Workshops & Summits
InfoSec World offers a variety of pre- and post-conference Workshops and Summits giving attendees even more tactical and hands-on learning for the opportunity to earn additional CPEs. With our all-inclusive World Pass, you'll save more on registration when you sign up for multiple workshops and summits.
Saturday, September 24
Summit • 9 am - 5 pm
Zero Trust Summit

This summit will explore the Zero Trust framework and the need for users and access requests to be authorized, authenticated and validated before access is granted.

Workshop • 9 am - 5 pm
Adversarial Attacks & Detection (Day 1)
Ben Mauch
TrustedSec
Larry Spohn
TrustedSec

This two-day, hands-on workshop is designed for both red and blue teams to give participants a deeper understanding of how offense and defense can work together to refine an organization's security posture. There will be focus on the latest attack techniques and how to build a defense strategy around them. Attendees will learn about the tools and techniques they need to advance their cybersecurity strategy and execution in a way that allows them to have detection, deflection, and deterrence controls for an attack; regardless of an attack's initial vector.

Sunday, September 25
Workshop • 9 am - 5 pm
Ransomware Workshop

From Colonial Pipeline to JBS USA, every sector has seen a rise in ransomware attacks with increasing ransoms. Not only are these ransomware criminals stopping critical operations, they are stealing regulated data that they use to further blackmail their targets. Even when ransoms get paid, these stolen files appear on dark web trading sites, and vulnerability data on the target is often reused by new ransomware operators. Cyber insurance is not the answer. 

Summit • 9 am - 5 pm
Leadership Summit: Helping to Build a Strong and Diverse Team
Lynn Dohm
WiCys
Workshop • 9 am - 5 pm
Adversarial Attacks & Detection (Day 2)
Ben Mauch
TrustedSec
Larry Spohn
TrustedSec

This two-day, hands-on workshop is designed for both red and blue teams to give participants a deeper understanding of how offense and defense can work together to refine an organization's security posture. There will be focus on the latest attack techniques and how to build a defense strategy around them. Attendees will learn about the tools and techniques they need to advance their cybersecurity strategy and execution in a way that allows them to have detection, deflection, and deterrence controls for an attack; regardless of an attack's initial vector.

Wednesday, September 28
Workshop • 1 pm - 5 pm
Data Science for Cybersecurity
The half-day workshop will provide attendees with an introduction to data science and machine learning, and demonstrate how these disciplines can be applied to cybersecurity. Attendees will receive classroom instruction and complete hands-on labs that exhibit application of data science to malware analysis, netflow analysis, and digital forensics. The outcome is that information security professionals will gain an appreciation and understanding of ways data science can enhance cybersecurity initiatives.
Workshop • 1 pm - 5 pm
XDR Workshop

To date, Security Incident and Event Management (SIEM) systems and Security Orchestration, Automation, and Response (SOAR) systems have underdelivered on their promises of streamlining and improving security operations. Stealthy threats still evade detection. Attackers hide between security silos and disconnected solution alerts, while overwhelmed security analysts try to triage and investigate with narrow, disconnected attack viewpoints. 

eXtended Detection and Response (XDR) improves detection and response activity by collecting and correlating detections and deep activity data across multiple security layers – email, endpoints and servers, cloud workloads, and on the network. Automated analysis of this rich data detects threats faster and enables more accurate, streamlined response. 

This workshop will gauge organizational perception of XDR’s usefulness, where the industry is in XDR implementation, and what capabilities are required to detect and respond to attacks faster. Insights will help identify gaps and offer best practices and solutions for implementing successful XDR programs.

Workshop • 1 pm - 5 pm
The Art & Science of Incident Response

A strong incident response plan is a key component of any organization's cyber defense. Many organizations, however, have an ineffective, or non-existent cyber response plan. We only need to look to the daily news to see the impact that an ineffective cyber response can have on an organization's bottom line. A strong plan can help you identify and respond quickly to a cyber incident, and mitigate the financial and reputational costs.

What happens after you've identified a possible compromise?  Is your team ready to respond quickly? Do you know what steps to talk in order to mitigate damage and begin remediation? What decisions need to be made? Do you have the right people at the table? Do you disclose to the public? Are you adequately prepared to handle an insider threat?  Do you understand your notification requirements, as well as the logistics behind making those notification?      Cybersecurity experts Michael Quinn and Lucie Hayward will talk through the key components of a successful incident response plan, followed by a tabletop exercise using a real-world scenario.  This will help you identify critical decision points and key next steps, both business and technical.

Thursday, September 29
Summit • 9 am - 5 pm
Cloud Security Summit

Digital transformation is driving more cloud usage, development, and spending to the cloud. As soon as this transformation started building steam in 2020, attacks against cloud-based assets rose more than 600% that year. Leaky buckets and vulnerable containers, stored credentials and keys, data scraping, and other methods are prevalent in today’s cloud environments.  

Now, with cloud-as-infrastructure, security must span online-based infrastructures, applications, and platforms (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS)).  

An example of cloud-as-infrastructure is developers spinning up their own clouds to develop to, revealing how responsibility for security must be shared between the ITsec and the DevOps teams. In this survey, we ask what developers are taking responsibility for in their environments, and what ITsec pros are doing to protect their developer environments—and their apps and infrastructures deployed in the cloud. Insights from this study will assess how organizations are evolving their cloud models, how developers are developing to the cloud, and related security tools and programs. With this data, this workshop will identify gaps and offer best practices and hands-on solutions required to secure cloud infrastructure.

Workshop • 9 am - 5 pm
Supply Chain Workshop

Managing the risk to an organization’s supply chain can prove difficult for even the best staffed security department. This summit will examine the myriad risks to supply chains including external suppliers & vendor, including software and services.

InfoSec World
presented by
Stay Informed
Join our mailing list for the latest news on InfoSec World 2022.