March 21 2023

9:50 AM – 10:40 AM Registration and Networking

9:50 AM – 8:15 PM: Vendor Expo

12:00 PM – 1:35 PM Lunch – Vendor Expo

1:35 PM – 2:20 PM Panel: Shifting left has left something behind

Larry Whiteside

2:25 PM – 3:10 PM Panel: Modern DFIR (Digital Forensics Incident Response) & Corporate Espionage

Bill Corbitt

3:10 PM – 3:30 PM Break – Vendor Expo

3:30 PM – 4:15 PM PM Panel: “Mobile Rules the World – But why are 85% of Mobile Apps Vulnerable?

Brian Reed

4:20 PM – 5:05 PM Panel: Application Security – Learning by Failing

Howard Chen

5:05 PM – 5:25 PM Break – Vendor Expo

6:15 PM – 8:15 PM: Happy Hour and Raffle Drawings

Talk Descriptions:

Opening Keynote:
Implications of Government and Legal Oversight on the Cybersecurity Community

Marc Weatherford

The implications of government intervention and oversight into the cybersecurity-related activities of private companies are the result of what some are calling a long overdue call to action. With the American private sector responsible for securing the vast majority of the nation’s critical infrastructure, including banking and finance, energy production and distribution, transportation systems, and communication networks, citizens across the nation are oftentimes too dependent upon the goodwill of those same critical infrastructure companies to invest adequately in cybersecurity defense.
From burdensome federal and state legislation to the recently released White National Cybersecurity Strategy that calls for the private sector to take more cyber responsibility for protecting society, the government is now making up for prior inaction and raising the bar to unprecedented levels. Additionally, legal judgments that create organizational conflicts of interest and fear within our profession risk creating an environment that makes it difficult to meet our professional obligations. This keynote talk will address non-technology policy issues that all cybersecurity professionals should be aware of and hopefully help us rationally discuss the question of, “how much intervention and oversight is too much?”

Panel, Moderator: Brett Fulmer

“Cyber Insurance, Responsibility & Liability”

An overview of Cyber insurance options & how and when insurance coordinates within the incident cycle.

“Shifting left has left something behind”

Larry Whiteside
For the last few years there has been a large movement to move EVERYTHING in cybersecurity left. And it’s extremely important for an organization to be more automated and utilize tools that enable better use of Human Resources. However, most of the shift left has been focused on operation or development components of IT and cybersecurity. As important as those are, it’s time to shift compliance left as well and create a near real-time view of how organizations are meeting their security controls in an effort to have a better cybersecurity and compliance posture.

Women in Security Fireside Chat:
Karla Reffold Sits Down With Cybersecurity Leader Jessica Barker

With the explosion of cybersecurity businesses in the past few years, this group of Founders and CEO’s will talk about what has changed, what’s to come and what it takes to build a business in this industry.

“Modern DFIR (Digital Forensics Incident Response) & Corporate Espionage “

Bill Corbitt
In the ever-evolving digital security market, corporate espionage, espionage conducted for commercial or financial purposes, is probably the most overlooked yet most pervasive act(s) of digital information theft in the modern world.
Corporate espionage is also known as industrial espionage, economic espionage, or corporate spying. However, it is termed Intersec Worldwide is one of the industry leaders in counterespionage tradecraft.
In this discussion we will cover a variety of topics, which include;

• Evolving Security Market
• Your Data
• Recognizing Espionage

As well as aspects of how to work with the DOJ, and elements of the FBI Counterintelligence teams.
We will discuss the high-level aspects of what it takes to build a counterespionage case and the complexities around building such a case.
Among the topics are understanding the enemy, how culture is a major factor in acts of espionage, and discussing a pervasive espionage culture, and their motivation.
Concluding this discussion, we will discuss a couple of elements of espionage, in the Case Study section and open the floor up for a general, and frank discussion.

“Executive Leader Panel”

The Executive Leadership panel will feature top cybersecurity leaders who will discuss the key qualities, strategies, and vision needed to be an effective Cybersecurity Leader.
The panelists will share their insights and experiences on how they have led their organizations to success in the ever-evolving field of cybersecurity. They will discuss the qualities and skills that are essential for a cybersecurity leader, including strong communication, strategic thinking, and adaptability. They will also touch upon the importance of building and maintaining a strong team, as well as the need to foster a culture of cybersecurity awareness and accountability throughout the organization.
The panelists will address the challenges of balancing security with business objectives, and the importance of aligning cybersecurity initiatives with overall business strategy.
Overall, the cybersecurity executive leadership panel promises to be an informative and thought-provoking event, providing attendees with valuable insights and perspectives on leadership in the rapidly evolving world of cybersecurity.

“Mobile Rules the World – But why are 85% of Mobile Apps Vulnerable?”

Brian Reed

Mobile apps dominate all digital time spent online – but mobile AppSec and mobile supply chain risk management programs often lag. Your business runs on mobile, from your employees to your customers. In fact, in 2022, 210 billion mobile user downloads of the 6 million mobile apps in public app stores generated over $260bn in mobile revenues.
In this session we will look at the global mobile economy, the opportunities and risks with mobile that all executives should understand. Leveraging the latest benchmark data from the Coalfire NowSecure Benchmark Report and an analysis of millions of mobile apps in the public app stores, we will gain a deeper understanding of the mobile risks and then explore how to factor mobile security and privacy into your enterprise mobile app development, procurement and enterprise supply chain risk management programs. Along the way we will hit the latest privacy and security updates with iOS and Android that your mobilizing organization will need to address.

Board Level and Executive Reporting – How the SEC Cybersecurity Guidelines Will Impact Us

Laz Demtrios

Demetrios Lazarikos (Laz), will explore topics that are top of mind for security practitioners that have direct involvement in measuring, optimizing, and communicating their security program. Attendees will gain insight into best practices and building a strong program foundation in these changing times.

• This is a pragmatic discussion that is not to be missed. This session will cover the following topics:
  New SEC proposals for Cybersecurity Disclosure – how these suggestions are impacting our security program reporting with the Board and Exec Staff.
• Effectively communicating security program management within your organization while navigating business risk and change.
• Skillfully partnering, advising, and influencing senior leadership on the future while adapting to business and regulatory requirements.

“Application Security – Learning by Failing”

Howard Chen
Application security doesn’t end at the OWASP Top 10, CWE 25, or STRIDE.
While those frameworks are an important first step in writing secure code, it takes more than that to build a secure application.
Instead of treating applications as closed systems, we need to start handling them like a part of our security ecosystem.
In this talk, we’ll look at some real-world examples of application security failures that led to some of the biggest breaches in recent history, and what we can learn from them.

Closing Keynote:
“The Beginning of Cybersecurity – How a $10.5 Trillion Industry Started”

Cleve Adams

Cleve Adams shares his experience starting 26 years ago with the beginning of Cybersecurity and his adventure of starting and growing the first Cybersecurity Unicorn. He started at the beginning of what we know today as Cybersecurity and along with Cisco, Checkpoint, Microsoft, and others along the way, putting together the building blocks for todays $2 Trillion market opportunity growing to $10.5 Trillion by 2025.