Topic: Information Security

  Presented by Mike Brown, Sr Systems Engineer • Axonius

In today’s rapidly evolving security landscape, organizations face the challenge of managing a wide array of tools across endpoints, identities, and networks. While each tool serves a critical purpose, they often operate in isolation, creating silos that obscure visibility and expose vulnerabilities. This session will address how the fragmentation of security systems and data increases attack surfaces and how integrating a unified cyber asset management approach can significantly reduce attack exposure.

Join us as we explore how security professionals can move beyond disconnected tools to leverage a single, comprehensive view of their assets and threat exposures. We’ll highlight practical steps and present a preview of an end-to-end solution designed to break down silos, provide full cyber asset visibility, and enable a more holistic approach to minimizing security risks.

As technology continues to evolve, managing disparate security systems will remain a pressing challenge. This session will offer actionable insights to security professionals looking to streamline their approach and safeguard their organizations from the growing complexities of cyber threats.

  Presented by Palo Alto Networks

As work increasingly moves to the cloud, traditional network perimeters dissolve, and the browser becomes the new frontline for productivity and risk. This presentation explores how Prisma Access Browser is redefining security by shifting focus from network-based controls to the user’s primary workspace: the Browser. We’ll dive into how this solution uniquely protects users and data at the browser level. Join us to understand how a secure, zero-trust approach to browser activity can streamline compliance, enhance user experience, and fortify your security posture without compromising productivity. This session includes a live demo.

  Presented by HPE Aruba Networking

Ransomware and targeted cyber security threats are on the rise. A proactive prevention strategy should use both tried and proven methodologies as well as new and emerging technologies. East West traffic identification and isolation is key in preventing malicious content from spreading, both in the Data Center and at the Campus Edge of the network. We will focus on innovative approaches to address the security compliance, performance, agility, and scalability demands of today’s highly distributed, hybrid, network environments.

  Presented by Chaney Edwards, Sr Security Solutions Engineer • Rapid7

We will begin focusing on building a framework that we will dive into the elements of in greater detail later in the presentation. These elements will be:

1. Know your leadership, user base, regulations, and requirements
2. Building policy and procedures
3. Scan scheduling, design, and validation
4. Remediation and exception processes
5. Validation of program
6. Flexibility and the OODA loop

We will start by focusing on the importance of knowing your leadership, user base, regulations, and requirements –– and ensuring others know that Leadership and Management buy-in is critical to the success of the program. We will talk about how to interact with your user base and what you should communicate with those individuals. We will also touch on how regulations and business requirements will play a part in your program design as well. Next, we will spend time on building policy and procedures and understanding the hierarchy and differences around Information Security Policy vs. Guidelines vs. Procedures.

From there we will shift gears and focus on scan scheduling, design, and validation of the scans in place. While many feel this is the most important part of a program, getting the data is the least important part of the whole process and we will discuss why that is. We will cover topics including scan frequency, targets, and validation. We will touch on the benefits of tagging, the use of agents, and reporting. The focus will be that there is no “right way” to scan and rather several considerations to guide you to what is right for you and your environment. We will also discuss remediation methods and how to track said remediations. With any remediation process, exceptions will occur, and we will touch on best practices for not only accepting that risk into your environment but curating that list for a continual review.

Finally, we will discuss program validation, flexibility, and the OODA loop (Observer, Orient, Decide, Act) and how where you are on day one in your program will inevitably change over time. For validation we will cover reporting not only to leadership but to internal stakeholders like security and governance programs, but also the user base as well. We will discuss topics requiring your program to be flexible like new assets, mergers and acquisitions, new projects, leadership changes, and more. Leveraging the OODA loop we will discuss processes to help tackle these changes and ensure your program can survive an ever-changing landscape.

The session will then end with a live Q&A to discuss any topics had or to field any thoughts on the matter to garner a collaborative end to the talk and allow for audience participation.

  Presented by Tanner Harrison, Systems Engineer • Fortinet

Today’s ever-changing threat landscape challenges traditional security models. The emergence of the Zero Trust model represents a transformative approach, reshaping how organizations protect their assets. This presentation aims to demystify Zero Trust, offering a comprehensive understanding that goes beyond buzzwords. We will explore the foundational concepts of Zero Trust, emphasizing the “never trust, always verify” philosophy. By the end of this session, attendees will be equipped with the knowledge to begin their Zero Trust journey, enhancing their security posture, and protecting critical data and systems from modern threats. Whether you are a security professional, IT manager, or organizational leader, this discussion will empower you to take decisive action toward a more secure future.