Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19

New to Cyber Summit 2021 - Live Online

Virtual, US Eastern | Wed, Apr 21, 2021

New to Cyber Summit | FREE Summit: Wednesday, April 21

We're opening this virtual Summit to the community!
Register now for FREE

Skill Building Track | Career Planning Track | SANS BootUp CTF


Wednesday, April 21 – Skill Building Track

8:00-8:10 am EDT

(12:00-12:10 UTC)

Welcome & Opening Remarks

David J. Bianco @DavidJBianco, Summit Co-Chair
Phil Hagen @PhilHagen, Summit Co-Chair

calendarAdd to Calendar

8:10-9:00 am EDT

(12:10-13:00 UTC)

Networking Basics

James Lyne @jameslyne, CTO, SANS Institute

calendarAdd to Calendar

9:00-9:55 am EDT

(13:00-13:55 UTC)

Introduction to Security Architecture

Ronald Eddings @ronaldeddings, Security Architect, Marqeta, Inc.; Co-Host, Hacker Valley Studio Podcast @TheHackerValley

calendarAdd to Calendar

Building a security program is like playing a game of chess. An organization's security architecture is the chessboard and the game pieces are security controls, policies, and guidelines. To use all of these components to keep an organization safe, a security architect must have a well-rounded background and understanding in security engineering, intrusion detection, red teaming, and collaborating with others outside of security. In this track, security architecture foundations will be shared and paths on how to become a security architect.

10:00-10:50 am

(14:00-14:50 UTC)

Keynote

Your Career in Application Security


Tanya Janca @shehackspurple, CEO & Founder, She Hacks Purple

calendarAdd to Calendar

There are many different jobs and career paths in the IT Security field, and this keynote will introduce you to application security, from start to finish. What IS IT? Is it right for you? How do you get started? Are there a lot of jobs in this niche of security? (spoiler alert: there are lots of jobs!). Our industry needs you, and this talk will try to sway you towards a software-security-focused role!

10:50-11:00 am EDT

(14:50-15:00 UTC)

Break

11:00-11:25 am EDT

(15:00-15:25 UTC)

Heroes in a Bash Shell: The Linux Command Line

Timothy Brush @TimothyBrush, Associate Instructor, SANS Institute

calendarAdd to Calendar

The command line remains the preferred interface of computer ninjas. The journey to mastery begins with a single step. Cowabunga!

11:30am-12:25 pm EDT

(15:30-16:25 UTC)

Intro to Social Engineering

Jen Fox @J_Fox, Security Program Specialist, Domino's

calendarAdd to Calendar

12:25-1:00 pm EDT

(16:25-17:00 UTC)

Break

1:00-1:55 pm EDT

(17:00-17:55 UTC)

Infosec Snake Wrangling: Intro to Python

Mark Baggett @MarkBaggett, Senior Instructor, Author, SEC573, SANS Institute

calendarAdd to Calendar

The information security community has developed a wealth of amazingly useful and free tools written in Python. The ability to install and run these tools is an essential skill for everyone in this profession. However, most people are doing it wrong. In this talk we will discuss how to properly manage your Python environment and applications.

2:00-2:25 pm EDT

(18:00-18:25 UTC)

Hands-On Learning: How and Why You Should Build a Home Lab

Tyrone E. Wilson @tywilson21, Founder, Cover6 Security Solutions, DC Cybersecurity Professionals Meetup @DCCyberWarriors

calendarAdd to Calendar

Maybe you’re a kinesthetic learner, who absorbs information by touching and manipulating your environment. Maybe you want to try breaking and fixing things in a low-risk environment. Maybe you just want to play around with a soldering iron. For all these reasons and more, building a home lab is a great way to learn, practice, and experiment. Don’t worry if you don’t have much extra space or any extra money. There are lots of ways to build a home lab to create your very own hands-on learning environment.

2:30-3:20 pm EDT

(18:30-19:20 UTC)

How to Get Experience When You Have No Experience

Kevin Garvey, Instructor, SANS MGT512
Frank Kim, Fellow, SANS Institute

calendarAdd to Calendar

It's the classic Catch-22 for newbies in any field. No one wants to give you an opportunity without a track record, but you can't even get in the race without... experience. Kevin Garvey, host of the five-part HR + Cybersecurity webcast series, will offer creative ways to build skills and beef up a resume when you're brand new. Kevin will share ideas in conversation with Frank Kim, the lead for the SANS Cybersecurity Leadership Curriculum and former CISO and take your questions in real time!

3:30-3:55 pm EDT

(19:30-19:55 UTC)

The Nuts & Bolts of Cryptography & Everyday Cybersecurity

Rajvi Khanjan Shroff, Founder, Project Cyber

calendarAdd to Calendar

The online world has become an extension of our daily lives, and we live digitally all day, every day. The security that underpins the virtual world deals with an interesting field: Cryptography. Do you know what cryptographic hashes are? And fun fact: Salt isn't just used in cooking, but in cybersecurity too! The talk will cover these, and more: we will start with an overview of how we use cryptography over the Internet and the technical concepts that make it run. Learn about asymmetric and symmetric keys, the principle behind common algorithms used in encryption (such as Diffie-Hellman Key Exchange and the RSA algorithm), and how certificates and cryptographic checksums (like the SHA-256) can be used. It will start with the fundamentals, and move to concepts such as the Public Key Infrastructure---explained simply!

4:00-4:55 pm EDT

(20:00-20:55 UTC)

Identifying & Countering Cognitive Bias

Rick Holland @rickhholland, CISO, Digital Shadows

calendarAdd to Calendar

It doesn't matter if you are pursuing a red team or a blue team career, an operational or leadership role; you will have to make critical decisions for yourself and your organization. These decisions will need to be made with limited information in dynamic and often stressful environments. To make the most of your cybersecurity career, you need to be at the top of your decision-making game. One way to do this is to be aware of cognitive biases and develop techniques to overcome them. Rick has a bias towards Marvel movies, so this talk will pull in decision-making analogies from your favorite superheroes and give you the tools to be aware of and overcome cognitive biases.

5:00-5:25 pm EDT

(21:00-21:25 UTC)

Windows Command Line & Intro to PowerShell

Mick Douglas @bettersafetynet, Certified Instructor, SANS Institute

calendarAdd to Calendar

5:30-5:55 pm EDT

(21:30-21:55 UTC)

Cloud Security Begins with the Shared Responsibility Model

AJ Yawn @AJYawn, Co-Founder and CEO at ByteChek, Founding Board Member of the National Association of Black Compliance and Risk Management Professional (NABCRMP)

calendarAdd to Calendar

A foundational concept in cloud security is the shared responsibility model. All major cloud providers (AWS, Azure, GCP) adhere to a shared security responsibility model, which means the companies using the cloud maintain some responsibilities for security as applications, data, containers, and workloads are moved to the cloud, while the cloud provider takes some responsibility, but not all. This session will provide an overview of what the shared responsibility model is and how it applies to understanding cloud security.

6:00-7:00 pm EDT

(22:00-23:00 UTC)

Happy Hour

calendarAdd to Calendar

Joining a professional association is a great way to build a supportive career network! Women's Society of Cyberjutsu, International Consortium of Minority Cybersecurity Professionals, and Women in Cybersecurity (WiCys) will host breakout sessions so you can learn about their organizations and meet others who are new to cyber. Or perhaps you'd like to attend a Q&A session about SANS's degree-granting programs or scholarship-based Academy programs. The sessions are free to attend, but you’ll need to complete a registration for the session of your choice.

Click to register

WSC

ICMCP

WiCyS

SANS Degree Programs, Academies, and HBCU Partnerships

Wednesday, April 21 – Career Planning Track

8:00-8:10 am EDT

(12:00-12:10 UTC)

Welcome & Opening Remarks

David J. Bianco @DavidJBianco, Summit Co-Chair
Phil Hagen @PhilHagen, Summit Co-Chair

calendarAdd to Calendar

8:10-9:00 am EDT

(12:10-13:00 UTC)

I Want to Work in Cybersecurity...Whatever That Means!


Ryan Kovar @meansec, Distinguished Security Strategist, Splunk

calendarAdd to Calendar

Maybe you saw the 60 minutes report on SolarWinds. Perhaps you've read the New York Times article about "3.5 million open cybersecurity jobs." Or maybe, like me, you were tired of fixing printers. The point is, you've been bitten by the cybersecurity job bug. But how do you get that first job? What if you don't have a technical degree? Or any degree? And what's the difference between a threat hunter, threat intelligence analyst, and SOC analyst? Join me for some practical advice on first roles and breaking down myths on getting started.

9:00-9:25 am EDT

(13:00-13:25 UTC)

Help Wanted: Cracking the Code of Cybersecurity Job Postings

Bill Seaman @billseaman2, Senior Technical Recruiter
Maureen Shrewsbury, Career Placement Specialist, SANS Institute

calendarAdd to Calendar

Job descriptions can be daunting, and deciding whether or not to apply is a big decision because you only get one chance to make a first impression. The reality is, you do not know if that job description is actually reflective of what is really required, or simply a wish list. There are many people, strategies, and methods involved in creating the job description, and if you only apply to the ones you can check all the requirements on, you are missing out on some great opportunities. We'll help you learn how to read between the lines of job postings.

9:30-9:55 am EDT

(13:30-13:55 UTC)

Job Role Spotlight: Incident Detection & Response

Joe Moles @FlyingMoney127, SVP - Operations, Red Canary

calendarAdd to Calendar

What is this incident detection and response you speak of? This talk will give you a primer of what this area of information security is, some tips to get there and possibly some fun stories for the trenches. Just remember: good guys wear blue.

10:00-10:50 am EDT

(14:00-14:50 UTC)

Keynote

Your Career in Application Security


Tanya Janca @shehackspurple, CEO & Founder, She Hacks Purple

calendarAdd to Calendar

There are many different jobs and career paths in the IT Security field, and this keynote will introduce you to application security, from start to finish. What IS IT? Is it right for you? How do you get started? Are there a lot of jobs in this niche of security? (spoiler alert: there are lots of jobs!). Our industry needs you, and this talk will try to sway you towards a software-security-focused role!

11:00-11:25 am EDT

(15:00-15:25 UTC)

Will You Mentor Me?: How to Ask For Help

Mari Galloway @marigalloway, Chief Executive Officer & Founding Board Member, Women's Society of Cyberjutsu (WSC)

calendarAdd to Calendar

Mentorship is a two-way street that can start right now. Learn best practices for finding, maintaining, and growing in a mentorship relationship.

11:30 am - 12:25 pm EDT

(15:30-16:25 UTC)

Landing a Job: Resumes and the Application Process

Lesley Carhart @hacks4pancakes, Principal Threat Analyst, Dragos

calendarAdd to Calendar

Résumé writing is full of fashions, nuances, and eccentricities. However, resumes are a critical part of the job-hunting process, and a poor résumé can mean not getting a chance to prove oneself in an interview. A first (and annual) stop for every professional should be a quality professional résumé editor. Unfortunately, most do not have adequate knowledge of cybersecurity to catch problems with content and terminology. Lesley Carhart has volunteered at and operated dozens of résumé review workshops and clinics for cybersecurity professionals. She will speak to the hiring authority side of résumé quality and success. What may a general editor miss? What catches the eye of hiring authorities? What is causing cybersecurity résumés to be automatically discarded by application systems?

12:25-1:00 pm EDT

(16:25-17:00 UTC)

Break

1:00-1:55 pm EDT

(17:00-17:55 UTC)

Getting Started: Your First Two Years in Your Cybersecurity Career

Tameika Reed, Senior Infrastructure Engineer, Expansia; Founder, Women in Linux @WomeninLinux

calendarAdd to Calendar

You have finally made it. All the studying, learning, and long nights have paid off. It’s over; you can relax… or so you think! Entering cybersecurity, the first two years can be daunting. How do you navigate, build your network, skill up and fail, and be a better cyber security engineer? Join Tameika Reed as she takes you on journey and provides some key tips to help in your career.

2:00-2:25 pm EDT

(18:00-18:25 UTC)

Job Role Spotlight: Insert $2 For an Offensive Security Career

Ryan O'Horo @redteamwrangler, Manager, Target

calendarAdd to Calendar

If we deconstruct a vending machine, can it teach us how to have a successful career in offensive security with skills we already have? Can the incentives of product security align with the desire to be paid to break interesting things?
You’ll learn about the numerous skills and roles in offensive security, and how each contributes to an organization’s mission. We’ll also explore the separate, but intersecting worlds of Makers and Breakers. Bonus: Ways to pivot those skills beyond offensive security as your career matures.

2:30-3:20 pm EDT

(18:30-19:20 UTC)

How to Get Experience When You Have No Experience

Kevin Garvey, Instructor, SANS MGT512
Frank Kim, Fellow, SANS Institute

calendarAdd to Calendar

It's the classic Catch-22 for newbies in any field. No one wants to give you an opportunity without a track record, but you can't even get in the race without... experience. Kevin Garvey, host of the five-part HR + Cybersecurity webcast series, will offer creative ways to build skills and beef up a resume when you're brand new. Kevin will share ideas in conversation with Frank Kim, the lead for the SANS Cybersecurity Leadership Curriculum and former CISO and take your questions in real time!

3:30-3:55 pm EDT

(19:30-19:55 UTC)

Job Role Spotlight: Cyber Threat Intelligence

Amy Bejtlich, Director of Intelligence Analysis, Dragos Inc.

calendarAdd to Calendar

4:00-4:55 pm EDT

(20:00-20:55 UTC)

Panel

Hack Your Growth - #LevelUP

Moderator: Mansi Thakar @mansimusa, COO, Womens Society of Cyberjutsu (WSC)
Panelists:
Mary N. Chaney, Esq., The Cyber Security Law Firm Of Texas
Apurv Singh Gautam@ASG_Sc0rpi0n, Student Researcher, Georgia Institute of Technology
Gina Sharp, Cybersecurity Subject Matter Expert

calendarAdd to Calendar

Whether you’ve landed your first or your fifth role in cyber, whether you're a student or thinking of studying cyber, this talk is for you! The distinguished panelists will share actionable ways to hack your growth in the industry, join the community and the resources available that will allow you to take the next step.

5:00-5:55 pm EDT

(21:00-21:55 UTC)

Panel

How Did I Get Here?

Moderator: Delisha Hodo @meticulous_d, Student Advisor, SANS HBCU Outreach & Engagement Coordinator, SANS Institute
Panelists:
Doug Bryant Jr. @cybergent_101, IT Security Analyst, Black Knight; Author, Computer Love: Love Letter & Log Analysis
Jessica Hyde @B1N2H3X, Director, Magnet Forensics
Litany Lineberry, PhD Student
Crystal Phinn, Cybersecurity Undergraduate

calendarAdd to Calendar

There's no right way to get into the field; there's also no wrong way! The practitioners on this panel will share their personal journeys and what they've learned along to way.

6:00-7:00 pm EDT

(22:00-23:00 UTC)

Happy Hour

calendarAdd to Calendar

Joining a professional association is a great way to build a supportive career network! Women's Society of Cyberjutsu, International Consortium of Minority Cybersecurity Professionals, and Women in Cybersecurity (WiCys) will host breakout sessions so you can learn about their organizations and meet others who are new to cyber. Or perhaps you'd like to attend a Q&A session about SANS's degree-granting programs or scholarship-based Academy programs. The sessions are free to attend, but you’ll need to complete a registration for the session of your choice.

Click to register

WSC

ICMCP

WiCyS

SANS Degree Programs, Academies, and HBCU Partnerships

Wednesday, April 21 - SANS BootUp CTF

April 21 at 6:00 PM EDT (22:00 UTC)

- April 23 at 6:00 PM EDT (22:00 UTC)

Following a packed day of sessions focused on career planning and skill building, take part in the SANS BootUp CTF. This 48-hour capture-the-flag event is a fun, casual way to test your cyber security skills in a hands-on environment. If you’re new to cyber security, BootUp is a great place to start – you’ll be surprised at how much you learn as you solve challenges using the integrated hint system.

You'll be able to register for SANS BootUp CTF beginning on April 14 through your SANS Account Dashboard. Summit registrants will be notified as soon as BootUp CTF registration opens.