2018 is shaping up to be the year of watershed moments in data privacy regulations throughout the world. year of watershed moments in data privacy regulations throughout the world.

In this session, learn how to navigate through complex regulatory environments and enhance policies that adapt to this ever-changing technology footprint. 

Instead of chasing the cloud, this talk highlights the practical tools and strategies for red and blue teams to leverage the cloud.

Compliance regulations can be challenging to understand and implement. Many of these regulations have cybersecurity requirements that are focused on protecting critical infrastructure with aggressive timelines - and without disrupting the very business-critical systems you're trying to protect.

Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions.

Moderator: Michaela Iorga, NIST, Senior Security Technical Lead for Cloud Computing; Co-chair of NIST Security and Forensics Working Groups 

Panelists: Andrew Weiss, Docker, Lead Federal Solutions Engineer; David Waltermire, NIST, Lead, Standards and Outreach for the Security Automation Program; Brian Ruf, FedRAMP on the OSCAL Development Team

Join GreyCastle Security as we explore the lopsided, unending tournament we call cybersecurity and strategies to win on defense.

You’ll learn how Orion Health not only successfully implemented DevSecOps into solution delivery, but leveraged that success to achieve industry certification, and much more.

In this intensive session, participants will learn the approach to turning governance activities from a hygiene directive into a process of improving the overall health and strength of an organization.

Do you use third parties in your business? How do you trust but verify their security practices? Enter the world of third party audit reports (which is more like a bowl of Alphabet Soup).

This talk will present practical learnings from 6 years of research, using machines to correlate application vulnerabilities and threats; from low level packet drops and vulnerability scan results, to high level APT campaigns lasting months and targeting multiple attack surfaces. 

This session will help the audience become better choice architects, designing choices in a way that take advantage of users automatic brains, thus making better and safer choices for the organization.

New methods are required to address threats increasing in frequency, sophistication, and impact, in an increasing climate of cost constraints, and resource and skills shortage. Traditional security controls and response can’t possibly keep pace.

With a crushing shortage of skilled cybersecurity defenders, many CISOs have turned toward analytics in an attempt to leverage scarce resources more effectively. While this has been largely successful in detecting attacks, this approach is too slow to help mitigate the worst of the damage caused by a fast-moving threat.  

Enterprises are moving more workloads to the cloud every day. While this helps speed and agility, what happens when there is an incident? How do you run your incident response process in an environment that you don’t own?

Moderator: Alex Wood

Panelists: Cameron Williams, CTO at OverWatchID; Ricardo Johnson, Sr. Director of Security, Risk and Compliance at CrowdStrike Inc; Brandon Levene; Don Walsh, Director of North American channel sales at Skybox Security

The goal of this presentation is to make IT and Security professionals aware of newly identified techniques used to get high click rates during phishing campaigns. The talk will introduce new research conducted using typosquatting, doppelganger domains, and IDN homograph attacks. 

Cyber Incident is a business issue, not just a security issue. To combat this danger, you need to create a security culture for your organization, and that starts with a comprehensive plan of preparedness. To help your firm survive, the cyber range gives your team the tools they need through a completely immersive security experience that tests skills, process and leadership competence. 

NSA addresses cybersecurity issues from both a defensive and offensive perspective. NSA’s Cybersecurity Operations Center (NCTOC) has one of the largest 24*7*365 footprints across the US Government as they defend over 3 million Department of Defense users across the globe.

Attendees will leave this session with new ideas that can immediately be applied to their password cracking needs ranging from recovery of password-protected documents needed for forensics, incident response, law enforcement, and legal cases to improving password compliance in large organizations.

In this presentation, we’ll discuss the different types of machines identities and where they proliferate in your network. You’ll see the role and lifecycle of machine identities, and where we’re falling short in protecting them. 

In this presentation we’ll explore the anatomy of these attacks and categorize these threats to develop an updated defense-in-depth strategy for the evolving IoT wireless threat landscape. 

The breadth of IoT technology is only going to continue to expand, so how do we protect all those endpoints? Most companies invest millions in protecting laptops, servers and creating a robust perimeter, and often times overlook the importance of locking down their endpoint infrastructure.

Learn how a workforce solutions provider fell prey to a debit card database attack and a healthcare provider foiled SamSam ransomware. Walkthroughs of investigations of real incidents show how the new category of Network Traffic Analysis (NTA) tools introduce new visibility and immediate detection of East-West attacks and unusual behaviors

Earlier this year an assessment was requested and conducted on a company because they could not find a rogue device on their network. The assessment was halted and a meeting ensued between HR, Legal and the assessment team. It was suggested by the team that the organization update their BYOD policy. 

Moderator: Dr. Shawn Murray, Principal Scientist at the US Missile Defense Agency and is a Director on the International Board for ISSA International

Panelists: Tal Guest, Principal Product Manager at Bomgar; Larry Homuth, Director of Sales for SecurityIQ; Juan Asenjo, Ph.D., CISSP, Senior Manager for Solutions Marketing at Thales eSecurity; Akshay Bondre

The Internet of Things (IoT) is exploding and increasingly becoming a part of our everyday lives. Home appliances and thermostats that are Internet-aware are only a couple of popular examples of how consumers are being impacted by this amazing new trend.

In this presentation, we will analyze and expose vulnerabilities in a medical ingestible camera device and propose solutions for better securing these types of devices.

In this session, led by one of the authors of the SMM, we will discuss the work done to date and provide an overview of the structure, purpose, usage and extensibility of the model. 

This will be a discussion of the emerging Blockchain technology and it's use to verify evidence from the moment it is collected to the final presentation in court.

Orchestration and automation (O&A) are hot topics in 2018 but are challenging to implement with success in an organization. O&A often reveals gaps in people, process, and technology that must first be addressed before it is architected and developed.  

Imagine you are King or Queen for a day. How would you employ the time and talent of computer hackers? Whom would you target, with what type of malware, and for what purpose? Where would you set technical, legal, and ethical constraints?

As we continue to secure our environments external attackers continue to be successful. This is true even with new developments and enhancements to our infrastructure’s security. The subsequent analysis and deployment of changes to our internal and generic Security Development Lifecycle (SDLC) don’t seem to even slow them down.