SECTORCISOSUMMIT 2020 Oct. 21, 2020 to Oct. 22, 2020, Virtual, Virtual

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
A HACKER’S PERSPECTIVE ON YOUR INFRASTRUCTURE AND HOW TO KEEP THEM OUT OF YOUR LIFE Paula Januszkiewicz We have a smart new generation who understands how to get around computer systems — ...
A DECADE AFTER STUXNET’S PRINTER VULNERABILITY: PRINTING IS STILL THE STAIRWAY TO HEAVEN Peleg Hadar , Tomer Bar In 2010, Stuxnet, the most powerful malware in the world revealed itself, causing physical damage ...
HOW TO AUTOMATE SECURITY VALIDATION AND REDUCE ENTERPRISE SECURITY RISK Aviv Cohen Cybersecurity software has evolved by leaps and bounds in the past decade. However, one domain ...
LAMPHONE: REAL-TIME PASSIVE RECONSTRUCTION OF SPEECH USING LIGHT EMITTED FROM LAMPS Ben Nassi Recent studies have suggested various side-channel attacks for eavesdropping sound by analyzing the side effects ...
MY CLOUD IS APT’S CLOUD: INVESTIGATING AND DEFENDING OFFICE 365 Doug Bienstock , Josh Madeley As organizations increase their adoption of cloud services, we see attackers following them to the ...
PE TREE: HOW COVID19 SPURRED A NEW MALWARE REVERSE ENGINEERING TOOL Tom Bonner PE Tree is a new open-source tool developed by the BlackBerry Research and Intelligence team ...
COMMON FLAWS IN PUBLIC AND PRIVATE ICS NETWORK PROTOCOLS Mars Cheng , Selmon Yang Industrial Control Systems / Supervisory Control and Data Acquisition (ICS/SCADA) are both the lifeblood of ...
THE GREAT HOTEL HACK: ADVENTURES IN ATTACKING THE HOSPITALITY INDUSTRY Etizaz Mohsin Ever wondered if your presence has been exposed to an unknown entity even when you ...
ONLY AFTER DISASTER CAN WE BE RESURRECTED: FIELD LESSONS IN CYBER INCIDENTS Mark Sangster Only after disaster can we be resurrected. While you’d think it’s wisdom from Gandhi or ...
THE HUNT IS ON! Matthew Balcer “I do have are a very particular set of skills, skills I have acquired over ...
IDENTIFYING AND DEFENDING THE PERIMETER WITH ATTACK SURFACE MANAGEMENT Geoffrey Roote The need to operate online has driven businesses toward a digital transformation with cloud adoption ...
BUILDING A THREAT INTELLIGENCE TEAM FROM SCRATCH ON A BUDGET Lilly Chalupowski Budgets are tighter than ever during the COVID-19 pandemic and threat actors have only increased ...
TRENDS IN IOT/OT/MIOT Sean Tufts Non-traditional operating systems are driving even more complexity to the security landscape. Whether it’s an ...
DISSECTING PANDEMIC-THEMED MALWARE AND THREAT TACTICS Shyam Sundar Ramaswami Threat actors have always played the game of emotions. Fear is the emotion they are ...
FROM SECURITY OPERATIONS TO COVID-19: SECURITY AI STATE OF THE NATION, 2020 Stephan Jou Many businesses are at a disadvantage when it comes to combating the bad guys. In ...
LEVEL UP YOUR SOC: MEET CYBOT, OUR OPEN SOURCE THREAT INTEL CHAT BOT Tony Lee Threat intelligence chat bots are useful friends. They perform research for you and can even ...
THREAT HUNTING INTELLIGENTLY Ryan Cobb Although times are unprecedented, for threat actors, it is business as usual. Even as times ...
COULD YOUR BUSINESS SURVIVE A RANSOMWARE ATTACK? Dinah Davis , Jonathan Walsh Ransomware has been in the wild since 1983 but saw a steep rise with the ...
PRIORITY INTELLIGENCE REQUIREMENTS (PIR) ARE NOT JUST FOR THREAT INTEL ANALYSTS Jody Caldwell The Intelligence discipline has defined processes, analytical techniques, and procedures, but they are not only ...
A SAVVY APPROACH TO LEVERAGING MITRE ATT&CK Travis Smith MITRE ATT&CK has shifted the balance of power from attackers to defenders. For the past ...
SOC AUTOMATION: FASTER DECISION MAKING AND RESPONSE Andy Skrei Security analysts spend two-thirds of their time on triage and investigation. Why then do most ...
DETECTING AWS CONTROL PLANE ABUSE IN AN ACTIONABLE WAY USING DET{R}AILS Rodrigo Montoro , Felipe Esposito Monitoring events will always be a big challenge for defensive teams. Now, with the increasing ...
A HACKERS DREAM: UNMANAGED PRIVILEGES Christopher Hills In times of crisis, good security practices are often the first thing to go. Organizations ...
SECURITY METRICS THAT MATTER Tanya Janca We measure so that we can improve and report. Reporting is for our bosses and ...
DEMYSTIFYING MODERN WINDOWS ROOTKITS Bill Demirkapi This talk will demystify the process of writing a rootkit, moving past theory and instead ...
ACTIVE DIRECTORY DATABASE SECURITY Michael Grafnetter How are passwords stored in Microsoft’s Active Directory and how can they be audited? What ...
SOLVING SECURITY’S PEOPLE PROBLEM BY EXPANDING THE TALENT POOL Ning Wang Cybersecurity issues are plaguing organizations large and small today, and not only due to technical ...
SUBMARINES IN PIRATE WATERS: CLOUD ATTACK STRATEGIES Moses Frost For several years now, our application deployment and infrastructure constructs have changed. What have we ...
THE IMPACT OF DIGITAL TRANSFORMATION IN THE FACE OF TODAY’S THREATS Nathan Smolenski Digital Transformation and the rapid need for supporting remote workers for digital business processes took ...
USING THREAT METRICS FOR BETTER INFORMATION SECURITY PROGRAM EFFICACY – LEVERAGING MITRE ATT&CK Brian Brown Information Security leaders face a problem: to prove the value equation of their security investments. ...
THE PARAMEDIC’S GUIDE TO SURVIVING CYBERSECURITY Rich Mogull The security world is fraught with cases of mental health issues, burnout, substance abuse, and ...
DEFENDING CONTAINERS LIKE A NINJA: A WALK THROUGH THE ADVANCED SECURITY FEATURES OF DOCKER & KUBERNETES Sheila Berta Today, with a few commands anyone can have containers running on their machine; at this ...
I PROMISE IT’S NOT A COMPUTER: POWER GRIDS, ONLINE VOTING, AND THE LIES WE TELL Mark Dillon This talk showcases lessons learned from firsthand experience implementing everything from power transmission systems, smart ...
RANSOMWARE ATTACKS: DO’S & DON’TS Julian Pileggi Ransomware attacks are prevalent. The actions taken by a company immediately after a ransomware attack ...
HEROKU ABUSE OPERATIONS: HUNTING WOLVES IN SHEEP’S CLOTHING Allan Stojanovic , Spencer Cureton Abuse Operations, theft of services, and violation of acceptable usage does not get the spotlight ...
ACHIEVING PYRDP 1.0 – THE REMOTE DESKTOP PWNAGE MITM AND LIBRARY Olivier Bilodeau , Alexandre Beaulieu Remote Desktop Protocol (RDP) is the de facto protocol to remotely access Windows systems. Two ...
AD SECURITY VS MODERN ATTACKS Bryan Patton Active Directory has been providing critical services and infrastructure to nearly every company, organization and ...
THE NEED FOR SPEED: COLLABORATIVE STRATEGIES FOR ACCELERATING SECURITY OUTCOMES Justin Pagano While advances continue to be made in InfoSec practices and tools, attackers still seem to ...
KNOWING IS HALF THE BATTLE: SHARED RESPONSIBILITY AND SECURE CONFIGURATION IN THE CLOUD David Lu In this session, we will dive into the shared responsibility model that exists within the ...
INTELLIGENT NETWORK SECURITY: A PARADIGM SHIFT IN CYBERSECURITY! Victor Tavares Cyberattacks are ever-evolving, increasingly using automation to morph and elude detection. Add to this an ...
WHAT’S IN YOUR PIPELINE? UPS AND DOWNS OF CONTAINER IMAGE SCANNERS Shay Berkovich BlackBerry, like many other companies, is on the move to containerized production environments. As containers ...
DEVSECOPS: THE RIGHT SOLUTION TO THE WRONG PROBLEM Mark Nunnikhoven DevOps philosophies reduces the barriers between development and operations teams. Therefore, DevSecOps is when all ...
A DECEPTICON AND AUTOBOT WALK INTO A BAR: PYTHON FOR ENHANCED OPSEC Joe Gray When we see the terms Natural Language Processing (NLP) or Machine Learning (ML), often, our ...
PRACTICAL DEFENSES AGAINST ADVERSARIAL MACHINE LEARNING Ariel Herbert-voss Adversarial machine learning has hit the spotlight as a topic relevant to practically-minded security teams, ...
DRINKING COFFEE, UNICORNS & DEMYSTIFYING ZERO TRUST Dave Lewis So exactly what is zero trust? Buzzword, unicorn technology or a framework with meat on ...
TECH FOR GOOD, MAYBE Tracy Ann Kosa Cambridge Analytica paid a data scientist 800k to develop an app called ‘This is Your ...
CRYCRYPTOR, THE FAKE COVID-19 TRACING APP THAT TARGETED CANADIANS Alexis Dorais-joncas Cybercriminals regularly use major newsworthy events as an opportunity to lure targets into their trap. ...
CYBER THREAT INTELLIGENCE AND TODAY’S COMPLICATED CYBER SECURITY ENVIRONMENTS Chris Davis Threats to your organization can be overwhelming. Your Threat Intelligence shouldn’t be. Today, there is ...
ONE MALICIOUS MESSAGE TO RULE THEM ALL Omer Tsarfati As the world quickly transitioned to remote work due to COVID-19, companies were forced to ...
GETTING RID OF PASSWORDS WITH FIDO2 AND W3C WEBAUTHN Michael Grafnetter Most security experts would agree that password-based authentication is dead. The FIDO2 standard aims to ...
RECON – THE ROAD LESS TRAVELED Rohan Aggarwal Whether you do Pentesting or Bug Bounty Hunting, Recon is an important phase for expanding ...
ESCAPING VIRTUALIZED CONTAINERS Yuval Avrahami Containers offer speed, performance, and portability, but do they actually contain? While they try their ...
ARE YOU DOING IT WRONG? HIGHLIGHTS INTO CYBERSECURITY QUANDARIES Laurent Desaulniers , Masarah Paquet-clouston Statistics are speaking loudly! There is a disconnection between defenders’ perceptions of the value of ...
COMPLIANT YET VULNERABLE: CRITICAL RISKS OF MEASURING INSTRUMENTS IN PRODUCTION LINE Philippe Linshin Li In this talk, we are going to review the LAN eXtensions for Instrumentation (LXI), a ...
DON’T BE AFRAID TO UPGRADE: LESSONS OF SPEED AND SECURITY FROM HIGH PERFORMANCE OPEN SOURCE DEVELOPMENT Bryan Whyte For the past six years, I’ve studied behaviors of 15,000 commercial development teams, 24,000 open ...
EVOLVING YOUR SECURITY CULTURE Rodney Buike 2020 has seen a significant shift in how businesses abruptly implemented remote working. With the ...
A BRAVE NEW WORLD – ATTACKS IN THE AGE OF COVID Aamir Lakhani The COVID pandemic has allowed attackers to exploit users with phishing attacks, ransomware, and other ...
UNDERSTANDING THE THREAT LANDSCAPE Gary Sockrider Today’s attackers have abandoned the equivalent of sledgehammers for a quiver of custom arrows as ...
A NEW SECURITY REALITY: DATA IS THE PERIMETER Gina Scinta We all know that the operating paradigm in which business is conducted changes on almost ...
HOW TO TALK TO THE BOARD ABOUT CYBERSECURITY Jeff Costlow With the sudden shift of the global workforce from in-office to remote, IT teams quickly ...
SOPHISTICATION ADVANCEMENTS IN RANSOMWARE Josh Burgess Cyber attacks and specifically Ransomware continue to evolve and change the way the world does ...
SASE SUCCESS BEHIND-THE-SCENES Nicolas (nico) Fischbach SASE converges network, web, data, and cloud app connectivity and security, but implementing a true ...
HOW AN XDR APPROACH HELPS SPEED RESPONSE & IMPROVE MITRE ATT&CK COVERAGE Peter Cresswell XDR is an emerging industry approach that extends EDR’s insight to a broad range of ...
MITIGATE ORGANIZATIONAL RISK WITH INTEGRATED CYBER RESILIENCE Thom Bailey Threats have changed over the years and so have the targets. It’s not just your ...
SECURITY TRANSFORMED Avi Rembaum Preceding the outbreak of COVID-19 was a trend across industries to transform the traditional IT ...
CLOUD FIRST IT FOR DYNAMIC WORK Sami Laine Okta has been supporting a remote workforce for years, but like many organizations we were ...
MEASURING RISK IN 2020 – THE ENTERPRISE OF THINGS SECURITY REPORT Shane Coleman While cybersecurity teams work to address operational and functional gaps, cybercriminals develop attacks targeting the ...
DETECTING ACCESS TOKEN MANIPULATION William Burgess Windows access token manipulation attacks are well known and abused from an offensive perspective, but ...
POLICY IMPLICATIONS OF FAULTY CYBER RISK MODELS AND HOW TO FIX THEM Wade Baker , David Severski Bad security data leads to bad security policies; better data enables better policies. That, in ...
LATERAL MOVEMENT AND PRIVILEGE ESCALATION IN GCP; COMPROMISE ANY ORGANIZATION WITHOUT DROPPING AN IMPLANT Dylan Ayrey , Allison Donovan Google Cloud’s security model in many ways is quite different from AWS. Spark jobs, Cloud ...
CAN’T STOP THIS TRAIN – TOP CASES IN PRIVACY LITIGATION Stanislav Bodrov One of the core purposes of cybersecurity is to protect data gathered by an organization. ...
AUTOMATING INTUITION: DIGGING FOR GOLD IN NETWORK DATA WITH MACHINE LEARNING Serge-olivier Paquette Intuition, acquired through years of experience, is what sets experts apart from novices. Intuition is ...
PKI WELL REVISED: COMMON MISTAKES WHICH LEAD TO HUGE COMPROMISE OF IDENTITY Paula Januszkiewicz , Mike Jankowski-lorek All technologies and systems currently use cryptography and most use certificates at some point. Since ...
ZERO TRUST SECURITY STARTS WITH IDENTITY Baber Amin Some organizations have been embracing the “Zero Trust” security model, and others are still trying ...
USING AUTOMATION TO SECURE YOUR REMOTE WORKFORCE Karl Klaessig COVID-19 has already profoundly changed the way many of us work in security operations—including the ...
THE FAST AND THE FAIL 8 James Arlen , Dave Lewis , Laura Payne , Nick Johnston When it’s 2020 and all you can think about is how fricken awesome 2019 was, ...
DETECTION MASTERY – WAR STORIES FROM THE HUNTERS SIDE! Ilya Kolmanovich , Felix Kurmish Threat Hunting is a rapidly evolving topic in cyber security. Armed with more than 20 ...
AN INTRODUCTION TO AUTOMOTIVE SECURITY IN 2020 Eric Evenchick As cars continue to become more connected and autonomous, the security of these systems grows ...
HOW TO STORE SENSITIVE INFORMATION IN 2020 Mansi Sheth It goes without saying never ever store personal/sensitive information in clear text. It is also ...
CROWN JEWELS LIFECYCLE MANAGEMENT Akshat Saxena Typically, business leaders find it challenging to provide oversight, guidance and act upon their organization’s ...
BHPD: BLUEHOUND PATH DESTROYER Mathieu Saulnier No, this is not a talk about the Beverly Hills Police Department. It is about ...