Topic: Information Security

Seminar Topics

[1 CPE] Fireside Chat: Why the Village of Los Lunas Adopted a Continuous Threat Exposure Management Strategy

  Presented by Ken Ballard, Vice President of FortifyData and Luis Brown, IT Director for the Village of Los Lunas

Join Luis Brown, IT Director for the Village of Los Lunas and FortifyData’s Ken Ballard who will interview Luis on the challenges that led to the decision. This will cover what continuous threat exposure management is and explore the challenges and considerations that Luis was facing in how their IT team can effectively identify and manage cyber risks. Some of the issues include how to get the full picture of attack surface threats with accurate asset identification, integrating risk data from disparate sources, and efficiently managing all of this for the team to respond.

[1 CPE] Go Hack Yourself: War Stories from ~20k Pentests

  Presented by Habibeh Deyhim, Director of Customer Success • Horizon3.ai

In an ecosystem where you know you’re being targeted daily, how can you prove you’re secure? Are you finding and fixing the most critical attack paths, logging the right data, and alerting on the right events? Do you know if you’re ready to respond to an incident and are your security controls configured and integrated correctly? All this effort is supposed to measurably reduce your risk, but is any of it working?

Join Habibeh Deyhim, Director of Customer Success at Horizon3.ai, to learn a proven way to find, fix, and verify that you’re secure. Habibeh will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. And you’ll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world – with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today!

[1 CPE] How Do You Secure ANY-ANY-NOW?

  Presented by Gregory Pepper, Security Architect, Office of the CTO • Check Point Software Technologies

  • ANY Device
  • ANY Location
  • Access To Corporate Resources NOW

Today, more than any other time in history, we are digitally connected. With a continuous rise in mobile-related attacks, and an ever-increasing use of mobile devices to perform business tasks, protecting your organization from mobile threats is more critical than ever. Despite our best efforts, threats and breaches continue to increase.

Join Greg Pepper for this insightful presentation to learn about the latest mobile and user protection including Check Point’s Harmony suite for securing users and access. Today’s mobile security needs to prevent the download of malicious files to mobile devices, not just from the web and email but also from collaboration tools like Teams and Slack, and others. Learn how you can achieve 99.7% efficacy against zero-day threats across your entire enterprise leveraging ThreatCloud, an industry-leading threat intelligence solution.

[1 CPE] Plan, React, and Recover: An Incident Response Workshop (Part 2)

  Presented by Dan Brown and Ronald Waters, Cybersecurity Advisors • Cybersecurity and Infrastructure Security Agency

Incident Management can be frequently looked at in a causal manner –– until it happens to you. Do you have the correct plan in action? Have you ever tested your incident plan? Join us for an extended workshop to discuss the parties that need to be involved in this response plan. Our speakers will also share strategies on how often you should test and update your plan.

The Cyber Risk Landscape will also be examined. While threat actors are coming from multiple areas, you will be prepared to consider the insider threat as well. Join us for this two-hour session for an extensive workshop for you to develop a thorough incident response plan.

The experts on this panel are Cyber Security Advisors for the federal agency known as CISA, The Cybersecurity and Infrastructure Security Agency. They will help you assess your environment, identify vulnerabilities, and provide education about the latest threats you will face. CISA has many resources available for you and those will be discussed as well.

[1 CPE] Maelstrom of Security

  Presented by Jerry Petru, President • InfraGard Washington

This session is designed for individuals responsible for their organizations’ Confidentiality, Integrity, and Availability from the front door firewall administrator with IDS/IPS, cloud, compliance, data governance, and networking all the way to the Chief Executives of an organization. In a world of ever-changing threat landscapes, this session will cover the overall magnitude of the challenge! We’ll discuss the evolution as it took place and what to do about fixing what is in our hands today.

We’ll cover how to speak to the C-Suite and get the business side of the conversation to move toward better security hygiene and answer the question of how much security is enough. This session is truly about information security risk. The risk is Very High for all organizations. The NIST 800-30 defines Very High Risk as that of a threat event that could be expected to have multiple severe or catastrophic adverse effects on organizational operations, organizational assets, individuals, other organizations, or the Nation. The discussion will be open and free-flowing, covering real-world business issues and providing a platform to ask your questions.

Bio: Jerry Petru is the President of the Washington State InfraGard Chapter and a Fellow of the British Computer Society, The Charted Institute for IT. He is an innovative and technically sophisticated professional, offering substantial years of broad-based experience in evaluating large corporate systems. Powered with a comprehensive background in development and implementation, he has authored more than forty-seven different courses based on AIX, Encryption, Linux, Networking, Security, and Virtualization technologies teaching to an audience of tens of thousands around the world for the past twenty-five years.

Mr. Petru is equipped with a proven track record of success in designing and implementing systems and policies based on Confidentiality, Integrity, and Availability to meet business continuity and disaster recovery for long-range strategic plans of Fortune 100 Companies. He is also armed with stellar qualifications in all facets of project lifecycle development, from initial analysis and conceptual design to implementation, quality review, and enhancement to optimize operational efficiencies that improve business and IT operations.

[1 CPE] Zero Trust Framework as a Baseline for Identity Management

  Presented by Andrew Massi, Digital Security Consultant, Identity • Entrust

With the recent increase in cyber-attacks that involve the use of weak / compromised credentials, it is critical for organizations to secure their environment and resources with a Zero Trust framework and a Phishing resistant RBA in mind. Organizations can establish trust through verifiable, phishing-resistant, certificate-based identities across users, devices, and apps to implement a secure first line of defense against cyberattacks.

Today’s technology leaders must navigate different tools and methodologies yet remain confident they’re quantifying risk effectively. During this session, we’ll be discussing emerging digital security trends and how your peers are shaping the way the market approaches cybersecurity and risk management.

Specifically, we will discuss:

  • How to establish trust across users, devices, and apps that secure a first line of defense
  • How to support the Zero Trust framework through the adoption of Phishing resistant passwordless authentication

[1 CPE] AI, ML, and the Cybersecurity Checklist

  Presented by Paul Carugati • Global Head of Information Security, Syngenta

The dynamic threat landscape is evolving as new cyberattack methods are introduced daily. Generative Artificial Intelligence (AI) and Machine Learning (ML) algorithms are equally evolving and becoming more sophisticated. Navigating AI/ML services against your organization’s cybersecurity risk posture is a maturing discipline, but it may be more familiar than you think. Let’s discuss the practical risk elements of AI & ML in the modern enterprise and how best to protect, detect, respond, and recover from cybersecurity incidents.

Paul is a seasoned IT and Information Security leader with over 20 years of experience in Fortune 300 enterprises. An accomplished information security executive, Paul has a proven ability in the successful execution of global Cybersecurity and Risk Management programs. Paul specializes in building high-performing security teams and fostering a culture of data protection through business enablement, achieving positive, measurable behavioral change through accountability and integrity.

[1 CPE] Zero Trust—Let’s Dive into Security

  Presented by Kevin Heide, Director of Enterprise Networking • Cerium Networks

Spend the morning with us while we explore the world of Zero Trust Architecture—but with a twist. Instead of a high-level overview of this strategic cybersecurity approach, we’ll get hands-on and show you practical examples using tools and environments that most of us are already familiar with.

Buckle up and join us on this exciting journey as we learn how to integrate different elements and policies across our organizations. We’ll also focus on optimizing our policies and enhancing threat protection.

[1 CPE] Seeing Your Attack Surface Through the Eyes of an Adversary

  Presented by Palo Alto Networks

Modern attack surfaces are dynamic. Without clear visibility that is constantly updated, it is all too easy to have persistent exposures and unmanaged assets. Security practitioners can only be as good as the data they have, so having a strong foundation of continuous discovery and monitoring ensures you can keep up with modern, dynamic attack surfaces to find, prioritize, and mitigate exposures as they arise.

[1 CPE] Plan, React, and Recover: An Incident Response Workshop (Part 1)

  Presented by Dan Brown and Ronald Watters, Cybersecurity Advisors • Cybersecurity and Infrastructure Security Agency

Incident Management can be frequently looked at in a causal manner –– until it happens to you. Do you have the correct plan in action? Have you ever tested your incident plan? Join us for an extended workshop to discuss the parties that need to be involved in this response plan. Our speakers will also share strategies on how often you should test and update your plan.

The Cyber Risk Landscape will also be examined. While threat actors are coming from multiple areas, you will be prepared to consider the insider threat as well. Join us for this two-hour session for an extensive workshop for you to develop a thorough incident response plan.

The experts on this panel are Cyber Security Advisors for the federal agency known as CISA, The Cybersecurity and Infrastructure Security Agency. They will help you assess your environment, identify vulnerabilities, and provide education about the latest threats you will face. CISA has many resources available for you and those will be discussed as well.

Speaker Details:

Dan Brown serves as the Cybersecurity Advisor for Eastern Washington and is based in Spokane, WA. He supports CISA’s mission of leading the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.

He offers CISA resources that coordinate cyber preparedness, risk mitigation, and incident response. He provides cybersecurity resources, including assessments, to public and private stakeholders in the nations’ sixteen critical infrastructures, including auxiliary support for state, local, tribal, and territorial government entities.

Prior to joining CISA, Dan worked in information technology and cybersecurity for more than 25 years. Most recently, he worked at the Community Colleges of Spokane as their Information Security Officer (ISO). Before that, he worked for 17 years at Washington State University as an Assistant Director of Systems and Security.

His education includes an undergraduate degree in Management Information Systems (MIS) from Eastern Washington University and an M.B.A. from Washington State University. Current certifications include CISSP, CISM, and ITIL foundation.

Ron Watters serves as the Region 10 Private Sector Cybersecurity Advisor for CISA. Based in Seattle, WA, he supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation’s critical infrastructure.

His program coordinates cyber preparedness, risk mitigation, and incident response, and provides cyber security resources, including assessments, to the nation’s sixteen critical infrastructure sectors and state, local, tribal, and territorial government entities.

Before joining DHS, Ron served 27 years with the U.S. Navy and Naval Reserve as a Submarine Sonar Technician and Diver. Ron interviewed and was hired as the Region X Cybersecurity advisor in June of 2017 and has filled that position presently.