Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 30, 2022
    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:00 am
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable
    • session level icon
    Discussion topic to be announced
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am

    This session is for SecureWorld Advisory Council members by invite only.

    8:15 am
    Association Chapter Meetings
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:50 am

    Participating professional associations and details to be announced.

    8:15 am
    A Critical Look at the Security Posture of the Fortune 500
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:50 am

    The global pandemic has brought many changes to the IT landscape of corporations across the globe. To see how this has impacted the “best of the best,” Rapid7 Labs has reprised its seminal industry cyber exposure research from 2018 to see how the security posture of Fortune 500 organizations has evolved (or devolved), and to present solid advice to CISOs and practitioners looking to improve their cybersecurity practices.

    8:15 am
    How to Effectively Manage the Modern Risks of Open Source Code
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:50 am

    Today’s modern applications depend on of a substantial amount of open source components and third-party libraries, and developers acknowledge that utilizing open source allows them to focus more on unique code attributes instead of recreating what’s already been successfully established. Although organizations acknowledge a heightened level of security, license, and operational risk, unfortunately, many don’t effectively track or manage open source throughout their entire code base and cannot consistently address the widening hazards they face.

    As a result, organizations desire automated, repeatable processes for open source usage, risk management, and vulnerability remediation that fit within modern development environments.

    In this session, attendees will hear recommendations from Stephen Gates, Checkmarx SME, on how to effectively implement an approach to:

    • Identify open source with confidence
    • Minimize open source security and license risks
    • Prioritize exploitable vulnerabilities
    • Accelerate informed remediation
    • Integrate and automate open source analysis

    Presentation level: MANAGERIAL (security and business leaders)

    9:00 am
    OPENING KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:00 am
    The Threat from Within: Creating an Effective Cyber Awareness Program
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    The basic “people problem” needs to be redefined and updated using science. For years, cybersecurity and data privacy advocates have been arguing that training employees is the only way to safeguard the organization. However, many organizations engage in cybersecurity training are forced to stare down the barrel of a data breach caused by one of those trained employees. The question becomes, why do we continue to repeat the same exercise expecting a different outcome?

    In addition, the global pandemic has caused many organizations to operate remotely. And many are planning to operate with at least a portion of their employees being remote. This causes another operational hurdle for IT and IT security professionals.

    This presentation will explain how cyber awareness training, in a traditional method, is a complete failure. We will discuss how using this traditional method of training can cause greater liability and threats to an organization. Finally, we will review how measuring an employee’s  Knowledge (K), Attitude (A), and Behavior (B) (“KAB”) toward cybersecurity can help to create tailored solution for cyber awareness training and provide a workforce the weapons they need to effectively stave off cyberthreats.

    10:00 am
    The #1 Challenge in the Digital Transformation to the Cloud—You!
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Using public clouds for enterprise datacenters is now mainstream; the advantages are significant and the gained agility undisputable. However, the number of services and options being offered is daunting. And with these choices come consequences; one misconfiguration can put your entire organization at risk… or worse.

    Another reality you will face as you scale is the challenge of using a “one-size-fits-all” interface. Imagine trying to find a misconfigured or exposed S3 bucket when you have thousands; it’s finding a needle in a stack of needles.

    And, if you’re like most enterprises, you have a resource gap and don’t have the experienced, trained security professionals maintaining your cloud environment(s). This gap exacerbates risks. The cloud environments available today are extremely comprehensive and powerful, but in unskilled hands, one fat-finger can have dire consequences. And, as you implement ephemeral cloud-native services like Lambda functions and other cloud-native platform components, new challenges will arise when conducting threat-detection and attribution.

    In this session, you’ll see your future and what to expect managing your public cloud-based datacenter. You’ll learn why Gartner says “Through 2023, at least 99% of cloud security failures will be the customer’s fault.” We will highlight the top challenges you will face and show you what you should prepare for before you scale. We will also detail recommended best practices for securing and maintaining compliance in your public cloud data center.

    10:00 am
    A Modern Approach to Information Protection
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?

    10:30 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:45 am
    Multi-Cloud Identity Management
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am
    Location / Room: 103

    Join this session as CISO Michael Meyer discusses and debunks the common myths about Multi-Cloud Identity Authorization Management (IAM). He will also delve into the inherent risks that are present, and discuss key strategies to reduce them and increase your organization’s security posture.

    10:45 am
    Get Beyond Compliance and Achieve Real Data Security
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    To keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.

    We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.

    10:45 am
    Code on Code Warfare
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    During this talk we will review some security metrics from 2020, which includes common ways organizations are approaching complex security issues such as ransomware and advanced threat groups. During the discussion, we will provide some insight into alternative methods or considerations whereby we can use the power of compute to prevent, discover, and recover from advanced attacks.

    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    11:30 am
    Artificial Intelligence: Applicable Rules and Regulations
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    This presentation is on the topic of Artificial Intelligence and the related state, federal, or international laws. Salar Atrizadeh will discuss the technology and how it affects intellectual property rights and privacy laws. He will also cover which technologies are being affected and how the courts are handling the legal disputes.

    The audience will take away the following:

    • What is artificial intelligence?
    • What are the applicable rules and regulations?
    • How does AI affect intellectual property rights?
    • How does AI affect privacy laws?
    • What technologies are being affected?
    • How are the courts handling the legal disputes?
    • What are the European Commission and United States doing about it?
    11:30 am
    Observability at Scale in All-Remote Environments: Principles and Practice
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    InfoSec practitioners understand that observability and time-to-detection are crucial pieces of the security puzzle. However, data is often collected indiscriminately, stored unnormalized, retained for arbitrary periods of time, and sometimes even poorly understood. These issues make processing, baselining, and alerting on data sources harder than it should be.

    In this session, Jayson Salazar, Sr. Security Automation Engineer @GitLab, will discuss in detail the principles, best practices, and tooling he’s relied on to continuously improve GitLab’s observability capabilities into its infrastructure. We will discuss technical, architectural, procedural, and compliance aspects surrounding successful logging, monitoring, and alerting operations for all-remote environments at scale. From Terraform, Serverless, Data-Store alternatives and Python as building blocks, over finding an architecture that meets your needs, all the way to Alert Triaging and Compliance, this is meant to be a guiding companion for Security departments at the beginning or midst of their observability journey.

    11:30 am
    The Implementation Journey of Zero Trust and SASE: Realizing the Benefits
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Most organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?

    In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?

    In this session, James Christianson will discuss:
    ·  How to migrate your security controls to take advantage of SASE
    ·  Reducing cost while increasing your security posture
    ·  Implementing a road map for SASE / Zero Trust

    12:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    12:15 pm
    LUNCH KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    1:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    Making Your Risk Management Program a Key Line of Defense
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    This session will explain how to build a Security Risk Management Program and how to raise awareness to your key stakeholders. You’ll learn where to start your lines of defense, and most importantly, how to mature the program where your stakeholders are comfortable discussing and making risk-based decisions.

    1:15 pm
    Continuous Security Validation: Exercise Your Environment More than the Adversary
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    With Incident Response as the new normal, ensuring that our systems and processes support that effort and threat hunting are working as expected. We will discuss why and how to establish a Continuous Security Validation (CSV) program within your organization. Specifically, how such a program evolves beyond Breach and Attack Simulation (BAS) and provides teams a continuous feedback loop to understand their posture and identify gaps as they arise.

    1:15 pm
    [Panel] Tales from the Cloud: Doing More with Less
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    The cloud saved many businesses when the pandemic hit. Some were already there and found new ways to thrive. For others, it was their first jump. It’s been almost two years now. Our panel will share what we’ve learned in this journey to the cloud—from doing more with less, to the ever-present insider threat risk, to supporting our DevOps teams like never before.

    1:15 pm
    [Panel] The Current Threat Landscape
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    If we’ve learned one thing from the pandemic it’s that cybercriminals do not take breaks. They are constantly retooling and trying new approaches. They collaborate—often better than we do. It is time for us to join forces, identify the most likely of risks to our organizations, and strengthen our networks. We’ve got to get our developers on board, as well, as it’s got to be secure before it goes to market. And what about all the careless clicking from employees?

    It’s a huge task, but we don’t have to do it alone. Join our panel of experts as they unpack the current threat landscape and offer ideas on how to start making effective changes within your organization.

    1:15 pm
    Executive Roundtable [VIP invite only]
    • session level icon
    Topic: Security Challenges with Digital Coworkers
    Registration Level:
    • session level iconVIP / Exclusive
    1:15 pm - 2:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, by invite only).

    Moderated by Larry Chinski, the discussion will cover:
    • Increased adoption of BPA tools (Hyperautomation)
    • RPA and the use of BOTS
    • Threats that BOTS pose in an organization
    • How to manage and secure BOTS

    Sponsored by One Identity.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:15 pm
    Human Resilience: A Myth
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    Humans are not resilient—they get sick, die, retire, and can choose not to work for an organization. Currently, a CISO changes jobs on average every 18 months. Burnout is at an all-time high. Cybersecurity professionals feel undervalued and underutilized. Diversity continues to fight for its place on the team. While the cybersecurity industry is full of useful cyber resiliency insights and research, the human role in the resiliency chain is often overlooked. Together, we will define human resilience and the four-part solutions to create human resilience: individual, team, company, and industry.

    Cybersecurity managers and leaders will leave this talk with a proactive talent resilience approach plan that will keep their talent from being vulnerable and/or from nullifying their overall resilience plans.

    Presentation level: MANAGERIAL (security and business leaders)

    2:15 pm
    [Panel] Securing the Code: AppSec and DevOps 101
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    Everyone says you’ve got to bake security into the development process, but it doesn’t always get done. Speed to market and “other considerations” can get in the way of good, clean secure code. Some developers share code or borrow from open-source platforms on the internet. Is that safe? How do you work with your DevOps teams to create a collaborative, proactive environment where they have the time and resources to build that security in from the beginning? How do you deal with burnout and fatigue? Our panel will address these concerns and more to help you get a handle on securing the code.

    2:15 pm
    [Panel] The Battle to Control the Endpoints
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    In a recent survey, the SecureWorld media team uncovered that a whopping 30% of IT professionals admitted they didn’t actually know if they had visibility on all the endpoints within their organizations! With close to a thousand endpoints (in the majority of those surveyed) that included: servers, office PCs, printers, employee-owned devices, smart watches, IoT—the list goes on and on. What does the cloud do to impact this count? What was missed? Join our experts as they help us gain better visibility into the battle to control ALL the endpoints.

    3:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    3:15 pm
    Cloud Security Checklist Manifesto
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    Inspired by the best-selling book “The Checklist Manifesto” by surgeon Dr. Atul Gawande, this talk will focus on identifying and focusing on a Cloud Security checklist. Like the medical field where checklists are necessary to make complex life and death situations a little more manageable, we need a robust set of tasks that are absolutely required for any cloud infrastructure. This session will also provide information to build up a starter checklist that can grow with the cloud workload. This will also help organizations meet their audit and compliance requirements.

    3:15 pm
    Data Breaches: Two Tales, Two Motives - Financial vs. Espionage
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    Financially motivated data breaches are similar to yet different from espionage motived data breaches. In this session, Verizon—producers of the annual Data Breach Investigations Report (DBIR)—will compare and contrast financially-motived and espionage-motived data breaches. Verizon will present this session through the lens of VERIS (Vocabulary for Event Recording and Information Sharing) Framework, to include the A4 Threat Model: Actors, Actions, Attributes, and Assets, and highlight key controls to counter data breaches.

    Industry accepted frameworks and tools can help improve capabilities to better prevent, mitigate, detect, and respond to data breaches with Financial motives or Espionage motives. These frameworks and tools include the VERIS framework, VIPR phases, NIST Cybersecurity Framework, and Center for Internet Security (CIS) Critical Security Controls (CSCs).

    Join this session and discover:

    • A4 Threat Models aspects of Financial Motive Breaches
    • A4 Threat Models aspects of Espionage Motive Breaches
    • Comparison between motives and the countermeasures to take

    3:15 pm
    Examining the CMMC and the Reasoning Behind It
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:15 pm - 4:00 pm

    The Deputy Principal Cyber Advisor for the DoD recently told the Senate Armed Services Cybersecurity Subcommittee that the Cybersecurity Maturity Model Certification (CMMC) is part of a crucial effort: “Our goal must be to complicate and frustrate adversary planning and operations such that they cannot conduct them with impunity or at scale.”

    In this session, join the Chairman of the Board at the CMMC Center of Excellence as he explores the logic behind the Cybersecurity Maturity Model Certification, its objectives, and its security benchmarks.

Exhibitors
  • Cloud Security Alliance – Delaware Valley Chapter
    Booth:

    Cloud Security Alliance Delaware Valley Chapter (CSA-DV) is a not-for-profit organization for people interested in education, training and possible certification in cloud security. We seek to improve the understanding of cloud security and to promote the interaction of both professionals and students in order to discuss current trends and topics within the industry.

    OUR PURPOSE:

    To promote cloud security best practices within the Greater Philadelphia region, to educate about cloud computing, identify its risks, methods to secure it, and to continually provide opportunities for the development of cloud security professionals.

  • Cybercrime Support Network
    Booth:

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Learn and connect virtually

Join your InfoSec peers for high-quality training and collaboration. Sign up today!