Detroit SecureWorld

2016 Agenda

June 1-2, 2016

October 27, 2016

March 29-30, 2016

February 11, 2016

September 8, 2016

September 27-28, 2016

October 5-6, 2016

September 14-15, 2016

May 11, 2016

May 4, 2016

April 20-21, 2016

June 9, 2016

November 9-10, 2016

October 18-19, 2016

Open Sessions
Conference Pass
SecureWorld Plus
VIP / Executive
View All

Day 1

  • 7:00am - 3:00pm14 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am14 Executive Advisory Council Breakfast: Benchmarking and Best Practices - (VIP / INVITE ONLY)

    Executive Advisory Council Breakfast:Dr. Larry Ponemon will facilitate a problem solving discussion about the changing threat landscape and insights from the Institute’s latest research.
    VIP / INVITE ONLY

    Room: Lookout
    3
    Larry Ponemon
  • 8:00am - 9:30am14 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    Room: 203A
    2
    Dan Lohrmann
  • 8:00am - 9:30am14 SecureWorld Plus: Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    Room: 106
    2
    Larry Wilson
  • 8:30am - 9:15am14 Challenges In Our Hyper Connected World - IoT, SCADA and Cyber Physical Risks.

    With the explosion of the Internet of Things and its billions of inter-connected cyber physical devices and the connectivity of SCADA and similar systems with the Internet, we must now face adversaries who not only steal information but manipulate the behavior of devices and systems. This presentation will discuss the particular challenges in securing cyber physical systems.

     

    Room: 105
    1
    Barbara L. Ciaramitaro
  • 8:30am - 9:15am14 Contracts: A Focus on Security & Related Clauses

    Security and privacy are major considerations when entering into technology agreements. Managing risks is key. IT Attorney Kathy Ossian will discuss security and related clauses in common technology agreements from both the tech provider and user perspectives.

     

    Room: Theater
    1
    Kathy Ossian
  • 8:30am - 9:15am14 Dude, Where's My Car?: The Increasing Hackability of the Vehicle

    As time passes, vehicles have become increasingly complex. This includes not only the mechanical apsects of the vehicles, but also the cyber/digital inter-relationships between the vehicular network, data flow, and endpoints. This presentation will explore the origins of this, present and projected future vulnerabilities, and issues with models.

    Room: Suite 3
    1
    Charles Parker, II
  • 8:30am - 9:15am14 Risk Management, the Basis For Your Security Program

    Many small to mid-sized companies do not have a formal risk management function. Information Security should be anchored in a solid risk management function. This lesson will discuss some of the imperatives for standing up an IT risk management function to form the foundation for an efficient information security program.

    Room: 101
    1
    Christine Wheaton
  • 8:30am - 9:15am14 Social Aftermath - Responding to Social Engineering Incidents

    Many social engineering talks focus on the exploitation of trust relationship and the resulting compromise of corporate and personal assets. However, what happens after the pwnage is done? This session opens with the aftermath of a successful social engineering engagement on a major automotive financing company. Attendees will learn of the methodical analysis of the interactions which led to the compromise of customer information as well as employee and executive network credentials. The case study also illustrates how this organization was able to use the forensic analysis of social interactions to enhance its customer service business processes. This information was also used to enhance employee engagement in protection information with associated touchpoints. Most importantly, they transformed customer care to frustrate social engineers while enhancing the experience of their customers.

     

    Room: 103
    1
    Steven F. Fox
  • 9:00am - 3:00pm14 Exhibit Floor Open

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    Room: SecureWorld Exhibit Floor
    0
  • 9:30am - 10:15am14 OPENING KEYNOTE: The Cost and Consequences of the Insider Threat: What the Latest Ponemon Institute Research Reveals

    The actions of Imposters, negligent and malicious insiders can have significant financial and reputational consequences for companies. Most companies, according to recent Ponemon Institute research, admit they have failed to detect a data breach involving the loss or theft of business-critical information. They also believe it is highly likely that one or more pieces of information critical to the success and competitiveness of their companies is now in the hands of a competitor. In this session, Dr. Larry Ponemon will quantify the cost of the insider risk, why the threat is serious and how to secure business-critical information in the workplace.

    Room: Keynote Theater
    0
    Larry Ponemon
  • 10:15am - 11:15am14 Conference Break / Exhibitor Product Demonstration Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 11:00am - 12:00pm14 Advisory Council Roundtable: Identity is the New Firewall - (VIP / INVITE ONLY)

    VIP / INVITE ONLY

    Room: Executive Boardroom
    3
  • 11:15am - 12:00pm14 Establishing a Quality Vulnerability Management Program Without Wasting Time or Money

    This talk will cover all the necessary pieces for creating a successful vulnerability management program: selling the story to management, picking the best tool for your environment, evaluating the cost and advantages of in-house vs. professional services, creating a complete runbook, establishing report templates and metrics, mistakes to avoid, dos and don'ts, and tips. Also included is how to run red team/blue team exercises to demonstrate efficiency.

    Room: Suite 3
    1
    Zee Abdelnabi
  • 11:15am - 12:00pm14 Of Apples and Bears: A Lawyer's Look At InfoSec 2016

    It has been the year of the debate - about encryption back-doors, use of personal servers, and sharing of indicators of compromise. This session will discuss the lawyer's view of the cybersecurity issues associated with these and other topics.

     

    Room: 105
    1
    Melissa Markey
  • 11:15am - 12:00pm14 Protecting Payments with PCI

    Learn about new updates to the PCI Data Security Standard (PCI DSS),including SSL migration and how this impacts organizations’ security programs and planning. The presentation will also cover initiatives and resources from the PCI Council to protect emerging payment channels and growing risk areas, including e-commerce and mobile.

    Room: Theater
    1
    Troy Leach
  • 11:15am - 12:00pm14 Radware: Cyber War Chronicles - Stories From the Virtual Trenches

    The first half of 2016 saw a continuation of some cybersecurity threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cybersecurity.

    Room: 103
    0
    Ben Desjardins
  • 11:15am - 12:00pm14 Trend Micro: The Trends within the Cyber Threat Landscape in 1H 2016

    The evolution of the TTP’s or Tactics, Techniques and Procedures in cybercrime in the 1H of 2016 based on threat intelligence derived from Trend Micro’s global Smart Protection Network™ with focus on ransomware and other key threats.

    Room: 101
    0
    Jon Clay
  • 12:00pm - 1:00pm14 Advisory Council Roundtable Lunch: Embracing the Risk - (VIP / Invite Only)

    Advisory Council - VIP / INVITE ONLY
    Lunch Served at Noon

    Room: Executive Boardroom
    3
  • 12:15pm - 1:00pm14 LUNCH KEYNOTE: Optiv - Beyond the Security Team: The Economics of Breach Response

    Breaches are expensive. So expensive that cyber insurance coverage is often lacking. This presentation explores the economics of breaches, the differences between breach and incident response and how you can align your security team’s goals with company values.

    Room: Keynote Theater
    0
    Dawn-Marie Hutchinson
  • 1:15pm - 2:15pm14 Panel: After The Hack

    According to a Duke University survey, more than 80% of U.S. companies have been successfully hacked. It’s more important than ever for companies to have an incident response program in place to reduce damages, recovery time and costs in case of a security breach. Join our experts as they discuss challenges security teams face, tools and proven initiatives, and guidance in creating a program that will work for your organization.

    Kevin Murphy, RSA

    Jon Clay, Trend Micro

    Aaron Moffett, VioPoint

    Ryan Vela, Fidelis

    Dawn-Marie Hutchinson, Optiv

    Moderator: Bill Trasfer

     

    Room: Suite 3
    0
  • 1:15pm - 2:15pm14 Panel: Current Threatscape

    Cybersecurity threats change and evolve daily. In today’s world, knowing the latest tactics can make the difference in keeping your company safe. Join industry leaders as they discuss the latest threats, trends and ways to stay ahead of cyber-attacks.

    Ben Desjardins, Radware

    Paul Fletcher, AlertLogic

    Sean Keef, Skybox

    Larry Knowles, Netscout

    Moderator: Larry Wilson

    Room: Keynote Theater
    0
  • 1:15pm - 2:00pm14 Venafi: Protecting The Foundation of Online Security

    New threats target the trust provided by keys and certificates, and allow bad guys to look legitimate so they can surveil networks,stay undetected, steal data and bypass other security systems. It’s becoming mission critical to have visibility into and control of key and certificate inventories, enterprise wide, especially given most other IT security technologies depend on the trust they provide.

    Room: 103
    0
    Jeff Lauer
  • 2:15pm - 3:00pm14 Conference Dessert Break / Exhibitor Product Demonstrations Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm14 OpenDNS, Part of Cisco: How to Block Threats Before, During & After an Attack

    Achieve the multiplier effect by combining Cisco AMP with OpenDNS Umbrella. Detect and block malicious domains and files for maximum threat protection.

     

    Room: 103
    0
    Jeremy Linden
  • 3:00pm - 3:45pm14 Panel: Locking Down the Endpoints

    In a bring-your-own-device (BYOD) world, our mobile workforce creates a whole new set of challenges when securing all access points. BYOD, while convenient, can make implementing and enforcing security policies next to impossible. Join our industry leaders as they discuss the latest technology, training and trends for securing all endpoints.

    Gregory Richardson, Intel

    Mark Stanislav, Rapid7

    Che Bhatia, Data Partner

    Adam Hogan, CrowdStrike

    Don Doyle, WWT

    Moderator: Matthew Engler

     

    Room: Suite 3
    0
  • 3:00pm - 4:30pm14 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    Room: 203A
    2
    Dan Lohrmann
  • 3:00pm - 4:30pm14 SecureWorld Plus: Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    Room: 106
    2
    Larry Wilson
  • 3:00pm - 3:45pm14 You Don't Know Cyber Insurance

    It is a good time to be in cybersecurity and cyber liability. The insurance market is thriving with premiums expected to reach $7.5B over the next three years. The speaker will cover the evolving world of coverage and services being offered in today’s high risk business environment.

    Room: Theater
    1
    David Derigiotis
  • 3:00pm - 3:45pm14 You Want to Put What in the Cloud? Security Issues to Consider

    This presentation will provide the practitioner’s view of how to evaluate cloud security risks when your company wants to place data in the cloud, insight into the process of evaluating the cloud provider’s security posture, and insight into the process of working through the risks associated with placing Personally Identifiable Information (PII) in the cloud. We will also discuss the role of vendor reviews in managing cyber risk.

    Room: 101
    1
    Dr. Faith Heikkila
  • 3:45pm - 6:00pm14 Optiv & Partners Happy Hour

    Enjoy happy hour with Optiv and partners. Complimentary cocktails and hors d'oeuvres, great opportunity to mingle with other security professionals, and the perfect way to wind down after day one SecureWorld.
    Location: The Outlook (Inside the Ford Motor Conference & Event Center on the 2nd Floor)
    Register Here

    Room: The Lookout (Ford Motor Event Center - 2nd Floor)
    0

Day 2

  • 7:00am - 3:00pm15 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am15 InfraGard Breakfast Meeting - Members Only

    InfraGard Chapter Meeting for members only
    Continental Breakfast Served

    Automobile Hacking & Security

    Room: Keynote Theater
    3
    Robert Leale II
  • 8:00am - 9:30am15 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    Room: 203A
    2
    Dan Lohrmann
  • 8:00am - 9:30am15 SecureWorld Plus: Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    Room: 106
    2
    Larry Wilson
  • 8:30am - 9:15am15 Cybersecurity: A New Paradigm

    The last few years we have seen a failure of traditional security techniques in preventing massive data breaches. What have we learned from these breaches and what can be done to improve the effectiveness of cybersecurity? This session will explore alternatives to current perimeter based security measures in order to reduce the new threats.

    Room: 103
    1
    David Barton
  • 8:30am - 9:15am15 Data Breach Digest - Scenarios from the Field

    Many data breach victims believe they are in isolation. To us, few breaches are unique. A small number of 'common' breach scenarios comprise the majority of our investigations. The Data Breach Digest and its 18 scenarios illustrate how data breaches work and together prescribe a recipe for prevention, mitigation, and response.

     

    Room: Suite 3
    0
    Mark Rasch
  • 8:30am - 9:15am15 Information Security Governance

    How do organizations go from a reactive, security product purchasing state of mind to a pro-active risk based state of mind ensuring security posture of the organization? People, Process, Partnerships then Technology. So often Information Security is thought of a product tools centric initiate with code running in the background in a dark room where the business has no idea what’s going on. Buying products to monitor, alert and respond to threats and vulnerabilities and keep the fraudsters at bay keep organizations in a reactive state rather than proactive state. Many organizations implement products and services to keep risk at a minimum but alternatively opens the organization up to more risk by not aligning with goals objectives of the enterprise, not risk based focused, not reviewing logs and alerts coming from security applications, too many solutions, security management system focused on the wrong risks.

     

    Room: 105
    1
    Christopher Mandelaris
  • 8:30am - 9:15am15 The Essential Elements of a Secure SDLC

    Data breaches are in the news daily. IT Auditors are asking questions the development team can't answer. The CIO is asking you for answers. What are you doing to educate your dev. teams, secure your applications and keep your company off the front page of tomorrow's Wall Street Journal? Join Cyber Security Specialist, Chris Sorensen, as he explores "The Essential Elements of a Secure SDLC."

    Room: Theater
    1
    Chris Sorensen
  • 9:00am - 3:00pm15 Exhibit Floor Open Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 9:30am - 10:15am15 OPENING KEYNOTE: The Fourth Amendment and Seizing Cell Phone Location Tracking

    Cell site location information has proven to be highly useful to police. Given the private nature of such records, however, what level of proof should law enforcement be required to show in order to get such information? This presentation will explore the present state of the law and will offer reflections on the future.

     

    Room: Keynote Theater
    0
    Patrick Corbett
  • 10:15am - 11:15am15 Conference Break / Exhibitor Product Demonstration Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 11:00am - 12:00pm15 Advisory Council Roundtable: After the Hack - (VIP / Invite Only)

    Advisory Council - VIP/Invite Only

    Room: Executive Boardroom
    3
  • 11:15am - 12:00pm15 Arbor Networks: History has Taught Us Nothing: Why Security Cannot Learn from the Past

    Security bucks the system when it comes to learning from our past. New attack patterns and threat types seem to come out of nowhere. No matter what we have learned from past mistakes and threats, we are never ever prepared for what is next…at least until now.

    Room: 105
    1
    JP Blaho
  • 11:15am - 12:00pm15 Centrify: Half Protected is Half Not – Platform Approach to Securing Enterprise Identities

    Discover the new way to protect against the #1 point of attack in data breaches defend both end users & privileged users with a single platform solution centralize authentication, authorization, policy, and auditing for IT resources establish Identity as the new perimeter across cloud, mobile, and data center.

    Room: 103
    0
    Shad Gunderson
  • 11:15am - 12:00pm15 Check Point Software: Tales From the Trenches

    With cyber criminals picking up tricks and tactics from nation-state adversaries and vice-versa, the techniques and tools of the malware trade are evolving to become ever more evasive. Bob Vish from Check Point Software Technologies shares real stories of targeted attacks, unmasks previously unknown campaigns and attacker groups, and provides insight on what to do about them.

    Room: Theater
    0
    Bob Vish
  • 11:15am - 12:00pm15 Gaining Better Visibility into Risk- The Future of GRC

    In this session, we will be discussing the general achievements and failings that clients have experienced utilizing GRC platforms and processes, where the market is headed, and how integration of different data sources and risk correlation techniques are starting to be utilized to get a better picture of risk.

    Room: 101
    1
    Brian Gawne
  • 11:15am - 12:00pm15 Panel: Michigan's CyberPatriot Program

    "Homegrown Cyberwarriors-Panel" CyberPatriot a middle and high school cyber defense competition has been picked up by MCISSE. Since 2005, MCISSE has been promoting implementation of security courses in K-12, Community Colleges, Universities and governmental training across the Midwest. Our members are leading academic, governmental and industry researchers and practitioners that come together to share their ideas. Help us guarantee that we have a steady stream of young people entering the exciting field of Cyber Security!
    Panelists:
    • Gen. Michael Stone
    • James Ratzlaff
    • Marrci Conner
    Moderator: Tamara Shoemaker

    Room: Suite 3
    1
    Michael A. Stone
  • 12:00pm - 1:00pm15 Advisory Council Roundtable Lunch: Manage the Damage - (VIP / INVITE ONLY)

    Advisory Council - VIP/Invite ONLY
    Lunch Served at Noon

    Room: Executive Boardroom
    3
  • 12:00pm - 1:00pm15 ISSA/(ISC)2 Chapter Meeting: Evolution of a Cyber Incident Response Capability - Open to All Attendees

    Join the ISSA/(ISC)2 chapter meeting - Open to all attendees.

    Every Company Is at Risk

    Every company around the world is at risk. Risk of having their proprietary and intellectual property fall in the wrong hands, risk of losing personal identifiable information (PII), risk of losing confidential client records, litigation, and the list goes on. How do we address this crisis? First, we measure the overall risk to the organization. The majority of breaches occur as a result of phishing emails which will be the topic of the upcoming presentation.

     

    Room: Lookout
    0
    Stephanie Scheuermann
  • 12:15pm - 1:00pm15 LUNCH KEYNOTE: Radware The Current Economics of Cyber Attacks

    Often we discuss the changing threat landscape from a pure technical or vulnerability picture, however this does an injustice to element of ease, cost and access to attacks. This presentation will provide attendees with the an up-to-date picture of the rapidly changing landscape of attack tools and services, the buying criteria, and locations for the tools and ease of use. In addition, the presentation will provide an understanding of how the combination of the proliferation of these tools and their corresponding use has dramatically changed the dynamics of the return on defense strategies. This presentation will provide unique insight into the world of the Darknet, specific customer attack stories, new economic models of measuring security deployments, and a refreshed look at how controls should be deployed going forward.

    Room: Keynote Theater
    0
    Ron Winward
  • 1:15pm - 2:00pm15 Check Point Software Technologies: Breaking the Ransomware Tide

    Experts say that 2016 is going to be the year of ransomware, and it is clearly on the rise. What is the weakest link in cyber security? People—because we entrust personal and corporate data to computers and mobile devices. Are we doing enough to prevent this particularly troublesome type of malware from infecting our devices? Bob Vish from Check Point Software Technologies demonstrates how you can break the ransomware tide.

    Room: 103
    0
    Bob Vish
  • 1:15pm - 2:15pm15 Panel: Emerging Threats

    The number of cybersecurity threats is growing every day forcing the need for thorough security assessment and analysis. Join industry leaders discussing emerging threats in the industry for the opportunity to learn what is next in the future of cybersecurity.

    Jason Georgi, Zscaler

    JP Blaho, Arbor Networks

    Blair Semple, Gemalto

    Moderator: Stephanie Scheuermann

     

    Room: Keynote Theater
    0
  • 1:15pm - 2:15pm15 Panel: You've Got Humans on Your Network

    By far, the biggest security threat facing companies is employees. Everything from weak expiration policies to zombie accounts can put your organization at risk. Education and awareness have never been more important. Join this panel of experts as they discuss the use of technology and smart policies to effectively educate and inform the humans.

    Jason Kent, Qualys

    Chris Lawrence, Proofpoint

    OpenDNS

    Moderator: Dan Lohrmann

     

    Room: Suite 3
    0
  • 2:15pm - 3:00pm15 Conference Dessert Break / Exhibitor Product Demonstrations

    Located on the SecureWorld Exhibit floor.

    Room: SecureWorld Exhibit Floor
    0
  • 2:30pm - 2:45pm15 Dash for Prizes & CyberHunt

    Be sure to leave your business card* with any participating exhibitor. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm15 Critical Security Controls and Business Context: Finding Your Way Through The Woods

    No matter which control set is used as a basis for your security program, choosing what to implement first can be overwhelming. This presentation explores the process of combining CIS Critical Security Controls and business context to optimize the organization’s time, effort, and budget while improving its security posture.

     

    Room: Theater
    1
    Jen Fox
  • 3:00pm - 3:45pm15 Have You Been Breached (How Would You Know?)

    2014 was the year of the breach, while there were many large breaches, average time an attacker was inside the breached company’s network was 201 days. 2015 was the year of collateral damage; Blue Care network 80 million records, Optum 100 million records, Sony breached so many times they quit keeping track. This presentation will talk to the many ways of detecting a breach which have a heavy dependence on personnel that recognize malicious traffic. These personnel have to be well versed on several tools that are used to identify suspicious activity. That information is then feed to a SIEM, which is as good as the personnel that operate and monitor what the SIEM is alerting upon. Just as we think we have all tools, we can reasonably assume the attackers have devised ways to fool these detection tools. What is the next addition to our tool bag as Cyber Professionals to allow us to improve our reaction time to less than 201 days.

     

    Room: 105
    1
    Clark R. Crain
  • 3:00pm - 3:45pm15 How to Implement the NIST Risk Management Framework in Your Organization

    The National Institute of Standards and Technology (NIST) Risk Management Framework is the key to establishing robust and reliable security control over an organization’s technology assets. This presentation will offer a step by step practical explanation of the framework and how to implement it in a conventional business.

    Room: 103
    1
    Dan Shoemaker
  • 3:00pm - 3:45pm15 The State of Security Talent: Job Openings, Salary Data, and Finding and Keeping Top Talent

    We all know there’s a talent shortage, but what does it really look like? We’ll dive into the number of security job openings there are in Michigan and break them down by company and region. We’ll also hone in on compensation, tips for advancing your career, what motivates today’s cyber warriors and why people jump ship.

    Room: Suite 3
    1
    Colleen Riccinto

Session Information

Description:
  • September 14-15, 2016