Speaker:
Robin Kelly, Congresswoman, Illinois

As a U.S. Congresswoman, Rep. Robin Kelly of Illinois was the main force behind the bipartisan IoT Cybersecurity Improvement Act, which was signed into law late last year. The law addresses the supply chain risk to the federal government stemming from insecure IoT devices by establishing minimum security requirements for procurement of connected devices.

Some critics view the requirements for NIST and OMB to update IoT guidelines and policies every five years, far too lenient. Things change too fast in Cybersecurity for 5 year changes to be effective.

IoT devices are rushed to market with de-prioritized security measures creating an exponential increase in our attack surfaces. They become low-hanging fruit for Cyber-criminals. The Act does little to prevent manufacturers from reforming their practices – in fact, it essentially places the chicken coop under the watchful eye of the fox.

There are broad-ranging impacts from this legislation on all companies providing products within the Federal supply chain. To explore and understand the ramifications of this ACT, Robin Kelly joins us in a keynote interview where she discusses:

• Telehealth security
• Bolstering federal defenses
• The long-term impact of SolarWinds on supply-chain security

Speakers:
Chip Mason, Lead, Mainframe Security Product Management, Broadcom
Mary Ann Furno, Offering Manager, Broadcom

Today's cloud-connected Mainframe is a vital infrastructure for crucial business applications and data - even more so for banking and financial service companies that carry the highest security and most stringent regulatory requirements. This cloud-connected, hybrid IT model can increase security risk and open opportunities for attacks, but it doesn't have to

Mainframes often house the most vital data and applications. Shifting away from "firefighting" mode and ensuring they integrate into the enterprise security plan can help to eliminate vulnerabilities and threats.

In this session, we'll explore how a comprehensive security suite can help us reduce risk through data classification, avoid human error, use automation and analytics to make decisions and align with best practices, and reduce insider and stolen credential threats with advanced identity management and privileged user management.

Key takeaways:

• Reduce insider threats with advanced authentication and privileged user management
• Identify hidden risks in my data from a governance and regulatory compliance perspective
• Monitor activity and determine if there is risky behavior going on that I'm unaware of
• Explore how analytics and automation can simplify security management
• Understand the importance of a comprehensive Mainframe security lifecycle

Speaker:
Ryan Poppa, Director of Product Management at Cisco Cloud Security

How well do you really know your environment, your security practices and policies? Do you know the tools, techniques, and procedures that cyberattackers use to exploit your vulnerabilities?

Join Cisco Umbrella cybersecurity expert Ryan Poppa exposes the inner workings of a crafty cyberattack.

In his presentation, you'll learn:

• Why you have been targeted for attack
• How cybercriminals penetrate environments
• What tactics they use to pivot from system-to-system while escalating privileges along the way
• How they are capable of easily exfiltrating sensitive data out of your organization
• Where your biggest threats may exist

Ryan will also share key insights on how you can protect your organization against these malicious actors and improve your cybersecurity posture with immediate results.

Speaker:
Patrick Hogan, Assistant to the Special Agent in Charge, Chicago Cyber Fraud Task Force, U.S. Secret Service

Patrick Hogan is the Assistant to the Special Agent in Charge of the Secret Service’s Chicago Cyber Fraud Task Force. He manages a squad of special agents and task force officers involved in the investigation of cybercrimes occurring within the Chicago area. He has been involved in cyber investigations for the last eight years while in the Chicago Field Office, and is a member of the Association of Certified Anti-Money Laundering Specialists. Prior to being in the Chicago Field Office, he was involved in the coordination of national and transnational cybercrime investigations at the headquarters level. His twenty-three-year Secret Service career has also given him the opportunity to protect former-Vice President Dick Cheney and to be detailed to the U.S. House of Representatives Select Committee on Homeland Security.

Speaker:
Dave Lewis, Global Advisory CISO, Duo Security at Cisco

Security debt, defined by Dave Lewis, Global Advisory CISO, Duo Security at Cisco, as “the accumulation of the patches missed, the risks accepted, and the configurations misapplied,” is a serious and common problem for many organizations, especially with the move to cloud computing and rise of IoT. Part of the problem is that, while organizations might accept the risks they encounter, they often neglect to review them or make a plan for the future, and that risk is compounded when patches are passed from person-to-person through staff changes and/or employee churn. However, it doesn’t have to be this way - to track and address security debt, organizations must develop and implement defined, repeatable processes. They should look to strategies like the zero-trust model, trust but verify, sanitation of inputs and outputs, and of course, make sure to execute patches instead of pushing it onto the next person.

Speaker:
Chris Gustafson, Senior Solutions Engineer, Okta

In today’s uncertain world, organizations must find ways to ensure their customers can engage with their services at any time, from any device, in a secure and safe manner. That is where customer identity and access management comes in or “CIAM”. A CIAM solution must not only meet today’s security and compliance standards, but also create frictionless customer experiences to meet customers where they are and in the ways they need. Join our sessions as we discuss CIAM in more detail, how priorities have shifted this year and what CIAM maturity looks like.

Speaker:
Stephen Gates, Security Evangelist and Senior Solutions Specialist, Checkmarx

The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach.

Join Stephen Gates, Checkmarx SME where you’ll:

• Discover the six proven steps of embedding software security into DevOps.
• Learn how to ensure vulnerabilities and run-time risks are identified and remediated early in development.
• Explore the benefits of AppSec integration and automation into the tooling your developers use.

Speaker:
John Bloomer, Director of Engineering, North Central Region, Office of the CTO, Check Point

If there's anything we've learned over the course of the pandemic, it's that cyber criminals are eager to exploit current events to advance their goals. Over the course of this session we will look at some of the trends that have emerged over the past year with malicious campaigns related to the headlines of the day.

Speakers:
Brian Kelley, CTO, Ohio Turnpike and Infrastructure Commission
Fred Kwong, CISO & AVP Security, Identity and Operations
Pat Beniot, VP Global Cyber Governance, Risk and Compliance/BISO, CBRE

The old risk models no longer work. Today you have employees permanently assigned to home offices, under stress, in conditions that are ripe for malicious insiders who want to cause harm, as well as well-intentioned employees who make costly mistakes. How do you mitigate your new insider risks? Join this panel for a discussion of:

• Monitoring employee behavior
• Warning signs of malicious and accidental insider threat
• Insider risk education that really works

Speaker:
Arjun Kolady, Security Solutions Engineer, HackerOne

Did you know that 80% of CISOs say that software projects have been hindered by concerns over inevitable security issues? Vulnerabilities don’t need to slow you down. Join HackerOne for a discussion on "Why the future of DevOps Needs Hackers."

In this session, you’ll learn:

• How organizations collaborate with hackers
• How bug bounty data insights empower development teams
• How companies like Spotify are keeping their applications secure

Speaker:
Jason Weiss, former FBI Special Agent; Attorney, Faegre Drinker Biddle & Reath LLP

Briefly, this presentation discussed the emerging threats of different types of disruptionware attacks and potential defenses to protect yourself. We will discuss may of the tools that make up the disruptionware tool kit and how these tools work. We will also talk about how disruptionware attacks work and their attack methodologies with some examples of recent disruptionware attacks.

Speaker:
Kevin Fu, Acting Director, Medical Device Cybersecurity, FDA Center for Devices and Radiological Health

Scientist, educator, government official. Kevin Fu is a pioneer in the battle to achieve medical device cybersecurity, and he has played multiple roles. From his current position within the FDA, Fu discusses the state of medical device security, including:

• Archaic engineering principals
• Threat modeling
• Education and awareness

Speaker:
Siva Balu, VP & CIO, YMCA of the USA

The YMCA was founded in 1844 as an organization to help build healthy spirit, mind and body. Digital wasn’t a consideration. But in 2021, Siva Balu is very much immersed in digital transformation and on how the YMCA of the USA can transition from COVID-19 to help 10,000 communities embrace digitalization securely. In this exclusive session, Balu discusses:

• The YMCA’s digital transformation
• Its information security strategy
• Roadmap forward and anticipated challenges

Speaker:
Meredith Harper, VP, CISO, Eli Lilly and Company

Has there ever been a more challenging time to be CISO of a major global pharmaceutical enterprise? Meredith Harper, VP and CISO of Eli Lilly and Company, discusses how the organization has responded to COVID-19 and the new workplace. She also shares plans for:

• Cloud transformation
• Zero trust
• Building a diverse workforce