Summit Agenda

AGENDA

CISSP, CLE, and PMP Credits will be available for self-reporting.

Thursday 21 October (Times are in Central Time Zone)
 
TECHNICAL TRACK STRATEGIC TRACK
 
9:00 AM – 10:00 AM Networking Coffee with Conversation Starters
 
10:00 AM – 10:50 AM Keynote - Threat Intelligence
 
10:50 AM – 11:00 AM Break
 
11:00 AM – 12:00 PM Network Segmentation - Micro-Segmentation a Real-World Experience
Clients asking you to segment your systems? How do you do that, do you use traditional hardware firewalls, or the MS Windows firewall? Segmentation is a difficult undertaking. Guardicore is a segmentation company disrupting the legacy firewall market. Their software-only approach is decoupled from the physical network, providing a faster alternative to physical firewalls. Built for the agile enterprise, we offer greater security and visibility in the cloud, data-center and endpoint.
Adaptive Security: Can Microsoft 365 Compliance & Security Tools Meet Security Mandates of the Legal Sector?
Explore what combination of technology and process can evolve information governance in law firms to move from hindsight to foresight, while improving both governance and access to knowledge. The key focus is: Can Microsoft Information Protection be applied to a project-centric organization? Because the creation and management of ethical walls and information access barriers is a mature application category, products like Intapp Walls, Prosperoware CAM, iManage SPM, Worldox and NetDocuments Protect have coalesced around a standard approach using meta data to apply security. Adaptive Security is a proposed framework using Microsoft 365 information labels and machine assisted classifiers to dynamically evaluate access controls in the context of the user, the label, the meta data and a machine derived classification.
 
12:00 PM – 1:00 PM Lunch Break
 
1:00 PM – 2:00 PM Developing a Cloud Governance Strategy Framework
This presentation will explain how law firms can design a standards-based cloud governance framework to facilitate and organize the migration to and management of cloud services. Additionally, it will provide an overview of the six key principles of cloud governance and their practical application to law firms expanding their use of cloud services.
Recovering from Disaster: What Happens after a Ransomware Attack
Businesses are often facing two decisions after ransomware - to pay or not to pay. If you pay, adversary's provide the decryption key but back to business is not a flip of the switch. If you choose not to pay, restoring and rebuilding begins immediately. What strategy are you going take? Have you through through the pros and cons of each?
 
2:00 PM – 2:30 PM Break
 
2:30 PM – 4:30 PM Workshop: Incident Management
In this workshop, we will use the popular Backdoors and Breaches card game, from BlackHills Infosec, to facilitate interactive sessions focused on a series of incident related topical tabletops and to learn attack tactics, tools, and methods. This can be done in small teams and competitively or as a single larger team. The format will be interaction and group feedback.

52 unique cards will be used to cover the following topics (cards per topic); • (10) Initial Compromise
• (7) Pivot and Escalate
• (9) Persistence
• (6) C2 and Exfil
• (10) Procedures
• (10) Injects
 
4:30 PM Wrap Up
 
4:45 PM Women in Security Networking Reception
 
Friday 22 October (Times are in Central Time Zone)
 
TECHNICAL TRACK STRATEGIC TRACK
 
9:30 AM – 10:00 AM Networking Coffee with Conversation Starters
 
10:00 AM – 11:00 AM Security Awareness - Metrics Drive Overall Maturity
A technical session discussing the information garnered from technology tools of a security program and how they tie to advancing and maturing the security awareness of end users. Measuring human behavior and the overall security awareness acumen of your end users is a daunting task. This session will cover the use of various technical controls to gain metrics and, more importantly, how to use those metrics to drive overall maturity of your program and the security awareness of your end users. We will discuss how this gathered information can drive policy maturity, help spot holes in your security posture, and even assist in dealing with repeat offenders (at all levels of the firm).
Real World Zero Trust - Eating the Elephant One Bite at a Time
Getting to Zero Trust is hard. It requires a LOT of knowledge about how every application, endpoint, appliance, etc. behaves in order to do it's job without any unnecessary access. This is something that's difficult for large and small firms alike. What practical options are there for taking this one piece at a time and working to better but not perfect? What tools, scanners, scripts, network monitors, etc. will help you understand what your applications need? Where do you get the biggest return on your time and where do those returns begin to diminish?
 
11:00 AM – 11:15 AM Break
 
11:15 AM – 12:30 PM What's Going On? Current Threats and Vulnerabilities
2021 has brought about many highly impactful threats and vulnerabilities. Keeping current on such vulnerabilities can be daunting for the lone Security Professional. Sometimes it can feel like your head is spinning with the pace of such discoveries being publicly disclosed. This topic will bring awareness to prominent vulnerabilities across many technologies (Windows Domain, VPN, Email, MDM, SFTP, Supply Chain, etc.)
The 3Ps of Third Party Risk: Prevention, Policies, Promises
The recent attacks on Solar Winds, Microsoft and Kaseya are a reminder that criminals target law firms by compromising their supply chain. And while the attacks mount up, many firms lack supply chain risk policies, and nearly half of them have experienced a significant breach caused by a vendor. Why? Managing partners don’t make vendor risk a priority or are too trusting. Learn from 600 IT and security leaders about top concerns around supply chain and the policies or procedures used to mitigate risks. Explore lessons learned from vendor breaches that avoided headlines, but caused operational havoc and headaches. Learn to engage board members and executives to secure resources, build a due diligence package, create contracts that mandate security requirements, reduce human error, indemnify your firm, and define breach response.
 
12:30 PM – 1:30 PM Lunch Break
 
1:30 PM – 3:30 PM Workshop: How to Secure Your Hybrid Work Force
At the start of the pandemic many people struggled with enabling their work force to work from home. In the early days, compromises were made in the interest of public health and supply chain issues. In many cases, firms did not circle back and try to address those compromises thinking that this situation is only temporary. Hybrid work forces are now here to stay. Now that the proverbial security cat is out of the bag, how can we go about putting it back in.
 
3:30 PM Wrap Up