IT Summit - Fall
Monday-Tuesday, October 30-31, 2017

SynerComm's 15th Annual IT Conference, at Potawatomi Hotel & Casino


Back to Top

Title
Building, Funding, and Executing an Information Security Program
Abstract
This session will guide the audience through a 10-step process including the keys to success and common pitfalls learned in the trenches that identify and mitigate risk while keeping your information security program aligned with your compliance and business needs. The output of this process is an effective, executable, cybersecurity roadmap that will get funded. The session will conclude with a discussion of the often misunderstood role of cyber insurance on your information security program and four vulnerabilities every organization must address to mitigate the impact of today's common threats like phishing attacks and ransomware.
Speaker
Thomas L. Norman Details
Presented by

Back to Top

Title
Office 365 Fundamentals - Must-use Native Security
Abstract
The most questions/discussion at the SynerComm Office 365 Round Table in the Spring of 2017, surrounded security settings and capabilities native to Office 365. In this session, we will walk through the Office 365 Security Scoring tool and demonstrate how to deploy many common Office 365 security recommendations.
Speaker
Mitch Jurisch Details
Presented by

Back to Top

Title
Developing an Information Security Roadmap
Abstract
In this talk, SynerComm will discuss activities that contribute to the development of an Information Security roadmap. Activities such as scoping, alignment of business initiatives and priorities, controls assessment and gap analysis all contribute to roadmap development. Our session will explore two areas; collection of roadmap content and assembly of a roadmap strategy.
Speaker
Bill Curtis Details
Presented by

Back to Top

Title
Ransomware: the #1 Cyber Threat to businesses today.
Abstract

It's a growing epidemic: Ransomware, Advanced Persistent Threats, and phishing attacks are responsible for hundreds of millions of dollars in damage due to lost productivity, tainted credibility and worse – lost revenue. As attackers plan increasingly more sophisticated attacks, your organization needs to know how best to prepare and protect your employees and your data.

This session will examine the current threat landscape and how these threats impact your business, as well as best practices on how to defend against an attack and mitigate your risks.

Speaker
Chris Meyer Details
Presented by

Back to Top

Title
How Hackable Is Your Smart Enterprise?
Abstract
Enterprise IoT devices are projected to more than triple in the next five years. This presentation will share key findings from the IoT Enterprise Risk Report, discuss which devices are the most (and least) secure and explain what security professionals need to understand about their vulnerabilities. Key takeaways include:
  • Attacks target unknown devices – up to 60% of devices in enterprises today are undiscovered
  • Why traditional agent-based security methods are ineffective at discovering and managing IoT and mobile devices
  • New approaches to securing IoT devices and protecting organizations from DDoS and hack-through attacks
Speaker
Christopher Kudulis Details
Presented by

Back to Top

Title
Theory to Practice: Mapping the CIS Top 20 Critical Security Controls to Practical Solutions
Abstract
Good security can be achieved but too often "perfect" is the enemy of "good." Join in with SynerComm Information Assurance Consultants and Information Solutions Consultants as we walk through the CIS Top 20 Critical Security Controls and consider products, solutions and even DIY projects to address them. There is no one-size-fits-all solution for every organization. We the good exchange of ideas discussion between and among participants and consultants, you should walk away with a good understanding of practical solutions you might employ to improve your company's security.
Speaker
Marc Spindt, AssureIT, and DeliverIT Consultants Details
Presented by

Back to Top

Title
Overcoming Cloud FUD - Architecting & Controlling AWS Costs in Multicloud Environments
Abstract
"Cloud First" is a popular mantra today but one size does not fit all. Many companies struggle to find the right way forward because there is simply too much choice. Join SynerComm to learn how we can help you translate your initiatives into executable and well-understood plans. Already leveraging AWS like so many others? Let's talk about how to ensure you are getting the most from your investment.
Speaker
Nate Ressel Details
Presented by

Back to Top

Title
The Modernization of Security Assessment
Abstract
In this presentation, we will explore the evolution of penetration testing and dig into the positive and potential negative ramifications surrounding it. Discover how organizations are leveraging new offensive testing to propel their security posture to the next level and protect their most precious assets even as traditional network boundaries disappear.
Speaker
Casey Cammilleri Details
Presented by

Back to Top

Title
A DHS Perspective on Cybersecurity
Abstract
This interactive session will provide an overview of the role and functions of the National Cybersecurity and Communications Integration Center, the national hub for information sharing and partnerships related to cybersecurity and communications. Our discussion will focus on the application of lessons learned from current events, such as WannaCry, and the importance of partnership, shared awareness, preparation and leadership in the mission and execution of your information security program.
Speaker
John Felker Details
Presented by

Back to Top

Title
Mitigating Security Risk with Network Forensics: Visibility and Analysis Strategies
Abstract
With hackers utilizing sophisticated obfuscation techniques and quickly-evolving malware, it's inevitable that organizations will deal with security breaches. Having post-event forensic investigation processes in place is central to identifying and rapidly remediating the incident. This session presents strategies for establishing visibility, overcoming virtual and cloud blind spots, effectively using network data for post-event investigations, and best practices for data capture and storage.
Speaker
Steve Brown & Andrew Malcore Details
Presented by

Back to Top

Title
Pulse Secure: We Don't Write Your Security Roadmap - Pulse One-vADC Application Monitoring-Mgt. & Real-Time Compliance Delivery - Makes It Better!
Abstract
With its recent acquisition of Brocade's vADC Application Delivery, Management and Load-Balancing in the Cloud capabilities, IDC and the Analyst Community are saying Pulse Secure's Cloud-Virtual Secure Access solutions are years ahead in the market. On October 31 within the theme of "what's haunting your network" - Pulse Secure Ninja Architect (25-years Cyber - U.S. Air Force) and Global Solutions' Lead Architect Michael Riemer will be joined by Security Specialist Jim Hebler (HS, Intel, CISSP-Vistorm) to present Pulse's accelerated Secure Access capabilities, how Cloud Secure, vADC join Pulse One-Policy Secure to prevent "whack-a-mole" breaches that have afflicted nearly half of U.S. Citizens in 2017. Pulse Secure's innovations in IOT, Profiling, Monitoring, Compliance and application management extensions are key reasons why 13 of 15 Free World Governments, 80% of the Fortune 100, 90% of Wall Street and a who's who in Intelligence, Manufacturing, Financial Services, Aeronautics and Supply Chain continue to standardize on Pulse Secure.
Speaker
Mike Riemer Details
Presented by

Back to Top

Title
Defeating the Modern Cyber-Attacker
Abstract
Cyberwar is all around us and focusing on perimeter protection alone isn't enough anymore. The fight is an asymmetric cyberwar where adversaries know more about your business than you know about them. Once inside, they have ample time to win. Or do they? Deception technology can substantially improve detection and incident response by reducing the likelihood that the modern cyber-attacker will complete their mission. Come learn how easy and cost effective it is to improve the odds at slowing, catching, understanding and ultimately stopping the modern cyber-attacker with deception technology.
Speaker
Gregg Kalman Details
Presented by

Back to Top

Title
When You're a Hammer Everything Looks Like a Nail: Can endpoint products really secure the datacenter? Find out what it takes to secure datacenters and hybrid clouds.
Abstract
The line between datacenters and public cloud is blurring at a fast cliff. Applying endpoint security to the datacenter or the cloud is sub-optimal and can cause serious disruptions. Protecting hybrid clouds from the ever-changing threats without impacting performance or imposing operational burden is paramount. Join this presentation to discuss best practices for securing your datacenter and cloud workloads.
Speaker
Deepak Patel Details
Presented by

Back to Top

Title
SSL\TLS Encrypted traffic: Multiply your speed to detect and mitigate threats with A10's unique capabilities to handle visibility, delivery, and enforcement.
Abstract
It's not just about decryption in today's environments. We are faced with numerous challenges around traffic consumption, balancing, steering, as well as compute limitations. Join us to learn the best practices to decrypt and feed traffic through your security stack, alleviate loads for multiple security solutions like DLP, NGFW, IPS, or proxy's, and speed up your time to detect and mitigate threats.
Speaker
Konrad Siefker Details
Presented by

Back to Top

Title
IoT security: staying calm in the face of really, really scary scenarios
Abstract
Like many megatrends in networking over the past few decades, IoT holds significant promise, and in the rush to fulfill its potential, security has been overlooked. What kinds of attacks have state-based actors already taken against IoT networks, and what will they be able to do in the future? How prepared is your organization if you are the target of an IoT attack? As your threat surface grows by several orders of magnitude, and your security budget victories are measured in low single digit percentage increases, what practices should you employ to stay calm and sleep well at night?
Speaker
Albert Lew Details
Presented by

Back to Top

Title
Better Network Defense Through Threat Injection and Hunting
Abstract
Traditional penetration testing and red team engagements typically focus on identifying single attack paths and how organizations can fix vulnerabilities to shut those paths down. The results of these engagements are a reduced risk from eliminating a single attack path, but rarely lead to an improved defensive skill set. This talk will introduce the Threat Detection Maturity Model, a security detection and testing framework to more closely integrate red and blue team operations with the goal of measurably improving defensive capabilities. The framework is designed to measure the effectiveness of the blue team's defensive capabilities using a capability maturity model across the attack lifecycle. We'll demonstrate how "threats" are injected into an environment to enable a hunt team or SOC to improve their skill sets and validate the effectiveness of their security tooling.
Speaker
Zach Grace & Brian Genz Details
Presented by

Back to Top

Title
SD-WAN: Take Control of WAN Performance and Resiliency
Abstract
SD-WAN is here as a practical application of SDN. Join us for a primer on SD-WAN solutions you can deploy today and why it might be right for your organization.
Speaker
Andrew Piché & Aaron Howell Details
Presented by

Back to Top

Title
The Modernization of Security Assessment
Abstract
In this presentation, we will explore the evolution of penetration testing and dig into the positive and potential negative ramifications surrounding it. Discover how organizations are leveraging new offensive testing to propel their security posture to the next level and protect their most precious assets even as traditional network boundaries disappear.
Speaker
Casey Cammilleri Details
Presented by

Back to Top

Title
Developing an Information Security Roadmap
Abstract
In this talk, SynerComm will discuss activities that contribute to the development of an Information Security roadmap. Activities such as scoping, alignment of business initiatives and priorities, controls assessment and gap analysis all contribute to roadmap development. Our session will explore two areas; collection of roadmap content and assembly of a roadmap strategy.
Speaker
Bill Curtis Details
Presented by

Back to Top

Title
Virtualizing Security Fabrics - Practical Hyperconvergence
Abstract
Hyperconvergence provides cloud-scale flexibility for your on-premises infrastructure. Companies of all shapes and sizes have been using it to solve tough operational and economic problems with IT solutions. In this session, we will cover three real-world use-cases and help you understand how hyperconvergence might be used to benefit your company today.
Speaker
Nate Ressel Details
Presented by

Back to Top

Title
Bring Your Own Device (B.Y.O.D.) or Bring Your Own Risk (B.Y.O.R.)?
Abstract
In an ever increasing mobile world, connected devices and B.Y.O.D. are rapidly increasing the attack surface IT security professionals need to defend. Over the past couple of years, an influx of exposed capabilities of cyberweapons dealers, weaponized IoT devices, and ransomware attacks targeting the health care industry and other corporations have thrust device and network security into the (long overdue) spotlight. How does the lack of IoT industry standards and a fragmented market of devices impact the information assurance and risk management posture for IT security professionals?
Speaker
Jordan Thomas Details
Presented by

Back to Top

Title
Pushing the Limits - Five Key Controls Your Firewall Might not Provide
Abstract
In this session, SynerComm will present five security controls your firewall probably does not support. We will cover down on why each control is important and share practical and readily available solutions you can implement today to address each.
Speaker
Andrew Piché Details
Presented by

Back to Top

Title
Everything I Need to Know about Cyber Security I Learned in Kindergarten
Abstract
In this talk, SynerComm will walk through information security pitfalls most commonly encountered by clients, and how they can be solved with rudimentary skills. These skills are very easily tied back to control frameworks such as the CIS Top 20. Examples include "counting" (inventory), "one of these things is not like the other" (configuration management), "know when to ask someone for help" (privileged account management), etc.
Speaker
Drew Hjelm Details
Presented by

Back to Top

Title
Two Steps Ahead
Abstract

It's no secret that in recent years attackers have leaned on PowerShell as Microsoft's Post-Exploitation Language. As the language has grown in popularity within the offensive community, a handful of researchers are producing powerful open source tools and frameworks to simulate and stop the now prevalent 'living off the land' attack path.

In this session, Senior Information Assurance Consultant Sam Link will demonstrate a handful of these open source tools and describe how they can be used to predict, catch, and ultimately stop determined attacks.

Speaker
Sam Link Details
Presented by

Back to Top

Title
Office 365 Fundamentals - Must-use Native Security
Abstract
The most questions/discussion at the SynerComm Office 365 Round Table in the Spring of 2017, surrounded security settings and capabilities native to Office 365. In this session, we will walk through the Office 365 Security Scoring tool and demonstrate how to deploy many common Office 365 security recommendations.
Speaker
Mitch Jurisch Details
Presented by

Back to Top

Title
Risk Assessment = Risky Business
Abstract

All IT compliance frameworks (NIST, PCI, HIPAA, FFIEC, etc.) include Risk Assessment. Anyone who has tried to scope, execute and document an IT risk assessment for their organization knows there are many challenges including:

  • Spreadsheet sprawl
  • What assets do I include?
  • How do I know if I have a comprehensive set of risks?
  • How do I capture threats specific to my organization?
  • How do I know what risks apply to which business process?
  • And many more...

In this session we will share with you our time-tested, risk assessment process that incorporates pre-defined industry standards and best practices in our new risk assessment application that our consultants use to execute risk assessments for our clients.

Speaker
Drew Hjelm Details
Presented by

Back to Top

Title
Overcoming Cloud FUD - Architecting & Controlling AWS Costs in Multicloud Environments
Abstract
"Cloud First" is a popular mantra today but one size does not fit all. Many companies struggle to find the right way forward because there is simply too much choice. Join SynerComm to learn how we can help you translate your initiatives into executable and well-understood plans. Already leveraging AWS like so many others? Let's talk about how to ensure you are getting the most from your investment.
Speaker
Nate Ressel Details
Presented by

Back to Top

Title
Threat Hunting - Hope for the Best; Hunt for the Worst
Abstract
No security solution is perfect. You should assume someone has somehow defeated your controls and is collecting information or just waiting for the right time to strike. Join us to learn more about threat hunting, what it takes to be effective and how you can implement it in your organization.
Speaker
Aaron Howell Details
Presented by
Real Time Analytics