Be on the offensive—hear and learn from real-world, like-minded security practitioners and get the latest insights on cybersecurity strategies, practices and solutions to combat today’s current and emerging trends. INsecurity will feature two conference tracks: Strategy and Operations & Practices. 

See below for the track sessions we've lined up so far. Stay tuned as we add more in the coming weeks. 

Operations and Practices

  • An in-depth look at best practices, tools, and techniques for maximizing your enterprise’s cybersecurity efforts.
  • Provides practical, peer-level instruction and discussion on core practices such as security administration, managing service providers, encryption, authentication, and data leak protection.
  • Recommendations on how to improve security operations and the day-to-day practices and technologies that make data defense work, including: incident response, user provisioning, cloud security, patch management, mobile security, identity and access management, threat intelligence analysis, security operations, and secure software development.

Rodrigo Montagner | CEO, OM2 TECH Consulting

Managing Enterprise IT and specifically cyber defense internationally can be very challenging. In this session we explore a few examples of international IT deployment for cyber defense topics throughout the Americas and Europe IT Environments.

We’ll maneuver possibilities on how to deploy and assure a Cyber Defense protocol, web content, device management, device audit and so forth, having finance or budget restrictions driven by high taxed IT products in Central and South America and some EU countries, and explore creative possibilities for doing more with embodied and assertive results.

It will specifically explain operational cases encompassing an orchestration of core/edge switch, IPS system, web-content management, Wi-Fi Mac address-controlled environment, Endpoint Asset Inventory and Event Monitoring, Endpoint Active Monitoring optimizing global tools and its capacities, saving up to 80% of in country IT budgets for Enterprise Businesses globally.

Advice and best practices for IT International Management in harsh environments will be also shared.

Brian Genz | Threat Hunting Lead and Senior Engineer, Northwestern Mutual

There are three common challenges for defenders: a shortage of qualified information security professionals, a high volume of security alerts with varying degrees of fidelity, and a dynamic threat landscape rapidly evolving toward sophisticated, automated attacks.

Security Orchestration, Automation and Response (SOAR) enables defenders to operate at attacker speed by codifying detection and response expertise into automation playbooks. This presentation will explore the core components of SOAR, the skills required to design and implement it in your organization, and common use cases focused on detection & response, threat hunting, and threat intelligence. We will also outline potential opportunities for security control testing in a defense-in-depth environment.

We'll use a case study approach, distilling lessons learned into actionable recommendations.

Attendees will learn:

  • How SOAR enables the organization to improve detection and response
  • How Security Orchestration, Automation and Response can become a productivity multiplier for defenders
  • How SOAR functions as the "connective tissue" between tools in your existing security stack
  • The critical role that skilled information security professionals play in this activity
  • How SOAR provides a mechanism for highlighting visibility gaps, thereby driving instrumentation and security architecture decisions
  • Lessons learned from implementing SOAR in the Scaled Agile Framework (SAFe) 
  • How SOAR can provide unique opportunities to build meaningful metrics and reporting strategies

Harry Perper | Chief Engineer, MITRE

Managing user access in organizations requires frequent changes to user identity and role information and to user access profiles for systems and data. Employees using these various identity and access management (IdAM) systems may lack methods to coordinate access across the corporation effectively to ensure that IdAM changes are executed consistently throughout the enterprise. This inconsistency is inefficient and can result in security risks. The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) addresses the challenge to provide a more secure and efficient way to manage access to data and systems.

This session session will describe the reference design and an example implementation for this problem that utilized commercially available products. The approach delivers an Access Rights Management (ARM) system that coordinates changes throughout the organization, thereby reducing the risk of unauthorized access caused by malicious actors or human error. Based on risk analysis, this design is intended to help companies gain efficiencies in ARM, while saving money and time during the research and proof-of-concept phases of a project. This session will present an architecture for implementing ARM that improves the control of user access information using automation. It also quickly identifies unapproved changes such as privilege escalations by including multiple methods of monitoring the user access information repositories (directories).


The NCCoE developed an ARM system that executes and coordinates changes across the organization ARM systems to change employee access for all data and systems quickly, simultaneously, and consistently, according to corporate access policies. The example implementation provides timely management of access changes and reduces the potential for errors. It also enhances the security of the directories. Generally, an ARM system enables a company to give the right person the right access to the right resources at the right time. 

Jessica Bair | Senior Manager, Cisco Systems, Inc

This hands-on lab (bring your own laptop) will be an interactive session on the latest ransomware trends, as well as how to defend your enterprise against this threat. Attendees will understand how ransomware operates, what are the attack vectors and what are the commonalities between variants. They will learn the skills to find and track new ransomware with dynamic analysis of behavior, and what is the sophistication of the perpetrators.

This session will explore traits of highly effective strains of self-propagating malware, as well as advances in tools to facilitate lateral movement. Ransomware as we know it today has a sort of "spray and pray" mentality; they hit as many individual targets as they can as quickly as possible. Typically, payloads are delivered via exploit kits or mass phishing campaigns. With few notable exceptions, data loss was mostly a side effect of malware campaigns. Most actors were concerned with sustained access to data or the resources a system provided to meet their objectives. Ransomware is a change to this paradigm from subversion of systems to outright extortion; actors are denying access to data and demanding money to restore access to that data.

Strategy

  • Covers the “big picture” of running the security effort, including architecture, risk measurement/management, orchestration, staffing/budgeting, security awareness, legal and insurance issues, and other overarching issues.
  • Advice and recommendations on how to build a holistic defense and a comprehensive strategy for defending enterprise data from experts.
  • Provides insight on the latest industry and regulatory trends affecting cybersecurity, such as GDPR compliance, cyber insurance, and legal liability. 

Robert LaMagna-Reiter | Senior Director, Information Security (CISO), First National Technology Solutions

In a cloud-first era, enterprises are continually enhancing technology to keep up with customer demands. With new, faster and more functional technology comes expanded information security & risk management complexities. In order to bring order to chaos, it's critical to understand how to secure a multi-cloud model, build a repeatable operation model & not break the bank. Learn how to fine tune your security initiatives to effectively cover your most important assets without compromising data or your budget. Put your existing security processes & solutions to work protecting your data from multi-cloud environments and digital initiatives to container and application development platforms.

Expensive hardware & datacenters are quickly becoming less-desirable to own and operate. Organizations have realized they need to realign their IT skillsets to take advantage of the cloud & automation shift. Learn first-hand how enterprises are taking an active role to adjust their security services to meet regulatory, customer and business demands, as well as leveraging calculated risk to improve the efficiency and effectiveness of the security program.

John Bass | Director, Global Data Risk, Duff & Phelps

In organizations, employees, customers and vendors now expect to be able to interact dynamically with core systems. Therefore, the enterprise needs to be concerned about its entire ecosystem of partners and their associated cyber risks. In that regard, the cyber security supply chain and vendor risk is critical. One important aspect is not to overlook the human element in cybersecurity risk. A large percentage of major breaches have a human dimension, whether unwitting – someone clicked on a weaponized link because of a lack of training -- or witting – a trusted contractor deployed a Trojan device to a conferencing telephone.

Yet often, we are uncomfortable talking about people and prefer to veer discussion back to technology. Much cybersecurity vulnerability lies in this disconnect between studying only the technical issues, and ignoring the human dimensions of the problem. The modern corporation can't hope to secure itself simply by endlessly hardening the shell with more and more technology working to build a moat around itself. In this session, John will discuss a holistic approach to cybersecurity, examining both the technical and human elements of risk, for a comprehensive corporate security program including c-suite engagement on cyber risks.