Event Agenda | 10:00am - 4:00pm ET
|Welcome & Opening Remarks
Matt Bromiley, Event Chairperson, SANS Institute
Brian O'Donnell, Vice President, Carahsoft
|Session One | CISA, Federal Civilian Enterprise, and Zero Trust
Branko Bokan will discuss the approach Cybersecurity and Infrastructure Security Agency (CISA) takes to facilitate the adoption of zero trust in the federal civilian executive branch enterprise. CISA’s cybersecurity mission is to defend and secure cyberspace by leading national efforts to drive and enable effective national cyber defense. In a unique partnership between CISA and federal agencies, the federal enterprise leads the way towards continued modernization related to zero trust within a rapidly evolving environment and technology landscape.
Branko Bokan, Cybersecurity Specialist, Cybersecurity and Infrastructure Security Agency (CISA)
|Panel Discussion | Combatting Supply Chain Attacks with Zero Trust Strategies for Endpoint, Identity, and Network Security
With the increasing frequency and sophistication of supply chain attacks, it is critical for organizations to adopt a zero trust approach to their security strategy. This panel will bring together experts in endpoint, identity, and network security to discuss best practices for implementing zero trust in supply chain risk management. Panelists will explore the challenges and benefits of a zero trust model, share case studies of successful implementations, and provide practical advice for organizations looking to strengthen their security posture.
Ismael Valenzuela, Senior Instructor, SANS Institute
Hansang Bae, Public Sector Chief Technologist, Zscaler
Sean Frazier, Federal CSO, Okta
Andrew Harris, Sr. Director for Global Public Sector Technology Strategy, CrowdStrike
|Session Two | Making the Most of a Distributed Workforce
One might call the U.S. military, along with the U.S. Coast Guard, the ultimate distributed workforce with bases located all around the world with the common goal of safeguarding the United States of America and its allies. We can learn from that model, as well as the many companies that employ people around the globe.
The pandemic put a focus on mobile work, which is often an aspect of distributed workforce, defined as when a company's employees work in several locations. Those locations can include headquarters and satellite offices, as well as employees' homes.
The global, cyber-connected world we all live in means we have more distributed workforces than ever, and it's important for them to do well. But it's not easy to have an effective distributed workforce. You must work hard to create a workforce that is united, effective and productive. When you have successfully managed a distributed workforce, you can also have a more diverse workforce and the ability to attract the most talented people for the job.
Lt. Gen. Susan Lawrence, USA (Ret.), President and CEO, AFCEA
|Panel Discussion | How IT Security Can Kill A Power Grid (and other ICS environments) Let's Discuss!
Critical Infrastructure ICS/OT security is paramount to protect engineering systems we all rely on daily to maintain our modern lifestyles.
Engineering systems such as power grids, water management systems, critical manufacturing, etc., are under attack, have a different mission, impacts and security controls vs. traditional IT systems. Specific control system cyber defense strategies and ICS-aware technologies are required to meet new challenges and protect critical infrastructure systems that support our daily lives. All while maintaining the safety and reliability of facility operations.
Join us for the Industrial Control System panel as we focus on safety, the state of ICS cybersecurity to protect engineering operations, while exploring the best practices for any ICS defense program in any ICS sector globally.
Stephen Mathezer, Certified Instructor, SANS Institute
Felipe Fernandez, CTO, Fortinet Federal
Ron Fabela, Field CTO, Xona
|Session Three | ISA: Predictive Analysis for Efficient Risk Reduction
The year 2022 saw a record number of identified and disclosed vulnerabilities – more than 26,000. At the same time, threat actors continued to evolve and develop new methods and capabilities to hold U.S. critical infrastructure at risk. Today’s cyber threat intelligence is inherently reactive and based on past cyber attacks and campaigns, But how can we get ahead of the threat? Infrastructure Susceptibility Analysis (ISA), developed by MITRE, is designed to leverage the indicators of cyber weapon development commonly ignored in cyber threat intelligence. Combined with observed techniques of past campaigns, analysts identify the most likely targets of adversary manipulation. This enables organizations to direct limited resources against those cyber weaknesses that are most likely to be exploited for improved efficiency in risk reduction.
Sarah Freeman, Principal Cyber Engagement Operations Engineer, MITRE
|Panel Discussion | Supply Chain Security
The 2023 Verizon Data Breach Investigation report noted that 62% of breaches in 2022 involved a supply chain partner. Software supply chains in particular have gotten more complex, and that complexity increases the likelihood of vulnerabilities. As government agencies have improved local security controls, attackers have often found the supply chain to be the most vulnerable point of entry.
Increased publicity around supply chain attacks have led to President Biden's recent Executive Order: 14028, mandating deadlines for improvements in federal software, supply chain security and the release of NIST 800-161 guidance.
With increased risk and auditor attention to supply chain security, government agencies need to act to evaluate risks, weed out insecure supply chain partners and mitigate risks that cannot be avoided. This SANS panel will bring together experts in the field of supply chain security to discuss what first movers have already done to reduce supply chain risk, and what the next high priority steps need to be. Don't miss it!
John Pescatore, Director of Emerging Security Trends, SANS Institute
Brandon Dobrec, Director of Product Management, ExtraHop Networks
Thomas Roeh, Director of Engineering - US Public Sector, ExtraHop Networks
|Session Four | Cybersecurity is Everywhere: Impact on Training and Workforce
The need to secure data, devices, and networks is pervasive in today’s interconnected world. That means that we must not only protect and defend against cybersecurity risks, we must also develop products and services that are secure by design and be prepared to respond and recover to cybersecurity incidents. Consequently, if the need for cybersecurity is everywhere, so are the job opportunities and the need to grow and sustain a skilled cybersecurity workforce.
Rodney Petersen, Director of the National Initiative for Cybersecurity Education, National Institute of Standards and Technology (NIST)
|Panel Discussion | Solving the Cybersecurity Skills Gap: A Collaborative Approach
The clock is ticking on the cybersecurity skills gap, and time is running out. As the number of cyberattacks continues to rise, we need to act fast to address the shortage of qualified professionals in the field. Our virtual panel brings together thought leaders from private companies and public entities to discuss urgent solutions to this pressing issue. Join us as we explore the latest strategies for training and developing the cybersecurity workforce we need to stay safe and secure in the digital age.
Naomi Buckwalter, Director of Product Security, Contrast Security
Ernest McCaleb, Founder & CTO, Animate Cyber, Inc.
Roy Zur, Founder & CEO, ThriveDX Enterprise
Matt Bromiley, Event Chairperson, SANS Institute