This class focuses on the "purple team" approach which focuses on attacking and working on building detections based on the attacks applied. Participants will be provided with everything they need to understand how to conduct attacks as well as how to best detect them in a large environment. This class will go through the tactics, techniques, and procedures (TTPs) of attacks while building knowledge around how to write rules that focus on the behavior exhibited by them to better refine detections within an organization.

“Never trust, always verify”. Zero Trust Architectures have gained undeniable popularity in the last few years. However, questions about how to institute, integrate and manage it remain. This summit will explore different aspects of the Zero Trust framework including design, resilience and threat modeling to build a modern zero trust strategy for your organization.

Sessions Include -

Cyber-Resilience: Managing Cybersecurity as a Predictable Risk

Speaker - Derrick A. Butts, CISSP, ITIL – CEO/ Cyber-Business Transformation Advisor, Continuums Strategies

Many businesses have zero trust goals and aspiration for 2023, but the number of businesses working to achieve this level of security, will be few due to the cost. Zero trust is a portion of a cyber-resilience strategy verses just another piece of technology.

A cyber-resilience strategy incorporates zero-trust methodologies, but it also needs to include updates to business policies, procedures, business continuity planning, enhancing technologies, security risk management, and modified security awareness training. The layering of these tasks will mature your security posture and increase the chances of your data being protected and restorable during and after a cyberattack.

Extending Zero Trust to the User with a Zero Trust Workspace

Speaker - Chalan Aras, Advisory Managing Director, Deloitte & Touche LLP

Implementing Zero Trust principles across an enterprise has accelerated as cyber risks have expanded through remote and third-party users, greater use of SaaS, and acceptance of unmanaged devices for enterprise connectivity.

Past solutions centered around technologies such as VD Infrastructure and Remote Browsers but these tend to compromise UE, can be costly, and depart from familiar software tools.

We will share the concept of a ZT Workspace that brings a large range of identity, posture, and application-based controls to protect data, without the cost current solutions, including the use of off-the-shelf applications that avoid a disruptive change to user experiences.

Zero Trust Threat Modeling

Speaker - Chris Romeo, CISSP, CSSLP – CEO, Kerr Ventures

Zero trust is all the rage. Nevertheless, zero trust has vast implications for AppSec and threat modeling. Zero trust threat modeling means the death of the trust boundary and assumes attackers are in the environment, and data sources and flows can no longer hide.

Apply the concept of zero trust to threat modeling by understanding what changes and considering a threat model of the zero-trust architecture. Explore new design principles in a zero-trust threat model and apply a mnemonic and taxonomy of threats impacting zero-trust applications.

Long live the threat model but say goodbye to the trust boundary.

Zero Trust: Is Everybody a Zero Trust Solution Now?

Speaker - Vincent Romney, CISSP, CCSP – Enterprise Security Architect, Nu Skin Enterprises, Nu Skin Enterprises

Zero Trust is a buzz-phrase like no other! Seemingly every vendor is now a Zero Trust solution, and organizations who've received that "top down" edict to "go Zero Trust" are often at a loss to determine where to spend their precious security dollars. Using NIST 800-207 as our guide, we'll walk through the components of a Zero Trust architecture, and contextualize it against various vendor offerings to bring clarity to the Zero Trust argument.

Information Security requires a strategic, customer-obsessed & enterprise-wide approach but, all too often, organizations are stuck in Groundhog Day. Misunderstanding zero trust and hitting roadblocks causes organizations to optimize for what can be moved forward and call it a win. They show forward progress, but pragmatism only exacerbates the true mess, leading to more tech debt and confusion. We’ll identify key principles in the original Rainbow Series, how to escape Groundhog Day & transform a data-driven foundation into a modern Zero Trust grand strategy that delivers a culturally aligned, security & privacy by design program.

The Zero Trust Application Framework - Building Security without a Perimeter 

Speaker - Nat Bongiovanni, CTO, NTT DATA Federal Services

In this presentation we will discuss Zero Trust Architecture (ZTA) and how to build ZTA applications. We will start with the seven tenets described in NIST SP 800-207 and then show an application framework for building cloud-ready Zero Trust applications. Our presentation will show how the three components of Authentication, Monitoring, and Authorization enable ZTA. We will explore the the concepts and implementation of policy decision and enforcement points as well as all other components of a ZTA. Tying it all together, we will present and example application as described in NIST SP 800-204 a, b, c.

Legal Implications, Issues, and Aspects of Zero Trust Architecture (ZTA)

Speaker - Scott Giordano, Senior AI, Privacy & Cybersecurity Attorney

There are myriad concerns when it comes to planning a executing a Zero Trust Architecture plan. Legal implications such as collecting a processing user data, complying with local and applicable data protection laws (like GDPR) , privacy issues that may involve monitoring user activities and network traffic and cross-boarder data transfers. This session will examine these issues and aspects such as:
-    User consent
-    Data breaches
-    Contract and Agreements
-    Incident response and notifications
-    Compliance with industry-specific regulations

This class focuses on the "purple team" approach which focuses on attacking and working on building detections based on the attacks applied. Participants will be provided with everything they need to understand how to conduct attacks as well as how to best detect them in a large environment. This class will go through the tactics, techniques, and procedures (TTPs) of attacks while building knowledge around how to write rules that focus on the behavior exhibited by them to better refine detections within an organization.

This Workshop provides attendees insight into the operations of the board of directors and real-world examples of how to communicate with their senior management and their board. A demonstration of tools and techniques for communicating complex technical issues to non-techies in the jargon businesses use to communicate will be offered. This Workshop provides insight into how a corporation functions and how their organization and the various departments in organizations operate in relation to the technology and cybersecurity team. Participants will also get a healthy dose of cybersecurity operations through the lens of senior management and the board.

What makes a great tabletop exercise? Many organizations run a tabletop exercise to check a box for compliance standards but don’t maximize the value of the time spent. Often, they don’t engage the audience or force them to think enough about the problem to find areas of improvement. Further, they assume their decisions will always work during the exercise. In this workshop, we will not only discuss how to build a tabletop exercise that addresses real risk for an organization but how to make it fun and engaging for teams at all levels of an organization. The workshop will introduce attendees to the Cubicles and Compromises format as well as add new advanced elements. You will create a company with a budget, controls, and limitations then test those controls against a current real-world issue. You’ll roll dice, things won’t go as planned, and you’ll learn to what makes for a great tabletop exercise you can take back and use at your organization.

You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods (including some analysis wizardry with R) to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers.

In this workshop you will learn how-to build and refine your knowledge, skill, and capability to hunt for threats against enterprise cloud deployments. Through examples and practical exercises using AWS you will learn how to identify malicious activity, detect threats, and protect cloud native application architectures. We go beyond the traditional approach of examining network traffic and system logs to take a deep dive into layer 7 traffic that is associated with application microservices. Through practical hands-on training you will learn advanced techniques that can be applied to detecting attacks against:

Kubernetes microservices, serverless functions, API gateways and mobile API endpoints.

We will also threat hunt for supply chain and insiders threats against CI/CD pipelines.

The half-day workshop will provide participants with an introduction to data science and machine learning as well as demonstrate how these disciplines can be applied to cybersecurity. Attendees will receive classroom instruction and complete hands-on labs that exhibit application of data science to malware analysis, netflow analysis, and digital forensics. The outcome is that information security professionals will gain an appreciation and understanding of ways data science can enhance cybersecurity initiatives.

This one-day workshop, taught by Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI); and InfraGard Member Alliance executives will provide attendees with the knowledge, skills and practical guidance in the following areas: what critical infrastructure protection is; the nature of the physical, cyber, and human (insider) threats; primary stakeholders and their roles and responsibilities; and the tools and resources available to help them better protect U.S. critical infrastructure. Specific topics to be addressed include:

1. What is Critical infrastructure?

2. What are the threats to critical infrastructure? (physical, cyber, human)

3. How did Homeland Security come about and what is Critical Infrastructure Protection?

4. Who is involved in critical infrastructure protection?

5. Who should I have partnerships with to protect the infrastructure(s) I am responsible for?

6. What tools and resources are available to me to help me better protect the infrastructures I am responsible for?

Learning Objectives:
1. Understand what is considered critical infrastructure and the physical, cyber and human threats they face

2. Understand the history of homeland security and critical infrastructure protection and key Federal government legislation and strategies to protect critical infrastructure.

3. Understand the Federal, State, Municipal, and Tribal agencies involved in protecting critical infrastructure, and their roles and responsibilities of those involved in critical infrastructure protection – Who are they? What do they do? When do they get involved?

4. Partnerships and Info Sharing: Understand the importance of partnerships and information sharing for critical infrastructure protection.

5. Gain awareness of the tools and resources available to you as a partner in critical infrastructure protection.

Agenda

9:00am – 9:10am - Introduction, overview and Administrivia

Speakers - Chuck Georgo, INMA Director, Education and Training; Andrew Von Ramin Mapp, President Orlando InfraGard Chapter

9:10am – 9:30am - Opening Keynote - Why is it Important for CISOs and Other Cybersecurity Professionals to Understand the Broader Fundamentals of Critical Infrastructure Protection?

Our Nation's critical infrastructure provides the essential services that underpin American society. Food and agriculture, water, transportation, and the defense industrial base are just a few of the critical infrastructures that are so vital to our Nation that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.

This keynote will present the business need for all CISOs and cybersecurity professionals to take a broader view of their roles and responsibilities, to understand why “critical infrastructure protection” is more than the bits and bytes we manage every day.

To truly contribute to effective “critical infrastructure protection”, we must understand and factor in the physical and human threats and how they enable and/or contribute to disruptions or destruction of the information technology systems that underpin all sixteen critical infrastructures.

Speaker – TBD

9:30am – 10:15am - What is Critical infrastructure and What Threats Does it Face?

This session will teach you about what is considered critical infrastructure, will introduce you to the 16 DHS specified critical infrastructure sectors, and the nature (with examples) of the three kinds of threats to critical infrastructure, as categorized by the NIPP - physical, cyber and human.
It will also teach you about the types of threat actors - state sponsored, hacktivist, activist, , lone actors, etc., and their motivations - financial, ideological, political, religious, etc., for wanting to cause harm to you, your staff, and our infrastructures; you will also learn about a few examples of attacks to our National critical infrastructure and their consequences, across a few different sectors.
Finally, you will be offered some suggestions to help mitigate infrastructure threats, to include:
• The need to have a good risk management process in-place in your organization;
• The need to have good partnerships with public and private sector organizations with responsibilities for critical infrastructure protection; and
• The need to know what resources are available to your organization from the FBI, DHS, CISA, State, etc.

10:30am – 11:00am - Attendee Activity: Critical Infrastructure Protection Self-Assessment

Complete a self-assessment worksheet to assess the completeness of the student’s current infrastructure protection program
Speaker - Vikas Bhatia, Chair, InfraGard National Members Alliance CISO Cross Sector Council); Chuck Georgo, INMA Director, Education and Training

11:00am – 11:45am - How did Homeland Security and Critical Infrastructure Protection Come About?

• U.S. Code Title 18, Chapters 113B and 2339B, defines terrorism and material support to terrorists
• Presidential Decision Directive (PDD), PDD-63 and infrastructure protection pre-Department of Homeland Security (DHS) – establishment of the FBI National Infrastructure Protection Center (NIPC) (May 1998)
• 9/11 Attacks and Establishment of the Department of Homeland Security (Nov 2002)
• Homeland Security Presidential Directive 7 (HSPD-7), Under George W. Bush, the directive establishes a national policy for Federal departments and agencies to identify and prioritize United States critical infrastructure and key resources. (December 2003)
• Presidential Policy Directive (PPD-21) (February 2013), revokes HSPD-7
• DHS National Infrastructure Protection Plan, https://www.cisa.gov/national-infrastructure-protection-plan
• Guide to Critical Infrastructure Security and Resilience, November 2019

Speaker - Billy Sasser, DHS Supervisory Protective Security Advisor (SPSA)

11:45am – 1:00pm – Lunch

1:00pm – 1:45pm - Who is Involved in Critical Infrastructure Protection and Who Should I Have Partnerships with to Protect the Infrastructure(s) I am Responsible for?

• Agencies involved and their roles - Federal Government, State Government, Municipal Government, and Tribal
• What partnerships should you develop? (FBI, DHS, CISA, ISAC, ISAO, other)
• What kind of information should be shared with these partners (two-way)?

Speaker - Billy Sasser, DHS Supervisory Protective Security Advisor (SPSA)

1:45pm – 2:30pm - What Tools and Resources are Available to Help Better Protect the Infrastructures I am Responsible For?

• FBI resources
• DHS resources (PSAs, CSAs, CISA, other)
• InfraGard as a core resource
- Become a member
- Interact with local InfraGard chapter – meetings, training, networking, information sharing
- National education offerings – NISRU webinars, workshops, eLearning

Speaker: Jason Burt, Cybersecurity Advisor, Region IV

2:30pm – 3:00pm – Closing Remarks and Q&A
Speakers – Micheal Ritchie, President, Infragard North Florida (Tallahassee); Chuck Georgo, INMA Director, Education and Training

Cloud Security is complex. Users need to deal with compliance issues, configuration concerns and the convergence and management of public, private and hybrid clouds. There’s also issues around access and, identity and privacy questions to address. This summit will examine many of these issues to help you get the best out of your cloud security strategy.

Cloud Agnostic Security Posture Management (xSPM) Using Zero Trust & Shift Left Principles.

Speaker - Parthasarathi Chakraborty, Associate Vice President - Head of Security Architecture, Engineering & Innovation, Humana Inc.

Managing cloud security posture across application, data and configuration is a daunting task for security practitioners and adding a SaaS variable makes it even more difficult. Industry makes it even more complicated by introducing many buzzing concepts like shift left, zero trust, application/data/cloud/SaaS security posture management etc. This presentation takes a deeper dive into what are these concepts all about, how are they connected and how to ensure a security practitioner can leverage these concepts and implement an architecture that reduces alert fatigue. A reference for CISOs and security executives before making multi-cloud security posture management solution.

Lessons Learned from Building Enterprise Cloud Security Programs

Speaker - Karl Ots, CISSP – Head of Cloud Security, EPAM Systems

In the on-premises world, cybersecurity risks were limited to your organization's network perimeter. In the era of cloud computing, both the impact and likelihood of potential risks are significantly higher. With the corresponding rise of DevOps methodology, security is now the responsibility of everyone who are part of the application development lifecycle, not just security specialists. In this session, we will present lessons learned to build the cloud security program that makes sense for you. The session is based on real-life experiences from implementing cloud security programs in some of the largest enterprises in the world.

Summary: In this session, we will present our lessons learned to build cloud security that makes sense for you. The session is based on real-life experiences from implementing cloud security programs in largest enterprises in the world.

Ransomware Resilience in the Cloud

Speaker - Sonia Sotomayor, CCSP – Cyber Risk Senior Consultant, Deloitte Risk and Financial Advisory

Speaker - Glenn Schneck, Cyber Risk Senior Manager, Deloitte Risk and Financial Advisory

Vulnerabilities and misconfigurations in the cloud environment are majorly exploitable areas; if overlooked by security teams, they are easy entry points for attackers. According to a report published by SecurityWeek, Ransomware scenarios will skyrocket in 2023 due to worsening global economic conditions and the impeding effects on different industries and sectors. Now, more than ever, it is vital for organizations to understand their level of readiness when it comes to Ransomware attacks. Deloitte Advisory has the in-depth experience and security expertise to help organizations reduce risk and limit their attack surface.

Scraping Corporate America and the World: An Adventure in User Enumeration

Speaker - Paul Burkeland – Practice Lead, Cloud Force Team, TrustedSec

Microsoft doesn't consider user enumeration to be a security issue, so it is possible to silently enumerate Azure/M365 users at corporations, educational institutions, and government entities. In the last year I scraped 20 million usernames using a small cohort of machines.

1. We will examine Azure user enumeration methods, username formats, and wordlists.

2. We will explore the data that came out of this Azure census with focus on Fortune 500 companies, large government entities and educational institutions. How widespread is Azure adoption? What organizations are the largest users? What are the most popular username formats, and do they affect scraping coverage?

Two Lies and a Truth: An Angsty Journey to the Cloud

Speaker - Craig Olsen, CISSP – Cybersecurity Architect, Liberty Mutual Insurance

As Liberty Mutual announced the go-live date for having a significant percentage of their infrastructure in the cloud, a stunned cybersecurity architect stared in disbelief. A few years and several lost follicles later, Liberty Mutual presented their automated security governance tool at the 2019 AWS re:Inforce security conference. In retrospect, Craig thought of the game "two truths and a lie," and how the opposite seemed to be true regarding the promise of the public cloud. Listen to the lessons learned and the details surrounding the development of their custom security governance tool and why the built-in tools didn't suffice.