Full Agenda
Wednesday, January 17
Presented by:
Max McKenna, Director of Partnerships, National Cybersecurity Alliance
Lisa Plaggemier, Executive Director, National Cybersecurity Alliance
Presented by Alaina Clark – Assistant Director for Stakeholder Engagement, Cybersecurity and Infrastructure Security Agency
Presented by Matthew Gibson – President and CEO, Kentucky Derby Festival
In today’s ever-evolving world of cybersecurity, safeguarding large-scale public events is paramount. Join the fascinating discussion that delves into a successful Public/Private Partnership model meticulously designed to ensure the safety of the Kentucky Derby Festival in Louisville, Kentucky. Over 1,200 public safety personnel and multiple government agencies are required to support the security and connectivity of the largest open-air festival in the country. This discussion explores the intricate coordination, education, communication, and connectivity between public safety agencies and private event organizers to ensure public safety and successful events.
Presented by Michal Gil – Head of Product Management, CybeReady
In Security Awareness: A Holistic Approach to Personalized Training, inclusivity is paramount. Workforces are diverse, and training must be inclusive, empathetic, and valuable. This presentation delves into five key aspects: Localization: Tailoring training for global effectiveness. New Employees: Non-judgmental onboarding. Multi-Level Engagement: Engaging various roles and learning habits. Accessibility: Designing for those with disabilities. Multichannel Approach: Diverse content delivery. Inclusivity is essential in cybersecurity; let’s make it the heart of our strategy.
Presented by:
Meghna “Chili” Pramoda – President, SafeTeensOnline, Inc.
Manav Pulluru – Florida Ambassador, SafeTeensOnline, Inc.
The speakers surveyed over 2,000 teens around the world to learn of student online familiarity, experiences, exposure to cyber incidents, and recovery from them. They share takeaways from their study to encourage including the teen voice and experience in systems designed to protect teens.
Presented by Chris Farr – Vice President, Client Success, Strider Technologies
What transferable skills make for a successful cybersecurity awareness professional? What career experiences translate into awareness positions and where might you land after? Chris Farr will answer those questions by detailing his unique career path, from commercial roles to learning and development to lean six sigma to cybersecurity, and now combining all of those at a client-facing role in an intelligence startup.
Presented by Perry Carpenter – Chief Evangelist and Strategy Officer, KnowBe4
Join Perry Carpenter for a journey through AI’s transformative impact and its amusing, sometimes bewildering, oddities. Drawing from Perry’s experience as a content creator, educator, and social engineering strategist, this session offers a rich blend of practical insights and forward-thinking approaches. We merge perspectives from cybersecurity, philosophy, technology, and ethics to examine AI’s role in enhancing content creation, where it acts as a helpful (though not fully trusted) partner. Additionally, we’ll delve into AI’s more troubling aspects – where it shifts from being a mere tool to an entity capable of deception and manipulation, reshaping our traditional views on trust and integrity. Participants will gain a deeper understanding of how to navigate and leverage the complexities of AI and digital interaction in today’s rapidly evolving technological landscape. Whether you’re an AI expert or simply AI-curious, this talk aims to demystify artificial intelligence.
Presented by Theo Zafirakos – Security Awareness Speaker, Fortra
Presented by:
Jake Wilson – Security Awareness Evangelist, Western Governors University
Ashley Rose – CEO & Co-founder, Living Security
The transformative power of engagement is well-documented in learning and behavioral science. When individuals are fully engaged, they’re not only more likely to absorb information but also to act on it, leading to meaningful behavioral changes. This insight is particularly crucial for security program managers, who often prioritize employee engagement as a key objective and measure of success. However, a recurring challenge emerges: the same employees are consistently engaged, while those posing the greatest risk often remain disengaged. This is where Human Risk Management (HRM) comes into play, offering a data-driven solution. By identifying and understanding the most at-risk individuals within an organization, HRM enables targeted, personalized, and impactful communication strategies. This approach fosters not just awareness but also a sense of responsibility and ownership regarding security risks.
Presented by Debra Richardson – Consultant, Debra R. Richardson, LLC
Accounts Payable is a critical team within every organization. From setting up vendors, changing remit information, and handling inquiries – these team members are consistently susceptible to being targeted by cybercriminals for payment fraud. This presentation will outline those risks not controlled by systems and what Cybersecurity Leaders should monitor and recommend to the Accounts Payable team to prevent fraudulent payments.
Presented by J.C. Checco – President, ISSA NY Metro Chapter, NY Metro Information Systems Security Association
Most of the focus on Zero Trust has been around the infrastructure changes and their supporting technologies. However, the key to zero trust is to focus on people, identities and behaviors.
Hosted by David Spark – Executive Producer, CISO Series Podcast
Special Guests:
Brett Conlon, CISO, American Century Investments
Mical Solomon, CISO, Port Authority for NY and NJ
Podcast Recording Live on Stage
Thursday, January 18
Presented by Dr. Deanna Caputo – Chief Scientist for Insider Threat Capabilities, Senior Principal Behavioral Psychologist, MITRE
This presentation describes a study conducted by MITRE behavioral scientists to empirically measure whether a skills-based training model improves real employee performance in risk recognition and reporting behaviors for email and text malicious elicitation above traditional awareness-based training model. A total of 72 employees of The MITRE Corporation volunteered for the 28-week study focused on improving risk recognition and reporting of malicious elicitation. Employees in the awareness-based and skills-based training groups were asked to review the same traditional awareness-based security training materials and a new MITRE Malicious Elicitation Training Module. The 36 participants in the skills-based training group also completed skills-based security training that included practice and feedback. Unbeknown to all employees, the testing phase of the study continued for another 26-weeks to evaluate effectiveness in risk recognition (i.e., what to report) and reporting (i.e., how to report) over time. Check out Dr. Deanna Caputo’s presentation to hear about the fascinating results!
Presented by:
Jason Hoenich – VP, Service Delivery, Arctic Wolf
Todd Snapp – VP, Security Awareness & Training, Arctic Wolf
In this engaging session, delve into the mind of a social engineer with Todd Snapp, an expert who has utilized human psychology to infiltrate companies. Discover the cunning tactics employed by social engineers and the subtle art of manipulating human behavior for unauthorized access. Then, shift gears with Jason Hoenich, a seasoned Security Awareness Professional, as he unveils his strategies for outsmarting such deceptive techniques. This presentation is a deep dive into the real-world cat-and-mouse game between hackers and defenders, offering a unique perspective on the human element in cybersecurity.
Presented by:
John Trest – Chief Learning Officer, VIPRE Security Group
Tre Fears – Strategic Product Manager, VIPRE Security Group
Join our presentation as we explore the new benefits and threats of Generative AI tools in security awareness training. Discover how AI can empower trainers to streamline training creation, improve training quality, and bolster training reinforcement. While AI tools offer immense benefits, understanding their limitations is crucial. We’ll delve into the boundaries of AI in training development, emphasizing the need for human judgment and the application of adult learning principles. Additionally, we’ll discuss how AI is reshaping the cyberthreat landscape in the workplace, and how you can equip employees with the knowledge to recognize and mitigate these emerging threats.
Presented by Nick Leghorn – Chief Information Security Officer, Bluecore
Every organization has policies, and for good reason. Consistent decision making, standardized approaches, and clearly defined roles and responsibilities makes sure that everyone understands how to interact with different teams to get things done. Policies are good but almost everything about the way we commonly do them is an awful experience, from the team that has to draft this monstrosity of legalese, to the long and drawn out approval process where arguments about commas last long into the night, to the poor engineers who need to bring it to an oracle to decipher it so they can do their jobs.
Rather than sticking with the status quo, Nick has developed a new approach to policy documentation that aims to reduce all of these pain points and make policies a legitimately useful document for everyone in the business, from upper management to legal and even engineering teams, all while maintaining compliance with applicable laws and regulatory frameworks.
Presented by Angel Jordan – Sr. Manager, Security Engagement and Education, Oportun
Angel will share her real-world examples of how to create multi-modal, fun and engaging Cybersecurity Awareness program activities that have been implemented on a tight budget.
Presented by Akash Verma – Technical Program Manager, Cybersecurity, Google
This presentation investigates the interplay between user behavior, human-computer interaction (HCI), and the critical concept of cyber hygiene. We delve into how user actions and interface design can impact cybersecurity practices. Join us on this journey to understand how these factors shape a secure, user-centric digital world, as seen through the lens of HCI and user engagement.
Presented by Dr. Bob Hausmann – Manager, Learning Architecture & Assessments, Proofpoint
Behavioral economists often focus on incentive structures to better understanding human behavior. If we apply that lens to the domain of cybersecurity, what insights might we find? Most obviously is the lack of alignment between an employee’s incentives and the organizational requirements for behaving securely. For example, if an organization prioritizes and rewards high levels of productivity, then employees are going to behave according to those incentives. They will favor expediency over security. The purpose of this talk is to highlight misalignments in incentive structures and propose a methodology for realigning them.
Presented by Peter Warmka – Founder, Counterintelligence Institute, LLC
Most successful data breaches are initiated by human hacking. Threat actors carefully select, assess, and manipulate key employees within a target organization who in turn become the “insider threat.” Advanced social engineering techniques are employed to effectively circumvent the policies, procedures and technological controls put in place to safeguard proprietary information, client data and sensitive personnel records.
For over 20 years of his career with the Central Intelligence Agency, Peter developed expertise in the identification, assessment, and manipulation of insiders to breach the security of target organizations in pursuit of high value foreign intelligence. He now shares his insight to help protect organizations and employees against external threats.
Moderated by Alexandra Panaretos – Director, Professional Services, Proofpoint
Participants:
- Steven Miller – Information Security Awareness Specialist, Newell Brands, Inc.
- Brittany Whitehurst – Senior GRC Analyst, American Society of Clinical Oncology
- Hernan Popper – Founder & Principal Consultant, POPP3R Cybersecurity
Presented by Anthony Hendricks – Director & Chair, Cybersecurity Practice Group, Crowe & Dunlevy
After almost every high-profile data breach, companies point the finger at employees. Human error is the number one cause of data breaches, and researchers have found that employee mistakes cause almost 88% of data breaches. However, these statistics don’t tell the whole story. Employees play a vital role as the first line of defense in stopping breaches. While employee mistakes can cost companies millions, these mistakes are often a sign of ineffective policies. This presentation will explore the role employees play in cyber incidents, examine some high-profile examples, and then outline how companies can make employees their greatest cyber defenders.
Presented by Oz Alashe – CEO, Cybsafe
Presented by Bill Malik – VP, Infrastructure Strategies, Trend Micro
Our current method for developing cybersecurity awareness and training programs is fundamentally flawed. It treats people and their behavior as an afterthought. By reorganizing our information security programs around human behavior, we can substantially reduce our effective attack surface, improving organizational safety, security, and trustworthiness. This session will help you understand how to build a strong culture of security and safety awareness by interweaving technology and process with the organizational element.
Presented by Lisa Plaggemier – Executive Director, National Cybersecurity Alliance