Floorplan
1 Island
2 CyberOne
3 Sevco
4 Palo Alto Networks
5 Panther
6 Forcepoint
7 NetSPI
8 Spy Cloud
9 Rubrik
10 VMRay
11 Randori, IBM
12 Exabeam
13 Halcyon
14 Picus Security
15 Secureworks
16 Securiti
17 Ontinue, Open-Systems
18 Seemplicity
19 Kudelski Security
20 Team Cymru
21 Cloudflare
22 Talon
23 Axonius
24 Sysdig
25 Centripetal
26 Apiiro
27 Cycognito
28 Clear Technologies
29 GitLab
30 Recorded Future
31 Traceable
32 Mobius Partners
33 Tevora
34 Novacoast
35 Fortra
36 BeyondIdentity
37 Critical Start
38 Converge Technology Solutions
39 Rapid7
40 Armis
41 Abnormal
42 Salt Security
43 ExtraHop/Binary Defense
44 Vector0
45 Tines
46 Wallix
47 Anvilogic
48 Zyston
49 Nudge Security
50 Mimecast
51 Obsidian Security
52 Arctic Wolf
53 Set Solutions
54 Orca Security
55 WWT
56 Synopsys
57 Proofpoint
58 Checkpoint
59 TrustCloud/Kintent
60 Strike Ready
8:30 Keynote
Title: How the Enterprise Browser is improving security, transparency, and trust in today’s workplace.
Speaker Info: Brian Kenyon is a founding member and Chief Strategy Officer at Island where he leads corporate strategy. Prior to Island, Brian was the CSO at Symantec and Blue Coat, Chief Technical Strategist and CTO of McAfee, and Chief Architect at Foundstone. Brian is also the author of Security Battleground: An Executive Field Manual, Security Sage: A Guide to Hardening the Network Infrastructure, and Special Ops: Host and Network Security, and a frequent speaker at cyber security events worldwide.
Session Info:
The application enterprises use the most is the browser. In fact, in most enterprises it has become our primary work environment, but the browser we most often use was built for consumers. What if the browser was designed for the enterprise? What could that do for security, productivity and work itself? These are these questions we asked ourselves and three years later our customers are teaching us all that can be done. Join our session to see how Island’s Enterprise Browser is transforming the way companies do business.
In this session Island will perform a live demonstration of:
● Innovative features and possibilities for critical application protection
● How organizations leverage Island for unmanaged devices
● Create an employee experience centered on productivity and flexibility
● Reimagine how IT leaders can enable users while creating unique business value
9:30 Sessions
Auditorium
Title: An Untold Truth: 5 Key Things You Need to Know About Threat Response
Speaker Info: Jay Gregg is a Senior Sales Engineer at Ontinue based in the Dallas Metro. Jay has over 25 years of information systems experience with a specialization in the areas of network security and threat detection and response. His time over his career includes roles with Palo Alto Networks, Nutanix, Vectra, and other leading cybersecurity vendors where he's worked to help organizations secure their network and endpoint infrastructure from a dynamic and evolving threat landscape.
Session Info: At Ontinue, we've helped hundreds of customers mitigate threats and risk with our Managed Detection and Response offering and one of the things we've observed is that both vendors and customers have gotten much better at detection…but we struggle with response. Jay Gregg, Sr. Sales Engineer at Ontinue, will summarize what we've learned to hopefully give you a new perspective on threat response by asking the simple question of "Why is threat response so hard?"
Field Stage
Title: How can you protect what you don’t see?
Speaker Info: Darb is a Founding Engineer at Sevco Security. He brings over 35 years of information security experience to the team. Darb spent over two decades leading elite cyber security teams for the United States Air Force, followed by leading roles with the founding teams for Carbon Black and JASK. When not spearheading the fight to secure global networks, Darb and his wife Janine operate a 400 acre cow-calf operation in central Missouri.
Session Info:
Lack of visibility is the single biggest challenge facing security teams today—and in today’s dynamic IT environments, getting this visibility is a constant challenge.
In this presentation, we’ll share the results from Sevco’s new report based on data from over 500 organizations. Our results show that while most organizations have the tools they need to protect their cyber assets (EDR, patch management, IAM etc.), large gaps in coverage exist. And if organizations aren’t aware of all the assets in their environment, how do they know what to protect? These gaps in coverage can be exploited by attackers.
In this deep dive into data from the second State of the Cybersecurity Attack Surface research report, we’ll share:
* The extensive gaps in security tool coverage across organizations—and the security implications of these gaps
*The surprisingly large number of personal devices accessing corporate IT environments and systems without any kind of protection
* How over-licensing of stale devices can result in organizations paying more for tool and application usage than they actually need
* What organizations can do to better address future vulnerabilities
10:05 Sessions
Auditorium
Title: The Science of Normal: Paradigm Shift to Cybersecurity Operations
Speaker Info: Bob Reny is a recent addition to the CTO team at Exabeam. His 27 years of experience in information technology starting in systems administration and security in the US Air Force. This started a path for all things security, focusing on computer and networks. Bob has done network security design, firewall architecture, IPS deployment, network access control and end point security architecture. Large program security include zero trust, Operational Architecture safety/security. His expertise has supported customer organizations public and private. This covers scaling for many large federal agencies, global 1000 companies in many business verticals across finance, utilities, service, and technology. Bob has been a CISSP for the past almost 22 years and continues to help organizations evaluate the broad security policy to streamline Security Operations Center activities. This includes improving cross-functional processes for change management, incident response, event escalation, and response.
Session Info:
Learn simple ways to evaluate whether a technology is actually going to increase fidelity and reduce operational overhead/expense.
• History of SOC operations & changes in metrics to improve organizational business alignment
• How analytics revolutionize event triage & threat hunting
• Organizational risk alignment of metrics using analytics framework
Field Stage
Title: Deriving Insight from Threat Actor Infrastructure
Speaker Info:
Session Info: Highlight some startling observations about vulnerability exploitation
10:45 Sessions
Auditorium
Title: Everyone’s Talking About Hyperautomation: Scaling Remediation
Speaker Info: Ravid Circus is the co-founder and CPO of Seemplicity. Ravid is a cyber security expert with a successful track record of over 20 years. As the former VP of Customer Success and VP of Products at Skybox Security, Ravid brings a unique combination of deep technical excellence with practical, hands-on experience.
Session Info:
Hyperautomation in cybersecurity is all the latest rage, focusing mainly on incident response processes. But what about using hyperautomation for preventive measures, such as for vulnerability remediation or fixing cloud misconfigurations? Ironically, with all the tools we have today, we spend too much time on managing their output as opposed to leveraging them for actual remediation.
In this talk we’ll break down processes to understand where security teams are unnecessarily becoming slaves to scanners, application security and cloud configuration tools. We’ll pinpoint where to relieve the manual overhead of working with their results. Finally, we’ll show how to achieve a scaling remediation process. Bonus: we’ll also provide a practical framework security teams can use to introduce hyperautomation into their remediation process.
By attending this talk, you’ll be able to:
- Understand trends in remediation processes over the past few years
- Learn from other companies how they used hyperautomation to minimize remediation time
- Leverage hyperautomation to scale your fixing process without adding resources
- Receive tools on communicating effectively from the single-ticket finding to board level presentations
- Implement a practical framework for adding hyperautomation into your remediation process
Field Stage
Title: Delivering Operational Resilience in the Age of Ransomware
Speaker Info:
Matt Cowart is a Director of Sales Engineering for the South Central region at Rubrik supporting Enterprise accounts in TX, OK, AR, MO, and KS.
He has over 18 years of experience in software and infrastructure and has spent the last 5 years at Rubrik.
Session Info:
The average enterprise has over 130 different security tools, but according to SOPHOS this doesn’t really matter when a cyber event is occurring. As we are well aware, ransomware events continue to occur with regularity despite investment in security tools. When these high probability/high impact events occur, it becomes a massive IT recovery operation. Usually, IT has minimal information or understanding of the attack and how to respond. In this session we'll discuss the considerations both Security and IT need to be aligned on to ensure resiliency of data and recovery pre and post event.
11:20 Sessions
Auditorium
Title: Live recording of the Cyber Ranch Podcast - Unified Controls for the Big-Bang Era of Cloud Data
Speaker Info: Gene Moore, Cecil Pineda, Allan Alford
Session Info:
We are in the early phase of the Big Bang era of cloud data. This era is opening new
possibilities and finally enabling organizations to drive more revenue, enhance customer experience, and improve business process efficiencies we have been targeting
for years.
But as the volume, complexity and value of our data expand; so do our data obligations. We must keep it safe, ensure access is controlled, and responsibly meet a myriad of internal, company data standards, as well as both national and global requirements for data residency, security and privacy. Instead of a siloed and piecemeal approach, it is the time to re-think and unify intelligence and controls around data!
Data leaders from R1 RCM and Securiti will share how they are
rethinking their data controls architectures for the Big Bang era of cloud data; while avoiding
piecemeal and siloed data management.
Join us to learn how organizations are establishing a Data Command Center to
Gain real-time intelligence around sensitive data no matter where it lives
Automate security, privacy and governance controls to streamline data operations
Govern access with granular controls and masking to share data and fuel innovation
Avoiding PII sprawl by scanning and protecting data at-rest and in-motion
Automate data breach impact analysis to prepare response and avoid mistakes
Field Stage
Title: Insider Threat Program Managers; Your WAZE to Success
Speaker Info:
Director, Insider Risk Global Governments and Critical Infrastructure, Forcepoint.
Michael Crouse is the Director for Insider Risk at Forcepoint Global Governments and Critical Infrastructure. He works closely with industry thought leaders, executives, and the Forcepoint management team to help guide long-term programmatic and technology strategies aligned with federal and commercial requirements.
By leveraging his wealth of over 25 years of operational experience in cyber and insider risk solutions, Michael has helped lead the company to the forefront of User Activity Monitoring (UAM) and Behavior Analytics Solutions.
With a Bachelor of Science and a Master of Science in Electrical Engineering from The Johns Hopkins University, his early career began as a Senior Electrical Engineer at the National Security Agency and then moved to various technical and leadership roles solving unique and diverse challenges.
In these positions, Michael gained extraordinary experience in cyber security and insider risk systems, in people leadership, and in the importance of ensuring that the customer is the #1 priority
Session Info:
Confusion reigns between Insider Threat, Insider Risk, Data Leak Prevention, Zero Trust, etc. During this session, we will discuss the challenges and potential outcomes involved with bringing together different activities to align as one program in a more robust and agile insider risk management capability. With an incremental implementation approach, company programs can responsibly expand beyond traditional Insider Threat Use Cases (aka Data Exfiltration Only) to real time alerts about abnormal data and system access (internal and external), suspicious financial activity, intent to harm, and public record information. Identifying indicators of risk at the individual level at their earliest point of detection is a foundational step in developing a proactive approach for improving an organization’s security posture. We will explore how continually monitoring user behavior will significantly reducing the level of human effort spent on such activities, thereby freeing up your analysts and investigators to focus on more critical security issues.
12:00 Session
Title: How to Get the Security Budget you Need
Speaker Info: Ira Winkler
Session Info:
12:35 Keynote
Title:
Speaker Info:
Session Info:
1:25 Sessions
Auditorium
Title: Embedding the Attacker's Perspective - An Inside Look Into How Hackers Prioritize Targets at Scale
Speaker Info: Evan Anderson is the Principle Technologist at Randori – where he leads the company’s Hacker Operations Center. In this role, Evan leads a team developing new and novel offensive capabilities for Randori’s automated attack platform.
Session Info:
Join, Evan Anderson, Co-Founder & Principal Technologist at Randori, an IBM Company, for an exciting session that dives into the fast-paced world of offensive security. It’s clear from talking with hundreds of organizations that attackers and defenders often come to dramatically different conclusions around risk - even when looking at the same information. In this session, switch teams for a day as we pull back the curtain behind the system that keeps one of the world’s most advanced attack platforms on target 24/7/365. Through examples, Evan will show how Randori and Fortune 500 companies are leveraging AI and decades of experience to discover, classify and prioritize millions of targets daily across some of the world’s largest organizations. He’ll break down the 6 “tempting” factors every vulnerability team should be using to prioritize risk.
Field Stage
Title: Identity-Centric Security & the SOCs to Match: Improve Malware Response for Better Ransomware Prevention
Speaker Info: CW Walker is a cybersecurity and threat intelligence expert. He started his career in government as a threat intelligence analyst and has always been passionate about understanding and creating stories that can be told through the collection and analysis of interesting data. He has led teams of solutions engineers at multiple threat intelligence companies and currently supports SpyCloud's cybersecurity efforts. He holds a BS in Political Science and Economics and a Master’s Degree in Strategic Intelligence Studies.
Session Info:
Enterprises have ransomware prevention basics covered – from data backups, EDR, and user training, to phishing detection, and threat intel. But there’s a significant blind spot lurking: lack of visibility into malware compromises (especially when the infected devices are unmanaged or under-managed) and the resulting passwords, web session cookies that have been siphoned. Without immediate knowledge of this data that criminals are using to target the enterprise for ransomware and other costly cyberattacks, SOC teams have become accustomed to a machine-centric malware infection response. The result is exposed employee, contractor, and partner identities, exploitable until the affected users, applications, and devices are properly remediated. It’s been a challenge for most organizations – until now.
Join this session to learn about a new, more complete and more effective approach to preventing ransomware called Post-Infection Remediation. We’ll cover:
-Trends in malware-infected user data including common third-party application exposures (spoiler alert: SSO!)
-Seven common blind spots in today’s malware infection response
-Seven steps of Post-Infection Remediation to truly reduce your enterprise's exposure to ransomware
2:00 Sessions
Auditorium
Title: Cloud Migration's Dangerous Pothole: Application Development Security
Session Info:
Today, nearly 70% of organizations host more than half their workloads in the cloud, up from just 31% in 2020.
But there’s a dangerous pothole on the fast track to cloud migration, and it grows larger the longer it’s ignored: application development security.
The good news is that wherever you are on the journey right now, with the right guidance you can rethink your cloud native development strategy and confidently steer clear of damage.
Join this live session and hear about the latest research, insights and recommendations from pros in security, DevOps technical, and line of business leadership.
Learn how to balance the benefits of cloud native development with new best practices for protecting applications, and ensure that your environment stays resilient, flexible and secure.
Field Stage
Title: Overwhelmed By Malware and Phishing Alerts? Struggling to Identify Unknown Malware? Here’s How to Speed Up Investigation and Response
Speaker Info: Mounil Patel is an accomplished professional with over two decades of experience in the technology industry. He currently serves as the Head of Technical Field Operations at VMRay, a leading malware analysis, and detection solutions provider. Before joining VMRay, Mounil held key positions at Mimecast, Arctic Wolf, and EMC, where he managed global field sales and pre-sales teams, drove strategic partnerships and oversaw program and practice management. With a strong background in sales and marketing, Mounil is a sought-after speaker and thought leader, having presented at numerous tradeshows and marketing events. His expertise in the field has enabled him to contribute to the cybersecurity industry significantly.
Session Info: One of the most significant challenges for SOC and Incident Response teams is quickly identifying advanced, unknown, highly evasive malware and targeted phishing. Security teams are flooded daily with alerts from different sources and are expected to rapidly spot the “needles in a haystack” – the alerts that signal a real threat. Successful intervention depends on how fast an Analyst can determine which alerts are valid and which are time-wasting False Positives, only causing a drain on team resources.
2:45 Sessions
Auditorium
Title: Application Security in Depth: A Layered Approach to AppSec
Speaker Info: Nabil Hannan is a Managing Director at NetSPI. He leads the company’s advisory consulting practice, focusing on helping clients solve their cyber security assessment, and threat & vulnerability management needs. His background is around building and improving effective software security initiatives, with deep expertise in the financial services sector. He has over 15 years of experience in cyber security consulting from his tenure at Cigital/Synopsys Software Integrity Group, where he has identified, scoped, and delivered on software security projects (architectural risk analysis, penetration testing, secure code review, malicious code detection, vulnerability remediation, mobile security assessments, etc.). Nabil has also worked as a Product Manager at Research In Motion/BlackBerry and has managed several flagship initiatives and projects through the full software development life cycle.
Session Info:
Today’s approach to defense in depth for application security are siloed, lack context, and results have fallen short. But a layered approach is the key to building a world-class AppSec program that spans the entire Software Development Lifecycle (SDLC). So, how does our approach need to change?
In this presentation, you’ll receive knowledge on:
Key timeframes to implement security testing – and why.
Best practices for application penetration testing and secure code review
Proper implementation of application security tools for continuous monitoring
Plus, more tips to achieve a layered application security strategy.
Field Stage
Title: Why You Aren’t Making As Much Progress to What’s Holding You Back
Speaker Info:
Session Info:
Common themes I see across various clients and industries:
Heavy focus on point in time application assessments (typically QA before release or post)
Mis-aligned Goals and Objectives within an organization (product/dev/security/etc.)
Decisions for security are being made without collaboration/input from other business functions (buying tools for devs that are not user friendly for their workflow, etc.)
Purchase security tools without fully planning (not planning for training team members, incorporating into current processes, what to do with the output)
3:20 Sessions
Auditorium
Title: Getting Ahead of a Breach
Speaker Info: Critt Golden is a Senior Cyber Security Leader, specializing in Breach and Attack over the past 7 years, and currently Head of Solutions Architects for North America at Picus Security. Critt has worked with Industries of all sizes in almost all verticals helping them validate their security posture and turn from a reactive model to a proactive security model. Critt has a passion for helping clients reduce cost and complexity leveraging Picus breach and attack capabilities to make informed decisions and increase security efficacy based on evidence.
Session Info:
For years, organizations have invested millions of dollars into best-of-breed security solutions. Yet, organizations are breached daily. Modern challenges require modern solutions. Stop assuming you are secure and prove security effectiveness before attackers come after your organization.
The audience will gain understanding in:
Proactive security models vs. reactive models
Answers to the test is NOT cheating
Optimizing security solutions to become ransomware resilient
Quantify risk in your environment with binary artifacts.
Field Stage
Title: The Business of Ransomware
Speaker Info: Kris has spent 25 years building and scaling market leading and innovative information security businesses. An engineer at heart, Kris has held senior leadership roles across product, software development and delivery, and security research at some of the most successful security companies in their markets. Prior to Halcyon, Kris was GM for Cloud Security at Forcepoint (Formerly Websense), founding VP of Engineering at Bastille Networks, and CTO and head of product and engineering at Arbor Networks (now Netscout).
Prior to these leadership roles, Kris was one of the earliest members of ISS X-Force (now IBM) where he ultimately led the organization which was responsible for security content development, security efficacy, and security research across all of Internet Security Systems products and service lines.
Session Info: Ransomware is more than just a threat, it's an entire business model. In this talk we'll dive into the Ransomware-as-a-Services (RaaS) ecosystem, how it works, who the players are and why their distributed model is more like a software startup than an APT group. The business of ransomware is profitable and to combat these threats we first need to understand how they're organized and what they're capable of doing.
4:05 Sessions
Auditorium
Title: Retaining Talent and Enhancing Threat Hunting Strategies in the Age of Expanding Attack Surfaces
Speaker Info: Robert Higham is a Senior Consultant and member of the Secureworks Counter Threat Unit (CTU) Detection Research team. Robert joined Secureworks in 2019 to share his experience building and supporting enterprise level initiatives including but not limited to Risk Management and Threat Hunting at a fortune 50 company. In his current role, Robert is responsible for building and executing Threat Hunting strategies across Secureworks various product and service offerings. He played a pivotal role in the design and implementation of Secureworks ManagedXDR Elite service and is co-author and lead instructor of Secureworks internal and external Threat Hunting workshops. Robert holds a master’s degree in Cybersecurity with a focus on Cyber Intelligence.
Session Info:
The ever-increasing attack surfaces of modern enterprises have made it difficult to keep up with the constantly evolving threat landscape. As remote and hybrid work become the norm, and cloud adoption continues to skyrocket, it is more important than ever to have effective strategies for threat hunting and incident response. Despite significant investments in cybersecurity, incidents continue to rise, and the cost and severity of breaches are hitting record highs.
This presentation will focus on two critical areas for enterprises to improve their security posture: retaining talent and enhancing threat hunting strategies. With a shortage of cybersecurity professionals in the industry, it is essential to create a positive work environment and develop effective retention strategies to retain top talent.
Additionally, the presentation will cover effective threat hunting techniques to reduce the impact of cyber threats. This includes the use of advanced tools to reduce low fidelity alerts and eliminate false positives, allowing security teams to focus on real threats. By implementing a comprehensive threat hunting strategy, organizations can proactively detect and respond to attacks, reducing the overall impact of cybersecurity incidents.
The presentation will conclude with a discussion on how the implementation of effective threat hunting strategies can positively impact cybersecurity insurance premiums, reducing the financial burden of cyber incidents. Attendees will leave with a deeper understanding of the criticality of retaining cybersecurity talent and effective threat hunting strategies to protect their organizations from the ever-evolving threat landscape.
Field Stage
Title: Mission SIEMpossible - From Legacy SIEM to Detection-as-Code
Speaker Info: Ken Westin is a Security Strategist at Panther. Ken has been in the security field for over 15 years working with companies to increase their security posture, through threat hunting, insider threat programs and security research. In the past he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America and others, and is regularly reached out to as an expert in cybersecurity, cybercrime and surveillance.
Session Info:
SIEMs have evolved over the past few decades due to the evolving threat landscape, increasingly complex architectures, and ever-increasing data volume and velocity. In this session, we will cover the history of SIEMs and introduce a new strategy leveraging the concept of detection-as-code to optimize detections and threat hunting.
Taking a detection-as-code approach will show how to use a language most already know — Python and SQL. Leveraging the detection-as-code approach, we will also show how to write detections, test them, and introduce software development lifecycle best practices that can be used for version control, collaboration, and integration with your CI/CD pipeline.