Presented by Chaney Edwards, Sr Security Solutions Engineer • Rapid7

We will begin focusing on building a framework that we will dive into the elements of in greater detail later in the presentation. These elements will be:

1. Know your leadership, user base, regulations, and requirements
2. Building policy and procedures
3. Scan scheduling, design, and validation
4. Remediation and exception processes
5. Validation of program
6. Flexibility and the OODA loop

We will start by focusing on the importance of knowing your leadership, user base, regulations, and requirements –– and ensuring others know that Leadership and Management buy-in is critical to the success of the program. We will talk about how to interact with your user base and what you should communicate with those individuals. We will also touch on how regulations and business requirements will play a part in your program design as well. Next, we will spend time on building policy and procedures and understanding the hierarchy and differences around Information Security Policy vs. Guidelines vs. Procedures.

From there we will shift gears and focus on scan scheduling, design, and validation of the scans in place. While many feel this is the most important part of a program, getting the data is the least important part of the whole process and we will discuss why that is. We will cover topics including scan frequency, targets, and validation. We will touch on the benefits of tagging, the use of agents, and reporting. The focus will be that there is no "right way" to scan and rather several considerations to guide you to what is right for you and your environment. We will also discuss remediation methods and how to track said remediations. With any remediation process, exceptions will occur, and we will touch on best practices for not only accepting that risk into your environment but curating that list for a continual review.

Finally, we will discuss program validation, flexibility, and the OODA loop (Observer, Orient, Decide, Act) and how where you are on day one in your program will inevitably change over time. For validation we will cover reporting not only to leadership but to internal stakeholders like security and governance programs, but also the user base as well. We will discuss topics requiring your program to be flexible like new assets, mergers and acquisitions, new projects, leadership changes, and more. Leveraging the OODA loop we will discuss processes to help tackle these changes and ensure your program can survive an ever-changing landscape.

The session will then end with a live Q&A to discuss any topics had or to field any thoughts on the matter to garner a collaborative end to the talk and allow for audience participation.

  Presented by Mike Brown, Sr Systems Engineer • Axonius

In today’s rapidly evolving security landscape, organizations face the challenge of managing a wide array of tools across endpoints, identities, and networks. While each tool serves a critical purpose, they often operate in isolation, creating silos that obscure visibility and expose vulnerabilities. This session will address how the fragmentation of security systems and data increases attack surfaces and how integrating a unified cyber asset management approach can significantly reduce attack exposure.

Join us as we explore how security professionals can move beyond disconnected tools to leverage a single, comprehensive view of their assets and threat exposures. We’ll highlight practical steps and present a preview of an end-to-end solution designed to break down silos, provide full cyber asset visibility, and enable a more holistic approach to minimizing security risks.

As technology continues to evolve, managing disparate security systems will remain a pressing challenge. This session will offer actionable insights to security professionals looking to streamline their approach and safeguard their organizations from the growing complexities of cyber threats.

  Presented by Tony Kelly, Sr Manager, Sales Engineering • Lookout

Cloud breaches are now happening in minutes, not months. Threat actors are exploiting the fact that mobile devices are more susceptible to social engineering, enabling them to gain direct access to cloud infrastructure and swiftly compromise data. Join us for this 50-minute presentation to learn:

• How the traditional cyber kill chain has evolved to exploit mobile users
• Why attacks utilizing a mobile device are increasing
• What makes your organization vulnerable to a modern-day attack
• Why stopping breaches requires the ability to identify anomalous data movements
• The three key capabilities you need to defend against modern breaches

  Presented by Ian Clatworthy, Global Director, Infrastructure Product Marketing • Hitachi Vantara

Balancing the need for substantial data infrastructure with more eco-friendly policies should be top of all organizational to-do lists. Rather than a competition between corporations, these initiatives should be focused on the larger benefit of a healthier world. That’s why creating a specific data center decarbonization strategy will be key. This will range from improving the visibility and measurement of power usage, to actually reducing the carbon footprint of each operational layer. But where should organizations begin?

Ian comes from a customer background in Formula 1 and World Rallying. Having a deep understanding of technology and its benefits he took his skills into technology sales and marketing with Dell and HDS. Today he leads Product Marketing for data infrastructure technologies at Hitachi Vantara.

  Presented by Hubert Ralph Bonnell, CISSP, CCSM – Security Engineer • Check Point

As artificial intelligence (AI) permeates our lives, it's crucial to address the cybersecurity challenges it presents. In this dynamic landscape, AI will be utilized by both attackers and defenders. We will explore the opportunities of leveraging AI to enhance your business and defenses while acknowledging the potential risks. AI-powered attacks, opaque AI systems, and a lack of standardized security practices demand proactive measures, rigorous protocols, and transparent designs to ensure a secure AI ecosystem.

  Presented by Bill Wester, Sr Product Manager  • Juniper Networks

The presentation will focus on Juniper Apstra and Designing Data Centers with Intent. We will discuss the design, deployment, and operation of modern EVPN VXLAN data centers and talk about how machine learning and AI are helping to make data center operations easier for the operators. We hope that the attendees will take away a new appreciation of how modern automation can help solve the hardest data center problems with ease.

  Presented by Structured

This presentation explores the integration and security of Generative AI services such as Microsoft Copilot in the modern enterprise and the important security considerations IT needs to address to ensure the secure and successful adoption of these transformative new technologies.

  Presented by Palo Alto Networks

As work increasingly moves to the cloud, traditional network perimeters dissolve, and the browser becomes the new frontline for productivity and risk. This presentation explores how Prisma Access Browser is redefining security by shifting focus from network-based controls to the user’s primary workspace: the Browser. We’ll dive into how this solution uniquely protects users and data at the browser level. Join us to understand how a secure, zero-trust approach to browser activity can streamline compliance, enhance user experience, and fortify your security posture without compromising productivity. This session includes a live demo.

  Presented by HPE Aruba Networking

Ransomware and targeted cyber security threats are on the rise. A proactive prevention strategy should use both tried and proven methodologies as well as new and emerging technologies. East West traffic identification and isolation is key in preventing malicious content from spreading, both in the Data Center and at the Campus Edge of the network. We will focus on innovative approaches to address the security compliance, performance, agility, and scalability demands of today’s highly distributed, hybrid, network environments.

  Presented by Brian Anderson, Global Field CTO • Cato Networks

In this session, we’ll explore how a converged SASE platform combined with AI and machine learning (ML) enables real-time threat detection and mitigation, transforming network security from a reactive to a proactive model. The focus will be on how AI-driven solutions within the SASE framework can identify, analyze, and neutralize security threats in real time across distributed environments.

Brian Anderson, Global Field CTO at Cato, has over 20 years of experience in technology, working with networks, systems, application development, and security specializing in automation. Brian has worked to architect, attack, integrate, and secure networks and applications for emergency notification systems, government environments, healthcare organizations, transactional and e-commerce, including multi-tier cloud-based solutions, and has had a focus on web, database, and network and infrastructure security for the past 13 years at Imperva.

  Presented by Island & Abnormal

In today's dynamic business environment, organizations are increasingly seeking ways to modernize their application delivery infrastructure. The Enterprise Browser (EB) has emerged as a powerful solution that addresses the evolving needs of enterprises. This presentation explores the key features and benefits of the EB, highlighting how it can transform application delivery for enhanced security, productivity, and user experience while reducing IT infrastructure and support costs.

  Presented by Tanner Harrison, Systems Engineer • Fortinet

Today's ever-changing threat landscape challenges traditional security models. The emergence of the Zero Trust model represents a transformative approach, reshaping how organizations protect their assets. This presentation aims to demystify Zero Trust, offering a comprehensive understanding that goes beyond buzzwords. We will explore the foundational concepts of Zero Trust, emphasizing the "never trust, always verify" philosophy. By the end of this session, attendees will be equipped with the knowledge to begin their Zero Trust journey, enhancing their security posture, and protecting critical data and systems from modern threats. Whether you are a security professional, IT manager, or organizational leader, this discussion will empower you to take decisive action toward a more secure future.

  Presented by Charles Killmer, Sr Security Analyst and Solution Architect • FRSecure

In this presentation, we’ll explore the critical role of allowlisting in enhancing network security. By focusing on controlling both ingress and egress traffic, allowlisting ensures that only trusted traffic is permitted, reducing the attack surface and minimizing vulnerabilities. Learn how adopting a comprehensive allowlisting strategy can help build a secure, resilient network fortress, protecting your systems from malicious threats and unauthorized access. Whether you're implementing it for the first time or refining your approach, this session will highlight best practices and common pitfalls.

  Presented by Teddy Nicoghosian, Principal Technical Product Marketing Manager, Network Security • Barracuda & BlackPoint IT

The presentation by Barracuda and BlackPoint IT Services highlights the importance of an end-to-end, proactive security strategy. It details every phase of a ransomware attack—from the initial arrival of a malicious email to the final steps of recovery—demonstrating that a comprehensive understanding of the entire attack lifecycle is essential. This insight allows organizations to design defenses that are not only robust and all-encompassing but also flexible enough to adapt to the constantly evolving threat landscape.

  Presented by Brian Knopp, Principal Sales Engineer, US • Arctic Wolf

Building and maintaining an internal SOC operation is hard. We’ll discuss why it’s imperative that organizations lean on 3rd party partners to provide 24x7 monitoring across your collective attack surfaces.