Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Thursday, August 13, 2020
    8:30 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:00 am
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:00 am
    OPENING KEYNOTE:
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    9:45 am
    Networking Break
    • session level icon
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor
    10:00 am
    One Phish, Two Phish: Running Simulated Phishing Attacks
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Learn how USNH’s Phishing Awareness Program provides a realistic phishing experience in a safe and controlled environment to help our communities identify and avoid phishing attacks. Session includes an overview of program development, lessons learned, and advice for those considering similar programs.
    Presentation Level: General (InfoSec best practices, trends, solutions)

     

    10:00 am
    Building Blocks to Achieve Cloud Security
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Cloud computing has entered its second decade, and its prevalence is increasing, as “cloud first” is gaining more popularity than ever. Despite its prolonged existence, cloud computing still suffers from confusion and hype over how to secure the Cloud. Also, longstanding concerns such as cloud governance continue to muddle the opinions and approaches of CIOs, CISO’s, architects and IT leaders. This session is aimed to demystify the myth of cloud, being insecure and would emphasize on how to build the security blocks around Cloud while using varied service and deployments of cloud computing

    10:00 am
    [Panel Discussion] What Our Security Team Learned During COVID-19
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am
    Location / Room: 103

    This panel features honest dialogue about securing an organization through the pandemic, so far. What changed at an organizational level that required security to pivot? What kind of immediate impacts did the security team face and how were those overcome? How did security maintain adequate communication and controls in the midst of this rapid change? What are the greatest lessons for security coming out of COVID-19? Where do we go from here?

    10:30 am
    IoT Defense: A Holistic Approach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 11:00 am

    Reviewing the current state of IoT devices, their cloud endpoints and the connection between them to understand the threat landscape and where our focus needs to be in the years ahead.

    10:30 am
    Business Impact Assessments and Continuity Planning – Strategies for a Cybersecurity Roadmap
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 11:00 am
    Businesses consider several specific areas of security metrics when developing long term cyber security road maps. The metrics used are often focused on the current technology, incident handling, detection and response, and threat monitoring capabilities. Little attention is given to the Business Impact Assessments (BIA’s) and the Business Continuity Planning (BCP) implications of the organization. Both of these areas can help you expose potential gaps in the planning phase that may not have been considered when drafting a long term cyber security road map.
    This talk will center on a fictional company with a BIA for several departments along with a Business Continuity Plan (BCP) that shall be used to create a fictional cyber security road map. New CISO’s or those assuming the role shall benefit from this exercise by participating in the creation of the fictional road map.
    Presentation Level: MANAGERIAL (security and business leaders)

    10:30 am
    Leveraging Culture to Optimize Information Security
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 11:00 am

    To build a culture that optimizes security, an organization needs to set information security leadership appropriately. Strategically, it needs to understand the organization’s risk tolerance, codify it as policy, and communicate it. Based on risk tolerance, it needs to create a roadmap that moves the organization from ad hoc and compliance-based cultures to one that’s risk-based. Tactically, security management needs to regularly drive buy-in for risk tolerance and policy. In addition, management needs to foster a culture that learns from incidents and failures rather than a culture that focuses on assigning blame.

    11:00 am
    Networking Break
    • session level icon
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:15 am
    11:15 am
    Mid-Day Keynote
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    12:00 pm
    Networking Break
    • session level icon
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:30 pm
    12:30 pm
    Hey, Information Security: Be Part of the Digital Transformation or Be Left Behind!
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm
    “Digital transformation” (Dx) as a buzzword may be approaching the end of its life, but the fundamental concept—continuously improving the use of technology and data to provide value to customers—is real and critical to the survival of businesses. If information security teams don’t evolve to deliver the same Dx value and benefits to our organizations, then we risk losing our “customers” to intentional circumvention or preference for shadow IT providers. Make sure your information security team provides the core Dx attributes to your organization to cultivate value, loyalty, and trust.
    Join this session to learn how you can:
    •Embed security into your culture, technologies and processes
    •Empower innovation and expedite time-to-market through consistent security risk governance
    •Assess the impacts, goals and methods of likely cyber attacks and incidents
    •Align IT and security professionals with business objectives and risk tolerance
    •Prepare now for effective detection and response to reduce business impacts of incidents
    Presentation Level: MANAGERIAL (security and business leaders)
    12:30 pm
    Leveraging the Three Lines of Defense to Improve Your Security Position
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm
    Depending on your role, a three lines of defense risk management model can be your best friend or worst enemy. No matter your view, the data produced through these channels can help you better understand your weaknesses, work more effectively with senior management, and respond to a variety of scenarios.
    Presentation Level: MANAGERIAL (security and business leaders)
    12:30 pm
    Remote Work Risk: Privacy & Security Pitfalls and Best Practices
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:30 pm - 1:00 pm

    The sudden growth in the remote workforce exposed critical cybersecurity and privacy concerns that should be considered. This presentation will provide an overview of key legal considerations with remote work when it comes to privacy and security, as well as discuss some solutions to help mitigate risk as your employees work from home.

    1:00 pm
    Blue-Teaming and Incident Response for the "Win"
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:30 pm

    Does your company use Windows or is most of the environment Windows? Come to this session to specifically learn the ins and outs of what are the most critical things needed in order to establish a respectable blueteam program at your organization. Do you know what Windows security event log 4688 mean? What about others? What are the event logs that you should know by hand or have a cheat-sheet for? What are some tools that you should be using and how can you automate them to help detect lateral movement. Also, we will be leveraging opensource tools. No, additional $ is not required. Trying harder, building your technical skills and doing proactive threat hunting will help you and your team. “Don’t worry all of this information will be useful for all no matter what level.” Per time permitting, we might also quickly talk about incident response as well, initially. Also, bring your technical questions too during our Q&A session.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    1:00 pm
    Ethical Hacking and Cyber Ecosystems: Anticipating the Predators
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:30 pm

    In an ever-evolving digital landscape with cloud computing, mobility and IoT systems, more sophisticated approaches to vulnerability assessment are necessary. One of the central tools used in vulnerability testing is penetration testing, along with other techniques that are more broadly classified as ethical hacking. This discussion includes highlights from three case studies of ethical hacking in different settings. Highlights include approaches to ethical hacking and specific penetration techniques relevant to cloud computing and network security. Topics will also include challenges faced in ethical hacking within cybersecurity ecosystems and a discussion of a robust, integrative multi-layered used in ethical hacking.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    1:00 pm
    Teaching the Human: Security Awareness Program Design and Discussion
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:30 pm

    At any given moment in their work day, a person will make a security decision that will impact your organization.  Have you enabled your workforce with the knowledge to make the right one?  Generational and cultural differences, as well as learning styles, will all impact the design of a security awareness program.  Learn about these factors and how social engineering is the greatest threat your workforce faces in this session.

    1:30 pm
    Networking Break
    • session level icon
    Visit the Exhibitor Hall for vendor displays or connect in the Networking Lounge.
    Registration Level:
    • session level iconOpen Sessions
    1:30 pm - 1:45 pm
    Location / Room: Exhibitor Floor
    1:45 pm
    Closing Keynote
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:45 pm - 2:30 pm
Exhibitors
  • Checkmarx
    Booth:

    Checkmarx is the global leader in software security solutions for modern enterprise software development. Checkmarx delivers the industry’s most comprehensive software security platform that unifies with DevOps and provides static and interactive application security testing, SCA and developer AppSec training to reduce and remediate risk from software vulnerabilities. www.checkmarx.com

  • Cloud Security Alliance (CSA)
    Booth:

    The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

  • Cloud Passage
    Booth:

    CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.

  • Corelight
    Booth:

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com 

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • InfraGard Chicago
    Booth:

    All InfraGard participants are committed to the proposition that a robust exchange of information about threats to and actual attacks on these critical infrastructures is an important element for successful infrastructure protection efforts. This chapter is governed by our local bylaws.

    The goal of InfraGard is to enable the flow of information so that the owners and operators of infrastructure assets can better protect themselves and so that the United States government can better discharge its law enforcement and national security responsibilities.

  • ISACA Chicago Chapter
    Booth:

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Chicago area.

    Chapter meetings are generally held the third Thursday of each month at The Conference Center at One North Wacker (1 N. Wacker Drive, 2nd Floor, Chicago, Illinois 60606)

    Please check our web site from time to time for the most up-to-date listing of chapter related events and training opportunities.

  • (ISC)2 Chicago Chapter
    Booth:

    The mission of the Chicago Chapter is to advance the local Chicagoland information security community by providing its members with opportunities to increase knowledge, grow professional networks, share information and advance the profession as a whole by promoting certification, ethical behavior, and social responsibility.

    Our members consist of (ISC)² credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification. Our chapter program is focused on sharing knowledge and exchanging ideas among security professionals in the local area.  Ultimately, we want to advance the field of information security by educating practitioners and the public at large on how to protect and defend against security threats.

  • ISSA Chicago Chapter
    Booth:

    The Chicago Chapter of the Information Systems Security Association (ISSA) has a mission to offer a stimulating combination of discussion forums, hands-on learning, CISSP certification training, conferences, and other events which are designed to enhance understanding and awareness of information security issues for information security professionals.

    Whether you are exploring a career in cybersecurity, honing your technical expertise or an established security executive, the ISSA offers you a network of 10,000 colleagues worldwide to support you in managing technology risk and protecting critical information and infrastructure. Enhance your professional stature, expand your peer network and achieve your personal career goals. Your local chapter and ISSA International will provide you with a wealth of resources to keep you current with industry trends and developments in our ever-evolving field.

  • Okta
    Booth:

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Optiv
    Booth:

    The world’s most trusted and reputable security solutions integrator, Optiv enables its clients to realize stronger, simpler and less costly cyber security programs. The company combines decades of real-world business, security strategy and technical experiences with in-depth security products knowledge to bring order to the cyber security chaos.

  • RedSeal
    Booth:

    At RedSeal, our vision is to become the essential analytics and decision-making platform for building digitally resilient organizations people can trust. We do this by becoming the measure by which every organization can quantify its digital resilience. As thought leaders on resilience, we envision every organization starting the security discussion with the question “What’s our Digital Resilience Score?” Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

  • ReliaQuest
    Booth:

    ReliaQuest fortifies the world’s most trusted brands against cyber threats with its platform for proactive security model management. Acting as a force multiplier on an organization’s existing cybersecurity investments, only ReliaQuest’s GreyMatter integrates disparate technologies to provide a unified, actionable view that fills the gaps in enterprise security programs.

  • Synopsys
    Booth:

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store