Date and Time | Title | |
---|---|---|
Oct 16, 2024 10:30am - 5:00pm (Eastern) | Exhibitor Hall open Your opportunity to visit our solution vendor and association partners, whose sponsorship makes SecureWorld possible! Peruse the many downloadable resources each booth has to offer. | |
Oct 16, 2024 11:00am - 11:46am (Eastern) | [Opening Keynote] Are You in a Dysfunctional Relationship with the HR Department? When HR and security teams understand their respective roles, value each other, and have an open, productive partnership, life is good. They can help each other be more effective and complement each other’s functions. Unfortunately, that symbiotic state can be hard to achieve. For security teams, HR folks can be hard to understand. Sometimes they seem like a great advocate for security, and at other times they can seem more like a blocker of our efforts to better secure the organization. For HR professionals, dealing with the security team can be a challenge. For example, the security team might send out an emotionally-triggering simulated phish to everyone in the organization, causing numerous employee complaints that HR has to manage. So what can you do if you don’t have the best relationship with the HR team? This talk, based on years of experience navigating the relationship between HR and security teams, will cover the issues that cause the biggest disconnects between HR and security. We’ll look at the issues from both sides and cover proposed solutions for each. Improving the relationships for both departments can lead to happier HR and security professionals who are more effective in their roles, and a company that’s better protected and prepared against cyber threats. | |
Oct 16, 2024 12:00pm - 12:56pm (Eastern) | InfraGard Meeting (Open to all attendees) Three Risks that Security Leaders in Government and Education Sectors Must Address | |
Oct 16, 2024 12:00pm - 12:44pm (Eastern) | SEC Disclosure Update: What You Really Need to Know Now! | |
Oct 16, 2024 12:00pm - 12:48pm (Eastern) | Human-Centric Cybersecurity for Higher Education Human error is typically the starting point of most cyberattacks, and cybercriminals have become adept at using social engineering techniques to target individuals with highly persuasive, personalized messages. It is more important than ever to safeguard your faculty, students, and staff against increasingly sophisticated cyberattacks with a human-centric security strategy. Please join us for a 45-minute live discussion with Proofpoint’s Vice President of Industry Solutions, Ryan Witt. He will cover new threat intelligence research in higher education that can help colleges and universities better understand today’s advanced attacks and how those attacks evolve with changing dynamics on campus. We will explore:
| |
Oct 16, 2024 1:00pm - 1:46pm (Eastern) | A Path to Cyber Maturity Using CIS Controls This presentation, led by Curtis Dukes and Chirag Arora, focuses on the strategic implementation and benefits of the CIS Controls framework and enterprise security controls. It outlines the importance of cybersecurity maturity through structured assessments and the use of CIS Controls to enhance organizational security posture. Key topics include the integration of the CIS Controls ecosystem, the role of gap analysis in developing security maturity roadmaps, and the utility of the CIS Controls Self-Assessment Tool (CSAT) for continuous improvement. Additionally, the presentation emphasizes how enterprise security controls, aligned with industry standards, can identify, assess, and mitigate security risks, enhancing overall risk management. The deck also highlights real-world applications and the incentivization of best practices to achieve robust cyber defense mechanisms. | |
Oct 16, 2024 1:00pm - 1:50pm (Eastern) | AI: The New Guardian of Critical Infrastructure AI is becoming essential in protecting critical infrastructure by improving threat intelligence. It helps detect vulnerabilities, predict threats, and respond quickly to keep vital systems secure. This discussion will explore how AI is changing the way we defend against cyber threats. | |
Oct 16, 2024 1:00pm - 1:52pm (Eastern) | How IT Can Make or Break Your Compliance Program | |
Oct 16, 2024 2:00pm - 2:54pm (Eastern) | Navigating the Privacy Patchwork Quilt of Laws and Regulations The United States has become a patchwork of conflicting and overlapping data privacy regulations as individual states race to protect consumer rights and create comprehensive privacy laws. This presentation will delve into the complex landscape of state privacy laws, examining key provisions, compliance challenges, and potential impacts on businesses. We will explore how these varying regulations create an ever-changing environment for organizations operating across state lines, creating challenges for innovation and consumer trust. Additionally, the presentation will discuss the ways in which the United States is leveraging other laws (consumer protection, tort law, and older federal laws) to create privacy protections where no general state or federal privacy laws currently exist. | |
Oct 16, 2024 2:00pm - 2:46pm (Eastern) | Unpacking Third-Party Risk Management Essentials Third-Party Risk Management (TPRM) is an essential component of contemporary business operations, pivotal in managing security risks associated with vendors and partners. However, the complexity of TPRM can be daunting due to the diverse nature of risks and the need for cross-functional collaboration, including the rise in supply chain attacks. This presentation proposes a multifaceted approach to simplify TPRM, thereby boosting return on investment and enhancing security postures. We will also discuss some recent supply chain attacks and strategies to reduce such risks. | |
Oct 16, 2024 2:00pm - 2:26pm (Eastern) | NextGen Zero Trust: Navigating the Evolving Cyber Threat Landscape In this exclusive interview, Justin Valdes, Cybersecurity Consultant, and Dr. Chase Cunningham, known in the cybersecurity industry as “Dr. Zero Trust” for his involvement in the development of NIST 800-207, will delve into the origins, evolution, and impact of the Zero Trust Framework. The discussion will explore the foundational inspiration behind the Zero Trust model, its early objectives, and the cybersecurity challenges it aimed to address during its inception. Key questions will include the influence of evolving threats on its design, the role of vendors and manufacturers in supporting organizations’ Zero Trust adoption, and the balance between security, usability, and cost. The interview will also assess the framework’s relevance in today’s rapidly changing cybersecurity landscape, particularly with regard to cloud computing, IoT, and remote work environments. With insights into how artificial intelligence, automation, and machine learning are shaping Zero Trust principles, we will explore the future of Zero Trust security models. Key topics such as the impact of NIST 800-207 on the broader cybersecurity community, common misconceptions in its implementation, and the role of browser security will also be addressed. Join us to gain a deeper understanding of where Zero Trust stands today, the challenges organizations face on their journey toward implementation, and what the future holds for this critical security paradigm. | |
Oct 16, 2024 3:00pm - 3:37pm (Eastern) | Guardians of the Ballot Box: Cybersecurity in Elections In this presentation, we address the critical challenge of defending electoral processes against targeted campaigns, elections and social engineering tactics. As elections increasingly become targets for cyber interference, safeguarding against these threats is paramount. We examine how campaigns and elections are targeted by malicious actors, aiming to disrupt democratic practices and sway voter sentiment. Through case studies and real-world examples, we illustrate the impact of social engineering on constituents, highlighting how misinformation and manipulation tactics can influence voter behavior and swing election outcomes. We also discuss strategies to prevent and mitigate these threats, including robust cybersecurity measures, public awareness campaigns, and enhanced education on recognizing and combating social engineering tactics. By understanding the tactics used by malicious actors and implementing proactive defenses, we can better protect the integrity of electoral processes and ensure that voters are empowered to make informed decisions. Join us as we explore practical steps to defend against targeted campaigns and safeguard the democratic process. | |
Oct 16, 2024 3:00pm - 3:45pm (Eastern) | Social Engineering: Training the Human Firewall Phishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business. | |
Oct 16, 2024 3:00pm - 3:43pm (Eastern) | Top 10 Worst Patch Management Practices | |
Oct 16, 2024 4:00pm - 4:58pm (Eastern) | [Closing Keynote] Cyber Intel Briefing This presentation will provide a comprehensive overview of the current cyber landscape, focusing on both global and domestic government-related threats and incidents. We will delve into recent high-profile attacks, explore emerging trends, and discuss the evolving tactics employed by cybercriminals and nation-states. Additionally, the presentation will examine the ongoing challenges faced by governments in protecting critical infrastructure, securing sensitive data, and mitigating the risks posed by cyber espionage. By understanding the latest developments in the cyber threat environment, attendees will gain valuable insights into safeguarding government networks and systems. | |
Oct 16, 2024 4:00pm - 4:55pm (Eastern) | From the Inside Out: How Personal Security Drives Organizational Resilience In today’s digital age, email has become an essential tool for both personal and professional communication. However, the rise of sophisticated phishing attacks has made it increasingly vulnerable to exploitation. Personal Email Compromise (PEC) often serves as a gateway to Business Email Compromise (BEC), leading to significant financial losses and reputational damage. This session will explore strategies to safeguard your domain from these threats. Attendees will learn about the latest phishing tactics, deep fakes, best practices for identifying and avoiding malicious emails, and how to implement robust security measures to protect both personal and corporate data and executives. By the end of this session, participants will be equipped with the knowledge and tools to strengthen their defenses against PEC and BEC, ensuring the security and integrity of their digital communications. |