top of page
Floorplan

Floorplan

Floorplanpic.PNG

Island

CyberOne

Sevco

Palo Alto Networks

Panther

6 Forcepoint

NetSPI

Spy Cloud

Rubrik

10 VMRay

11 Randori, IBM

12 Exabeam

13 Halcyon

14 Picus Security

15 Secureworks

16 Securiti

17 Ontinue, Open-Systems

18 Seemplicity

19 Kudelski Security

20 Team Cymru

21 Cloudflare

22 Talon

23 Axonius

24 Sysdig

25 Centripetal

26 Apiiro

27 Cycognito

28 Clear Technologies

29 GitLab

30 Recorded Future

31 Traceable

32 Mobius Partners

33 Tevora

34 Novacoast

35 Fortra

36 BeyondIdentity

37 Critical Start

38 Converge Technology Solutions

39 Rapid7

40 Armis

41 Abnormal

42 Salt Security

43 ExtraHop/Binary Defense

44 Vector0

45 Tines

46 Wallix

47 Anvilogic

48 Zyston

49 Nudge Security

50 Mimecast

51 Obsidian Security

52 Arctic Wolf

53 Set Solutions

54 Orca Security

55 WWT

56 Synopsys

57 Proofpoint

58 Checkpoint

59 TrustCloud/Kintent

60 Strike Ready

845

8:30 Keynote

Logo_Horizontal_for White BG.png

Title: How the Enterprise Browser is improving security, transparency, and trust in today’s workplace.

Speaker Info: Brian Kenyon is a founding member and Chief Strategy Officer at Island where he leads corporate strategy. Prior to Island, Brian was the CSO at Symantec and Blue Coat, Chief Technical Strategist and CTO of McAfee, and Chief Architect at Foundstone. Brian is also the author of Security Battleground: An Executive Field Manual, Security Sage: A Guide to Hardening the Network Infrastructure, and Special Ops: Host and Network Security, and a frequent speaker at cyber security events worldwide.

Session Info: 

The application enterprises use the most is the browser. In fact, in most enterprises it has become our primary work environment, but the browser we most often use was built for consumers. What if the browser was designed for the enterprise? What could that do for security, productivity and work itself? These are these questions we asked ourselves and three years later our customers are teaching us all that can be done. Join our session to see how Island’s Enterprise Browser is transforming the way companies do business. 

  

In this session Island will perform a live demonstration of: 

  

● Innovative features and possibilities for critical application protection 

  

● How organizations leverage Island for unmanaged devices 

  

● Create an employee experience centered on productivity and flexibility 

  

● Reimagine how IT leaders can enable users while creating unique business value 

9:30 Sessions

Auditorium

ontinue-mdr division-Digital.png

Title: An Untold Truth: 5 Key Things You Need to Know About Threat Response

Speaker Info: Jay Gregg is a Senior Sales Engineer at Ontinue based in the Dallas Metro. Jay has over 25 years of information systems experience with a specialization in the areas of network security and threat detection and response. His time over his career includes roles with Palo Alto Networks, Nutanix, Vectra, and other leading cybersecurity vendors where he's worked to help organizations secure their network and endpoint infrastructure from a dynamic and evolving threat landscape.

Session Info: At Ontinue, we've helped hundreds of customers mitigate threats and risk with our Managed Detection and Response offering and one of the things we've observed is that both vendors and customers have gotten much better at detection…but we struggle with response. Jay Gregg, Sr. Sales Engineer at Ontinue, will summarize what we've learned to hopefully give you a new perspective on threat response by asking the simple question of "Why is threat response so hard?"

Field Stage

Sevco Logo.png

Title: How can you protect what you don’t see?

Speaker Info: Darb is a Founding Engineer at Sevco Security. He brings over 35 years of information security experience to the team. Darb spent over two decades leading elite cyber security teams for the United States Air Force, followed by leading roles with the founding teams for Carbon Black and JASK. When not spearheading the fight to secure global networks, Darb and his wife Janine operate a 400 acre cow-calf operation in central Missouri. 

Session Info: 

Lack of visibility is the single biggest challenge facing security teams today—and in today’s dynamic IT environments, getting this visibility is a constant challenge. 

In this presentation, we’ll share the results from Sevco’s new report based on data from over 500 organizations. Our results show that while most organizations have the tools they need to protect their cyber assets (EDR, patch management, IAM etc.), large gaps in coverage exist.  And if organizations aren’t aware of all the assets in their environment, how do they know what to protect? These gaps in coverage can be exploited by attackers. 

In this deep dive into data from the second State of the Cybersecurity Attack Surface research report, we’ll share: 

* The extensive gaps in security tool coverage across organizations—and the security implications of these gaps 

*The surprisingly large number of personal devices accessing corporate IT environments and systems without any kind of protection 

* How over-licensing of stale devices can result in organizations paying more for tool and application usage than they actually need 

* What organizations can do to better address future vulnerabilities 

945

10:05 Sessions

Auditorium

Exabeam_logo_ full color_ dark.png

Title: The Science of Normal: Paradigm Shift to Cybersecurity Operations 

Speaker Info: Bob Reny is a recent addition to the CTO team at Exabeam. His 27 years of experience in information technology starting in systems administration and security in the US Air Force. This started a path for all things security, focusing on computer and networks. Bob has done network security design, firewall architecture, IPS deployment, network access control and end point security architecture. Large program security include zero trust, Operational Architecture safety/security. His expertise has supported customer organizations public and private. This covers scaling for many large federal agencies, global 1000 companies in many business verticals across finance, utilities, service, and technology.  Bob has been a CISSP for the past almost 22 years and continues to help organizations evaluate the broad security policy to streamline Security Operations Center activities. This includes improving cross-functional processes for change management, incident response, event escalation, and response.

Session Info: 

Learn simple ways to evaluate whether a technology is actually going to increase fidelity and reduce operational overhead/expense. 

• History of SOC operations & changes in metrics to improve organizational business alignment 

• How analytics revolutionize event triage & threat hunting 

• Organizational risk alignment of metrics using analytics framework 

Field Stage

TeamCymru_logo_horizontal_Black Text_1280 wide (1).png

Title: Deriving Insight from Threat Actor Infrastructure

Speaker Info:

Session Info: Highlight some startling observations about vulnerability exploitation

1020

10:45 Sessions

Seemplicity_logo_square.png

Auditorium

Title: Everyone’s Talking About Hyperautomation: Scaling Remediation 

Speaker Info: Ravid Circus is the co-founder and CPO of Seemplicity. Ravid is a cyber security expert with a successful track record of over 20 years. As the former VP of Customer Success and VP of Products at Skybox Security, Ravid brings a unique combination of deep technical excellence with practical, hands-on experience.

Session Info: 

Hyperautomation in cybersecurity is all the latest rage, focusing mainly on incident response processes. But what about using hyperautomation for preventive measures, such as for vulnerability remediation or fixing cloud misconfigurations? Ironically, with all the tools we have today, we spend too much time on managing their output as opposed to leveraging them for actual remediation.  

  

In this talk we’ll break down processes to understand where security teams are unnecessarily becoming slaves to scanners, application security and cloud configuration tools. We’ll pinpoint where to relieve the manual overhead of working with their results. Finally, we’ll show how to achieve a scaling remediation process. Bonus: we’ll also provide a practical framework security teams can use to introduce hyperautomation into their remediation process. 

  

By attending this talk, you’ll be able to: 

- Understand trends in remediation processes over the past few years 

- Learn from other companies how they used hyperautomation to minimize remediation time 

- Leverage hyperautomation to scale your fixing process without adding resources 

- Receive tools on communicating effectively from the single-ticket finding to board level presentations 

- Implement a practical framework for adding hyperautomation into your remediation process 

Field Stage

Rubrik-horizontal-RGB-logos_transparent.png

Title: Delivering Operational Resilience in the Age of Ransomware 

Speaker Info: 

Matt Cowart is a Director of Sales Engineering for the South Central region at Rubrik supporting Enterprise accounts in TX, OK, AR, MO, and KS.  

He has over 18 years of experience in software and infrastructure and has spent the last 5 years at Rubrik. 

Session Info: 
The average enterprise has over 130 different security tools, but according to SOPHOS this doesn’t really matter when a cyber event is occurring. As we are well aware, ransomware events continue to occur with regularity despite investment in security tools. When these high probability/high impact events occur, it becomes a massive IT recovery operation. Usually, IT has minimal information or understanding of the attack and how to respond. In this session we'll discuss the considerations both Security and IT need to be aligned on to ensure resiliency of data and recovery pre and post event.

1100

11:20 Sessions

Auditorium

securiti logo.png

Title: Live recording of the Cyber Ranch Podcast - Unified Controls for the Big-Bang Era of Cloud Data 

Speaker Info: Gene Moore, Cecil Pineda, Allan Alford

Session Info: 

We are in the early phase of the Big Bang era of cloud data. This era is opening new 

possibilities and finally enabling organizations to drive more revenue, enhance customer experience, and improve business process efficiencies we have been targeting 

for years. 

But as the volume, complexity and value of our data expand; so do our data obligations. We must keep it safe, ensure access is controlled, and responsibly meet a myriad of internal, company data standards, as well as both national and global requirements for data residency, security and privacy.  Instead of a siloed and piecemeal approach, it is the time to re-think and unify intelligence and controls around data! 

Data leaders from R1 RCM and Securiti will share how they are 

rethinking their data controls architectures for the Big Bang era of cloud data; while avoiding 

piecemeal and siloed data management. 

Join us to learn how organizations are establishing a Data Command Center to  

Gain real-time intelligence around sensitive data no matter where it lives 

Automate security, privacy and governance controls to streamline data operations 

Govern access with granular controls and masking to share data and fuel innovation  

Avoiding PII sprawl by scanning and protecting data at-rest and in-motion 

Automate data breach impact analysis to prepare response and avoid mistakes 

Field Stage

Forcepoint-Logo-2C-RGB-for-screen.png

Title: Insider Threat Program Managers; Your WAZE to Success

Speaker Info: 

Director, Insider Risk Global Governments and Critical Infrastructure, Forcepoint. 

Michael Crouse is the Director for Insider Risk at Forcepoint Global Governments and Critical Infrastructure. He works closely with industry thought leaders, executives, and the Forcepoint management team to help guide long-term programmatic and technology strategies aligned with federal and commercial requirements. 

By leveraging his wealth of over 25 years of operational experience in cyber and insider risk solutions, Michael has helped lead the company to the forefront of User Activity Monitoring (UAM) and Behavior Analytics Solutions. 

With a Bachelor of Science and a Master of Science in Electrical Engineering from The Johns Hopkins University, his early career began as a Senior Electrical Engineer at the National Security Agency and then moved to various technical and leadership roles solving unique and diverse challenges. 

In these positions, Michael gained extraordinary experience in cyber security and insider risk systems, in people leadership, and in the importance of ensuring that the customer is the #1 priority 

Session Info: 
Confusion reigns between Insider Threat, Insider Risk, Data Leak Prevention, Zero Trust, etc. During this session, we will discuss the challenges and potential outcomes involved with bringing together different activities to align as one program in a more robust and agile insider risk management capability. With an incremental implementation approach, company programs can responsibly expand beyond traditional Insider Threat Use Cases (aka Data Exfiltration Only) to real time alerts about abnormal data and system access (internal and external), suspicious financial activity, intent to harm, and public record information. Identifying indicators of risk at the individual level at their earliest point of detection is a foundational step in developing a proactive approach for improving an organization’s security posture. We will explore how continually monitoring user behavior will significantly reducing the level of human effort spent on such activities, thereby freeing up your analysts and investigators to focus on more critical security issues.

1140

12:00 Session

1215

Title: How to Get the Security Budget you Need

Speaker Info: Ira Winkler

Session Info:

12:35 Keynote

CyberOne_logo_horiz.png
1240

Title:

Speaker Info:

Session Info:

1:25 Sessions

Auditorium

Randori_an_IBM_Company_secondary_lockup_pos_RGB.png

Title: Embedding the Attacker's Perspective - An Inside Look Into How Hackers Prioritize Targets at Scale 

Speaker Info: Evan Anderson is the Principle Technologist at Randori – where he leads the company’s Hacker Operations Center. In this role, Evan leads a team developing new and novel offensive capabilities for Randori’s automated attack platform.

Session Info: 
Join, Evan Anderson, Co-Founder & Principal Technologist at Randori, an IBM Company, for an exciting session that dives into the fast-paced world of offensive security. It’s clear from talking with hundreds of organizations that attackers and defenders often come to dramatically different conclusions around risk - even when looking at the same information. In this session, switch teams for a day as we pull back the curtain behind the system that keeps one of the world’s most advanced attack platforms on target 24/7/365. Through examples, Evan will show how Randori and Fortune 500 companies are leveraging AI and decades of experience to discover, classify and prioritize millions of targets daily across some of the world’s largest organizations. He’ll break down the 6 “tempting” factors every vulnerability team should be using to prioritize risk.

Field Stage

SpyCloud_wordmark (1).png

Title: Identity-Centric Security & the SOCs to Match: Improve Malware Response for Better Ransomware Prevention

Speaker Info: CW Walker is a cybersecurity and threat intelligence expert. He started his career in government as a threat intelligence analyst and has always been passionate about understanding and creating stories that can be told through the collection and analysis of interesting data. He has led teams of solutions engineers at multiple threat intelligence companies and currently supports SpyCloud's cybersecurity efforts. He holds a BS in Political Science and Economics and a Master’s Degree in Strategic Intelligence Studies.

Session Info: 

Enterprises have ransomware prevention basics covered – from data backups, EDR, and user training, to phishing detection, and threat intel. But there’s a significant blind spot lurking: lack of visibility into malware compromises (especially when the infected devices are unmanaged or under-managed) and the resulting passwords, web session cookies that have been siphoned. Without immediate knowledge of this data that criminals are using to target the enterprise for ransomware and other costly cyberattacks, SOC teams have become accustomed to a machine-centric malware infection response. The result is exposed employee, contractor, and partner identities, exploitable until the affected users, applications, and devices are properly remediated. It’s been a challenge for most organizations – until now. 

  

Join this session to learn about a new, more complete and more effective approach to preventing ransomware called Post-Infection Remediation. We’ll cover: 

  

-Trends in malware-infected user data including common third-party application exposures (spoiler alert: SSO!) 

-Seven common blind spots in today’s malware infection response 

-Seven steps of Post-Infection Remediation to truly reduce your enterprise's exposure to ransomware 

125

2:00 Sessions

Auditorium

PaloAltoNetWorks_Parent_Brand_Primary_Logo_RGB.png

Title: Cloud Migration's Dangerous Pothole: Application Development Security 

Speaker Info: 

Bob joined Palo Alto Networks after more than 20 years in leadership roles with banks, product companies and professional services organizations.  He is responsible for evangelizing how Prisma Cloud facilitates the transition to the cloud.  Bob provides counsel to Palo Alto Networks’ customers, prospects, governments, regulators and partner ecosystem. 

Prior to joining Palo Alto Networks, Bob was a managing partner at West Strategy Group, where he provided his clients with counsel in cyber risk and business strategy.  Prior to joining Palo Alto Networks, Bob was a managing director in Deloitte’s cyber risk services practice, where he was part of the leadership team responsible for growing the business. Prior to Deloitte, Bob was managing director for CISO for York Risk Services.  Prior to this role, Bob was Chief Trust Officer at CipherCloud, where he was responsible for working across the company’s business divisions, customer base and partner ecosystem to evangelize the importance of cloud data protection.  Prior to CipherCloud, Bob was CEO at Echelon One, an information security consulting and research firm.  Prior to Echelon One, Bob was Chief Information Security Officer (CISO) at Fifth Third Bank in Cincinnati where he was responsible for the enterprise information security strategy.  Prior to joining Fifth Third, Bob worked for Bank One in Columbus where he held several key leadership roles, including Information Security Officer for Bank One’s Retail Group. Prior to joining Bank One, Bob was a manager with Ernst & Young’s Information Security Services practice in Chicago, and a Senior Systems Officer with Citicorp International in New York and Chicago.  

Bob is a frequent speaker on cloud security and strategy, information security and risk, identity, mobility, and on global policy issues such as payment fraud and critical infrastructure.   He also has visibility into and advises key people that influence national legislation.  He is quoted frequently in the press including publications such as Bloomberg, Forbes, USA Today, The Wall Street Journal and the Washington Post.  

Bob is on the board of directors for the USA Track and Field Foundation and on vArmour, innerActiv and Lookout’s advisory boards.  He has been on the advisory board the Hispanic IT Executive Council (HITEC), the board of management for the Jericho Forum, the advisory boards for the Agiliance, AirPatrol (acquired by Sysorex), CipherCloud, Securent (acquired by Cisco), TriCipher (acquired by VMWare), Trusteer (acquired by IBM), The University of Detroit Mercy’s College of Liberal Arts and Education,  a member of RSA Security’s Customer Advisory Council and the ISS Customer Advisory Council. 

Bob received the 2022 HITEC 100 award for being one of the most influential Hispanic technology executives in the world.  He was also a nominee for the ISC2 Senior Information Security Professional of the Year, 2011, received the 2004 Digital ID World Conference award for Balancing Innovation and Reality, and a 2004 InfoWorld 100 Award for implementing SAML.  Bob graduated from Michigan State University with a Bachelor of Arts in German and then received his Master of Science in Management Information Systems from North Central College. 

Session Info: 

Today, nearly 70% of organizations host more than half their workloads in the cloud, up from just 31% in 2020.  

But there’s a dangerous pothole on the fast track to cloud migration, and it grows larger the longer it’s ignored: application development security.  

The good news is that wherever you are on the journey right now, with the right guidance you can rethink your cloud native development strategy and confidently steer clear of damage. 

Join this live session and hear about the latest research, insights and recommendations from pros in security, DevOps technical, and line of business leadership.  

Learn how to balance the benefits of cloud native development with new best practices for protecting applications, and ensure that your environment stays resilient, flexible and secure. 

Field Stage

Logo-Landscape-Dark.png

Title: Overwhelmed By Malware and Phishing Alerts? Struggling to Identify Unknown Malware? Here’s How to Speed Up Investigation and Response 

Speaker Info: Mounil Patel is an accomplished professional with over two decades of experience in the technology industry. He currently serves as the Head of Technical Field Operations at VMRay, a leading malware analysis, and detection solutions provider. Before joining VMRay, Mounil held key positions at Mimecast, Arctic Wolf, and EMC, where he managed global field sales and pre-sales teams, drove strategic partnerships and oversaw program and practice management. With a strong background in sales and marketing, Mounil is a sought-after speaker and thought leader, having presented at numerous tradeshows and marketing events. His expertise in the field has enabled him to contribute to the cybersecurity industry significantly.

Session Info: One of the most significant challenges for SOC and Incident Response teams is quickly identifying advanced, unknown, highly evasive malware and targeted phishing. Security teams are flooded daily with alerts from different sources and are expected to rapidly spot the “needles in a haystack” – the alerts that signal a real threat. Successful intervention depends on how fast an Analyst can determine which alerts are valid and which are time-wasting False Positives, only causing a drain on team resources.

200

2:45 Sessions

Auditorium

NetSPI-Logo_All-Color (25).png

Title: Application Security in Depth: A Layered Approach to AppSec

Speaker Info: Nabil Hannan is a Managing Director at NetSPI. He leads the company’s advisory consulting practice, focusing on helping clients solve their cyber security assessment, and threat & vulnerability management needs. His background is around building and improving effective software security initiatives, with deep expertise in the financial services sector. He has over 15 years of experience in cyber security consulting from his tenure at Cigital/Synopsys Software Integrity Group, where he has identified, scoped, and delivered on software security projects (architectural risk analysis, penetration testing, secure code review, malicious code detection, vulnerability remediation, mobile security assessments, etc.). Nabil has also worked as a Product Manager at Research In Motion/BlackBerry and has managed several flagship initiatives and projects through the full software development life cycle.

Session Info: 

Today’s approach to defense in depth for application security are siloed, lack context, and results have fallen short. But a layered approach is the key to building a world-class AppSec program that spans the entire Software Development Lifecycle (SDLC). So, how does our approach need to change? 

In this presentation, you’ll receive knowledge on:  

 Key timeframes to implement security testing – and why. 

 Best practices for application penetration testing and secure code review 

 Proper implementation of application security tools for continuous monitoring 

 Plus, more tips to achieve a layered application security strategy. 

Field Stage

Kudelski_Security_Logo [Color] (1).png

Title: Why You Aren’t Making As Much Progress to What’s Holding You Back

Speaker Info:

Session Info: 

Common themes I see across various clients and industries: 

Heavy focus on point in time application assessments (typically QA before release or post) 

Mis-aligned Goals and Objectives within an organization (product/dev/security/etc.) 

Decisions for security are being made without collaboration/input from other business functions (buying tools for devs that are not user friendly for their workflow, etc.) 

Purchase security tools without fully planning (not planning for training team members, incorporating into current processes, what to do with the output) 

245

3:20 Sessions

Auditorium

Picus-LOGO-original.png

Title: Getting Ahead of a Breach

Speaker Info: Critt Golden is a Senior Cyber Security Leader, specializing in Breach and Attack over the past 7 years, and currently Head of Solutions Architects for North America at Picus Security. Critt has worked with Industries of all sizes in almost all verticals helping them validate their security posture and turn from a reactive model to a proactive security model. Critt has a passion for helping clients reduce cost and complexity leveraging Picus breach and attack capabilities to make informed decisions and increase security efficacy based on evidence.

Session Info: 

For years, organizations have invested millions of dollars into best-of-breed security solutions. Yet, organizations are breached daily. Modern challenges require modern solutions. Stop assuming you are secure and prove security effectiveness before attackers come after your organization. 

The audience will gain understanding in: 
Proactive security models vs. reactive models 
Answers to the test is NOT cheating 
Optimizing security solutions to become ransomware resilient 
Quantify risk in your environment with binary artifacts. 

Field Stage

Halcyon_Horiz_RGB_POS.png

Title: The Business of Ransomware

Speaker Info: Kris has spent 25 years building and scaling market leading and innovative information security businesses. An engineer at heart, Kris has held senior leadership roles across product, software development and delivery, and security research at some of the most successful security companies in their markets. Prior to Halcyon, Kris was GM for Cloud Security at Forcepoint (Formerly Websense), founding VP of Engineering at Bastille Networks, and CTO and head of product and engineering at Arbor Networks (now Netscout).

Prior to these leadership roles, Kris was one of the earliest members of ISS X-Force (now IBM) where he ultimately led the organization which was responsible for security content development, security efficacy, and security research across all of Internet Security Systems products and service lines.

Session Info: Ransomware is more than just a threat, it's an entire business model. In this talk we'll dive into the Ransomware-as-a-Services (RaaS) ecosystem, how it works, who the players are and why their distributed model is more like a software startup than an APT group. The business of ransomware is profitable and to combat these threats we first need to understand how they're organized and what they're capable of doing.

320

4:05 Sessions

Auditorium

SW_logo_black.png

Title: Retaining Talent and Enhancing Threat Hunting Strategies in the Age of Expanding Attack Surfaces 

Speaker Info: Robert Higham is a Senior Consultant and member of the Secureworks Counter Threat Unit (CTU) Detection Research team. Robert joined Secureworks in 2019 to share his experience building and supporting enterprise level initiatives including but not limited to Risk Management and Threat Hunting at a fortune 50 company. In his current role, Robert is responsible for building and executing Threat Hunting strategies across Secureworks various product and service offerings. He played a pivotal role in the design and implementation of Secureworks ManagedXDR Elite service and is co-author and lead instructor of Secureworks internal and external Threat Hunting workshops. Robert holds a master’s degree in Cybersecurity with a focus on Cyber Intelligence.

Session Info: 

The ever-increasing attack surfaces of modern enterprises have made it difficult to keep up with the constantly evolving threat landscape. As remote and hybrid work become the norm, and cloud adoption continues to skyrocket, it is more important than ever to have effective strategies for threat hunting and incident response. Despite significant investments in cybersecurity, incidents continue to rise, and the cost and severity of breaches are hitting record highs. 

This presentation will focus on two critical areas for enterprises to improve their security posture: retaining talent and enhancing threat hunting strategies. With a shortage of cybersecurity professionals in the industry, it is essential to create a positive work environment and develop effective retention strategies to retain top talent. 

Additionally, the presentation will cover effective threat hunting techniques to reduce the impact of cyber threats. This includes the use of advanced tools to reduce low fidelity alerts and eliminate false positives, allowing security teams to focus on real threats. By implementing a comprehensive threat hunting strategy, organizations can proactively detect and respond to attacks, reducing the overall impact of cybersecurity incidents. 

The presentation will conclude with a discussion on how the implementation of effective threat hunting strategies can positively impact cybersecurity insurance premiums, reducing the financial burden of cyber incidents. Attendees will leave with a deeper understanding of the criticality of retaining cybersecurity talent and effective threat hunting strategies to protect their organizations from the ever-evolving threat landscape. 

Field Stage

Panther_Logo_Gradient_LG.png

Title: Mission SIEMpossible - From Legacy SIEM to Detection-as-Code  

Speaker Info: Ken Westin is a Security Strategist at Panther. Ken has been in the security field for over 15 years working with companies to increase their security posture, through threat hunting, insider threat programs and security research. In the past he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America and others, and is regularly reached out to as an expert in cybersecurity, cybercrime and surveillance.

Session Info: 

SIEMs have evolved over the past few decades due to the evolving threat landscape, increasingly complex architectures, and ever-increasing data volume and velocity. In this session, we will cover the history of SIEMs and introduce a new strategy leveraging the concept of detection-as-code to optimize detections and threat hunting. 

Taking a detection-as-code approach will show how to use a language most already know — Python and SQL. Leveraging the detection-as-code approach, we will also show how to write detections, test them, and introduce software development lifecycle best practices that can be used for version control, collaboration, and integration with your CI/CD pipeline. 

405
bottom of page