar generative AI tools have exploded into our lives and into many organizations. Some companies (and countries) have banned ChatGPT completely, while others encourage its use. This presentation explains how to craft a ChatGPT governance program unique to your organization’s needs and risk tolerance. Controlling risk involving generative AI tools is accomplished by combining policies and processes, technical controls, and targeted user awareness training. There is no right answer for how to implement or restrict generative AI. Like any new security and privacy challenge, the solution is proactive risk assessment, well-designed controls, and effective user education.
Brandon Pugh – Director, Cybersecurity and Emerging Threats, R Street Institute
Lisa Plaggemier – Executive Director, National Cybersecurity Alliance
Concerns around personal data collection and use continue to rise, including from adversarial countries and emerging technologies and applications leveraging it. Yet, the United States does not have a comprehensive law to protect data privacy and security. This talk will explore the threat and risk, the current legal and regulatory landscape to protect data, policy solutions underway at the state and federal level, and how new technologies connect to this topic like artificial intelligence.
Presented by Andy Bennett – CISO, Apollo IS
Presented by Dr. Candi Ring – Cybersecurity Curriculum Developer, CyberFlorida
Cyber Florida’s Operation K12 program engages more than 40 schools districts across Florida that represent 89% of Florida’s public school children. A multi-pronged approach, Operation K12 provides a variety of resources and pathways to engage kids in cybersecurity awareness and career education beginning in elementary school and including a high school course that prepares students for cyber careers right out of high school. Learn how Cyber Florida established and implemented this effort statewide in under two years, successful approaches and resources, and challenges overcome.
Presented by Morgan Floyd – Information Security Training and Awareness Coordinator, Texas Health and Human Services
Training security professionals so they can better defend our organizations should be an uncomplicated process, but in the rapid-changing industry of cybersecurity, it’s surprisingly difficult. We know they need training but how do we know which training? To answer that question, we created a program, based on the NICE Framework, that identifies what our security professionals do and helps us understand what they need. Through the creation of NICE work-role mappings, specific data tracking and administering knowledge assessments, a path emerged from the chaos. This is the retelling of our trek to create an Information Security Role-Based Training program in the hope it will help others on their journey.
Moderated by Alexandra Panaretos – Proofpoint
- Yee-Yin Choong – NIST
- Anne Roberts – Christian Brothers College High School
- Dr. Candi Ring – Cyber Florida
It’s never too early to talk to kids about online privacy, security, and risky online behavior. In this session, learn key takeaways from recent research, including best practices on how parents can influence their kids’ online activities. Today’s children are “digital natives” and most have never experienced a world without social media and smartphones – everything is at their fingertips. Fortunately, current research shows that kids view online privacy and security as things they can control, but parents are instrumental in helping children understand risks and potential consequences.
- Betsy Balgooyen Keller – Cyber Awareness Program Manager, Bank of America
- Rachel Attewell – Bank of America
Using real threat intelligence in your cyber security awareness efforts gives your target audience insight into the threats they may encounter. Making the threats as real as possible helps drives audience engagement and reduce information security risk. We will be sharing examples and a framework to help you implement this into practice.
Presented by Anthony Hendricks – Director/Shareholder, Crowe & Dunlevy
Last year Joe Sullivan, the former CSO of Uber, was found guilty of covering up a data breach. While some believe this case is an outlier, Congress has attempted to pass legislation holding executives personally responsible for data breaches. In addition, Federal Agencies have taken a similar approach, and earlier this year, the SEC sent out “Wells” notices of potential enforcement actions to SolarWinds executives regarding its 2020 data breach, including for the first time to a CISO. Sullivan’s case and the recent actions from the SEC raise questions about whether similar charges will be brought against executives that fail to report breaches, how employees and executives can protect themselves, and the complexities of having 50 different state reporting requirements. This presentation will explore Sullivan’s case and other recent enforcement actions against cyber professionals. Next, there will be a discussion of the various attempts by Congress to expand liability against executives for data breaches and what it may mean for future legislation. Third, the presentation will explore the difficulties in determining whether a company must report because of the various state reporting requirements. Finally, the presentation will discuss how companies, boards, and executives can protect themselves from potential liability.
- Vishal Amin – General Manager, Microsoft
- Lisa Plaggemier, Executive Director, National Cybersecurity Alliance
Presented by Lisa Plaggemier – Executive Director, National Cybersecurity Alliance
5:00 PM – 5:30 PM: Arrival and Networking with Drinks and Snacks
5:30 PM – 6:15 PM: David Spark of the CISO Series LIVE Game Show
Join David Spark, producer of the CISO Series Podcast as he hosts an epic game show segment. We’ll have special guests on stage answering questions, testing their knowledge and having fun. The audience will have opportunities to play along, so grab a drink and join us!
6:30 PM – 7:00 PM: Guest Speakers and Remarks
7:00 PM – 9:00 PM: Social gathering in ballroom and rooftop
Kick back, enjoy some apps and drinks with your colleagues in our pre-function foyer and the epic “Top of Gate” rooftop terrace at the Watergate. Photo booth, drinks, desserts will be available as we celebrate 20 years of successful Cybersecurity Awareness Month campaigns.