Conference Agenda

Printable Schedule

Friday, September 21st

8AM

Registration + Continental Breakfast Opens

8:45AM - 9:00AM

Conference Opening and Welcome

9:00AM - 9:45AM

Morning Keynote: Security Strategy for the $1.5 Trillion Cybercrime Economy

At a time when cybercrime is breaking records, the architectures enterprises use to secure themselves are failing. The new economy is cloud first and securing the cloud means leveraging security capabilities native to the cloud. In this session, attendees will get an insight to the latest cybercrime trends as well as how modern, cloud first businesses are designing security that is resilient, and business agile. Speaking on current and emerging trends, Ann examines why the cloud is the security platform of choice.

9:45AM - 10:00AM

Break and Vendor Visits

10:00AM – 10:45AM

10 mistakes (almost) everyone makes with identity and authentication

We all authenticate to tens or even hundreds of services every day. Sometimes we even notice when that happens, and rarely we spend a few seconds thinking about what we just did. There are a lot of misconceptions about how identity and authentication needs to work. In this session, Jesper goes through 10 (more or less) mistakes that a number of organizations and service providers make when it comes to implementing an identity and authentication strategy.

10:00AM – 10:45AM

Endpoint Security in the Cloud Generation

The Cloud Generation brings with it numerous challenges for IT security, many stemming from the vanishing perimeter and BYOD to shadow IT and advanced malicious exploits. Learn about the state of the modern threat landscape and the strategies required to effectively combat it and keep corporate data safe. Learn: - Threat vectors against modern endpoints - Technical strategies required to keep data safe from attacks on modern endpoints - Priorities for implementing an effective endpoint solution.

10:00AM – 10:45AM

Paul Rich

TBD

10:45AM – 11:00AM

Break and Vendor Visits

11:00AM – 11:45AM

Panel Discussion: Digital Transformation led by Bitcoin and Blockchain, How will the digital currencies transform your company and its business processes?

Blockchain and IoT is changing the landscape of how we do business but the technologies have inherent risks and challenges. This panel will discuss appropriate uses of these technologies, benefits, and business risk and security challenges inherit in these technologies.

Panelists:

Rui Wang, CTO, Vericlouds

Radia Pearlman, Fellow, Dell EMC

Charlie Kaufman Architect Midrange Group, DellEMC

Alex Ortiz, CLE, Microsoft

11:00AM – 11:45AM

API Security Best Practices & Guidelines

API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both the public and private APIs, need to be protected, monitored and managed. API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. Following best practices in securing APIs will help to wade through the weeds to keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. This talk guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security.

11:00AM – 11:45AM

Legislation, Law, and Liability - Growing Complexities of Third-Party Services

GDPR, the CLOUD Act, and the emphasis on 3rd party security are converging. Mr. Hamilton will discuss navigating these and other issues in the context of using external service providers to supply networking, applications, and infrastructure.

11:45AM - 1:30PM

Lunch Keynote: Is that Robot Really Who It Says It Is? Securing Automation and Solving the Secret Zero Problem

Do organizations truly know who and what are grabbing secrets in their environments? In this talk we investigate the Secret Zero problem and answering the question of securing highly sensitive credentials used as part of automation services.

1:30PM – 1:45PM

Break and Vendor Visits

1:45PM – 2:30PM

Data Loss Prevention and Capabilities Panel

Data loss prevention (DLP) is a process for protecting sensitive data at rest, in-transit, and on endpoints to reduce the likelihood of data theft or unauthorized exposure. DLP solutions aim to prevent sensitive data and confidential information from being stored, used, or transferred insecurely.

Many organizations have invested in the top data loss prevention tools to protect their on-premise information from theft or loss, and comply with data privacy and compliance laws. However, most of these solutions are designed to protect data in file servers or email, and therefore don’t address today’s cloud governance and mobile security challenges as data moves to unsanctioned cloud services that are accessed by unmanaged devices.

Our Cloud DLP panel will share strategies from multiple vendors on what differentiates solutions, including Cloud Native options, CASB DLP products, and integration with existing top DLP tools on-premises.

Panelists:

Srini Gurrapu, Cloud Evangelist, MacAfee

Sala Nassar, Director Product Marketing – Information Protection, Symantec

Sean Cordero, Vice President Cloud Security, Netskope

1:45PM – 2:30PM

Software Defined Perimeter

Security needs to be redefined as an approach that programmatically secures resources in an enterprise or in the cloud in predictable, controlled and cost effective manner. Disruptive technologies like SDN, Cloud, Server virtualization are exploding and are already challenging Security. Security controls are required to be portable and should be programmed into networks, hosts, VMs and client machines, it needs to be everywhere and follow the source no matter where the client moves. With growing number of threat and huge number of events per day it is not humanly possible in future to create cases, analyze and take corrective actions. We need technology that can learn bad behavior and predict threats without being explicitly programmed. Logical policies are desired as compared to physical configurations.

1:45PM – 2:30PM

Your Device Is My Miner

The dramatic increase of crypto currency price reshaped cybersecurity landscape, dedicated devices are created to mine crypto currency, malware authors target both dedicated miners, and convert IoT devices into miners. This presentation describes the economy of crypto currency and how IoT security's role in this booming area.

2:30PM – 2:45PM

Break and Vendor Visits

2:45PM – 3:30PM

Panel Discussion: Do you know where your code is and what's in it?

Is your Source too Open? As we further adopt open source and move towards the future of serverless and containerized workloads, have we opened the doors too far? This is a panel discussion talking about some of the pitfalls and simple steps to avoid when working with open source and containers.

Panelists:

Carmichael Patton, Senior Program Manager, Microsoft

Sam Vaughan, Senior PM at Microsoft Customer Security & Trust Secure Open Source Initiative.

2:45PM – 3:30PM

Hardware Enforced Crypto for Securing Blockchain Credentials and Transactions

Blockchain technologies have been developing rapidly but how to protect user data and credentials on the blockchain remains big challenge. This talk shows how hardware enforced crypto technology such as Intel SGX can be leveraged to design a hardware hot wallet which maximizes the protection on private keys of blockchain users while maintaining great usability. A live demo will be shown to illustrate how security and usability are both achieved with the design.

2:45PM – 3:30PM

Encryption and Secrets Management

TBD

3:30PM – 3:45PM

Break and Vendor Visits

3:45PM – 4:30PM

Best Practices for Securing Cloud Deployments

In the cloud, the difference between a well secured application and one vulnerable to attack can come down to a few simple choices made by a developer or operations engineer. Matt will describe the best practices he recommends for keeping cloud deployments secure, and how implementing these controls can ruin a pentester’s day. While the discussion will focus on Azure, most of these suggestions are applicable to all public cloud users.

3:45PM – 4:30PM

DevOps with Machine Identity

3:45PM – 4:30PM

Early Experience with the CSA Code of Conduct for GDPR

Mr. Stocker will discuss early experience with the CSA Code of Conduct in the context of assessing a major Cloud Service Provider. We will cover challenges, wins, and lessons learned.

4:30PM – 5:00PM

Closing Keynote: The Security Professional's Guide to Threats in the "Cloud" Galaxy

At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges. The development of the cloud service model delivers business-supporting technology more efficiently than ever before. The shift from traditional client/server to service-based models is transforming the way technology departments think about, designing, and delivering computing technology and applications. However, the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging. This presentation aims to provide individuals with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.

5:00PM – 7:00PM

Conference Wrap, Raffle Prizes, Networking Social with Appetizers and Drinks