Oct 25, 2024
Anaheim, CA, USA
Oct 25, 2024
Anaheim, CA, USA
To be announced.
Adam German
To be announced.
Valerie Thomas
"Building Resilience: Lessons from the Frontlines of Cybersecurity"
Join us for an enlightening fireside chat with Stevan Bernard, the former Executive Vice President of Global Protection Services at Sony/Sony Pictures Entertainment. In this compelling keynote session, Stevan will delve into the critical components of building a resilient security program, sharing his invaluable insights and firsthand experiences.
Drawing from his extensive career, Stevan will take us through the meticulous preparation leading up to a nation state attack, providing a rare glimpse into the strategies and practices that can fortify an organization against sophisticated threats. He will recount the intense moments during a nation state attack, offering a candid look at the challenges faced and the real-time decisions that shaped the response.
The session will explore the profound lessons learned from the attack, emphasizing the importance of adaptive strategies and continuous improvement in security measures. Stevan will also highlight the concept of security convergence, discussing its pivotal role in creating a holistic defense framework that integrates physical and cybersecurity.
Looking ahead, Stevan will share his vision for the future of security convergence, addressing emerging trends and the evolving landscape of global security threats. This keynote is an unmissable opportunity to gain expert insights and practical knowledge from one of the foremost leaders in the field of global protection services.
Whether you are a seasoned security professional or new to the field, Stevan Bernard's experiences and insights will equip you with the knowledge and inspiration to enhance your organization's security posture and resilience.
Stevan Bernard
The Security Industry is full of old, tired mindsets and beliefs which no longer serve us. Maybe they never served us, it was just the easiest way to explain our lack and frustration.
Have you ever been told “If you do security well, you’ll work yourself out of a job”?
How about this one? “Security is a cost center.”
Both of these are 100% untrue, outdated, and no longer compatible with the modern world of business. These are sentiments which affect the very perspective we have of ourselves. These statements of frustration that literally communicate to the organizations we serve: “We offer no value to you whatsoever.”
Tim Wenzel, Associate Managing Director of ESRM at Kroll and the Creator of The Kindness Games is going to tell the story of corporate security, help you understand the genesis of The Insecurity in Security, and build the new value proposition of the Modern Security Organization.
If you’ve ever wondered why you “can’t get your seat at the table” or you don’t understand the simmering anxiety you feel every time you have an important meeting, this presentation will change you and help you see your value in the corporate structure.
Tim Wenzel
Fences, locks, and motion detection, oh my! In the hacking world, physical access is the ultimate goal for attackers. To defend against this threat, sophisticated physical access control systems are installed, but are often misconfigured and not used to their full potential. Even worse, some misconfigurations can turn a multi-million-dollar physical access control implementation into an attacker's best friend; allowing them to essentially become invisible to traditional detection methods. This session will provide the audience with a foundational understanding of a traditional physical security environment and demonstration of trending attacks.
Valerie Thomas
In the talk 'Hackers in Jurassic Park: When Attackers Find a Way', Kevin Johnson of Secure Ideas delves into the world of cybersecurity, through the lens of real-life hacking stories. Just as 'Jurassic Park' unveiled the unforeseen consequences of bringing dinosaurs back to life, this presentation uncovers the unexpected and often ingenious methods used by cyber attackers to breach seemingly impregnable digital fortresses. Our journey takes us through a series of true tales from the front lines of cybersecurity, where penetration testers navigate the complex jungle of code and cybersecurity measures.
Each story in the talk is carefully selected to demonstrate a unique aspect of cyber attacks – from social engineering feats that mirror the cunning of a Velociraptor, to sophisticated attacks that target applications and APIs with the ferocity of a T-Rex on the loose. Attendees will not only get an insider view of the tactics and thought processes of attackers but will also grasp the critical importance of proactive defense strategies. This session aims to enlighten, entertain, and educate, offering vital insights into the ever-evolving threat landscape. By the end, participants will have a heightened awareness of the risks lurking in the digital world and be inspired to think like a seasoned hacker to better defend their digital realms.
Kevin Johnson
TBA
Matt Travis
This session will discuss physical and cyber-security best practices to improve safety and security planning while mitigating cyber-attacks on our communities and infrastructure. This session, done in partnership with the CISA (Cybersecurity and Infrastructure Security Agency), will cover the steps organizations should take to assess their physical security footprint, learn about available government capabilities and resources, and inform the audience on cyber best practices.
Alith Saengchanh
Richard Mitchem
As we stand on the brink of a new era in security, the way we approach safety, compliance, and access control is transforming before our eyes. Today, security is no longer a one-dimensional process focused on guarding physical spaces or protecting digital assets in isolation. Instead, we’ve entered a world where the lines between cybersecurity and physical security have blurred, requiring a multi-dimensional view—a holistic approach that considers every angle, every potential vulnerability, and every opportunity for automation. At the core of this evolution is the concept of Zero Trust—a model where we don’t assume trust based on location, role, or credentials, but continuously verify, adapt, and protect. But it’s not just people and systems we’re protecting anymore; it’s the very fabric of our environments. From smart buildings to smart cities, security must now be everywhere, all the time. This is where smart sensors come into play. These devices, once seen as passive monitors, have become the building blocks of a dynamic security ecosystem. They collect data, enforce compliance, and control access in real time. They bridge the gap between the digital and physical worlds, making it possible to secure our environments in ways we never imagined.
Bobby Louissaint
Holley Hunt
When considering convergence of physical and logical security I get distracted as my employer has things which will never merge like armed security forces. (anti) helicopter wires, seat teams, physical DMZ etc. Used to be we could count on doors, guards and gates as a primary control.
The truth is, cyber has had to take over from physical as speed and variety of what's accessible has increased 100 fold. We seem to be determined to put everything online and accessible without considering if we should or how it's mitigated. No more are systems all in our facilities, nor only used from secure locations.
Let's delve into what I've seen in 40 years of security at a national lab and how it maps to the rest of the world.
We are so focused externally we forget what the insider is doing, except we train them regularly on phishing/attachment security, and sometimes reminding them coffee shop wifi is "bad."
We will delve into Insiders, outsiders, casual to nation states, the threats are all over, the challenge to discuss is how to protect, detect and respond to these across the board.
Lee Neely
This session will provide guidance on the process and requirements for achieving compliance with Cybersecurity Maturity Model Certification (CMMC) version 2.0 and emphasize the significance of CMMC v2.0 in enhancing cybersecurity measures, particularly for organizations working with the Department of Defense (DoD) and how to leverage previous NIST 800-171 implementations.
The session will provide a brief history of CMMC, highlighting its evolution from 800-171 to version 1.0 and now 2.0. Will explore the current framework of CMMC v2.0, detailing its levels, domains, capabilities, and practices. Describe the relevance of CMMC v2.0 in securing DoD contracts and its broader impact on improving cybersecurity standards within organizations, even though not engaging with government contracts. And most importantly, the key concepts presented will include steps to prepare for Compliance:
- Assessment and Gap Analysis: Outline the process of conducting a self-assessment to identify current cybersecurity strengths and weaknesses in relation to CMMC v2.0 requirements.
- Developing a Plan of Action: Guidance on how to prioritize actions based on CMMC levels, including setting realistic timelines and milestones for compliance.
- Implementation Strategies: Offer best practices for implementing necessary cybersecurity measures and advice on utilizing existing resources and tools effectively.
- Continuous Monitoring and Improvement: Emphasize the need for ongoing compliance processes, regular reviews, and updates to cybersecurity practices.
- Handling 3rd Party Audits: Prepare for third-party assessments, focusing on documentation and evidence management to demonstrate compliance.
- Leverage cloud-based solutions (GCC and GCC-High)
This session provides a comprehensive guide on understanding, preparing for, and maintaining CMMC v2.0 compliance. It emphasizes the importance of cybersecurity in the context of DoD contracts and offers practical steps for organizations to assess, plan, implement, and sustain compliance. The goal is to equip participants with the knowledge and tools needed to successfully navigate the complexities of CMMC v2.0
Dr. Romeo Farinacci
TBA
Adam German
The Open Source Intelligence for Cybersecurity Professionals course provides extensive information and hands on lessons relating to surface and deep web searching along with advanced online search techniques & strategies, online privacy / anonymity tools, counterintelligence techniques used by the criminal element, search techniques of blogs and social networks including social media monitoring, utilize database systems, methods to obtain historical website pages, develop previous domain & website details that no longer exist, geolocating, reverse imaging, transfer of large files, screen shot capabilities, and much more all focused on helping Cybersecurity professionals related to threat hunting, red teaming and information gathering.
Sandra Stibbards
Cybersecurity leaders have had it figured out for a while: building resilience is about adapting to threats, adversities, and challenges so a business can continue to meet market demand and stakeholder expectations. Physical security, while a critical piece of the puzzle for businesses with a large physical footprint, has been playing catchup over the years and is finally turning a corner toward building a more resilient presence using cybersecurity principles.
The panel will answer/discuss the following:
How can physical and cyber leaders collaborate to manage risk to an organization?
What are some of the techniques and best practices that cyber pros use (and vice versa) to ensure business continuity?
How can we mitigate against known (and unknown) risks together?
The complexities of physical and cyber security planning through the lens of cyber resiliency and its effect on your business.
Ryan Schonfeld
Henry Park
James Rinaldi
Born out of a real-world breach, in 2019 the founders of HiddenLayer led the incident response to a novel attack on Cylance's AI anti-virus engine. They realized in that moment, Machine Learning Models would be the new cybersecurity attack surface. Today, we have entered into an AI arms race with the rapid adoption of artificial intelligence across virtually every industry and business sector. Along with it comes the inherent cybersecurity risks and threats from a new attack vector called Adversarial Machine Learning. Hiep Dang walks us through the evolution of the threat landscape in the new era of AI and offers a primer to cybersecurity professionals on how to start thinking about securing AI.
Hiep Dang
The Cybersecurity Maturity Model Certification 2.0 (CMMC), released in late 2021, aims to protect Controlled Unclassified Information (CUI) with the evolving nature of contemporary cybersecurity threats in mind. But for organizations who have already been operating in the DIB for some time, questions remain: How is CMMC any different from previous DOD programs? What could be the consequences of noncompliance, and conversely, how can the not insignificant cost of compliance be managed? How can an organization find a trusted partner to navigate the CMMC ecosystem? Designed for an audience already familiar with CMMC or other DIB-related cybersecurity requirements, this talk will answer these questions and more. Audience members will leave armed with tangible steps to guide their organization’s decision-making around compliance and investment.
Chris, one of less than 100 individuals officially certified as both a Certified CMMC Provisional Assessor and Instructor, has led CMMC instruction for more than 500 students. He has centered most of his instruction, course development, and practice exam authoring with one of the only 51 officially recognized Licensed Training Providers to date. Chris was one of the first 200 CPNs registered out of more than 2500 active today and is an active member of many invite-only thought leadership bodies such as the CMMC Industry Standards Council and the C3PAO Forum. His positioning on the front lines of the CMMC 2.0 rollout, and his cumulative 25-plus years in cybersecurity, uniquely qualify him to guide DIB contractors through the certification process.
Chris Silvers
Congratulations! You have successfully recovered from a cybersecurity incident. Systems are restored, data is available, and business operations are functioning at full capacity. Here come the lawyers...
All too often, an organization that survives a security incident will find itself the defendant in a lawsuit. Matt will explore what triggers these lawsuits, the factors that lead to success in the courtroom, and how organizations can proactively position themselves for victory. He will discuss how we can manage risk using a duty of care framework, why it is important to understand the nature of negligence, and how to operationalize an effective risk management program so we can survive not only the cybersecurity incident, but the legal repercussions that follow.
Matt Silverman
At Converge 2023, Tim Wenzel asked this question around the evolving role of the CSO. The lively conversation continues this year as we discuss security’s role in enterprise risk.
Managing enterprise risk is like co-parenting with lots of interesting and sometimes dysfunctional partners.
How do you manage the birth and initial management of new risk in your organization?
What happens when that moment of weakness or careless decision created risk that you're just finding out about years later??
Tim Wenzel
Kasia Hanson
Lee Oughton
No matter your organization’s security goals, challenges, and level of maturity - there is no single, more effective way of proving whether your organization is susceptible to today’s threats or the effectiveness of your security controls than to emulate real-world attacks and see how your program stands up against an attacker’s tactics and techniques. Whether the question is “Can an attacker deploy ransomware in my environment?” or “Can a rogue employee exfiltrate all of my customer data without detection?”, the only definitive way to answer these types of questions is to simulate the attack and see how you stack up.
Enter Red Teaming. Red Teams conduct end-to-end assessments of the full organization (network, physical and social) using the full kill chain to provide insights into the organization’s overall security posture and resilience to realistic attack scenarios.
While Red Teaming is the gold standard for testing defenses, creating an effective program is no small feat. In this talk, Trevin Edgeworth, a former CISO and a Red Team leader for several Fortune 500 companies, shares his personal experience building and leading Red Teams, as well as strategies for setting up your organization for success.
This session will address foundational Red Team concepts and best practices, including:
•What is red teaming (and what is it not)
•Red teaming approaches and methodologies
•Assessing organizational readiness
•Attracting and retaining top talent
•Cultivating a strong Red/Blue Team relationship
•Measuring success and reporting to leadership
Trevin Edgeworth
With the Proposed Rule being released small to medium size businesses continue to struggle with what does it mean for them. There seems to be misunderstanding of timelines, implementation timelines, and compliance timelines. Through this session small to medium size business owners will be given a clear pictures of timelines, costs, compliance, and what comes next.
Jason Spencer
In this engaging session, Corey White, CEO of Cyvatar, draws parallels between Prince's iconic album "Sign O’ the Times" and the current cybersecurity landscape. He will delve into how the rapidly changing digital environment mirrors the transformation and challenges highlighted in the album. Focusing on recent cyber threats, White will illustrate how these challenges mirror the themes of adaptation and resilience reflected in Prince's work. The session will cover innovative approaches to cybersecurity, emphasizing proactive and AI-driven strategies. White will provide insights on evolving cyber threats and their impact, paralleling the timeless relevance of "Sign O’ the Times" in music and culture. Attendees will leave with a deeper understanding of modern cybersecurity challenges and practical strategies for safeguarding their platforms in these ever-changing "cyber times."
Corey White
N/A
Information Security Sucks . . . How to build an Information Security Program that inspires growth, and drives business outcomes
Having worked in the Information Security space for almost 20 years, the biggest challenge by far for any Information Security, yet hardly ever talked about if how to get buy in from the wider organization for your Information Security programs, initiatives and controls.
Information Security is often seen as one of many things...
- 1. Compliance Driven | Box Ticking Exercise
- 2. A Necessary Nuisance | One that needs to be tolerated.
- 3. A roadblock | One that needs to be circumvented where possible.
But Information Security needs to be much more inclusive, understood by all and supported top - down in material ways that drive tangible benefits.
This session will address real areas of opportunity, discuss practical ways for security leaders to drive their security program, and ultimately change the security narrative from being a cost burden to a profit center for the business, driving innovation and business transformation.
Nemi George
Our world is rapidly changing and our reliance on technology to facilitate literally every aspect of our lives, certainly accelerating its complexity. Not surprisingly, our home and business networks have become riddled with cyber threats. Even the smallest and the most innocuous of oversights can lead to irreparable consequences - as evidenced by relentless, targeting of our defense supply chain.
Recently, these cyber-attacks have transcended beyond mere digital skirmishes to become a cornerstone of a much larger geopolitical strategy. Hackers are now forming loose coalitions between their groups to further political strategy - sharing expertise, intelligence, resources, and more to further these interests. As these attacks grow more complex and politically charged, we need to explore and understand the implications to our national security and more specifically, how compliance standards such as the CMMC can support our nation in this challenging battlefield.
Our session will explore recent attacks on our Defense Supply Chain and U.S. Government Agencies, focusing on how attackers gained access to U.S. information systems and exploited vulnerabilities. From Solar Winds and beyond, we'll unravel the strategies employed by hackers, revealing an alarming trend towards more aggressive, state-sponsored cyber warfare. We will also explore how digital strikes are carefully orchestrated to achieve specific political objectives, often leaving a trail of chaos in their wake.
As we confront the challenges of this new era, we must question the adequacy of existing countermeasures - including, the Cybersecurity Maturity Model Certification (CMMC) and supporting legislation. Is compliance alone enough to stave off these rapidly advancing threats?
Tara Lemieux
Dr. Thomas Graham
In a world where the lines between cyber and physical security are increasingly blurred, understanding the convergence of these domains has never been more critical. Join us for a powerful closing keynote led by our C-Suite executives, where we will explore the current state of security across cyber, physical, and the rapidly merging cyber-physical landscape.
This session is designed for both security practitioners and business leaders, offering a comprehensive view of the sophisticated threats we face today. From cyberattacks that can disrupt entire supply chains to physical breaches that can compromise digital infrastructures, our leaders will share their strategic insights and innovative approaches to fortifying defenses in this complex environment.
Expect to walk away with actionable strategies that not only address the current security challenges but also anticipate the future. Whether you're safeguarding digital assets, protecting physical infrastructure, or navigating the convergence of the two, this keynote will provide you with the knowledge and inspiration to lead your organization toward a more secure and resilient future.
Don’t miss this opportunity to hear from the forefront of security leadership and equip yourself with the tools to stay ahead in a rapidly evolving threat landscape!
Kasia Hanson
Andrea Hoy
Kirsten Bay
Adam German
Copyright ©2023 Converge Security Conference. All rights reserved.
Nahum 1:7