When: September 5, 2018 - 0800-1600
Where: Brier Creek Country Club
CPEs: Up to 8
Handouts: Will Be Uploaded When available
Time: Breakfast 7am to 8am ; Meeting 8am to 4pm
Lunch: 11:30 to 1pm
Note: Box lunch can be purchased from Brier Creek Country Club
Cost: Members - $75, Sister Organizations - $100, Non-members $125
SESSION I : Identifying The Inherent Risk of Your Third-Party Vendors: Determining Where to Concentrate Your Resources
Abstract: Companies are doing more business than ever with the help of outside vendors, suppliers, and partners. More information is being trusted with these outside entities than ever. Everyone agrees that a company needs to ensure that their partners are treating all data as if it were its own and protected it from disclosure. But remember, transference of duties does not equal transference of responsibility. We cannot deeply assess each of our third-party vendors; we do not have the time or the resources; today more than ever it is important to understand the inherent risk of conducting a business process outside of your organization – the higher the inherent risk, the more due diligence.
Speaker: Chad Peterson, Director, Third Party Risk Management – Service Delivery, Optiv
Chad Peterson brings more than twenty (20) years of technical and leadership experience to his current role. As a Director within our Third Party Risk Management Practice, Mr. Peterson works closely with clients and account teams in the area of Risk Management. A subject matter expert in information assurance, Mr. Peterson’s has an extensive background in Regulatory Adherence, Compliance and Security Training, Network and Systems Security, Business Impact Analysis, Policy Reviews, IT Audit, and Risk Assessments. Prior to joining Optiv Security in 2012, Mr. Peterson spent many years in the Healthcare Industry where he held positions such as HIPAA Security Officer, Information Security Manager, Health Information Technology Director, and Security Auditor. Mr. Peterson holds a Master’s Degree in Information Technology with a Specialization in Information Security, and has earned certifications in the areas of Security (CISSP), Audit (CISA), Compliance and Risk (CHC, CRISC), and IT Framework (ITIL-F). Chad was formally on the Board of Directors of the West Florida Chapter of ISACA and is actively involved in ISSA, AHIA, and HIMSS.
SESSION II: The Modern State of Insecurity
Online security is in a constant state of flux; we face threats today that are entirely new to those we dealt with only a year or two ago. Yet at the same time, we’re still dealing with the same fundamental threats we were decades ago with the likes of SQL injection and ransomware dating as far back as the 80’s. This dichotomy also plays out in the sophistication of attacks we’re seeing today with news headlines announcing nation state backed espionage with equal regularity to Amazon S3 buckets exposing everything to the public due to simple configuration errors.
In this talk, you’ll see how these threats are evolving and which are the ones we need to be especially conscious of in the modern era. It looks at real world examples of both current and emerging threats and talks about actionable steps we need to take as an industry to stem the flow of data breaches and other malicious activity. The Modern State of Insecurity is a scary yet necessary lesson on how we’re still getting security wrong today.
Speaker: Justin Wilkins, Varonis
Justin Wilkins is currently the Manager of Systems Engineering for the Mid-Atlantic at Varonis, where he helps organizations secure, manage and govern their unstructured data. He has over six years of experience in data security and governance in both the federal and commercial space. Prior to joining Varonis, he held engineering roles at Philips Healthcare, GE Aviation, and Bloomberg LP. His background as an aerospace engineer provides him with a deep understanding of the technical challenges with data security and the ability to develop creative solutions to solve complex problems. He earned a B.S.E. in Mechanical & Aerospace Engineering from Case Western Reserve University and currently resides in Washington, D.C. He enjoys studying foreign languages, traveling, spending time with family, surfing and playing soccer.
SESSION III: Losing the Cyber Security Battle? Win the War with Well Managed Identity
Abstract: Identity has long been deemed the new perimeter, but this approach doesn’t seem to be working. Despite increased spending on identity programs, organizations are still being breached at a record level. The majority of successful hacks are using compromised credentials. How can you protect your organization from a breach, while meeting expanding compliance mandates? In this session you’ll learn why identity is quickly becoming the language of security.
Speaker: Chris Smith, Optiv
SESSION IV: Overcoming Political Barriers in Moving to the Cloud
Abstract: "Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the eleventh hour after applications have been built is not likely to be ideal either for development or production based workloads in the Cloud. This session offers: Factors to consider when making software design choices. Tips on weaving security best practices into the SDLC without impeding the velocity of AppDev· Benefits of architecting applications hand in hand between AppDev and Security teams.
Speaker: Joe Vakkadan, Global Practice Manager, Cloud Security, Optiv
Joe Vadakkan brings more than 18 years of technical and information security leadership experience to his current role. As a Global Practice Leader, Cloud Security at Optiv. Vadakkan provides C-Suite and Engineering teams advisory services to define cloud security strategy, roadmaps and manages a division of cloud security experts who specialize in Microsoft Azure, Google Cloud Platform & Amazon web services which are embedded for implementation of secure cloud with the plan, build and run methodology to meet client’s security objective.
SESSION IV: Insider Threat: Turtles, Trust and The Future of Cybersecurity
Abstract: Faith in our institutions is collapsing, and GDPR is at the door. What would cybersecurity look like if we started from scratch, right now, in our hybrid, interdependent world? It would focus relentlessly on data. Learn how a data-centric security approach can reduce risk, increase efficiency and re-engineer trust in a society where faith has been shaken by unstoppable breaches. Objectives:
• Learn about an approach to data protection that starts with data, not threats
• Discover how classification, analytics, labels, and remediation fit together
• Gain insights into applying data-centric security to new regulations like GDPR
Speaker: Patrick Lynch, Varonis
Patrick Lynch has helped dozens of organizations in the Carolinas to better understand and protect their critical data. A risk assessment specialist, he focuses on educating Varonis customers on how to plan and implement sustainable data security policies affordably and efficiently.
SESSION V: GDPR
Patrick Lynch and Justin Wilkins
Abstract: to be provided soon
Speaker: to be provided soon