Conference Agenda

Printable Schedule

Friday, September 21st

8AM

Registration + Continental Breakfast Opens

8:45AM - 9:00AM

Conference Opening and Welcome

9:00AM - 9:45AM

Morning Keynote: Security Strategy for the $1.5 Trillion Cybercrime Economy

At a time when cybercrime is breaking records, the architectures enterprises use to secure themselves are failing. The new economy is cloud first and securing the cloud means leveraging security capabilities native to the cloud. In this session, attendees will get an insight to the latest cybercrime trends as well as how modern, cloud first businesses are designing security that is resilient, and business agile. Speaking on current and emerging trends, Ann examines why the cloud is the security platform of choice.

9:45AM - 10:00AM

Break and Vendor Visits

10:00AM – 10:45AM

10 mistakes (almost) everyone makes with identity and authentication

We all authenticate to tens or even hundreds of services every day. Sometimes we even notice when that happens, and rarely we spend a few seconds thinking about what we just did. There are a lot of misconceptions about how identity and authentication needs to work. In this session, Jesper goes through 10 (more or less) mistakes that a number of organizations and service providers make when it comes to implementing an identity and authentication strategy.

10:00AM – 10:45AM

Endpoint Security in the Cloud Generation

The Cloud Generation brings with it numerous challenges for IT security, many stemming from the vanishing perimeter and BYOD to shadow IT and advanced malicious exploits. Learn about the state of the modern threat landscape and the strategies required to effectively combat it and keep corporate data safe. Learn: - Threat vectors against modern endpoints - Technical strategies required to keep data safe from attacks on modern endpoints - Priorities for implementing an effective endpoint solution.

10:00AM – 10:45AM

When Technology and Law Collide: Cloud Dynamics

Very frequently, organizations evaluating a transition to cloud services want to have assurance that the cloud service provider will not be able to access their data. This requirement leads to discussions about encryption, key management, and acronyms like BYOK and HYOK. What is very often overlooked by the security and compliance stakeholders is that this issue is not dependent solely on technical dynamics – there are legal dynamics as well. National laws, GDPR, and contractual commitments all play a large role. However, customer expectations are often founded on assumptions that do not hold up under examination. In this session Paul will examine the myths of data access in cloud services and bring clarity regarding what to expect, what to demand, and what is possible.

10:45AM – 11:00AM

Break and Vendor Visits

11:00AM – 11:45AM

Panel Discussion: Digital Transformation led by Bitcoin and Blockchain, How will the digital currencies transform your company and its business processes?

Blockchain and IoT is changing the landscape of how we do business but the technologies have inherent risks and challenges. This panel will discuss appropriate uses of these technologies, benefits, and business risk and security challenges inherit in these technologies.

Panelists:

Rui Wang, CTO, Vericlouds

Radia Perlman, Fellow, Dell EMC

Charlie Kaufman Architect Midrange Group, Dell EMC

Alex Ortiz, Chief Blockchain Evangelist, lifeID

Robert Koester, Senior Program Manager , Microsoft

11:00AM – 11:45AM

API Security Best Practices & Guidelines

API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both the public and private APIs, need to be protected, monitored and managed. API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. Following best practices in securing APIs will help to wade through the weeds to keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. This talk guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security.

11:00AM – 11:45AM

Legislation, Law, and Liability - Growing Complexities of Third-Party Services

GDPR, the CLOUD Act, and the emphasis on 3rd party security are converging. Mr. Hamilton will discuss navigating these and other issues in the context of using external service providers to supply networking, applications, and infrastructure.

11:45AM - 1:30PM

Lunch Keynote: Is that Robot Really Who It Says It Is? Securing Automation and Solving the Secret Zero Problem

Do organizations truly know who and what are grabbing secrets in their environments? In this talk we investigate the Secret Zero problem and answering the question of securing highly sensitive credentials used as part of automation services.

1:30PM – 1:45PM

Break and Vendor Visits

1:45PM – 2:30PM

Data Loss Prevention and Capabilities Panel

Data loss prevention (DLP) is a process for protecting sensitive data at rest, in-transit, and on endpoints to reduce the likelihood of data theft or unauthorized exposure. DLP solutions aim to prevent sensitive data and confidential information from being stored, used, or transferred insecurely.

Many organizations have invested in the top data loss prevention tools to protect their on-premise information from theft or loss, and comply with data privacy and compliance laws. However, most of these solutions are designed to protect data in file servers or email, and therefore don’t address today’s cloud governance and mobile security challenges as data moves to unsanctioned cloud services that are accessed by unmanaged devices.

Our Cloud DLP panel will share strategies from multiple vendors on what differentiates solutions, including Cloud Native options, CASB DLP products, and integration with existing top DLP tools on-premises.

Panelists:

Srini Gurrapu, Cloud Evangelist, MacAfee

Carmine Clementelli , Senior Manager Product Marketing – Information Protection, Symantec

Sean Cordero, Vice President Cloud Security, Netskope

1:45PM – 2:30PM

Software Defined Perimeter

Security needs to be redefined as an approach that programmatically secures resources in an enterprise or in the cloud in predictable, controlled and cost effective manner. Disruptive technologies like SDN, Cloud, Server virtualization are exploding and are already challenging Security. Security controls are required to be portable and should be programmed into networks, hosts, VMs and client machines, it needs to be everywhere and follow the source no matter where the client moves. With growing number of threat and huge number of events per day it is not humanly possible in future to create cases, analyze and take corrective actions. We need technology that can learn bad behavior and predict threats without being explicitly programmed. Logical policies are desired as compared to physical configurations.

1:45PM – 2:30PM

Your Device Is My Miner

The dramatic increase of crypto currency price reshaped cybersecurity landscape, dedicated devices are created to mine crypto currency, malware authors target both dedicated miners, and convert IoT devices into miners. This presentation describes the economy of crypto currency and how IoT security's role in this booming area.

2:30PM – 2:45PM

Break and Vendor Visits

2:45PM – 3:30PM

Panel Discussion: Do you know where your code is and what's in it?

Is your Source too Open? As we further adopt open source and move towards the future of serverless and containerized workloads, have we opened the doors too far? This is a panel discussion talking about some of the pitfalls and simple steps to avoid when working with open source and containers.

Panelists:

Carmichael Patton, Senior Program Manager, Microsoft

Sam Vaughan, Senior PM at Microsoft Customer Security & Trust Secure Open Source Initiative.

2:45PM – 3:30PM

Hardware Enforced Crypto for Securing Blockchain Credentials and Transactions

Blockchain technologies have been developing rapidly but how to protect user data and credentials on the blockchain remains big challenge. This talk shows how hardware enforced crypto technology such as Intel SGX can be leveraged to design a hardware hot wallet which maximizes the protection on private keys of blockchain users while maintaining great usability. A live demo will be shown to illustrate how security and usability are both achieved with the design.

2:45PM – 3:30PM

Ripping out the SIEMs: Security at Hyperscale

At Microsoft, we defend millions of machines storing and processing customer mission critical data with teams of analysts across the globe. The classic security solution is to use a SIEM, but that collapses under volume and scale. We spent years designing and implementing a hyperscale, highly distributed security monitoring system and YOU CAN DO IT TOO. In this talk we walk you through how to achieve true real-time notifications (seconds between event and alert) and a highly agile, interactive query experience for your analysts. The core of the design pattern we describe is Apache Storm (a mature open source technology), and a store-and-query system. We used Kusto, a new proprietary technology, but other open source systems such as BigTable, Elastic Search, Splunk or others will work equally well.

3:30PM – 3:45PM

Break and Vendor Visits

3:45PM – 4:30PM

Best Practices for Securing Cloud Deployments

In the cloud, the difference between a well secured application and one vulnerable to attack can come down to a few simple choices made by a developer or operations engineer. Matt will describe the best practices he recommends for keeping cloud deployments secure, and how implementing these controls can ruin a pentester’s day. While the discussion will focus on Azure, most of these suggestions are applicable to all public cloud users.

3:45PM – 4:30PM

Machine Identity in the Cloud: DevOps: Fast, Secure and Trusted Certificate Management

There are two actors on a network, Humans and Machines. “Humans” are identified by passwords; “machines” are identified by digital certificates and SSH Keys. IAM programs typically focus on managing usernames and passwords. They are challenged in the areas of managing certificates and keys for Machine Identity Protection, which are used for authentication, integrity and encryption. In a Cloud-first, transformational and fast IT organization, the security and management challenges are exacerbated and are at a high risk for breach, non-compliance and/or business outage. The focus of this presentation will be to introduce Machine Identity Protection and enabling InfoSec, DevOps, and IT Operations to easily obtain, deploy and manage SSL/TLS certificates to cloud infrastructure, containers and applications.

3:45PM – 4:30PM

Early Experience with the CSA Code of Conduct for GDPR

Mr. Stocker will discuss early experience with the CSA Code of Conduct in the context of assessing a major Cloud Service Provider. We will cover challenges, wins, and lessons learned.

4:30PM – 5:00PM

Closing Keynote: The Security Professional's Guide to Threats in the "Cloud" Galaxy

At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges. The development of the cloud service model delivers business-supporting technology more efficiently than ever before. The shift from traditional client/server to service-based models is transforming the way technology departments think about, designing, and delivering computing technology and applications. However, the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging. This presentation aims to provide individuals with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.

5:00PM – 7:00PM

Conference Wrap, Raffle Prizes, Networking Social with Appetizers and Drinks