Converge Security Conference 2023

Speaker

Jason Spencer

GuidePoint Security

Mike Snyder

Senior Advisor, Monarch Information Security Consulting

Daniel Garrie

Law and Forensics

Nemi George

VP, IT & CISO, Pacific Dental Services

Trevin Edgeworth

Red Team Practice Director, Bishop Fox

Lee Neely

Senior Cyber Advisor, LLNL

Tim Wenzel

Associate Managing Director of Enterprise Security Risk Management, Kroll

Tara Lemieux

CMMC Queen, Redspin

Matt Silverman

Principal Consultant, AIB Partners

Andrea Hoy

Senior Security Advisor, Troutman Pepper, Founder & vCISO, A.Hoy & Associates, LLC

Adam German

Chief Information Security Officer, State of California Controller's Office

Corey White

Chief Executive & Experience Officer, Cyvatar

Matt Travis

Chief Executive Officer, The Cyber AB

Kevin Johnson

Chief Executive Officer, Secure Ideas

Bobby Louissaint

Global Security Program Manager, Meta

9:00 am - 10:15 am Platinum 5 & 6

Keynote: Navigating the River Styx

According to Greek Mythology, Styx is a river that forms the boundary between Earth and the Underworld. The rivers Acheron, Cocytus, Lethe, Phlegethon, and Styx all converge at the center of the underworld on a great marsh, which sometimes is also called the Styx. “Risk surrounds and envelops us. Without understanding it, we risk everything and without capitalizing on it, we gain nothing.” This quote from The Psychology of Risk written by Glynis Breakwell says it all.

Malcolm will explore various physical as well as logical capabilities that when intertwined together create greater potential opportunities for positive social and economic benefit yet also generate magnified negative consequences. Consequences that impact not only the organizations we support but more importantly generate increased societal risks that we need to manage. He will discuss what we should be doing to integrate our views on this converged marsh of risk – since the boundary of earth and the underworld – physical and logical has been removed. He will also discuss how we can operationalize our controls to improve our abilities to sense, interpret, and act upon these risks so we can fully capitalize on the opportunities that lie ahead.

Malcolm Harkins
11:00 am - 11:50 am

Evel Kneivel Hacked your Organization: Leaping the Chasm between Physical and Cyber Security

Get ready for an electrifying presentation by Kevin Johnson, the mastermind behind Secure Ideas! Join him on an adrenaline-pumping rollercoaster ride as he unveils a real-world attack that'll leave you on the edge of your seat. Brace yourself for the unexpected twists and turns as Kevin demonstrates how physical access can morph into mind-boggling cybersecurity threats. But hold on tight because that's not all! He'll also uncover how these cyber dangers get a turbo boost from the lurking physical hazards we encounter every day.

As a seasoned penetration tester, Kevin has cracked the code when it comes to assessing security controls—both in the real world and on the digital battlefield. With a dash of humor and a treasure trove of fascinating anecdotes, he'll paint a vivid picture of the hair-raising interplay between physical security and network/application vulnerabilities. So, whether you're a tech enthusiast, a cybersecurity aficionado, or simply curious about the hidden perils of the digital era, don't miss this eye-opening presentation. Get ready to have your mind blown and your sides split with laughter as Kevin Johnson of Secure Ideas guides you through a captivating journey you won't soon forget!

Kevin Johnson Kevin Johnson
11:00 am - 11:50 am

C-Sweet Conversations: 2023 SIA Trends

In the speaker panel titled "C-Sweet Conversations: 2023 SIA Trends," industry experts delve into two essential aspects of leadership: the magic of storytelling in technology transformation and the transformative power of kindness. Experienced leaders share their insights on how effective storytelling can drive technological advancements within organizations, inspiring teams and fostering a culture of innovation.

Moreover, the panel will feature a live demonstration where the top findings of SIA's trends will be spun into engaging "Suite-Conversations," showcasing the practical application of storytelling techniques in leveraging SIA's data-driven insights.

Additionally, the panel emphasizes the significance of kindness in leadership, highlighting its role in building strong relationships, boosting employee morale, and contributing to long-term business success.

Lee Oughton
Steve Reinharz
Tim Wenzel
11:00 am - 11:50 am

A Historical Journey of Cybercrimes

It’s 2022 and cybercrime occurs regularly. It affects our personal and professional lives, and we are constantly aware of its presence. While this category of crime mutates daily, society and the law struggle to keep up with its’ developments.

But when did cybercrime begin? Did it begin with the creation of the computer? The internet? The modern cell phone? Or, have laws been developing over longer periods of time to respond to ongoing crimes?

This lecture will discuss the evolution of cybercrimes and how society developed to manage these new technologies and the nefarious uses of it. The presentation will take the audience on a journey through history’s most well-known cybercrimes. It will discuss the first known cybercrime and how it was accomplished, continuing through the early 20th century and codebreaking during the Second World War and concluding with the Accenture LockBit hack.

Attendees will gain an appreciation for the advancement and innovation of crime and the consequent laws. After the lecture, the purpose and methodology of the cybercrime legal system and the legal gaps will be understood.

Benny Forer
11:00 am - 11:50 am

Cybersecurity Maturity Model Certification (CMMC) - 2025 and Beyond

The Cybersecurity Maturity Model Certification represents one of the largest cybersecurity initiatives being undertaken by the United States Government. The Department of Defense (DoD) officially submitted the CMMC 2.0 rule to the Office of Information and Regulatory Affairs (OIRA)—part of the Office of Management and Budget (OMB)—for regulatory review. Submitting the rule for review means the DoD has essentially finished its part in drafting the rule. So what’s next? Join Matt Travis as he explores where CMMC 2.0 is going and what can we expect, how to prepare, and a invigorating and passionate discussion as we race towards CMMC 2.0 being required by all DoD contractors at all levels, as best guess estimate, Quarter 1 of 2025. And while 2025 sounds like a ways away, remember that any implementation of CMMC 2.0 takes about 18-24 months from start-to-finish.

Matt Travis
11:55 am - 12:45 pm

Maximizing Cybersecurity Resilience: The Power of Combining CMMC and Zero Trust

As cyber threats continue to evolve, organizations need to adopt robust security measures to protect their sensitive data and assets. Two powerful frameworks that are gaining momentum in the cybersecurity world are the Cybersecurity Maturity Model Certification (CMMC) and Zero Trust.

CMMC is a standard developed by the US Department of Defense that assesses and certifies the cybersecurity maturity level of contractors and suppliers. Zero Trust, on the other hand, is a security model that requires strict identity verification and authorization for every user and device that tries to access a network.

In this session, we will explore the synergies between these two frameworks and how they can complement each other to create a robust and resilient security posture. We will discuss how the adoption of Zero Trust principles can help organizations achieve higher CMMC maturity levels and how CMMC can serve as a roadmap for implementing Zero Trust.

Join us to learn how to combine these two powerful frameworks to protect your organization from cyber threats and achieve a higher level of cybersecurity maturity

Dr. Thomas Graham
11:55 am - 12:45 pm

What Really Grinds My Gears: The Misunderstood Convergence of Physical and Cyber Security

In this candid discussion, Adam will address the disconnect which persists within the realm of Information Security. Specifically, he will delve into the astonishing and frustrating oversight of many Information Security Officers who have yet to fully grasp the holistic concept of security as it encompasses both physical and cyber domains.

It's alarming that in this day and age when the boundary between the physical and the digital has become so blurred, professionals still treat these two facets of security as distinct entities. This is a disservice to the field and a considerable risk to the organizations they protect.

Adam has seen firsthand the effects of this compartmentalization and how it hinders our ability to protect assets and data effectively. He will share insights on the urgent need for a unified approach to security that blends traditional physical security practices with cybersecurity measures, emphasizing the interdependencies and overlaps.

Adam will outline the challenges he has faced, the lessons he has learned, and the strategies he has found most effective in his efforts to implement and promote a truly comprehensive, integrated security strategy. The ultimate goal is to encourage fellow professionals to shift their perspective and understand the broad scope of information security, which touches every aspect of an organization, from its physical premises to its virtual presence. By doing so, we can better equip ourselves and our businesses to navigate and mitigate tomorrow's increasingly complex security threats.

This talk will challenge conventional thinking and spark a much-needed conversation about the imperative to unite physical and cyber security under one comprehensive, coherent framework. Only then can we genuinely secure our systems, data, and, ultimately, our future!

Adam German Adam German
11:55 am - 12:45 pm

CCPA/CPRA Update and New Cybersecurity/Risk Assessment Requirements

Description:The California Privacy Protection Agency (CPPA), just finished its September 8th board meeting, where it walked through its draft of the Cybersecurity Audits and Risk Assessments Regulations under CPRA. The CCPA is enforced by the California Office of the Attorney General while the CPRA will be enforced by the new California Privacy Protection Agency (CPPA) with full investigative, enforcement, and rulemaking authority. This session will cover the CCPA and CPRA privacy laws, provide an update on the recent CPPA Board Meeting, and review the new Cybersecurity Audits and Risk Assessments annual requirements. Under the CCPA rights include access, consent, equality, deletion, and portability. Under the CPRA new rights include the right to correct; opt-out of automated decision-making; access to information about automated decision making; and the right to restrict the use of sensitive PI. CCPA/CPRA was to be enforceable by January 1, 2023, then it got extended to July 1, 2023. Following a California Chamber of Commerce lawsuit, a Superior Court of California judge has delayed enforcement of the California Privacy Rights Act (CPRA) regulations until March 29, 2024. We will discuss what it means and whether you are ready for CCPA/CPRA.

Mike Villegas
11:55 am - 12:45 pm

Physical Security: A Future Left Behind

A somber, candid, discussion on the need for network security standard tools and applications developed into Physical Security and Building’s technology products.

Bobby Louissaint Bobby Louissaint
12:45 pm - 1:45 pm Platinum 5 & 6

Catered Lunch

Lunch

1:50 pm - 2:40 pm

Cyber Threats and Trends

SSA Bryan Willett will first discuss the FBI's domestic and international role in investigating cyber crime. He will then provide a discussion of the Cyber Threats and Trends observed in 2023. He will close by discussing organization cyber risk and by offering a tips for protecting businesses and individuals.

Bryan Willet
1:50 pm - 2:40 pm

OSINT for Cybersecurity Professionals

The Open Source Intelligence for Cybersecurity Professionals course provides extensive information and hands on lessons relating to surface and deep web searching along with advanced online search techniques & strategies, online privacy / anonymity tools, counterintelligence techniques used by the criminal element, search techniques of blogs and social networks including social media monitoring, utilize database systems, methods to obtain historical website pages, develop previous domain & website details that no longer exist, geolocating, reverse imaging, transfer of large files, screen shot capabilities, and much more all focused on helping Cybersecurity professionals related to threat hunting, red teaming and information gathering.

Sandra Stibbards
1:50 pm - 2:40 pm

Contracts and Supply Chain Risk

Supply chain security can be a source of significant risk at any organization. Managing that risk takes many forms, but often includes the use of specific contract language regarding information security and data privacy. Matt will discuss supply chain risk management, focusing on the intersection between contract language, business objectives, and security practices. The objective is to provide the audience with a set of techniques to actively and effectively manage supply chain cybersecurity risk.

Matt Silverman
1:50 pm - 2:40 pm

Culture Convergence: Empowering Women and Embracing Diversity in Merging Cyber and Physical Security

Get ready to be inspired as we delve into the fascinating world of culture convergence, women empowerment, and the merging of cyber and physical security. This one-hour presentation will leave you with a fresh perspective on the future of security and the power of diversity.

Discover the incredible benefits of inclusivity and diversity in the security industry, backed by statistical evidence that proves their positive impact on cybersecurity outcomes. Prepare to be amazed by success stories of organizations that prioritize diversity in their security initiatives, showcasing the innovative approaches that arise from different perspectives.

We will also shed light on the challenges faced by women in the security field and the importance of breaking barriers. Learn about the achievements of remarkable women leaders in cybersecurity and physical security, and explore the value of mentorship and networking opportunities for aspiring women professionals.

Witness the concept of merging cyber and physical security come to life through real-life examples and their effectiveness in creating a holistic defense strategy. Understand the potential risks of neglecting any aspect of security in our interconnected world, and discover how collaboration between CIOs and CISOs can lead to successful convergence.

Kasia and Antionette will emphasize the role of empathy and emotional intelligence in creating an inclusive work environment, as well as the benefits of cross-functional training and skill development for security professionals. Be encouraged to establish mentorship programs that promote diversity in leadership and celebrate diverse achievements within the security community.

This event is a call to action! Summarizing the key takeaways, we urge organizations to prioritize diversity and inclusion efforts within their security teams. We call on CIOs and CISOs to actively promote culture convergence between cyber and physical security. Together, let's support and empower women in the security industry to bridge the gender gap and foster a more inclusive and secure future.

Antoinette King
Kasia Hanson
2:45 pm - 3:35 pm

Attacking and Defending Physical Access Control Systems

To be announced.

Valerie Thomas
2:45 pm - 3:35 pm

Leading Influential Conversations

How many times have you had the best data, clear real-world examples, yet your pitch to decision makers - maybe even the C-suite lands flat. They didn't understand, didn't see the ROI, they weren't moved by your presentation?

This is very common for leaders of all types in the Security & Risk industries. We often have a message that is unpopular, not inspiring. Tim Wenzel will describe what thought leadership is and how to engage influentially within your organization. He will discuss the importance of combining your presence, your brand, and your story to lead executives and other stakeholders down a logical thought path and bring them to a well informed decision point, so the business can effectively decide how to manage its risk.

Tim Wenzel
2:45 pm - 3:35 pm

From Fiction to Reality: Exploring the Future of Cybersecurity

This session will delve into the intersection of science fiction and cybersecurity, exploring how concepts once considered fictional are becoming real threats. We will discuss emerging cyber risks inspired by movies, literature, and popular culture, and examine how these threats can impact individuals and organizations. Through this exploration, we will gain insights into the future of cybersecurity and the measures required to protect against these new challenges.

Corey White
2:45 pm - 3:35 pm

Monday Morning Quarterback: Collaboration between CIOs, CISOs, and CROs in Sports Venues for Physical and Cybersecurity Resilience

This session will host an esteemed panel of Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and Chief Risk Officers (CROs) in the sports and entertainment space. Join us as these practitioners play Monday morning replay on how to look at each of the use cases from their perspective and discuss how they may have approached the incidents differently.

Troy McCanna
Charles Burns
Bobby Louissaint Bobby Louissaint
3:50 pm - 4:40 pm

The Critical Challenges of Physical Security Convergence (Cancelled)

Technology convergence greatly expands the risk of physical security system design and deployment shortcomings. New thinking is required to get things right.

AI and the Nonstop Evolution of Computing and Networking

AI has pushed exponential technology advancement into hyperdrive, and AI-enabled physical security products are creating a fundamental break from the past 50 years of physical security thinking. Advanced AI-enabled computer vision requires a shift from the device-oriented thinking of yesteryear to a data-oriented mindset that facilitates real-time situational awareness and new levels of data interoperability that systems integrations now require. New technology is emerging to address this need.

  AI-Enabled Physical Security Technology

The real-time security threat signatures of advanced computer vision systems coupled with automated cyber-physical threat response capabilities require a completely new security system design element: identifying, defining and establishing human-in-the-loop requirements – something that AI purists decry but critical life-safety considerations mandate.

  Cyber-Physical Systems

Amplify Physical Risk When cyber-physical systems can be hacked (think land, sea or space vehicles, traffic control systems, robotic assisted surgeries, automated medication delivery, food manufacturing lines), then great physical harm can be accomplished by the click of a single key or icon. The consequences of failed cyber security controls can be physically catastrophic at a scale that could not be accomplished using purely physical means.

Multi-Dimensional Attack Surfaces

The widespread connectivity between cyber vulnerable systems presents a multi-dimensional attack surface with an exponentially growing insider risk component.

  Finance Challenges

A concerning trend is the approval or disapproval of cybersecurity risk treatment measures out of context and based on budgets and faulty reasoning rather than on key risk factors – especially for physical security system infrastructure. The most effective remedies require collaboration between physical and cybersecurity high-level stakeholders.   Getting a Handle on Things

Fortunately, no security practitioners have to solve the entirety of this picture – just those that apply to your specific deployments. This session includes key convergence lessons learned in addressing both technical and organizationally challenges.

Ray Bernard
3:50 pm - 4:40 pm

Open Sourcing the Battlefield: How the US Air Force Became Cloud-Native

For years, the US Air Force’s software development and acquisition processes were riddled with cost overruns, insecure software, and lengthy delays. Now they’re putting Kubernetes on fighter jets and it’s not just for show. What happened? What caused the sudden change? This talk examines how the US Air Force leveraged DevSecOps principles and open source software to decrease costs, deliver software faster, and ensure it is safer than via previous models. Attendees will hear from firsthand experience and interviews with stakeholders in the US Air Force who worked to bring about this massive change in the DoD’s approach and attitude towards software development as well as what this means for your organization.

Bren Briggs
3:50 pm - 4:40 pm

Beyond Scanning: Advancements in Identifying the Global Threat Landscape

At the 2022 Converge Security Conference, we unveiled an internal initiative for the rapid identification and cataloging of internet-accessible services. Our objective was to deepen our understanding of the global threat landscape by conducting highly distributed port scans across the entire addressable IPv4 space.

We explored the architecture, tooling, and methodology necessary to leverage thousands of nodes for reliably scanning 3.7 billion addresses. Initial results were undoubtedly successful, as we achieved a repeatable task that could be completed within 90 minutes at an approximate cost of $100.

This year, we're back with more, and we're thrilled to present the advancements we've made since our last session. Join us as we share updates on the initiative and delve into additional statistics, demonstrating the impact of our research on proactive threat detection, network security, and vulnerability management.

Joe Luna
Raffi Erganian
3:50 pm - 4:40 pm

Physical Security Controls Requirements for NIST, HIPAA and PCI-DSS

What are the common controls across NIST, HIPAA and PCI-DSS for physical security, and how do you perform continuous monitoring and prepare evidence for an audit.  This session will review physical security requirements and discuss appropriate control design.  We will analyze examples of ineffective controls and appropriate remediation plans.

Trinh Ngo
Tim Swaney
4:45 pm - 6:00 pm Platinum 5 & 6

Closing Keynote: State of C-Curity (Security)

"The State of Security," brings together the sharpest minds from the C-Suite – for a thought-provoking panel discussion that dives deep into the challenges, innovations, and strategies reshaping the security paradigm.

In an era where technology is both an enabler and a potential threat, understanding the dynamic interplay between security and advancement is paramount.

But security is not solely a technological puzzle – it's a multidimensional challenge that spans people, processes, and policies. Our C-Suite leaders will delve into the human element of security, discussing the significance of fostering a security-centric culture from the top down and bottom up. With insider threats and social engineering tactics on the rise, a well-informed workforce becomes the first line of defense.

Emerging technologies like artificial intelligence, and the Internet of Things offer unprecedented opportunities – but they also introduce unprecedented risks. We will uncover the strategies that visionary leaders are deploying to embrace innovation while safeguarding against new vulnerabilities.

Ultimately, "The State of Security" is a call to action. It challenges us to question our assumptions, reassess our strategies, and redefine what it means to be secure in an ever-shifting landscape. Attendees will leave empowered with the knowledge and insights needed to drive meaningful change within their own organizations.

Join us for a keynote session that promises to be both enlightening and inspiring, equipping you with the tools to navigate the intricate maze of modern security challenges. Together, we'll shape a more secure future for all.

Steve Reinharz
Charles Burns
Kasia Hanson
Andrea Hoy Andrea Hoy
Malcolm Harkins
6:00 pm - 8:00 pm Platinum 5 & 6

Evening Reception Hosted By Exhibitors

  • Date : September 15, 2023
  • Time : 9:00 am - 8:00 pm (America/Los_Angeles)
  • Venue : Anaheim Marriott, 700 W Convention Way, Anaheim, CA 92802