Infosecurity ISACA North America Expo and Conference Presentations and Descriptions 

 


Beginner Beginner       Intermediate Intermediate       Advanced Advanced

Track 1—Emerging Security Tools & Techniques

111—Dark Web Review - a Deep Dive into a Dark World Intermediate

Wednesday, 20 November | 10:00AM – 10:50AM

Alex Holden
Hold Security, LLC

In this uncensored view of the Dark Web and Hackers we will see how their systems function, and what we can do to stop them. From botnets, to financial scams we will look at hackers’ Dark Web panels and learn more about their techniques.

After this session you will be able to:

  • Understand hackers targeting techniques and build appropriate defenses
  • Build scalable and useful risk evaluation program based on real threats
  • Have a much better understanding of how hackers’ function, which in the end will help defeat them in their advances
  • Use skills to change hacker supply chain rendering their attacks unfeasible against your environments

121—Using Cloud Access Security Brokers to Stop SaaS Data Leaks Intermediate

Wednesday, 20 November | 11:00AM – 11:50AM

Robert LaMagna-Reiter
CISO
FNTS

Shadow IT. Unsanctioned vs. Sanctioned Apps. SaaS provides flexibility & agility, but not without risk. Enter CASB – a means to control SaaS usage, sensitive data exposure and prevent malware propagation.

After this session you will be able to:

  • Describe the features & benefits of a CASB solution.
  • Understand the various CASB deployment methods & determine which is most appropriate for your business.
  • Control SaaS applications, prevent sensitive data leakage and enable secure SaaS usage
  • Understand how to integrate a CASB into your operations and achieve ROI

131—DNS - A Phishing Chokepoint Advanced Technical

Wednesday, 20 November | 1:20PM – 2:10PM

Carel Bitter
Spamhaus
 

As with many types of abuse, DNS plays a pivotal role in the enablement of phishing. We explore a way to find phishing domains with open source intel, without having access to actual phishing messages themselves.

After this session you will be able to:

  • See the value of combining open source intelligence to proactively find phishing domains.
  • Get started on building an in-house system to proactively discover phishing against their own organisation/brand.
  • Evaluate new and existing domains based on how much of a threat they pose to infrastructure and (end)users.
  • Start looking at their own DNS as a method of securing end users against targeted and non-targeted phishing attacks.

141—Exposing The Dark Overlord – Using OSINT Identify a Group of Modern-Day Cyber Terrorists Beginner

Wednesday, 20 November | 2:20PM – 3:10PM

Vinny Troia
NightLion Security
 

This talk focuses on exploring the OSINT tools, investigative thought process, and collection of dark web data that led to the identification of The Dark Overlord hacking group.

After this session you will be able to:

  • Understand the type of data available for sale and download on the dark web.
  • Learn the process used to collect and build a custom threat intel tool.
  • Describe the types of hacker forums on the darkweb, and distinction between their participants.
  • Describe who The Dark Overlord is, and why the discovery of their identities is significant.

151—The New Security Frontier: AI, Threat Hunting, Behavioral Anomalies, and Automated Response Intermediate

Wednesday, 20 November | 3:40PM – 4:30PM

Michael Melore, CISSP
Cyber Security Advisor
IBM

New methods are required to address threats increasing in frequency, sophistication, and impact, in an increasing climate of cost constraints, and resource and skills shortage. Traditional security controls and response can’t possibly keep pace.

After this session you will be able to:

  • Understand the value of AI in Cyber Security Defense.
  • Learn how AI differs from user behavioral anomaly detection and correlation engine results.
  • Learn how all AI, User Behavioral Analytics, Network Behavioral Anomaly Detection, Correlation Engine results, and automated response orchestration used together provide unique insight and resolution speed.
  • Understand why enterprise threat hunting roles are the newest enterprise security job opportunities.

211—End-To-End Injection Safety at Scale Intermediate

Thursday, 21 November | 8:40AM – 9:30AM

Mike Samuel
Security Engineer
Google, LLC

Trusted types bakes lessons learned by Google Security into the browser. Learn how small tool changes enable organizational factors that ease development of secure software and help a small blue team manage security for a large group of developers.

After this session you will be able to:

  • Explain to project leads, CTOs, CSOs how specific integrations of CI/CD tools and the code pipeline make interactions between developers and security people efficient.
  • Explain to early product decision makers what framework and stack features make it easier to produce robust systems.
  • Introduce software architects and developers to an oft-overlooked way to decompose trust decision problems.
  • Explain to developers strategies that have worked within Google to prevent some common security problems and coming browser changes that will make it even easier

221—Death by Automation - Accelerating Your SOC Using Open Source Tools Advanced Technical

Thursday, 21 November | 10:00AM – 10:50AM

Vikram Mehta
Associate Director - Information Security
MakeMyTrip India Pvt Ltd

The intent of the session would be to call out specifics around the process and technology that could be adopted to detect advanced threats and to respond to them in an automated / semi-automated manner, while using completely open source software!

After this session you will be able to:

  • The participant would get an high level understanding around big & fast data backed next-gen SOC implementations, starting with its varied and scalable ingest capabilities.
  • The participant would get detailed insights into entity profiling, machine learning and intelligence gathering at scale. Multiple real life use cases would be showcased in detail such as detecting un-usual login behaviour, un-usual activity on AWS.
  • Multiple practical orchestration and automated response use cases would be showcased, which the participant would be able to apply in a real world incident response pipeline. Tools and technology would be shared to readily implement the same.
  • Server-less analytics and threat hunting capabilities would be showcased (built on top of a security data lake in S3). The participant would be able to create multiple use cases that could analyse TBs of logs in a highly scalable and efficient manner

231—Continuous Fuzzing: The Trending Security Technique Among Silicon Valley’s Tech Behemoths Intermediate

Thursday, 21 November | 11:00AM – 11:50AM

David Brumley
CEO
Carnegie Mellon University

Continuous fuzzing has become a hot security trend among tech behemoths like Google, Microsoft, and more. Dr. David Brumley will share his research on the synergistic power of guided fuzzing from his research at Carnegie Mellon University.

After this session you will be able to:

  • Describe how users can more quickly reach the scale and computing service required to bear the benefits of fuzzing
  • Share how automating high-effort manual tasks, such as vulnerability and risk management, will allow security engineers and developers to focus on problem-solving and innovation
  • Outline how organizations can start efficiently and effectively continuously fuzzing within their own team
  • Explain the origin of fuzzing, outline use cases for this method of dynamic negative testing, and provide insight into how DevSecOps can leverage fuzzing for scale

241—Authorization Using Attributes Advanced Managerial

Thursday, 21 November | 1:20PM – 2:10PM

Nat Bongiovanni
Chief Technology Officer
NTT DATA Federal Services, Inc

 

 

Sushila Nair
Security Portfolio, Senior Director
NTT DATA Inc

Most IAM Solutions focus on authentication which is a critical component of information security. Our discussion will be about authorization, specifically what is wrong with RBAC, and how to implement ABAC which solves many issues.

After this session you will be able to:

  • Understand the three critical deficiencies of Role Based Access Control (Role Explosion, Accumulation, and Application Brittleness)
  • Understand the basics of Attribute Based Access Control including the NIST ABAC Model, why it is superior. Specifically the elegance of the architecture, the centralization of policies, and the enhancement based on environment controls.
  • Understand how using existing authoritative data sources such as enterprise applications (HR, Ops Management, Case Management, etc) provides a ready source of both Subject and Object attributes to create effective policies
  • Understand the basics of how to get started, including an approach (Think Big, Start Small, Scale Fast) as well as lessons learned towards implementation.

251—Assessing Integrated Risk Intelligently Advanced Managerial

Thursday, 21 November | 2:20PM – 3:10PM

Charles Harry
CEO
Decision Point Analytics LLC

This talk will introduce and demonstrate a new approach for categorizing and measuring integrated risk in complex organizations. Based on rigorous research conducted at the University of Maryland, we weave together models that connect network maps with mission and business functions and run attack scenarios to estimate consequence. This approach allows for a more thorough understanding of the broad array of consequences threat actors can engineer and estimates the integrated risks across mission sets.

After this session you will be able to:

  • Demonstrate a new quantitative method for assessing risk to specific mission and business functions in complex organizations.
  • Be exposed to a new quantitative index, graph models of representative networks, and new visualization techniques for modelling risk.
  • Classify the variety of cyber attacks in a new taxonomy.
  • Be exposed to a new method for visualizing integrated risk for complex organizations and critical infrastructure.

261—Modernize Your Incident Response Program for the Cloud Intermediate

Thursday, 21 November | 3:40PM – 4:30PM

Bibek Galera
Head of Cloud Security Operations
Zuora Inc.

This session will focus on real life processes to manage an efficient incident response lifecycle in modern cloud world. Additionally, we cover how to prioritize incidents and how to put emerging tools and technologies into action.

After this session you will be able to:

  • Learn about key challenges for an incident response program that works well in today’s dynamic cloud environment.
  • Learn about keys to a successful, practical, and modern incident response program.
  • Learn how to build the IR program.
  • Learn about various emerging new tools and technologies to consider.


Return to Event Page >>
 

Track 2—Cyber Threat Intelligence & Technologies

112—Code Signing: A Security Control That Isn’t Secured Intermediate

Wednesday, 20 November | 10:00AM – 10:50AM

Jing Xie
Threat Intel Analyst
Venafi

Enterprises use code-signing but overlook securing the infrastructure that supports the signing process. Learn poor practices that result in operational inefficiencies and security risks and how to create a scalable, secure code-signing ecosystem.

After this session you will be able to:

  • Understand the ecosystem that surrounds the issuance of code-signing that must be orchestrated accurately to ensure code-signing certificates are secure and apply this to assess weaknesses in their own code-signing infrastructure and processes.
  • Identify the four main poor practices applied to code-signing infrastructure, including decentralized control, a lack of policy enforcement around access rights, a lack of visibility and accountability, and insufficient knowledge/expertise.
  • Recognize operational inefficiencies and security risks that result from poor practices, such as failing to meet the volume and velocity of signing demand, inconsistent policy enforcement, and certificates and keys scattered across the enterprise.
  • Know how to create a scalable and secure code-signing infrastructure that considers the broader ecosystem, including signing operations and models, inter-organizational communications, process and policies, and certificates issuance and management.

122—Automating Secure Development: Practical DevSecOps in a Scaled Agile Framework (SAFe) Culture Advanced Managerial

Wednesday, 20 November | 11:00AM – 11:50AM

Rob Temple
Technical Solution Architect - DevSecOps
Mutual of Omaha Insurance

Advanced DevSecOps implementations facilitate agility, early fixes, open source visibility, and developer-centric tooling. The Scaled Agile Framework (SAFe) provides a culture where DevSecOps people, processes, and technologies thrive.

After this session you will be able to:

  • Articulate why DevSecOps technologies and processes must include the developer culture awareness for successful implementation and management.
  • Understand trends and proven successes in leading edge DevSecOps automation technologies. Translate the DevSecOps buzz word to relevant, software engineering practices.
  • Describe how to engage development teams in DevSecOps developer-centric security models and agile, iterative security testing as part of the SDLC workflow.
  • Describe how the SAFe Scaled Agile Framework promotes iterative DevSecOps practices and leverages agile methodologies to bridge the gap between Security, Governance, and Development Teams.

132—Cyber Terrorism - Real Threats Exist

Wednesday, 20 November | 1:20PM – 2:10PM

David Darnell
CEO/CISO
Systrends

State supported teams of “bad actors” have developed cyber threats and cyber weapons to successfully challenge the defenses of any nation’s critical infrastructure. This presentation will analyze and show details of the current top cyber threats and vulnerabilities that are enabling cyber crime & cyber terrorism. In addition, a review of possible best defenses along with disaster preparedness will be presented, including case study analysis about protecting the power grid and the welfare of key personnel.

After this session you will be able to:

  • Describe and have a better awareness of power grid cyber threats
  • Describe cyber terrorism threats & "kill lists"
  • Explain possible defenses to cyber terrorism
  • Better understand and explain disaster preparedness for cyber terrorism

142—Cyber-attacks on Industrial Technology and SCADA Systems Intermediate

Wednesday, 20 November | 2:20PM – 3:10PM

Top-Rated SpeakerRobert Findlay
Global Head of IT Audit
Glanbia

A presentation on actual attacks that have happened, the basic weaknesses that can be exploited and the key controls people need to deploy to defend against cyber-attacks in plants and utilities.

After this session you will be able to:

  • Discuss the components of industrial control systems and why they lead to easy to exploit weaknesses so that the attendees will understand how their systems can be attacked
  • Cover real life examples of attacks and how these weaknesses were exploited using concrete examples of why the controls matter.
  • Understand basic controls that stop 98% of all exploits and takeaway a shortlist of actions to complete
  • Know what concerns they should raise in their organisation

152—Don't Lose Your Crypto: Scams, Hacks, and Pitfalls of Blockchain Assets Intermediate

Wednesday, 20 November | 3:40PM – 4:30PM

Tyler Moffitt
Security Analyst
Webroot

In-depth analysis of: Social media scams, ICO exit scams, exchange scams and hacks, 51% attacks, Cryptomining malware, private key malware, fake wallets, DNS poisoning phishing, Ponzi schemes, Pyramid/MLM scams, and how to avoid these attacks.

After this session you will be able to:

  • Showcase new attack vectors from criminals where the target is your hardware to mine cryptocurrency while you pay an increased power bill.
  • Exchanges and web wallets frequently fall prey to attacks. Learn how to avoid these common attacks and secure your crypto.
  • Social engineering scams seeking crypto work wonders on social media. If it sounds too good to be true, it usually is.
  • Learn about the few but critical flaws in different types of blockchain tech.

212—How Weakness in DNS and Email Superpowers BEC Attacks Intermediate

Thursday, 21 November | 8:40AM – 9:30AM

Michael Zeberlein
Director of Threat Intelligence
Area 1 Security

 

 

Blake Darche
Area 1 Security

BEC attacks continuously impact organizations large and small, despite community efforts to investigate and impede operations. The attacks are costly and constant. This presentation will explore a range of BEC attack TTPs and lure themes in depth.

After this session you will be able to:

  • Recognize and appreciate the breadth and depth of existing techniques to craft, present, and deliver BEC themed attacks.
  • Understand how weaknesses in the Domain Name System (DNS) registration process and Email protocols enable a broad range of BEC attacks.
  • Become more familiar with the contextual themes of various BEC lures, from social engineering, to linked phishing pages, to trojan based delivery via malicious attachments.
  • Better understand and recognize the flaws in lure crafting techniques that will allow for better detection, due to natural language barriers, allowing for deep learning model development.

222—Offensive Threat Models Against the Supply Chain Advanced Managerial

Thursday, 21 November | 10:00AM – 10:50AM

Tony UcedaVelez
VerSprite, LLC
 

This presentation focuses on applying a more adversarial threat model to supply chain systems that are integrated into client environments.

After this session you will be able to:

  • Construct and apply threat modeling to supply chain software and systems with a more adversarial approach.
  • Understand the PASTA (Process for Attack Simulation and Threat Analysis) methodology and how to use it in your risk analysis.
  • Understand key threat motives, libraries, and impact considerations in relation to supply chain.
  • Define an attack surface for supply chain hacks that may affect your own organization.

232—Multidimensional Attack Path Analysis: Eliminating Network Blind Spots Intermediate

Thursday, 21 November | 11:00AM – 11:50AM

Peter Smith
CEO
Edgewise

What happens when you change your view of what matters on your network? Understanding how attackers use low friction pathways helps you prioritize what to protect.

After this session you will be able to:

  • Learn how an attacker will reach intended data targets using the shortest viable network pathways.
  • Learn how to build an offensive map using free and open source tools.
  • Be more prepared against cyber attackers by using the data abstracted from an attack analysis.
  • Learn the information needed to conduct this type of analysis on their own networks

242—5G Security: New Vulnerabilities, New Solutions Intermediate

Thursday, 21 November | 1:20PM – 2:10PM

William Malik
VP Infrastructure Strategies
Trend Micro

5G will expose new vulnerabilities - new radio technologies, dynamic provisioning, virtualization, and automated orchestration - requiring new information security and privacy safeguards. Understand the weaknesses to better protect your organization.

After this session you will be able to:

  • Learn the components of 5G, including the complexity and new attack surfaces that 5G will bring to the enterprise, and a set of principles to deploy 5G-based applications securely.
  • Evaluate your organizational and architectural readiness for the many heterogeneous components making up 5G. Public cloud and edge computing security may be siloed, but 5G exploits will cross conventional boundaries.
  • Learn how to adapt your audit and reporting relationships to coordinate response to privacy and information security breaches. 5G will expose procedural weaknesses unlike any previous information technology.
  • Prepare your organization for the massive flood of IoT-based information, manage the rapid dynamic reconfiguration of their network infrastructure, and respond to attacks on personal privacy and corporate data integrity.

252—Using Passive DNS to Strengthen Incident Investigation and Response Beginner

Thursday, 21 November | 2:20PM – 3:10PM

Carel Bitter
Spamhaus
 

Passive DNS can provide you with insight you normally don't have. In this session we explain what Passive DNS is, what it can do and how you can do it.

After this session you will be able to:

  • Understand what Passive DNS is and what kind of questions it can answer.
  • Understand the benefits of using Passive DNS to aid a variety of cyber investigations.
  • Use Passive DNS to help inform security decision making.
  • Use Passive DNS to explore phishing, fraud and intelectual property issues that are enabled by entries in the DNS system.

262—Using the Distributed Vulnerability Assessment to Improve the Security Level Intermediate

Thursday, 21 November | 3:40PM – 4:30PM

Ferenc Leitold
Secudit

For measuring the security level of an infrastructure, the DVA model use the following parameters: 1 cyber-threat properties; 2 information of IT elements; 3 users’ behavior information. Using the model recommendations can be calculated also.

After this session you will be able to:

  • Understand the methodology of DVA using three main input parameters (threat info, IT elements, user behavior).
  • Distinguish the impacts of threat, IT elements, user behavior to the security level of the organization.
  • Understand how the integrated security level can be distributed into different contributors, such as individual users, devices or any group of them.
  • Understand how the integrated security level can be used for improving the security in the organization, how can it support the decisions.


Return to Event Page >>
 

Track 3—Cybersecurity Leadership & Development

113—Hacking to Teach Cyber Awareness in an Organization Beginner

Wednesday, 20 November | 10:00AM – 10:50AM

Kris Martel
Chief Information Security Officer
Emagine IT

Using hacking tools and tactics to make an impact on your organizations culture about security awareness. How real life examples and hacking use cases of coworkers and executive leadership can greatly influence the impact of security awareness.

After this session you will be able to:

  • Identify new techniques to improve security awareness in their organization.
  • Create more effective security awareness training policies within their organization.
  • Measure the impact of current security awareness across the organization and identify problem areas to address.
  • Establish defined metrics to measure security awareness across an organization.

123—Cyber Leadership in an Ecosystem Context Advanced Managerial

Wednesday, 20 November | 11:00AM – 11:50AM

Cyber leaders are ill-prepared for the enormity of their task. It’s now about rallying disparate teams across a sprawling ecosystem and applying highly-nuanced capabilities to ensure business health. We’ll examine an actionable cyber leadership framework for uplifting mindset and skillset.

After this session you will be able to:

  • Understand the new mindset and skill set requirements of a modern cyber leader
  • Use “systems” thinking to analyze the makeup of a modern business ecosystem (including cloud, OT, and connected products) and establish a "map" for layering security over it
  • Implement a framework for catalyzing security teams, shaping the hearts and minds of stakeholders, and orchestrating security efforts across the business ecosystem
  • Feel prepared and energized to undertake new and valuable forms of self-development

133—Bat Cave to Board Room, Selling Technology Solutions to Upper Management Intermediate

Wednesday, 20 November | 1:20PM – 2:10PM

Top-Rated SpeakerRussell Horn
President
CoNetrix

Good technology employees can see needs and develop solutions; great ones can transfer this knowledge to others. During this session we will focus on the soft skills required to communicate technical needs to a non-technical audience.

After this session you will be able to:

  • Understand the science behind presentations and communication.
  • Use visual aids, body language and voice more effectively to enhance their ideas.
  • Deal with nerves and have more confidence in their presentation.
  • Learn ways to grab their listener's attention, hold their interest, and conclude strongly.

143—Implementing a Cybersecurity Skills Competencies Framework Advanced Managerial

Wednesday, 20 November | 2:20PM – 3:10PM

Top-Rated SpeakerAllan Boardman
Director
CyberAdvisor.London

The session will provide an insight, based on recent practical experience, into tools that can be used to implement a skills competencies framework & the supporting processes to perform assessments for individuals and departmental level assessments.

After this session you will be able to:

  • Gain a clear understanding of a practical approach to implementing a skills competencies framework across information assurance roles, including audit, security and risk management.
  • Understand how the various industry guides and frameworks can be leveraged to develop and customise a skills competencies framework.
  • Learn about practical tools that can be used by management to assess skill levels within their own teams and identify potential gaps.
  • Learn about a practical tools that can be used by individuals to self assess their own competency levels across a range of relevant skills, and identify areas they may wish to focus on in support of their career development.

153—Privacy & Ethics Are the Headlines - How Does a Business Leader Cope and Capitalize Intermediate

Thursday, 21 November | 2:20PM – 3:10PM

Wednesday, 20 November | 3:40PM – 4:30PM

Ashwin Krishnan
COO
UberKnowledge

For enterprise security leaders, an amazing opportunity to treat the consumer as an informed partner using privacy and ethics as a competitive differentiator.

After this session you will be able to:

  • Understand what the four forces are that are driving our digital transformation tsunami
  • Understand what the enduring four pillars are that can be the boat anchor for all privacy decisions
  • Ask the questions supporting each pillar (outlined in learning objective 3) that will provide the guideposts to ensure the right privacy and ethics choices

213—Auditing with SOC-CMM: Cyber Security Detection and Incident Response Advanced Managerial

Thursday, 21 November | 8:40AM – 9:30AM

Vilius Benetis
Expert
NRD CS

SOC-CMM is maturity and capability model for evaluation of Security Operation Centers (SOCs). Speaker will share field experiences how to apply the model for auditing and developing SOC or CSIRT organisations.

After this session you will be able to:

  • Understand SOC-CMM model to choose it when needed.
  • Apply the SOC-CMM model for their audits or consultancies.
  • Understand SOC-CMM model limitations.
  • Assist SOC/CSIRT organisations to measure themselves and become more effective.

223—Dynamic Information Security in a Static Organizational Culture Advanced Managerial

Thursday, 21 November | 10:00AM – 10:50AM

Renay Carver, PhD
Veritable Associates, LLC
 

The presentation will discuss the need for static organizational cultures to become more flexible in meeting the demands of a dynamic information security framework.

After this session you will be able to:

  • Describe the influence of the security framework on the organizational culture
  • Describe the elements of culture should remain static (unchanging) as the organization pursues an effective information security framework.
  • Describe how information security procedures and policies impact company philosophy and values
  • Describe the demands on leadership in supporting and delivering an adaptive culture

233—CPE Credits Helping to Massively Scale up the Next Generation of Cyber Professionals Advanced Managerial

Thursday, 21 November | 11:00AM – 11:50AM

Peter Meehan
SVP International & Partnerships
iQ4 Corp & CWA

 

 

Alexander Abramov
President ISACA-NYM

Accelerating a diverse talent pipeline into the Profession, while earning CPE credits. ISACA-NYM members are mentoring students through virtual-internships to massively scale new hires into roles, solving talent shortages and pathways to membership.

After this session you will be able to:

  • Understand how to implement the turnkey model in their local chapter; how it engages diverse talent from educational and ex services sources and what is required of mentors in exchange for CPE credits
  • How the model leverages the NCWF Framework and NICE taxonomy to take learners through team and role-based real-world scenarios to gain experience and get inspired into risk careers and ISACA membership.
  • How the model scales the attraction and inspiration of the next generation from zero awareness of the Cyber, Risk and Resilience profession on to career pathways, including ISACA student membership and CSX Nexus courses.
  • Hear testimonials from course Alumni, ISACA members, educators and employers, witness how transformational and scalable it is and why it is attracting nearly 50% females without affirmative selection from all socio-economic backgrounds.

243—A New Employer-Driven Model of Cyber Workforce Development For Dell Intermediate

Thursday, 21 November | 1:20PM – 2:10PM

Simone Petrella
CEO
CyberVista

The cyber training landscape produces over-credentialed, yet under-qualified, candidates, while employers lack clearly defined roles. We examine how job role and skills assessments resulted in more effective cyber workforce training at Dell, Inc.

After this session you will be able to:

  • Learn to identify professional and career pathways for your organization’s cybersecurity professionals.
  • Glean how this new model can assist in recruiting and other talent strategies.
  • Understand a starting point to assess cyber employees’ skills and competencies.
  • Learn how to guide hiring/training efforts by more efficiently identifying areas to upskill staff.

253—The ROI of Information Security Teams Advanced Managerial

Thursday, 21 November | 2:20PM – 3:10PM

Collins Oduor
Information Security Officer
UNOPS/UNECA

Many organizations have no clear cut roles for their InfoSec teams. As such there is redundancy in the roles and the teams do not perform to the optimal best. Why do most organizations get this wrong? How do you measure your ROI from Infosec team?

After this session you will be able to:

  • Explore how to form effective teams and review the skills requirements with considerations of the current and future security threat landscape.
  • Use case studies to clearly define IT Security roles as they relate to Incident response, information asset protection and risk management.
  • Learn ways to make IT security teams achieve maximum performance
  • Review logical IT Security structure and formulate a framework for their organizations

263—Security Key Point Indicators or "How to Measure Security from the Governance Perspective" Advanced Managerial

Thursday, 21 November | 3:40PM – 4:30PM

Andrej Volchkov
Consultant
Stramizos

Having reliable indicators is imperative to be able to assess risks and develop reliable reports for IS decision-making bodies. This session aims to provide elements allowing CISOs to develop metrics to facilitate security program supervision.

After this session you will be able to:

  • Understand why it is difficult to find the right KPIs in the field of security.
  • Distinguish between technical metrics and those needed for program management and governance.
  • Distinguish between different categories of metrics, with examples in each category.
  • Have a catalog of metrics and tools to establish metrics for different needs: risk analysis, calculation of the return on security investment (ROSI), operational KPIs, maturity models.


Return to Event Page >>
 

Track 4—Security Risk & Compliance

114—How Global Expansion Affects Cybersecurity Risk Intermediate

Wednesday, 20 November | 10:00AM – 10:50AM

Brian Tokuyoshi
Palo Alto Networks

The tremendous pressure for a business to grow as fast as the market can bear can create operational hardships on a security team. Learn about how to look at the landscape of security at global scale and how to prepare for your next phase of growth.

After this session you will be able to:

  • Evaluate how organic growth and mergers & acquisitions affect the ability for the security team to deal with risk. Learn about how geographical issues can create operational issues.
  • Understand how mobility and cloud create new security deployment challenges when considering the evaporation of the traditional network boundary as an enforcement point.
  • Evaluate traditional network design considerations that need to be re-evaluated in light of the changes to perimeter security.
  • Get insights into frameworks for evaluating risk controls across the spectrum of access, threat prevention, data loss, risk mitigation and threat detection.

124—Illuminating the CISO’s ICS Blind Spot Intermediate

Wednesday, 20 November | 11:00AM – 11:50AM

Asaf Weisberg
CEO
introSight
ISACA Board of Directors

As most organizations today utilize Operational Technology (OT) devices, which are more vulnerable to cyber threats, the CISO better be involved with OT security too. Learn about the CISO’s ICS blind spot and how to illuminate it.

After this session you will be able to:

  • Identify the players in the ICS cybersecurity arena, understand the traditional division of authority among them, and why it needs to change.
  • Understand the differences between consequences and impact of cyber events on IT systems vs. the consequences and impact on OT systems.
  • Understand the difference in requirements, topology and characteristics, between IT and OT networks and identify the typical cyber risks to OT networks.
  • Understand the required initial steps for illuminating the CISO's blind spot, with regards to ICS.

134—How to Articulate the Value of Information Security to Senior Management? Advanced Managerial

Wednesday, 20 November | 1:20PM – 2:10PM

Andrej Volchkov
Consultant
Stramizos

One of the major challenges is presenting IS value or the return on security investment (ROSI). This session aims to provide elements allowing CISOs to design a security reports for the needs of supervision and annual review by senior executives.

After this session you will be able to:

  • Understand the importance of a security reporting system for CEOs, CIOs and CFOs. Understand the imperatives of business-oriented communication and decision-making by non-specialists.
  • Define the basic elements of a security reporting system and the key indicators that such a report must include.
  • Develop an information security report template and a Key Points Indicator (KPI) to produce relevant reports.
  • Provide strategic indicators that senior executives understand allowing effective communication of the value of security to decision-makers and stakeholders.

144—Making Cents of Maturity: Building Resistive Strength Intermediate

Wednesday, 20 November | 2:20PM – 3:10PM

Britany Loss
Team Manager, Cyber Controls Governance
HM Health Solutions

 

 

Colleen Kerr
Senior Cyber Controls Governance Consultant
HM Health Solutions

Users will be engulfed in the land of cyber security controls in relation to GRC. Using a quantitative analysis framework, FAIR the program prioritizes controls and encourages users to implement critical controls to increase their resistive strength.

After this session you will be able to:

  • Create a continuous program for monitoring & enhancing control maturity
  • Reduce potential risks by building resistive strength
  • Quantitatively analyze risks and controls for prioritization
  • Educate end users on the importance of control maturity

154—Next Gen Risk Assessment - Can it Save My Bacon Both with Regulators and in Litigation? Advanced Managerial

Wednesday, 20 November | 3:40PM – 4:30PM

Tod Ferran
Managing Consultant
Halock Security Labs

A discussion of the new Duty of Care Risk Assessment methodology (DoCRA) also known as the Center for Internet Security Risk Assessment Method (CIS RAM). Discuss what sets this method apart and why it is an important business tool.

After this session you will be able to:

  • Understand what sets the Duty of Care Risk Assessment apart from all others.
  • Understand what regulators are looking for in a complete and thorough risk assessment and how the Duty of Care Risk Assessment fulfills those regulations and standards.
  • Understand what basic questions are asked during litigation after a breach and how the Duty of Care Risk Assessment answers those questions.
  • Understand how to complete a Duty of Care Risk Assessment along with where to get the free tools to successfully complete the assessment.

214—Risk Informed Privacy Management: The NIST Privacy Framework Beginner

Thursday, 21 November | 8:40AM – 9:30AM

Tom Conkle
Optic Cyber Solutions

NIST recently released the Privacy Framework to help organizations manage risk imposed by holding and processing privacy data. This session shares lessons learned during the journey to develop the Privacy Framework and its key components.

After this session you will be able to:

  • Understand the process leveraged by NIST to develop the Privacy Framework and to ensure industry representatives were actively engaged throughout its development.
  • Recall the primary components within the Privacy Framework and how they help organizations manage Privacy risks.
  • Analyze the objectives and outcomes described in the Privacy Framework Core.
  • Use the Privacy Framework implementation steps to identify the appropriate risk-informed privacy program for your organization.

224—How to Train Your Robot: Security Governance for RPA Solutions Intermediate

Thursday, 21 November | 10:00AM – 10:50AM

Glenn Keaveny
Director
Grant Thornton

This session will address the basic concepts and benefits of Robotic Process Automation Solutions and how security governance can be effectively applied.

After this session you will be able to:

  • Understand what RPA is and is not, including use cases and limitations.
  • Understand how RPA technology can liberate, empower and challenge.
  • Understand the difference between traditional automation vs. RPA.
  • Apply security governance to RPA solutions without disabling the flexibility of the solution.

234—Crypto-Agility: Responding Quickly to Cyber Security Events Intermediate

Thursday, 21 November | 11:00AM – 11:50AM

Michael Thelander
Director Product Marketing
Venafi

Organizations rely heavily on TLS and other encryption protocols to protect data. Yet, most are at risk because they don’t maintain crypto-agility. Learn the threats that make crypto-agility a requirement and an action plan to achieve crypto-agility.

After this session you will be able to:

  • Understand the large-scale certificate and key security events that threaten organizations
  • Know how to evaluate the current crypto-agility of an organization
  • Know how to leverage certificate governance to improve risk posture
  • Develop a crypto-agility plan to successfully respond to certificate security event

244—Using NIST Frameworks with COBIT 2019 Intermediate

Thursday, 21 November | 1:20PM – 2:10PM

Greg Witte
G2 Inc
 

Learn about new processes for combining the benefits of NIST’s risk-based information security frameworks and ISACA’s updated COBIT 2019.

After this session you will be able to:

  • Learn about the modernized COBIT 2019 Framework and how new focus areas, design factors, and goals cascade support stakeholders’ objectives.
  • Understand how performance management measures and metrics help document & track achievement of outcomes described in NIST’s Baldrige, RMF, Privacy, and Cybersecurity Frameworks and in COBIT.
  • Learn ways to integrate these frameworks to help govern and manage enterprise information and technology, effectively balancing risk, resources, and technology value.
  • Understand how the COBIT 2019 Implementation Roadmap, along with the COBIT 2019 Design Process, help to implement risk-based frameworks and achieve organizational risk management objectives.

254—Security Risks Your Auditors Care About in a Cloud Native & DevOps World Advanced Technical

Top-Rated SpeakerMatthew Mabel
Vice President - Technology Audit
American Express

 

 

Bhaskar Ghosh
IT Risk Manager
Wintrust Financial Corporation

APIs, Containers, automated pipelines, and DevOps - oh my! Software delivery is changing, and the risks and audit considerations are changing too. You'll hear auditor perspectives on key risks, strategies and benefits of auditing Cloud Native/DevOps.

After this session you will be able to:

  • Understand key risks with APIs, Containerization and DevSecOps, and discuss practical audit techniques and benefits for covering these risks.
  • Understand how security and automation can be built into testing within cloud native/DevOps pipelines, and discuss practical auditing techniques and benefits for incorporating results from this testing into audits.
  • Understand risks related to automating and securing the development and deployment pipeline and discuss practical audit techniques and benefits for covering these risks.
  • Discuss governance and monitoring/reporting/dashboard considerations within cloud native development & DevOps - and why proper governance and reporting around these environments is so critical to their success.

264—Enterprise IT Governance and DevSecOps: A Grounded Theory Literature Review Advanced Managerial

Thursday, 21 November | 3:40PM – 4:30PM

Altaz Valani
Director of Research
Security Compass

 

 

Eduardo Lopez
McMaster University / Security Compass
 

The new approach driving continuous integration, deployment and security in short release cycles – DevSecOps – is challenging established enterprise IT governance practices designed to work in predictive, waterfall-like approaches.

After this session you will be able to:

  • Describe foundational concepts of DevSecOps
  • Define how a COBIT 2019-based enterprise IT governance system can adapt concepts from DevSecOps
  • List main risk areas in the implementation of DevSecOps from an enterprise IT governance perspective
  • Describe how asynchronous and continuous conformance processes may enable compliant IT governance operations


Return to Event Page >>
 

Track 5—Data Analytics Enhancing Cybersecurity

115—Take a Ride on the Dark Side - Data on the Dark Web Intermediate

Wednesday, 20 November | 10:00AM – 10:50AM

Derek Fisher
Security Leadership and Education
Securely Built LLC

Not many days go by without hearing about a new breach releasing data of hundreds, thousands and sometimes millions of people. What happens with that data? How is it used? How is it monetized. Who are the biggest threats?

After this session you will be able to:

  • Understand concepts of the Dark Web.
  • Recognize how data is misused.
  • Identify concepts for how to protect against a breach.
  • Identify who are the threats.

125—The Collision Course Between Big Data and AI, Privacy, Ethics and Regulations in the AI + IoT World Advanced Managerial

Wednesday, 20 November | 11:00AM – 11:50AM

Ashwin Krishnan
COO
UberKnowledge

We will explore how GDPR is a great blueprint, why tighter data-retention policies are needed, the pressures of effective AI and IoT, and then assess both sides of the equation: privacy vs. IoT+AI.

After this session you will be able to:

  • Understand why GDPR is actually a great blueprint to understand privacy and protection and how you can implement it.
  • Learn how and why forward-leaning organizations are putting data-retention policies in place that are much tighter than those of the past and see how that may affect you.
  • Understand that the pressures of effective IoT and AI require large data sets and learn how you will be faced with that as well.
  • Assess both sides of the equation — privacy and IoT + AI — without any bias toward one or the other

135—Leveraging Behavioral Analytics to Strengthen Internal Controls Advanced Managerial

Wednesday, 20 November | 1:20PM – 2:10PM

Arvind Mehta
Vice President - Technology Risk and Audit Analytics
Exl Service

 

 

Jagmeet Singh
Global Head, Finance Transformation
Exl Service

User Behavior Analytics is an enhanced technique using machine learning and AI to identify potential control weakness, potential threats and underlying process issues. These techniques can be used to strengthen the internal control environment.

After this session you will be able to:

  • Establish ideas to leverage behavior analytics in order to drive deeper risk intelligence using advanced machine learning and analytics to increase the assurance over internal controls
  • Recognize the potential of advanced analytics within the internal audit function to provide deeper Insights and Foresights to Audit Committees
  • Evaluate real-life examples of how advanced analytics is used to transform the traditional audit methods and leverage analytics and behavior to continuously monitor controls.
  • Devise a high-level roadmap to drive enhanced risk sensing and intelligence in their organizations using advanced analytics

145—Effective Key Steps into Digital Forensics and Incident Response (DFIR) Intermediate

Wednesday, 20 November | 2:20PM – 3:10PM

Top-Rated SpeakerOren Elimelech
CEO & Founder
CyberTeam360
 

Key steps and highlights you need to be aware of while handling real cyber incidents.

After this session you will be able to:

  • Better prepare for cyber incidents and breaches
  • Understand the key steps necessary during an Incident Response process and Digital Forensics
  • Figure the pitfalls needed to avoid during cyber incidents handling
  • Build a training process for educating your staff and to improve their skillsets

155—Hacker-Powered Data: The Most Common Security Weaknesses and How to Avoid Them Intermediate

Wednesday, 20 November | 3:40PM – 4:30PM

Alex Rice
Founder & CTO
HackerOne

In this session, HackerOne’s CTO and Co-founder will present never before seen data on the most common critical vulnerabilities, based on more than 1,200 bug bounty programs, and describe how attackers could exploit these prevalent vulnerabilities.

After this session you will be able to:

  • Discover first hand examples of vulnerabilities attendees may not otherwise observe, including obscure bugs and their potential impact.
  • Gain insights that will help advance your defenses against the most common vulnerabilities.
  • Learn practical tips for avoiding the most common vulnerabilities and how to increase your chances of discovering them early on.
  • Understand which industries have successfully used bug bounty programs to seek out malicious threats.

215—Information Governance - the Foundation for Information Security Advanced Managerial

Thursday, 21 November | 8:40AM – 9:30AM

Deborah Juhnke
Senior Consultant
Information Governance Group, LLC

Information governance is essential for effective information security. Deleting redundant, obsolete, and trivial data through retention and rule enforcement will diminish the footprint for compromise and offer business value through reduced costs.

After this session you will be able to:

  • Identify the four foundational elements of Information Governance.
  • Understand the legal and compliance drivers for better records retention practices.
  • Frame effective arguments for how elevating specific records management practices is crucial for strengthening their organization's security posture.
  • Recognize and leverage the links between various information security standards and good Information Governance practices.

225—Data Governance in the Analytics and Privacy Driven Era Advanced Managerial

Thursday, 21 November | 10:00AM – 10:50AM

Narasimhan Elangovan
KEN & Co.

With rapid rise in data-driven business models, there is an increasing need to harness the power of analytics while protecting privacy. Session will focus on how to set up a structured Data Governance by integrating global best practices like COBIT.

After this session you will be able to:

  • Understand the changing landscape in managing data from a Macro to Micro perspective
  • Understand the need to have a structured Data Governance in place
  • Understand the lessons learnt from data governance failures - Practical case studies
  • Customise and prepare a data governance framework using COBIT to meet the regulatory requirement and be compliant with the Privacy Framework such as GDPR.

235—Statistical Analysis of Network Exposure Intermediate

Thursday, 21 November | 11:00AM – 11:50AM

Harry Sverdlove
CTO & Founder
Edgewise

We will present an analysis of network traffic of 6 real-world networks to show how vastly overexposed systems and applications are in today’s computing environments.

After this session you will be able to:

  • Understand the complexities of modern networks in terms of exposure vs need
  • Learn how to analyze and measure exposure of critical business services and applications
  • Hear helpful tips on how to reduce exposure, and therefore risk, within a network
  • Make sense from the chaos, distilling the complexity of a network and balancing the competing goals of permissiveness vs. least privilege into metrics that are actionable.

245—From Heist to Hostage Situation: The Rise of the Modern Bank Robbery Intermediate

Thursday, 21 November | 1:20PM – 2:10PM

Tom Kellerman
Chief Cybersecurity Officer
Carbon Black

With increases in destructive cyber attacks and counter incident response, bank robberies in cyberspace are closer to hostage situations than heists. Tom will discuss recent breaches and a report surveying financial institutions on trends they see.

After this session you will be able to:

  • Understand and articulate the threats most commonly facing financial institutions
  • Share insights into the methodologies used by hackers targeting the financial sector as well as the malware tools they use, such as Emotet
  • Utilize the “Golden Rules of Threat Hunting,” equipping them with key threat detection skills applicable across a wide range of situations
  • Better understand the evolution of modern financial cyberattacks, including origins and driving forces such as nation-state actors

255—Additional Information Coming Soon!

 


265—Additional Information Coming Soon!

 


Return to Event Page >>
 

Workshops

WS1–Accelerated CSX Cybersecurity Practitioner Certification Workshop

Monday, 18 November & Tuesday, 19 November | 9:00AM – 5:00PM

Registration Fee: $1,299 member / $1,399 non-member

Register Now

 

 

2018 Top-Rated SpeakerFrank Downs
Director and SME, Cybersecurity Practice
ISACA

 

 

 

2018 Top-Rated SpeakerDustin Brewer
Manager, Cybersecurity Technical Content
ISACA

The newly revamped CSX® Cybersecurity Practitioner Certification streamlines and expedites the certification process, and your current industry certifications – including CISA, CISM, CRISC, CGEIT, and others – count toward qualification requirements. Complement your current credentials, demonstrate current cybersecurity knowledge and skills (and/or ability to work with cybersecurity business partners), and earn CPE credits.

The Accelerated CSX® Cybersecurity Practitioner Certification Workshop provides participants with a one-stop certification experience where they can train, test, and certify all in a two-day workshop.

In addition to receiving access to the Accelerated CSX® Cybersecurity Practitioner Certification Suite, which includes online practice labs, the 1-hour certification skills assessment, and the online certification application, participants benefit from instruction by and interaction with professionals that created the CSX Cybersecurity Practitioner learning experience. Upon completion of the workshop students will have prepared for, and have the option to complete the 1-hour CSX Cybersecurity Practitioner skills assessment – with only employer verification of their cybersecurity acumen as the final step to gain certification. The fastest, easiest, and most enjoyable way to become a certified CSX Cybersecurity Practitioner!

Workshop includes hands-on training of the following:

  • System and Network Scanning
  • Firewall Implementation and Configuration
  • Vulnerability Scanning and Identification
  • Cyber Incident Monitoring and Escalation
  • Post Exploitation System Recovery

WS2–The Truth About AI, Machine Learning and Cyber Security Revisited

Monday, 18 November & Tuesday, 19 November | 9:00AM – 5:00PM

Registration Fee: $850 member / $1,050 non-member

Register Now

 

 

2018 Top-Rated SpeakerKeatron Evans
Managing Consultant
KM Cyber Security, LLC

In this presentation we will take a technical deep dive into some of the latest and greatest innovations related to machine learning artificial intelligence and Cybersecurity. We will see some real examples of AI innovations in the cybersecurity space as well as a technical walkthrough and demonstration of some common attacks and AI applicability to helping solve some of these problems.

After completing this workshop, attendees will:

  • Learn several areas where early Machine Learning and AI has evolved and made great strides in cybersecurity since last year.
  • Learn about several devastating APT attacks driven and perpetrated using advanced machine learning and AI like automation.
  • Learn the basics of what Machine Learning and AI actually means.
  • Learn the difference between AI, Machine Learning and Deep Learning.

WS3–Auditing Microsoft 365 and Azure Cloud Security

Tuesday, 19 November | 9:00AM – 5:00PM

Registration Fee: $650 member / $850 non-member

Register Now

 

 

Robert Brzezinski MBA, CHPS, CISA, CISM
Principal
Bizwit LLC

This is a one-day course for auditors and security teams responsible for security and compliance of their Microsoft 365 and Azure Active Directory (AzureAD) environments. This course will provide students with knowledge and practical skills to audit Microsoft 365 tenants, and to improve security of Microsoft 365 configuration and monitoring capabilities. This course is designed with real world scenarios in mind to provide practical, effective approaches for asking and answering compliance questions, auditing Microsoft 365 before and after solution adoption; practitioner approach to continuous audit, monitoring, and creating additional security and compliance visibility. At the end of the course student will be able to effectively audit Microsoft 365 configuration and organization compliance, understand and improve security of the environment, and implement basic continuous audit and monitoring of the organization Microsoft 365 tenant.

After completing this workshop, attendees will be able to:

  • Answer questions and describe how Microsoft 365 complies with various regulatory frameworks and data protection standards
  • Assure proper basic Microsoft 365 configuration before solution adoption and email migration
  • Audit Microsoft 365 configuration after adoption (email migration) using graphical user interface (GUI) – Azure Active Directory (AzureAD), Security & Compliance center, Cloud App Security, Microsoft 365 Admin center, Exchange, SharePoint, Teams, Intune.
  • Audit specific Microsoft 365 elements that require use of PowerShell
  • Understand and use Security & Compliance Center for continuous audit / monitoring
  • Understand Windows Defender Security ATP Center role and capabilities in protecting the organization
  • Understand how Azure security tools can enhance organization security and compliance, by integrating data from multiple computing platforms and environments. Audit and configure Azure security tools for Microsoft 365 and some other computing platforms.
  • Understand how Microsoft 365 cybersecurity strategy works and protects users, devices and data when implemented correctly.

Students should be able to run hands-on labs:

  • Using own PCs (Win 10 Pro recommended) (with PowerShell Exchange Online module installed)
  • Using own Microsoft 365 tenant.

WS4–Penetration Testing in a Cloud Environment

Friday, 22 November | 9:00AM – 5:00PM

Registration Fee: $650 member / $850 non-member

Register Now

 

 

2018 Top-Rated SpeakerKeatron Evans
Managing Consultant
KM Cyber Security, LLC

What do hackers and other threat actors see when they decide to target your organization and your newly migrated cloud environment? How easily will they find your vulnerabilities and exploit them? Come and see a live demonstration of discovery, vulnerability mapping, and complete exploitation of servers hosted via cloud services. We will start off with the exciting demonstration and walk through the entire process of finding and exploiting the cloud-based services. During the second half we'll discuss data security responsibilities as related to Cloud Service Provider responsibility vs your responsibility, as well as some of the many security advantages gained by migrating to cloud services.

After completing this workshop, attendees will be able to:

  • Describe the proper steps to take when conducting or sourcing a penetration test against their cloud resources.
  • Have a solid picture of what the CSP's (Cloud Service Provider) responsibility is versus their responsibility in regard to data and resource security.
  • List the biggest security threats as related to cloud security.
  • Understand and be able to name several security benefits gained form migrating to cloud services.


Return to Event Page >>
 

 

Keynotes

Opening Keynote Speaker

Theresa Payton
Former White House CIO & Cybersecurity Authority

In the wake of recent, debilitating cyberattacks at Equifax, Sony Pictures, Target and privacy breaches against prominent individuals in the public eye, Theresa Payton remains the cybersecurity and intelligence operations expert that people and companies turn to in order to strengthen their privacy and cybersecurity. Named by IFSEC Global as the 4th among the top 50 of the world's cybersecurity professionals and by Security Magazine as one of the top 25 Most Influential People in Security, she is one of America's most respected authorities on security and intelligence operations.

The first female to serve as White House Chief Information Officer, Payton oversaw IT operations for the President and his staff from 2006 to 2008 during a period of unprecedented technological change and escalating threats. Previously, she held executive roles in banking technology at Bank of America and Wells Fargo.

Currently, as the founder, president and CEO of a world class cybersecurity consulting company, Fortalice Solutions, LLC and co-Founder of Dark3, a cybersecurity product company, she remains the expert that organizations call for discretion, proactive solutions, and incident response/crisis management. Fortalice was recently named one of the Top 5 Innovative Cybersecurity companies in the D.C./MD/NoVa region and Theresa was recently awarded the Enterprising Women of the Year Award for the 2nd year in a row.

Payton was recently featured as the Deputy Director of Intelligence Operations in the new hit reality show CBSʼ Hunted. Payton collaborated with cybersecurity and privacy attorney, Ted Claypoole, to author two books focused on helping others learn how to protect their privacy online. Hailed as ʻmust-reads,ʼ by Jon Stewart when he talked to Payton on The Daily Show and by Katie Couric on her show Katie's Take the books assist the laymen with the security and privacy challenges of our times.

Payton is often sought out by national and international media news outlets to explain complex security issues in business and consumer terms to get behind the hype to understand, in laymanʼs terms, how to protect your privacy and security. She has been a repeat guest on the Today Show, Good Morning America, Fox Business Shows, Fox News Shows, CBS Morning & Evening News, BBC TV News and Radio, CBSN, CNN, NBC News, MSNBC, and NPR.

Recognized as a 2015 William J. Clinton distinguished lecturer by the Clinton School of Public Service, Payton passionately protects her clients, from the boardroom to the server room, and helps them understand the business risks to their organizationʼs cybersecurity. She and her team provide insight and methods critical to protecting people and organizations from rapidly evolving cyberattacks.

Closing Keynote Speaker

Jamie BartlettJamie Bartlett
British Author and Journalist

British author and journalist Jamie Bartlett will close the event, delving into the topics of cybersecurity and online privacy, internet cultures and social media. Bartlett is the author of Radicals Chasing Utopia: Inside the Rogue Movements Trying to Change the World and he currently serves as Head of the Violence and Extremism Programme and the Centre for the Analysis of Social Media at the think-tank Demos.

 


Return to Event Page >>