Agenda

Date and Time	Title
Jun 12, 2024 9:00am - 10:00am (Eastern)	[Opening Keynote] Leading with Empathy and Grace: Secrets to Developing High-Performing Teams
Jun 12, 2024 10:00am - 10:55am (Eastern)	Insider Threat Actors & Artificial Intelligence Threat methods and controls utilized for the corporate workforce that now expands beyond the office building and into remote locations is not as comprehensive and effective for those who are typically in the office. The intent of employees may not be malicious but rather inherent to poor practices; however, there are those who happen to begin unintentional but gradually become the intentional insider threat. This presentation is designed to help individuals identify how seemingly “innocent” activity can make them an insider threat, and how to identify behavioral elements utilizing a number of security solutions. Through live demonstrations, we will show how “everyday activities” can result in higher risk to the company. Objectives: Learn the methodologies utilized by individuals within the organization that would be considered insider threat activity. Learn how to identify system and user-based behavioral indicators. Learn which existing or enhanced security layer can provide insider threat profile data. Take-Aways: How to identify business processes which can contribute to intentional or unintentional insider threats. Enhance procedures required to identify insider threat exposures. Enhance awareness training to include additional methods of insider threat. Enhance existing physical and digital security layers to better identify specific insider threat activity.
Jun 12, 2024 10:00am - 10:50am (Eastern)	The Scams Affecting Your End-Users
Jun 12, 2024 10:00am - 10:35am (Eastern)	It's Never Too Early to Start Planning for Cybersecurity Awareness Month Cybersecurity Awareness Month occurs every October, but it’s never too early to start thinking about ways you can offer fun, valuable events for employees. Join this session to learn more about ways you can make this year’s cybersecurity awareness month the best one yet!
Jun 12, 2024 11:00am - 11:50am (Eastern)	A Path to Cyber Maturity Using CIS Controls This presentation, led by Curtis Dukes and Chirag Arora, focuses on the strategic implementation and benefits of the CIS Controls framework and enterprise security controls. It outlines the importance of cybersecurity maturity through structured assessments and the use of CIS Controls to enhance organizational security posture. Key topics include the integration of the CIS Controls ecosystem, the role of gap analysis in developing security maturity roadmaps, and the utility of the CIS Controls Self-Assessment Tool (CSAT) for continuous improvement. Additionally, the presentation emphasizes how enterprise security controls, aligned with industry standards, can identify, assess, and mitigate security risks, enhancing overall risk management. The deck also highlights real-world applications and the incentivization of best practices to achieve robust cyber defense mechanisms.
Jun 12, 2024 11:00am - 11:40am (Eastern)	Threat Modeling 101: Star Wars Edition “Help me, Obi-Wan Kenobi. You’re my only hope.” Using threat models is like getting the blueprint for the Death Star. They allow you to plan for potential scenarios or ambush attacks from stormtroopers with impossibly bad aim. Understanding the possible risks ensures your entire team will make it out of the garbage compactor and back to the Millennium Falcon. These ARE the droids you’re looking for…. Fellow Rebels will gain an understanding of how to threat model, the risks and rewards, resources, and a demonstration of how to utilize threat modeling using the Death Star as a source!
Jun 12, 2024 11:00am - 12:00pm (Eastern)	[Panel] Achieving Continuous Compliance: How to Make IT Work for Your Organization
Jun 12, 2024 12:00pm - 1:00pm (Eastern)	Pig Butchering, BEC, and Artificial Intelligence: What the Secret Service Wants You to Know
Jun 12, 2024 12:00pm - 12:50pm (Eastern)	Unpacking Third-Party Risk Management Essentials Third-Party Risk Management (TPRM) is an essential component of contemporary business operations, pivotal in managing security risks associated with vendors and partners. However, the complexity of TPRM can be daunting due to the diverse nature of risks and the need for cross-functional collaboration, including the rise in supply chain attacks. This presentation proposes a multifaceted approach to simplify TPRM, thereby boosting return on investment and enhancing security postures. We will also discuss some recent supply chain attacks and strategies to reduce such risks.
Jun 12, 2024 12:00pm - 12:50pm (Eastern)	What Should Security at a Cloud Company Look Like? The evolution and set up of a security function has been traditionally defined by the software development lifecycle or well known maturity models. There are various security frameworks and industry standards that can be referenced to understand how an organization performs its security functions, however, they are seldom described from the perspective of a customer. Transparency into the cloud provider’s security functions builds customer trust, and understanding those functions helps customers to effectively perform their functions as defined in the provider’s shared responsibility model. In this session, learn how a cloud provider should describe its security functions so they are easily understood and related to by their customers.
Jun 12, 2024 1:00pm - 1:45pm (Eastern)	SEC Disclosure Update: What You Really Need to Know Now!
Jun 12, 2024 1:00pm - 1:40pm (Eastern)	Guardians of the Ballot Box: Cybersecurity in Elections In this presentation, we address the critical challenge of defending electoral processes against targeted campaigns, elections and social engineering tactics. As elections increasingly become targets for cyber interference, safeguarding against these threats is paramount. We examine how campaigns and elections are targeted by malicious actors, aiming to disrupt democratic practices and sway voter sentiment. Through case studies and real-world examples, we illustrate the impact of social engineering on constituents, highlighting how misinformation and manipulation tactics can influence voter behavior and swing election outcomes. We also discuss strategies to prevent and mitigate these threats, including robust cybersecurity measures, public awareness campaigns, and enhanced education on recognizing and combating social engineering tactics. By understanding the tactics used by malicious actors and implementing proactive defenses, we can better protect the integrity of electoral processes and ensure that voters are empowered to make informed decisions. Join us as we explore practical steps to defend against targeted campaigns and safeguard the democratic process.
Jun 12, 2024 1:00pm - 1:40pm (Eastern)	Threat Briefing: Newest Observed TTPs in the Wild Ongoing geopolitical conflicts continue to give rise to new variants of malicious payloads and new Tactics and Techniques have been observed. To help SOC teams defend against these threats, the Splunk Threat Research Team will showcase the entire exploitation sequence starting from the execution of the latest remote access trojans (RATs), to destructive payloads and post-exploitation techniques. Join this session to learn more about: Current geopolitical threats and related campaigns Remote access trojan IOCs and related Splunk detections The latest post-exploitation techniques and related security content to enhance your defenses Best practices for operationalizing the new TTP Detections into your SOC
Jun 12, 2024 2:00pm - 3:00pm (Eastern)	[Closing Keynote] Cyber Intel Briefing
Jun 12, 2024 2:00pm - 2:55pm (Eastern)	[Panel] Investigating Digital Executive Protection