Agenda | Tuesday, October 4, 2022
1:00 - 1:15 PM EDT
Welcome & Opening Remarks
David Hazar, Certified Instructor, SANS Institute
1:15 - 1:45 PM EDT
Preemptive Visualization and Neutralization of Social Engineering Pathways
More than 90% of all cyberattacks start with social engineering campaigns which are specifically crafted from users’ OSINT. Security teams have historically not had adequate visibility of the OSINT footprint of their organization and its people, nor have they had any effective technological means to address paths of compromise that this data may reveal to an attacker. This has left a critical blind spot when it comes to defending against social engineering attacks, while Advanced Persistent Threat (APT) actors continue to abuse the human element using social engineering techniques to infiltrate critical national infrastructure. During this session, we will explore how APT actors are successfully using social engineering how they are developing their TTPs over time.
Manit Sahib, Director of Global Intelligence, Picnic Corporation
1:50 - 2:20 PM EDT
The Blue Team Wins
Practical Measures to Improve Defensive Operations
Operating a Blue Team isn’t an easy task. It is often mired in too many false positives, too few conclusive investigations and too little gratitude when things are going right. Solving this problem doesn’t require reinventing the wheel but it may require a little self-reflection on what’s working, what isn’t and – critically -- why that may be for each case. Join Tim Wade, Deputy CTO at Vectra AI, as he unpacks the why behind very practical ways security leaders and practitioners can both level-up their game and improve their threat coverage with both less effort and better results.
Tim Wade, Deputy Chief Technology Officer, Vectra AI
2:25 - 2:55 PM EDT
Evolving Response in Asymmetric Conflict
Strength through building better teams and mindsets
Given the reality that blue teams continue to wage an asymmetric battle against modern threat actors, it is clear that we must evolve our strategy to confront our enemy better. By taking an evolved, collaborative approach to blue team development and support, we can better accomplish our shared goals without the unintended collateral damage that manifests in burnout, turnover, and worse. This evolution represents a significant change in the TTPs Blue Teams leverage and describes an improved mindset for practitioners and leaders alike.
George Sandford, Senior Manager of CS Security Team, Gigamon
3:00 - 3:30 PM EDT
A Data-Driven Approach to Security
Protecting a business starts with asking the right questions and collecting the right data. Most organizations get it wrong right from the beginning. In this session we’ll cover how to use data to drive security, how to protect the business, not just the devices, and a method to drive continuous improvement.
David Swift, Principal Architect - Security Analytics, Securonix
3:30 - 4:15 PM EDT
4:15 - 4:45 PM EDT
Detect & Defend
To operate securely on a remote workforce model, security teams need a way to find unknown exposures on any networks employees are on, identify critical issues on employee devices, and ensure these vulnerabilities are not publicly accessible.
Join us to see how combining attack surface discovery capabilities with extended detection and response (XDR) will:
See first hand how you can detect and defend against threats to your remote employee network with Cortex by Palo Alto Networks.
Charity Spiri, Senior Product Marketing Manager - Cortex XDR, Palo Alto Cortex
4:50 - 5:20 PM EDT
Operationalizing Cyber Threat Intel for Modern Security Operations
Data and algorithms are the fuels for insights and driving decisions in the modern digital business, and cyber threat intelligence (CTI) is the fuel for modern security operations. Operationalizing threat intelligence requires the right mix of people, process and technology to create and refine this fuel, yet organizations still struggle with establishing and growing a CTI capability. In this session we’ll cover how to define your requirements for CTI, the required expertise, core CTI processes, and how the ThreatConnect Platform is the enabler to operationalize your CTI function.
Layne Peterson, Security Systems Engineer, ThreatConnect
5:25 - 5:55 PM EDT
How No-Code Can Help Automate and Streamline Your Security Investigations
Security response teams are facing increased alerts but have limited time and resources when handling incidents. Automating security responses can dramatically improve the time that investigations take, giving more time back to your already limited resources. In this session, we will discuss how no-code automation has revolutionized how security teams investigate and react to incidents utilizing Torq's no-code automation platform. Learn how you can automate your incident enrichment, threat research, and response with ease.
Joe Dillig, Sr. Solutions Architect, Torq
6:00 - 6:30 PM EDT
Good to the Last Drop: Squeezing More Juice Out of Your Oranges
“We estimate that 90% of users misconfigure our solution.” – major security provider
Frank Duff, Chief Innovation Officer, Tidal
6:35 - 6:50 PM EDT
David Hazar, Certified Instructor, SANS Institute