Agenda | Thursday, July 21st | 10:00 AM - 4:30 PM EDT
10:00 - 10:15 AM EDT
Welcome & Opening Remarks
Matt Bromiley, Certified Instructor, SANS Institute
10:15 - 10:45 AM EDT
Zero Trust in Compliance and Health Care Services
Enabling security by streamlining compliance through automation, cloud native integrations and security tooling. This can be performed by leveraging cloud native tools, such as AWS Audit Manager continually assessing controls. By building out technical components leveraging machine readable language (OSCAL) to enable an automated way to build and update compliance artifacts (SSPs). By introducing practices around this, ADOs will be able to focus their time on innovating and securing verses manually being assessed and building artifacts.
Keith Busby, Director, Division of Security & Privacy Compliance Information Security & Privacy Group (ISPG) Office of Information Technology (OIT) Centers for Medicare and Medicaid Services (CMS)
10:45 - 11:30 AM EDT
Automating Security Integration to Streamline Detection and Response Processes
Automating and orchestrating cybersecurity activities within the SOC is an opportunity to catch up with the increasing demands. The challenge is SOAR tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of data from disparate tools. Investing in a SOAR platform is strategic and oftentimes a financially beneficial decision. SOAR systems can help define, prioritize, and standardize responses to cyber incidents. This process occurs when an organization’s security team uses the platform to gain insight on an attacker’s tactics, techniques, and procedures (TTPs) and known indicators of compromise (IOC). But more importantly, to know what the SOC needs to do and perform it with great speed, precision, and consistency. Listen in to hear our panelists explore how to make a more efficient SOC!
11:30 - 12:00 PM EDT
Building America’s Cyber Defenders Bench
New technologies are developing at an explosive pace, giving our adversaries new vectors to threaten the security of our nation. Chief of Staff Kiersten Todt of the Cybersecurity and Infrastructure Security Agency, or CISA, will discuss steps we must take to create a cohesive response to this growing threat landscape. CISA is leading the charge by educating the public about cyber hygiene, using innovative workforce recruiting efforts, and promoting cyber education. Join us to learn why each of us has a critical role to play in cyber defense.
Kiersten Todt, Chief of Staff, Cybersecurity and Infrastructure Security Agency (CISA)
12:00 - 12:15 PM EDT
12:15 - 1:00 PM EDT
Zero Trust Begins with the Basics
The March 2022 Cybersecurity Technical Report on Network Infrastructure Security Guidance by the NSA shows that your journey towards Zero Trust begins with the basics, discovering and assessing where your critical assets are and how they're being accessed, building visibility, mapping data flows, inventorying users and devices, and implementing 'less trust' by leveraging and making the most of the capabilities you have today. Regardless of how we want to call it, the truth is that many organizations still struggle with implementing the basics: they have flat networks (and yes, a network with VLANs and no ACLs is still a flat network), they have a wide attack surface on switches, routers and other non-hardened critical network devices, they have poor logging and detection practices and they're far from implementing least privilege principles. How can organizations start taking successful steps on their journey towards ZT? Tune in to find out!
1:00 - 1:30 PM EDT
Benefits of a Global (and Mobile) Workforce
You can’t make a difference from the sidelines – and today, perhaps more than ever, we need to build a team of diverse thinkers, astute professionals and keen innovators bent on making a difference for a more secure world.
In March 2020, the world flipped a switch, and we went remote. The key benefit of operating with a global (mobile) workforce is to execute your mission from anywhere in near real-time. The whole reason the U.S. Army went to enterprise email, for one, had nothing to do with email, but everything to do about single identity, whether you were in the Pentagon or Iraq and needed to access the data to do your mission. This need remains relevant for our hybrid operations of today.
Lieutenant General Susan Lawrence, USA, Ret., President and CEO, AFCEA International
1:30 - 2:15 PM EDT
Securing Access to Assets & Data with a Remote Workforce
Cloud-based services are becoming increasingly more attractive to organizations as they offer cost savings, flexibility, and increased operational efficiency. However, protecting systems, applications, and data in the cloud presents a new set of challenges for organizations to overcome. Security teams need to adapt and learn how to utilize the tools, controls, and design models needed to properly secure the cloud. For businesses and users making the transition to the cloud, robust cloud security is important. Constantly evolving security threats are becoming more sophisticated and IT teams will achieve greater security if they adopt a similar approach for the cloud as they do for their on-premise IT environment. Cloud security solutions are generally deployed and used to help protect data running across major public cloud services and private clouds. Come listen to this diverse panel of experts to hear firsthand how they not only cope but thrive in the cloud.
2:15 - 2:30 PM EDT
2:30 - 3:00 PM EDT
Cyber Security Issues in Small Town America
Of the approximately 19,000 incorporated cities or towns in the US, over 16,000 have a population of under 10,000. Most local governments do not have enough the cyber/IT resources of the Federal Government or large corporations and the majority of a citizen's interaction with "the government" is at the local level. In 2021 according to Emsisoft, a security company, at least 67 state and local governments and 1043 schools were impacted by ransomware incidents. Small communities are now becoming the main targets of ransomware groups due to their vulnerability. Tun in to learn from the success of Mayor Skinner and his approach to dealing with cyber crimes with a small town budget!
Gregory J. Skinner, Mayor, Borough of Peapack & Gladstone, New Jersey
3:00 - 3:45 PM EDT
Vulnerability, Patch, and Configuration Management
The November 2021 CISA Binding Operational Directive 22-01 - Reducing the Significant Risk of Known Exploited Vulnerabilities highlights the need for additional focus and effort related to Vulnerability, Patch, and Configuration management. With this directive, all government agencies were required to update their internal vulnerability management procedures to ensure that vulnerabilities found in the CISA-managed vulnerability catalog were remediated within 6 months for vulnerabilities discovered prior to 2021 and 2 weeks for all others. Even though vulnerability management is one of the most fundamental security capabilities and probably one of the first to be implemented in many organizations, companies still struggle to keep up. Fortunately, emerging technologies and changes in the way we architect, design, and develop our networks and applications provide an opportunity for improvement. What can your organization do to mitigate known (and yet to be discovered) vulnerabilities?
David Hazar, Certified Instructor, SANS Institute
3:45 - 4:15 PM EDT
The ICS Mission and Active Control System Cyber Defense
An overview of the differences between IT and ICS/OT. Current adversary attack techniques on targeting control system and engineering systems are discussed. Along with the top active cyber defense approaches for the future protection of critical infrastructure. Question throughout and/or Q&A at the end of the session to address any audience questions.
Dean Parsons, Certified Instructor, SANS Institute & CEO, ICS Defense Force
4:15 - 4:30 PM EDT
Matt Bromiley, Certified Instructor, SANS Institute