IT Summit - Fall
Wednesday-Thursday, September 11-12, 2019

SynerComm's 17th Annual IT Conference, at Potawatomi Hotel & Casino

Registration Closed

Click on a track to filter the results below


Back to Top

Title
Quad - IT Improving the Bottom Line: disruptive thinking and technologies (AI + BPM)
Abstract
In this keynote session Steve Jaeger, Quad CIO will share some thought-provoking use cases and opportunities that they discovered to change business as usual, leveraging disruptive thinking and technologies (AI) to positively impact the bottom line and customer perceptions.
Speaker
Steve Jaeger Details
Presented by
Presentation
Download

Back to Top

Title
How Machine Learning Actually Works for Risk Based Authentication
Abstract
The future of security revolves around security automation and machine learning. While this sounds nice at face value, building a strategy around identity and access management requires a plan. Idaptive will discuss a proven IAM Framework to provide Zero Trust Security. Continuous authentication is the gold standard of IAM however it only works when there is balance between security and user productivity. During this session we’ll dive into how risk based decisions are use to create rock solid MFA and SSO solutions along with a demo of real life solutions in practice.
Speaker
Brian Krause Details
Presented by
Presentation
Download

Back to Top

Title
Visibility, to what end?
Abstract
This session looks to challenge your current way of thinking about Visibility Projects. You may often hear the words "I really need to see what is on my network" but have you ever asked why network visibility is important? Digging past the surface of your current visibility project may lead to more value than you realize for you and your organization.
Speaker
Shane Coleman Details
Presented by
Presentation
Download

Back to Top

Title
Operationalizing the NIST Cybersecurity Framework (CSF) and successfully navigating the managed security services market
Abstract

Alright, let's address the elephant in the room. Frameworks aren't known for being page turners - even when they're shortened into seven characters like the NIST CSF. But there are some things you do because they're "good" for you - like going to the doctor, eating well and exercising. The NIST CSF is like that. While we can't turn the NIST CSF into the latest best seller (sorry!), we can give you a quick tour and show you exactly how you can positively affect your NIST CSF ratings - both now ... and over the long term.

Next, we will explore how to successfully naviagate the confusing managed security services landscape and the emergence of MDRs and the due diligence questions you need to ask to align expectations and measure value.

Speaker
Bruce Potter Details
Presented by
Presentation
Download

Back to Top

Title
IT Executive Leadership Roundtable
Presented by

Back to Top

Title
Keys to operationalizing a Framework or avoiding common pitfalls and making it relevant and effective today and in the future
Abstract
Compliance doesn't equal security and security doesn't equal compliance.
Speaker
Bill Curtis, Jeff Lemmermann, Paul Hendler Details
Presented by

Back to Top

Title
Pentest Post-Mortems - What Should Keep You Up At Night!
Abstract
We've always said that security is everyone's job, but never has that been more true. This talk will focus on the critical lessons learned from over 10 years of penetration testing. Brian has led, participated in, and reviewed the reports from hundreds of penetration tests. Perhaps not too surprising, the discovered flaws and vulnerabilities are not unique to industry or even company size. Join us for a review of the weaknesses that should keep you up at night. There will be plenty of opportunity to discuss these concerns and others with Brian and your fellow attendees.
Speaker
Brian Judd Details
Presented by
Presentation
Download

Back to Top

Title
Cloud Architecture: When and How to go Cloud
Abstract

This presentation will take a business-meets-technical approach to cloud hosting. The focus areas of this presentation are:

  • When does it make sense to migrate applications to the cloud?
  • What do we need to do to prepare?
  • How does an organization go about a cloud deployment?

For some organizations, the time to migrate applications to the cloud was 2012. For others it might be 2019 or beyond. Knowing the costs, capabilities, and limitations of cloud platforms along with readying your teams with proper support and training is the key to success.

Speaker
Aaron Howell; William Kiley Details
Presented by
Presentation
Download

Back to Top

Title
Cloud Defense: The Azure and Office 365 Battleground
Abstract

This presentation will look at what moving corporate email systems to the Microsoft cloud means in terms of security against attacks to steal data and deny services. Three primary areas of focus will make up the presentation:

  • What Microsoft Secure Score is and what it isn't
  • The role Microsoft Azure plays in all Office 365 corporate deployments
  • How to assess and set proper controls in the Azure and Office 365 environment

Moving from an on premise to a cloud-based environment only changes who owns the physical equipment that houses your information. It doesn't change the fundamentals of protecting that information. Attendees will hear about the latest attack tactics against Azure and Office 365, why they are working, and what defense strategies can stop these attacks.

During the session, we will discuss the Microsoft Secure Score analysis, ways to leverage what it tells us, and why additional steps are essential to protecting the system. We will review how Microsoft Azure interacts with the Office 365 implementation and look at assessing and improving the important settings to defend the confidentiality, integrity, and accessibility the system and its data.

Speaker
Jeff Lemmermann Details
Presented by
Presentation
Download

Back to Top

Title
Maturing Your SDLC: BSIMM Framework
Abstract

In this presentation, the speaker introduces a series of talks surrounding the concept of a secure software development life cycle (S-SDLC). Software teams are not strangers to frameworks. They offer powerful libraries, opinionated design patterns, and robust communities that can improve the quality and efficiency of your teams product(s). What if that concept could be applied to the practices surrounding software security?

Join us to explore the concept of a security framework for software development using BSIMM.

Speaker
William Kiley Details
Presented by
Presentation
Download

Back to Top

Title
A Risk Assessment Primer. Laying out what an organization should do to prepare for and effectively participate in an information systems risk assessment.
Abstract
In this session you will learn inventory characteristics, data worth, and controls maturity against the CIS Top 20. If you're not thinking this way and not considering these things you better get going.
Speaker
Bill Curtis Details
Presented by

Back to Top

Title
Cloud Defense: AWS Common Findings & Mitigating Controls
Abstract
In this presentation, we will cover pitfalls in application deployments with enterprise cloud providers. How can we prepare, protect, clean-up, and mitigate properly to get the best possible experience with our provider(s)?
Speaker
Aaron Howell Details
Presented by
Presentation
Download

Back to Top

Title
Maturing Your SDLC: Static & Dynamic Testing
Abstract
In this presentation, the speaker builds on Chapter 1 of the series which outlined the components of a modern software development life cycle (SDLC). This time, the speaker focuses on one area: automated security testing. What can it do for my business? What are some of options and examples? What does it require to set up and maintain, and is it worth it?
Speaker
William Kiley Details
Presented by
Presentation
Download

Back to Top

Title
Failure is not an Option: Managing Digital Debt
Abstract
Join us to discuss just what "digital debt" is, what it means in the world of digital transformation, and how your organization can manage the debt, rather than being managed by it.
Speaker
Marc Spindt Details
Presented by
Presentation
Download

Back to Top

Title
Strategies and Lessons Learned from Recent Breaches: Are You Making the Same Mistakes?
Abstract
2019 will be a banner year for data breaches—we are on pace to have the most records disclosed, ever. In this session, Justin will share lessons from the legal side of the data breach world, including what happens when an entity has insufficient security controls, a disorganized incident response process, fails to preserve evidence, receives inquiries from regulators, and fields angry data breach victim calls. From all of this, Justin will offer insights into how not to become the next data breach victim, how to navigate a data breach when it inevitably occurs, how to mitigate risk with cyberliability insurance, and the legal considerations that permeate incident response.
Speaker
Justin Webb Details
Presented by

Back to Top

Title
Bringing Artificial Intelligence to Access and Wireless Networking
Abstract

Mist Systems has brought AI to wireless networking. We have combined data scientists and cloud architects with decades of wireless domain expertise to build the first truly innovative WLAN platform in over a decade. At the core of our solution is the Mist cloud, purpose-built on a microservices architecture for rapid deployment of new services without impacting existing services. Mist is now part of Juniper and is extending its AI platform to the network at large.

Companies of all sizes can take advantage of Mist's AI-driven solution that delivers the following:

  • Wi-Fi and access networking that is predictable, reliable and measurable
  • Wired and Wireless operations that are simple and cost effective
  • Location services that deliver amazing new wireless experiences
Speaker
Tom Wilburn Details
Presented by

Back to Top

Title
Five Critical Elements of Endpoint Security
Abstract

Endpoint security is one of the most critical components of a cybersecurity strategy. The 2018 SANS Endpoint Security Survey Report found that more than 80 percent of known breaches involved an endpoint. Nearly every one of these endpoints had some form of endpoint protection installed, which failed to live up to the challenge of today's adversary. Unfortunately, for those responsible for protecting their organizations' endpoints, it has never been more challenging to select the best solution for the job.

In this presentation, Scott Taschler of CrowdStrike provides an overview of the 5 critical elements of endpoint protection required to effectively protect an organization against today's modern threats.

Speaker
Scott Taschler Details
Presented by
Presentation
Download

Back to Top

Title
Why Network Detection and Response is necessary
Abstract
Malware authors have not been resting on their laurels: new evasion techniques and file-less malware are beginning to cause real impact on enterprise networks. Traditional detection tools are being bypassed, and the exponential growth of traffic both inside and outside your walls make your security team’s job to find the needle in the haystack a hard game to win. Network detection and response (NDR) tools combine both AI and machine learning with behavioral analytics to connect the dots for your security staff. NDR empowers your threat hunters with real threat intelligence and actionable insights to events in real- or near real-time. This talk will explain how we got to this stage, and where NDR may fit inside your castle walls.
Speaker
Richard Henderson Details
Presented by
Presentation
Download

Back to Top

Title
Pentest Post-Mortems - What Should Keep You Up At Night!
Abstract
We've always said that security is everyone's job, but never has that been more true. This talk will focus on the critical lessons learned from over 10 years of penetration testing. Brian has led, participated in, and reviewed the reports from hundreds of penetration tests. Perhaps not too surprising, the discovered flaws and vulnerabilities are not unique to industry or even company size. Join us for a review of the weaknesses that should keep you up at night. There will be plenty of opportunity to discuss these concerns and others with Brian and your fellow attendees.
Speaker
Brian Judd Details
Presented by
Presentation
Download

Back to Top

Title
A Risk Assessment Primer. Laying out what an organization should do to prepare for and effectively participate in an information systems risk assessment.
Abstract
In this session you will learn inventory characteristics, data worth, and controls maturity against the CIS Top 20. If you're not thinking this way and not considering these things you better get going.
Speaker
Bill Curtis Details
Presented by

Back to Top

Title
Cloud Architecture: When and How to go Cloud
Abstract

This presentation will take a business-meets-technical approach to cloud hosting. The focus areas of this presentation are:

  • When does it make sense to migrate applications to the cloud?
  • What do we need to do to prepare?
  • How does an organization go about a cloud deployment?

For some organizations, the time to migrate applications to the cloud was 2012. For others it might be 2019 or beyond. Knowing the costs, capabilities, and limitations of cloud platforms along with readying your teams with proper support and training is the key to success.

Speaker
Aaron Howell; William Kiley Details
Presented by
Presentation
Download

Back to Top

Title
Balancing Security and Privacy in the Age of AI
Abstract
While technological innovations bring us new options for better security, we must constantly evaluate how they affect our privacy. For example, with cheaper, better cameras, we can have surveillance, but we lose some privacy. When traveling by plane, we let security x-ray our bags for assurance of security. We make the same considerations for securing our organizations. Today, the number one threat vector is email security, where hackers are targeting employee communications. We need better ways of monitoring communications, but no one wants anyone going through their emails, documents, slack, etc. With the age of AI - we have new opportunities where machines can analyze the communications in an automated fashion, and flag issues for security, without violating privacy. In this talk, learn how new techniques using deep learning and natural language understanding (NLU) deliver better security without sacrificing privacy.
Speaker
Melinda Marks Details
Presented by

Back to Top

Title
5 Top CASB Use Cases
Abstract

Cloud and mobile usage has skyrocketed in many enterprises, introducing many new risks to corporate data. Cloud access security brokers (CASBs) have quickly become go-to solutions for securing apps like Office 365, Salesforce, and AWS.

However, the wide ranging capabilities of a CASB can make it difficult to identify which use cases are most relevant to your organization's needs and how these platforms solve critical challenges. In this session we will identify the five most common CASB use cases.

Speaker
Jon Peppler Details
Presented by

Back to Top

Title
Next Generation Secure Access
Abstract
Traditional security perimeters have shifted and organizations must be able to extend dynamic, on-demand application access to users without compromising security or user experience. By enabling secure “verified” user and device access to only authorized applications, Pulse Software Defined Perimeter helps customers reduce their exposure to advanced threats, while simplifying connectivity and improving experience.
Speaker
Ashur Kanoon Details
Presented by

Back to Top

Title
Keys to operationalizing a Framework or avoiding common pitfalls and making it relevant and effective today and in the future
Abstract
Compliance doesn't equal security and security doesn't equal compliance.
Speaker
Bill Curtis, Jeff Lemmermann, Paul Hendler Details
Presented by

Back to Top

Title
Maturing Your SDLC: BSIMM Framework
Abstract

In this presentation, the speaker introduces a series of talks surrounding the concept of a secure software development life cycle (S-SDLC). Software teams are not strangers to frameworks. They offer powerful libraries, opinionated design patterns, and robust communities that can improve the quality and efficiency of your teams product(s). What if that concept could be applied to the practices surrounding software security?

Join us to explore the concept of a security framework for software development using BSIMM.

Speaker
William Kiley Details
Presented by
Presentation
Download

Back to Top

Title
Cloud Defense: AWS Common Findings & Mitigating Controls
Abstract
In this presentation, we will cover pitfalls in application deployments with enterprise cloud providers. How can we prepare, protect, clean-up, and mitigate properly to get the best possible experience with our provider(s)?
Speaker
Aaron Howell Details
Presented by
Presentation
Download

Back to Top

Title
Failure is not an Option: Managing Digital Debt
Abstract
Join us to discuss just what "digital debt" is, what it means in the world of digital transformation, and how your organization can manage the debt, rather than being managed by it.
Speaker
Marc Spindt Details
Presented by
Presentation
Download

Back to Top

Title
Maturing Your SDLC: Static & Dynamic Testing
Abstract
In this presentation, the speaker builds on Chapter 1 of the series which outlined the components of a modern software development life cycle (SDLC). This time, the speaker focuses on one area: automated security testing. What can it do for my business? What are some of options and examples? What does it require to set up and maintain, and is it worth it?
Speaker
William Kiley Details
Presented by
Presentation
Download

Back to Top

Title
Cloud Defense: The Azure and Office 365 Battleground
Abstract

This presentation will look at what moving corporate email systems to the Microsoft cloud means in terms of security against attacks to steal data and deny services. Three primary areas of focus will make up the presentation:

  • What Microsoft Secure Score is and what it isn't
  • The role Microsoft Azure plays in all Office 365 corporate deployments
  • How to assess and set proper controls in the Azure and Office 365 environment

Moving from an on premise to a cloud-based environment only changes who owns the physical equipment that houses your information. It doesn't change the fundamentals of protecting that information. Attendees will hear about the latest attack tactics against Azure and Office 365, why they are working, and what defense strategies can stop these attacks.

During the session, we will discuss the Microsoft Secure Score analysis, ways to leverage what it tells us, and why additional steps are essential to protecting the system. We will review how Microsoft Azure interacts with the Office 365 implementation and look at assessing and improving the important settings to defend the confidentiality, integrity, and accessibility the system and its data.

Speaker
Jeff Lemmermann Details
Presented by