This class focuses on the "purple team" approach which focuses on attacking and working on building detections based on the attacks applied. Participants will be provided with everything they need to understand how to conduct attacks as well as how to best detect them in a large environment. This class will go through the tactics, techniques, and procedures (TTPs) of attacks while building knowledge around how to write rules that focus on the behavior exhibited by them to better refine detections within an organization.

Instructors:
Ben Mauch, Managing Director, TrustedSec
Mike Spitzer, Senior Security Consultant, TrustedSec

Workshop description coming soon!

This class focuses on the "purple team" approach which focuses on attacking and working on building detections based on the attacks applied. Participants will be provided with everything they need to understand how to conduct attacks as well as how to best detect them in a large environment. This class will go through the tactics, techniques, and procedures (TTPs) of attacks while building knowledge around how to write rules that focus on the behavior exhibited by them to better refine detections within an organization.

Instructors:
Ben Mauch, Managing Director, TrustedSec
Mike Spitzer, Senior Security Consultant, TrustedSec

This Workshop provides attendees insight into the operations of the board of directors and real-world examples of how to communicate with their senior management and their board. A demonstration of tools and techniques for communicating complex technical issues to non-techies in the jargon businesses use to communicate will be offered. This Workshop provides insight into how a corporation functions and how their organization and the various departments in organizations operate in relation to the technology and cybersecurity team. Participants will also get a healthy dose of cybersecurity operations through the lens of senior management and the board.

Instructor:
Gordon Rudd, CEO, Stone Creek Coaching

What makes a great tabletop exercise? Many organizations run a tabletop exercise to check a box for compliance standards but don’t maximize the value of the time spent. Often, they don’t engage the audience or force them to think enough about the problem to find areas of improvement. Further, they assume their decisions will always work during the exercise. In this workshop, we will not only discuss how to build a tabletop exercise that addresses real risk for an organization but how to make it fun and engaging for teams at all levels of an organization. The workshop will introduce attendees to the Cubicles and Compromises format as well as add new advanced elements. You will create a company with a budget, controls, and limitations then test those controls against a current real-world issue. You’ll roll dice, things won’t go as planned, and you’ll learn to what makes for a great tabletop exercise you can take back and use at your organization.

Instructor:
Ean Meyer, Director of Security Education and Community, Black Hills Information Security

You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods (including some analysis wizardry with R) to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers.

Instructor:
Kristy Westphal, VP Security Operations, HealthEquity

In this workshop you will learn how-to build and refine your knowledge, skill, and capability to hunt for threats against enterprise cloud deployments. Through examples and practical exercises using AWS you will learn how to identify malicious activity, detect threats, and protect cloud native application architectures. We go beyond the traditional approach of examining network traffic and system logs to take a deep dive into layer 7 traffic that is associated with application microservices. Through practical hands-on training you will learn advanced techniques that can be applied to detecting attacks against:

Kubernetes microservices, serverless functions, API gateways and mobile API endpoints.

We will also threat hunt for supply chain and insiders threats against CI/CD pipelines.

Instructor:
Richard Tychansky, Security Researcher, Identity Dynamics Corp.

The half-day workshop will provide participants with an introduction to data science and machine learning as well as demonstrate how these disciplines can be applied to cybersecurity. Attendees will receive classroom instruction and complete hands-on labs that exhibit application of data science to malware analysis, netflow analysis, and digital forensics. The outcome is that information security professionals will gain an appreciation and understanding of ways data science can enhance cybersecurity initiatives.

Instructor:
Thomas Scanlon, Technical Program Manager, CERT Data Science, Software Engineering Institute, Carnegie Mellon University

Gain an understanding of SOC reporting and the intended purpose of those reports. Learn why SOC reports matter, major considerations, and the most common factors and considerations for selecting the correct SOC reporting brand.

Learning Objectives:
• Identify the assurance gap the SOC reporting brands are intended to close
• Identify the primary participants and users of SOC reporting
• Understand the SOC reporting brands available
• Understand the primary similarities and differences across the five (5) SOC reporting brands
• Identify the components, major scoping aspects and primary use cases for each report

Instructor:
Ryan Buckner, Principal and Chief Knowledge Officer, Schellman

This Workshop will be conducted by the security team responsible for the zero trust strategy and implementation at two Fortune 500 global enterprises, Adobe and Cisco, serving over 150,000 users. Instead of diving into specific vendors and products, we will break down Zero Trust into its fundamental technical components and show attendees how to connect them together to protect corporate assets and prevent lateral movement.

The Workshop will begin by covering the security & business benefits of deploying a Zero Trust Network Access (ZTNA) architecture in an organization. We’ll then spend the majority of the time focusing on breaking down all of the core components of a Zero Trust deployment, and how the pieces all work together. Finally, we’ll have a hands-on workshop using both commercial (Banyan Security) and open-source resources so attendees can create their own personalized Zero Trust demo environment.

Instructor:
Matt Schiller, Senior Software Engineer, Banyan Security

Summit description coming soon!

Summit description coming soon!

Summit description coming soon!