Speaker:
Katie Arrington, CISO, Department of Defense

Speaker:
Chase Cunningham, Principle Analyst, Forrester

Even without the current forces of change, the world would be adopting zero-trust principles, but cyber security professionals still want to know why is the adoption of ZT happening? In this session Dr. Chase Cunningham details what the real issues are and how an organization should deal with the truths that are so evident in cyber security. Chase will talk about how the U.S. Army, FBI, major banks and many more are deep into a long-term transformation to enable Zero Trust, the technologies that make sense in this space, and he will provide insights into how ZT is being approached from the architecture and policy perspective. In this talk you'll also receive two simple questions to ask a zero-trust vendor who claims to address these fundamental issues and to find out whether they offer legitimate technology, or whether they, too, deserve Zero Trust

Speaker:
Henk van Achterberg, Technical Architect for Zero Trust, Symantec Enterprise Division | Broadcom

In this session we will take a closer look at zero trust and explain why zero trust is everywhere, in the cloud and on-premise including the mainframe. A holistic data-centric zero trust approach will keep your data safe, enable digital transformation and allow enterprises to be cost efficient when choosing the right zero trust platform.

Speakers:
David Brancato, Director of Technical Marketing, Venafi
Michael Thelander, Director of Product Strategies, Venafi

Think you know Zero Trust? You might have just half the story. In the new normal, Zero Trust is a part of your enterprise strategy. It's about secure remote access for your employees and partners. It's the model built on BeyondCorp. But, you've perhaps got just half the story.

Beyond remote access, beyond people, and beyond the traditional datacenter is the BeyondProd model. This is the machine-driven Zero Trust you may not know about yet: a fast-moving world of a perimeter-less, identity-based systems that rely on cloud-native designs, microservices, and service meshes that your developers and architects are driving today. You need to know how to secure and protect the millions of machine identities that are on the other side -- the non-human side -- of Zero Trust.

Speaker:
Christopher Perry, Lead Product Manager, BMC

Christopher Perry is the Lead Product Manager for BMC AMI Security. Prior to BMC, he served in the US Army in several cyber security roles including Expeditionary Cyber Company Commander, Technical Advisor to the Commanding General of Army Cyber Command, and Cyber Training Officer. He is a graduate of United States Military Academy and holds several certifications including Offensive Security Certified Professional + Expert (OSCP / OSCE), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), GIAC Certified Intrusion Analyst (GCIA), and GIAC Certified Forensic Analyst (GCFA).

Speaker:
Christopher Perry, Lead Product Manager, BMC

Christopher Perry is the Lead Product Manager for BMC AMI Security. Prior to BMC, he served in the US Army in several cyber security roles including Expeditionary Cyber Company Commander, Technical Advisor to the Commanding General of Army Cyber Command, and Cyber Training Officer. He is a graduate of United States Military Academy and holds several certifications including Offensive Security Certified Professional + Expert (OSCP / OSCE), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), GIAC Certified Intrusion Analyst (GCIA), and GIAC Certified Forensic Analyst (GCFA).

Speaker:
Rich Thompson, VP, Global Sales Engineering, BlackBerry

When it comes to enterprise security, Zero Trust is a concept that is becoming popular. More of a philosophy than a set of procedures, Zero Trust requires a deeper discussion and look at security. Is it practical for every one? Should Zero Trust be a priority? Why does it matter? What are the challenges? What is important? What about IoT? What role does our current security program play?

This session will explore the important questions about whether Zero Trust should be a priority for your organization and touches on the role of users and devices, environment and network. We will discuss the approaches and challenges with Zero Trust, addressing business drivers such as cloud environments and business continuity needs.

Speakers:
Shehzad Merchant , Chief Technology Officer, Gigamon
Sujeet Bambawale, CISO, 7-11
Togai Andrews, CISO, Bureau of Engraving and Printing

• Zero Trust is about implementing the right policies for ZT access. How do you get the policies right so that they are tight enough to be meaningful and yet not break the network?
• Once Zero Trust policies are implemented, how do you monitor for moves/adds/changes so that the policies are can adjusted based on changing application, network and user patterns
• Zero Trust won't prevent breaches, though it will make it harder and help contain the impact. What do you need to do beyond ZT to actively monitor for threat activity?

Speaker:
Dave Lewis, Global Advisory CISO, Cisco

The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. The zero trust access model delivers security without cumbersome and antiquated technologies. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps.

Speaker:
Ax Sharma, Senior Security Researcher, Sonatype

Legacy software supply chain "exploits", such as Struts incident at Equifax, prey on publicly disclosed open source vulnerabilities that are left unpatched in the wild. Conversely, next-generation software supply chain "attacks" are far more sinister because bad actors are no longer waiting for public vulnerability disclosures. Instead, they are actively injecting malicious code into open source projects that feed the global supply chain.

Join in this session led by Ax Sharma, Senior Security Researcher, Sonatype to:

• Understand software supply chain attacks and their impact on the open-source ecosystem
• Deep dive into prominent real-world examples of typosquatting and brandjacking malware
• Learn how your organization can proactively protect itself against software supply chain attacks

Speaker:
Grant Schneider, Senior Director For Cybersecurity Services, Venable LLP

Speakers:
Jeffrey Brown, CISO, State of Connecticut
Kostas Georgakopoulos, Global CISO, Proctor & Gamble
Rocco Grillo, Managing Director, Global Cyber Risk & Incident Response Services Alvarez & Marsal

Enterprise cybersecurity changed over a weekend last March - and so did the conversation about zero trust security. No longer a marketing buzz phrase, zero trust now represents the practical approach to validating credentials of employees, partners and trusted third parties. We've shifted from "trust, but verify" to "verify, then trust."

In this session, three experienced security leaders will weigh in on:

• How they have deployed zero trust
• Governance, culture and technology challenges to overcome
• Zero trust's impact on the future of third-party and supply chain risk