IT Summit - Spring
Monday-Tuesday, April 9-10, 2018

SynerComm's 16th Annual IT Conference at Historic Lambeau Field


Back to Top

Title
InfoSec's Midlife Crisis [And What You Can Do About It]
Abstract
After 20 years of InfoSec & App Sec, it's clear that something is not working. We've been spending so much time & money we are still hit by a continuous stream of news and information about data losses and breaches positions the InfoSec industry in a unique situation. It also puts all of us security practitioners under the spotlight with everything to gain and lose. There was never a better time to take a deeper look into how we got here as an industry, what's working and what's not, and why it feels that we are failing. Obviously, we need to do something different, but what? How do we change the trajectory? Join us for a thought-provoking, disruptive view of our industry and what it means to your future as a risk and security professional.
Speaker
Tsion (TJ) Gonen Details
Presented by

Back to Top

Title
Test Drive: ForeScout - Protect the Network from the Endpoint with key CIS Top 20 basic and foundational Controls
Abstract
ForeScout will be used to demonstrate how to mitigate the evolution of the endpoint threats using key CIS Top 20 basic and foundational controls to identify and control risk related to all types of endpoints: corporate-owned devices, BYOD, COPE, and even IoT devices that pose particularly challenging problems as these devices do not support most conventional endpoint agents and tools, making them unusually difficult to detect and quarantine or remediate on connection to the network. We will review five discovery, control, and orchestration use cases: Asset Management, Device Compliance, Incident Response, Network Access Control, and Network Segmentation.
Speaker
Christopher Kudulis Details
Presented by

Back to Top

Title
Playing the Never-Ending Game - Analogies from the NFL
Abstract
In this keynote, Wayne Larrivee – the voice of the Green Bay Packers - will draw some insightful analogies of the challenges IT professionals have to deal with in a developing a winning Information Security program each year for a game that is played 24-hours per day/365-days a year to those of preparing a winning NFL team to compete each year.
Speaker
Wayne Larrivee Details
Presented by

Back to Top

Title
Lessons from the Frontlines: 5 New Approaches for Cloud Security
Abstract
Organizations of all sizes are struggling on how to best move or build security controls into their public cloud deployments. These IaaS platforms and native services provide an entirely new sandbox to play in, but often create friction when risk professionals try to employ techniques or tools built for on-premises environments. Join us today where Tim will share insight from his time at AWS, and from the thousands of customers Barracuda has worked with, across all cloud providers, on a few critical sources of friction and how to move past them.
Speaker
Tim Jefferson Details
Presented by

Back to Top

Title
Building, Improving, and Maturing Your ISP - What you need to know!
Abstract

SynerComm consultants will answer these questions using vetted methods, frameworks and metrics from actual customer success stories of them efficiently and effectively planning, executing, and measuring progress in their Information Security Programs.

  • Is my ISP effective?
  • Do I have the right controls?
  • Am I secure?
  • How do I measure progress?
Speaker
Bill Curtis, Lisa Niles, Brian Judd, Marc Spindt Details
Presented by

Back to Top

Title
Addressing the Security Gap between IT and OT Resources
Abstract

There is a significant difference, in the realm of security, when it comes to protecting IT (Information Technology) and OT (Operational Technology) assets.

This presentation will explain how ForeScout addresses both of these technology areas, with a single product, and uniform policies across the environment.

Speaker
Christopher Kudulis Details
Presented by

Back to Top

Title
5 Efficient Ways to Reduce Cybersecurity Risk Today
Abstract
This session will provide specific and concrete action items that can help measurably reduce cybersecurity risk. We will discuss threats impacting organizations today highlighting statistics about cybersecurity weaknesses by industry. The highlight of this session will be revealing five key methods to effectively reduce cybersecurity risk that can be applied to organizations in any vertical and of any size.
Speaker
Dolly J. Krishnaswamy Details
Presented by
Presentation
Download

Back to Top

Title
The Problem of Security Agent Fatigue and What To Do About It
Abstract

The malware threatscape is constantly evolving, with new attacks being developed every day. Security software has likewise evolved to address this reality. Solutions that target emerging threats tend to be narrowly focused and require the addition of more traditional antivirus software from another vendor in order to provide complete protection. Stacking security agents from different vendors increases resource requirements on endpoints and adds complexity to security management.

Join this presentation to discuss how you we will address the causes and issues of agent fatigue and discuss how these issues can be addressed.

Speaker
Steve McIntyre Details
Presented by

Back to Top

Title
Dark Web 101: What Every Security Professional Should Know
Abstract

The Dark Web combined with Bitcoin is the perfect storm of capitalism where hackers are attempting to penetrate your organization in hopes of monetizing their efforts. One of the most difficult challenges for cybersecurity teams is to have visibility into what types of information has been exfiltrated from their specific organization and what to do should they find themselves targeted.

In this session, we'll cover the external threat intelligence landscape and more specifically the type of tools that are available to gain visibility into the dark web, how to dynamically update your existing defenses with the latest information from trusted sources, and how to take full advantage of this critical pillar in your cybersecurity program.

Speaker
Troy Dixler Details
Presented by

Back to Top

Title
How do you get ahead when you can't even keep up? Solving hard problems in the cloud era.
Abstract
Most people are satisfied if they can just keep up in this ever more complex world of technology but Scott Sneddon encourages you to be more ambitious and get ahead. In this session, he will outline a simple path to a secure and automated multicloud environment that enables you to take control and get ahead. The key is eradicating complexity and Scott will lead you through how you can solve the hard problems leaving you and your team to focus on business outcomes.
Speaker
Scott Sneddon Details
Presented by

Back to Top

Title
Removing the Fog from the Cloud
Abstract
The past year has proved that companies using cloud-based infrastructure are just as vulnerable, even more so, than companies with traditional on-premise security solutions and architectures. While we've seen many headline making breaches like Tesla and Uber, these haven't led to a clear and defined strategy for protecting cloud-based applications and assets. The only consistent trend is that everyone is doing things differently when it comes to cloud security. This session will focus on some of the most recent trends, common oversights and missed opportunities for customers that are navigating their own unique efforts to transition to the cloud.
Speaker
Katie O'Shea Details
Presented by

Back to Top

Title
A Risk Adaptive Approach to Data Protection
Abstract
Every IT security department's job, to protect data, has become more challenging as the security perimeter has dissolved with the adoption of cloud applications. The traditional threat-centric approach is to apply rigid policies to a dynamic environment and decide what is good or bad without context. This black and white approach results in frustrated users and overwhelmed admins. The reality is, everybody operates in the grey. Join us as we discuss a new human-centric approach to security, which considers the context of user behavior and adapts appropriately to help security teams make better decisions. We will explore how an effective data security system should cut through the noise of alerts and provide early warning signals to prevent the loss of important data.
Speaker
Bharath Vasudevan Details
Presented by

Back to Top

Title
How do you defend what you cant see? A10 can help shine a light into the dark places of your network by best of breed SSL Decryption and Hybrid DDOS protection.
Abstract
Nextgen firewalls, IPS, and DLP do not work unless the traffic is decrypted. SSL & TLS based attacks are on the rise however the exercise of decrypting that traffic is laborious especially as key sizes increase. A lot of companies are decrypting SSL traffic coming into their network with ADCs, but not many of them are looking at the SSL traffic going out. How can you leverage a platform to help fill in the gaps in your DDOS strategy.
Speaker
Mike Repp Details
Presented by

Back to Top

Title
Closing Point Solution Gaps via the Pulse Secure-FortiFabric - 2018 Overview
Abstract

Can Enterprise Level Security integration be realized cost-effectively by business of all sizes-scale? How can disparate point solutions and investments be aligned in real time to better effect?

In this presentation, Pulse Secure's America's Director of Cybersecurity Solutions' Strategy Jim Hebler provides an overview of Pulse's alignment within Fortinet's FortiFabric integration.

Whether provided onsite for internal implementation and integration - or aligned within a hybrid-driven Managed Security Service - the Pulse Secure-Fortifabric approach - driven by the certified professionals at partners like Synercomm - is the next-steps, best-in-science approach required to manage the mobility and device onslaught enabled by the Digital Revolution.

Speaker
Jim Hebler Details
Presented by

Back to Top

Title
(ISP 1 of 3) Information Security Program Management
Abstract
To be effective at defining and deploying a strategy you must understand the rules (customers, frameworks, ISMS). This session will explore the elements necessary to define, assess, improve, & mature your information security program. Start with the basic blocking and tackling and the rest will become evident.
Speaker
Bill Curtis Details
Presented by
Presentation
Download

Back to Top

Title
Putting the 'Sec' in DevOps: Maturing SDLC Security
Abstract
Static code review, dynamic code review, API security. Do not wait until your applications are deployed to start testing security. In this session will be present topics and concepts to make security an integral part your organization's software development culture and operation. Join us to learn how DevSecOps can be applied to drive security maturity in your software development life cycle.
Speaker
Bill Kiley Details
Presented by
Presentation
Download

Back to Top

Title
Adversary Simulation: Combining the Best of Audit and Penetration Testing
Abstract
In this session on we will define adversary simulation, its benefits, and why you should be doing them. Using SynerComm Playbooks, you can gain a better understanding of security risks against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
Speaker
Brian Judd Details
Presented by
Presentation
Download

Back to Top

Title
(ISP 2 of 3) Determining the framework requirements, the recommended controls, implementation roadmaps
Abstract
This session is to discuss determining the correct control, doing a gap assessment vs what you already have, implementation roadmaps and monitor for controls effectiveness.
Speaker
Lisa Niles Details
Presented by
Presentation
Download

Back to Top

Title
Oohs and AWS: Wow your organization with Cloud Success!
Abstract
Amazon Web Services continues to grow in popularity and many organizations are benefitting from securely operating cloud services. While every organization hopes they will benefit from utilizing the "Cloud," hope is not a strategy. Let's discuss together a checklist for success to make sure yours is one of those organizations who do benefit from the cloud!
Speaker
Aaron Howell Details
Presented by
Presentation
Download

Back to Top

Title
Risk Assessment: Identify and Prioritize Information System Risks
Abstract
Is your InfoSec Program making you more secure? Are you investing in the right areas? What are the right areas? It is difficult to manage what you do not understand and even more difficult to secure what you are not managing. This talk will explore SynerComm's methodology for completing a risk assessment. From defining scope to validating controls and assessing risk, SynerComm will walk your organization through the assessment of risk.
Speaker
Bill Curtis Details
Presented by
Presentation
Download

Back to Top

Title
(ISP 3 of 3) Validating your Information Security Program
Abstract
This session will explore what needs to be validated to assess, measure, and improve the effectiveness and efficiency of your Information Security program.
Speaker
Brian Judd Details
Presented by
Presentation
Download

Back to Top

Title
SOARing to New Heights: Augmenting SIEM with a more holistic approach
Abstract
Security Incident and Event Management (SIEM) is a powerful tool in any organization but it is generally a reactive solution. Rounding out SIEM with Security Orchestration, Automation and Response (SOAR) adds a proactive and more holistic element to your security. Learn more about SOAR and how your organization can benefit from some of its tenets.
Speaker
Nate Ressel Details
Presented by
Presentation
Download

Back to Top

Title
Infamous Breaches: Lessons Learned
Abstract
Data breaches in 2017 were worse than those in 2016, and the 2016 breaches were worse than 2015, and so on. Are information security programs learning the lessons from organizations in the news? Probably not, as many of the reported breaches are due to failures of basic information technology processes. Simply put, organizations are failing at fundamental security tasks which if implemented would lead to fewer breaches and greater security for their data. We will explore the basics, why they matter, and when failure to implement the basics led to breaches you may have heard of (and some you may not have). To be effective at defining and deploying a strategy you must understand the rules (customers, frameworks, ISMS). This session will explore the elements necessary to define, assess, improve, & mature your information security program. Start with the basic blocking and tackling and the rest will become evident.
Speaker
Bill Curtis Details
Presented by
Real Time Analytics