February 15 2023
Agenda
10:00 AM – 10:20 AM (PST):
Registration
10:20 AM – 10:35 AM (PST):
Richard Greenberg
10:35 AM – 11:20 AM (PST):
Ira Winkler
Opening Keynote:
“Deserving the Budget you Need“
11:20 AM – 11:40 AM (PST):
Break and Vendor Expo
11:40 AM – 12:40 PM (PST):
Roundtable Discussions:
12:40 PM – 2:00 PM (PST):
Lunch and Vendor Expo
2:00 PM – 2:45 PM (PDT):
Moderator: Richard Greenberg
2:50 PM – 3:35 PM (PDT):
Javier A. González
3:40 PM – 4:25 PM (PST):
Caroline Wong
4:25 PM – 4:45 PM (PST):
4:45 PM – 5:30 PM (PST):
Gal Shpantzer
5:35 PM – 6:20 PM (PST):
Malcom Harkins
Closing Keynote:
“Avoid Sisyphus – Progressing Beyond the Motion(s) of Cybersecurity“
6:20 PM – 6:30 PM (PST):
Haral Tsitsivas
6:30 PM – 8:30 PM (PST):
Talk Descriptions:
Horizon Level Room
10:35 AM – 11:20 AM (PST)
Opening Keynote:
“Deserving the Budget you Need”
The root problem with most security programs is that they are underfunded. They are generally given a budget that is arbitrarily determined by a percentage of some other budget and then forced to make due with what they are allocated. I always tell CISOs, they get the budgets they deserve and not the budgets that they need. To get the budget that you need, you need to deserve it. Instead of accepting an arbitrary budget, to deserve the budget that you need, you need to justify what you want for your budget. This presentation shows how to justify the budget you need and therefore deserve the budget that you need.
Horizon Level Room
11:40 AM – 12:40 PM (PDT)
Roundtable Discussion:
“The increasing role of Effective Cyber Risk Management”
This roundtable will discuss the ever increasing and changing nature of risk management within the cybersecurity space, and how CISO, CIO and Board of Directors under pressure to forecast and mitigate potential cyber risk events. We will look at some companies that have failed to achieve adequate risk management postures and have incurred regulatory fines and discuss lessons learned.
Horizon Level Room
11:40 AM – 12:40 PM (PDT)
Roundtable Discussion:
“Cybersecurity Metrics”
CISOs and CIOs are increasingly being asked by their boards and executive leadership to both prove that their cybersecurity programs are effective and well managed and to do “more with less”. There are numerous methods that can be used to measure a cybersecurity program. What’s the best way for your organization?
We’ll discuss and share ideas about realistic, pragmatic ways to measure cybersecurity programs and what metrics should be communicated to boards and executive leaders.
Horizon Level Room
11:40 AM – 12:40 PM (PDT)
Roundtable Discussion:
“Cyber Liability Insurance / D&O Insurance Discussion”
In a world with an ever-evolving threat landscape, cyber liability insurance has been a great tool for companies to limit the financial impact associated with ransomware, data exfiltration events, or other cyber events. On the other hand, we are seeing security leadership being held personally responsible for decisions that have been made before, during, and after security events / incidents.
In this discussion we will have an open forum on the cyber liability landscape and Directors & Officers Insurance.
Horizon Level Room
11:40 AM – 12:40 PM (PDT)
Roundtable Discussion:
“Resiliency and Mental Health of your Cyber workforce”
Workplace stress and burnout is affecting all of us. How can we as leaders assist our workforce to overcome the stress of “doing more with less”, tight deadlines, managing work/personal relationships and the constant connectedness of modern business? Realtime resiliency strategies help employees handle stress, an uncertain job market, workplace conflicts and life challenges that bleed into work life. Navigating these leadership challenges require strategies and skills not normally associated with business acumen. In this Roundtable, we will discuss and share ideas about increasing the resiliency of our workforce and caring about their mental health and wellbeing.
Horizon Level Room
2:50 PM – 3:35 PM (PDT)
“Beating the vendor fatigue with a Compostable Cyber Architecture”
CISOs are constantly assailed by vendors looking to get their products promoted and adopted. This creates a constant bombardment of unsolicited emails, calls, and invitations. Additionally, we have disparate technologies that require constant ending care feeding and depend upon a mesh of quadratic APIs integration. We complain and raise our voices but the situation has just gotten worse.
In this session, we discuss how building a reusable and scalable Cyber Security Open Fabric, that simplifies and streamlines product integrations, serves as the foundation for CISOs to make the right decisions for their product stack and empowers them to fend off the “silver bullet” vendors.
Horizon Level Room
3:40 PM – 4:25 PM (PDT)
“The Practicalities of Pentesting at Scale”
Manual pentesting is critical for security, providing action-oriented vulnerability information to companies testing their people, processes, and technologies. But how can teams build in proactive, preventive measures when strapped for talent and time? In this session, attendees will learn about a brief history of pentesting, its importance in the SDLC, and how to achieve pentesting at scale. Caroline will also share data from the 2022 State of Pentesting Report and preview data from the (not yet released) 2023 State of Pentesting Report.
Horizon Level Room
4:45 PM – 5:30 PM (PDT)
“Highway to the Logger Zone: Enabling High Speed Big Data Analytics with a Multi-Terabyte Logging Pipeline Strategy”
CISOs are being inundated with requests to exploit telemetry from old and new log sources, not to mention old and ‘new’ ideas about what to do with those logs. While most of this intense marketing is focused on ‘helping’ you make decisions on which techniques and tools will help you search and analyze the logs (ML/DL/AI, ELK/Splunk/Backstory/Sentinel/etc), very little attention is paid to the critical but non-sexy plumbing that gets the logs from their sources to the different tools that use those techniques (the sexy stuff…)
Even a remotely realistic PoC for a new analytical platform can be a daunting task, since these logs over here have to get to that platform over there… in the right format/schema/latency appropriate for that particular test case, in addition to where they currently need to be.
This talk focuses on the fundamental plumbing problem, and answers the following questions at a management level, with key Dos and Dont’s for each of these questions that you can take back to your org next week. You can benefit from this talk without having to know the technical difference between syslog and a distributed commit log:
• How do I estimate the size of this effort? Gigabytes become terabytes, terabytes become petabytes… faster than we’re ready for them. What is a realistic approach to getting the most out of your current logs: Capturing them in a scalable and forward-compatible pipeline, analyzing and transforming them in real time, then distributing them to where they need to go?
• How do you onboard new sources to get business value out of previously unexplored logs?
• How do I future-proof my logging strategy, so that if I need to add/remove/upgrade analytical and storage products and services, I’m not stuck re-building the logging infrastructure before I can benefit from those changes?
• How do I get my CTO/CIO/CFO colleagues to work with me on this logging strategy? What do they get out of this?
• How do you reduce MTTD/MTTR with a logging strategy that enables real-time work, while also enabling long time-horizon batch analytics and cold storage for DR/BCP?
• How do I get cybersecurity value out of non-‘cyber’ sources by leveraging this logging strategy?
• How do I save money on the ‘water meter’ costs that many analytics platforms charge, so that I’m paying for a good signal-to-noise ratio and not just shoving a lot of useless information into an expensive tool? (FYI: You pay for this noise three times: Ingestion-point water meter costs, storage, and query performance).
• What is the order of operations involved in terms of hard dependencies vs parallel work, so that you can minimize time-to-value, while preserving your future options and avoiding vendor lock-in?
• What tools are available for on-prem and cloud environments?
Horizon Level Room
5:35 PM – 6:20 PM (PDT)
Closing Keynote:
“Avoid Sisyphus – Progressing Beyond the Motion(s) of Cybersecurity”
In Greek mythology, Sisyphus was burdened by an exhausting, perpetual, uphill struggle in which he could never achieve sustainable progress or momentum. He was locked in a doomed routine that drained his attention, effort, and resources. Through the classical influence on modern culture, tasks that are both laborious and futile are described as Sisyphean. In many organizations, cybersecurity leaders are self-punishing by relegating their efforts to trite solutions and tired methodologies that are too inefficient, ineffective, and inexpedient to deter modern adversarial campaigns, let alone adapt to or preempt sophisticated attack paradigms. In short, by not adopting a progressive strategy that aligns with the organization’s strategic mission, capabilities, and priorities, cybersecurity leaders are preordaining a Sisyphean task. Their resources are squandered, and the ultimate culmination of their effort is to be crushed by the burden of the task and reset at square one.
Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit.
In this keynote I will explore the existing physics and gravitational forces of how we have approached cyber risk management to date. I will explain where we are stuck today and share a framework for a path forward. I will explore how to reorient your entire security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk.