August Virtual Cyber Executive Forum 2021

Welcome

Breakfast talk – Fighting Supply Chain Attacks and Targeted Ransomware – Watchguard

Friday July 2nd, just before a long U.S. Holiday weekend, at least 30 Managed Service Providers (MSP)s were hit with ransomware that infected their infrastructure and many of their customers (over 1500 companies). The attack exploited unpatched vulnerabilities in the Kaseya VSA product, and leveraged the remote monitoring and management solution to help spread the ransomware. As massive as this attack was, it was not that first time businesses had suffered a targeted attack through an industry “digital supply chain.” Both supply chain attacks and targeted, big game ransomware have become the most concerning threat trends in North America. In this short coffee talk, Corey Nachreiner, CSO of WatchGuard and twenty year information security veteran, discusses these trends, illustrating how previous attacks from 2018 and 2019 developed into today’s developments. During the talk, you will learn:

• About the largest mass ransomware attack seen so far
• Historical detail about similar attacks from 2018 and 2019 that started the trend
• How attackers exploit Living-off-the-Land and Fileless Malware techniques to evade security controls
• Most importantly, defense tips and security strategies that will both help you prevent the latest attack techniques and survive cyber incidents when they happen.

Networking Break

Security Culture: Mental Models and Lessons Learned to Improve Your Culture and Decrease Your Company’s Risk

The business imperatives of digital transformation, DevOps, automation, and cloud create pressure for security teams to move faster to enable the speed of business. Doing it securely often creates tension with business units and development and product teams. Culture is one key tool that CISOs and security leaders can use to develop rapport with business peers, align teams, and reduce friction. In the session we’ll review an effective cybersecurity culture model, supported with examples of how innovative F500 companies tune their culture to enable rapid business scale. Talent acquisition tips and success metrics to share with your board will be covered so that attendees leave with simple actionable advice they can implement immediately

Networking Break

What is Cyber Accountability?

This presentation will provide you with a deep understanding of Cyber Accountability, who is responsible for it, and why you should care.

Networking Break

Lunch and Learn – The era of remote work has forced a rapid move to the cloud for many organizations, but that can leave critical security gaps in cloud infrastructure and applications.

Join Patrick Garrity, VP of Operations at Blumira for a discussion on the current landscape of cloud security and practical tips for cybersecurity executives to maintain high visibility within their cloud environments. In this talk, you’ll learn about:
• Why remote work has led to gaps in cloud security
• The business impact of poorly planned and managed cloud migrations
• Different types of attacks targeting cloud infrastructure platforms like Microsoft Azure, Office 365, Okta, G Suite and Amazon Web Services

Lunch Networking Break

Executive Roundtables

• Why the Diversity Problem isn't a Lack of Diversity Hires.
  We are readily aware that bringing diverse talent into our organizations brings many benefits. Contrary to popular opinion, there is no shortage of young, diverse, and driven talent looking to enter Security. Why are we still struggling with finding diverse hires? In this session, get ready to discuss and discover how to build your diverse talent pipeline with tangible actions you can start taking today.
• Executive Order on Improving the nation’s Cybersecurity: What will you do next?

Networking Break

Panel-Executive Order on Improving the Nation’s Cybersecurity: Making sense of What to do Next

Executive Order on Improving the Nation's Cybersecurity | The White House
This Executive Order signed in May 2021 applies to all federal information systems, and the vendors and software supply chains that support them. It covers cyber controls, incident reporting and incident response. How will organizations and federal entities work together to comply? How will this affect other private sector and public sector entities?

Join our panel discussion on what this means for these government entities, their critical infrastructure, and supply chain. In the possible absence of funding or well-defined instruction and requirements on implementation, organizations may need to overcome the challenges that our industry faces in making sense of it all. We will share insight and provide discussion surrounding some of the best practices that have been working well to date.

Networking Break

Executive Roundtables

Looking Ahead: Building a Defense That Lasts

The increased amount of data breaches are reaching a critical mass with no sign of slowing down. Security programs struggle to maintain fluidity and design programs that can adopt and move fast based on adversary tactics, techniques, and procedures. Regardless if it's a ransomware group or nation state, our security programs seem to have a difficult time handling direct and targeted attacks. This talk will dive into understanding how these groups operate, and how we've seen other organizations build successful defenses against these types of attacks. Our security programs take time to build and to fix historical/legacy issues. In the meantime, we need stop-gaps in order to ensure that we can protect our organizations from the latest threats. Our programs need to be tested, validated, and continuously improved. We'll dive into what we can focus on today, to ensure that you have a defense that can last the changing attack surfaces we see from adversary groups.

Closing remarks