RSAC 2022 June 6, 2022 to June 9, 2022, San Franciso, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Assessing Vendor AI Claims like a Data Scientist, Even if You Aren't One Joshua Saxe <p>It can be hard for non-data scientists to assess vendors AI claims. This session will ... Machine Learning & Artificial Intelligence
BoF: Cyber Insurance - opportunity or distraction? Michael Phillips <p>Cyber insurance has experienced a coming-of-age moment through the ransomware epidemic, leading to opportunity for ... Risk Management & Governance Human Element
BoF: Defeating Foreign Covert Actors: Taking Action While Protecting Free Speech Kurt Sanger <p>First Amendment protections prohibit many of the legal and technical methods of countering foreign covert ... Human Element Law
Collateral Damage: Prepping Your Organization for a Supply Chain Attack Christopher Shreve Supply chain risks can allow a backdoor into a company. This learning lab will focus ... Protecting Data & the Supply Chain Ecosystem Risk Management & Governance C-Suite View
Cyber Defense Matrix: Revolutions Sounil Yu <p>The Cyber Defense Matrix (CDM) helps people organize and understand gaps in their overall security ... Risk Management & Governance Security Strategy & Architecture C-Suite View
Defeat Your 'Curse of Knowledge' & Make Security Messaging More Impactful Kerry Tomlinson Cybersecurity messaging is more urgent than ever before. People need to listen, but are they? ... Human Element
Drones and Autonomous Vehicles: Privacy & Security vs. Surveillance Jodi Daniels In 2007 Facebook and Twitter revolutionized news unwittingly creating surveillance platforms. Drones and autonomous vehicles ... Privacy Innovation & Startups
ESPecter: Showing the Future of UEFI Threats Jean-ian Smolar In recent years, it's become clear that UEFI threats are real and have been deployed ... Hackers & Threats
Privacy Threats and Vulnerabilities Smitha Sriharsha <p>Lab participants will be able to see each aspect of Privacy Engineering Principles through the ... DevSecOps & Application Security Privacy
Red, Yellow, Green, or Purple - What's on your Risk Scorecard? Alex Hutton <p>Ten years ago, we asked ourselves if cybersecurity defense was like a zombie invasion, and ... Risk Management & Governance C-Suite View
Supplier Risk: Throw Out the Old Playbook! Heidi Wainwright Many organizations added questions to the Supplier SAQ after Solargate. CDW did the opposite. This ... DevSecOps & Application Security Risk Management & Governance
The Challenges of Building Safe End-to-End Encrypted Services for Business Elie Lidzborski Using end-to-end encrypted services is quickly becoming a critical component of how enterprises meet regulations ... Human Element Machine Learning & Artificial Intelligence Open Source Tools
The Practicalities of Pen Testing at Scale Caroline Wong <p>Pentesting is critical for security. It brings awareness to companies testing their people, processes and ... DevSecOps & Application Security Technology Infrastructure & Operations
Transforming Security Champions Tanya Janca <p>With security teams being vastly outnumbered, many organizations have responded to this challenge with different ... Human Element Professional Development & Personnel Management
Victims & Vectors: Mitigating Legal Risks of Supply Chain Attacks Susan Cassidy , Christopher Hale , Martha Sfekas This panel will discuss legal strategies associated with supply chain cybersecurity attacks, drawing upon examples ... Protecting Data & the Supply Chain Ecosystem Law Policy & Government
Wells Fargo PQC Program: The Five Ws Sam Phillips , Dale Toohey This session will provide guidance on the five Ws (Who, What, When, Where, Why) for ... Technology Infrastructure & Operations
What is Zero Trust? What ISN’T Zero Trust? Let’s Make Sense of This! Amanda Berlin , Jason Garbis , Jerry Chapman , Chase Gilman <p>Zero Trust is a major industry trend, but has also become an overused marketing buzzword. ... Security Strategy & Architecture Identity
All Your Macs Are Belong To Us ... Again! Patrick Wardle <p>The (sad) reality is most Mac infections occur with inadvertent assistance from the user. Apple, ... Hackers & Threats
Are Low-Code and No-Code Tools a Security Risk? Mark Nunnikhoven <p>Low-code and no-code let anyone drag and drop components to build a completely new, custom ... DevSecOps & Application Security Security Strategy & Architecture
Be Debt Free! Using Cyber-Informed Engineering to Future-Proof Technology Cheri Kunsman Cyber-informed engineering (CIE) guides risk planning across the technology development lifecycle. CIE guides identification of ... Technology Infrastructure & Operations
BoF: Defeat Your 'Curse of Knowledge' & Make Security Messaging More Impactful Kerry Tomlinson <p>Join this interactive follow up session to listen and learn from Kerry Tomlinson —join this ... Human Element
BoF: Transforming Security Champions Tanya Janca <p>Join this interactive follow up session to listen and learn from Tanya Janca —join this ... DevSecOps & Application Security Human Element Professional Development & Personnel Management
Data Protection and Privacy Development Around the World Carla Utter , Ann Leipzig <p>This session will discuss major privacy developments, such as CA (CCPA/CPRA), VA (Consumer Data Protection ... Law Privacy
Elite Security Champions Build Strong Security Culture in a DevSecOps World Christopher Romeo Everyone has a Security Champion program, but how effective is it? Explore the qualities of ... DevSecOps & Application Security Human Element
Fake or Real, Catch Me if You Can. A Real Life Event Using Deepfake Tech Zee Sikdar <p>This talk will cover how to create a deep-fake social profile and that was used ... Hackers & Threats Human Element Machine Learning & Artificial Intelligence
First 90 Days In the CISO Chair: A Practitioner's Perspective Allison Miller , Chenxi Wang , Olivia Sima <p>What happens when a CISO joins a new organization? What should they focus on in ... Risk Management & Governance Professional Development & Personnel Management C-Suite View
OTP Bot Attacks Kelsey Spaeth <p>This session will discuss crimeware-as-a-service utilized by threat actors, with a focus on SMS-based one-time ... Anti-Fraud
Securing Entry Points and Active Directory to Prevent Ransomware Attacks Derek Melber <p>To disrupt Active Directory attacks, security teams must secure the environment through continuous and automated ... Technology Infrastructure & Operations
The Transformation of Post Pandemic Mental Health Chloé Messdaghi <p>Few people are not the same they were in 2019. Life has changed due to ... Human Element Professional Development & Personnel Management
The Zoom Effect: A Framework for Security Program Transformation Heather Chavan When companies experience rapid growth, information security organizations must adapt to meet business needs. Establishing ... Security Strategy & Architecture Risk Management & Governance
Validating the Integrity of Computing Devices Nakia Grayson , Themistocles Chronis , Tom Loucaides It is essential for organizations to ensure the integrity and resiliency of supply chains for ... Protecting Data & the Supply Chain Ecosystem
BEC & Ransomware: Two Sides of the Same Cybercrime Coin Crane Hassold <p>BEC and ransomware are the two biggest threats today. While it may seem that these ... Anti-Fraud
BoF: "Keep it Secret, Keep it Safe": Overcoming a False Sense of Security Carmichael Patton <p>"Keep it Secret, Keep it Safe" has become the data protection mantra, but are we ... DevSecOps & Application Security Identity
BoF: Do You Really Know What Your Attack Surface Looks Like? Mary Yang <p>For many, reducing their attack surface is a critical goal. But we continue to see ... Protecting Data & the Supply Chain Ecosystem
Building an Enterprise-scale DevSecOps Infrastructure: Lessons Learned Gaurav Mishra The DevSecOps concept is widely accepted yet its implementation at enterprise-scale presents challenges. This session ... DevSecOps & Application Security Technology Infrastructure & Operations
Cutting Through: Getting Real Answers on Supply Chain Security Policy Tatyana Bolton , Stephen Ezell , Mark Zabierek <p>This panel will bring a Washington, D.C. policy perspective to the challenges of designing an ... Protecting Data & the Supply Chain Ecosystem Technology Infrastructure & Operations Policy & Government
Cyber Invisibility: Developing a Security Incident Notification Regime Courtney Lang , Kevin Albano , Robert Mehta Incident reporting can play an important role in informing actions to respond to incidents and ... Policy & Government
Hacking and Protecting Distributed Energy Infrastructure Aaron Sorebo <p>Climate crises demand looking to zero emissions sources for energy with renewables being most prominent. ... Technology Infrastructure & Operations
Inside the Making of a Zero Trust Architecture Alper Rose <p>The lead authors/contributors of NIST’s SP 800-207, Zero Trust Architecture are bringing their Zero Trust ... Security Strategy & Architecture Identity
OT Reverse Engineering - What Can Be Automated? Dr. Ulrich Lang Reverse engineering is generally a manual, expensive, non-scalable process done by reverse engineering experts. It's ... Hackers & Threats Technology Infrastructure & Operations
Privacy and Compliance for AI – Open Source Tools and Industry Perspective Beat Buesser This talk will present some state of the art solutions for achieving privacy and compliance ... Risk Management & Governance Privacy Machine Learning & Artificial Intelligence
Stop Chasing Insider Threats, Start Managing Insider Risk Randy Trzeciak <p>This session will cover best practices for maturing an organization's insider threat program into an ... Risk Management & Governance Human Element
The Reason Companies Fall Victim to Ransomware Isn’t What You Think David Langlands Leveraging the lessons learned from real world large incident examples, this session will leave attendees ... C-Suite View
The State(s) of Cyber Incentives: Creative Laws Driving Better Security Brian Ray , Kirk Sager Lacking the authority to mandate uniform cybersecurity standards, states are pioneering incentive-based laws based on ... Risk Management & Governance Law Policy & Government
Tooling up: Getting SBOMs to Scale Allan Stewart <p>SBOMs serve a variety of purposes, and come at different levels of quality and support ... DevSecOps & Application Security Technology Infrastructure & Operations
Transformational Security Strategy—Developing a Plan That Works Dr. Karla Clarke <p>If it’s so simple why doesn’t every organization have it? A cybersecurity strategy that aligns ... Security Strategy & Architecture
RSA Conference Innovation Sandbox Contest Paul Kocher , Hugh Thompson , Dorit Dor , Niloofar Razi Howe , Shlomo Young <p>Come cheer on the Top 10 finalists who will pitch groundbreaking cybersecurity technologies to an ... Innovation & Startups
A Data-Driven Topical History of the RSA Conference Wade Edwards <p>Imagine being able to distill every presentation from every year of the RSA Conference into ...
Benefit from Cybersecurity Insurance: Taking Advantage of Insurer Panels Alan Brill Cyber insurance has become an important part of many cybersecurity programs, but many policies have ... Risk Management & Governance
BoF: Denial, Deception, and Adversary Engagement Stanley Barr <p>We at MITRE are strong believers that cyber deception technologies, unlike many other defensive technologies, ... Security Strategy & Architecture
BoF: How can CISOs Truly Align with the Business? Candy Alexander <p>Many programs fall short with simply supporting regulations. In this group discussion, we will explore ... Risk Management & Governance C-Suite View
Bringing Zero Trust to Industrial Control Systems Bill Malik <p>Zero Trust proposes an alternative to the perimeter. Applying Zero Trust to the Industrial Control ... Technology Infrastructure & Operations
Can Innovation and Regulation Coexist? Julie Crampton Data is fueling the future. Organizations want to unlock data and the power of AI ... Privacy Machine Learning & Artificial Intelligence Innovation & Startups
Hacker Law After the Supreme Court Ruling: Insider Threats, Research & CFAA Leonard Geiger <p>Federal hacking laws have changed! The recent changes affect organizational security programs, the white hat ... Hackers & Threats Privacy Law Policy & Government
Ignorance Is not Bliss--It’s Negligence: Leading During a Crisis Robert Sangster The more sweat that comes in preparation, the less blood there will be in incident ... Risk Management & Governance Professional Development & Personnel Management C-Suite View
Importance of Cyber Diligence in Third Party Risk Management Gerald Beuchelt , Landon Winkelvoss , Shannon Ruedger <p>Intelligence can transform security, which for businesses is most relevant to conducting third-party risk. Cybersecurity ...
Integrity Matters Malcolm Harkins , Jerry Davis , Pamela Gomez-sanchez <p>Many a CISO has at least one story to share about the challenges they’ve had ... Professional Development & Personnel Management C-Suite View
Intrusion Analysis and Threat Hunting with Open-Source Tools Peter Manev <p>Lab participants will learn how to dig deep into network traffic to identify key evidence ... Technology Infrastructure & Operations Open Source Tools
Measuring the Difference: Metric Development at NCCoE’s Securing AI Testbed Harold Rowe <p>AI-enabled technology is rapidly being adopted in nearly all industries. New attacks and defenses to ... Risk Management & Governance Hackers & Threats Machine Learning & Artificial Intelligence
Scalable Confidential Computing on Kubernetes with Marblerun Moritz Schuster Interested in adding an extra layer of data protection to Kubernetes workloads? This talk will ... Open Source Tools
Securing Medical Devices—When Cyber Really Is a Life and Death Issue Marty Edwards , Jenny Menna , Ankit Weiss A decade ago, hacked insulin pumps brought medical device security into focus. Reliance on medical ... Technology Infrastructure & Operations
Strong Story to Tell: Top 10 Mistakes by Administrators About Remote Work Paula Januszkiewicz <p>The sudden shift to remote working has left businesses at a far higher risk of ... Hackers & Threats Technology Infrastructure & Operations
What the Headlines Don’t Tell You About Exploited Supply Lines Jon Severski Supply chain attacks and other multi-party incidents have dominated the headlines of late. Most have ... Protecting Data & the Supply Chain Ecosystem
Automated Threats: The Rise of Bots and What to Do About It Matthew Gracey-mcminn <p>The average organization lost 3.6% of revenue to bot-based business logic attacks in 2020. These ... Hackers & Threats
BoF: How Internal Red Teams Close the Gap in Detection Mechanisms Aaron Rosenmund <p>Leading into creation of a Red Team-a function that is not separate but integrated into ... DevSecOps & Application Security Hackers & Threats
BoF: Offensive Operations (Red Team/Purple Team/Pentest) Evan Anderson <p>Share war stories and lessons learned conducting offensive oriented assessments for organizations. This session will ... DevSecOps & Application Security Hackers & Threats
Breaking Prometheus: When Ransomware Crypto Goes Wrong Aaron Gdanski , Anne Piazza When ransomware hits, IR includes boots on the ground and forensic support. For a real ... Hackers & Threats
How to Win with Cyber Insurance and Side-Step the 7 Biggest Pitfalls Cynthia James <p>CISOs are increasingly asked to help obtain cyber insurance. While understanding the risk environment is ... Risk Management & Governance
Is a Secure Software Supply Chain Even Possible, Let Alone Feasible? Steven Sager Many of the concepts discussed in software supply chain security come out of old fashioned ... DevSecOps & Application Security Protecting Data & the Supply Chain Ecosystem
It’s Not Fair! Detecting Algorithmic Bias with Open Source Tools Mo Kiser Algorithms that “predict the future” are common today, from determining what one might watch next ... Machine Learning & Artificial Intelligence Open Source Tools
Network Based Threat Hunting: Lessons Learned, Techniques to Share Tal Maor <p>Using an "on prem" mindset to secure a cloud native environment is like bringing a ... Technology Infrastructure & Operations
New Guidelines for Enhancing Software Supply Chain Security Under EO 14028 Jon Pascoe This session will review new guidelines under EO 14028. The National Institute of Standards and ... DevSecOps & Application Security Protecting Data & the Supply Chain Ecosystem Policy & Government
Ransomware: How One Company Fought Back Raymond Umerley <p>Within a span of seven months, global e-commerce, shipping and mailing giant Pitney Bowes faced ... C-Suite View
Talent Shortage: Fact or Myth? Resources for Finding and Growing Talent John Strand , Don Pezet , Rita Gurevich Whether attendees of this session are looking to hire or advance their own careers, they ... Professional Development & Personnel Management
The Jetsons Are Here – Now What Are the Security Implications Lisa Lee , Theresia Gouw , Diana Titus <p>The convergence of accelerating technologies could reinvent most of our industries and lead to us ... Technology Infrastructure & Operations
Using Critical Threat Intelligence Strategically Patrick Flynn , Scott Hellman , Natalie Shepley This session will discuss the use of Critical Threat Intelligence and its application to the ...
What Have the Courts Done Now? Explaining the Impact of Recent Cyber Cases Richard Bowen This session will present an engaging discussion of key holdings of recent cyber court cases ... Risk Management & Governance Law Privacy
What We Learned Implementing Zero Trust Security at Microsoft Yulia Patton <p>Microsoft has been on a three year journey of implementing Zero Trust. This session will ... Security Strategy & Architecture
The Only Constant Rohit Ghai <p>Emerging technologies, expanding connections, hidden vulnerabilities: our sector understands that the only constant is change. ... Security Strategy & Architecture C-Suite View
What Do We Owe One Another in the Cybersecurity Ecosystem? Jeetu Shankar <p>We have never been more connected than we are at this moment in time. This ... Security Strategy & Architecture Risk Management & Governance
The Next Disruption: Security Beyond the Perimeter and Endpoint Dr. Gillis <p>Three years ago, VMware challenged the industry to think differently. What has changed since then? ... Technology Infrastructure & Operations Security Strategy & Architecture
Rethinking the Cybersecurity Challenge from an IC Perspective Michèle Haines <p>As cyber challenges and malign actors proliferate, the Intelligence Community is committed to protecting the ... Policy & Government
A Sanity Check on Technology. Viewpoints from Security Professionals. Candy Oltsik <p>How are enterprises integrating the vast number of solutions available? A frank discussion around security ...
A Whole Lotta BS (Behavioral Science) About Cybersecurity Oz Alashe , Deanna Plaggemier <p>We all do things we know we shouldn’t and don't do things we know we ... Human Element
Adversarial Machine Learning - Learn Why and How to Break AI! Beat Buesser <p>Adversaries continuously transform their tactics and tools to deceive or break applications based on AI. ... Machine Learning & Artificial Intelligence Open Source Tools
American Labyrinth: Demystifying Adversary Use of Domestic Infrastructure Adam Hickey , David Ring , Amy Ugoretz The FBI and DOJ took unprecedented action to remove Chinese access to US computers that ... Policy & Government
Best Teacher is Last Mistake: Improving and Applying Incident Response Plan Mike Jankowski-lorek <p>Attackers need less than 24 hours after first client computer compromise to escalate privileges, encrypt ... Hackers & Threats
BoF: Cybersecurity and Privacy Risks within the NIST AI Risk Management Framework Harold Booth <p>The AI RMF is intended to address risks to the trustworthy and responsible development and ... Risk Management & Governance Privacy Machine Learning & Artificial Intelligence
BoF: Cyberwar, AI and the Law of Armed Conflict Lawrence Dietz <p>Recent cyber attacks have raised the specter of cyberwar. While the law of cyberwar is ... Human Element Law Policy & Government
Building a Vulnerability Management Program: How to Eat an Elephant Megan Benoit <p>Building a vulnerability management program often feels like eating an elephant that’s guarded by sharks ... Technology Infrastructure & Operations
Bypassing Windows Hello for Business and Pleasure Omer Tsarfati <p>Windows Hello is the most popular passwordless solution that includes authentication by either PIN code ... Hackers & Threats Identity
CSF Over Time: Shifting from Identify/Protect As You Grow Allan Alford <p>Ironically, a focus on the five NIST CSF domains should change over time away from ... Security Strategy & Architecture
Cybersecurity as a Business Conversation Chris Novak <p>Many organizations struggle to figure out how to make data-driven decisions about cybersecurity investments and ... Risk Management & Governance
Data Inventory Workshop Irene Mo <p>Learn what data inventory entails, challenges with the process, and best practices in this workshop ... Protecting Data & the Supply Chain Ecosystem
DOJ’s Role in Countering Nation State Cyber Threats Suzanne Olsen <p>Learn how federal law enforcement is adapting to disrupt foreign adversaries in cyberspace and the ... Policy & Government
Hacking Back – To Be or Not to Be? Dr. Shreve <p>Are there options to hack back for ransomware attacks? Without deterrence for ransomware attacks it ... Law
Hands-On Ransomware Response and Analysis Aaron Rosenmund <p>In this lab, attendees will learn to set up a ransomware lab and walk through ... Hackers & Threats
Introduction to Aircraft Networks and Security Design Considerations Sean Sullivan <p>How is a commercial aircraft’s avionics network designed? How is an aircraft architecture integrated with ...
Linked-Out: Security Principles to Break Software Supply Chain Attacks Siddhesh Yawalkar Software supply chain attacks are the current buzzword in security and many in the community ... DevSecOps & Application Security Protecting Data & the Supply Chain Ecosystem
Networking Tips For Everyone and With Anyone Jaime Sage <p>Networking, it can be overwhelming. How do people introduce pronouns? What do they do when ... Professional Development & Personnel Management
Novel Swiss Re Framework Shortens 800+ Application Multi-Cloud Conversion Michael Troha Swiss RE, global reinsurer, must comply with many global regulations as they convert 800+ on-prem ... Security Strategy & Architecture Risk Management & Governance
Privacy 2022: Perspectives from the Top Keith Enright , Dominique Shelton Leipzig , Jane Raina Risk and complexity have accelerated ferociously for any organization using data and managing privacy today. ... Security Strategy & Architecture
Privilege Escalation and Persistence in AWS Raymond Hwong <p>How does an attacker escalate privileges and gain persistence in AWS? Participants will learn multiple ... Technology Infrastructure & Operations
Red Teaming AI Systems: The Path, the Prospect and the Perils Ram Kumar , Hyrum Anderson , Nicholas Liaghati <p>Google, Microsoft and MITRE come together to dissect why Red Teaming AI systems is mushrooming ... Technology Infrastructure & Operations Machine Learning & Artificial Intelligence
Sigstore, the Open Source Software Signing Service Luke Hinds Sigstore is a project with the goal of providing a public good, non-profit service to ... Protecting Data & the Supply Chain Ecosystem Open Source Tools
Where Humane Technology and Secure Technology Meet Corey Levasseur This session will examine the challenges of developing humane (respectful) technology in comparison to implementing ... DevSecOps & Application Security Privacy
BoF: How do we Reconcile EU Privacy with the Concept of US Privacy? Carla Utter <p>Join thia interactive discussion about the current status of privacy law in the EU and ... Law Privacy
BoF: When Push Comes to Shove: Managing Strong Personalities in a Cyber Incident Mark Sangster <p>In a crisis, who makes the decisions: The senior person? The expert? The self-appointed hero? ... Human Element Professional Development & Personnel Management
By Our Powers Combined: Critical Infrastructure Partners for Transparency Allan Friedman , Cheri Caddy , Cassie Wright This session will explore the idea that advancing security requires collaboration between research, industry, and ... DevSecOps & Application Security Protecting Data & the Supply Chain Ecosystem Policy & Government
CANCELLED Do It For Me Exploit – Using Buffer Overflow Vulnerability Rohit Sinha <p>This session will disclose an exploit corrupting the stack base pointer. On function return, program ... Hackers & Threats
Colonial Pipeline - What Happened, What Changed Bryson Bort , Suzanne Lemieux , Tim Weston This session will bring together press, industry, and government to talk about what happened during ... Technology Infrastructure & Operations Policy & Government
Cyber Range on a Budget Rick Trilling Cyber Ranges (CRs) prepare teams for incidents, but they are expensive to build. Shared CRs ... Human Element
Electrons to Clouds—One SDL to Rule the World from Hardware to the Cloud Mohit Tonry Organizations that produce hardware and software products have a broad scope for the security development ... Security Strategy & Architecture
Evolving Your Defense: Making Heads or Tails of Threat Actor Trends Nick Cadieux <p>State-sponsored attacks with little regard for collateral damage. Increasing 0-days available to the highest bidder. ... Hackers & Threats
Generative Email Attacks and How to Defend Against Them Prashanth Murdoch <p>Text generation has advanced so much that our ability to differentiate between human and AI ... Human Element Machine Learning & Artificial Intelligence
Getting The Most Out Of Sysmon Amanda Berlin <p>The default logging capabilities from Microsoft are only helpful to a certain extent. This session ... Technology Infrastructure & Operations
Global Threat Brief: Hacks and Adversaries Unveiled Dmitri Joyce <p>This session will be an unveiling of the most novel attacks in the current global ... Hackers & Threats
HackAlong: Application Security Testing Joshua Redmond <p>IoT Village’s HackAlong is a 2-hour application security workshop! Run in a classroom format, the ... Hackers & Threats
How Behavioral Economics Can Help Make Better Security Decisions Kelly Yu <p>Using fun props and relevant examples, this session will show how behavioral economics can help ... Risk Management & Governance Human Element
How Modern Bank Heists Are Escalating to Hostage Situations Karen Worstell , Rick Skipper <p>VMware’s fifth edition of the Modern Bank Heist report revealed the evolution of cyberattacks on ... Hackers & Threats Technology Infrastructure & Operations
Inclusive Mentorship: Building A Framework Chloe Mora <p>Trying to figure out who's going to be a good mentor/mentee for you can be ... Professional Development & Personnel Management
Level Up Leadership Traits through Women in CyberSecurity (WiCyS) Mentoring Lynn Robinson <p>Imagine a workforce where inclusive cultures drive unity with the powerful diversity of thought. For ... Professional Development & Personnel Management
My Fuzzy Driver Mark Shimony Drivers are everywhere: in Linux, Android, Windows, or Solaris. They are a prime target for ... Hackers & Threats
Never Waste a Crisis: Identifying and Transforming Digital Risk into Reward Ben Smith <p>You’ve heard it before: the pandemic changed nearly every aspect of how we live, work ... Risk Management & Governance
Progress in the Year of Ransomware: Analysis with the Ransomware Task Force Michael Daniel , Phil Reiner , Michael Stifel 2021 was a year packed with ransomware news, from major attacks to unprecedented government action. ... Risk Management & Governance Technology Infrastructure & Operations Policy & Government
Security Industry Call-to-Action: We Need a Cloud Vulnerability Database Pete Chronis , Ami Yeoh The shared responsibility model is broken. Companies are unable to keep up with cloud complexity, ... Technology Infrastructure & Operations Risk Management & Governance
Thinking Like a 5G Attacker Dr. Rahman 5G technology is enabling a vast application landscape through network slicing which presents significant security ... Hackers & Threats
Understanding the Role of Cybersecurity Expert Witnesses Alan Raether <p>We live in a world where litigation has gone from rare to common, cases involving ... Law
What Could Possibly Go Wrong? Plain Language Threat Modeling in DevSecOps Alyssa Miller <p>In this session, a co-author of the Threat Modeling Manifesto will show how capturing threat ... DevSecOps & Application Security
macOS Attack Surface Analysis of the Application Sandbox Tal Zamir This talk will go through the process of an investigation of a recently published Apple ... Hackers & Threats
Soulless to Soulful, Security's Chance to Save Tech Bryan Palma <p>Technology companies are at a crossroads as talented people are leaving their jobs in droves. ... Human Element Professional Development & Personnel Management
The Journey to The Self-Driving SOC Nir Zuk <p>Twenty years ago, few believed self-driving cars could happen yet they’re here. Will the same ... Security Strategy & Architecture
The Cryptographers’ Panel Whitfield Diffie , Moni Naor , Dr. Zulfikar Ramzan , Adi Song <p>Each year the founders and leaders of cryptography take to the RSA Conference keynote stage ... Cryptography
Spreading Application Security Ownership Across the Entire Organization Daniel Garcia , Liora Herman , Tanya Ramgattie <p>Application Security is a group sport. Three experts tackle how AppSec professional uses persuasion and ... DevSecOps & Application Security
Addressing Supply Chain Security Risks: MITRE's System of Trust™ Robert Martin <p>This session will discuss System of Trust (SoT), a supply chain security community effort defining, ... Risk Management & Governance Protecting Data & the Supply Chain Ecosystem
AI: Legal and Policy Considerations and Landmines to Avoid Behnam Dayanim <p>Data analytics is rapidly evolving into AI. Across industries, technologists and businesses are developing new ... Risk Management & Governance Law Machine Learning & Artificial Intelligence Policy & Government
BoF: Planning for PCI DSS version 4.0 John Elliott <p>PCI DSS version 4 contains over 50 new requirements and a new method of validation ... Risk Management & Governance
BoF: Preparing for CMMC Joy Belinda Beland <p>All roles and types of CMMC Preparation will be discussed: OSC's preparing to be assessed; ... Risk Management & Governance Protecting Data & the Supply Chain Ecosystem
Caterpillars to Butterflies: Transforming the Privacy Workforce Dylan Gilbert , Katharina Richards In today’s dynamic, data-driven environment, a skilled, knowledgeable, and collaborative workforce capable of managing privacy ... Privacy Professional Development & Personnel Management
CHRYSALIS: Age of the AI-Enhanced Threat Hunters & Forensicators Jess Garcia What does it take to Transform traditional Threat Hunters/Forensicators into AI-Enhanced ones so they can ... Machine Learning & Artificial Intelligence Open Source Tools
Cloud Security: How to Defend Healthcare Data in the Cloud Sai Middleton <p>Adopting a cloud platform can be tricky, especially for regulated industries like healthcare. This session ... Risk Management & Governance
Cloud Threat Gamification: Implementable Tabletop Exercises Jon-michael Brooks In cloud environments, identifying ongoing threats to an organization is complex. Evolving threats degrade control ... Hackers & Threats Security Strategy & Architecture
Confessions of a Sandbox: How AI is Disrupting Automated Threat Analysis Liviu Radu <p>Detecting today’s threats requires added capabilities like sandbox memory and network traffic scanning, driven by ...
Cybersecurity as a National Security Imperative Bobbie Stempfley , Jen Easterly , John Joyce <p>Cybersecurity has become a national security imperative, with recent incidents and ransomware attacks causing cascading ... Risk Management & Governance Policy & Government
Defeating Windows Anti-Exploit & Security Features with WHQL Kernel Drivers Arush Agarampur This session will look at critical design flaws of Microsoft Windows Hardware Quality Signed (WHQL) ... Hackers & Threats Security Strategy & Architecture
Face/Off: The Battle to Authenticate with Biometrics Mike Wu <p>Face/Off is a 1997 movie about cybersecurity. In it, John Travolta and Nicolas Cage swap ... Law Identity
Hacking Electronic Flight Bags Ken Munro <p>Electronic Flight Bags are typically tablets used by commercial pilots to compute take off power ... DevSecOps & Application Security
Incorporating Cyber Expertise in Corporate Governance: Gula Tech Foundation Cyndi Gula Please join our 4th Gula Tech Foundation awards ceremony in which Ron and Cyndi Gula ... Protecting Data & the Supply Chain Ecosystem Professional Development & Personnel Management
ISACs’ Critical Role in Increasing Regulatory Environment for Cybersecurity Denise Anderson , Suzie Squier , Peder Troy ISACs have a crucial role in helping companies ensure they have the proper programs and ... Risk Management & Governance
Know Your Environment…Better Than the Enemy Paul Suarez <p>As a US Secretary of Defense once said, “We know there are some things we ... Technology Infrastructure & Operations C-Suite View
Raise Your Game, Not Your Voice: Communicating and Storytelling for Impact Lisa Tschida <p>Attendees will be guided through a communication planning session specific to their department and organization’s ... Human Element Professional Development & Personnel Management
SANS Core NetWars Tournament v7 Jeff Mcjunkin <p>Unique and broad-ranging, Core NetWars Tournament is the gold standard for all-in-one cyber range training ... Technology Infrastructure & Operations Technology Infrastructure & Operations
Secure the Supply Chain: Hands-on Incident Response Workshop Keatron Evans <p>If there’s one thing people learned from 2021, it’s that supply chains need a major ... Protecting Data & the Supply Chain Ecosystem
Starting Your Own Women's Security Chapter Larci Robertson <p>No women’s or other inclusive cyber/ tech groups in your area? Want to start your ... Professional Development & Personnel Management
Supply Chain Cyber Readiness: Upping Your Game Christine Pelione , Michele Mcgee Modern companies must understand their suppliers’ cyber practices to accurately assess and manage their own ... Policy & Government
Targeted, Consolidated & Coordinated Services For Better Risk Reduction Robert Fink Work from home requirements, coupled with the “Great Resignation” of security workers, accelerated the adoption ... Security Strategy & Architecture
Users Are Not Stupid: Eight Cybersecurity Pitfalls Overturned Julie M. Haney Whether implementing security policy or developing products, it is critical for security teams to consider ... Human Element
What (Actually, Specifically) Makes Security Programs EVEN MORE Successful? Wade Nather <p>In last year’s RSAC keynote, this session presented high-level practices that measurably contribute to a ... Risk Management & Governance
Why Zero Trust Network Access is Broken, and How to Fix It Josh Ramachandran <p>People, applications, and data are everywhere, and the concept of work has been transformed from ... Machine Learning & Artificial Intelligence
A Proven Methodology to Secure the Budget You Need Jim Mirochnik <p>Securing the budget you require in a transforming world is more difficult than ever. This ... Risk Management & Governance Professional Development & Personnel Management
Attacking and Defending Kubernetes Cluster: Kubesploit vs KubiScan Eviatar Gerzi <p>Attackers are increasingly targeting Kubernetes clusters. Therefore, it is important to understand how they do ... Hackers & Threats Open Source Tools
Barbarians at the Gate: Policy Options for Combating Ransomware Attacks Frank j. Cilluffo , Dr. Catherine Lotrionte , Eric Painter Ransomware attacks have hit nearly every corner of the American economy. The Federal government has ... Protecting Data & the Supply Chain Ecosystem Policy & Government
BoF: Securing the Energy Transition Gib Sorebo <p>The move to renewable energy means a rethinking of how we generate and deliver energy. ... Technology Infrastructure & Operations
BoF: When Cyber and Physical Worlds Collide: Building a Converged Security Model John Mcclurg <p>BlackBerry CISO John McClurg will facilitate a conversation in which attendees draw from their experience ...
Continuous Security - Integrating Pipeline Security Vandana Verma Sehgal <p>In a world of continuous delivery and cloud native, boundaries between what an application and ... DevSecOps & Application Security Technology Infrastructure & Operations
Cyber and Modern Conflict: The Changing Face of Modern Warfare Niloofar Razi Howe <p>This riveting session brings the challenges of war and the impact that cyber is having ... Human Element Policy & Government
Designing a Data Ethics and Privacy Program for AI/ML Bret Cohen , Ilana Ross Companies are presented with increasingly complex legal, ethical and operational challenges when implementing algorithmic data ... Risk Management & Governance Law
Europe Gets its Identity Back Dr. Kim Nguyen , Dr. Norbert Pohlmann , Dr. Schlaeger <p>The open European ecosystem based on the eIDAS regulation creates a sovereign, secure and trustworthy ... Identity
EWF Sisterhood Chat: Cultivating Your Personal Board of Advisors Joyce Brocaglia , Nicole Darden Ford , Suzanne Tsamitis <p>Join Joyce Brocaglia, the CEO and Founder of the Executive Women’s Forum, as she leads ... Professional Development & Personnel Management
Hacking Her Cyber Career (H2C2) Mari Skelly <p>Join us for taste of our Cyberjutsu Tribes experience. Each interactive roundtable will explore short ... Professional Development & Personnel Management
IOT: Fix the Bugs That Leave Customers Inconvenienced, Stranded, or Dead Scott Register <p>IOT is everywhere. When it breaks, there’s trouble, and it’s extremely brittle. The systems-on-chip (SOC) ... Security Strategy & Architecture
Making the Leap: Transform from Techie to CISO/Infosec Leader Todd Fitzgerald <p>Congratulations, you have been offered a security leadership role in your company. Your success as ... Professional Development & Personnel Management
Malicious Uses of API Frameworks and Scanning Tools Jason Kent API spec frameworks like OpenAPI/Swagger provide organizations with a centralized location from which development and ... Hackers & Threats
MITRE ATT&CK - The Next Level Freddy Struse <p>The next level of the use of MITRE ATT&CK in an enterprise environment is what ... Technology Infrastructure & Operations
Reaching Gen Z: Cybersecurity Outreach with Viral TikTok & YouTube Content Kody Kinzie <p>Engaging the brightest minds of Gen Z is not easy, but viral content on social ... Human Element
Secure Supply Chain through Automation - with CSAF, VEX and SBOM Thomas C. Schmidt Current cyberthreats make clear that the supply chain needs to be secured. However, that is ... DevSecOps & Application Security Protecting Data & the Supply Chain Ecosystem
The Missing Supply Chain Link: A Safe Harbor for Risk Information Sharing Edna Schwartz <p>Seasoned public-private sector co-speakers will discuss the missing link in supply chain risk and a ... Protecting Data & the Supply Chain Ecosystem Risk Management & Governance Policy & Government
The Steps to Successfully Baking Privacy into an IAM Implementation Jamie Owen <p>With ever-increasing international laws and regulations relating to privacy, it is imperative for organizations to ... Privacy Identity
What Matters Most Bruce Schneier <p>Join renowned expert Bruce Schneier as he challenges convention and explores the latest issues facing ... Risk Management & Governance Hackers & Threats Machine Learning & Artificial Intelligence
Why Does Cyber Tech so Often Fail? Addressing the Cyber “Market for Lemons” Joe Hubback , Grace Cassy , Ciaran Rattray According to research published in October 2020, 90% of buyers say that the cybersecurity market ... Risk Management & Governance
Innovation, Ingenuity, and Inclusivity: The Future of Security is Now Vasu Jakkal <p>What lies ahead in cybersecurity is a brave new world – sophisticated threats, everything connected, ... Security Strategy & Architecture Identity
The Power of a Positive Mindset Jessica Long Jessica Long believes the only disability in life is a negative attitude. The power of ... Human Element
Backdoors & Breaches: Live Tabletop Exercise Demo Jason Strand Backdoors & Breaches is an incident response card game used by organizations around the world ...
Offensive Capture the Flag 101 - Guided Beginner CTF Irvin Lemus , Joseph Mlodzianowski , Rod Stibbards In this Dark Arts "Offensive" hands-on guided Capture the Flag (CTF) rendition, attendees will tackle ...
Anticipate and Defend Against Advanced Adversaries Targeting SaaS and IaaS Brian Vecci <p>Misconfigured API’s, over-exposed sensitive data, and shadow admins are just some of the SaaS security ... Hackers & Threats
BoF: Authoritative Reading: “Hall-of-Fame” Cybersecurity Books from your Library Helen Patton <p>Cutting through the noise to get to the information we need daily is no easy ... Human Element Professional Development & Personnel Management
BoF: Secure the Supply Chain: Hands-on Incident Response Workshop Keatron Evans <p>Join this interactive follow up session to listen and learn from Keatron Evans —join this ... Protecting Data & the Supply Chain Ecosystem
Botnets Don't Die: Resurrecting the Dead to Feed on the Living Aamir Muniz <p>This talk will show that with a bit of creative thinking, attendees can wake the ... Hackers & Threats
Catch Me If You Can: Protecting Mobile Subscriber Privacy in 5G Jean-louis Carrara <p>Mobile networks carry a virtual trace of user's lives as they unfold, constantly collecting and ... Privacy
Connecting the Dots: Identifying and Mitigating Synthetic Identity Fraud Michael Timoney <p>Synthetic identity fraud is a growing problem, with the industry struggling to identify, let alone ... Anti-Fraud Identity
Defeating Covert Foreign Influence While Protecting Free Expression Mary Brooks , Cmdr. Sanger Covert foreign influence is a dangerous challenge to democratic societies, but responding to it can ... Human Element Law
DLP: An Implementation Story Micah Brown <p>Data Loss Prevention (DLP) can be very challenging to implement! Its name can impose almost ... Risk Management & Governance Protecting Data & the Supply Chain Ecosystem
Evaluating Indicators as Composite Objects Joe Slowik Indicators are increasingly derided within Cyber Threat Intelligence (CTI) as insufficient for defense and analysis, ... Technology Infrastructure & Operations
Go Reverse-Engineering Workshop: Zero Knowledge Required Ivan Kwiatkowski <p>Many a reverse-engineer has cringed at the mere mention of Go malware? The days of ... Hackers & Threats
Importance of Cybersecurity Mesh Platform in Securing Digital Acceleration John Maddison <p>Digital Acceleration has caused many organizations to move first, ask how best to secure and ...
Opening the Valve on an Untapped Human Pipeline Ryan Kovar Sun Tzu once said, "If you want to work in cyber, you must first spend ... Human Element Professional Development & Personnel Management
Protecting Against Evolving Threats to Global Shipping Infrastructure Alan Dinerman , Suzanne Long American Petroleum Institute, MITRE and 1898 & Co. will detail how energy resource impacts the ... Technology Infrastructure & Operations
Put A Label on It! Protecting IoT by Empowering Consumers Andreas Kuehn , Katerina Megas , Ravi Tan IoT cybersecurity labels enable consumers to make risk-informed purchasing decisions. This wide-ranging panel will explore ... Policy & Government
Security Automation for DevOps at the Scale of Dell: A Real-Life Case Study Sam Sehgal The art of implementing DevSecOps at scale in an organization as large as Dell remains ... DevSecOps & Application Security Security Strategy & Architecture
Security Leadership: Influence without Authority Sarah Currey <p>This session will explore tangible ways that individual contributors can scale and enhance their company’s ... Professional Development & Personnel Management
Security Smackdown 2022 Sherron Burgess , Larry Whiteside Jr , Mary Kolodgy <p>In 2008 John Stewart (CSO, Cisco) defeated Mary Ann Davidson (CSO, Oracle) and Charles Kolodgy ... C-Suite View
Shift-left! Scanning for Security Compliance from Day Zero Rohit Mccrea Migrating to public cloud introduces new attack surfaces commonly the exploitation of misconfigured resources. In ... DevSecOps & Application Security
Social Engineering War Games Erin Rivner Social engineering attacks are on the rise and increasing in sophistication. Cases of victims wiring ... Human Element Anti-Fraud Identity
Strategically Using Offensive Litigation to Promote Information Security Christopher Ott More and more, companies are making public lawsuits out of their private fights against information ... Risk Management & Governance Hackers & Threats Law
The Four Dimensions of Building a Security Program Andy Ellis <p>What's the next investment? Looking to understand whether the time and energy is spent on ... Risk Management & Governance Security Strategy & Architecture C-Suite View
Tube - A Reverse SOCKS Proxy for Embedded Systems and Offensive Operations Evan Anderson <p>How are attackers taking advantage of embedded systems? In this session the presenter will use ... Hackers & Threats Open Source Tools
Voice Authentication: Robinhood and Pindrop’s Innovative Methodology Nicole Kapadia <p>Robinhood and Pindrop will demonstrate an entirely new method of authentication via voice to improve ...
Words & Actions Matter: Leading as a Change Agent Michael Cunningham , Betty Kirkland <p>CISOs are recognized as technology change agents…but, in the words of one of our keynoters, ... Professional Development & Personnel Management C-Suite View
Adaptive Assurance: Implementing an Automated Control Testing Program David Gross <p>In a world of privacy concerns, customers demand greater assurance for their data. How can ... DevSecOps & Application Security Privacy
Being Open to a Zero Trust Future Chris Meenan Our IT and security landscape is getting more complex, federated and traditional controls are becoming ... Technology Infrastructure & Operations
BoF: Mid-Size Focus: Getting Started with Zero Trust for Remote & On-Prem Users Jennifer Minella <p>A focused peer conversation on how mid-size organizations are getting started with zero trust for ... Technology Infrastructure & Operations Identity
BoF: Security Metrics: Quantifying the Progress and Success of Your Program Ben Smith <p>How do you measure the unmeasurable? Security metrics sit at the intersection of cybersecurity and ... Risk Management & Governance
Business Information Security Officer: A Cybersecurity Secret Weapon Nicole Dove <p>The Business Information Security Officer is an exciting, emerging role in the cybersecurity industry, but ... C-Suite View Innovation & Startups
CI/CD: Top 10 Security Risks Omer Krivelevich <p>Rooted in research done by cross-referencing and analyzing some of the most notorious CI/CD security ... DevSecOps & Application Security Protecting Data & the Supply Chain Ecosystem Hackers & Threats
Conti Playbook: Infiltrate the Most Profitable Ransomware Gang Tom D’aquino , Fabien Sarkar <p>Last September a disgruntled affiliate exposed one of the most infamous ransomware gangs in operation: ... Technology Infrastructure & Operations Machine Learning & Artificial Intelligence
Cyber Civil Defense: A Coalition to Protect our Digital Future Vivian Schiller , Craig Todt These times of heightened risk demand a new approach to ensuring all sectors of society ... Security Strategy & Architecture Policy & Government
DANGER! Tips for Dealing with a Panicked C-suite During a Ransomware Event. Carol Vasko When a ransomware event occurs, you better know how to communicate well with stressed brains. ... Risk Management & Governance Human Element C-Suite View
Digital Trust & Cybersecurity 2025: A Call for Openness & Interoperability David Mahdi <p>With the volume of digital identities growing exponentially, businesses need a modern approach to secure ... Identity
Dissecting The Ransomware Kill Chain: Why Companies Need It Kurtis Webster-jacobsen This session will explain the best way to defend against ransomware: “The Ransomware Kill Chain.” ... Risk Management & Governance
Hydra Marketplace: Where Crypto Money Laundering Trail Goes Cold Ian Gray , Vlad Cuiujuclu , Kimberly Toth-czifra Hydra, a drug-focused marketplace active in the countries of the former Soviet Union, is the ... Hackers & Threats Anti-Fraud
Pain in the Apps — Three Attack Scenarios Attackers Are Using to PWN SaaS Matt Radolec Due to the increase in cloud-based attacks, we picked three devastating and evasive real-world scenarios ... DevSecOps & Application Security Hackers & Threats
Practical Learnings for Threat Hunting and Improving Your Security Posture Simon Payne <p>Understanding the threat landscape is crucial to managing a security posture. In this session, hear ...
Protecting Our Democracy and the 2022 Midterm Campaigns Michael Kaiser , Ethan Chumley , Grace Starzak Protecting campaigns, the heart of democratic political systems, is a critical cybersecurity priority. In this ... Policy & Government
Protecting Traditional and Blockchain Virtual Economies Adrian Bednarek Blockchain based virtual economies have created a target rich environment with very high value assets ... Hackers & Threats
Ransomware Reality Checklist: 5 Ways to Prevent an Attack John Fokker <p>Learn from leading global cybercrime experts the five top practical recommendations to mitigate the threat ... Risk Management & Governance Hackers & Threats
Shining a Light on Shadow IT Bret Frederickson <p>Managing unknown and unmanaged Shadow IT services and apps is a big risk. Gartner predicts ... Risk Management & Governance C-Suite View
The Cyber Physical War – Lessons From the Digital Front Line Ian Bramson <p>The cyber-physical world is the new battleground for criminals and industrial organizations, especially those within ... Technology Infrastructure & Operations
The Defense Industrial Base, CMMC, the False Claims Act, and Insider Threat Joy Belinda Beland , Ryan Delaney <p>In 2019, two cases brought against Defense Industrial Base (DIB) vendors under the False Claims ... Law
The Many Faces of Identity Charles Perlman <p>There are many challenges to identity. How do things get names? How do other things ... Identity
The Supply Chain is Broken: The Case of BLUEMONDAY & How To Own Everything Ken Pyle This session will outline the multi-vendor exploit series covered in CERT Case #667789 (and possibly ... Technology Infrastructure & Operations Protecting Data & the Supply Chain Ecosystem
Adaptively Fingerprinting Users/Applications at Scale with GPU Acceleration Rachel Allen , Gorkem Chakraborty The massive scale, dimensionality, and heterogeneity of user application data requires an adaptive approach to ... DevSecOps & Application Security Machine Learning & Artificial Intelligence Open Source Tools
Staying Secure in Today’s High-stakes World Fernando Madureira , Chris Tango <p>We are in a new era of cyberattacks with massive social, business & geopolitical consequences. ... Security Strategy & Architecture
Security’s Dirty Little Secret: The Conservation of Complexity Manny Rivelo <p>Security is in a vicious cycle of incrementalism. Breach, fix. New attack, new product. Rinse, ... Security Strategy & Architecture
The Five Most Dangerous New Attack Techniques Ed Skoudis , Rob T. Lee , Heather Mahalik , Katie Ullrich <p>Each year at RSA Conference, SANS provides the authoritative briefing on the most dangerous new ... Hackers & Threats
Cybersupply Chain Security—Powering Resources to Mitigate Risk Christine Horwege , Tony Eddleman , Shari Rai Supply chain security risks are rapidly evolving threats and a growing concern within the critical ... Technology Infrastructure & Operations Protecting Data & the Supply Chain Ecosystem
AI, ML and the Gig Economy — the Only Path Forward for the SOC Gunter Ollmann <p>An exploding attack surface, burnout, and a critical talent shortage have pushed the SOC to ...
All Hands on Deck: A Whole-of-Society Approach for Cybersecurity Abhilasha Bhargav-spantzel , Tom Garrison , Aanchal Janosek <p>The future of cybersecurity demands “All Hands on Deck”. This panel will discuss the impactful ... Security Strategy & Architecture
Are You Sure You’re Doing That Right? A Mock Hearing Hoyt Ii , Hon. Laurel Beeler , Cmdr. Robin Crabtree , Julie Teppler <p>Supply chain issues are the current rage, but there hasn’t been much conversation about the ... Protecting Data & the Supply Chain Ecosystem Law
BoF: NIST Cybersecurity Framework Update Cherilyn Pascoe <p>Come and share your feedback on the NIST Cybersecurity Framework, widely used to manage cybersecurity ... Risk Management & Governance Technology Infrastructure & Operations Protecting Data & the Supply Chain Ecosystem
BoF: The Supply Chain is Broken: The Case of BLUEMONDAY & How To Own Everything Ken Pyle <p>Join this interactive follow up session to listen and learn from Ken Pyle —join this ... DevSecOps & Application Security Protecting Data & the Supply Chain Ecosystem Technology Infrastructure & Operations
Building Trust in a Zero-Trust World to Confront Tomorrow’s Cyber Threats Niloofar Razi Howe , Jen Easterly , Kevin Ramakrishna <p>It’s been 18 months since the SolarWinds cyber breach was detected. Since then, there’s been ... Security Strategy & Architecture Policy & Government
Can A Real Security Platform Please Stand Up? Petko Stoyanov <p>The security industry is at a breaking point. The endless conga line of technologies it’s ... Security Strategy & Architecture
CHERNOVITE and PIPEDREAM: Understanding the Latest Evolution of ICS Malware Ben Miller <p>CHERNOVITE is a threat activity group who built a toolset tailored to disrupt a broad ... Technology Infrastructure & Operations
Conducting Cyber Due Diligence Steve Black <p>In a proposed merger, management needs to know about all the risks, including the risks ... Risk Management & Governance Law C-Suite View
Cyber Threats to the Aerospace Ecosystem Steve Scarbrough <p>Join Stephen “Scribbs” Scarbrough for an interactive discussion about vulnerable critical infrastructure components at airports ... Technology Infrastructure & Operations
Human Security Engineering: Stopping User Initiated Loss Tracy Winkler <p>A common solution to user error is awareness, but we need to fix the system ... Human Element
Knowing The Robocallers: Illegal Call Centers And Efforts To Stop Them Josh Warner Illegal call centers and the scams they operate can be monitored and evaluated by collecting ... Anti-Fraud
Maximizing Our Cyber Non-Profits Tony Todt <p>Cybersecurity non-profit organizations are essential but under-appreciated resources improving cyber-defense for every enterprise and for ... Risk Management & Governance Human Element
Open for Business: How to Build a Security Program as the First CISO Olivia Rose <p>The first 90 days of a CISO's tenure are tough. Even tougher for an incoming ... C-Suite View Innovation & Startups
Open XDR: A Strategy for Evolving Security Needs Rakesh Shah <p>Businesses need an integrated approach to address the challenges of siloed defenses and a complex ... Technology Infrastructure & Operations
Risk Management: Hindsight is 2020 J. Wolfgang Goerlich <p>Risk is measured and modeled. Practitioners prioritize security and communicate concerns using risk. But do ... Risk Management & Governance Human Element
Security Threat Modeling Michael Romeo <p>Threat modeling – everyone from security teams to CISOs wants to ingrain it across the ... DevSecOps & Application Security DevSecOps & Application Security Security Strategy & Architecture
Security's Holy Grail: Predicting Attacks Before They Happen Wade Fly By leveraging existing data on employees’ past security decisions, teams can create a picture of ... Human Element
Site Reliability Engineering and the Security Team They Love Aaron Wickett <p>Site Reliability Engineering (SRE) is here to stay, and security can work with them. Using ... DevSecOps & Application Security Professional Development & Personnel Management
Solving the Identity Security Crisis: A Guide to Today’s Top Threats Kimberly Singh <p>As the security industry battles the ever changing threat landscape, communication and knowledge sharing among ... Identity
The Cloud Gray Zone: Vulnerabilities Found in Azure Built-in VM Agents Nir Tamari This talk will expose a new risk for cloud users that relates to software being ...
The Road to Adversary Engagement: Get Your Organization from 0 to 88 MPH Stanley Barr , Maretta Morovitz , J.r. Rogers Collaboration across the public and private sector is crucial to defend against adversaries. Join MITRE, ... Policy & Government
The SaaS RootKit: A New Attack Vector for Hidden Forwarding Rules in O365 Maor Bin <p>Researchers detected a new SaaS vulnerability within Microsoft’s OAuth application registration. Through this vulnerability, anyone ... Hackers & Threats
The State of Application Protection 2022 Sander Vinberg <p>Join for a presentation of the 5th annual Application Protection report from the F5 Labs ... DevSecOps & Application Security
Are Data Localization Policies a Looming Disaster for Cybersecurity? Edna M. Conway , John Miller , Danielle Swire As a wave of policy measures seeking to force the localization of data sweeps the ... Policy & Government
BoF: Implementing and Maintaining Devsecops Infrastructure at Large Enterprises Prateek Mishra <p>For large enterprises with many development groups it is challenging to creating a DevSecOps infrastructure ... DevSecOps & Application Security
BoF: The SaaS RootKit: A New Attack Vector for Hidden Forwarding Rules in O365 Maor Bin <p>Join this interactive follow up session to listen and learn from Maor Bin —join this ... Hackers & Threats Human Element
How a Musician Used Sheet Music Encryption to Help Soviet Defectors Britta Goldberg <p>Join Dr. Merryl Goldberg as she shares her story of sneaking information into the Soviet ... Human Element
How to Introduce “Enterprise-Grade” Security at a Startup Daniel Trauner <p>As the first member of the dedicated security team at a rapidly-growing startup, what should ... Security Strategy & Architecture Risk Management & Governance
M365 Threat Hunting—How to Understand Attacker's TTPs in Your Tenant Aaron Turner <p>Microsoft 365 is ubiquitous now, but very few security teams have the resources necessary to ... Technology Infrastructure & Operations
Machine Learning to Ultimately Defeat Advanced Ransomware Threats Vladimir Ulasen This session will offer deep insight into advanced ransomware threats that use arbitrary user or ... Hackers & Threats Machine Learning & Artificial Intelligence
Managing De-Centralized Identities: A Relying Party Perspective George Fletcher <p>As the groundswell around the Self-Sovereign Identity (SSI) movement grows, it's important to consider what ... Identity
Modernizing Cybersecurity Through a Single Solution Approach Craig Khan <p>In 2021, ransomware attacks increased in triple-digit percentages. Cyber criminals are getting more and more ... Security Strategy & Architecture
Multifaceted Extortion: Insider Look at Ransom Payments and Cyber Defense Nick Wong <p>This session will share lessons learned, through a combination of hard data and anecdotal stories, ... Risk Management & Governance
Open Source: Enterprise Adoption and Overcoming Barriers Kelley Misata , Ted Ipsen , Srinath Manev <p>In some cases, open source security tools can be better than their commercial counterparts. But ... Open Source Tools
PCI DSS 4.0: Evolution, Revolution, or an Omen of Extinction? John Elliott <p>PCI DSS is one of the most followed security standards in the world. Is version ... Risk Management & Governance
Product Security at Scale: Lessons from Comcast Sandra Cavazos Product security programs are intense; running a successful program at a large-scale organization like Comcast ... DevSecOps & Application Security
Protect Valuable Data as Employee Turnover Rages Joe Payne <p>Employee turnover is the biggest threat to any organization's IP. Nearly 60% of employees move ...
Service Mess to Service Mesh Rob Richardson In the quest to secure all the things, do practitioners jump in too quickly? This ... DevSecOps & Application Security
State of the Hacks: NSA’s Perspectives Robert E. Joyce <p>We're at an inflection point, and as the threats evolve, so must the community. Hardening ... Hackers & Threats
The 2 Sides of Social Media: Organizational Risk and Cyber Intelligence Lester Godsey <p>Organizations cannot afford to ignore the impact of social media, both from a cyber and ... Human Element
Time is Running Out: Post Quantum Cryptography Call to Action SAFECode/NIST Janet Jones , Judith Furlong , Souheil Moody Quantum computing advancements are rapidly developing. Modern cryptography currently being used for security is vulnerable ... Technology Infrastructure & Operations
Too Much of Good Thing? The Cost of Overusing Encryption Karen Reinhardt In response to threats to confidentiality presented by the current threat landscape, many cybersecurity experts ... Technology Infrastructure & Operations Protecting Data & the Supply Chain Ecosystem
Use the Force Luke: Harnessing Shodan to Hunt for Threats to ICS Systems Dan Mathis Many analysts view Shodan as a tool used by red teamers and penetration testers to ... Technology Infrastructure & Operations
Web Application Hacking 101 Joseph Mlodzianowski , Lee Mcwhorter , Marco Soto <p>This course will walk you through different exercises related to hacking various web applications. With ... Hackers & Threats
What Will it Take to Stop Ransomware? Mark Bowling <p>Ransomware has become an advanced extortionate threat. While ransomware gangs enjoy record high profits, criminal ... Risk Management & Governance Policy & Government
The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack Jossef Yalon <p>While commercial supply chain attacks are becoming more manageable, security teams have a much harder ... DevSecOps & Application Security Protecting Data & the Supply Chain Ecosystem Open Source Tools
Strengthening Security in the Era of Digital Transformation Gary Steele <p>Digital transformation helped organizations reach new benefits…but not without new pains. The threat landscape is ... Protecting Data & the Supply Chain Ecosystem Hackers & Threats Security Strategy & Architecture
Crossing the Rubicon Jake Wood <p>Jake Wood will take you on his journey from college football's largest stadiums, to the ... Professional Development & Personnel Management C-Suite View
A Practical Framework to Hack the Cyber Workforce Talent Gap Teresa Todt <p>Come learn some of the real issues behind the cyber skills gap and get an ... Professional Development & Personnel Management
BoF: Counterintelligence: Combatting State-Sponsored Threats Anthony Rogers <p>This discussion is intended to provide some best practices in countering the threat posed by ... Human Element
BoF: When a Medical Device Gets Connected, What Does It Mean for Us? Henry Tan <p>While the community is still grappling with how to adequately secure IoT or consumer connected ... Hackers & Threats Policy & Government
Can the Workforce Shortage Be Fixed? Clar Rosso <p>The cybersecurity profession must grow by 65% —or 2.72 million people globally—to keep pace with ... Professional Development & Personnel Management
CANCELLED Not Your Grandfather's GRC Sudhanshu Kairab <p>The new decade demands graduation to a new school of GRC, one which doesn’t just ... Risk Management & Governance
Container Security from the Lens of NIST Cybersecurity Framework Birat Ramamoorthy <p>As enterprises migrate to containerized workload and adopt container technologies as the de facto standard ...
Cyber Defense Matrix Learning Lab Jasmine Henry , Helen Yu <p>The Cyber Defense Matrix (CDM) helps practitioners organize their overall security program. This Learning Lab ... Security Strategy & Architecture C-Suite View
Expect More: Realizing the True Impact of Your Intelligence Program Stu Solomon <p>In our hyper-distributed world, where the attack surface is infinite, intelligence is the difference between ...
How Tamper Resistant Elements (TREs) Can Secure the IoT Jean-louis Carrara Addressing security and privacy vulnerabilities in the IoT is an urgent priority, reflected by growing ...
Leveraging Crowd-Forecasting to Improve Our Understanding of Cybersecurity Mary Rosenzweig Can we crowdsource our way toward a better cybersecurity industry? While prediction platforms are growing ... Risk Management & Governance Policy & Government
Operationalizing Identity: IAM for Customer Service Arynn Crow Biometrics, account recovery, and fraud: do these words come to mind when people think of ... Identity
Power of DNS as an Added Defense Against Modern Attacks Artsiom Holub Cybercriminals became highly sophisticated in how they attack networks. This session will explore the fundamentals ... Technology Infrastructure & Operations
Privacy Standards in the Context of Information Security Abhishek Agarwal , Katharina Cortes <p>Significant developments of privacy standards by ISO/EC, NIST, or the European CEN-CENELEC aim at supporting ... Privacy
Protective DNS, DNS Encryption, & Zero-Trust: Tackling NSA Guidance Steve Staden <p>This session will discuss CISA and the NSA’s PDNS guidance. In 2021, experts made multiple ... Policy & Government
Representation Matters Chloé Messdaghi <p>Less than 20% of marginalized persons hold leadership positions in tech and security. It's time ... Professional Development & Personnel Management
RSAC 2022 College Day Sponsor Panel Elena Kvochko , Cecilia Marinier , Rob Duhart Jr. , Ingrid Jones , Neal Shostack <p>With digital connectivity comes vulnerability. As a result, the demand for a talented workforce that ... Professional Development & Personnel Management
The Privacy and Blockchain Paradox Jim Schu If an organization is interested in deploying blockchain, smart contracts, or tokens, professionals must understand ... Risk Management & Governance Privacy Identity
Top 10 Privacy Risks in Web Applications Florian Stahl <p>In times of CCPA and GDPR, technical privacy and privacy by design becomes increasingly important ... DevSecOps & Application Security Privacy
What To Do When Ransomware Hits: Simulation for CEOs, CISOs and Directors Glenn Gerstell , Preston Golson , Robert Spaulding <p>Current CISO, board members, and former top federal cyber officials “role play” a board of ... Risk Management & Governance C-Suite View
Zero to Full Domain Administrator: Real-World Ransomware Incident Joseph Carson <p>Following in the footsteps of an attacker and uncovering their digital footprints, this session will ... Hackers & Threats
BoF: Driving Deception with Adversary Behaviors Maretta Morovitz <p>As adversaries interact with the environment, they reveal their own behavioral weaknesses. These weaknesses can ... Hackers & Threats
BoF: Non Personal Data: The Next Frontier of Data Regulation is Here John Miller <p>Policymakers globally are increasingly focusing regulatory efforts beyond personal data, including to establish data or ... Protecting Data & the Supply Chain Ecosystem Professional Development & Personnel Management
Code Blue! Medical Devices Under Attack Philippe Mckee Hospitals are under attack. Crippled networks. Patients turned away. Ransomware gangs won’t hesitate to target ... Hackers & Threats
Combatting Cybercrime & Fraud with Threat Intelligence Matthew Yang <p>Fraudulent activity is often supported with hundreds of “e-commerce” websites and domains, usually managed by ... Anti-Fraud
Creating and Managing an Integrated Behavioral Cybersecurity Program Ira Winkler <p>Behavioral cybersecurity aims to not only improve and measure employee behaviors, but also improve customer ... Human Element
Dangerous: Critical Conversations About CISA’s “Bad Practices” Donald Corman <p>CISA’s “Bad Practices” aims to drive out common-but-dangerous practices that risk national critical functions. With ... Risk Management & Governance Technology Infrastructure & Operations Policy & Government
Defending Against New Phishing Attacks that Abuse OAuth Authorization Flows Jenko Hwong <p>Users are prompted to login at the real Microsoft login page, real domain, real cert, ... Hackers & Threats Identity
Hacking Exposed: Next-Generation Tactics, Techniques and Procedures George Sentonas <p>This session will highlight upticks in ransomware and supply chain attacks, with the latest trends ... Hackers & Threats
It's Getting Real & Hitting the Fan! Real World Cloud Attacks Ofer Maor <p>Cloud attacks are getting real and hitting the fan! In the past year we’ve led ... Hackers & Threats
Job Search 2022: Resume Review Workshop Cecilia Marinier <p>Human resource representatives from leading companies representing diverse fields from defense contractors to retail to ... Professional Development & Personnel Management
Lessons from Aviation: Building a Just Culture in Cybersecurity John Elliott <p>Airlines don’t “do safety”, they are safe. This wasn’t always the case. By accepting that ... Risk Management & Governance Human Element
Leveraging AI & Deep Learning in the Battle against Zero Day Cyber Attacks Itai Greenberg <p>Cyberattacks are becoming more sophisticated making them more difficult to prevent. The evolution of malware, ...
Measuring the ROI of Network Security Automation John Moran As enterprise networks become more complex and fragmented, the attack surface expands, and network management ...
Preparation for OT Incident Response Lesley Carhart <p>While many industrial firms have a plan in place for how to deal with an ...
Securing the Supply Chain: What Does Compliance Look Like? Justin Topkis <p>As companies continue to streamline operations internally along with vendors in their third-party supply chain, ...
Shift-left: Top 10 Most Disruptive Ideas of Modern Cloud Security Nico Popp All the pundits agree: shift-left is the future of cloud security. But what does it ... DevSecOps & Application Security
The Time is Now: Criticality of Time Synchronization & Information Security Ben Rothke <p>Organizations rely on the server clocks for time stamping. But don’t assume the time is ... Technology Infrastructure & Operations
Trust, but Verify: Protecting Your Business from Supply Chain Attacks Ron Bushar , Arve Kjoelen , Elvis Vorndran This joint Mandiant-FBI panel will demonstrate the great things that can happen when industry and ... Protecting Data & the Supply Chain Ecosystem
Uncovering “BadAlloc” Memory Vulnerabilities in Millions of IoT Devices Tamir Ben-bassat Microsoft uncovered critical RCE vulnerabilities covering 25+ CVEs across a range of IoT devices, from ... Hackers & Threats Technology Infrastructure & Operations
What Executives Need to Know About CI/CD Pipelines and Supply Chain Security Dan Cornell <p>Developer pipelines expose complicated and often uncharted attack surfaces. This talk will provide security professionals ... DevSecOps & Application Security Risk Management & Governance
Your Control System is Hacked! Now What? Interactive Tabletop Exercise Jennifer Vannorman <p>The manufacturing facility was running just fine until an unfamiliar message popped up on the ... Technology Infrastructure & Operations
“Connecting the Dots” of NIST 800-207, TIC 3.0, and More Using SAFE Chad Mitchell Many companies do not know where to start with Zero Trust (NIST 800-207), TIC 3.0, ... Security Strategy & Architecture Risk Management & Governance
Bingo! 10 Security Standards in 2022 You Can’t Live Without Bret Paine <p>This session will cover the most important, interesting and impactful technical standards, hot off the ... DevSecOps & Application Security Risk Management & Governance Technology Infrastructure & Operations
BoF: Cyber Vulnerability Testing and Coordinated Vulnerability Disclosure Cheri Caddy <p>Finding vulnerabilities is easy. Addressing them - notifying vendors, developing mitigations, and getting actionable information ... DevSecOps & Application Security Hackers & Threats
BoF: Inform & Engage Your Audience with Data-Driven Storytelling Wade Baker <p>The cybersecurity vendor landscape is crowded. There's increasing pressure to elevate brand visibility, differentiate products, ... Protecting Data & the Supply Chain Ecosystem C-Suite View
Can AppSec Be Fixed? Brook S.e. Schoenfield <p>Against the backdrop of an increasing cadence of compromise, developers cannot afford to continue to ... DevSecOps & Application Security
Can You Hear Me Now? Security Implications of Voice as the New Keyboard Dr. Chris Lee , Jeremy Grant <p>Use of voice as a biometric identifier or as a virtual keyboard is growing. While ... Machine Learning & Artificial Intelligence Identity
Cybersecurity: What role do you play? Tom Conkle , Joy Belinda Beland , Brett Nutting <p>As organizations continue to realize the benefits of transitioning to the cloud, many don’t fully ...
Due Diligence in the Time of Ransomware Michael Stifel <p>When hit with ransomware, organizations must decide whether to pay or not. Such decisions may ... Risk Management & Governance Policy & Government
Eat Your Vegetables: Using Parenting Skills To Run A Security Program Helen Williams <p>Following rules and frameworks is sometimes not enough. This session will use examples from security ... Professional Development & Personnel Management
Epic Journey of an Enterprise Cloud Transformation While Building Security Helen Oakley This talk will deliver two different real-life examples of an enterprise cloud transformation with emphasis ... Security Strategy & Architecture
Extend EDR Visibility by Logging Everything: Demo with Free Integrations Adam Hogan <p>Endpoint Detection and Response technology have changed how security teams investigate incidents by increasing the ...
Firmware Analysis Challenges in Modern IP-Based Surveillance Technologies Andrea Palanca This presentation will discuss the reason why having unfettered access to a device is essential ... Technology Infrastructure & Operations
How Fraudsters Scale Payment System Attacks Mike Lemberger Threat actors have been taking advantage of vulnerabilities in the payments threat landscape. With the ... Hackers & Threats Anti-Fraud
Is Your Passwordless Really Passwordless? How to Tell and Why It Matters Tim Callan <p>With the rising interest in passwordless authentication, confusion still exists about which technology approaches are ... Identity
It’s Not About Awareness. It’s About Managing Human Risk. Alex East <p>Instead of applying more training or reacting to incidents, human risk management seeks to understand ... Human Element C-Suite View
New Way of Tackling Privacy Assessments Dr. Lisa Mckee Recent changes have increased the need for and awareness of privacy assessments. Organizations focus on ... DevSecOps & Application Security Privacy
Proofs Without Evidence: Assurance on the Blockchain and Other Applications Dan Boneh , Dave Wahby <p>Zero-Knowledge proofs are a privacy enhancing technology that enable one entity to demonstrate to another ... Privacy Technology Infrastructure & Operations
Searching for the Grail: Zero Trust Cryptographic Keys & Services Karen Reinhardt <p>In today’s world of remote workers, ever-increasing cyber threats, and eroding perimeters, managing and coordinating ...
The Marie Kondo Approach to Security Bob Thompson <p>Can security decisions really “spark joy”? Well-traveled CISO Bob Lord would argue yes, and that ... Security Strategy & Architecture C-Suite View
The Non-Social Distanced Reality of the Internet of Things Rachel Daigle IoT devices are regularly “touched” by a large number of remote hosts. However, many have ...
Are You Up to the Challenge? Join the AppSec CTF Eden Stroet <p>Have you always wanted to try a capture the flag challenge? Well now's your chance! ...
Better Bug Bounties? Lessons on Disclosure of Security Vulns v. AI Harms Joshua Kenway <p>This session will cover findings of recent, design-oriented research from the Algorithmic Justice League on ... Human Element Machine Learning & Artificial Intelligence
BoF: New Way of Tackling Privacy Assessments Dr. Lisa Mckee <p>Join this interactive follow up session to listen and learn from Dr. Lisa McKee—join this ... DevSecOps & Application Security Risk Management & Governance Privacy
BoF: Overcoming Technical Challenges When Searching for Advanced Attack Artefact Aaron Turner <p>Join this small group discussion for an in-depth conversation about how security teams need to ... Protecting Data & the Supply Chain Ecosystem
Build and Lead an Effective Security Program: 7 Key Factors, 13 Activities Todd Fitzgerald <p>How do CISOs know if their security programs are effective? This session combines the well-respected ... Professional Development & Personnel Management C-Suite View
Building a Cloud-Based Pentesting Platform Phillip Wylie <p>Often offensive cybersecurity professionals require a way to perform external pentesting of Internet facing targets. ... DevSecOps & Application Security
Can You Handle The Truth? Lawyers Can Be CyberPro's Best Friend Ted Inskeep Laws define today's "best practices" in cybersecurity. The best security tool is not enough unless ... Risk Management & Governance C-Suite View
CANCELLED The Executive’s Playbook for Ransomware Recovery John Beers <p>Despite best-laid plans, ransomware plagues us all. Distilled from the experience of managing thousands of ... Risk Management & Governance
CloudTrail Logging Internals: Investigating AWS Security Incidents Omer Gull <p>Join this session to learn about an investigation methodology for AWS control plane security incidents ...
CMMC Ch-Ch-Changes: Turn and Face the Revised Cybersecurity Maturity Model Michael Baker , Lauren C. Williams , Dr. Kelly Fletcher , Stacy Travis <p>The Cybersecurity Maturity Model Certification (CMMC) program has changed. CMMC Accreditation Body CEO Matthew Travis, ... Protecting Data & the Supply Chain Ecosystem Policy & Government
Cybersecurity Strategic Activity, Recent Trends & Predictions Dino Boukouris <p>The past year was a year of incredible challenges, innovation, and growth, especially in cybersecurity. ...
Demystifying the Identity Capabilities of AWS for Enterprise Practitioners Jon Lehtinen Solving for identity on AWS is not always inviting for practitioners who have to pick ... Identity
Digital Transformation Requires a Security Transformation James Singh <p>Many security leaders struggle to understand what is expected of them as the business landscape ... Professional Development & Personnel Management C-Suite View
EXPOSURE: The 3rd Annual RSAC SOC Report Jessica Bair Oppenheimer , Steve Glover <p>In this session, we will share our experience monitoring the RSAC wireless network this week, ...
How to Secure Private 5G Networks Srinivasan Balasubramanian <p>This session provides critical guidance on how a private cellular wireless network can be architected ... Technology Infrastructure & Operations
Leveraging Issues Management as a Force Multiplier in Cybersecurity Ryan Reid Tackling issues management as a flagship element of governance, risk, and compliance program implementation can ... Risk Management & Governance
Protect Customers: Elevate Web Application Security Siddhesh Yawalkar <p>With a surge in client side attacks on the web, enterprises are inadequately equipped at ... DevSecOps & Application Security Protecting Data & the Supply Chain Ecosystem Hackers & Threats
Stop Being Sitting Cyber Ducks! Adversary Engagement: the New Cyber-Defense Stanley Barr , Dan Brett , Patrick Yang Passive approaches to cybersecurity are failing, with breaches continuing daily. This session will explore using ... Policy & Government
Taming Identity Sprawl to Close the Cybersecurity Exposure Gap Larry Chinski <p>Identity sprawl is real. Human, machine, and other identities have recently doubled. A PAM solution ...
The Rise of API Security: It’s 10pm—Do You Know Where Your APIs are? Mitch Kirsch <p>APIs are the lifeblood of the cloud and app-based economies. A compromised API can prove ...
Token Theft: Hip Kids Are Doing It. Now What Are We Going to Do About It? Anna Weinert <p>Token theft doesn’t care about MFA or access rules. Malware steals authentication artifacts and gives ... Hackers & Threats Identity
Transform and Optimize Your Infosec Team with Managed Security Solutions Adam Burns <p>Security stacks have expanded over the years, rare is it that organizations reduce the number ...
xGitGuard: ML-Based Secret Scanner for GitHub Bahman Rashidi Publicly leaked internal secrets of an organization can be exposed to secret harvesting and potential ... Machine Learning & Artificial Intelligence Open Source Tools
A Data Faustian Bargain?: An Analysis of Government-Mandated Data Access Andrea Little Limbago <p>In exchange for market access, organizations are increasingly obliged to turn over data to foreign ... Risk Management & Governance Policy & Government
Another Lock? More Barbwire? It’s Time to Reimagine Modern Access Security Nitika Prakash <p>Pervasive digital transformation, hybrid work, and multicloud reshaped access security. Millions of access decisions happen ...
Atomic Red Team: Where Adversary Emulation and EDR Testing Meet Adam Mashinchi <p>This talk will review Atomic Red Team™, a library of simple, focused tests mapped to ... Open Source Tools
BoF: IOCs in your APIs - How to Find the Attacks Jason Kent <p>Been having problems with Account Take Overs or other types of Automated Attacks in APIs? ... DevSecOps & Application Security Machine Learning & Artificial Intelligence Hackers & Threats
BoF: xGitGuard: ML-Based Secret Scanner for GitHub Bahman Rashidi <p>Join this interactive follow up session to listen and learn from Bahman Rashidi—join this session ... Hackers & Threats Machine Learning & Artificial Intelligence Open Source Tools
BTC as an IOC: Inside the Largest Ever Ransomware Funds Seizure Ryan Frampton , Carlton Koven <p>The landmark NetWalker case heralded a year of unprecedented action against ransomware. The case team ...
Cyber Insurance is Changing Cybersecurity: How We Got Here and What’s Next? Theresa Le , Kirsten Bay , Kyle Schneider Cyber insurance premiums, and the barriers to entry for businesses to get coverage, are rising ... Risk Management & Governance C-Suite View
Cyber Resiliency Through Firmware Protections & Supply Chain Security Eric Sivertson To protect the supply chain, new technologies and capabilities are required. The U.S. released the ... Technology Infrastructure & Operations Protecting Data & the Supply Chain Ecosystem
Deconstructive Take-Over of Mitsubishi Electric Ecosystems Mars Cheng <p>This talk will focus on Mitsubishi ICS ecosystem’s communication protocol and show how researchers successfully ... Hackers & Threats Technology Infrastructure & Operations Identity
Defending Security is Probabilistic, Not Deterministic: Get Over It Dr. Schwartau <strong>"Is It Secure?” (No.)</strong> For almost 60 years, recurring questions have beset our industry: <strong>“How ... Security Strategy & Architecture
Goodbye Credential Leaks: Securing Code Together Mariam Sulakian Every day, leaked access credentials expose our products to malicious attacks. Security researchers have been ... DevSecOps & Application Security Hackers & Threats
Mapping the Cybercriminal Ecosystem Michael Daniel , Tal Goldstein , Amy Manky <p>Although cybercrime is now a national security threat, our understanding of the cybercriminal ecosystem remains ... Hackers & Threats
State of Cybersecurity 2022: From the Great Resignation to Global Threats Rob Marinkovic <p>Based on insights from ISACA’s State of Cybersecurity research, cybersecurity leaders will discuss the threats ...
That Time I Hacked a Hardware Wallet and Recovered $2 million Joe Newman <p>Lifelong hacker shares his cryptocurrency wallet hacking journey and view on nurturing the hacker ethos ... Hackers & Threats Professional Development & Personnel Management
The Road to Cloud Is Paved with On-Prem Integrations Dr. Nestori Syynimaa <p>The modern public cloud service providers’ production environments can be regarded as safer than the ... Technology Infrastructure & Operations
The Science of Scams: Deconstructing How Criminals Steal Cash Erin Levin <p>Social engineering scams affect everyone—it is something we all navigate as part everyday life. This ... Human Element Anti-Fraud
Token Theft Prevention (dPoP) – Nth Time is the Charm. Pam Dingle <p>Enterprises are securing identities with MFA/FIDO2. But is that enough? Adversaries are looking at token ... Identity
Transforming Security Through Design J. Wolfgang Goerlich <p>Security has a design problem. Our security programs are unusable, causing people to opt-out. Our ... Security Strategy & Architecture Human Element
Hugh Thompson Show: Exploring Information Disorder Hugh Thompson , Chris Robinson , Katie Couric <p>We are in a crisis of trust and truth, one of our own making. Every ... Human Element