|
Friday 22 October (Times are in Central Time Zone) |
|
|
TECHNICAL TRACK |
STRATEGIC TRACK |
|
9:30 AM – 10:00 AM |
Networking Coffee with Conversation Starters |
|
10:00 AM – 11:00 AM |
Security Awareness - Metrics Drive Overall Maturity A technical session discussing the information garnered from technology tools of a security program and how they tie to advancing and maturing the security awareness of end users. Measuring human behavior and the overall security awareness acumen of your end users is a daunting task. This session will cover the use of various technical controls to gain metrics and, more importantly, how to use those metrics to drive overall maturity of your program and the security awareness of your end users. We will discuss how this gathered information can drive policy maturity, help spot holes in your security posture, and even assist in dealing with repeat offenders (at all levels of the firm). |
Real World Zero Trust - Eating the Elephant One Bite at a Time Getting to Zero Trust is hard. It requires a LOT of knowledge about how every application, endpoint, appliance, etc. behaves in order to do it's job without any unnecessary access. This is something that's difficult for large and small firms alike. What practical options are there for taking this one piece at a time and working to better but not perfect? What tools, scanners, scripts, network monitors, etc. will help you understand what your applications need? Where do you get the biggest return on your time and where do those returns begin to diminish? |
|
11:00 AM – 11:15 AM |
Break |
|
11:15 AM – 12:30 PM |
What's Going On? Current Threats and Vulnerabilities 2021 has brought about many highly impactful threats and vulnerabilities. Keeping current on such vulnerabilities can be daunting for the lone Security Professional. Sometimes it can feel like your head is spinning with the pace of such discoveries being publicly disclosed. This topic will bring awareness to prominent vulnerabilities across many technologies (Windows Domain, VPN, Email, MDM, SFTP, Supply Chain, etc.) |
The 3Ps of Third Party Risk: Prevention, Policies, Promises The recent attacks on Solar Winds, Microsoft and Kaseya are a reminder that criminals target law firms by compromising their supply chain. And while the attacks mount up, many firms lack supply chain risk policies, and nearly half of them have experienced a significant breach caused by a vendor. Why? Managing partners don’t make vendor risk a priority or are too trusting. Learn from 600 IT and security leaders about top concerns around supply chain and the policies or procedures used to mitigate risks. Explore lessons learned from vendor breaches that avoided headlines, but caused operational havoc and headaches. Learn to engage board members and executives to secure resources, build a due diligence package, create contracts that mandate security requirements, reduce human error, indemnify your firm, and define breach response. |
|
12:30 PM – 1:30 PM |
Lunch Break |
|
1:30 PM – 3:30 PM |
Workshop: How to Secure Your Hybrid Work Force At the start of the pandemic many people struggled with enabling their work force to work from home. In the early days, compromises were made in the interest of public health and supply chain issues. In many cases, firms did not circle back and try to address those compromises thinking that this situation is only temporary. Hybrid work forces are now here to stay. Now that the proverbial security cat is out of the bag, how can we go about putting it back in. |
|
3:30 PM |
Wrap Up |
|