Tactical Edge Virtual Summit

Agenda

  • August 10
  • August 11
  • August 12
  • August 13
  • August 14
08:30 - 09.00
Salma Osejo
Host, Tactical Edge
Edgar Rojas
Director, Tactical Edge

Opening Ceremonies

Welcome all attendees, sponsors, and speakers
09:00 - 10:00
Tony Cole
CTO, Attivo Networks

Information coming soon

10.00 - 11.00
Mike Kiser
SailPoint

Information coming soon

14:00 - 15:00
TBD

Information coming soon

15:00 - 16:00
Helen Patton

Information coming soon

08:30 - 09.00
Salma Osejo
Host, Tactical Edge
Edgar Rojas
Director, Tactical Edge

Opening Ceremonies

Welcome all attendees, sponsors, and speakers
09:00 - 10:00
Wendy Nather
Head of the Advisory CISO team at Duo Security (now Cisco)

Time and Risk Dimensions in Security

When it comes to cybersecurity response and planning, time is not on our side. When incidents happen in milliseconds, but innovations take years, how do we close the time gap? In this session, we will talk about how to use time to our advantage: to react faster, plan better, and develop a path to the unknown future.
10.00 - 11.00
Stephen Moore
Vice President and Chief Security Strategist, Exabeam

Information coming soon

14:00 - 15:00
Elizabeth Wharton
Chief of Staff at SCYTHE

Dodging Risk Rabbit Holes & Red Herrings

In an evolving risk landscape, it’s easy to become distracted by the flood of incoming information and security alerts. With tightening resources, from teams working remotely to shrinking budgets, leveraging the odds via threat intelligence to mitigate risks becomes key. We will highlight how to use threat intelligence as a force-multiplier to bridge the business risk and security risk divide.

15:00 - 16:00
Dr. Pablo Breuer
Principal Director for Applied Cyber Intelligence at Accenture Federal Services

Reducing Information Overload Via an Analog Model for Cyber Risk

Cybersecurity relies on Security Operations Center (SOC) personnel to conduct data triage on large numbers of automated alerts to identify true threats to networks. To achieve this goal, SOC personnel must not only filter out false positives in data streams, but also coalesce disparate pieces of data to generate information that yields a conclusion of an existing exception condition in the desired state of cybersecurity and requires action.
Additionally, false negatives in data streams may later be identified when a compromise is discovered via human reporting or other means. Limitations of Turing machines used as automated sensors, ever-increasing network size and speed of transmission, limited numbers of qualified personnel, and the necessity to work in uncertainty, all serve to exacerbate the continual condition of information overload for network defenders.
This research addresses information overload by reducing the information that is presented to personnel working in a SOC. It proposes a new framework for determining cybersecurity risk as a time-dependent function, which allows for reduced information overload and at least equivalent cybersecurity posture.
08:30 - 09.00
Salma Osejo
Host, Tactical Edge
Edgar Rojas
Director, Tactical Edge

Opening Ceremonies

Welcome all attendees, sponsors, and speakers
09:00 - 10:00
Andy Ellis
Chief Security Officer at Akamai

Human Decision Making in the Era of Corona virus

In this talk, I will be taking a lot of the things I’ve learned over the last 20 years about how humans make decisions about risk, and examining those through the lens of the reactions to COVID-19.
10.00 - 11.00
Sharon Chand
Principal Deloitte Cyber Risk Services

Information coming soon

14:00 - 15:00
Mitch Parker, CISSP
CISO at Indiana University Health

How to take the 'suck' out of supplier risk management – a story about how we did it

IU Health is a healthcare provider with over 1,300 vendors. We face risks of scale. We needed to come up with means by which we could state our requirements, evaluate vendors for risks, and credibly present that we had addressed risks.
Current third-party vendor risk solutions do not present the requirements for a risk-based approach needed to address the intent of regulations. A score based upon controls we have no insight into and reported data breaches does not provide evidence of risk mitigation. The processes used by most organizations revolve around Business Associate Agreements to address security terms and conditions and detailed commitments to controls are not made.
Our challenge, the same faced by many organizations, was insurmountable workload in managing our supplier risk. We were overloading our attorneys, our third-party risk team, and several outside firms, along with vendors.
So, we spent a year and a half on researching this problem. We interviewed practitioners, CISOs, vendors and peer institutions. We developed security standards for emerging technologies. We examined upcoming standards and sent recommendations and shared our ideas with vendors.
We published this work on our website on November, 2019 for everyone to use.

15:00 - 16:00
Jerry Bell
VP and CISO of IBM Public Cloud

Back to basics

In a world of advanced persistent threats and increasingly sophisticated countermeasures, it is more important than ever to focus on security basics first. While we need the capabilities new security technologies bring, in almost all cases, the effectiveness of these tools depends on basic security principles being operated effectively. In this session, we will discuss common mistakes organizations make with security basics, how those mistakes can render more advanced security controls ineffective, and what we can do to help avoid such errors.
08:30 - 09.00
Salma Osejo
Host, Tactical Edge
Edgar Rojas
Director, Tactical Edge

Opening Ceremonies

Welcome all attendees, sponsors, and speakers
09:00 - 10:00
Susan Peediyakkal
Director of Advisory Services and Threat Intelligence for Luta Security

Information coming soon

10.00 - 11.00
Chris Kubecka
CEO, HypaSec

Hack The World With OSINT

Land, space, sea and air, all fair game for hackers. Discover vulnerable, remotely exploitable or misconfigured systems using open source intelligence gathering tools and techniques. Protect your organization or find out if your home alarm system is exposed insecurely to the internet. This journey takes you through computer systems, databases, ICS industrial control systems, email servers and settings, intelligence agencies, crackable encryption, internet of things devices, hydroelectric dams, solar panels, fire alarms, home cinemas, maritime, space, aircraft and more.
14:00 - 15:00
Tyrone E. Wilson
Founder and President of Cover6 Solutions

From Passive Reconnaissance to Compromise with OSINT and Third-Party Apps

Join us to learn how attackers use Open Source Intelligence (OSINT) and third-party apps to obtain information that eventually leads to a successful corporate or home network compromise. Tyrone will demonstrate how to use various tools and an attacker's mindset, to gather relevant information without getting caught. We will see the entire information attack process from start to finish.

15:00 - 16:00
Ira Winkler, CISSP
President of Secure Mentem

Information coming soon

08:30 - 09.00
Salma Osejo
Host, Tactical Edge
Edgar Rojas
Director, Tactical Edge

Opening Ceremonies

Welcome all attendees, sponsors, and speakers
09:00 - 10:00
Javvad Malik
Security Awareness Advocate at KnowBe4

Solving the defenders dilemma with one simple trick

We're often led to believe that security is a losing battle, and if we have any chance of defending our organisations we need to invest millions in multiple layers of security.
On top of that, we need to constantly prove to execs, shareholders, and customers that we're taking security seriously.
It's a thankless and tiring job.
But what if I told you there was a way to get around that and fix the majority of your woes with one simple tactic?
Come along to find out.
10.00 - 11.00
Chloé Messdaghi
VP of Strategy at Point3 Security

Hacker Hippocampus

Always on the edge of your seat when it comes to new exploits and tricks. From bug bounties, CTFs, live hacking events, simulations, and interactive educational modules, they have been proven to stimulate and enforce new tools and knowledge to become stronger red teamers.
But how does our brain process gamification and threats as hackers?
This gamified/interactive talk shares how our brains are stimulated by them and how to up your game.
14:00 - 15:00
Dr. Andrea Little Limbago
Vice President of Research and Analysis at Interos

Rethinking Cyber Risk in a Reglobalized World

COVID-19 has exposed the fragility and insecurity of a hyper-globalized world system. The pandemic is accelerating global shifts and further entrenching disparate approaches to security, privacy, and data protection across the globe. From digital authoritarians and techno-nationalism to nascent signs of digital democracies, these distinct approaches significantly affect digital security and privacy risks.
We will briefly detail these competing digital frameworks, with a focus on their core components and current examples. Cyber attacks and disinformation remain persistent threats, but the range of risks expands beyond these usual suspects. We will explore the growing aperture of cyber risk considerations, including: government-mandated access to data, internet blackouts, evolving hardware regulations and pacts, and third-party and supply chain risks. As globalization continues to transform, it is essential to evolve cyber risk frameworks to account for these transformations in the ‘new normal’.

15:00 - 16:00
Jorge Orchilles
Chief Technology Officer at SCYTHE

High Value Adversary Emulation through Purple Teaming

Offensive security and Ethical Hacking is about providing business value. One of the most efficient and effective ways to improve security is through Adversary Emulation Purple Team Exercises. Adversary Emulation is a type of ethical hacking engagement where the Red Team emulates how an adversary operates, leveraging the same tactics, techniques, and procedures (TTPs), against a target organization. The goal of these engagements is to train and improve people, process, and technology. This is in contrast to a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement. In this talk, we will cover how to run a high-value adversary emulation through a Purple Team Exercise.
16:00 - 16:30
Salma Osejo
Host, Tactical Edge
Edgar Rojas
Director, Tactical Edge

Closing Ceremonies

Announcements of future events and a few surprises!
Tactical Edge Virtual Summit 2020

Sponsors

Gold

Silver