IT Summit - Fall
Wednesday-Thursday, September 11-12, 2019

SynerComm's 17th Annual IT Conference, at Potawatomi Hotel & Casino

Register Now

Click on a track to filter the results below


Back to Top

Title
Quad - IT Improving the Bottom Line: disruptive thinking and technologies (AI + BPM)
Abstract
In this keynote session Steve Jaeger, Quad CIO will share some thought-provoking use cases and opportunities that they discovered to change business as usual, leveraging disruptive thinking and technologies (AI) to positively impact the bottom line and customer perceptions.
Speaker
Steve Jaeger Details
Presented by

Back to Top

Title
Device Visibility: Six Ways to Enhance Security with 100 Percent Device Visibility
Abstract
Securing network infrastructure continues to grow more complex by the day. This complexity is driven by the phenomenal growth of IoT devices, platform diversity, cloud adoption and IT and OT convergence. The vast majority of new devices joining your networks aren’t designed to support management agents—creating a serious visibility and risk gap. You need a way to discover devices whether they have agents on board or not, whether they’re physical or virtual—regardless of where they’re located. You also need continuous, real-time monitoring and the ability to profile and classify devices the second they attach to your network. This session will cover six opportunities to close this visibility gap in the the most effective way to achieve a positive impact on your network security and risk mitigation efforts
Presented by

Back to Top

Title
Operationalizing the NIST Cybersecurity Framework (CSF) and successfully navigating the managed security services market
Abstract

Alright, let's address the elephant in the room. Frameworks aren't known for being page turners - even when they're shortened into seven characters like the NIST CSF. But there are some things you do because they're "good" for you - like going to the doctor, eating well and exercising. The NIST CSF is like that. While we can't turn the NIST CSF into the latest best seller (sorry!), we can give you a quick tour and show you exactly how you can positively affect your NIST CSF ratings - both now ... and over the long term.

Next, we will explore how to successfully naviagate the confusing managed security services landscape and the emergence of MDRs and the due diligence questions you need to ask to align expectations and measure value.

Speaker
Bruce Potter Details
Presented by

Back to Top

Title
Pentest Post-Mortems - What Should Keep You Up At Night!
Abstract
We've always said that security is everyone's job, but never has that been more true. This talk will focus on the critical lessons learned from over 10 years of penetration testing. Brian has led, participated in, and reviewed the reports from hundreds of penetration tests. Perhaps not too surprising, the discovered flaws and vulnerabilities are not unique to industry or even company size. Join us for a review of the weaknesses that should keep you up at night. There will be plenty of opportunity to discuss these concerns and others with Brian and your fellow attendees.
Speaker
Brian Judd Details
Presented by

Back to Top

Title
IT Executive Leadership Roundtable
Presented by

Back to Top

Title
Validating and Tuning Your Detection & Response (OneCDR) Platform
Speaker
Marc Spindt Details
Presented by

Back to Top

Title
Keys to operationalizing a Framework or avoiding common pitfalls and making it relevant and effective today and in the future
Abstract
Compliance doesn't equal security and security doesn't equal compliance.
Speaker
Bill Curtis, Jeff Lemmermann, Paul Hendler Details
Presented by

Back to Top

Title
A Risk Assessment Primer. Laying out what an organization should do to prepare for and effectively participate in an information systems risk assessment.
Abstract
In this session you will learn inventory characteristics, data worth, and controls maturity against the CIS Top 20. If you're not thinking this way and not considering these things you better get going.
Speaker
Bill Curtis Details
Presented by

Back to Top

Title
Cloud Defense: The Azure and Office 365 Battleground
Abstract

This presentation will look at what moving corporate email systems to the Microsoft cloud means in terms of security against attacks to steal data and deny services. Three primary areas of focus will make up the presentation:

  • What Microsoft Secure Score is and what it isn't
  • The role Microsoft Azure plays in all Office 365 corporate deployments
  • How to assess and set proper controls in the Azure and Office 365 environment

Moving from an on premise to a cloud-based environment only changes who owns the physical equipment that houses your information. It doesn't change the fundamentals of protecting that information. Attendees will hear about the latest attack tactics against Azure and Office 365, why they are working, and what defense strategies can stop these attacks.

During the session, we will discuss the Microsoft Secure Score analysis, ways to leverage what it tells us, and why additional steps are essential to protecting the system. We will review how Microsoft Azure interacts with the Office 365 implementation and look at assessing and improving the important settings to defend the confidentiality, integrity, and accessibility the system and its data.

Speaker
Jeff Lemmermann Details
Presented by

Back to Top

Title
Maturing Your SDLC: Chapter 1 - BSIMM Framework
Abstract

In this presentation, the speaker introduces a series of talks surrounding the concept of a secure software development life cycle (S-SDLC). Software teams are not strangers to frameworks. They offer powerful libraries, opinionated design patterns, and robust communities that can improve the quality and efficiency of your teams product(s). What if that concept could be applied to the practices surrounding software security?

Join us to explore the concept of a security framework for software development using BSIMM.

Speaker
William Kiley Details
Presented by

Back to Top

Title
Maturing Your SDLC: Chapter 2 - Static & Dynamic Testing
Abstract
In this presentation, the speaker builds on Chapter 1 of the series which outlined the components of a modern software development life cycle (SDLC). This time, the speaker focuses on one area: automated security testing. What can it do for my business? What are some of options and examples? What does it require to set up and maintain, and is it worth it?
Speaker
William Kiley Details
Presented by

Back to Top

Title
SynerComm Security Forecast: Protecting your organization from the dangers of the cloud
Abstract
In this presentation, we will cover pitfalls in application deployments with enterprise cloud providers. How can we prepare, protect, clean-up, and mitigate properly to get the best possible experience with our provider(s)?
Speaker
Aaron Howell Details
Presented by

Back to Top

Title
Framework Creep - Making your compliance and controls frameworks work for you (CIS, NIST, HIPAA etc.) One SSP
Speaker
Marc Spindt Details
Presented by

Back to Top

Title
Lessons Learned from real-world breaches that you can apply to your Governance strategy
Abstract
We have all heard of the mega breaches like Capital One and Equifax. In this session Justin will share lessons from real-world breaches that you can apply to your governance strategy on costs and essential elements of your incident response, forensics investigation and Cyber Liability Insurance plans.
Speaker
Justin Webb Details
Presented by

Back to Top

Title
Five Critical Elements of Endpoint Security
Abstract

Endpoint security is one of the most critical components of a cybersecurity strategy. The 2018 SANS Endpoint Security Survey Report found that more than 80 percent of known breaches involved an endpoint. Nearly every one of these endpoints had some form of endpoint protection installed, which failed to live up to the challenge of today's adversary. Unfortunately, for those responsible for protecting their organizations' endpoints, it has never been more challenging to select the best solution for the job.

In this presentation, Scott Taschler of CrowdStrike provides an overview of the 5 critical elements of endpoint protection required to effectively protect an organization against today's modern threats.

Speaker
Scott Taschler Details
Presented by

Back to Top

Title
Bringing Artificial Intelligence to Wireless Networking
Abstract

Mist Systems is ideally suited for bringing AI to wireless networking. We have combined data scientists and cloud architects with decades of wireless domain expertise to build the first truly innovative WLAN platform in over a decade. At the core of our solution is the Mist cloud, purpose-built on a microservices architecture for rapid deployment of new services without impacting existing services.

Companies of all sizes can take advantage of Mist’s AI-driven wireless solution that delivers the following:

  • Wi-Fi that is predictable, reliable and measurable
  • Wireless operations that are simple and cost effective
  • Location services that deliver amazing new wireless experiences
Speaker
Tom Wilburn Details
Presented by

Back to Top

Title
Why Network Detection and Response is necessary
Abstract
Malware authors have not been resting on their laurels: new evasion techniques and file-less malware are beginning to cause real impact on enterprise networks. Traditional detection tools are being bypassed, and the exponential growth of traffic both inside and outside your walls make your security team’s job to find the needle in the haystack a hard game to win. Network detection and response (NDR) tools combine both AI and machine learning with behavioral analytics to connect the dots for your security staff. NDR empowers your threat hunters with real threat intelligence and actionable insights to events in real- or near real-time. This talk will explain how we got to this stage, and where NDR may fit inside your castle walls.
Speaker
Richard Henderson Details
Presented by

Back to Top

Title
Pentest Post-Mortems - What Should Keep You Up At Night!
Abstract
We've always said that security is everyone's job, but never has that been more true. This talk will focus on the critical lessons learned from over 10 years of penetration testing. Brian has led, participated in, and reviewed the reports from hundreds of penetration tests. Perhaps not too surprising, the discovered flaws and vulnerabilities are not unique to industry or even company size. Join us for a review of the weaknesses that should keep you up at night. There will be plenty of opportunity to discuss these concerns and others with Brian and your fellow attendees.
Speaker
Brian Judd Details
Presented by

Back to Top

Title
A Risk Assessment Primer. Laying out what an organization should do to prepare for and effectively participate in an information systems risk assessment.
Abstract
In this session you will learn inventory characteristics, data worth, and controls maturity against the CIS Top 20. If you're not thinking this way and not considering these things you better get going.
Speaker
Bill Curtis Details
Presented by

Back to Top

Title
Validating and Tuning Your Detection & Response (OneCDR) Platform
Speaker
Marc Spindt Details
Presented by

Back to Top

Title
Balancing Security and Privacy in the Age of AI
Abstract
While technological innovations bring us new options for better security, we must constantly evaluate how they affect our privacy. For example, with cheaper, better cameras, we can have surveillance, but we lose some privacy. When traveling by plane, we let security x-ray our bags for assurance of security. We make the same considerations for securing our organizations. Today, the number one threat vector is email security, where hackers are targeting employee communications. We need better ways of monitoring communications, but no one wants anyone going through their emails, documents, slack, etc. With the age of AI - we have new opportunities where machines can analyze the communications in an automated fashion, and flag issues for security, without violating privacy. In this talk, machine learning expert DJ Sampath, CEO and Cofounder of Armorblox, will describe how new techniques using deep learning and natural language understanding (NLU) deliver better security without sacrificing privacy.
Speaker
DJ Sampath Details
Presented by

Back to Top

Title
TBD
Abstract
TBD
Presented by

Back to Top

Title
Next Generation Secure Access
Abstract
Traditional security perimeters have shifted and organizations must be able to extend dynamic, on-demand application access to users without compromising security or user experience. By enabling secure “verified” user and device access to only authorized applications, Pulse Software Defined Perimeter helps customers reduce their exposure to advanced threats, while simplifying connectivity and improving experience.
Speaker
Ashur Kanoon Details
Presented by

Back to Top

Title
Keys to operationalizing a Framework or avoiding common pitfalls and making it relevant and effective today and in the future
Abstract
Compliance doesn't equal security and security doesn't equal compliance.
Speaker
Bill Curtis, Jeff Lemmermann, Paul Hendler Details
Presented by

Back to Top

Title
Maturing Your SDLC: Chapter 1 - BSIMM Framework
Abstract

In this presentation, the speaker introduces a series of talks surrounding the concept of a secure software development life cycle (S-SDLC). Software teams are not strangers to frameworks. They offer powerful libraries, opinionated design patterns, and robust communities that can improve the quality and efficiency of your teams product(s). What if that concept could be applied to the practices surrounding software security?

Join us to explore the concept of a security framework for software development using BSIMM.

Speaker
William Kiley Details
Presented by

Back to Top

Title
SynerComm Security Forecast: Protecting your organization from the dangers of the cloud
Abstract
In this presentation, we will cover pitfalls in application deployments with enterprise cloud providers. How can we prepare, protect, clean-up, and mitigate properly to get the best possible experience with our provider(s)?
Speaker
Aaron Howell Details
Presented by

Back to Top

Title
Framework Creep - Making your compliance and controls frameworks work for you (CIS, NIST, HIPAA etc.) One SSP
Speaker
Marc Spindt Details
Presented by

Back to Top

Title
Maturing Your SDLC: Chapter 2 - Static & Dynamic Testing
Abstract
In this presentation, the speaker builds on Chapter 1 of the series which outlined the components of a modern software development life cycle (SDLC). This time, the speaker focuses on one area: automated security testing. What can it do for my business? What are some of options and examples? What does it require to set up and maintain, and is it worth it?
Speaker
William Kiley Details
Presented by

Back to Top

Title
Cloud Defense: The Azure and Office 365 Battleground
Abstract

This presentation will look at what moving corporate email systems to the Microsoft cloud means in terms of security against attacks to steal data and deny services. Three primary areas of focus will make up the presentation:

  • What Microsoft Secure Score is and what it isn't
  • The role Microsoft Azure plays in all Office 365 corporate deployments
  • How to assess and set proper controls in the Azure and Office 365 environment

Moving from an on premise to a cloud-based environment only changes who owns the physical equipment that houses your information. It doesn't change the fundamentals of protecting that information. Attendees will hear about the latest attack tactics against Azure and Office 365, why they are working, and what defense strategies can stop these attacks.

During the session, we will discuss the Microsoft Secure Score analysis, ways to leverage what it tells us, and why additional steps are essential to protecting the system. We will review how Microsoft Azure interacts with the Office 365 implementation and look at assessing and improving the important settings to defend the confidentiality, integrity, and accessibility the system and its data.

Speaker
Jeff Lemmermann Details
Presented by