February 07 2024

Agenda

8:30 AM – 9:35 AM Registration and Networking

Foyer

8:30 AM – 6:20 PM (PST): Vendor Expo

Catalina Ballroom II

9:35 AM – 9:50 AM: Welcome Address
Richard Greenberg

Catalina Ballroom II

9:55 AM – 10:40 PM Keynote:
Opening Keynote:

Catalina Ballroom II

10:40 AM – 10:50 AM:
Organizational Exhibitors Welcome

10:50 AM – 11:10 AM Break – Vendor Expo

12:45 PM – 2:00 PM (PDT) Lunch – Vendor Expo

4:25 PM – 4:45 PM Break – Vendor Expo

Catalina Ballroom II

5:35 PM – 6:20 PM:
Closing Keynote

Tales From the Crypt…analyst: The After Life

Catalina Ballroom II

6:20 PM – 6:30 PM: Closing Remarks and Drawing, Haral Tsitsivas

6:30 PM – 8:00 PM: Happy Hour

Talk Descriptions:

Catalina Ballroom II

9:55 AM – 10:40 AM

Building AI Security In: MLSecOps in Practice

Diana Kelley
Are your AI and ML systems secure? How do you know? The more we rely on AI and ML, the more important it is that those systems are trusted and resilient. This talk explains how teams can build security into the Machine Learning lifecycle. Although many engineering and security professionals are new to ML, they carry with them deep learning and practical experience from DevSecOps implementations that can serve as a strong foundation for becoming MLSecOps experts.

Starting with an overview of real vs. perceived or overblown risks in AI and ML, we’ll help attendees focus on the most impactful security issues. From this baseline, we provide an explanation of how the MLOps lifecycle overlaps with DevOps and highlight the areas where the two processes diverge and why that matters. For example, while developers work in IDEs, data scientists perform tests and analysis inside of Jupyter notebooks. In use, software doesn’t change, while ML models change dynamically as they “learn.” Using DevSecOps as a guide, we provide clear guidance on how and where security can be woven into the ML pipeline to create an MLSecOps framework that incorporates core learnings from DevSecOps and extends them to ML use cases. We close the talk with lessons from real ML Engineering teams that illustrate best practices for securing ML across people, process, and technology.

Specific areas to be addressed:

  • Securing machine learning model
  • AI and ML supply chain security
  • Model and data provenance
  • Threat modeling for AI and ML
  • Audibility and transparency

Catalina Ballroom II

11:10 AM – 11:55 AM

Protecting the Blueprint of Life: The Importance of Information Security
at the Molecular Level

Greg Carpenter

This presentation discusses the need for information security (INFOSEC) at the
molecular level to protect our genetic information in light of the increasing use of gene
editing technologies such as CRISPR/Cas9. The proliferation of these technologies, coupled
with crippling ransomware attacks, has raised fears about the security and loss of integrity of
genetic data. Research has demonstrated that we are on the verge of having the internet run
through our bodies and that we will soon be another end device in the larger world of IOT.
Consider the consequences of a malicious actor launching a biocyber attack that executed a
DDOS of your brain or another vital organ. It is imperative to immediately implement
INFOSEC at the molecular level to protect individual privacy, thwart off malicious actors,
and help prevent errors and accidental mutations in genetic data that could result in false
diagnoses or incorrect treatment plans, potentially risking patients’ lives.

Catalina Ballroom I

11:10 AM – 11:55 AM

Utilizing AI in the Secure Engineering Space

Derek Fisher

“Utilizing AI in the Secure Engineering Space” dives into the relationship between Artificial Intelligence (AI) and software development, with a focus on how this critical technology can be used to create a more secure world. AI has brought a sea change to how software development processes get done, from code generation and bug detection to testing and optimization. This session will explore the various use cases of AI and where it’s had a positive (and negative) impact on software development.
Within cybersecurity, AI plays a key role in fortifying defenses. While machine learning has served as a bulwark for threat detection, anomaly identification, and rapid responses to security breaches, the utilization of AI in software development brings an opportunity for developers to create more secure code. Are these AI-powered code analysis tools more effective and/or efficient in identifying vulnerabilities, proposing solutions, and automating secure coding practices during the developmental stages? Will they replace the application security engineer? Or is this just another tool in our toolchest?
While our application security jobs are safe for the time being, AI promises a world where secure software development can be closer to reality than it is today. This talk aims to inspire a pattern shift in the approach towards secure software development.

Catalina Ballroom II

12:00 PM – 12:45 PM

When Technologies Collide: Navigating Cyber Security Trends

Moderator: Jackie Kalter
Panelists: Shannon Lietz, Michelle Friend, Kristie Bell, Cuc Du

Explore the dynamic intersection of cybersecurity trends with our expert panel, with Kristie Bell, Shannon Lietz, Michelle Friend and Cuc Du. From Managed Security Service Providers (MSSPs) to the evolving landscape of Zero Trust, DevSecOps practices, and cloud security, our discussion will touch upon the many complexities. We will also delve into the legal aspects of cybersecurity and the impact of emerging technologies. Join us for concise insights into how these trends collide and complement each other, in the ever-evolving cybersecurity realm.

Catalina Ballroom I

12:00 PM – 12:45 PM

Securing Hybrid Active Directory: Reducing Attack Surface

Derek Melber
Active Directory is under attack! Attackers know exactly what to look for and how to exploit Hybrid AD. Organizations are desperate to know how to secure AD, both on-prem and Entra ID. This session will show you what attackers do, and with this knowledge, you can efficiently secure AD. Both Entra ID and on-prem AD will be covered, to ensure that both environments are incorporated and secured. Be sure to bring your best questions for your presenter, Derek Melber, who is a 19X Microsoft MVP.

Catalina Ballroom II

2:00 PM – 2:45 PM

The Executive Perspective on Cybersecurity Strategy

Keyaan Williams

Building a sound security program is difficult without engagement and support from the board and corporate executives. This discussion focuses on governance from a business perspective and highlights the role of the board and management to support planning, development, and execution of an effective cybersecurity strategy. The discussion also highlights to practical steps that security leaders can use to build an effective security strategy that is aligned and integrated with the corporate business strategy.

Catalina Ballroom I

2:00 PM – 2:45 PM

Cloudy with increasing changes of breaches

Jeff Farinich

How well are you really prepared for the storm? Cloud Security Posture Management is no longer enough. You must also have Data Security Posture Management, Cloud Detection and Response, Machine/Non-Human Identities, Just-in-Time access and more to weather the storm.

Catalina Ballroom II

2:50 PM – 3:35 PM

Industry Trends In Cybersecurity and Investment Banking

Shawn Anderson

Join Shawn Anderson as he shares his knowledge and experience on the topic of Cyber security and investment banking. He will cover the state of the market, avoiding certain small businesses issues as they build their business, compliance and governance, technology market, and industry trends.

Catalina Ballroom I

2:50 PM – 3:35 PM

Fortress on a Budget: Securing your Infrastructure with Open Source
(No, Really!)

Alexander Braehler

Open source security products are essential components of the cybersecurity ecosystem, especially for small and medium-sized businesses that need to protect their IT assets from various threats. In this presentation, I will explore the advantages of using open source security tools, the active development and support communities behind them, and the best practices for deploying and maintaining them.
I will showcase some of the most popular and reliable open source security products that I have used in my professional career as an IT consultant and security expert. The presentation will demonstrate how open source security tools can provide high-quality, cost-effective, and customizable solutions for securing the IT infrastructure of small and medium-sized businesses.
The presentation will also address the challenges and risks associated with using open source software, and how to mitigate them by following secure development and deployment methodologies, and by leveraging the support and guidance offered by companies and organizations in the cybersecurity field.
By the end of the presentation, you will have a clear understanding of the benefits and challenges of open source security products, their active development and support status, and their applicability in securing the IT environment of small and medium-sized businesses.

Catalina Ballroom II

3:40 PM – 4:25 PM

Dive into the Future: AI, Third-Party Risk, and the SEC Ruling –
An Expert Panel Discussion

Moderator: Richard Greenberg
Panelists: John Underwood, Mike Cassar, Genevieve McGinty, Kevin Rigney

As artificial intelligence (AI) revolutionizes industries, the security landscape faces evolving challenges. Join us for a captivating panel discussion with leading cybersecurity experts as they delve into the intersection of AI, third-party risks, and the recent SEC ruling. We will also discuss some of the preventative security controls that we feel companies are not properly deploying.

Catalina Ballroom I

3:40 PM – 4:25 PM

Zero Trust, Zero BS

Howard Chen
In today’s digital landscape, traditional security models are becoming increasingly obsolete. Yet amid the noise of cybersecurity buzzwords, Zero Trust stands out as a beacon of promise. This talk aims to strip away the layers of marketing fluff surrounding Zero Trust, addressing strengths and dispelling myths about the concept.

Join us in a talk that navigates beyond the hoype and uncovers the value and implementation strategies of a Zero Trust model. Participants – regardless of their security expertise – will gain a foundational understanding of Zero Trust, empowering them to protect sensitive data and critical resources in an increasingly complex digital environment.

Catalina Ballroom II

4:45 PM – 5:30 PM

Security Operations Transformation: From alert fatigue to Continuous Detection/Continuous Response (CD/CR)

Toby Scales
Security Operations can be a thankless job, requiring sifting through endless noisy alerts to locate valuable threat signal. At Google, we’ve applied massive scale, automation and machine learning to create a code-forward workflow we call “CD/CR” (continuous detection, continuous response). Learn more about our SRE-inspired approach and how to implement it in your environment today.

Catalina Ballroom I

4:45 PM – 5:05 PM

The Constant Evolution of Cloud Security – 5 Trends and How to Respond to Them

DeMarcus Gilliard
Join us for an insightful presentation on “The Constant Evolution of Cloud Security – 5 Trends and How to Respond to Them.” In this session, we will explore key trends reshaping cloud security, including maintaining visibility across dynamic, potentially multi-cloud attack surfaces, achieving and sustaining compliance at scale, and effective responses to mitigate critical risks amidst the ever-evolving cloud landscape. Gain valuable insights and strategies to secure your digital infrastructure effectively in this dynamic environment.

Catalina Ballroom I

5:10 PM – 5:20 PM

Security Performance & Program Management: How Organizations Are Using Industry Benchmarks To Deliver Continuous Security and Security Investment Schedules.

Dennis Stimpson
Join us for an informative and collaborative discussion on the latest industry trends and benefits of security performance management (SPM). We will present multiple case studies highlighting how a comprehensive SPM strategy will allow security leaders to better measure, optimize, and communicate their security program to business stakeholders, exec staff, and the board

Catalina Ballroom II

5:35 PM – 6:20 PM

Closing Keynote:

Tales From the Crypt…analyst: The After Life

Jeffrey Man

The speaker began his career in InfoSec at the National Security Agency first as a Cryptologist, designing and fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA Red Team. He has shared his NSA story in a series of talks, “Tales from the Crypt…Analyst” and “MORE Tales From the Crypt…Analyst”.
This talk is the third installment in Jeff’s story and features his transition from NSA to the private sector in the early days of Information Security consulting. He will recount stories from the days of trying to convince companies that if they wanted to connect to the Internet they really needed a firewall; how penetration testing evolved to vulnerability assessments and then to security architecture advisory work; convincing clients that you didn’t need a browser to talk to a web server; finding an open network jack really did mean you had access to the network; why it’s not a good idea for your mainframe to be Internet reachable; rooting a mainframe; and ultimately trying to find ways to get organizations to think about Information Security from a strategic perspective rather than just selling them a bunch of blinky boxes and telling them where to place them. Of course, we’ve solved all these problems from the early days…or maybe, just maybe there are still lessons to be learned.