ElevateGov

EVENT LIBRARY

AGENDA

Monday, April 1

11:00 AM - 5:00 PM CISO Academy (Invitation Only)

In an ongoing effort to create a stronger Community of Interest among the So Cal Security Professionals, we are bringing together CISO peers as well as the Local, State and Federal Resources that are available to you.

Tanium-AutomateTheHunt - Whitepaper

Session 1 IBM CSS2019

5:00 PM - 7:00 PM

Tuesday, April 2

8:00 AM Event Start

5:00 PM - 7:00 PM Registration and Check In

5:00 PM - 7:00 PM Solution Center - Open All Day

8:30 AM - 9:00 AM Welcome and Opening Remarks

9:00 AM - 10:00 AM Opening Keynote Presentations

IBM: Coffee Talk- How to Rock Your SOC

The experts share best practices in building a Security Operations Center.

Speakers:

  • Alden Hutchinson, Associate Partner, IBM Security Intelligence
  • Cindy Compert, CTO Data Security & Privacy, IBM Security
  • Sean Updegrove, Associate Partner, IBM -Security Strategy, Risk and Compliance
  • Ahmed Saleh, Global Partner & Director

Description: Global, national and local data breach laws are more complex than ever before – and continually evolving. This often makes the mechanics of incident response and regulatory disclosure lengthy, tedious and expensive. Prepare for and respond to cyber attacks more effectively with a proven response strategy. This can help save organizations time when responding to incidents and helps organizations address applicable compliance requirements.

  1. Knowing how to survive the ever-changing threat landscape is critical to your cyber security strategy.
  2. The evolving threat landscape calls for an approach that uses intelligence and precision to stop threats.
  3. Understanding how attackers operate is key to prioritizing a defense.
  4. Businesses require a comprehensive Threat Management Framework to help prevent, detect, respond to and recover from threats.
  5. Managed Detection and Response

Speakers:

  • Cindy Compert, CTO Data Security & Privacy
  • Sean Updegrove, Associate Partner
  • Alden Hutchison, Associate Partner

LogRhythm: A Roadmap to Security Operations Maturity Effective security operations are the first line of defense when it comes to preventing cyber attacks. To accomplish this, organizations need mature and measurable programs that leverage people, process, and technology to rapidly detect and respond to sophisticated attacks. A model for Security Operations maturity will be outlined in this keynote. Public sector organizations can use this model as a basis to evaluate their current security operations maturity level and develop a roadmap to achieve the level that is appropriate in the light of their specific resources, budget, and risk tolerance. Audience members will be introduced to concepts and tools that allow them to assess their organization's security operations level of maturity and outline a roadmap for improving that level.

10:15 AM - 11:00 AM Session 1: Optimizing your incident response program by IBM

Session 1: XForce Incident Response Preparedness - Optimizing your incident response program

Presented by IBM

Speaker:

  • Alden Hutchinson, Assoc.Partner, IBM Security Consulting Practice
  • (Ahmed Saleh, Global Partner & Director, IBM X-Force IRIS)

Symposium Speakers

Description: Global, national and local data breach laws are more complex than ever before – and continually evolving. This often makes the mechanics of incident response and regulatory disclosure lengthy, tedious and expensive. Prepare for and respond to cyber attacks more effectively with a proven response strategy. This can help save organizations time when responding to incidents and helps organizations address applicable compliance requirements.

  1. Knowing how to survive the ever-changing threat landscape is critical to your cyber security strategy
  2. The evolving threat landscape calls for an approach that uses intelligence and precision to stop threats
  3. Understanding how attackers operate is key to prioritizing a defense
  4. Businesses require a comprehensive Threat Management Framework to help prevent, detect, respond to and recover from threats
  5. Managed Detection and Response

10:15 AM - 11:00 AM Session 2: Hunting for "Living off the Land" Attack by LogRythm

Session 2: Hunting for "Living off the Land" Attack Scenarios

Presented by LogRhythm

Speaker:

  • Brian Coulson, Threat Research Senior Engineer, LogRhythm, Inc

Description: Attendees to this session are in for a treat as they will get to spend some valuable time with LogRhythm's most senior threat analyst. In this threat hunting training session, Brian will walk the attendee through scenarios focused on commonly used Powershell attacks within "Living off the Land" style of offensive measures. By using customized SIEM dashboarding and targeted search parameters, you will learn how to efficiently hunt for suspicious indicators within generally available Powershell and Microsoft Sysmon log events. Besides sharing a few of his most interesting threat hunting stories, Brian will show you how to identify and act upon strange patterns and unique indicators of compromise that can tip the balance back in your favor.

Expected Outcome: Attendees will leave with an understanding of how bad actors are leveraging standard tools already installed on target systems as well as threat hunting techniques to seek out those using "Living off the Land" style of attacks.

Intended Audience: The intended audience for this session will be Managers, Supervisors, Architects, Security Analysts, SOC Operations, and Technical staff.

10:15 AM - 11:00 AM Session 3: Change is Simply an Act of Survival by Zscaler

Session 3: Change is Simply an Act of Survival

Presented by Zscaler

Speaker:

  • Bil Harmer, CISO, Zscaler

Description: This session will review the history and development of the network and its interaction with the Internet. How the adoption of SaaS and PaaS base solutions have rendered the network irrelevant from a security perspective. We will explore the developments in malware, how threat actors have taken on a business approach to creation, distribution, and management of their attack campaigns. We will then take a few steps into the future and explore some possibilities that have the potential to greatly affect governments and how they protect themselves. Finally, we will explore some of the potential strategies that can be started now to lay time groundwork to ensure a more secure architecture in the future.

Expected Outcome: This session will give attendees a fresh perspective on how they should approach enterprise security as they begin to implement digital transformation initiatives.

Intended Audience: Agency technology leadership (CIO, CTO, CISO), architects, networking and security practitioners

10:15 AM - 11:00 AM Session 4: The Evolution of Cyber Warfare…Is Defense in Depth Enough? by Forescout Technologies, Inc.

Session 4: The Evolution of Cyber Warfare…Is Defense in Depth Enough?

Presented by Forescout Technologies, Inc.

Speaker:

  • Shawn Taylor, Senior Systems Engineer, Forescout Technologies, Inc.

Description: The concept of deploying multiple layers of security controls and technologies throughout IT environments has historically been viewed as the correct strategy in a defensive cyber warfare posture. This session asks the question…is that enough? Or do we as security practitioners need to do more? During the session, we will explore: -the current dynamics of the marketplace -the limitations and challenges of a layered security approach -how an in-depth defensive strategy can create a sense of over-confidence that could pave the way for cyber-criminals

Expected Outcome: The attendees should do some self-reflection and ask themselves if maybe they are overly confident that they are secure — that the strategies they've deployed are in fact enough.

Intended Audience: Executives, managers, supervisors, and anyone who has a say in what their cyber-security strategy and architecture should look like.

10:15 AM - 11:00 AM Session 5: Privilege matters! It’s everywhere in your environment! by CyberArk

Session 5: Privilege matters! It’s everywhere in your environment!

Presented by CyberArk

Speaker:

  • Jason Mar-Tang, Senior Solutions Engineer, CyberArk Software

Symposium Speakers

  • Jason Mar-Tang, Senior Solutions Engineer

Description: This session is aimed at discussing what privilege means inside the IT environment. Specifically, where does privilege play a role in Identity & Access management, application security, and endpoint security. Different type of exploits will be discussed in which privilege is a key component of success for a threat actor. Finally, the session will discuss how CyberArk can counter these risks through taking a privileged first approach to mitigation.

Expected Outcome: Attendees in this session will understand the role of privilege in the threat landscape as well as how CyberArk can assist in mitigating efforts.

Intended Audience: Anyone who is looking to mitigate cyber risk in their environment. Anyone who is looking to understand how managing privilege can assist not only security , but operations as well.

11:15 AM - 12:00 PM Session 6: California Consumer Privacy Act--How to prepare for it by Tanium

Session 6: California Consumer Privacy Act- AB375 -How to prepare for it
Presented by Tanium
Speaker:

  • Ken Heller, West Regional TAM, Tanium

Symposium Speakers

  • Ken Heller Vice President -Technical Account Management, West

Description: California just passed the nation's toughest data privacy law. Gov. Jerry Brown signed the California Consumer Privacy Act of 2018 on Thursday, hours after its unanimous approval by the State Assembly and Senate. The law, which takes effect in 2020, gives consumers sweeping control over their personal data. What does this mean for local government? How do you prepare? What can be done to protect agencies?

Expected Outcome: Attendees can expect to learn about the privacy law and what it encompasses. As well as how to prepare internally to identify sensitive data in your environment, and protect it.

Intended Audience: Director, and CISO level, Data Privacy officers, Compliance officers.

11:15 AM - 12:00 PM Session 7: Zero Trust, CARTA, IoT, CJIS, CSF – OMG, how can I address all of these? by Cisco

Session 7: Zero Trust, CARTA, IoT, CJIS, CSF – OMG, How can I address all of these?

Presented by Cisco

Speaker:

  • Peter Romness, Cybersecurity Solutions Lead, US Public Sector CTO Office, Cisco Systems

Description: You may have heard all of these as buzz words, you may have been asked about them, or you may be digging into some or all of these topics in more depth. But why are they important and how can you address them with your limited time and resources? This engaging session provides an overview of all of these topics and more. It shows how they all are efforts to guide agencies as they protect against modern cybersecurity threats. It shows how a modern information platform can enable Cybersecurity Excellence without busting the budget or throwing out your current investment. “Cybersecurity Excellence” means finding a way to both efficiently and effectively manage cyber risks. It means asking the right questions and focusing investments in the security controls that matter most. It means successfully defending critical systems and sensitive information despite persistent threats, ongoing talent shortages, and ever-present budget constraints. This session shows how networks and security tools can be automated to create bandwidth for security professionals so they can focus on making operational security enhancements to the environment — improving overall cyber posture. Don’t run away from these topics, come learn how to use them to your advantage to make sure your organization is secure and relieve some of the drudgery of keeping it that way.

Expected Outcome: We are bringing the messaging of a Zero Trust approach to better educate or IT staff, administrators and CISO's and assure we can learn from the most current best practices and approaches to better serve our communities.

Intended Audience: The content is intended for government IT staff, security practitioners, CISOs and administrative personnel.

11:15 AM - 12:00 PM Session 8: Preparing for the Inevitable: Response-focused Evidence Collection by Taborda Solutions & FireEye

Session 8: Preparing for the Inevitable: Response-focused Evidence Collection

Presented by Taborda Solutions & FireEye

Speaker:

  • Justin Edgar, Director, Security Solutions, Taborda Solutions

Description: In over 75% of incident responses, third-party responders arrive to find a general absence of the data and forensic capabilities required to effectively scope and remediate an incursion. In this session we will leverage recent, real-world examples of threat actor tactics to discuss the data sources most relevant for an effective incident response. Attendees will leave with a strategy for collecting focused, security-relevant data to most accurately and efficiently respond to today's most prevalent threats.

Expected Outcome: Attendees will leave with a strategy for collecting focused, security-relevant data to most accurately and efficiently respond to today's most prevalent threats.

Intended Audience: Information Security Analysts and Management

11:15 AM - 12:00 PM Session 9: Cybersecurity War Stories: Tales from the Trenches by Arctic Wolf & Savant Solutions

Session 9: Cybersecurity War Stories: Tales from the Trenches

Presented by Arctic Wolf & Savant Solutions

Speaker:

  • James McCarthy, Senior Systems Engineer, Arctic Wolf Networks
    • 11:15 AM - 12:00 PM Tue Plaza A & B Room Breakout Session

Symposium Speakers

  • James McCarthy, Senior Systems Engineer

Description: In today’s world, it’s imperative for organizations of all sizes to have an online presence to succeed in business. But there’s a risk to always being connected—organizations are prime targets for cyber-attacks. Recent ransomware strains demonstrate how business can be brought to a grinding halt by encrypting your business critical data. Join James McCarthy of Arctic Wolf Networks to gain knowledge on the evolution of cybersecurity, discover where we believe the future of cybersecurity is headed, and hear tales from the trenches of what we’re seeing in the field.

11:15 AM - 12:00 PM Session 10: IT Security & Risk Management for the Public Sector by Nth Generation

Session 10: IT Security & Risk Management for the Public Sector

Presented by Nth Generation

Speaker:

  • Jeromie Jackson, Director of Security & Analytics, Nth Generation

Description: Information security has changed dramatically as we have moved from a centralized model to a distributed one. Security leaders and practicioners are facing significantly increased infosec challenges with the continued growth of IoT, mobile workforces, Cloud IaaS/DaaS/PaaS/SaaS, distributed networks and social media. In this session we will discuss not only the hard technical skills, but also the soft skills necessary for individuals and organizations to improve their IT security posture. Frameworks such as the Cloud Security Alliance Common Body of Knowledge, the Center for Internet Security Critical Security Controls (CIS-CSC) and the NIST Cybersecurity Framework (CSF) can significantly help align an organization to widely-adopted best practices and to prioritize security and business risks. This session will provide a brief overview of how these solutions can be best applied toward IT Risk & Security Management moving forward.

Expected Outcome: Walk away with smart strategies and best practices to assess your organization's security posture, based on controls/frameworks from the CIS and NIST. Learn how these approaches can be best applied toward enhanced IT Risk & Security Management going forward.

Intended Audience: Executives, Managers, Supervisors, Architects, Technical staff.

Prerequisites: - Basic understanding of information security concepts - Basic understanding of business concepts is a plus

12:15 PM - 1:30 PM Lunch Keynote: A Different Type of State Emergency: Cyber! by the State of Colorado

Lunch Keynote: A Different Type of State Emergency: Cyber!

Presented by the State of Colorado:

  • Governor's Office of Information Technology,
  • Chief Information Security Officer Deborah Blyth, CISSP, CISM Director,
  • CO Office of Emergency Management Michael J. Willis
    • 12:15 PM - 1:30 PMTue California Ballroom B&C General Session

Symposium Speakers

  • Michael J. Willis Director of the Colorado Office of Emergency Management
  • Deborah (Debbi) Blyth Chief Information Security Officer (CISO)

In 2018 the State of Colorado was the first state in the nation to ever declare a state emergency, based on a cybersecurity event. The Colorado Department of Transportation experienced a SamSam ransomware attack, which crippled its business operations for an entire month. Colorado's State CISO & Director of the Office of Emergency Management will talk about the event, the partnership that restored operations, and lessons learned.

1:30 PM - 2:30 PM Solution Center - Meet your Industry Partners!

2:30 PM - 3:15 PM Session 11: Understanding the State of California-Department of Technology--Endpoint Protection Standard SIMM 5355-A by Crowdstrike

Session 11: Understanding the State of California-Department of Technology--Endpoint Protection Standard SIMM 5355-A

Presented by Crowdstrike

Speaker:

  • Wes Bateman, Senior Sales Engineer, Crowdstrike

Description: January 2019 the California Department of Technology Office of Information Security issued the Endpoint Protection Standard--SIMM 5355-A. This session discusses the requirements of the standard and the capabilities required for Detection, Protection, Investigation, Containment and Remediation. It also addresses methods to ensure compliance with this standard.

Expected Outcome: Attendees will learn about the endpoint standard and be able to put together a framework for adhering to the new standard.

Intended Audience: CISO, Risk compliance officers, Security operations and analysts will benefit from this session

2:30 PM - 3:15 PM Session 12: What Matters: Automate your Vulnerability Management and Focus on Remediation by Tenable

Session 12: What Matters: Automate your Vulnerability Management and Focus on Remediation

Presented by Tenable

Speakers:

  • Jim Thor, Security Engineer, Tenable Public Sector
  • Patrick Meister, Territory Manager, Tenable Public Sector

Description: It is time to start focusing on what is important, and allow tools and automation to direct us where to focus our effort for the biggest impact to reduce our cyber exposure risk. In todays environments, there are many threats and vulnerabilities that affect organizations and agencies of all sizes. At the same time that these threats are increasing on a daily basis, we have less resources available to address those risks. Learn how quickly you can start a automated vulnerability management program, and prioritize you efforts to remediate. Remediation is the goal, vulnerability management is how you get there.

Expected Outcome: Learn to quickly build an automated Vulnerability Mangement program, focus your limited resources to lower your cyber exposure risk in all modern assets, including DevOps, Web Applications, Cloud, Traditional, OT and IoT.

Intended Audience: CIO, CISO, Architect, Engineer, Administrator, Practitioner, Everyone that is responsible for protecting assets in your organization, department, or agency. If you are working to lower your Cyber Exposure Risk, you should be in this session!

2:30 PM - 3:15 PM Session 13: Why Data-Centric Authentication is at the Heart of Zero Trust by Symantec

Session 13: Why Data-Centric Authentication is at the Heart of Zero Trust

Presented by Symantec

Speaker:

Salah Nassar, Director of Information Protection, Symantec Corporation

Description: It’s called a 'data breach' for a reason. Bad actors are after your sensitive data. Users, endpoints, email, and cloud applications are communication channels that serve as attack vectors. In a ""Zero Trust"" model where you cannot trust anything in or out of your network, focusing the perimeter around the data and protecting it with intelligent authentication is the best security approach. Most authentication solutions on the market authenticate access to almost everything BUT your data. Blindly allowing users to access the data without checking their identity negates the entire security stack. To implement Zero Trust successfully in your organization, the best products are the ones that give you the most visibility into who is accessing your data both on-premises and in the cloud. Before a user is granted access, all risk factors surrounding the user and their authenticating device need to be evaluated. Simply put: protect your data and trust no one.

Expected Outcome: In this presentation we will break down the following:

  • What are the components of Zero Trust?
  • How to implement Zero Trust successfully.
  • What are the important security solutions core to Zero Trust and why data protection and identity are central to this model.

Intended Audience: All Cyber Security Practioners will benefit from this session

2:30 PM - 3:15 PM Session 15: Security Strategy and Roadmapping Simplified by ENS, Inc.

Session 15: Security Strategy and Roadmapping Simplified

Presented by ENS, Inc. Speaker: Eric Rosburg, Account Executive, ENS Inc.

Description: We will cover a simplified model that IT executives and management can use to document and communicate the relationship between organizational risks and IT Security expenditures.

Expected Outcome: Understand what you're going to do. What you're not going to do. And why you're going to do it.

Intended Audience: Security Specialist, IT Director, CISO, CIO

3:15 PM - 4:00 PM Session 16: Transforming Security in a Cloud and Mobile World Presented by VMware

Session 16: Transforming Security in a Cloud and Mobile World

Presented by VMware

Speaker: Tom Corn, VMware’s SVP/GM of Security Technologies and Strategy, Vmware

Description: If any domain is in need of transformation, it’s cyber security.  The only thing growing faster than security spend is security losses. And incremental improvement won’t reverse this trend — we need a step function change. The average organization owns between 30 and 50 security products. Solving the problem is not about bolting on more, but about architecting security in. Attend this must see Showcase Keynote to hear Tom Corn, VMware’s SVP/GM of Security Technologies and Strategy, reveal what you need to know about VMware and cyber security including: VMware’s security strategy and vision, how the various components are coming together, and where it’s all heading.

Expected Outcome - Participants will see how virtualization has changed the game for security by ensuring known good vs. chasing threats. You will also learn that building a robust zero trust Architecture is not only operationaly feasible but much more cost effective.

Intended Audience: Intended Audience is CISO, Security practioners, Architects, as well as network and systems managers and engineers.

3:15 PM - 4:00 PM Session 17: Protecting Your Web Applications in a Multi Cloud World by F5

Session 17: Protecting Your Web Applications in a Multi Cloud World

Presented by F5

Speaker:

  • Chad Fazio, Sales Engineer, F5

Description: Please join us for a conversation on the challenges of application security in a hybrid cloud environment. In this session we will discuss the difficulties presented to organizations considering a multi cloud deployment and the tools available for them to protect their applications, no matter where they are running. Our discussion will focus on the Web Application Firewall, or WAF. We'll review it's current capabilities against the existing threat landscape as well as discuss what future techiniques may be required to continue to protect against tomorrow's threats. Finally, we'll consider how we can ensure consistent policy and protections no matter where our applications are hosted.

Expected Outcome: A better understanding of a WAF's capabilities and limitations, and the future capabilites that may be required to protect against tomorrow's threats.

Intended Audience: Information Security Executives, Information Security Practitioners, Information Technology Practitioners

3:15 PM - 4:00 PM Session 19: Security Automation and Orchestration: The CISO’s Secret Weapon by ServiceNow

Session 19: Security Automation and Orchestration: The CISO’s Secret Weapon

Presented by ServiceNow

Speaker:

  • Adam Horwitz, Sr. Solution Architect, Security & Risk Practice, ServiceNow

Description: In this session you will gain a better understanding of what is needed to move your organization beyond spreadsheets and email to a scalable solution that automates routine manual tasks, eliminates silos between IT Security and IT Operations and provides workflow-driven consistent processes resulting in improved visibility, accelerated response, better decision making, continual improvement and enhanced efficiency.

Expected Outcome: A better understanding of what is needed to move your organization beyond spreadsheets and email to a scalable solution that results in faster and more efficient response to security incidents and vulnerabilities.

Intended Audience: CIO, CISO, Incident Response and Vulnerability Response managers, analysts, responders and IT operations personnel. If you are interested in faster and more effective response to security incidents and vulnerabilities, you should be in this session!