Speaker:
Asif Effendi, Director of Security, GE Oil & Gas - Digital

With the proliferation of data breaches, many organizations are moving to a model that companies no longer automatically trust anything inside or outside its perimeters without verifying before granting access to systems. Zero Trust draws on technologies such as multifactor authentication, IAM, orchestration, analytics, encryption, scoring and file system permissions. Attend this session to learn more about:

• Key challenges in adopting this model
• Resources (people, process and/or technologies) needed to be able to move forward
• Implementing zero trust model successfully in the organization

Speaker:
Ian Schneller, SVP, Global Information Security, Bank of America

In this presentation, we will first explore a set of commonly used technologies that may not be closely examined as part of traditional information security programs. However, they likely introduce critical risks via open apertures allowing for unauthenticated inputs by anonymous users. For a moment consider how a malicious user could potentially use modified content on their license plate to exploit a sensitive information system. In this presentation, I will show you examples of how to identify assets and uncover vulnerabilities using new perspectives in this increasingly-connected world. Heavily based upon lessons learned from a 20+ year cyber career in the public sector, this presentation will provide new strategies through exciting examples that will shape how you interpret additional technologies around you and design security controls to uplift your defenses.

Speaker:
Ronald Raether, Partner, Troutman Sanders

During this workshop, Troutman Sanders partner Ron Raether will discuss the benefits of table top exercises. He then will explain how to conduct an effective exercise walking through mock incidents and explaining the process. Participants will:

• Walk through several common incident scenarios and observe lessons to be learned when discussed by an incident response team;
• Learn key features in an incident response plan and how the table top exercise works to improves each component;
• Hear of common mistakes made by companies when executing an incident response plan.

Speaker:
Art Ehuan, Managing Director, Alvarez & Marsal Disputes and Investigations, LLC

We often hear about the Dark Web and how criminals use it to commit criminal activity. This session will dive deeper into how the Dark Web operates and how fraudsters hide their identify and buy/sell illicit good and services with anonymity. The following topics will be covered:

• See how the Dark Web works
• Understand how fraudsters operate on the Dark Web
• What organizations can do to protect their data from being bought/sold on the Dark Web

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

• The latest research on insider fraud
• How "accidental insiders" are enabling fraud schemes
• How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.

Speaker:
M.J. Vaidya, Adjunct Professor, New York University

The focus of this talk is the connected product (IoT) ecosystem and the blurring of traditional boundaries that requires a "true" end-to-end security strategy. Topics will include:

• Evolution of IoT products
• Impact on companies who use IoT devices
• Supply chain risks
• Management and board responsibilities

Speaker:
Carl Gustas, Solutions Engineer, Cequence Security

In this discussion, I'll be covering the automation landscape as it pertains to nefarious actions against hyper connected organizations. We'll begin by talking about what bots were initially designed for and what they've evolved to. My focus will be on the negative effects automation can have on organizations, their business logic, infrastructure and security practices. The second half of the discussion will be around the tools commonly used by enterprise organizations and the pitfalls and challenges surrounding them.

Speakers:
Brett Leatherman, Supervisory Special Agent, FBI
Kristin Judge, CEO, Cybercrime Support Network

"Know your customer" is a familiar refrain in business circles. But as threat actors grow in number, sophistication and cross-channel schemes, it is increasingly important for organizations to also have a clear picture of their potential attackers - whether they are nation states, cybercrime gangs or lone actors. Join this panel of law enforcement officials and internal investigators for their insights on:

• Today's most prevalent cybercrime schemes - and why they are successful
• Traits of the threat actors most commonly perpetrating these schemes
• Lessons learned from actual crime investigations - and how you can put these to work to improve your own defenses