Snehal Contractor is responsible for Worldwide Systems Engineering and Technical Service at Stellar Cyber. He is an engineering professional with over 30 years of experience in technical sales, marketing, and management. Snehal has worked for startup companies such as Netscreen, Palo Alto Networks, Riverbed, Fortinet, Aerohive, Cisco, and USRobotics. During his tenure at these companies, he has supported the largest Service Providers and System Integrators globally. Some of the accounts he has supported are Accenture, Dimension Data, Verizon, French Telecom, ATT, Forsythe Security, and Sprint; these accounts eventually became the top partners for his company. Snehal is called upon to be a trusted consultant to on-board these global partners from business development to complete technical enablement. Snehal earned his Bachelor of Science in Electrical Engineering and Computer Science from University of Illinois.
About the Event
FutureCon Events brings high-level Cyber Security Training discovering cutting-edge security approaches, managing risk in the ever-changing threat of the cybersecurity workforce.
Join us as we talk with a panel of C-level executives who have effectively mitigated the risk of Cyber Attacks.
Educating C-suite executives and CISOs (chief information security officers) on the global cybercrime epidemic, and how to build Cyber Resilient organizations.
“Cybersecurity is no longer just an IT problem”
Gain the latest knowledge you need to enable applications while keeping your computing environment secure from advanced Cyber Threats. Demo the newest technology, and interact with the world’s security leaders and gain other pressing topics of interest to the information security community.
The FutureCon community will keep you updated on the future of the Cyberworld and allow you to interact with your peers and the world’s security leaders.
For sponsorship opportunities email email@example.com
It is an honor and a privilege to serve as the Chief Information Security Officer of an iconic global brand that has a deep, cherished, always-on connection into communities everywhere. Information Security at 7-Eleven focuses on maintaining and enhancing an industry-leading, comprehensive and cohesive security fabric around our business value drivers in a customer-obsessed manner. The 7-Eleven Information Security organization brings together the various technical domains within Information Security with the force multipliers of Governance, Risk and Compliance as well as Data Protection to facilitate unified accountability and expedient action.
I came to 7-Eleven from Symantec’s Consumer Business Division where I had the honor of driving a global security engineering portfolio. Prior to joining Symantec via the LifeLock acquisition, I spent 5 years at NetApp, and over 10 years with Intuit; after working with the information security and risk management teams at Ernst & Young and KMPG. I have been responsible for leading key security initiatives that helped integrate security into the culture of the company and extend the brand into global markets. It has been a great honor to lead NetApp’s ISO27001 recertification, speak at NetApp’s conferences in Berlin and Tokyo and be a recipient of Intuit’s Innovation Award. At Ernst & Young and KPMG; I was responsible for developing risk mitigation strategies primarily for Fortune 500 clients in the financial and technology sector.
My focus is on maturing the organization’s security posture by driving execution to a well-socialized and accepted security strategy that benefits internal and external stakeholders through a pragmatic mix of building cross-organizational relationships and developing people managers. I have a Masters degree in Electronics Engineering and am a Certified Chief Information Security Officer (C|CISO), a Certified Information Security Manager (CISM) as well as Certified in the Governance of Enterprise IT (CGEIT). Most recently, I was fortunate to learn about organizational leadership at global scale, with a focus on innovation and cybersecurity; from my professors and colleagues at the Haas Business School in UC Berkeley.
I support the local and global security community by contributing to non-profit security organizations in a leadership capacity, offering mentorship and being an executive sponsor for key initiatives like Women in Technology, hiring veterans and academ
CISO/Industry Leader Panel
“Cybersecurity Leaders and Experts on Current Cyberthreats and Practices”
Premier Platinum Sponsors
Times are subject to change
Opening Introductions | Check In | Networking
How to Build an Insider Threat Program
Sometimes just having a SOC isn’t enough to address insider threat issues. Security operations teams are managing massive amounts of data across billions of events from on premises to the cloud. Looking for specific needles like insider threats in this complex haystack has special requirements that encompass both searching historic data and seeing evolving credential behavior changes as they happen.
Whether from downsizing or expanding the business, employees, vendors, contractors, and more are moving in and out of your environment. And often, it is during turbulent times that insider threats go unobserved as everything changes so quickly. Insider threat initiatives require a new, more focused approach.
This presentation will explore:
- The common scenarios that indicate you need an insider threat team, how to build a mission statement, and tools
- Four attributes of a successful insider threat program
- How behavioral analytics baseline “normal” behavior of users and devices – showing risk faster
- An automated investigation experience that replaces manual routines and effectively guides new insider threat teams
The Future of Cybersecurity Operations
Cybersecurity can be a complex operation, but at its core, it’s made up of two components: people and technology. Although we’ve seen incredible advances in the technology side of things, we need to ensure that that technology acquisition doesn’t amount to another ‘shiny thing’ but empowers the people that operate it. Join Lumu’s Jeffrey Wheat as he shares his vision of what makes up an ideal cybersecurity operation.
The future of cybersecurity tooling: What’s ahead for data collectors, EDR, SIEM, and XDR
Future-proof Security: Myth or Reality?
There is no magic bullet in security. Yet there are many best practices adopted by enterprises across the globe that have proven to allow organizations to mitigate risk and mature their security posture. During this session you will learn about common trends and challenges in cybersecurity and what organizations are doing to keep up and be ready for the future.
"The Use of AI in Information Security"
Cameras, Cabinets, & Controllers: xIoT Security Chaos - A Story of Two Million Interrogated Devices
Purpose-built IoT, OT, and network devices that are connected and disallow the installation of EDR software are part of a massive, rapidly growing category of targets that nefarious actors are exploiting. Attackers can use them to evade detection and maintain persistence. Nation-states, cybercriminals, and insiders have discovered that these devices can be easily compromised and used for a wide variety of malicious purposes.
Countries like Russia have developed tools like Fronton that are specifically designed to attack and control these device types. Some common devices from countries like China have even been banned because they ship with malware preinstalled from the manufacturer.
We’ve been researching IoT, OT and network device security for over five years across millions of devices and hundreds of organizations worldwide. This is unique research that isn’t being conducted by any other organization at this scale. This presentation will share several discoveries across device visibility, vulnerabilities, and exploits. The research calls out the most exploited device types, explores multiple war stories, and illustrates methods to mitigate the risks.
These purpose-built devices are being turned against us and becoming a new cybersecurity frontline across the enterprise, smart cities, buildings, and ships, healthcare providers, manufacturing, defense, our homes, and more. Compromises are impacting the physical world by unlocking our doors, shutting down power, and spying with audio and video surveillance. Attackers can use these devices to mine cryptocurrency, conduct DDoS attacks, and engage in ransomware as well as and move laterally to compromise our IT and cloud-based assets.
We don’t know what devices we have, so we don’t know what to fix. Even if we knew what to fix, it would be impossible to do so manually because of the scale. If we did fix it, we don’t have anything in place to ensure things stay fixed. This is leaving our IoT, OT and network devices at risk along with IT and cloud-based assets. These are our devices, and it’s time to take back control from the attackers.
Building Cyber Resilience By Prioritizing 24/7 Threat Detection and Response
In today’s threat landscape, security leaders must shift their focus to improving their cyber resilience. The ability to anticipate, withstand, recover from, and adapt to the evolving cyber threats will dictate how well-equipped your cybersecurity program is at defending against these threats. However, given the lack of skilled in-house security resources, it can be challenging to balance the number of incoming security alerts with delivering swift response to eliminate known and unknown threats.
In this presentation, join Brent Feller, Director Solutions Architect at eSentire, as they share insights on how you can leverage 24/7 threat detection, investigation, and response capabilities to reduce your cyber risk, build resilience and prevent business disruption.
Key takeaways include:
- How to assess, understand, and quantify your cyber risks
- Why you should shift your focus to building cyber resilience in addition to managing your cyber risks
- How proactive threat hunting, combined with 24/7 threat detection and response, are critical in developing a strong cyber defense strategy
Zero Trust – What’s Holding You Back?
We’ve reached a bit of a post-COVID era plateau, where the new normal is represented by a diverse workforce using multiple devices from an endless variety of locations. The modern organization must be able to provide secure access to applications, infrastructure, and information across the internet from any device or location.
In this talk we will discuss:
› What can a zero trust approach accomplish?
› Real and imagined barriers
› Achieving zero trust project wins
› Getting Started
ChatGPT and its Implications for Cybersecurity
How to be Successful with SecOps in a Downturn
SecOps groups are challenged more than ever as budgets tighten and cyber-threats continue to rise unabated. Ideally, SecOps should be a way to safely and confidently enable your security group (and your whole organization) to run leaner and more efficiently. Metrics are the foundation for SecOps, but you have to ensure that those metrics tell the real story, rather than keeping your analysts frustrated by chasing meaningless alerts. To do this, you need to assess your detection and response tools and move to a more holistic platform that integrates with your firewall, as an example, and gives you all of the metrics across your attack surface in one pane of glass, detects even the most complex attacks, and presents contextual information about exactly how to respond. And responding to attacks should mean more than locking down assets – when your analysts respond, the platform should enable them to create playbooks so the platform can automatically prevent similar scenarios from having any impact at all. We will cover these ideas in this session and give use case examples of how to succeed.