December 6 2022

9:30 AM – 10:15 AM (PST) Registration and Networking

9:30 AM – 6:20 PM (PST): Vendor Expo

12:15 PM – 1:35 PM (PDT) Lunch – Vendor Expo

1:35 AM – 2:20 PM (PST): “Securing Everything – An Introduction to Zero Trust“

Jeff Crume, PHD, CISSP – Distinguished Engineer, CTO IBM Security – Americas

2:25 PM – 3:10 PM (PST): “Drivers for Software Supply Chain Security Programs“

3:10 PM – 3:30 PM (PDT) Break – Vendor Expo

3:30 PM – 4:15 PM (PST): “Stop building for cloud the way you build for on premises“

4:20 PM – 5:05 PM (PST): “Navigating towards Zero Trust“

5:05 PM – 5:25 PM (PDT) Break – Vendor Expo

6:20 PM – 8:30 PM (PDT): Happy Hour

Talk Descriptions:

Opening Keynote:
“Zero Trust and Cyber Insurance – Strategic Issues for Executives”

Bryan Hurd

This session is designed for all levels and roles in company security and leadership and will explore core strategic concepts of Zero Trust (Privileged Access Management, Granular Access Control, vulnerability management, endpoint controls, MFA, Extreme Segmentation, common identity management, etc.) in context of cyber and other insurance.
With the view from the root causes of many of the most recent and most horrific attacks, the insurance industry often leads the way in requiring constantly improving controls to avoid losses. The presentation will cover discussion of the threats including ransomware attacks, intrusions, email compromises, invoice scams and other major incidents that can create a groundswell of financial losses and wipeout organizations. It will show how Zero Trust and other controls drive statistics from the insurance industry, discuss pertinent areas in the underwriting process, and provide proactive measures that executives can do today to mitigate risk. The session will include an interactive Q&A with a real world “cyber smoke jumper” who has lead governments and commercial clients through some of the largest breaches in the world.

“Zero Buzz – Zero Trust”

Diana Kelly

Zero Trust networks and architectures generated are already generating a lot of buzz, but with the rapid pivot to remote work in March of 2020 that buzz turned into a boom. Vendors scrambled to get their products in front of customers desperate to determine which product would deliver bullet-proof WFH security.
The reality is: Zero Trust (ZT) is an architectural approach not a product.
Yes, you need products, controls, and solutions to implement ZTAs but no single product can do it all. A successful ZTA roll-out requires planning and an architecture that supports a number of different solutions working together.
Join Diana Kelley for a buzz free explanation of what ZTA is, what it isn’t, and practical steps to make it work for your organization.

“Innovating in Cybersecurity land, Separating the Hype to Generate Real Impact”

Moderator: Debbie Christofferson

Are we overdue for innovation in security? We will engage a panel of experts on the emerging technology and trends and explore the opportunities for low hanging fruit, and investments that will gain you the most for your time, effort and resources.
We hear all these buzzwords thrown around security without always knowing what investment matters most to our cybersecurity risk. We will explore what innovation is, how to avoid redundancy and waste, and where we can create the most impact to our business’s cyber security risk strategy.
CSO magazine in their Nov/21 issue listed these terms to stop using: Ramsomware, Zero trust, Whitelist and blacklist, AI-powered security Cyber 9/11, Digital transformation, SIEM, People are the weakest link and Cybersecurity awareness, Cyberkill Chain and Hacker.
At Blackhat USA 2021, one speaker presentation added the ZTA acronym for zero trust architecture (without explanation). ZTT was listed in a slide at ISSA’s Sep/22 Cyber Executive Forum. This is ongoing. Out with the old and in with the new marketing terms and hype, for what works and what does not—often related to selling products and services, vs meeting the most pressing needs.

Takeaways:
Primary capabilities we should look at, to protect us against data breaches and help us manage any breaches that do hit our business.
Sort out the buzzwords and puffware and get down to the bottom line on what innovation is and where we can apply it for the greatest impacts to managing cyber risk in our business.
Bottom line in business, what top risks impacting our businesses today across the board, and how we can innovate in our staffing, technology and processes to cover our bases.

“Securing Everything – An Introduction to Zero Trust”

Jeff Crume

Who can you trust? If you are following a strict zero trust philosophy, the answer is no one and nothing. Is this achievable? Is it practical? Does it even make business sense? Can any vendor or tool provide zero trust? This session will discuss the principles that underly the zero trust philosophy along with providing some context of the origins of this approach and how it has evolved to become a top concern for organizations today.

“Women in Security Panel”

Moderator: Kara Reffold

Cyber security is one of the most challenging careers out there, and sharing of ideas is an essential part of all of our jobs. Panelists will give their thoughts on why female entrepreneurs are crucial to the development of the industry. They will also share what can be done to get more women to start businesses and raise funding, and how companies that are doing well with representation overall are doing differently. Join us for a great panel of leading women in CyberSec and hear about their experiences, challenges, and recommendations for moving ahead in the field.

“Drivers for Software Supply Chain Security Programs”

Dan Cornell

In the wake of incidents such as breaches at Solar Winds and CodeCov as well as open source vulnerabilities such as Log4Shell and Spring4Shell, organizations are finally coming to recognize software supply chain security as a critical risk.
This presentation distills the results of a survey of 300 technology executives looking into software supply chain security concerns from the perspective of both buyers and suppliers of software. It examines the factors that have led to increased awareness of software supply chain security issues, as well as what parts of the organization are driving change, budgetary implications, and next steps organizations are planning on to address these concerns.
Attendees will come away with a better understanding of the current state of software supply chain security issues as well as strategies they can use in their own organizations to help programmatically address these risks.

“Rethinking Risk. The Creation of a Risk Lifecycle to Better Bridge the Gap Between Practice and Board.”

Kate Kuehn

Risk is a constant in business. CEOs and boards deal with several pressures, including competitive, financial, operational, cultural, supply chain, reputational, digital and even climate.
In today’s competitive digital environment, we are seeing a blur of traditional risk as political, social and technological factors impact the accepted standards leveraged in an enterprise risk register in unprecedented ways In this “new normal” how do we rebuild the towers of risk as fast as the walls are tumbling down on our traditional notions, incorporating this new cyber lens? We will consider the history of enterprise risk. The impact the rapidly changing face of cyber threat is having on risk, the new models emerging, and how do we start changing the game to better address our current risk environment with cyber predominantly in the center.

“Stop building for cloud the way you build for on premises”

Shawn Anderson

The times we live in require security leadership to embrace the old but also the new. We are expected to be a jack of all and know everything. The old mantra of inch deep and mile wide has become a mile deep and miles wide. This talk is geared toward the cybersecurity professional who is struggling with on prem vs cloud decisions. It’s time to burn the ships as there is no turning back. You must implement a framework, gain by-in, build a solution, implement, and monitor it all. This talk will cover all these topics and some steps to consider on your journey. At the end you will have some more tools for your toolbox.

“Security in the Midst of Disruption”

Jimmy SandersSeemingly overnight, the technical and security landscape changed due to world wide disruptions. Many companies have completed or are in the midst of a Zero Trust revolution. How can security leaders continue to prosper within the context of this new reality. This presentation is designed to be holistic in covering the mental, technical, and emotional strategies practiced and learned from various industry leaders.

“Navigating towards Zero Trust”

Jerry Hoff

Zero Trust has been the source of hope and perhaps confusion for many organization looking to improve and modernize their security program. Despite wide agreement that Zero Trust concepts lead in a positive direction towards better security, there is still frequent misunderstanding and uncertainty surrounding Zero Trust. In this talk, we will break down Zero Trust fundamental concepts and resources, discuss Zero Trust precursor activities that your organization can use as a starting point, and discuss key elements to incorporate into an overall strategy and plan to implement Zero Trust within your organization.

Closing Keynote:
“I Have Zero Trust in the Metaverse: It Will be Weaponized and Is Anyone Doing Anything About It?”

Winn Schwartau

A long time ago, on June 27, 1991, I testified before the US Congress and warned that the then-emerging internet was ripe for Cyberterrorism, Cyberwar, Cybercrime, the loss of privacy, and a potential Electronic Pearl Harbor. I called it Information Warfare.
A Congressman asked me that day, “Mr. Schwartau, why would the bad guys ever want to use the internet?” Today, “Mr. Schwartau, why would the bad guys ever want to use the Metaverse?”
Tens of billions of dollars and euros are being spent by global technology giants to digitally terraform the first generation of simulations; multi-user interactive virtual worlds with varying degrees of immersion, meant to captivate hundreds of millions of people.
Yet, is anyone talking about Security & Privacy with the to-be-developed technologies, highly granular and enhanced surveillance capitalism, behavioral monitoring and influence and all the other issues that make a lot of folks very uncomfortable.
What has Schwartau come up with this time, 30 some years later?