Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Password & Access Management Solutions Forum

  • Friday, April 23rd | 10:30 AM - 2:30 PM EDTFriday, April 23, 2021 at 10:30 AM EDT (2021-04-23 14:30:00 UTC)
  • Chris Dale, Chris Streeks, Teju Shyamsundar, Mike Greene, Simon Berman, Chris Roberts, Lonnie Benavides, Steve Schmalz

Sponsors

  • Enzoic
  • Okta
  • Onelogin
  • SecurID
  • Trusona
  • Yubico, Inc.

You can now attend the webcast using your mobile device!

  

Overview

You will earn 6 CPE credits for attending this virtual event.

Forum Format: Virtual - US Eastern

Event Overview

IT departments are under incredible pressure to maintain the business productivity for an expanded remote workforce. As the workforce continues to move into a hybrid office & home office environment, the risks of not maintaining security practices are also top of mind. Threat actors are also actively seeking opportunities to benefit from changes in the workforce.

One of the most important steps you can take to protect yourself is to use a unique, strong password for each of your accounts and apps. Unfortunately, its almost impossible to remember all of the different passwords. In addition, we know its time consuming to constantly track the answers to all your security questions, remember different passwords for each login, use multiple devices to gain access, among numerous other factors.

Join this SANS lead forum as we explore various password & access management topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.

Agenda

10:30 - 10:50 AM EDT - Keynote

Chris Dale, @ChrisADale, Forum Chair, SANS Institute

10:50 - 11:25 AM EDT - Moving Beyond Passwords to a Passwordless Future

Chris Streeks, @cStreeks, Senior Solutions Engineer at Yubico

Passwords are fundamentally broken and are among the weakest forms of authentication. But how do organizations move away from passwords?

In this presentation well highlight how not all 2FA/MFA is created equal, the many benefits of moving away from passwords, and provide an overview what passwordless authentication means in different scenarios and environments-and how organizations can move towards a passwordless future.

11:25 AM - 12:00 PM EDT - Devices in the Enterprise How to Balance Security and Productivity

Teju Shyamsundar, Senior Product Marketing Manager at Okta

The influx of new devices types in the workplace has transformed how we work. Your employees need to stay productive on any device, from anywhere, at any time. But, this is easier said than done, as new devices could also mean increased vulnerabilities.

Today, IT and Security teams need to consider how to enable device visibility, enforce devices based access controls, secure access within applications, while still delivering seamless access experiences for employees.

Join in on this presentation to understand how to:

   Reduce data breaches with device strategies

   Enforce device-based security

   Integrate user and device-based risk in access policies

   Reduce dependencies on on-prem tools to manage your devices

12:00 - 12:10 PM EDT - Break

12:10 - 12:45 PM EDT - Is Your Password Unique?

Mike Greene, CEO at Enzoic

The Password has undergone an interesting evolution traced back as far as the story of Alibaba and the Forty Thieves. We are all familiar with the passphrase Open Sesame which was used to open a magically sealed cave. A unique phrase tied to a specific door a key if you will.

The first computer password is believed to have been deployed in 1961 by MIT in order to manage access to their Compatible Time-Sharing System. Since this time, there have been issues with password security. Passwords were originally conceived to be unique keys to a unique resource. In the modern world, passwords have instead been embraced by users as their own individual unique identifier, resulting in password reuse and a host of new issues. In this webcast, we will review some of these issues and potential countermeasures.

12:45 - 1:20 PM EDT - The Problem with Passwords: How Researcher and Hacker Chris Roberts Approaches Next-Gen Authentication

Simon Berman, Chief Product Officer at Trusona

Chris Roberts, @Sidragon1, Chief Security Strategist at Cynet

We all know that passwords are an outdated technology that represent a huge risk for organizations especially with the rapid, global transition to a remote workforce. The real challenge is implementing an effective approach to replacing passwords that is both secure and easy for your employees to use.

Join us for a frank conversation with Chris Roberts and Simon Berman on new approaches to deal with the problem of passwords, and how IT security professionals can make passwordless MFA a reality for their organizations.

1:20 - 1:30 PM EDT - Break

1:30 - 2:05 PM EDT - Leveraging IAM for Effective and Efficient Threat Mitigation

Lonnie Benavides, Head of Infrastructure and Application Security at OneLogin

Theres no question that the current cybersecurity landscape is constantly shifting and evolving as new threats and security solutions emerge. Increased cyber attacks and distributed workforces have created new challenges that require innovative solutions.

Faced with the challenge of managing identities and securing access to data and applications from a growing number of endpoints, what are the fundamental controls organizations need to maintain business continuity and secure their remote and hybrid workforce?

Hear from Lonnie Benavides Head of Infrastructure and Application Security, OneLogin for a discussion on practical information and advice regarding the utilization of identity and access management solutions to effectively mitigate modern cyber threats to your business.

2:05 - 2:40 PM EDT - Using Cloud-based Identity Services in a Zero Trust World - Is it Safe?

Steve Schmalz, Field CTO at SecurID an RSA business

In our cloud-based world more organizations are looking to obtain their IT services from cloud providers. Should they also look to obtain core security services like authentication and access control from the cloud as well? This talk will address this question and discuss the various advantages and security challenges such a process entails.

2:40 - 2:45 PM EDT - Wrap-up

Speaker Bios

Chris Dale

Chris, currently a certified instructor for SANS and a SANS Analyst, began his career in 2009 working for NextGenTel doing development and IT operations. “I really learned about how all things interconnect and work,” he says. Since then he’s worked for six companies and is last job was the head of cyber security at Netsecurity where he managed several teams, including pen testing and incident response. In 2020, Chris founded his own company, River Security, specializing in offensive services and cyber consulting.


Chris Streeks

Chris Streeks is a senior solutions engineer at Yubico focused on enterprise and strategic accounts—including major financial institutions and Fortune 500 technology companies. In his role, Chris focuses on both implementation and education of standards-based authentication technologies and their alignment with Yubico's solutions. Prior to Yubico, Chris worked at Kaspersky Lab as a technical expert.


Teju Shyamsundar

Teju Shyamsundar is a Senior Product Marketing Mgr at Okta, leading our Adaptive Authentication products. Prior to Okta, she worked at Microsoft and implemented enterprise mobility technologies across a large set of enterprise customers in various industries. Teju now works on driving the value of Okta's adaptive MFA and adaptive SSO capabilities across customers and partners. Teju holds a BS degree in Computer & Information Technology from Purdue University.


Mike Greene

Mike is currently CEO of Enzoic, a cyber-security startup that screens logins for compromised credentials. Prior to Enzoic, Mike was the Chairman of the Board and CEO of ID Watchdog, a leading identity theft protection company that was sold to Equifax in 2017. Before IDWatchdog, Mike held senior management positions at Symantec, Webroot, Thompson Micromedix, Raindance and Baxter. Mike graduated with an MBA from the University of Colorado in 2000 and has a BA in Biology. He lives in beautiful Boulder, Colorado with his wife and 3 children.


Simon Berman

Simon is an accomplished Products executive with 25 years of experience across industries including cybersecurity, enterprise mobility, IoT, software quality, and network testing. He currently serves as the Chief Product Officer at Trusona, whose mission is to curb the funding of evil due to the failures of passwords.


Chris Roberts

Chris is currently a Chief Security Strategist for Cynet as well as serving as a vCISO or advisor for a number of entities and organizations around the globe. His most recent projects are focused within the deception, identity, cryptography, Artificial Intelligence, and services space. Over the years, he's founded or worked with a number of folks specializing in OSINT/SIGING/HUMINT research, intelligence gathering, cryptography, and deception technologies.

He’s considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. He’s also getting a name for himself in the transportation arena, basically anything with wings, wheels, tracks, tyres, fins, props or paddles has been the target for research for the last 10-15 years…to interesting effect. Most notably he gained global attention in 2015 for demonstrating the linkage between various aviation systems, both on the ground and while in the air that allowed the exploitation of attacks against flight control system.

As one of the well-known hackers and researchers, Chris is routinely invited to speak at industry conferences. CNN, The Washington Post, WIRED, Business Insider, USA Today, Forbes, Newsweek, BBC News, Wall Street Journal, and numerous others have covered him in the media.


Lonnie Benavides

Lonnie Benavides is an accomplished cybersecurity leader with more than 20 years industry experience, and is currently the Head of Infrastructure and Application Security at OneLogin. Lonnie began his career as a communications encryption specialist in the U.S. Air Force and went on to conclude his military service as a Technical Lead of the first red team in the Air National Guard. As an advanced penetration tester, Lonnie supported companies such as Washington Mutual and JP Morgan Chase, and eventually went on to launch the Boeing red team. Lonnie was responsible for leading global cybersecurity services and operations at DocuSign and McKesson, fostering his expertise in enterprise cyberthreat detection and response. Lonnie is a recognized speaker within the Phoenix education community, numerous industry conferences, and has also contributed to publications and radio shows such as TechRepublic and NPR.


Steve Schmalz

As the Field CTO of RSA Federal, Mr. Schmalz assists organizations in understanding their security architecture needs and how RSA's security products can help protect their critical infrastructure. Before joining RSA Security, he was Director of Business Development at Quantrad, a biometrics vendor. Prior to that Mr. Schmalz worked for the National Security Agency as a cryptographic mathematician.

Mr. Schmalz has spoken at multiple venues on topics ranging from standards compliance to cryptography. He is a long-time participant in ASC X9 and was the technical editor for X.119 focused on tokenization. He received an undergraduate degree from Columbus University and a Masters degree in applied mathematics from Southern Methodist University.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.