Most companies have huge gaps in their computer security defenses, and can be compromised at will by a determined hacker. The industry even has a term for it: "Assume Breach".

But it doesn't have to be that way!

Join Roger A. Grimes, a 30-year computer security consultant and author of 10 books, for this session where he explores the latest research on what's wrong with current network defenses and how they got this way. Roger will teach you what most organizations are doing wrong, why, and how to fix it. You'll leave this webinar with a fresh perspective and an action plan to improve the efficiency and effectiveness of your current computer security defenses.

Roger will teach you:

• What most companies are doing wrong, why, and how to fix it
• An action plan to improve the effectiveness of your computer security defenses
• How to create your "human firewall"

Biohackers exist and walk among us. Most security professionals would not allow users into their environment with offensive security tools. How do you address individuals who have surgically implanted such devices into their bodies.

I have multiple subdermal implants that range from NFC, HID/Prox and RFiD devices. This allows me to become the attack vector. In this talk, I provide a brief overview of the types of bio-implants on the market and share various case studies on the potential damage malicious biohackers can inflict.

I also demonstrate how I am able to quickly compromise loosely connected devices and open a reverse TCP Shell to a CnC server through my attack L3pr@cy in under three minutes.

Finally, I show how I steal HID Proximity Card Data and write that back to the implant. This avoids any physical evidence of a breach. This also allows me to gain access to data as well as physical access to secured locations.

As security professionals, we must anticipate the unknown. These include any individuals that enter our facilities or are simply around us in public. These types of attacks are becoming more common. A majority of security community are not aware they exist. Discussions on what was once thought to be science-fiction are now science fact.

Through continuing education on phishing and social engineering attacks, tightening MDM restrictions, endpoint management, behavioral analytics, least privilege and privileged access, we can take preventive measures around the threats we can't see.

What Threat Actors look for in Ransomware Targets and how to get ignored at the next Campaign

In this session, Brad Mecha will discuss the 2021 Trends in Ransomware Campaigns and will look at who is being targeted and why Threat Actors attack some organizations and not others. Brad will also review common methods defenders can use to be less desirable to Ransomware Operators.

The traditional data center is dead, long live the new data center. The Roman Empire lasted for about 500 years, from 27BCE to 476CE, reaching its peak around 120CE. Despite all of the contributions of the Roman Empire, plumbing, roads, judicial system, just to name a few; it's fall was inevitable, mainly due to becoming too large to operate centrally with any type of efficiency and security. The traditional data center is a few years past 120CE as compared to the Roman Empire, not unlike the Roman Empire the traditional data center is failing because of loss of centralized control. The traditional data center is dead, long live SASE and ZTNA. Join us to explore the decline of the traditional data center, the rise of more agile architectures and learn a few random facts about the Roman Empire, as we discuss the decentralized new "data center" by implementing the concepts of SASE (Secure Access Service Edge) and ZTNA (Zero Trust Network Access).

In the last decade, enterprise Docker use has seen tremendous growth. Like any highly-configurable technology, there are many security footguns and considerations. In this presentation, we will begin with what Docker is, how it is being used, what security considerations come with that usage. With that foundation set, we will then cover best practices and tools to help automate enforcement of them.

At some point in 2015, cybercriminals had an aha moment. Instead of going through all of the trouble of breaking into a network, stealing data and then executing a complicated scheme to monetize that data, they found a shortcut — and it was already paved.

Data encryption was touted as a defense against attempts to steal data, and companies implemented encryption to keep their data safe. It did not take long for the bad guys to figure out a way to turn those defenses around: Encrypt the data and hold the key for ransom. Already armed with methods to trick users into running things they should not, attack methods were created that locked companies out of their own computers, data stores and applications.

Preparing for these attacks relies on basic cybersecurity hygiene. At its core, a ransomware attack is just a variant of a malware attack, relying on the same weaknesses that malware attacks have needed for many years. The results of the attack, however, require new considerations.

Can your company survive a ransomware attack? In this session, we will help you answer that question by probing the answers to these four questions:

1. Can we protect against the attack?
2. Can we detect the attack?
3. How do we respond to the attack?
4. If the attack is successful, how will we recover?

Resources:

• www.nomoreransom.org
• NIST pdf

Successful cyberattacks happen. What doesn't always happen, is the preparation for those attacks. The faster any organization detects and responds to incidents or data breaches, the less will be felt in terms of lost data, lost confidence, and lost revenue. While planning doesn't guarantee victory, it certainly increases the odds. How can you increase the effectiveness and relevancy of your plans? By brining realism and detail to your plans with tabletop exercises and playbooks.

This discussion will cover improving your tabletop exercises by adding actual recovery tasks to the exercise and including executive level steps within the scenario. Examples from SynerComm's recent exercises will be explored, offering attendees an insight into scenarios that have been used, simulated attack steps that have been leveraged, and the resulting improvements to incident response plans. Playbooks are a major part of the improvements. The session will go into the importance of developing playbooks for specific incident types, and show how the tabletop exercise should be leveraged in creating a playbook.

Preventing breaches begins by protecting your assets. To do so requires some knowledge about each asset we wish to protect. Digital transformation, cloud migration, and SaaS have made maintaining an external inventory of systems seemingly impossible. SynerComm's Continuous Attack Surface Management (CASM) scours the internet 24/7 looking for new systems, services, and exposures. When paired with Continuous Penetration Testing (CPT), your organization will have the assurance needed to tell your stakeholders that you've got your assets covered. Join Brian as he presents SynerComm's industry leading solution to external attack surface management.

Security is a vital part of any software development project. While conducting software security analysis has typically been the domain of specialized penetration testers, this approach is expensive and often conducted late into the project. By integrating automated security checks into the software development lifecyle (SDLC) early on, many potential security issues can be discovered before they ever become problematic.

In this presentation, we will look at some practical techniques for incorporating security checks into your continuous integration pipelines. In doing so, we can ensure maximum security for your software development projects.

Businesses face an increasing set of IT security regulations and contractual requirements. At the same time, IT organizations are asked to do more with less. The result is a perpetual state of reactive security. This a cultural condition that can drive a vicious cycle between business leadership and IT security leadership: The security team seems increasingly challenged, the business seems increasingly cautious over security investments. The result is cybersecurity debt and a company facing greater and great levels of risk. Everyone involved wants less cybersecurity risk for the organization but struggles to tackle it efficiently and effectively.

Constantly executing without a plan breeds a reactive culture. Move your company's security from a position of being reactive to a position of being proactive, comprehensive, continuous, and measurable. A little effort can go a long way to align business and IT security leadership, and build a new cycle where security investments lead to measurable security.

PaloAlto Firewall (Strata) Capture the Flag

Based on Palo Alto Networks PAN-OS 10.0 features and functionality.

Have Fun and Pick Up the Strata Security Skills

Firewall security is changing quickly, and organizations around the world struggle to implement and integrate the shifting pieces of the puzzle - threat detection, visibility, misconfiguration management and risk remediation - all while complying with industry standards.

With all these things to consider, how can you be sure you have what you need to keep your organization secure?

We can help - and it'll be as fun as it is informative!

Your mission: Identify security issues and misconfigurations in a firewall environment.

Your weapon: Use Palo Alto Networks Strata Firewall to identify as many of these issues as possible in the 45 minute time limit.

Join cybersecurity peers and experts for our capture the flag event to hone your skills and knowledge to help you combat future security threats, all while enjoying beverages and grabbing some cool prizes.

Bring a minimum of 1 laptop per team.

The top 3 teams will go home with prizes.

Secure your spot!

*Note: Must register in advance to attend.

In the past two years, a ransomware pandemic has raged on. During this session, you will learn lessons learned from ransomware incident response, including attacker methodologies, the regulatory pressures on ransom payments, and common attacker techniques, both at a technical level and operationally.

At some point in 2015, cybercriminals had an aha moment. Instead of going through all of the trouble of breaking into a network, stealing data and then executing a complicated scheme to monetize that data, they found a shortcut — and it was already paved.

Data encryption was touted as a defense against attempts to steal data, and companies implemented encryption to keep their data safe. It did not take long for the bad guys to figure out a way to turn those defenses around: Encrypt the data and hold the key for ransom. Already armed with methods to trick users into running things they should not, attack methods were created that locked companies out of their own computers, data stores and applications.

Preparing for these attacks relies on basic cybersecurity hygiene. At its core, a ransomware attack is just a variant of a malware attack, relying on the same weaknesses that malware attacks have needed for many years. The results of the attack, however, require new considerations.

Can your company survive a ransomware attack? In this session, we will help you answer that question by probing the answers to these four questions:

1. Can we protect against the attack?
2. Can we detect the attack?
3. How do we respond to the attack?
4. If the attack is successful, how will we recover?

Resources:

• www.nomoreransom.org
• https://csrc.nist.gov/CSRC/media/Publications/nistir//draft/documents/NIST.IR.8374-preliminary-draft.pdf

Now more than ever it's important for organizations to be able to identify and contain email and brand reputation threats. While the concept of email security hasn't changed in over 20 years, the sophistication, tactics, and techniques used by adversaries has dramatically increased. Ransomware, domain spoofing, supply chain attacks, brand exploitation and phishing attempts has increased in both quantity and sophistication, putting many organizations in a reactive and defensive mode. The time has come for organizations to be more proactive and protected to prevent loss of business operations and protect brand and image. Join us for an informative session where we will discuss steps that you can take to protect your organization while building contingency and continuity plans.

Mist Systems has brought AI to wireless networking. We have combined data scientists and cloud architects with decades of wireless domain expertise to build the first truly innovative WLAN platform in over a decade. At the core of our solution is the Mist cloud, purpose-built on a microservices architecture for rapid deployment of new services without impacting existing services. Mist is now part of Juniper and is extending its AI platform to the network at large.

Companies of all sizes can take advantage of Mist's AI-driven solution that delivers the following:

• Wi-Fi and access networking that is predictable, reliable and measurable
• Wired and Wireless operations that are simple and cost effective
• Location services that deliver amazing new wireless experiences

There's a common assumption that there will always be tradeoffs between scale and quality. When we set out to build our security operations center (SOC), we didn't want to trade quality for efficiency. So, when we started the team we pledged that quality and scale would increase together. That commitment to quality now extends to every aspect of our operations. So our work has to be fast and it's got to be good.

We've talked a lot about how we've scaled our SOC with automation. Now, we're going to walk you through the quality end of the equation - how we measure and manage quality in our SOC. Along the way, we'll share a bit about the problems we've encountered, how we've thought about them and some of our guiding principles. Quality is not based on what you assert, it's based on what you accept. It's not enough to say, "We're going to do lean six sigma" - you have to inspect the work. And it's how you inspect the work that matters.

It is no secret that the requests for cybersecurity investments are constantly increasing. Businesses have complicated technology environments, complex business models and relentless regulatory and consumer demands. How should business owners approach innovation while also extracting value from their cybersecurity investments? How can IT and specifically Security leaders establish greater business relevance, while straddling both legacy and rapidly growing modern risks with limited resources?

Shamla will share her practitioner experience on this topic as the former Global CISO of IBM and a board member for multiple companies, while offering us a constructive approach to make these decisions. Shamla will cut through the fluff of buzzwords like SASE, Zero Trust and AI, and get to the heart of our collective mission... Enabling the business to move faster while mitigating the rapidly expanding and evolving risks.

In this session, we will cover the power and agility provided by Multi-Cloud architecture. The core pillar your multi-cloud network architecture must offer more than basic networking and security. You need an architecture that will scale to support the rapid evolution of your applications and business for decades, whether in a single cloud or across many clouds. The architecture must define a common control plane that supports native cloud APIs and advanced networking and security capabilities needed to form a common data plane with visibility and control required for an enterprise-class multi-cloud network.

The expanding attack perimeter has companies of all sizes struggling to monitor and protect against attackers. Security and risk leaders need more context about the threats that exist across their company's internal and external attack surfaces, as well as the ability to ensure a rapid and complete response.

In this session, Jeffrey Gardner, Rapid7's Practice Advisor to the Detection and Response Practice, will explore the intersection of extended detection and response (XDR) and cyber threat intelligence (CTI) to uncover its many benefits for security risk mitigation:

• How CTI extends your company's "monitored environment"
• Ways to improve signal-to-noise ratio and understand your real risk
• The latest technologies for driving a proactive and automated response

Preventing breaches begins by protecting your assets. To do so requires some knowledge about each asset we wish to protect. Digital transformation, cloud migration, and SaaS have made maintaining an external inventory of systems seemingly impossible. SynerComm's Continuous Attack Surface Management (CASM) scours the internet 24/7 looking for new systems, services, and exposures. When paired with Continuous Penetration Testing (CPT), your organization will have the assurance needed to tell your stakeholders that you've got your assets covered. Join Brian as he presents SynerComm's industry leading solution to external attack surface management.

Remember the Tamagotchi toy from the 1990’s? Well, let us introduce you to the Pwnagotchi. Join SynerComm's penetration testers for a hands-on opportunity to build and take home your very own. This double-session workshop will begin with a short presentation on wireless hacking/security and then jump right in to building, nurturing, and training your very own Pwnagotchi.

Blog: shellntel.com

Required Equipment:

• Laptop with USB port (local admin privilege highly suggested)

Recommended Hardware:

• The Pwnagotchi loves to be mobile and discover the world. We recommend bringing a portable USB battery or giving your Pwnagotchi a permanent PiSugar battery. SynerComm will supply a custom 3D printed case that perfectly fits the PiSugar battery linked below.
• PiSugar 3.7V 4.4Whr Li-ion Battery
  amazon.com

SynerComm-provided Hardware:

• Raspberry Pi Zero
• Waveshare 2.13 inch e-Paper Display
• Custom 3D printed case (designed for a PiSugar battery)
• USB Cable & Micro-SDHC Memory Card

*Note: Must register in advance to attend.

Successful cyberattacks happen. What doesn't always happen, is the preparation for those attacks. The faster any organization detects and responds to incidents or data breaches, the less will be felt in terms of lost data, lost confidence, and lost revenue. While planning doesn't guarantee victory, it certainly increases the odds. How can you increase the effectiveness and relevancy of your plans? By brining realism and detail to your plans with tabletop exercises and playbooks.

This discussion will cover improving your tabletop exercises by adding actual recovery tasks to the exercise and including executive level steps within the scenario. Examples from SynerComm's recent exercises will be explored, offering attendees an insight into scenarios that have been used, simulated attack steps that have been leveraged, and the resulting improvements to incident response plans. Playbooks are a major part of the improvements. The session will go into the importance of developing playbooks for specific incident types, and show how the tabletop exercise should be leveraged in creating a playbook.

A quick overview of many new Palo features that can reduce risk. Presented in a demo format to see how the configuration is done.

Leadership does (or should) want to understand where cybersecurity weaknesses exist, what the IT Security organization is doing about it, and what impact that effort is having. Unfortunately, many companies experience disconnects between business leadership and IT security leadership. This disconnect often exists just below the surface of communication and results in a tenuous, suspicious relationship. The business is hesitant to invest in new security, the security team suspects the business views them simply as a cost. When a security breach occurs, the disconnect becomes painfully obvious. Both "sides" react to protect the business, but it often too little too late, and the suspicion grows.

Despite having a plan, businesses commonly "measure" security posture based on experiencing or not experiencing breaches. That is an unfortunately bad measure as not experiencing a breach does not inherently mean you are secure. Similarly, experiencing a breach does not inherently mean that you have been ignoring cybersecurity. When the business and IT security leadership continuously and effectively communicate regarding the company's cybersecurity posture, the business stands the best chance of deflecting and surviving breaches. Easier said than done.

A plan without execution is just as bad as execution without a plan. Move your company's security from a position of being reactive to a position of being proactive, comprehensive, continuous, and measurable. A little effort can go a long way to align business and IT security leadership, and build a new cycle where security investments lead to measurable security.

Security is a vital part of any software development project. While conducting software security analysis has typically been the domain of specialized penetration testers, this approach is expensive and often conducted late into the project. By integrating automated security checks into the software development lifecyle (SDLC) early on, many potential security issues can be discovered before they ever become problematic.

In this presentation, we will look at some practical techniques for incorporating security checks into your continuous integration pipelines. In doing so, we can ensure maximum security for your software development projects.