Supercon 2022

August 11 - 12 ● Glacier Canyon Conference Center at the Wilderness ● Wisconsin Dells, WI


friday, august 12

Attire: Business casual

08:00 – 08:50 BREAKFAST AND DEDICATED TIME WITH VENDORS (Sandstone 8 and Sandstone)

09:00 - 9:30 Chris DeRusha, Federal Chief Information Security Office, Office of Management and Budget (Virtual presentation) - (Sandstone)

In January 2021, Chris DeRusha was appointed as the Federal Chief Information Security Officer in the Office of Management and Budget (OMB), Office of the Federal Chief Information Officer (OFCIO). Before coming back to federal government, DeRusha served as the Chief Information Security Officer for the Biden for President campaign. Prior to joining the campaign in June 2020, he served as the Chief Security Officer for the State of Michigan. DeRusha has extensive experience managing cybersecurity and critical infrastructure programs and operations both in the public and private sectors. DeRusha led Ford Motor Company’s Enterprise Vulnerability Management program and has over eight years of Federal Government experience working both at the Office of Management and Budget and the U.S. Department of Homeland Security. He holds a Master’s in Security Studies from Columbia University and a Bachelor’s in Business Administration from James Madison University

09:30 - 09:45 BREAK


Introduction to modernizing your identity security (Tundra AB)

Presented by Grant Jones - CyberArk

the mitre att&ck framework and your pentest (Tundra CD)

Presented by Thomas Freeman - Sikich LLP

Everyone is talking about the MITRE ATT&CK® Framework. Auditors are encouraging you to align your controls and testing against it. But where do you start? In this presentation we will briefly introduce the MITRE ATT&CK® Framework and then consider how you can use it to guide your pentest, identify your gaps using the adversary tactics and techniques and streamline your remediation efforts.


Everything is on fire! What to do in the first hour of a cyber breach (Tundra AB)

Presented by Kevin Bong - Director - Sikich LLP

Cyber breaches continue to become more common, and there are many incident response firms that can help with incident response, containment and recovery activities. However, for most organizations, it is unlikely that they'll have an incident response firm working side by side with them immediately upon discovering a breach. The first hour after discovering a breach is critical, and there are key activities that can be performed to "stop the bleeding." There are also commonly made mistakes that can negatively impact efforts to contain, investigate and recover from a breach. In this talk, Kevin Bong will provide details from real-world investigations of ransomware attacks, electronic payment fraud attacks and card data breaches to illustrate the most important things to do and avoid when first discovering a suspected cyber breach or security incident.

modern device and identity management - the gateway to zero trust (Tundra CD)

Presented by Andy Jaw - Microsoft

We have been hearing about zero-trust for years but how do you start to move your organization towards that goal? It starts with modern device management and identity management.

This session will talk about the key concepts and benefits of modern management and how to begin your transition from traditional Active Directory and domain joined devices to the cloud and Azure Active Directory joined devices.

We will demonstrate why modern management is both necessary for security in a zero-trust model and for agility in a post- COVID world for user productivity. You'll learn about the difference between device identity and user identity and why it matters when it comes to managing devices and user experience.

If you're hesitant on moving to the cloud or unsure of where to begin your zero-trust journey, this is the session for you.


Box lunch will be provided