Workshops & Summits
InfoSec World offers a variety of pre- and post-conference Workshops and Summits giving attendees even more tactical and hands-on learning for the opportunity to earn additional CPEs. With our all-inclusive World Pass, you'll save more on registration when you sign up for multiple workshops and summits.
Saturday, September 24
Summit • 9 am - 5 pm
Zero Trust Summit

This summit will explore the Zero Trust framework and the need for users and access requests to be authorized, authenticated and validated before access is granted.

Workshop • 9 am - 5 pm
Adversarial Attacks & Detection-Day 1 (HANDS ON)
Ben Mauch
TrustedSec
Larry Spohn
TrustedSec

This two-day, hands-on workshop is designed for both red and blue teams to give participants a deeper understanding of how offense and defense can work together to refine an organization's security posture. There will be focus on the latest attack techniques and how to build a defense strategy around them. Attendees will learn about the tools and techniques they need to advance their cybersecurity strategy and execution in a way that allows them to have detection, deflection, and deterrence controls for an attack; regardless of an attack's initial vector.

Sunday, September 25
Workshop • 9 am - 5 pm
Ransomware Workshop

From Colonial Pipeline to JBS USA, every sector has seen a rise in ransomware attacks with increasing ransoms. Not only are these ransomware criminals stopping critical operations, they are stealing regulated data that they use to further blackmail their targets. Even when ransoms get paid, these stolen files appear on dark web trading sites, and vulnerability data on the target is often reused by new ransomware operators. Cyber insurance is not the answer. 

Summit • 9 am - 5 pm
Leadership Summit: Helping to Build a Strong and Diverse Team
Lynn Dohm
Women in CyberSecurity (WiCyS)
Workshop • 9 am - 5 pm
Adversarial Attacks & Detection-Day 2 (HANDS ON)
Ben Mauch
TrustedSec
Larry Spohn
TrustedSec

This two-day, hands-on workshop is designed for both red and blue teams to give participants a deeper understanding of how offense and defense can work together to refine an organization's security posture. There will be focus on the latest attack techniques and how to build a defense strategy around them. Attendees will learn about the tools and techniques they need to advance their cybersecurity strategy and execution in a way that allows them to have detection, deflection, and deterrence controls for an attack; regardless of an attack's initial vector.

Wednesday, September 28
Workshop • 1 pm - 5 pm
Data Science for Cybersecurity (HANDS ON)

The half-day workshop will provide attendees with an introduction to data science and machine learning, and demonstrate how these disciplines can be applied to cybersecurity. Attendees will receive classroom instruction and complete hands-on labs that exhibit application of data science to malware analysis, netflow analysis, and digital forensics. The outcome is that information security professionals will gain an appreciation and understanding of ways data science can enhance cybersecurity initiatives.

Workshop • 1 pm - 5 pm
XDR Workshop

To date, Security Incident and Event Management (SIEM) systems and Security Orchestration, Automation, and Response (SOAR) systems have underdelivered on their promises of streamlining and improving security operations. Stealthy threats still evade detection. Attackers hide between security silos and disconnected solution alerts, while overwhelmed security analysts try to triage and investigate with narrow, disconnected attack viewpoints. 

eXtended Detection and Response (XDR) improves detection and response activity by collecting and correlating detections and deep activity data across multiple security layers – email, endpoints and servers, cloud workloads, and on the network. Automated analysis of this rich data detects threats faster and enables more accurate, streamlined response. 

This workshop will gauge organizational perception of XDR’s usefulness, where the industry is in XDR implementation, and what capabilities are required to detect and respond to attacks faster. Insights will help identify gaps and offer best practices and solutions for implementing successful XDR programs.

Workshop • 1 pm - 5 pm
Advanced Cubicles & Compromises (HANDS ON)
Ean Meyer
Marriott Vacations Worldwide

What makes a great tabletop exercise? Many organizations run a tabletop exercise to check a box for compliance standards but don’t maximize the value of the time spent. Often they don’t engage the audience or force them to think enough about the problem to find areas of improvement. Further, they assume their decisions will always work during the exercise. In this workshop, we will not only discuss how to build a tabletop exercise that addresses real risk for an organization but how to make it fun and engaging for teams at all levels of an organization. The workshop will introduce attendees to the Cubicles and Compromises format as well as add new advanced elements. You will create a company with a budget, controls, and limitations then test those controls against a current real-world issue. You’ll roll dice, things won’t go as planned, and you’ll learn to what makes for for a great tabletop exercise you can take back and use at your organization.

Thursday, September 29
Summit • 9 am - 5 pm
Cloud Security Summit

Digital transformation is driving more cloud usage, development, and spending to the cloud. As soon as this transformation started building steam in 2020, attacks against cloud-based assets rose more than 600% that year. Leaky buckets and vulnerable containers, stored credentials and keys, data scraping, and other methods are prevalent in today’s cloud environments.  

Now, with cloud-as-infrastructure, security must span online-based infrastructures, applications, and platforms (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS)).  

An example of cloud-as-infrastructure is developers spinning up their own clouds to develop to, revealing how responsibility for security must be shared between the ITsec and the DevOps teams. In this survey, we ask what developers are taking responsibility for in their environments, and what ITsec pros are doing to protect their developer environments—and their apps and infrastructures deployed in the cloud. Insights from this study will assess how organizations are evolving their cloud models, how developers are developing to the cloud, and related security tools and programs. With this data, this workshop will identify gaps and offer best practices and hands-on solutions required to secure cloud infrastructure.

Workshop • 9 am - 5 pm
Supply Chain Workshop

Managing the risk to an organization’s supply chain can prove difficult for even the best staffed security department. This summit will examine the myriad risks to supply chains including external suppliers & vendor, including software and services.

InfoSec World
presented by
Stay Informed
Join our mailing list for the latest news on InfoSec World 2022.