Data Breaches: Defense and Response: Chicago (Rosemont/O’Hare)
Strategies to help your organization prepare for, defend against and respond to breaches
December 7, 2023
9:00am-5:00pm
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
Overview
It is not a matter of if, but when your organization will be breached. Against these threats, enterprises try to build higher and more secure walls around their data and networks. This seems to be a never-ending arms race, as even the most sophisticated systems may, before long, present weaknesses that malicious technology can overcome.
What You Will Learn
In this one day conference, content that will be covered includes:
- Investigating a Data Breach – Preserving the Evidence
- Extortion and Exfiltration: The New Age of Ransomware
- Zero Trust Principles and Approaches
- How to Avoid Developing a “Cyber Slouch” – CyberSecurity Posture
- How to Help the Business Understand, Cybersecurity is not just an IT Problem to Solve. It’s Critical Business Risk they have to Manage
- Zero Trust Microsegmentation: Stopping Lateral Movement Before it Starts
- Fear, Uncertainty, and Doubt: The Data Breach as a Wartime Influence Tactic
- CyberThreats – How CISOs are Responding to Current & Emerging Security Risks (Panel Discussion)
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
CONFERENCE AGENDA
8:00am – 9:00am: Registration and Continental Breakfast
9:00am – 9:50am: CISO Fireside Chat: How to Help the Business Understand, Cybersecurity is not just an IT Problem to Solve. It’s Critical Business Risk they have to Manage
Annur Sumar, CTO, CloudUnity
Elizabeth Ogunti, CISA, CRISC, CISM, Chief Information Security Officer, JBT Corporation
Brian Palmer, Director IT Security & Infrastructure, Ventas
Laszlo Gonc, Founder, Next Era Transformation Group
What you don’t know can hurt you. Most companies fall victim to attacks because the C-suite doesn’t understand the risk, and the IT practitioners speak a language that doesn’t resonate with business leaders. Together, they learn the hard way what accountability, legal obligations and liability look like in the wake of a cyber incident. The chain of accountability begins with executive awareness cyber risks, and an understanding of resulting obligations.
Sumar Ogunti Palmer Gonc
9:50am – 10:20am: Refreshment & Exhibit Break
10:20am – 11:10am: Zero Trust Microsegmentation: Stopping Lateral Movement Before it Starts
Matt Johnson, Technical Account Director, TrueFort
Nation-State and organized criminal gangs are attacking critical infrastructure, manufacturing, health care, and nearly every other vertical, large and small, from all directions. It’s not a matter of if you will be breached, it’s when. Unhindered lateral movement is the cause of most malware and ransomware attacks. Matt Johnson will discuss the Zero Trust philosophy, the importance of universal visibility, enforced microsegmentation, integrations, and reporting capabilities in an interactive conversation about the challenges that InfoSec teams face on a day-to-day basis.
Johnson
11:10am – 12:00pm: Zero Trust Principles and Approaches
Tony Sabah, Head of Channel Security Engineering for the Americas, Check Point Software
Defining what is zero trust, what it isn’t and why it matters. Then we will explore the typical digital transformation journey and how to apply zero trust. Lastly comparing and combining Zero Trust frameworks from Forrester, Gartner and NIST into an actionable strategy for defense and protection.
Sabaj
12:00pm – 12:40pm: Lunch & Exhibit Break
12:40pm – 1:30pm: Extortion and Exfiltration: The New Age of Ransomware
Doug Lubahn, F/Lt. Michigan State Police (Ret.), VP Customer Success BlackFog
Ransomware is the number one cybersecurity concern globally. Its ever-evolving nature creates new strains, tactic changes and sophisticated attacks that cybersecurity professionals struggle to keep up with. One notable shift in the ransomware landscape is the move from traditional encryption tactics to data exfiltration and extortion.
Criminal gangs understand that data is the ultimate prize, and 90% of ransomware attacks now involve data exfiltration, as ransomware groups focus on stealing sensitive data for the purpose of extortion.
It is clear that with a change in tactic, cybersecurity professionals require a new approach and new way of thinking when it comes to tackling the issue of ransomware. Successful ransomware attacks require data exfiltration – if the threat actors can’t steal the data, then organizations won’t suffer data loss, breaches or be extorted for its return.
In this talk we’ll discuss:
- How organizations can prevent data exfiltration
- Why preventing data exfiltration is critical in the fight against ransomware
- Why traditional detection and response solutions are failing to prevent these attacks
- How organizations can leverage anti data exfiltration technology to secure their data and prevent attacks
Lubahn
1:30pm – 2:20pm: How to Avoid Developing a “Cyber Slouch” – CyberSecurity Posture
Larry Slusser, Vice President & Global Head Professional Services, SecurityScorecard
Josh Fazio, Vice President Solutions Engineering, SecurityScorecard
The key to preparing, defending, and responding to Cyber Attacks. SecurityScorecard’s Josh Fazio and Larry Slusser will discuss the ins and outs of cyber security posture, how it applies to your organization’s cyber security, and your 3rd party vendor landscape. They will also cover in detail how you can help your company improve its cyber security posture, and provide practical examples of how your company can be ready for anything in our ever shifting cyber security landscape.
Slusser Fazio
2:20pm – 3:00pm: Investigating a Data Breach – Preserving the Evidence
Patrick Benson, Senior Systems Engineer – North Central, Veeam
Ed Teune, Sr. Systems Engineer, Exagrid
Data breaches occur whether unintentional or as part of criminal and malicious activities. Organizations need to have measures in place prior to a breach to ensure that critical records and logs are available for investigation. Determining the extent of a breach, how it occurred, and what vulnerabilities may still exist are key practices following a data breach event. Learn how your backup infrastructure and archived data are essential tools to understanding how a data breach took place, and how you can prevent future data breaches from occurring.
Benson Teune
3:00pm – 3:30pm: Refreshment & Exhibit Break
3:30pm – 4:10pm: Fear, Uncertainty, and Doubt: The Data Breach as a Wartime Influence Tactic
Alexander Leslie, Associate Threat Intelligence Analyst, Recorded Future
One of the most serious attacks an organization may face is the data breach. Data breaches come with brand impairment, compliance, and third-party risks that have the capacity to significantly damage the administration and operations of a potential victim. Despite these obvious risks, there is another risk that is lurking in the background — foreign influence operations. In a wartime context, data breaches are routinely leveraged by cybercriminals, hacktivists, mercenaries, and state-sponsored actors to advance their influence objectives, sow chaos, and even make some money on the side. These data breaches might be targeted, but are largely opportunistic. Data breaches are often woven into broader malign narratives that seek to undermine reputation and integrity.
It is important for industry leaders to recognize that some data breaches, while financially motivated in nature at first glance, may come with ulterior motives. It is important to understand data breaches in a broader geopolitical context, when necessary. This session will demonstrate the value of confidence levels and credibility ratings in threat intelligence products, teach attendees valuable tips for validating unverified claims, and contextualize data breaches in broader situations. It is important that leaders avoid making hasty decisions that might jeopardize their strategic posture, especially if those decisions are based on disinformation.
Using current, unique, and previously undisclosed case studies from the wars in Ukraine, Israel, Nagorno-Karabakh, and other conflict zones, we can better understand how threat actors leverage the data breach as a scare tactic to enable influence operations and spread fear, uncertainty, and doubt among our industry.
Leslie
4:10pm – 5:00pm: CyberThreats – How CISOs are Responding to Current & Emerging Security Risks (Panel Discussion)
In this session attendees will learn from a distinguished panel of CISOs sharing their thoughts on:
- Mitigating Business Email Compromise
- Responding to Ransomware
- Reducing Risk to the Business in 2023
Moderated by: Snehal Contractor, VP Worldwide Systems Engineering & Technical Services, Stellar Cyber
Panelists will include:
- Nitin Raina, Global CISO and Global Head of Enterprise Risk, Thoughtworks
- Mark Houpt, CISO, DataBank, Ltd.
- Victor Hsiang, CISO, GATX
- Bruce Coffing, Chief Information Security Officer, City of Chicago
- Jonathan Lampe, InfoSec Sr. Manager, Milwaukee Tool
- Other CISOs & Security Executives sharing strategies, tactics, and lessons learned
Contractor Raina Houpt Hsiang Coffing Lampe
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Exhibits
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.
CONFERENCE SPONSORS
