>

Fraud & Breach Prevention Summit: Dallas

April 24-25, 2018 - Hyatt Regency Dallas

View Sessions

WELCOME / Letter from the Content Director

Tom Field

Tom Field

Senior Vice President - Editorial, ISMG

Join us in Dallas and hear from industry leaders with specialties ranging from IoT and the emerging use of deception technology, to the ever-persistent and ongoing business email compromise trend, DDoS for extortion and ransomware attacks, 2018 promises to have more than enough for all of us to talk about and learn from each other. We have intentionally designed our sessions to address the needs of CISOs, fraud and risk teams, security and IT professionals, and many others by providing hands-on tools and real-world problems and solutions that attendees can take back to their offices long after the summits end.

Details

Hyatt Regency Dallas

April 24th & 25th, 2018

 $895

View Sessions

Registering For a Group?
Call + 1 (609)-356-1499

Matthew Maglieri

CISO, Ruby (Parent of Ashley Madison)

David Houlding

Principal Healthcare Program Manager, Microsoft

Tom Field

SVP Editorial, ISMG Corp.

Brett Johnson

Former Most Wanted, "The Original Internet Godfather"

Security Agenda Magazine

Interviews with Key Influential Leaders in Security

Brian Engle

Founder & CEO, Riskceptional Strategies

Shawn Tuma

Partner, Scheef & Stone LLP

SPEAKERS / Featured Speakers For Our Dallas Summit

Brett Johnson

Former Most Wanted and "The Original Internet Godfather"

Shamoun Siddiqui

CISO, Neiman Marcus

Matthew Maglieri

CISO, Ruby, parent company of Ashley Madison

Asif Effendi

Director of Security, GE Oil & Gas - Digital

Ian Schneller

SVP, Global Information Security, Bank of America

David Houlding

Principal Healthcare Program Manager, Microsoft

Shawn Tuma

Attorney, Spencer Fane LLP

Tom Field

Senior Vice President, Editorial, ISMG

Ronald Raether

Partner, Partner at Troutman Pepper

Parrish Gunnels

CISO, Kibo Commerce

Mark Loveless

Senior Security Researcher, Duo

Jim Apger

Sr Security Architect, Splunk

Brian Engle

Founder and CEO, Riskceptional Strategies

Richard Murray

Supervisory Special Agent, FBI Dallas Cyber Task Force

Brian Wrozek

Managing Executive Director, Office of the CISO, Optiv

Dan Mathews

Director of Sales Engineering, Lastline

Jay Johnson

Partner, Jones Day

Tara Brewer

Cyber Security Advisor Program, Office of Cybersecurity and Communications, US Department of Homeland Security

Jason Clark

Insider Threat Researcher, Carnegie Mellon University CERT Insider Threat Center

Katie O'Shea

Cloud Security Specialist, Check Point

Jon Phillips

VP Loss Prevention, Neiman Marcus Group

Mike Boose

Channel/Partner Sales Engineer, Arbor Networks

Meet Our Speakers /

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

Schedule / Session Date & Times



8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am - 9:00 am

Opening Remarks

9:00 am - 9:45 am

Ashley Madison: Cybersecurity in a World of Discretion

Speaker:
Matthew Maglieri, CISO, Ruby, parent company of Ashley Madison

What does a targeted attack really look like? How can you effectively defend your organization? What does it take to recover from a headline-grabbing breach and rebuild trust with your customers?

Join Matthew Maglieri, CISO of Ashley Madison's parent company Ruby Life Inc. and ex-Mandiant consultant, as he presents this unique look at what is really required to defend against an advanced targeted attack and prevent the scenario that keeps us all up at night. He will discuss:

  • Anatomy of a targeted attack;
  • How to recover from a high-profile breach;
  • "Offensive-driven" risk management and how to best ensure breach resilience.
9:50 am - 10:20 am

DDoS: Updates from the Battlefield

Speaker:
Mike Boose, Channel/Partner Sales Engineer, Arbor Networks

What is the state of DDoS, as observed by network and security professionals directly responsible for operating and securing global networks?

This session covers a range of issues, from threat detection and incident response to managed services, staffing and budgets. Hear about the daily operational challenges, as well as strategies adopted to address and mitigate them, including the latest attack techniques and current best practices for defense. Attendees will:

  • Gain insight on how IoT botnets are built and weaponized;
  • Understand the newest threats to enterprise networks;
  • Learn how to defend your network from these attacks.
10:20 am - 10:50 am

Exhibiting & Networking Break

10:50 am - 11:25 am

Incident Response Plans: Avoiding Common Mistakes through a Table Top Exercise

Speaker:
Ronald Raether, Partner, Partner at Troutman Pepper

During this workshop, Troutman Sanders partner Ron Raether will discuss the benefits of table top exercises. He then will explain how to conduct an effective exercise walking through mock incidents and explaining the process. Participants will:

  • Walk through several common incident scenarios and observe lessons to be learned when discussed by an incident response team;
  • Learn key features in an incident response plan and how the table top exercise works to improves each component;
  • Hear of common mistakes made by companies when executing an incident response plan.
11:30 am - 12:00 pm

Fear vs. Reality: Forward Thinking for Security

Speaker:
Mark Loveless, Senior Security Researcher, Duo

Many models of security still have their roots in older infrastructure. But with the death of the network perimeter and the rapidly approaching end to passwords, there has to be a new view of the security landscape to prepare for this future - especially with new devices coming in ever-changing forms.

This presentation will cover IoT, as well as the end of solutions like VPNs, firewalls, and passwords - and we'll pick things apart. While they may seem like completely different topics, all of these things end up having security implications in unexpected ways.

Attend this session to:

  • Gain an understanding of real-world risk of certain technologies;
  • Learn what to look for in new technologies and security;
  • Prepare for a world without perimeters, VPNs, and passwords.
12:00 pm - 1:00 pm

Lunch

1:00 pm - 1:45 pm

Post-EMV: The Present and Future of Retail Fraud

Speakers:
Jon Phillips, VP Loss Prevention, Neiman Marcus Group
Shamoun Siddiqui, CISO, Neiman Marcus

With the adoption of the EMV standard for payment cards, the associated card fraud has increasingly gone down. This has resulted in cyber criminals shifting focus to other forms of fraud such as gift card fraud and fraud related to online retail purchases which are processed as Card Not Present (CNP) transactions. This has opened up new avenues for cyber defense and mitigation techniques. This presentation takes a look at:

  • The evolving state of fraud in the retail industry
  • New cyber defense techniques being utilized, including bot protection, device fingerprinting and advanced machine learning to detect fraudulent transactions.
1:50 pm - 2:30 pm

How to Start up an Insider Threat Program

Speaker:
Jason Clark, Insider Threat Researcher, Carnegie Mellon University CERT Insider Threat Center

When it comes to fraud prevention, many organizations overlook the insider threat - both the malicious actor who intends to commit fraud, as well as the accidental insider who makes a mistake or is taken advantage of by an external entity? The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and in this session the center's researcher will offer:

  • The latest research on insider fraud;
  • The growing role of the accidental insider in fraud schemes;
  • How to stand up an insider fraud detection program within your organization.
2:35 pm - 3:05 pm

Climbing the Attacker Pyramid of Pain

Speaker:
Dan Mathews, Director of Sales Engineering, Lastline

During this session, we walk through applied use of indicators of compromise for several recent malware campaigns. The presentation starts with weak/tactical indicators, which are low cost for attackers to change and build, to strong/strategic indicators, which significantly increase costs to attackers.

This session explores:

  • Recent malware campaign activities and their observable indicators;
  • Examples of tools and techniques to produce and hunt for indicators within your environment;
  • Techniques for making malware less successful when it bypasses your existing defenses.
3:05 pm - 3:25 pm

Exhbiting & Networking Break

3:25 pm - 3:55 pm

Finding Fraud Using Machine Data

Speaker:
Jim Apger, Sr Security Architect, Splunk

Security hygiene can be poor, and criminals know it. Fraudulent activity costs are in the billions worldwide across industries, and over 16 million consumers in the US were victims of identity theft or fraud in the past year. Learning to onboard new data at the speed of the business will ensure your fraud team can detect and investigate data to quickly find anomalies and reduce loss of money, reputation and organizational efficiencies.

In this session you will learn:

  • How to recognize examples of fraudulent activities in your environment;
  • How to more quickly find anomalies of transactions or behaviors of accounts that are fraudulent, acting fraudulently or being taken over;
  • Recommendations and best practices on how to get started detecting fraudulent patterns and activities by using machine data and an analytics-driven security platform.
4:00 pm - 4:45 pm

Panel: Know Your Attacker: Lessons Learned from Cybercrime Investigations

Speakers:
Matthew Maglieri, CISO, Ruby, parent company of Ashley Madison
Richard Murray, Supervisory Special Agent, FBI Dallas Cyber Task Force
Ronald Raether, Partner, Partner at Troutman Pepper

"Know your customer" is a familiar refrain in business circles. But as threat actors grow in number, sophistication and cross-channel schemes, it is increasingly important for organizations to also have a clear picture of their potential attackers - whether they are nation states, cybercrime gangs or lone actors. Join this panel of law enforcement officials and internal investigators for their insights on:

  • Today's most prevalent cybercrime schemes - and why they are successful;
  • Traits of the threat actors most commonly perpetrating these schemes;
  • Lessons learned from actual crime investigations - and how you can put these to work to improve your own defenses.
4:45 pm - 5:00 pm

Closing Remarks/Look Ahead to Day 2

5:00 pm - 6:00 pm

Cocktails & Networking

View Schedule
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am - 9:00 am

Opening Remarks

9:00 am - 9:45 am

Cybercrime Exposed: Insights from a Former U.S. Most Wanted Cybercriminal

Speaker:
Brett Johnson, Former Most Wanted and "The Original Internet Godfather"

Brett Johnson, referred to by the United States Secret Service as "The Original Internet Godfather" has been a central figure in the cybercrime world for almost 20 years. He founded and was the leader of Counterfeitlibrary.com and Shadowcrew.com. Working alongside the top cyber criminals of our time, he helped design, implement, and refine modern Identity Theft, ATO fraud, Card Not Present fraud, IRS Tax Fraud and countless other social engineering attacks, breaches and hacking operations.

Join Johnson as he discusses:

  • His involvement in online crime;
  • The current state of cybercrime, the crooks and the crimes they commit;
  • How to avoid being a cybercrime victim.
9:50 am - 10:20 am

Yes, You Can Get Burned When It's Cloudy

Speaker:
Katie O'Shea, Cloud Security Specialist, Check Point

Public and hybrid cloud adoption is exploding, but so are cloud hacks and breaches. Cloud assets are at risk from the same types of threats targeting physical networks, but traditional security protecting premises-based networks doesn't work in dynamic and elastic cloud environments.

What's more, cybercriminals are using increasingly automated and sophisticated techniques to target and penetrate enterprise cloud environments. Cloud-enabled businesses need to understand where they are vulnerable and how to leverage advanced threat-prevention security to keep their cloud data, workloads and assets protected. Join us to gain practical knowledge surrounding:

  • Risks and threats associated with moving data and workloads to the cloud;
  • Cloud hacks and breaches;
  • Practical guidance on best practices approaches to building security into cloud environments.
10:20 am - 10:35 am

Exhibiting & Networking Break

10:35 am - 11:15 am

Industrial Control Systems: How to Mitigate Espionage, Breach and Other Risks

Speaker:
Asif Effendi, Director of Security, GE Oil & Gas - Digital

Businesses that use industrial control systems, such as the oil & gas industry, have the same cybersecurity exposures that are found in non-industrial businesses: theft of intellectual property, exposure of customer and employee information, exposure of financial information, etc. However, these businesses have the added exposures associated with the industrial control systems used in the manufacturing or production processes. These include safety and health of the company's workers, safety and health of the public near the industrial installations, impact on the environment, regulatory compliance, and more. As a result, cyber-attacks and other IT security issues have become a top industry concern.

The presentation will focus on discussing:

  • The unique risks;
  • Associated impacts on organizations, employees and customers;
  • High-level solutions for protection.
11:20 am - 12:00 pm

The Legal Case for Cyber Risk Management Programs and What They Should Include

Speakers:
Jay Johnson, Partner, Jones Day
Shawn Tuma, Attorney, Spencer Fane LLP

"Cyber" has been treated as "just an IT issue" for far too long. It is not "just an IT issue"-cyber is an overall business risk issue that must be properly managed to comply with many laws and regulations, meaning it is also a legal issue. In this session we will examine:

  • The most impactful recent legal and regulatory developments including case updates, FTC enforcement actions, the New York Cybersecurity Regulations, and the GDPR;
  • How the application of these rules requires companies to have a robust and continuously maturing cyber risk management program;
  • Key elements the program must include.
12:00 pm - 12:45 pm

Lunch

12:45 pm - 1:20 pm

Blockchain as a Tool for Fraud Prevention

Speaker:
David Houlding, Principal Healthcare Program Manager, Microsoft

Financial fraud can be notoriously hard to detect and easy to cover up. But does blockchain technology with its distributed digital ledger now offer a new tool to help organizations reduce risk and prevent fraud?

This session describes:

  • More about blockchain and its uses beyond digital currencies;
  • The value of blockchain to reduce financial transaction time, risk and fraud among multiple parties with a trusted, decentralized digital ledger;
  • Lessons from organizations that already are using blockchain technology as a tool to prevent fraud.
1:25 pm - 2:00 pm

Critical Infrastructure Protection: Making Public/Private Partnerships Work

Speakers:
Ian Schneller, SVP, Global Information Security, Bank of America
Tara Brewer, Cyber Security Advisor Program, Office of Cybersecurity and Communications, US Department of Homeland Security

What are the keys to successful threat-intelligence sharing between the public and private sectors? The government has focused a great deal of attention on how to adequately automate and share threat intelligence. This session explores how the private sector can use the government's experience and apply it, and develop public/private relationships for joint cyber initiatives.

2:05 pm - 2:40 pm

Panel: Build or Buy? The CISO's Guide to How to Develop Advanced Defense

Speakers:
Brian Engle, Founder and CEO, Riskceptional Strategies
Brian Wrozek, Managing Executive Director, Office of the CISO, Optiv
Parrish Gunnels, CISO, Kibo Commerce

DDoS, enterprise IoT, cyber fraud, industrial controls. Summit attendees over the course of the past two days have been educated on many of the bleeding-edge threats and threat actors, and they have gained insight on the latest tools to detect and respond to attacks. But how do they act upon this information? How do they allocate their limited resources and - bottom line - determine which capabilities to build and which to buy?

In this panel, composed of member of the Texas CISO Council, security leaders will discuss how to:

  • Build an information security program under resource constraints;
  • Decide when to build, buy or rent;
  • Measure the performance of the security program more like a business .
2:40 pm - 2:50 pm

Closing Remarks

View Schedule

SPONSORS / Supporting Organizations

DUO Security
Lastline
Splunk
Arbor Networks
Check Point

LOCATION / Venue & Address

HYATT REGENCY DALLAS

300 Reunion Boulevard
Dallas, Texas, USA, 75207

Visit Venue Website

WATCH SESSIONS ONLINE

For our premium members, we offer online webinars from all of our past events. Become a member now to get access to keynotes and important sessions from previous events.

Become a Member