Monday, July 29
Initializing Secure Connection – Welcome Networking Reception
Tuesday, July 30
Keynote & Panel Sessions
A View From the CISO's Office
As enterprises embark on digital transformation, leading organizations are emphasizing a converged risk management approach bringing new players to the decision-making table. Physical security solutions increasingly interact with critical data sources to deliver more value to an organization, so what are information security professionals interested in when interacting with their physical security counterparts and their partners? How can physical security provide value –and hence buy in – from these new decision makers – with often bigger budgets. A distinguished panel of executives from the office of the chief information security officer (CISO) from leading organizations discuss these questions and more.
- Presenter: James O'Shea, Head of Reengineering and Global Security Engineering, RBC Capital Markets
Technologies Shaping the Converged Cyber-Physical World
Advanced cloud capabilities, artificial intelligence, blockchain and quantum computing have all been mentioned in trade and general business press as the next big disruptors. But how quickly do implementors of security need to understand and weave these technologies in their solutions? Technology evangelists from leading technology platform organizations discuss these technologies and others, including the security problems that they solve and the new attack surfaces and risk that they present.
- Presenter: Edward Lee, Security and Trust Advisor, Google Cloud
Lunch & Vendor Exhibits
Vendor Exhibits & Reception
Wednesday, July 31
Keynote & Panel Sessions
What Physical Security Can Learn From Cybersecurity...and Vice Versa
You can’t have cybersecurity without physical security, and increasingly, you can’t have physical security without cybersecurity. Whether their focus is on hackers or intruders, security teams struggle with the same issues, and often compete for the same budget. Increasingly, law enforcement, chief security officers and chief information security officers (CISOs) are concerned with blended attacks that have both physical intrusions in conjunction or in support of cybersecurity breaches. This session will explore the lessons learned from the CISO of Southern Methodist University, which has integrated support for physical security technologies and cybersecurity on the same team. Five years later, the team has completed a campus-wide lockdown initiative, centralized support, increased response time, improved the student experience and helped to reduce crime on campus – all while hardening systems against hacking.
- Presenter: George Finney, CISO, Southern Methodist University
Being a Responsible Cybersecurity Partner
Often, the first response to a cyber breach is finger pointing. How do manufacturers ensure that all aspects of their products, the software layer, the advanced chipsets and the cloud-based add-on services won’t end up being the reason their brand is damaged because of a vulnerability? How do security integrators assess the cyber accountability of a supplier and hold them responsible throughout the duration of a partnership? Hear from industry leaders how codification, cooperation and transparency around cybersecurity can be baked into partnerships.
Fostering Innovation and Public Private Partnership in Cyber Defense
During this lunch presentation, learn how innovations in policy, technology and people can lead to breakthrough results in the nation’s operational environment.
Dissecting the Attack
Nearly every day, the headlines are full of breach announcements of major companies and organizations that leave us with many questions. How do these breaches happen? Why didn’t anyone notice? Why does this keep happening? Could this happen to me? This session will cover how attackers select, plan and attack their targets from start to finish with real-world scenarios and conclude with what you can do to protect your company’s reputation as a manufacturer or systems integrator.
- Presenter: Valerie Thomas, Executive Information Security Consultant, Securicon
Selling Deterrence by Denial
Over the past decade, hundreds of millions, if not billions, of dollars of valuable data and the future opportunity it embodies have been stolen from American industry. Despite huge investments in cybersecurity, breaches and data thefts continue to happen on what seems to be an exponentially increasing basis. The uncomfortable truth about that investment, however, is that it has focused on failed methodologies or closing the barn door after the horse has bolted. This session will explore solutions and exemplary products that implement “deterrence by denial,” a cyber defense strategy that assumes an attacker will be successful in penetrating the perimeter but removes financial motivation to do so by rendering the ultimate targets of the attack, industrial information and intellectual property, useless even if successfully stolen.
- Presenter: Adam Firestone, Chief of Engineering, Secure Channels, Inc.
Converged Security and the Law
What can a hacker and a lawyer teach the physical security industry about the legal landscape of cybersecurity? We all know that costs and liabilities associated with cyber breaches are multiplying; however, there is a tremendous number of cybersecurity blind spots that threaten the industry and can rare their ugly heads in the near future. A cyber-legal mind takes a microscope to some of the glaring legal ramifications that can impact the industry specifically and issues relating to the domain name system, intellectual property, nation state actors and privacy of information collected by security systems.
- Presenter: Alexander Urbelis, Partner, Blackstone Law Group
The Cloud and You: Cybersecurity in the Cloud
The cloud has revolutionized the scale and security of physical security operations, reducing maintenance and provisioning time and redirecting those efforts to the actual practice of security; however, even with the major cloud service providers ramping up security and implementing world class cybersecurity procedures, these back-end practices do not always translate to security on endpoint applications, as standards and APIs must be configured securely by customers. This session will take attendees through the recommended on-premises procedures of deploying a security application securely on the major cloud services.
- Presenter: Chris Peckham, Chief Operating Officer, Building Intelligence
Gap Analysis: Configuring Your Microsoft Office 365/Azure Environment(s) for NIST 800-171 Compliance
Supply chain cybersecurity scrutiny is increasing across the entire critical infrastructure ecosystem, not just the Department of Defense. This presentation reviews the common gaps found in subcontracting environments that use Microsoft Office 365 and/or Azure IT environments and includes advice for configuring, monitoring, automating and reporting upon shared National Institute of Standards & Technology (NIST) 800-171 controls.
- Presenter: Andrew Lanning, Defense Industrial Base Sector Chief, InfraGard Hawaii Member Alliance
Integrating and Monetizing Cyber and Physical Security Offerings
Can security integrators monetize cybersecurity? To do so, they need to offer managed security services that provide long-term security for clients and a steady revenue stream for their integration business. To do this, integrators need to understand what threats companies face and know what products and services mitigate those threats. This discussion will identify the threats in understandable, non-techno-geek terms and outline the security products that match up against each. Participants will receive a framework with which to evaluate client risk and build a mitigation strategy that they can sell to clients.
- Presenter: Steven Mains, CEO and Managing Partner, TechMIS LLC
Building a NIST-Compliant Cybersecurity Program
Five years after its initial release, The NIST Cybersecurity Framework is still a gold-standard process for prioritized, flexible, repeatable, performance-based and cost-effective approach to managing cybersecurity risk at all levels in an organization. The framework is applicable to organizations of all sizes and sectors. This presentation will address using the NIST Cybersecurity Framework for building a cybersecurity program (engineering, technology and business) that’s addresses today’s cybersecurity landscape and cyber risks, providing attendees with assessments, executive scorecards and a road map to remediate control gaps.
- Presenter: Larry Wilson, CISO, University of Massachusetts President's Office
Enterprise Technology Trends to Watch
Research firms forecast that video will produce 15.1 zettabytes of data annually – no other IoT application comes close to this rate of data production. This influx in data, as well as the growing adoption of video analytics and artificial intelligence, propels video to be used in a wide variety of ways. These trends enhance video’s value but also pose challenges, such as threats related to cybersecurity. This presentation explores how the latest innovations in IT enable users to better capture, store and protect data. Attendees will understand how data has become today’s “modern currency” and how deep learning enables you to pinpoint the exact data that is important to your business. Attendees will also learn how video data is affected by data privacy regulations like the Health Insurance Portability and Accountability Act and Europe’s General Data Protection Regulation and mandates encryption.
- Presenter: Brandon Reich, Senior Director of Surveillance Solutions, Pivot3
Convergence: It's More Than a Buzzword
In today’s world, security is mission-critical and needs to be looked at holistically. The once predominantly physical security business is no longer enough to protect against an increasingly complex risk landscape. As today’s threats and breaches frequently target an organization's IT infrastructure, it is paramount that businesses turn to a more unified and collaborative security strategy that incorporates both physical and cyber aspects. This requires convergence among the enterprise: cyber, IT and traditional security teams must unite to strengthen risk mitigation. Security solutions must now take into account all methods in which a threat could be presented, which requires gathering intelligence from a range of sources such as the web and applying relevant insight to physical components. A comprehensive strategy built with all areas of security in mind can lead to better incident management and faster response, ultimately positively impacting business continuity, employee safety, customer experience and brand reputation.
- Presenter: Gilles Perez, Head of Business Development – North America, Threat Intelligence Group, Verint
A Year of Frustration – A RASP Deployment Story
For any organization that has attempted a Runtime Application Self Protection (RASP) deployment, you know the frustrations that come with getting C-level buy-in and customer engagement. This presentation walks through the ups and downs of a successful RASP deployment, including how to deal with delays, how to measure whether the deployment is actually working and how to integrate your RASP deployment with common security information and event management tools while consistently delivering added value to the business.
- Presenter: Troy Bowen, Manager, Application Security, Verizon
You’ve Been Breached – What Happens Next?
Post-cyber breach, your next steps are critical to the recovery success, or potential demise of your company. What do you do? Who do you call, and when? The time to create a data response plan is before an incident happens. During this session we’ll discuss the critical components that should be included in a cyber incident response plan to help protect you, your customers and your company from reputational and monetary damages.
- Wayne Dean, Vice President, McGriff Insurance Services
- Hannah Hoeflinger, Professional Lines Broker, INSUREtrust
Defending Today's Hybrid IT Environments With Managed Detection and Response
Modern-day cybersecurity threats require close monitoring and effective response; however, as data expands from on premises to the cloud – or somewhere in between – new blind spots are emerging. Threat actors are taking advantage and accomplishing their objectives faster than ever, and traditional security information and event management (SIEM) solutions have proven to be ineffective at defending against new cyberattacks and risks. Today’s hybrid IT environment therefore needs an additional spectrum of visibility with integrated detection and response capabilities to catch the most elusive of threat actors. In this presentation, we'll assess the evolution of data security, exploring why traditional SIEMs are falling short, why hybrid IT environments require an additional spectrum of visibility, the level of risk associated with differing levels of visibility and the effects the addition and removal of each data signal can have on your risk profile.
- Presenter: Eldon Sprickerhoff, Founder and Chief Strategist, eSentire