Security
& Risk

When you reduce something by 100%, you essentially eliminate it. But what does it mean to reduce something by 150%? JupiterOne will share findings of the recent Total Economic Impact™ of JupiterOne study and highlight how JupiterOne’s cyber asset attack surface management (CAASM) platform provided the depth and breadth of visibility to: identify 250% more cyber assets, reduce the number of SecOps resource hours by 85%, and derive 318% return on investment.

Speakers:
Tyler Shields, Chief Marketing Officer, JupiterOne

This session will go into specific details on SBOMs. Topics that will be covered are “Why do I need an SBOM?” “Who is responsible for an SBOM?” plus more.

Speakers:
Matt Rose, Field CISO, Reversing Labs

The integrity of mainframe data and software is critical to the success of your business. Understanding mainframe integrity is a critical component of security strategies. It isn’t just about user authentication/ authorization. An appropriate analogy is locking the front door to your house but leaving your windows open. Learn what is a mainframe integrity vulnerability, why you care, what responsibilities you have with regards to integrity, what you can I do to stay compliant.

Speakers:
Ray Overby, Co-Founder & CTO, Key Resources Inc.

Is your organization strong on compliance but lacking when it comes to risk management? Join Sean McClanahan, Compliance Manager of SumTotal’s Cloud Operations (part of Cornerstone OnDemand), and Rob Ellis, SVP of Product Strategy at Reciprocity, as they discuss SumTotal’s journey from a foundational risk program to a strategic approach that ties risk to business priorities.  You’ll leave seeing risk differently, delivering better outcomes with less effort and more effectively communicating risk to the C-Suite and Board.

Speakers:
Rob Ellis, Senior Vice President of Product Strategy, Reciprocity
Sean McClanahan, Compliance Manager, SumTotal (part of Cornerstone OnDemand)

Hear from CIOs Jake McClean and Tom Molden on using a transformative approach to IT Operations, Risk Mitigation & Threat Response. They will cover how Tanium uses converged endpoint management to see, control, and remediate every endpoint for Tanium’s thousands of employees around the world, all while getting their weekends back and enabling a more streamlined IT and security organization.

Speakers:
Jake McClean, CIO, Tanium
Tom Molden, CIO Sales, Tanium

In this case study, users will learn about the key challenges regarding the cybersecurity landscape that’s solved with the ThreatLocker Solution as well as the cost-benefit analysis and total economic impact it had on it’s users

Speakers:
Ryan Bowman, Director of Solutions Engineering, ThreatLocker

Implementing a PAM solution provides impressive features and improved security. As beneficial as this is, it can be difficult to incorporate into your current processes. Because of this PAM is often met with resistance. In this session we will: review the benefits of implementing a PAM solution, look at a typical new hire onboard and how that relates to PAM, least privilege, and session management.

Speakers:
Jason Silva, Senior Solutions Architect, BeyondTrust

Attack surfaces are expanding, spurred on by the continuous release of new digital services and business transformation. In this session, you will learn why it’s time to implement an attack resistance management strategy to find unknown risks missed by automated tools, then unlock the security expertise of ethical hackers to identify critical gaps and prioritize fixes for your exploitable assets.

Speakers:
Sean Ryan, Senior Principal Technical Product Marketing Manager , HackerOne

Over the past decade, ransomware attacks have plagued organizations globally. Unfortunately, traditional perimeter-based solutions cannot keep up. Once inside, attackers have unfettered access to the network and can move laterally infecting workloads along their path. With the fast-changing security landscape and evolution of attack vectors, organizations need to change their mindset from breach prevention to breach containment. Building robust cyber resilience requires organizations to embrace Zero Trust Segmentation.

Speakers:
Aditya Krishnan, Technical Marketing Engineer, Illumio

In the months following the start of the pandemic, as ransomware groups targeted the healthcare industry, the customer experienced a ransomware incident which, prior to containment, encrypted 2500+ servers and caused a shut down of its application systems and network. Using its minimum viable company (MVC) strategy, Kyndryl lead the recovery effort ensuring restoration for a phased business resumption, minimizing impact of the attack and also helped develop processes to minimize impact of future attacks.

Speakers:
Rhonda Childress, Chief Innovation Officer, Kyndryl
John Greenough, Head of Market Relations, Security & Resiliency, Kyndryl

Every organization’s culture has a true north that demonstrates how secure that organizations’ data is. As security leaders, we have a choice – is it better to correct behavioral drift away from this true north at the time it happens or give it free reign to establish a new norm? Join to learn more about the critical role culture plays in building a security aware organization as new technologies bring new vectors for data exposure when behavior is unchecked.

Speakers:
Rob Juncker, CTO, Code42

The digital landscape has dramatically evolved over the past ten years. Phishing, malware attacks and crypto scams using ads as a vector are on the rise. Sophisticated cyber criminals are a threat to any digital user and enterprise organization. This case study will go into detail and provide insight into the detection of Mac malware attacks, malware families and notarized Mac malware.

Speakers:
Louis-David “LD” Mangin, CEO and Co-Founder, Confiant

With nearly a thousand stores and decades as a leading retailer, Bed Bath & Beyond always has the security of its business assets and its customers’ sensitive information as a top priority. As they’ve battled the impact of COVID, as well as changes in strategic direction that are impacting many large organizations, it’s become even more critical to enhance the cybersecurity efforts via policy and standards analysis, risk quantification, and the continuous safeguarding of customers credit card data. Join us for this session, to hear about the on-going journey of building out a leading program in information security and risk management, as well as where they plan to focus on staying ahead of future threats.

Speakers:
Tameka Foster, Director, Risk Operations Center, Bed Bath & Beyond
Rebecca Dodson, Partner, Security Strategy Risk & Compliance, Americas, IBM Security

Geopolitical issues have spilled from urban warfare into cyber warfare, adding a new challenge to security programs. Consequently, we implemented an Active Defense strategy to bolster our defense against aggressive adversaries and respond effectively, as well as transform our Security Operations Center (SOC). This yielded astonishing results, and I’d like to share the blueprint with you.

Speakers:
Wasif Khan, V.P. InfoSec Operations, CNA Insurance

Cyber risk is a continuously changing risk that companies struggle to understand and mitigate. Many companies today try to measure and communicate cyber risk with heat maps, technical metrics, or with subjective analysis. ThreatConnect and Snowflake, an RQ customer, will walk you through a case study to describe how quantified risk is being used to identify, communicate and begin to mitigate cyber risk in a data driven, defensible manner.

Speakers:
Josh Mckibben, Director of Global Security Compliance & Risk , Snowflake
Jerry Caponera, General Manager, Cyber Risk Quantification Products, ThreatConnect

We know “compliance is not security.” But why? Because we’ve been conditioned to see compliance as a set of checkboxes: No security value or insights to inform decisions, just a cost of doing business. No reason these should be separate functions, yet most enterprises struggle to derive security value from their compliance programs. As Continuous Monitoring becomes a standard requirement, static compliance won’t be an option. Learn how to evolve to Converged Continuous Compliance.

Speakers:
Igor Volovich, Vice President, Compliance Strategy, Qmulos

People continue to debate about XDR. Is it a product? An approach? Some use the XDR acronym, but aren’t clear what the capabilities are. Whatever the future holds, Rapid7 believes that XDR outcomes are something for which every organization should strive. We believe the best solutions out there incorporate SIEM capabilities, threat intelligence/digital risk protection, and automation and orchestration that help speed response times and greatly decrease your risk exposure.

Speakers:
Jeffrey Gardner, Detection & Response Practice Advisor, Rapid7

Growing a security-aware culture is essential to keep your organization secure. Discover how you can do just that by leveraging the Security Culture Index (SCI). This feature enables you to transcend one-dimensional risk assessments with unique, data-driven ratings for your organization’s end-users. In this session, you’ll learn how end-users will benefit from SCI info, the components that fuel successful SCI implementation, and you’ll also get an overview of the Terranova Security Awareness Platform.

Speakers:
Charles Boisseau, Director of Sales – Americas & EMEA, Terranova Security

During this session, you will learn from peers how they identify, align with, and influence critical stakeholders whose support is needed to successfully execute on their cybersecurity programs. Below are the topics we will cover:

• Who are the supporters, and detractors for your cybersecurity program, and how do you influence them?
• How do you deal with organizational politics?
• How do you lead your organization, and your team, through change?

Speakers:
Jinan Budge, VP, Principal Analyst, Forrester

During this session, you will learn from your peers how they are thinking about cloud and ZT. Below are the topics we’ll explore during our conversation.

• What is your organization’s actual threat surface in the cloud?
• How is cloud facilitating or inhibiting your journey to Zero Trust?
• How can you work across the organization to apply Zero Trust, to the cloud and elsewhere.

Speakers:
David Holmes, Senior Research Analyst, Forrester

During this session, you will learn from your peers how they are approaching the transition from RSA and ECC to post-quantum encryption. Below are the topics we’ll explore during our conversation.

• Timelines for transition and where to start
• The NIST post-quantum competition
• Implementing cryptographic migration internally and working with third parties

Speakers:
Sandy Carielli, Principal Analyst, Forrester

As cybersecurity leaders and managers prepare for scrutiny on spending budgets due to macro inflationary pressures, organizations are looking to automation and managed services providers to realize more value from their technical security controls investments. Learn how you can reduce your organizational risk and improve your security posture by focusing on increasing the effectiveness of your security operations center through metric-driven productivity gains.

Speakers:
Chris Carlson, SVP Product, Critical Start

According to recent reports, 70% of Security and Risk Management (SRM) leaders will be deploying Cyber Risk Quantification (CRQ) solutions that are driven by statistical and machine learning techniques in the next two years. ThreatConnect RQ is the only CRQ solution that provides multiple models for calculating cyber risk in financial terms including FAIR, Semi Automated FAIR, and Machine Learning / Statistical methods. This session will provide an overview of CRQ, how and where various models apply, and how you can rapidly deploy and make actionable recommendations from CRQ using a data driven approach.

Speakers:
Jerry Caponera, General Manager, Cyber Risk Quantification Products, ThreatConnect

The term best practice is used a lot, and the definition can differ between organizations based on risk appetite and tolerance. Similarly, the term, ‘PAM’ is also often mis or overused. This session will look at how PAM is defined today, understanding how privileges are used within your organization, and some useful tips to start or mature your security model. This will help your organization move towards just-in-time and a Zero Trust security model.

Speakers:
Jason Silva, Senior Solutions Architect, BeyondTrust

CyberProof transformed a global insurance company in a highly regulated market to a cloud native architecture. As an early adopter of the Microsoft security stack including the Microsoft Sentinel SIEM, CyberProof and our client overcame many challenges to meet the needs of this complex transformation while achieving many expected and unexpected benefits. As a result, we believe the cloud native security architecture is the future and the time to transform is now. Attend this session to understand why.

Speakers:
Tony Velleca, CEO, CyberProof

In this session, participants will better understand how to achieve a higher impact security culture and how to view awareness through the lens of organizational culture.

Speakers:
Joanna Huisman, SVP of Strategic Insights & Research, KnowBe4

Cyberattacks and ransomware incidents are increasing in frequency and complexity. Successful attacks can be swift and crippling, leading to a ‘Cybergeddon’. Recovery can often take weeks and taxes the delivery teams. Learn from experts who have led recoveries from over hundreds of ransomware and other cyber incidents over the past years, talk about their learnings and best practices for recovering from such attacks and maintaining the core purpose and integrity under duress

Speakers:
John Greenough, Head of Market Relations, Security & Resiliency, Kyndryl
Rhonda Childress, Chief Innovation Officer, Kyndryl

Development in Onspring can be very rapid, but what do you do when everything around you is changing? Learn how to navigate your use of Onspring while your business, the processes, and roles continue to change. This session will also review how you can integrate Onspring with other internal technologies, and share advice on how to avoid breaking existing infrastructure and harmonize cross-functional teams.

Speakers:
John Aaholm, GRC Technology Lead, American Family Insurance

Come see the power of automation in the new tailored IBM Security AGS solution that operationalizes cybersecurity compliance and ensures both time-and cost-effectiveness. In this demo you will learn how the most time-consuming tasks of compliance can be automated and streamlined such as control selection, implementation, validation, continuous monitoring, and more.

Speakers:
Evelyn Anderson, IBM Distinguished Engineer, IBM Master Inventor, IBM
Hugh Barrett, Chief Product Officer, Xacta

You might think your storage bucket is secure because your CSPM is not flagging any misconfigurations. But does that stop an attacker from finding a path? In this session, we will review Orca’s agentless CNAPP solution and how context prioritizes risk to assets and business impact.

Speakers:
Gus Evangelakos, Director of Field Engineering, Orca Security

LThe impact of risk on business priorities can be hard to see making InfoSec investments difficult to justify. Yet, it’s your responsibility to help your Executives choose the right level of investment to defensibly protect your company as it operates, grows and expands. Join Reciprocity as we discuss how a unified, real-time view of risk —framed around your business priorities—provides the contextual insight needed to clearly communicate with key stakeholders to make smart, strategic decisions.

Speakers:
Lori McKellar, Senior Director - Product Marketing, Reciprocity

On June 24, 2022, Censys uncovered two Russian hosts leveraging a publicly-available Command and Control tool, a commercial exploit tool, direct links to two Bitcoin nodes, and ransomware kits tied to the Medusa Locker ransomware group by leveraging JARM and certificate pivoting as well as investigating historical postures of said hosts. We will walk you through this process and provide you with the playbook necessary to launch your own proactive threat hunts.

Speakers:
Matt Lembright, Director of Federal Applications, Censys

Segmentation projects have long suffered because traditional network centric approaches are overly complex, and are often unable to show any benefit until fully executed. Zero Trust Segmentation is different. Decoupled from the infrastructure, and focused on providing value at each step it enables agencies to progressively adopt microsegmentation to reduce the threats of ransomware and breaches, and continuously increase their cyber resilience – across data centre, endpoint and cloud. Join this session to find out how.

Speakers:
Gary Barlet, Federal Chief Technology Officer, Illumio

For decades, the confluence of globalization and digitization drove supply chains toward increasing complexity, optimization, opaqueness, and insecurity. These physical and digital ties are fracturing at a rapid pace along geopolitical fault lines, powered by growing interstate hostilities, global trade wars, the Splinternet and emerging technologies, and an unprecedented pace of regulatory change. This session will detail the challenges and opportunities associated with these ‘techtonic’ shifts and how organizations can take steps toward greater resilience during significant geopolitical uncertainty. 

Speakers:
Dr. Andrea Little Limbago, VP of Research and Analytics , Interos

Telus is on a mission to drive meaningful change — from transforming healthcare to making our food supply more sustainable to reducing our environmental footprint while connecting Canadians in need. Pam Snively has played a pivotal role in this transformation – evolving alongside the business from Chief Privacy Officer to the company’s first Chief Trust Officer. In this session she will share her journey transforming privacy, ethics, and data literacy at Telus to extend trust and make a meaningful impact.

Speakers:
Jason Sabourin, GRCP, CIPP/E, CIPM, CSPO Director, Product Management, OneTrust
Pam Snively, Chief Data & Trust Officer, TELUS

Organizations are routinely faced with combating unknown risks and humans making mistakes that policies cannot predict. The impact can be catastrophic since investigating and mitigating these incidents drains time and resources. There is a simpler option that allows a deeper understanding into data loss prevention. Join B. Riley Financial and Tessian as we discuss how to reduce insider threat and data loss risk with a behavioral intelligence based approach.

Speakers:
Aaron J. Goodwin, Chief Information Security Officer , B. Riley Financial
Jen Gerhart, Senior Customer Success Manager, Tessian

Attendees will learn how Code42 Incydr, the leading Insider Risk Management solution, helps security teams detect, investigate and contain data loss. Combining the strengths of DLP, CASB, UEBA and Security Education and Awareness, Incydr stops data loss and theft without disrupting legitimate collaboration in cloud-based, hybrid work environments. This presentation addresses protection of valued IP – source code, business plans, Salesforce lists, regulated data – from moving to untrusted locations like Git, Google Drive, OneDrive and iCloud.

Speakers:
Joe Payne, President & CEO, Code42

Ever faced with a time crunch and wanted to delegate some tasks? Or do you want to automate end-to-end without the pain of writing playbooks? Have you wondered what tools other cyber defenders use to handle certain situations? You’re not alone. StrikeReady has democratized human intelligence with the first-ever AI-based cyber assistant, CARA, so you can augment your skills, knowledge, and scale. Get to know CARA at this session.

Speakers:
Anurag Gurtu, Chief Product Officer, StrikeReady

During this session, you will learn from your peers how they are approaching extended detection and response (XDR). Below are the topics we’ll explore during our conversation.

• What is extended detection and response (XDR) beyond the buzzword?
• What dependencies and requirements do you need to consider before leveraging XDR?
• What are the top benefits and challenges security teams find using XDR?

Speakers:
Allie Mellen, Senior Analyst, Forrester

During this session, you will learn from your peers how they are approaching the optimization of security and convenience for workforce identity access management and governance. Below are the topics we’ll explore during our conversation.

• Joiner/Mover/Leaver user workflows and associated identity process challenges and improvements considering new remote workforce reality
• Using the “passwordless journey” as a contributor to improving the digital employee experience
• Reducing IAM operational burden to improve employee experience for those in support services, systems administration, and security operations roles

Speakers:
Geoff Cairns, Principal Analyst, Forrester

During this session, you will learn from your peers how they are approaching Securing cloud native technologies. Below are the topics we’ll explore during our conversation.

• What are the challenges of securing containers.
• What goes into securing serverless applications and their ecosystem.
• What are the benefits of infrastructure as code (Iac) security.

Speakers:
Janet Worthington, Senior Analyst, Forrester