Shadow IT Elimination Solutions Forum

  • Friday, 29 Oct 2021 10:30AM EDT (29 Oct 2021 14:30 UTC)
  • Speakers: Matt Bromiley, Dan MacDonnell, David "Moose" Wolpoff, Drew Roy, Eric McIntyre, Jon Oltsik, Ian Lee, Edward Amoroso, John Shaffer, John McLeod, Philip Keibler, David Wolpoff

Whether we like it or not, today’s organizations sit on the front lines of ongoing cyber-attacks from adversaries who have little discernment for industry, size, or capabilities. Each year, we see the number of breaches grow, with organizations trying to get a handle on their own assets and how to protect them – but how well are we accomplishing these goals? It is estimated as much as 30% of exposed assets are unknown to security teams. It is hard, if not impossible, to protect these Shadow IT assets while fending off advanced adversaries.

Join us for this half-day event, where we will tackle the risk of Shadow IT and how to address these within your organization. We will bring together thought leaders, subject matter experts, and practitioners from around the globe to share stories and best practices for discovering, monitoring, and minimizing the risk posed by Shadow IT.




Agenda | 10:30 AM - 2:30 PM EDT

Timeline (EDT)

Session Details

10:30 AM

Welcome & Opening Remarks

Matt Bromiley, SANS Instructor

10:35 AM

Out of the Shadows: Defending Forward in Today’s Exposed World

Whether we like it or not, organizations today are on the front lines of an ongoing and growing geopolitical cyberwar. We need look no further than Solarwinds for proof. In this session, former Deputy NSA Chief Rear Admiral Dan MacDonnell and Randori Co-Founder & CTO David Wolpoff will take attendees on a behind the scenes look into forces driving today’s cyber landscape and what they tell us about the future of security.

Leave with a firm understanding of the macro-forces driving today’s cyberwar, clarity into why today’s approaches won’t cut it tomorrow, and why shadow IT is costing American firms billions and making it easier than ever for hackers to get inside corporate networks.

Dan MacDonnell, Subject Matter Expert, Randori
David "Moose" Wolpoff
, Co-Founder and CTO, Randori

11:00 AM

Below The Surface - Using ASM To Drive Change

Attack Surface Management has become one of the hottest terms in security - but what is it? And how are CISOs using it to reduce Shadow IT and drive change inside their organizations? In this session - Tag Cyber’s Edward Amoroso will moderate a panel of leading CIOs and CISOs using EASM to drive change inside their organizations.

Topics discussed will include:

  • What is Attack Surface Management?
  • What is driving the explosion in Shadow IT?
  • How ASM is helping them combat Shadow IT
  • What metrics are they using to manage their attack surface?
  • How they’ve been able to track and demonstrate progress over time?

Ed Amoroso, TAG Cyber


John Shaffer, CIO Greenhill
John McLeod, CISO NOV
Philip Keibler, CISO Meijer Foods
David "Moose" Wolpoff, Co-Founder & CTO, Randori

11:50 AM


12:05 PM

Selling ASM to Your Boss: Lessons from Lionbridge CTO Doug Graham

With a third of successful breaches now originating with unmanaged or unknown assets, understanding your attack surface and being able to prioritize new risks as they emerge has never been more essential but making the business can be a challenge for security professionals.

In this session, Lionbridge’s Chief Trust Officer Douglas Graham will break down how he built the business case for ASM and how he uses ASM to provide board level visibility into his team’s shadow IT elimination work. He’ll also provide security professionals with actionable tips and advice on how they can make the case for investing in shadow IT elimination tools to the CISO, the CIO and the Board.

Doug Graham, Chief Trust Officer, Lionbridge

12:30 PM

Shadow IT Elimination: 5 Workflows Every Security Team Needs

Everyone agrees Shadow IT is a big problem, but few know how to solve it. In this practical session, Randori Director of Product Management, Drew Roy will break down 5 proven workflows, taken from most effective security teams, you can adopt to minimize your Shadow IT Risk.

Gain in-depth insight into how to integrate ASM with vulnerability management, asset management, ticketing, threat intelligence and cloud providers. Each will include real-world examples of how companies like Air Canada, Lionbridge, NOV, and more are using these workflows to eliminate Shadow IT.

Drew Roy, Director of Product Management, Randori

1:00 PM


1:15 PM

RDP: Red Flag or Red Herring?

Ransomware has become the #1 cyber risk for businesses, costing companies an estimated $20B in 2021.

It’s estimated that a majority of those attacks share one in common - they all start with RDP. Join BJ Swope for an in-depth loop at RDP and how this obscure protocol favored by IT administrators become the #1 target for ransomware attackers.

Learn what makes RDP attractive to attackers, what makes it different from traditional software vulnerabilities, and what steps Randori recommends organizations take to reduce their risk.

BJ Swope, Randori

1:45 PM

Dirty & Exposed: Why Security Hygiene is So Hard & What You Can Do About It

Cyber-threats are driving a renewed business focus on security posture management but growing attack surfaces have made security hygiene more difficult. However, with the rise of ransomware and as much as 30% of exposed assets unknown to security teams, executives and corporate boards are increasingly asking for greater visibility and formal metrics via real-time data analysis and better program management.

In this session, ESG Fellow Jon Olsik & Randori CMO Bari Abdul will provide insight from a new survey of 400 executives about the state of security hygiene, what is and isn’t working, what’s needed to get ahead and what CISOs are doing today to meet compliance and board level demands.

Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group
Ian Lee
, Director, Randori

2:15 PM


Matt Bromiley, SANS Instructor