Agenda

Date and Time	Title
Dec 11, 2024 8:30am - 3:00pm (Pacific)	Exhibitor Hall open Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
Dec 11, 2024 9:00am - 9:51am (Pacific)	[Opening Keynote] Shift Left Doesn't Mean Anything Anymore Our job is to make the software more secure. It’s not to find all the bugs. It’s not to deploy tools. It’s not to spend money or write checks. It’s not to be frustrated with developers. It’s not to be “right.” It only matters if we reduce organizational risk. If we are not doing that, regularly and consistently, we are failing.
Dec 11, 2024 9:45am - 10:00am (Pacific)	Networking Break Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
Dec 11, 2024 10:00am - 10:55am (Pacific)	Leading with Empathy and Grace: Secrets to Developing High-Performing Teams
Dec 11, 2024 10:00am - 10:45am (Pacific)	Artificial Intelligence Acceptable Use Policy
Dec 11, 2024 10:00am - 10:51am (Pacific)	[Panel] How IT Can Improve Your GRC Program
Dec 11, 2024 10:45am - 11:00am (Pacific)	Networking Break Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
Dec 11, 2024 11:00am - 11:42am (Pacific)	Are You in a Dysfunctional Relationship with the HR Department? When HR and security teams understand their respective roles, value each other, and have an open, productive partnership, life is good. They can help each other be more effective and complement each other’s functions. Unfortunately, that symbiotic state can be hard to achieve. For security teams, HR folks can be hard to understand. Sometimes they seem like a great advocate for security, and at other times they can seem more like a blocker of our efforts to better secure the organization. For HR professionals, dealing with the security team can be a challenge. For example, the security team might send out an emotionally-triggering simulated phish to everyone in the organization, causing numerous employee complaints that HR has to manage. So what can you do if you don’t have the best relationship with the HR team? This talk, based on years of experience navigating the relationship between HR and security teams, will cover the issues that cause the biggest disconnects between HR and security. We’ll look at the issues from both sides and cover proposed solutions for each. Improving the relationships for both departments can lead to happier HR and security professionals who are more effective in their roles, and a company that’s better protected and prepared against cyber threats.
Dec 11, 2024 11:00am - 11:46am (Pacific)	Insider Threat: Clever Adversary Tactics to Infiltrate Your Organization You Need to Know Now! Insider threats pose a significant and often underestimated risk to organizations. This session dives deep into the cunning tactics employed by malicious insiders to infiltrate and compromise your most valuable assets. Learn about: The Evolving Insider Threat Landscape: Understand the motivations and methods of today’s insider threats, from disgruntled employees to external actors leveraging compromised credentials. Social Engineering & Manipulation: Uncover the subtle techniques used to exploit trust and gain unauthorized access to sensitive information. Data Exfiltration & Sabotage: Recognize the warning signs of data breaches, intellectual property theft, and deliberate system disruption orchestrated from within. Technical Exploitation & Privilege Abuse: Explore how insiders can leverage their knowledge and access to bypass security controls and exploit vulnerabilities. Proactive Defense & Mitigation Strategies: Discover practical steps to detect, deter, and respond to insider threats, including user activity monitoring, access control, and security awareness training. This session is critical for security professionals, IT administrators, risk managers, and anyone responsible for protecting their organization from internal threats.
Dec 11, 2024 11:00am - 11:45am (Pacific)	Social Engineering: Training the Human Firewall Phishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.
Dec 11, 2024 11:45am - 12:00pm (Pacific)	Networking Break Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
Dec 11, 2024 12:00pm - 12:42pm (Pacific)	Uncovering Blind Spots in Your Network It’s an unfortunate reality: cybersecurity professionals face threats they often can’t see. From unmonitored assets to incomplete telemetry, blind spots in your security infrastructure can open dangerous vulnerabilities. In this presentation, Tim Bandos, Field CISO at Critical Start, shares insights into the most common security gaps and actionable strategies for closing them. Learn how to ensure full visibility across your IT and OT environments, monitor for log ingestion failures, and adopt automated asset discovery to reduce the risk of unseen threats. Key Takeaways: Understanding the Invisible Threats: Explore how missed signals, shadow IT, and unmonitored assets can undermine your security efforts. Mitigating Security Gaps: Learn tactics such as comprehensive tooling audits, continuous log monitoring, and automated asset management to close these gaps. Optimizing Detection and Response: Discover how asset visibility can enhance SOC and MDR effectiveness and lead to faster threat detection and response. Real-World Case Studies: See how organizations improved their detection rates and SOC capabilities by closing critical security gaps. If you're looking to strengthen your threat detection and response capabilities, this is a can't-miss session!
Dec 11, 2024 12:00pm - 12:46pm (Pacific)	Drag Racing & Cybersecurity: The Crossover You’d be amazed what you can learn from everyday hobbies or obstacles to help you become a better practitioner. Krista Arndt shares a very personal story of survival after a bad drag racing accident in 2015. It was a life-altering experience and provided perspective on her personal and professional life that drives her every day as a loving mom and wife, volunteer, and successful CISO.
Dec 11, 2024 12:00pm - 12:38pm (Pacific)	5 Things InfoSec Needs to Hear about Quantum The quantum revolution is coming, and it will profoundly impact the cybersecurity landscape. This session cuts through the hype to deliver five essential takeaways about quantum technology and its implications for protecting digital assets. Learn about: Quantum Computing’s Power: Understand how quantum computers can break current encryption algorithms and render widely used security protocols obsolete. The Post-Quantum Cryptography Race: Explore the ongoing development of new cryptographic algorithms designed to withstand quantum attacks. Threat Timeline & Preparedness: Get a realistic assessment of when quantum threats are likely to materialize and how to prepare your organization. Quantum-Resistant Security Strategies: Discover practical steps you can take today to mitigate future risks, including adopting hybrid classical-post quantum approaches. Beyond Cryptography: Explore other cybersecurity applications of quantum technology, such as quantum key distribution and quantum-resistant blockchain. This session is vital for CISOs, security architects, cryptography specialists, and anyone responsible for long-term cybersecurity strategy.
Dec 11, 2024 12:45pm - 1:00pm (Pacific)	Networking Break Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
Dec 11, 2024 1:00pm - 1:39pm (Pacific)	Threat Modeling 101: Star Wars Edition
Dec 11, 2024 1:00pm - 1:58pm (Pacific)	Reading the Tea Leaves: What to Expect from Your 2025 Cyber Insurance Renewal The claims environment remains fraught with cyber threats, particularly ransomware. At the same time, privacy concerns continue to escalate, with a heightened focus on data protection, biometric security, and non-breach privacy claims. Regulatory scrutiny from the FTC and State Privacy Regulators further emphasizes the need for robust cybersecurity measures. To effectively mitigate risks, organizations must prioritize controls such as EDR, DLP, privileged account management, and technology product risk management. A proactive approach to third-party risk management and supply chain resilience is also essential. Culture and awareness training play a pivotal role in fostering a security-conscious workforce. Maximizing cyber insurance efforts requires collaboration across departments. CISOs should engage with risk managers and legal teams to ensure alignment in coverage discussions and budget allocation. Cyber underwriting exercises can provide valuable insights for business impact assessments and audit committee reviews, fostering a shared understanding of risk and mitigation strategies.
Dec 11, 2024 1:45pm - 2:00pm (Pacific)	Networking Break Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
Dec 11, 2024 2:00pm - 2:51pm (Pacific)	[Closing Session] Behavioral Profiling: Know Thine Enemy In the ever-evolving landscape of cyber threats, understanding your adversary is paramount. This session delves into the dark arts of behavioral profiling, providing cybersecurity professionals with the tools to anticipate, analyze, and mitigate attacks. Learn how to: Profile Threat Actors: Identify the distinct behaviors, motivations, and tactics of different attacker groups, from script kiddies to sophisticated nation-state actors. Recognize Attack Patterns: Decipher the telltale signs of malicious activity by analyzing user behavior, network traffic, and system logs. Predict Future Attacks: Anticipate an attacker’s next move by understanding their goals, capabilities, and past behaviors. Strengthen Your Defenses: Develop proactive security measures and incident response strategies based on behavioral insights. This session is crucial for security analysts, incident responders, threat hunters, and anyone involved in safeguarding digital assets.
Dec 11, 2024 2:00pm - 2:59pm (Pacific)	[Closing Session] Cyber Intel Briefing This presentation will provide a comprehensive overview of the current cyber landscape, focusing on both global and domestic government-related threats and incidents. We will delve into recent high-profile attacks, explore emerging trends, and discuss the evolving tactics employed by cybercriminals and nation-states. Additionally, the presentation will examine the ongoing challenges faced by governments in protecting critical infrastructure, securing sensitive data, and mitigating the risks posed by cyber espionage. By understanding the latest developments in the cyber threat environment, attendees will gain valuable insights into safeguarding government networks and systems.