Protecting wisconsin's critical infrastructure
October 5 & 6 ● Virtual and at the Osthoff Resort, Elkhart Lake
Welcome to InfraGard Wisconsin’s SuperCon 2020 virtual conference! We are pleased to have you with us. Many hours have gone into planning this conference so that you receive maximum benefit from your time.
This two day event will provide plenty of opportunities to hear from industry experts and use the knowledge to protect Wisconsin’s critical infrastructure.
tuesday, October 6
08:00 – 08:15 OPENING REMARKS
08:15 - 09:45 panel discussion
Scott Augenbaum will host a panel of former FBI Agents and industry executives for a discussion on safeguarding your business.
Vicki Tandeski - CIO - Ariens
Dena Bauckman - VP Product Management - Zix
Matt Dunn - Associate Managing Director - Kroll Cyber Risk
Jason Powell - CISO - Brookdale Healthcare
The panel will discuss:
Where many companies and individuals are most vulnerable.
Tips for ensuring effective modern workplace security.
Managing a resilience plan for your organization
09:45 - 10:00 BREAK
10:00 - 10:30 check point
What Archeology Teaches us about Protecting Wisconsin’s Critical Infrastructure presented by Edwin R. Doyle (Cyber Security Evangelist)
Albert Einstein said, we can't solve problems by using the same kind of thinking we used when we created them.
By the time you’ve heard this engaging talk by Eddie Doyle, you’ll think different. And when you see problems with new eyes, a whole new world will open up opportunities & unknown solutions will appear before you, transforming your challenges into an array of options.
Unafraid to fire moonshots, nor to avoid addressing sensitive subject matter, Eddie will be sure to provoke an authentic, respectful dialogue, with a goal to upgrade our thinking & protect our colleagues & friends from cyber attack.Come learn what a new 15,000 year history of human civilization teaches us about the evolution of cyber space & how we can invest less to create a full security prevention architecture in this brave new world.
-- -- -- -- -- --
Edwin communicates with international leaders in cyber security, cyber forensics and cyber law enforcement, across the world. Taking best-practices for threat mitigation from the industry’s finest CISOs and from police and military cyber command, Edwin’s responsibilities include sharing cyber defense tactics with media, government agencies and enterprise corporations, via keynotes, panel discussions & as the editor of the blog CyberTalk.org Edwin’s unconventional background in education allows him to clearly explain technical topics to a diverse audience. With over 20 years of cyber security experience, Edwin holds a unique understanding of the security risks and challenges that organizations must overcome.
-- -- -- -- -- --
For inquiries about Check Point contact Kacey Darling, Marketing Manager -- firstname.lastname@example.org -- 612.401.2426
10:30 - 11:00 Cyberark
Securing Modern Privileged Identity—Without Breaking Stuff presented by Brandon Traffanstedt (Global Director for the Southeast)
The world is changing — automation, the proliferation of endpoints and more remote users equals increased attacks of opportunity. Contrast this with something that hasn’t changed—attackers’ cravings for powerful access and you have exactly why a robust Privileged Access Management program has become more important than ever. It’s never been more important to ensure that there is secure and scalable access to the privileged accounts that your teams need. In this session from CyberArk, you’ll hear why privileged identities are so important and how the approach to Privileged Access Management is evolving to respond to modern challenges without creating angry end users.
For inquiries about CyberArk contact Amy Ramsey, Account Executive-Midwest -- Amy.Ramsey@cyberark.com
11:00 - 11:15 BREAK
11:15 - 12:45 chris roberts
"Security Awareness Through the Eyes of a Great Dane" presented by Chris Roberts
Our current approach to awareness training has failed. To expect people to retain data for 12 months you’ve taught them for 30 minutes is irresponsible. To expect them to safeguard YOUR enterprise without understanding their own safety is negligent… We need to take a step back, re-evaluate HOW we approach training, SAFETY and security.
Curiosity killed the cat, but in OUR world, that’s the job of an OSINT analyst.
Speaking of cats, plan ahead, they are faster and more agile… think BEFORE acting
Puppy eyes, drool AND sideways looks work…social engineering IS a good skill to understand
Try everything at least once, even if it means sticking your head in the trashcan…
Always be upfront, that way there’s no miscommunication
If at first you fail, try again; eventually you will get the chew toy on top of the bookcase.
Never underestimate the need for a good hug
Nothing is forever; live every moment as if it were your last.
These lessons and more will be covered, dissected AND related to us as humans and us as tech folks
Since the late 90’s Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against various types of attack.
He’s considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. He’s also getting a name for himself in the transportation arena, basically anything with wings, wheels, tracks, tyres, fins, props or paddles has been the target for research for the last 10-15 years…to interesting effect.
Chris is regularly featured in national newspapers, television news, industry publications and several documentaries (CNN, The Washington Post, WIRED, Business Insider, USA Today, Forbes, Newsweek, BBC News, Wall Street Journal, and numerous others).
...and to jog the memory, Chris is the researcher who gained global attention in 2015 for demonstrating the linkage between various aviation systems, both on the ground and while in the air that allowed the exploitation of attacks against flight control system.
12:45 - 13:00 BREAK
13:00 - 13:30 halock
"Getting to Reasonable - What regulators and judges want to see from every organization" presented by Terry Kurzynski (Senior Partner)
When an interested party comes knocking after a breach, are you prepared to show your security program was reasonable and appropriate? The recently published Duty of Care Risk Analysis standard and related methods are now available for organizations to leverage. Terry Kurzynski, Senior Partner from HALOCK Labs, contributing author of the Center for Internet Security’s Risk Assessment Method (CIS-RAM) and founding Board Member of the DoCRA Council (Duty of Care Risk Analysis), will present the facts on how to prepare your organization for scrutiny from any and all interested parties. Until recently the definition of “Reasonable Controls” and “Acceptable Risk” has been vague and left up to the security and risk practitioners in each organization. Most decisions are made ad hoc leaving the organizations open to fines and class action lawsuits related to an incident. In all breach/incident cases there is always a control or configuration that could have prevented the breach. The regulator, judge, or other interested party wants to understand; “why you did not have that particular control or configuration in place?” Having the calculus to demonstrate your understanding of the foreseeable harm that could come to you and others (outside of the organization) and how you were planning on addressing the reduction of impact or probability is what the interested parties want to see. Are you performing your duty?