Event Schedule

Please see the final schedule for the 2020 Virtual IT Security & Risk Symposium, including presentation abstracts.

All times are in Atlantic Time Zone (AST).

  • Day 1 November 2, 2020
  • Day 2 November 3, 2020
  • Virtual Sessions
10:00 AM - 10:45 AMOpening Keynote – From 9/11 to Crypto: The Evolution of Risk By Erin O’LoughlinFormer CIA Operations Officer

For the last nine years I have worked inside the financial crimes/compliance industry in a variety of roles. I have completed two (+) years as the Senior Manager for the Cyber Intelligence Unit at Western Union, identifying risk on the TOR network (dark web markets), not otherwise caught by transaction monitoring.
Prior to Western Union, I spent five years with Bank of America serving as a fraud intelligence analyst and then as an anti-money laundering investigator within the terrorist financing group of Bank of America.

While at BofA I closed over 2,000 suspected money laundering cases and worked closely with law enforcement to service grand jury subpoenas and special law enforcement requests. I obtained my Certified Anti Money Laundering Specialist (CAMS) title in 2015.

Prior to entering the private sector, I served in the Central Intelligence Agency for ten years. I was posted in both overseas and domestic positions, specializing in Counter Terrorism, conflict resolution, mediation, and due diligence. I worked in both independent and group scenarios, in any environment. I served in multiple active war zones and developed a robust understanding of terrorist tactics as well as an understanding of the Diplomatic landscape in any given region.

Specialties: Conflict resolution, mediation, due diligence, Security, government liaison.

11:00 AM - 11:45 AMApplication Developers, What your IR Team Wishes You Knew By David BiancoPrincipal Engineer, Cybersecurity, Target

David has more than 20 years of experience in the information security field, with a particular focus on incident detection and response.  He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of detection planning, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net).  You can follow him on Twitter as @DavidJBianco or subscribe to his blog, “Enterprise Detection & Response” (http://detect-respond.blogspot.com).

12:00 PM - 12:45 PMVirtual Lunch By TBDTBD

TBD

13:00 PM - 13:45 PMSo Happy Together: Making the promise of DevSecOps a reality By Alyssa MillerApplication Security Advocate, Snyk

It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep DevSecOps culture from becoming a reality. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share evidence that organizations are still failing to mature their processes in order to achieve the ideals of a shared responsibility culture. Through her analysis, Alyssa identifies tangible, practical actions that organizations can take immediately to begin improving collaboration and enablement within the DevSecOps pipeline. Alyssa will demonstrate what steps can be taken to create mutual enablement between Development, Security, and Operations disciplines. Finally, Alyssa delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be cultivated and extended into the broader business.

 

About the Speaker

Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs. She speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level security program strategies, to issues within the security community itself. She is a member of the Board of Directors for Women of Security (WoSEC), an Advisory Board member for Blue Team Con in Chicago, and she current works as an Application Security Advocate for London-based Snyk Ltd.

14:00 PM - 14:45 PMPerforming Like a Cybersecurity Athlete By Chris CochranDirector of Security Engineering, Marqeta Inc.

Chris Cochran is the Director of Security Engineering for a financial technology company headquartered in Silicon Valley and host of the popular Hacker Valley Studio podcast. Chris is former active duty US Marine Intelligence. He has dedicated his career to building and leading advanced cybersecurity capabilities for organizations across different industries. Chris has made it his personal mission to motivate and empower cybersecurity professionals and teams through coaching, his podcast, and speaking engagements.

15:00 PM - 15:45 PMLessons Learned from Getting Hacked on Purpose By Mike WylieDirector of Cybersecurity Services, Richey May Technology Solutions

Hopefully you’ll never experience the chaos, panic, and the costly business impact of being hacked. As a recovering ethical hacker and now a blue teamer/Director of Cybersecurity, I have both caused panic and been the trusted advisor to businesses and government entities after a breach. This talk will share some of the costly mistakes of being unprepared for a breach and what I learned on my journey to intentionally get hacked. Both technical and entertaining, this talk will make you go back to work wanting to make some serious tweaks to your runbooks.

 

About the Speaker

Michael Wylie, MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of Defense, DEFCON, Universities, and for clients around the world. Michael is the winner of numerous SANS challenge coins and holds the following credentials: CISSP, CCNA R&S, CCNA CyberOps, GMON, GPEN, TPN, CEH, CEI, VCP-DCV, CHPA, PenTest+, Security+, Project+, and more. Twitter: @TheMikeWylie.

16:00 PM - 16:15 PMDay 1 Closing By Peter MorinEvent Chair

TBD

  • Virtual Sessions
10:00 AM - 10:45 AMOpening Keynote – Data: Values to Value By Michelle Finneran DennedyCEO, DrumWave

Data: Values to Value

In this talk we will enter the booming data privacy marketplace. How protection of data assets that describe people can protect your business and, perhaps, accelerate into the “new” post pandemic world.

 

About the Speaker

Michelle Finneran Dennedy currently serves as Chief Executive Officer at Drumwave. She has a passion for developing software for business people, data scientists, analysts, students, all kinds of surfers – and you. Before working at Drumwave, Michelle was a VP and Chief Privacy Officer at Cisco. She was responsible for the development and implementation of the organization’s data privacy policies and practices, working across business groups to drive data privacy excellence across the security continuum.

11:00 AM - 11:45 AMCrimeware: A Bigger Threat than Nation States By Brandon LeveneCrimeware Inquisitor, Google

Brandon is the lead cyber crime researcher for Google Cloud’s research team, Uppercase. He is responsible for identification, tracking, and countermeasures for all financially motivated threat actors: from targeted to commodity. He is also responsible for strategic level advisory on policies to thwart cyber crime. He is a former SOC Analyst and founding member of multiple Incident Handler, Incident Response, and Threat Research Organizations. Brandon has been a speaker and teacher at multiple international conferences and other, invite only, blue team events and published multiple threat focused publications. Prior to Google (Chronicle) he was a founding member of threat organizations at Salesforce.com and Palo Alto Networks.

12:00 PM - 12:45 PMVirtual Lunch

TBD

13:00 PM - 13:45 PMWomen in Cyber Round-table – ISACA SheLeadsTech By Alyssa Miller, Anna Manley, Ursula Cowan, Kim Lamoureux, Melissa SariffodeenModerator: Dominique West

ISACA’s SheLeadsTech program seeks to increase the representation of women in technology leadership roles and the tech workforce. We are proud to support this amazing program, bringing a number of cyber security experts to discuss women and the cyber security industry.

Women in Cyber Panel

Alyssa Miller – Application Security Advocate, Snyk

Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs. She speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level security program strategies, to issues within the security community itself. She is a member of the Board of Directors for Women of Security (WoSEC), an Advisory Board member for Blue Team Con in Chicago, and she current works as an Application Security Advocate for London-based Snyk Ltd.

Anna Manley – Principal Lawyer at Manley Law Inc.

Anna Manley is an internet and privacy lawyer based in Sydney, NS. She is the principal lawyer at Manley Law Inc. and founder and CEO of Advocate Cognitive Technologies Inc.

Kim Lamoureux – Senior Security Analyst, PlayStation

Kim Lamoureux has over 7 years experience leading Sony PlayStation’s Level 1 PCI assessment, both as an external consultant and eventually joining Sony full time.

Over the past 15 years, Kim has managed multiple engagements across industries including risk management, compliance, and audit. In her spare time, she actively participates in multiple cybersecurity inclusionary efforts, including cybersecurity and privacy for children. Kim was nominated and lead the ISACA San Diego Chapter as its acting president from 2017 to 2018.

Kim has given talks at the Diana Initiative and twice at the ISACA Los Angeles Conference, and is also a volunteer CFP reviewer for the Usenix Enigma conference. Though she has a degree in biochemistry, her passion lies in cybersecurity and the intersection of payment system protection and commerce.

Ursula Cowan – Senior Threat Research Analyst, Mandiant Security Validation

Ursula Cowan, is a Senior Threat Research Analyst at Mandiant Security Validation (a FireEye Company), focusing on researching adversaries’ tactics, techniques, and procedures (TTPs), breaking them down to the smallest behaviors, for the purpose of replicating them within the Mandiant Security Validation Platform.

Ursula’s career started as a police detective investigating cyber-crime, death, and online exploitation. She later added computer forensics examiner to her list of job duties. Her training in computer forensics was at the U.S. Secret Service’s National Computer Forensic Institute (NCFI), she also holds a Bachelor of Science in Applied Psychology from the Florida Institute of Technology, and a Master of Science in Digital Forensics from the University of Central Florida.

Melissa Sariffodeen – Co-Founder & CEO at Canada Learning Code

I’m Melissa and I’m a fierce advocate for providing Canadians (especially women and youth) the critical skills, confidence and opportunities they need to become passionate builders – not just consumers of technology and to inspire everyone to leverage and build technology that has the power to truly change the world. And, I’m making that happen with an amazing team across the country at Canada Learning Code.

Since 2011, we have taught over 80,000 Canadians code through one of our programs and we’re just getting started. Our goal is to provide 10,000,000 technology learning experiences to Canadians over the next ten years through our programs Ladies Learning Code, Girls Learning Code, Kids Learning Code, Teens Learning Code and Teachers Learning Code.

Through program design and delivery (like the code:mobile – a travelling computer lab roadtrip across Canada), strategic industry and public partnerships, educator training, research, advocacy and awareness Canada Learning Code aims to unify coding education in Canada and drive results

Moderator:

Dominique West – Technical Manager, Datadog

Dominique West is currently a Senior Cloud Security Consultant for a multinational professional services and creator of the Security in Color cyber and cloud security podcast. Achieving her CISSP and Master’s degree in cybersecurity, Dominique is deeply passionate about cloud security & cyber awareness, with 8 years of experience in IT spanning risk, vulnerability, incident and response, cloud transformation & security across the commercial industries. In addition to her professional endeavors she founded a platform, Securityincolor.com, that provides industry news and professional guidance to those aiming to begin to navigate a career in the cloud and cybersecurity space. She also leads the Atlanta chapter of the Women’s Society of Cyberjutsu, a nationwide non-profit with the aim of empowering women in the field of information security. You can find Dominique on all social media platforms (@domyboo), on Linkedin, or directly on her website (http://www.securityincolor.com)

14:00 PM - 14:45 PMGetting to Know Big Iron: How to Really Audit Your Mainframes By Phillip YoungSenior Vice President, Offensive Security, Undisclosed Bank

Philip is a cybersecurity and assurance expert. He has a deep background in IT Security dating back to high school and was able to translate that in to a career in IT risk and security after attaining his degree in computer science.

Prior to joining Visa, Philip worked at Ernst & Young and Grant Thornton as a Sr. IT Auditor conducting IT security process and system reviews for large financial institutions, specializing in Unix, Windows and Legacy systems. He continued this work when he moved over to Visa Inc’s internal audit department bringing his deep technical background to the types of audits typically found within a large, global, tech company. During this time he was applauded for his ability to translate between the business and the technical for management reporting.

In his spare time Philip enjoys exploring security on uncommon systems. As a result he recently devoted himself to raising awareness about the vulnerabilities in systems that are often referred to as ‘Legacy’. To demonstrate some of these platforms weaknesses he’s written multiple tools (available here: https://github.com/mainframed) and given talks at various IT security and hacker conferences around the world including:

• BlackHat USA
• DEFCON
• Shmoocon
• BSidesLV
• Thotcon
• RSA

He has also been invited to speak on multiple podcasts including PaulDotCom, SecuraBit and Eurotrash Security.

Due to this personal endeavor Philip was invited to join the Global Information Security group, within Visa, to create and build the Core Systems Security group. In this role he has:

• Re-written the technical security standards and requirements based on industry standards
• Conducted detailed security assessments of our core platforms
• Re-designed the SSDLC program to appropriately risk rank and assess applications
• Re-wrote penetration testing processes and scope when testing core/commercial systems
• Assessed network segregation
• Designed a program to identify and assess rogue assets

15:00 PM - 15:45 PMMind Games: Using Data to Solve for the Human Element By Masha SedovaCo-Founder, Elevate Security

The security industry’s traditional approach to mitigating human risk is predicated on the assumption that individuals will make the right security decisions if they have enough training and fear of the consequences. Years of security research indicates otherwise. This briefing will share key insights from nearly a dozen security training research studies and analysis of several dozen security behavioral change campaigns to more than 65,000 employees across industries. We will show why traditional training approaches are ineffective in changing behaviors. Instead, our findings highlight techniques such as personal relevance, social proof, leveraging intrinsic motivation, and tight-feedback loops are key factors to reduce human risk. This talk will explain why these behavioral change techniques are found to be most effective. We will then share concrete examples of how security teams can leverage these techniques to effectively reduce human risks such as phishing, malware downloads, and sensitive data handling in their own organizations.

About the Speaker

Masha Sedova is an award winning people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Blackhat, RSA, ISSA, Enigma and SANS.

16:45 PM - 16:15 PMEvent Closing By Peter MorinEvent Chair

TBD