Daniel Smallwood is a Threat Researcher and Engineer with LiveAction who has spent over 20 years supporting security enterprises in both the federal and private sectors. His experience includes engineering and operations for the USAF CERT, DISA, as well as combatant commands EUCOM/AFRICOM. More recently he has been on the ground floor of several security startups engineering solutions and conducting threat research for Click Security (acquired by AlertLogic), JASK (acquired by Sumo Logic), and IronNet Cybersecurity.
Known for his ability to communicate both technically and conceptually in an authoritative yet entertaining style, Dale “Dr. Z” Zabriskie has consulted with IT professionals across the globe, advising on implementing effective cyber security strategies. He is a CISSP (Certified Information Systems Security Professional), and certified in Cloud Security Knowledge (CCSK).
In his 20-year cybersecurity career, Dr. Z has advised major healthcare, public sector, finance, retail, entertainment, and manufacturing organizations in over fifty countries. He has also been a popular moderator and participant in numerous industry panels. His expertise is supported by career experience in information technology, regulatory compliance, research and development, marketing, and sales.
Before joining Cohesity, Dr. Z was an Evangelist with Symantec for over 16 years. Prior companies include Proofpoint, Veritas, SunGard, and IBM.
I have years of experience in technical support, presenting IT solutions, and sales in a global IT market. I enjoy traveling, meeting, and interacting with different people all around the world. I am highly customer and service-driven and like to build strong relationships with clients.
I am Abdeslam Mazouz. I am originally from Morocco. I moved to the United States in 2010. I pursued a degree in network security because of passion about computer and technology in general. At first it was challenging to balance school, work, and a new family. However, I graduated with a high GPA (3.85) and was offered my first job prior to graduation. Throughout the years, I improved my skills and expertise with each opportunity. I pursued a master’s degree in Information Assurance and Security from Capella University. Their program has been designated as a National Center of Academic Excellence in Information Assurance/Cyber Defense (CAE IA/CD) by the National Security Agency (NSA) and the Department of Homeland Security (DHS). After moving up through several roles in Information Security, I was appointed the Chief Information Security Officer for the City of Minneapolis. This was just a few months before the death of George Floyd and the civil unrest that unfolded after. Little did I know that I would be tasked with the defending the City of Minneapolis against the hacktivist group Anonymous during the weeks following the George Floyd incident. These days, I continue to build and transform the City’s information security programs to be a resilient organization against new threats, work with City leaders to reduce risk, and enable business processes in a secure, streamlined, and easy way. I am passionate about building information security programs and improving existing programs. I enjoy challenging projects in information security and look for the opportunity to use my expertise to help other organizations and contribute to the security community.
As Chief Marketing Officer at Phosphorus Cybersecurity, John’s achieved more than 25 years of experience in high-tech security marketing, strategy, product marketing, product management, and consulting. A serial CMO and security visionary, he has helped build and lead some of the biggest brands in enterprise security, including Solera Networks, Blue Coat Systems, Check Point Software, McAfee, Zscaler, Anitian, ColorTokens, and Anonyome Labs. Throughout his career, John’s been featured at events and conferences worldwide, built an award-winning security podcast titled “Security on Cloud,” and wrote as a featured columnist at SECURITYWEEK, writing about advanced threats and big data security.
Stephen is a Principal Solutions Architect with Thales CPL. Over the past 25 years, his past roles include technical training, software development, vulnerability assessments, and audit and compliance
Adolph Barclift serves as the Chief Information Security Officer for Five Star Bank based in Rochester New York. He leads their information security and compliance functions. His responsibility includes data security operations, vulnerability management, fraud detection and regulatory compliance across heterogeneous operational environments.
He has more than 20 years experience in information systems solution delivery, information security and data visualization.
Accomplished IT & Security executive with a proven record of leading diverse technology teams, implementing and leveraging technology to deliver business value. Strong experience in:
– M&A
– Privacy
– Cybersecurity
– Identity & Access Governance
– Infrastructure Technologies – storage, network, compute
– Cloud Adoption
Sam’s worked for Lift Brands for 4-years. He started as a Systems Administrator while also going to school to get his Master’s in Information Assurance and Cybersecurity from Capella University. He was then promoted to Security Administrator, followed by Information Security Director, and finally Information Security Officer. He is responsible vulnerability management, incident response, reviewing and onboarding new vendors, PCI Compliance, policy review, and risk management. He has been working in IT for 20-years, and has always gravitated toward security.
• Strong leadership skills, including leading executive direction and strategies during high stress CNN events.
• Proven ability to engage business partners, establish effective working relationships, and deliver results across multiple platforms and hierarchy.
• Effective communicator with all levels of organization personnel: C-level executives, legal/compliance, business leaders, technology leaders and staff.
• Extensive Problem / Incident Management experience involving business critical systems and operations for several Fortune 100 companies.
Minneapolis Cybersecurity Conference
Wednesday, May 17, 2023
Live in Person @ Sheraton Bloomington Hotel
In Person | Virtual | Hybrid
Earn up to 10 CPE credits
About the Event
FutureCon Events brings high-level Cyber Security Training discovering cutting-edge security approaches, managing risk in the ever-changing threat of the cybersecurity workforce.
Join us as we talk with a panel of C-level executives who have effectively mitigated the risk of Cyber Attacks.
Educating C-suite executives and CISOs (chief information security officers) on the global cybercrime epidemic, and how to build Cyber Resilient organizations.
“Cybersecurity is no longer just an IT problem”
Gain the latest knowledge you need to enable applications while keeping your computing environment secure from advanced Cyber Threats. Demo the newest technology, and interact with the world’s security leaders and gain other pressing topics of interest to the information security community.
The FutureCon community will keep you updated on the future of the Cyberworld and allow you to interact with your peers and the world’s security leaders.
For sponsorship opportunities email sales@futureconevents.com
Keynote Speaker
"Going Back to the Basics"
Abdeslam Mazouz
Chief Information Security Officer City of Minneapolis
I am Abdeslam Mazouz. I am originally from Morocco. I moved to the United States in 2010. I pursued a degree in network security because of passion about computer and technology in general. At first it was challenging to balance school, work, and a new family. However, I graduated with a high GPA (3.85) and was offered my first job prior to graduation. Throughout the years, I improved my skills and expertise with each opportunity. I pursued a master’s degree in Information Assurance and Security from Capella University. Their program has been designated as a National Center of Academic Excellence in Information Assurance/Cyber Defense (CAE IA/CD) by the National Security Agency (NSA) and the Department of Homeland Security (DHS). After moving up through several roles in Information Security, I was appointed the Chief Information Security Officer for the City of Minneapolis. This was just a few months before the death of George Floyd and the civil unrest that unfolded after. Little did I know that I would be tasked with the defending the City of Minneapolis against the hacktivist group Anonymous during the weeks following the George Floyd incident. These days, I continue to build and transform the City’s information security programs to be a resilient organization against new threats, work with City leaders to reduce risk, and enable business processes in a secure, streamlined, and easy way. I am passionate about building information security programs and improving existing programs. I enjoy challenging projects in information security and look for the opportunity to use my expertise to help other organizations and contribute to the security community.
CISO/Industry Leader Panel
“Cybersecurity Leaders and Experts on Current Cyberthreats and Practices”
Adolph Barclift
Principal - Cyber Security Practice | Chief Information Security Officer
Mergence Global
Abdeslam Mazouz
Chief Information Security Officer
City of Minneapolis
Tony Taylor
Chief Information Security Officer
Land O'Lakes, Inc.
Sam Maeder
Information Security Officer
Lift Brands
Chris Miller
Chief Security Officer
MOBĒ
Platinum Sponsors
LiveAction provides end-to-end visibility for network security and performance. By relying on a single source of truth – the packets – LiveAction gives modern enterprises the confidence needed to ensure the network is securely meeting business objectives, providing full network visibility to better inform NetOps and SecOps, and reducing the overall cost of network and security operations. By unifying and simplifying the source of collection, inspection, presentation, and analysis of network traffic, LiveAction empowers network and security professionals to proactively and quickly identify, troubleshoot, and resolve issues across increasingly large and complex networks. To learn more about LiveAction, visit https://www.liveaction.com.
Gold Sponsors
Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things of the enterprise xIoT landscape. We fully automate the remediation of the biggest IoT, OT, and network device vulnerabilities—including unknown and inaccurate asset inventory, default device credentials, out-of-date device firmware, and out-of-date certificates.
Cloudflare, Inc (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all traffic routed through its intelligent global network, which gets smarter with each new site added. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was recognized by the World Economic Forum as a Technology Pioneer, named the Most Innovative Network & Internet Technology Company for two years running by the Wall Street Journal, and ranked among the world’s 50 most innovative companies by Fast Company. Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, Boston, MA, Washington, DC, London, and Singapore.
The main ambition of our software company tenfold is to discover and provide simpler ways for businesses to meet the growing demands of permission management. With our innovative software solution, “tenfold“, we have successfully revolutionized the way IT users and IT permissions are dealt with – never before has it been so easy to control and automate all important processes involved in the life-cycles of IT users, while always keeping an up-to-date, company-wide overview of who has what permissions. Together with our partners, we support medium-sized and major companies from different industries. More than 1.000 notable businesses have adopted tenfold as their .choice of user and permission management tool so far.
Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers. Our award-winning solutions portfolio delivers service level assurance for business-critical applications, while maximizing IT efficiency. Radware solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. Radware’s corporate headquarters are located in the U.S. (Mahwah, NJ) and international headquarters are located in Tel Aviv. Global presence includes offices in the Americas, Europe, Middle East, Africa and Asia Pacific regions.
Thales is a global high technology leader investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum technology – to build a future we can all trust, which is vital to the development of our societies. The company provides solutions, services and products that help its customers – businesses, organisations and states – in the defence, aeronautics, space, transportation and digital identity and security markets to fulfil their critical missions, by placing humans at the heart of the decision-making process.
Silver Sponsors
Cavelo helps businesses achieve attack surface management with automated data discovery, classification and reporting. Its cloud compatible cyber asset attack surface management (CAASM) platform continuously scans, identifies, classifies and reports on sensitive data across the organization, simplifying compliance reporting, vulnerability management and risk remediation.
HelpSystems has long been known for helping organizations become more secure and autonomous. However, over the years, our customers have shared with us that it has gotten harder and harder to protect their data. As technology plays an increasingly important role in the way organizations operate, cyberthreats are evolving to become more powerful than ever before. If there’s one thing we’ve learned from being in an industry where the only constant is change, it’s that being adaptable is the best way to grow in the right direction. So we’ve listened to our customers’ concerns, problem-solved, and delivered with impressive results. Consequently, we’re a different company today — one that is tackling cybersecurity head-on.
That’s why HelpSystems is now Fortra, your cybersecurity ally. We’re bringing the same people-first support and best-in-class portfolio that you’ve come to expect from HelpSystems, only now we’re unified through the mission of providing solutions to organizations’ seemingly unsolvable cybersecurity problems. We offer leading solutions like data security, infrastructure protection, managed services, and threat research and intelligence. Throughout every step of our customers’ journeys, our experts are determined to help increase security maturity while decreasing the operational burden that comes with it. Because our team puts the same level of care into protecting our customers’ peace of mind as their precious data. We’re driven by the belief that nothing is unsolvable. We’re tenacious in our pursuit of a better future for cybersecurity.
We are Fortra.
Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As defenders face an onslaught of threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. As a global provider of high-performance network-based threat detection and response systems, we help enterprise security teams accelerate their response to threats with solutions that uncover serious and imminent risks from cloud and on-premise network activity. Our Scirius NDR and Scirius ND are advanced network detection and response (NDR) systems that expose serious and imminent threats to critical assets and empower rapid response. Unlike other network security companies, Stamus Networks delivers truly useful detection at enterprise scale by applying the right technologies to the right problems, while avoiding the hype, fear and exaggeration that is often employed by security vendors.
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
ZeroFox delivers proactive external cybersecurity to outfox the adversary and disrupt, identify, and dismantle threats outside the traditional corporate perimeter. The ZeroFox Platform combines advanced AI-driven analysis to detect complex threats on the surface, Deep, and Dark Web with fully managed threat intelligence services and threat analysts who become an extension of your team – all while providing automated remediation to effectively disrupt threats.
Connect I.T. Solutions’ mission is to provide innovative and objective solutions that help our customers meet their needs of having a secure, high-performing, reliable and manageable network. In doing this, we design systems so that our clients’ investment will be preserved years down the line. We design, architect, build and supply systems that are future-proof and keep pace with the growth of your business. Large Vendor Selection Connect I.T. Solutions represents the best-in-class network and security products, which we represent due to their high quality, reliability, and technological forethought. We are not locked into any particular vendors, so we can remain objective and solutions-oriented when recommending solutions to our clients. If you don’t see what you are looking for, ask. We constantly research the industry for solutions to our clients’ initiatives. Domain Experience Connect I.T. Solutions serves many different vertical markets including finance, aerospace, energy, retail, manufacturing, technology and healthcare. We understand the complexity of solutions required for PCI, SOX, HIPPA and other vertical compliance requirements. You need an expert when designing and maintaining complex infrastructures. With over 30 years of experience, we can shortcut your time to deployment by providing you with expert advice and solutions so you can focus on your core business. Global Reach With our partners, we’re capable of providing both local and global implementations as well as support services. With successful roll-outs in Europe, Asia Pacific and Latin America, Connect I.T. Solutions has helped our customers with their global I.T. initiatives.
Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.
trackd.com is a modern patch management platform with a unique twist. Our solution records the experience of vulnerability remediation practitioners after they’ve applied a given patch (i.e. did it break something?), anonymizes that data, and then shares it in real-time with all other trackd platform users. The data enables remediation teams to identify the small percentage of patches that are likely to break something, as well as those with little or no history of disruption that can be considered strong candidates for auto-patching.
Conceal enables organizations to protect users from malware and ransomware at the edge. Our Conceal Platform uses Zero Trust isolation technology to defend against sophisticated cyber threats. Conceal is used by Fortune 500 and government organizations to ensure users and IT operations remain secure, anonymous and isolated from cyber attacks.
For organizations with valuable data or brand, Next Reveal is a user-centric data protection solution that uncovers risk, educates employees and fulfills security, compliance and regulatory needs. Unlike legacy DLP, Next is a flexible, cloud-native, AI/ML powered solution built for today’s threat landscape.
LogicGate offers modern risk management technology empowering businesses to proactively transform risk enterprise-wide. Because risk is a team sport, we created the Risk Cloud Platform® — the most nimble and collaborative GRC solution out there. Rapidly adapt to changing business conditions. Confidently innovate and build new processes as you go. Collaborate on risk across your entire organization. Risk Cloud® gives you an interconnected view of risk across the organization that you just can’t get from point solutions. After all, great companies are built not by avoiding risks — but by choosing the right ones.
StorONE is doing for storage what virtualization did for servers. StorONE is a modernized software defined storage company that has eliminated complexity in the data center. Our unique approach was developed when we took an in-depth look at our customers’ business requirements and realized they were not being met. That drove us to build a high-performance storage software designed to meet these needs, which includes cost reduction, increased efficiency, and improving the ease of management… All without compromise to any critical storage requirement. We’ve removed the need for multiple storage subsystems, commitment to a singular type of hardware, and better yet, the need for frequent storage refreshes and migrations. We give our customers the power to manage their enterprise storage platform in one place with the confidence that they can run an efficient system, protect their company from ransomware attacks or system failures, and if need-be, recover their data quickly with minimal disruption and loss to the business. In an industry where legacy storage systems only allow them to make incremental changes to each storage silo separately, we took the time and invested the money to create a holistically improved enterprise storage platform approach: The StorONE Engine
Commvault is a worldwide leader in delivering data readiness. We’re committed to ensuring you can protect, manage, move, recover, and use your data. Always. Commvault backup and recovery software helps you easily manage your data in a consistent, compliant way. Our software automates mind-numbing IT tasks and makes your data work harder for you — so you can gain invaluable insights for your business. Commvault solutions work on-prem and in the cloud, and work with the digital tools and procedures you’re already using. Get Commvault direct and through our global ecosystem of trusted partners. Keep your data accessible and actionable with a single solution that ensures your data is available — no matter what. https://www.commvault.com/
Material Security uses ubiquitous tools in unexpected ways to understand and mitigate risk in cloud office apps. Material is known and loved in the security community for protecting cloud email at global media and financial conglomerates, large tech companies, and highly-targeted public sector organizations. The platform connects in minutes to Microsoft and Google environments to analyze risk, detect threats, automatically investigate incidents, and crowdsource mitigation with end-users via novel integrations with identity providers like Okta, Duo, Ping, and Microsoft Azure AD. The company was started in response to the 2016 Election hacks, is backed by Andreessen Horowitz, and was recently valued at $1.1B. Material is single-tenant, can be deployed in the customer’s cloud, and Material personnel do not need access to customer data. Material also protects the personal accounts of high-risk VIPs. https://material.security/love
At Horangi, we’re passionate about building a safer cyberspace and creating software that solves challenging cybersecurity problems. Horangi focuses on building partnerships with our customers, developing an understanding of their business goals and building a security strategy that helps achieve their objectives. Horangi’s personnel have an extensive engineering experience and strong background in penetration testing, incident response and strategic consulting including both large multinational networks and small organizations with focused missions. We enjoy solving tough security problems and we are eager to find new challenges and build new relationships.
LogRhythm empowers more than 4,000 customers across the globe to measurably mature their security operations program. LogRhythm’s award-winning NextGen SIEM Platform delivers comprehensive security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) within a single, integrated platform for rapid detection, response, and neutralization of threats. Built by security professionals for security professionals, LogRhythm enables security professionals at leading organizations like Cargill, NASA, and XcelEnergy to promote visibility for their cybersecurity program and reduce risk to their organization each and every day. LogRhythm is the only provider to earn the Gartner Peer Insights’ Customer Choice for SIEM designation three years in a row. To learn more, please visit logrhythm.com.
Partners
Our mission is to create a safe environment where information security practitioners can openly share expertise and ideas, providing practical, relevant, useful and timely information that, when applied, will develop and promote the (ISC)2 CISSP CBK®. help support the Information Security and Cyber Security Communities of the Upper Midwest.
The objectives of this chapter are to:
- Educate: Provide low cost (or no-cost), high impact educational opportunities for both new and seasoned information security practitioners.
- Network: Create an environment that encourages relationship building and professional growth via networking and creating Mentorship opportunities
- Transform: Provide a forum for the free exchange of bold, innovative, transformative ideas to advance the perception and effectiveness of information security.
InfraGard is a Federal Bureau of Investigation (FBI) program that began in the Cleveland Field Office in 1996. It was a local effort to gain support from the information technology industry and academia for the FBI’s investigative efforts in the cyber arena. The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) and to the Cyber Division in 2003. InfraGard and the FBI have developed a relationship of trust and credibility in the exchange of information concerning various terrorism, intelligence, criminal, and security matters.
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 168,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry.
Founded in 2012, the Women’s Society of Cyberjutsu (WSC) is a National 501(c)3 non-profit community, focused on empowering women to succeed in the cybersecurity industry. WSC’s mission is to advance women in cybersecurity careers by providing programs and partnerships that promote hands-on training, networking, education, mentoring, resource-sharing and other professional opportunities.
WSC serves thousands of women across the globe by bringing awareness to, and advancing careers in, cybersecurity. The WSC community includes information security professionals, IT professionals, programmers, computer scientists and engineers, as well as women wanting to explore and join the field. Recognizing the importance of encouraging girls to embrace a future in STEM-related professions through its Cyberjutsu Girls Academy, WSC provides a unique hands-on curriculum focused on securing information technology. For more information, visit http://www.womenscyberjutsu.org.
The Pan Asian American Business Council (“PAABC”) is a non-profit organization consisting of Asian American businesses that would like to promote and grow their own and other Asian American businesses.
To enable Asian American owned businesses to develop and grow.
We put our heart and soul into this Cybersecurity Conference directory.
Way back in 2013 we had another website called “Concise Courses” which used to market and sell InfoSec training courses. We published a blog post listing all the upcoming InfoSec Conferences of that year, and Google loved the resource and put us right to the top of the search engines. That ‘accidental’ occurrence spawned this directory which is maintained by a small team comprising of Henry Dalziel and Charles Villaneuva and a bunch of freelance programmers.
What We Do:
We list, literally, every single Information Security conference, event and seminar within every niche in Cybersecurity.
We have a dedicated team that maintains our in-house tech stack, directory, and data curation.
Agenda
Times are subject to change
Opening Introductions | Check In | Networking
Presentation
Stories from the Front Lines: SOC Edition
There’s never a dull moment in the Security Operations Center (SOC). In this session, Daniel Smallwood shares some of the most interesting security incidents he’s encountered during his 20-year career as a threat researcher and engineer in the federal and private sectors. These include:
- The Case of the Missing Hard Drive: Lessons Learned from Handling an Insider Threat
- From the UK to Aliens to Pink Floyd: The British Hacker Story
- The Network is Overrun with Coin Miners: How to Approach an Overwhelming Breach
Daniel discusses not only the story of what happened, but the tools and techniques used and developed that brought success.
Presentation
Treat Your Data Like It’s Currency
You’ve heard that “data is the new oil”. More accurately, “data is your currency”. It gives you the ability to conduct business. Mismanage it and there can be serious consequences. Lose it and you lose your business.
With your “bills” spread across your environment, managing and protecting the “money” can be a monumental task. $100s, $50s, $20s, $10s, $5s, and lots of $1s are strewn about. Knowing where your most valuable bills are is foundational to any data security process. This session will explore the key steps in identifying the most important data in your organization. Using real-world examples, we will examine the impact of placing appropriate controls to protect your most important business asset: your data.
Sponsor Networking Time
Presentation
Future Trends in Application and Network Security: Looking Ahead to 2023 and Beyond
As online usage continues to grow rapidly, ensuring the safety of applications and networks from cyber threats is becoming increasingly critical. As human-like bots that can bypass traditional security measures and CAPTCHAs continue to emerge, a zero-trust approach and cloud service edge are now becoming the standard. In this presentation, we will discuss the most significant developments in cybersecurity and how your organization can benefit from them.
Key topics covered include:
- Network and Application Security Trends – What to expect in 2023 and beyond.
- Challenges that will influence your security strategy.
- Best practices to address the dilemma of balancing cost, agility, and state-of-the-art security.
Presentation
Behind the Scenes of Teams and OneDrive: The Secret Life of Shared Files
With the accelerated use of Microsoft 365, we are shooting more sensitive and confidential data into the cloud than we are aware of. Keeping track of what files users are sharing among each other in Teams and OneDrive and knowing who else has access to seems an impossible task. What can you do about it? Find out in this talk.
Topics covered include:
- What goes on in the background when we share data in Teams & OneDrive.
- Why more people have access to shared files than we think.
- How tenfold helps you keep track of permissions and shared files once and for all
Sponsor Networking Time
Lunch
Keynote
"Going Back to the Basics"
Sponsor Networking Time
Presentation
Cameras, CACs & Clocks: A Story of Millions of Interrogated and Hacked xIoT Devices
We’ve unleashed our dark allies from the nightmare dimension on an unholy crusade to demonstrate cyberattacks for your enlightenment. If you love seeing devices compromised as much as we do, join us for a real hacking demonstration, detailed security research findings, and threat mitigation techniques that will disappoint bad actors. Share your new knowledge around the water cooler, apply these preventative security strategies within your own organization, and become the cool person at the office party everyone wants to hang out with regardless of that cat sweater you insist on wearing.
We’ll share stories from the trenches involving cybercriminals, nation-state actors, and defenders. Our presentation will detail findings from over six years of xIoT threat research spanning millions of production devices in enterprises and government agencies around the world. We’ll identify various steps organizations can take to mitigate risk while embracing a Things-connected world. We’ll also demonstrate a hack against an xIoT, or Extended Internet of Things, device. For those who would say, “But they’re just security cameras monitoring the parking garage, wireless access points in the cafeteria, or PLCs controlling robotic welding arms; what harm can they cause?” – this will illuminate that harm.
xIoT encompasses four disparate but interrelated device groups that operate with purpose-built hardware and firmware, are typically network-connected, and disallow the installation of traditional endpoint security controls. The first group contains enterprise IoT devices such as VoIP phones, security cameras, wireless access points, network attached storage, and printers. The second group includes OT devices such as PLCs, building automation systems, and industrial control systems. The third group consists of IoMT assets such as infusion pumps, patient monitors, and wireless vital monitors. The fourth group contains IIoT devices like robotics, smart factory systems, and temperature sensors.
There are over 50 billion xIoT devices in operation worldwide. Most of these devices run well-known operating systems like Linux, Android, BSD, and various real-time operating systems like VxWorks. Additionally, many xIoT devices have open ports, protocols, storage, memory, and processing capabilities similar to your laptop. But there is a major difference. Even though most enterprises and government agencies have tens to hundreds of thousands of these devices in production, they go largely unmanaged and unmonitored. These xIoT devices typically operate with weak credentials, old, vulnerable firmware, extraneous services, and problematic certificates. This massive, vulnerable xIoT attack surface is being successfully exploited by bad actors engaging in cyber espionage, data exfiltration, sabotage, and extortion, impacting xIoT, IT, and cloud assets.
Nation-states and cybercriminals have shifted their focus to xIoT attacks. Why? Because they work. Military-grade xIoT hacking tools are in use, cybercrime for hire that’s predicated on compromised xIoT devices has been monetized, and organizations worldwide are already “pwned” without even knowing it. Bad actors are counting on you being passive by not mitigating xIoT security risks. They want you to fail so they can continue to evade detection and maintain persistence on your xIoT devices. Disappoint them! Take your xIoT devices back by understanding how to hack them, recognizing where they’re most vulnerable, and employing strategies to successfully protect them at scale.
Sponsor Networking Time
Presentation
Abnormal Security and our Modern Approach to Email Security
Abnormal Security will be discussing the changing threat landscape of email attacks, challenges from our customers and more about our modern approach to email security.
Presentation
Digital Sovereignty
This talk will examine the growing call for sovereignty over digital assets in an increasingly cloud-focused world. We’ll look at how organizations need to review the governance model of IT resources, protect against new security risks, and reduce the effort to comply with more stringent regulations.
Finally, we will explore what digital sovereignty is made of, and how to mitigate some of the risks highlighted.
Sponsor Networking Time
Panel Discussion
“Cybersecurity Leaders and Experts on Current Cyberthreats and Practices”
