Interop is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Crash Course Presented by:

Crash Course Sponsored by:

The Dark Reading Cybersecurity Crash Course is a two-day event for IT pros (October 5 and 6) who need to catch up on the latest in cybersecurity. No matter what your position in IT, the rapid changes in cybersecurity threats and technology could change the course of your day -- or even your year. But if security isn't your specialty, it can be hard to keep up with all of the latest trends and developments in cyberspace, or learn about the emerging technologies and practices that can help you keep your data safe. Particularly in these days of a pandemic, it’s critical to gain insight into the latest threats, as well as the latest tools and practices for protecting your workers, wherever they might be.

At the Cybersecurity Crash Course, you’ll get advice on the key steps your organization should take to protect critical data, as well as a detailed look at how to respond when your systems have been compromised. Our goal is to make you "security savvy" quickly by summarizing the most current thinking on enterprise defense, while at the same time catching you up on the latest exploits being perpetrated by computer criminals, nation-states, and hacktivists.

What You'll Learn

  • What are the chief cyber threats that could compromise your organization?
  • What risks are security experts and practitioners most concerned about – and what are they doing about them?
  • What are the latest best practices and technologies for defending enterprise data?
  • What should you be doing to secure emerging technologies such as the latest wave of mobile devices and the Internet of Things?
  • How can you secure cloud services and other technologies that lie outside your perimeter?
  • How should your team respond in the event of a data breach, and how should you repair your systems afterward?

Who Should Attend

  • IT and Networking pros who need to know more about security
  • CIOs / CTOs of small and mid-sized organizations who don't have a large IT security staff
  • Security professionals who are new to the role and need a fast, comprehensive update on the latest threats
  • Operations and help desk professionals who must work with IT security issues and interact with cybersecurity counterparts

Dark Reading Cybersecurity Crash Course @ Interop Digital preview featuring Tim Wilson

Tim Wilson Co-Founder & Editor-in-Chief of Dark Reading previews the Cybersecurity Crash Course

Oct. 5: Cyber Defense Strategies (Times in PT)

9:00am - 9:10am
Opening Remarks 

9:10am - 9:45am
Building Cybersecurity Into Building Blocks of an Organization
Allen Ohanian (CISO, LA County DCFS)
To achieve cyber resiliency, effectively combat and survive cyber attacks, information security should be architected in the building blocks of the enterprise and interwoven into the culture, vertically and horizontally. Is your organization equipped to timely detect, prevent, withstand, and survive cyberattacks?

9:45am - 10:20am
Re-thinking and Re-defining Enterprise Infrastructure Security

Jeff Wilson (Chief Analyst, Omdia | Informa Tech)
The Covid-19 quarantine effort has caused most enterprises to completely re-think their IT infrastructure strategies to support employees, suppliers and customers working remotely. How has this sudden shift changed cybersecurity strategies? How will those strategies evolve over time? This session offers insight and recommendations.

10:20am - 10:35am
Lightning Talk With Forcepoint
Indicators of Behavior (IOBs) – The Necessary Leap in Security Intelligence
Raffael Marty (Chief Research and Intelligence Officer, Forcepoint)
We need a paradigm shift in security. After spending trillions of dollars to keep external attackers at bay, we still don't see an end to the cat and mouse game between attackers and the security industry; zero day attacks, new vulnerabilities, ever increasingly sophisticated attacks, etc We need to expand the concept of threat intelligence and indicators of compromise (IOCs). Effective cyber security needs to understand behaviors (IOBs); those of devices and those of humans in order to help us move left of breach to identify bad actors early and provide a necessary building block for zero trust access to resources (a superset of ZTNA).

10:35am - 11:10am
Practical Solutions for Securing Your Cloud Services

Jim Reavis (Co-founder and CEO, Cloud Security Alliance)
Enterprises are moving more and more of their critical data into cloud services and applications. But how can you be sure that your data is safe from potential attacks or data leaks? In this session, attendees will learn about the latest threats to cloud services, and how to work with their service providers to ensure that their critical information is secure.

11:10am - 11:20am
Break

11:20am - 12:00pm
Lunch and Live Discussion
The Live Discussion session offers audience members an opportunity to participate in a live, moderated Zoom discussion in which they can safely share problems and challenges. Each discussion will center around a broad theme to help keep the conversation focused; attendees may choose which discussion they would like to attend. All sessions will be conducted under the Chatham House Rule, in which attendees agree that the content of the meeting may be shared, but the identities of the speakers are to remain anonymous. 

Topic 1: Technologies That Make a Difference
In this session, attendees will discuss the security technologies and processes that have been most effective in their organizations, as well as technologies that don’t live up to their promises. Attendees will get recommendations from their colleagues on the latest and most effective tools, as well as suggestions on which products to stay away from.

Topic 2: Hiring and Managing Security Staff and Skills
In this session, attendees will discuss their efforts to find, train, and manage cybersecurity staff. Attendees will share successes and failures in finding the right people, keeping staff trained on the latest threats and vulnerabilities, and managing security teams and skill sets to achieve the highest possible level of effectiveness.

12:05pm - 12:40pm
Authentication: From Identifying Your Users to Trusting Your Users

Gal Shachor (Distinguished Engineer, CTO Trusted Identity, IBM)
Jose Rodriguez (Senior Software Engineer, IBM)

Identity and access management (IAM) systems have authenticated users using credentials for decades. But approaches to IAM are changing rapidly. In this session, we discuss what a next-generation IAM architecture can look like and how organizations are approaching the IAM challenge in real life.

12:45pm - 1:00pm
Sponsor Lightning Talk

1:00pm - 1:15pm
Break

1:15pm - 1:50pm
How Hackers Attack Your Mobile Apps

Scott King (Director of Embedded Security, Zimperium)
Securing apps against attacks and manipulations is a full-time job. It is a full-time job since cybercriminals engage in hacking 24 hours a day to find innovative attack methods to uncover mobile app secrets and private user data. To defend against constant attacks, application developers must implement security throughout the entire app development lifecycle to secure data and limit risk but at a low cost to the user experience.

1:50pm - 2:25pm
Making Applications Secure in a DevOps World

Brad Causey (CEO, Zero Day Consulting)
For most organizations, applications are the core of the business. But application security vulnerabilities are often overlooked, both by software manufacturers and by internal app development teams. What steps can your organization take to find and repair application vulnerabilities – before your attackers discover them? And how can build security into your own app development processes? A top applications security expert discusses these critical issues

2:25pm - 3:00pm
Third Party Risk Management: War Stories and Best Practices

Tony Howlett (CISO, SecureLink)
As enterprises expand their outsourcing programs, they increase third-party access to critical infrastructure and privileged accounts. This trend is creating a vendor access "tsunami," as the average enterprise now has 67 vendors that access their networks and systems on a regular basis. Managing all these entities in a secure and compliant way is becoming harder and harder. In this talk, we will discuss emerging best practices for managing third party risk in a manner that is both secure and efficient.

Oct. 6: You've Been Breached! (Times in PT)

9:00am - 9:10am
Opening Remarks 

9:10am - 9:45am
The Impact of a Data Breach
Suzanne Widup (Sr. Principal – Threat Intel, Verizon Enterprise Solutions)
To understand the cyber risk your organization faces, you need to understand the likelihood of a breach – and its potential cost. In this session, a top expert discusses the many – and sometimes hidden – costs of a data breach, including its impact on customers and end users. You'll also get insight on the frequency of data breaches, and a better understanding of how likely it is to happen to you.

9:45am - 10:20am
Building a Security Operations Program

Roselle Safran (Founder and CEO, KeyCaliber)
No matter what your industry or company size, you need an operations plan for security: the people, tools, and processes you'll need to manage an ongoing array of cyber threats and vulnerabilities. In this session, an experienced leader in security operations discusses the latest technology and best practices for security operations, and how enterprises are implementing them.

10:20am - 10:35am
Sponsor Lightning Talk

10:35am - 11:10am
How to Know When You've Been Compromised

Paul Kurtz (Founder and CEO, TruStar)
Data breach experts say many enterprises don't detect compromises until they are discovered by a third party, such as a trading partner or a law enforcement agency. What's more, many enterprises may take weeks or even months to detect a well-hidden exploit. This session offers tips and recommendations on how to shorten the time between an attacker's initial intrusion and the time that the enterprise detects and responds to it.

11:10am - 11:20am
Break

11:20am - 12:00pm
Lunch and Live Discussion
The Live Discussion session offers audience members an opportunity to participate in a live, moderated Zoom discussion in which they can safely share problems and challenges. Each discussion will center around a broad theme to help keep the conversation focused; attendees may choose which discussion they would like to attend. All sessions will be conducted under the Chatham House Rule, in which attendees agree that the content of the meeting may be shared, but the identities of the speakers are to remain anonymous.

Topic 1:Threats and Threat Actors
In this session, attendees will discuss the cyber attacks and exploits that are most difficult to defend, and the attackers who are most concerning to them. Attendees are encouraged to share information about defenses that work against these attacks, and methods for blocking or frustrating the attacker.

Topic 2: Managing Cyber Compromises
In this session, attendees will discuss their practices and processes when a data compromise occurs. Attendees will discuss the most effective steps to take following a breach, incident response practices, breach simulation exercises, and how to get up and running quickly following a data compromise.

12:05pm - 12:40pm
Managing Insider Threats

Maxine Holt (Senior Director of Research, Omdia | Informa Tech)
Not all cyber breaches and compromises are initiated by outside attackers. In some cases, it might be your employees and trusted users who instigate a compromise, either accidentally or maliciously. In this session, we offer a look at the most common, current insider threats and how to mitigate them.

12:45pm - 1:00pm
Sponsor Lightning Talk

1:00-1:15pm
Break

1:15pm - 1:50pm
Hacking Everything – The Dark Side of the Internet of Things
Jeff Crume
 (Distinguished Engineer, CTO IBM Security - North America; IBM Master Inventor, Academy of Technology Member, IBM)
With the Internet of Things (IoT), essentially everything becomes a computer. We know that computers can be hacked. This means that everything can be hacked -- including cars, home appliances, medical devices, and more. This session will give examples of IoT hacks and the consequences of not getting security right as we move to this important new technology.

1:50pm - 2:25pm
Planning and Executing an Effective Incident Response

Yaron Levi (CISO, Blue Cross/Blue Shield of Kansas City)
You've uncovered a compromise of your enterprise's cyber defenses. Now what? This session describes the process of building and triggering an effective incident response process, including the staffing, tools, and planning you'll need in order to limit the damage caused by a cyber compromise.

2:25pm - 3:00pm
Remediating and Retrenching After a Data Breach

Cate Reich, PMP (Cybersecurity Manager, Accenture Security)
After you've identified a compromise, uncovered the extent of the intrusion, and stopped the immediate threat, it's time to assess the damage and repair your defenses. In this session, experts will discuss the lessons learned from a major breach, the steps you should take to evaluate its impact, and the methods you should use to ensure that such a breach never happens again. You'll get insight not only on technology impact, but on issues such as cyber insurance and liability.

Earn ISC(2) Continuing Professional Education Credits (CPEs)

We partner with (ISC)2 to provide credits for Interop. 1 credit is awarded per one hour of security-themed sessions attended, with a maximum of 8 per day. CISSP certification is a globally recognized standard of achievement that confirms an individual's knowledge in the field of information security.

It’s simple: enter your (ISC)2 member number on the Interop registration profile page. If you have already registered for Interop you can log back in to your profile and add it. Following the event, we'll submit your security-themed session attendance to ISC(2) so the credits can be added directly to your account. All educational opportunities offered by the submitter as eligible for CPE credits shall be of the highest  quality, directly related to at least one (1) domain of information security as recognized by (ISC)2.