Sunday, September 23
11:00 am - 11:45 am Registration
11:45 am - 12:00 pm Orientation
12:10 pm - 12:45 pm The New School of Security: Responsive, Effective and ReadyAaron Rinehart - Chief Enterprise Security Architect, United Health Group
Modern Security looks completely different and there is a new playbook that changes how security exists from design, to operations, and all the way towards a shift in mindset from security testing to security experimentation. This talk breaks out three key areas: security chaos experimentation, adversity testing and operational instrumentation.
Chaos Engineering takes an approach to injecting controlled objective failure in complex systems. In this presentation, you will learn how to do this in real life from starting small with game day exercises, developing chaos experimentation, and eventually maturing into production level testing. After all, Production systems are always different that Stage. Your attacker is not going to be instrumenting your systems in Stage and neither should you. Aaron Rinehart, the innovation leader behind the Open Source Software tool, ChaoSlingr, will show you why this is important and how security automation and chaos experimentation can you help understand how your security really works.
Adversity Testing shifts security left and adds off-the-shelf attack tools to your CI/CD pipeline. This gets security testing moving in sync with software development and Aaron will cover both conceptual and pragmatic examples of accomplishing this in your organization.
Operational Instrumentation is not unfamiliar to modern engineering organizations, however in the area of security we hope to expose new types of monitoring that modern security teams are implementing. We will cover how this fits into a feedback loop from security to ops to dev and back again. This area is critical for achieving successful outcomes with modern security in distributed systems.
Security is changing and this talk gets you ready for what’s just around the corner.
•New Methods for Instrumenting Security
•Core differences in Security Testing & Security Experimentation
•How to Transform your Security Organization into a Learning Organization
•A broad understanding of Chaos Experimentation
•The Business Value of Security Chaos Engineering & Control Validation
•Exposure to a New Open Source Tool that uses this new method
•Ways to Think Differently about how we Build Security
Aaron RinehartChief Enterprise Security Architect
United Health Group
1:45 pm - 2:30 pm Modular Approach to Incident Response in Healthcare
By using this method I was able to take my team from a Capability Maturity Model (CMM) of 1.9 to 3.8 in 9 month.
In this real world case study explore:
•Stakeholders that need to be involved in the plan(s) and why
•How to leverage your existing assets and investments to accelerate the process
•Reduce overhead and wasted productivity
•Lessons learned from this year (what I would have differently)
2:35 pm - 3:05 pm Business Meetings
3:05 pm - 3:35 pm Business Meetings
3:35 pm - 4:05 pm Business Meetings
MasterClass4:10 pm - 4:55 pm Best Practices and Future Direction of Security Awareness Training
This session will provide practical advice to help healthcare organizations leverage effective security awareness and behavior management practices to strengthen their human firewall.
•Practical security awareness and behavior management tips
•Outlining how and where tools are helpful
•Emerging industry trends
•How to create a “human firewall”
BrainWeave4:10 pm - 4:55 pm Why is SIEM Not Enough?
A SIEM has emerged as a key tool in the security toolbox but is simple event aggregation enough? The session will feature a roundtable discussion on SIEM effectiveness including:
•Security analyst burnout
•Ability to see the big picture
•The use of machine learning and AI to augment the SOC team
•Easy access to the latest intelligence
•Predictive/anticipatory awareness of threats and vulnerabilities
•Other improvement ideas
4:55 pm - 5:10 pm Networking Break
5:40 pm - 6:30 pm Women in ITJothi Dugar - CISO National Institutes of Health Clinical Center
Angela Johnson - Chief Information Security Officer & VP of IS Infrastructure, Children's Hospital of Wisconsin
When it comes to the lack of women in technology fields, the focus often turns to what about technology fields keeps women from participating and what can be done to encourage women to join the cyber security and other information technology professional opportunities. With the ongoing digital transformation within society, the number of unfilled cybersecurity positions is only going to increase. What can be done to encourage, attract, mentor and train, as well advance future leaders in the technology landscape.
In this session:
•Addressing the gender gap in C-suite technology roles
•A look at data surrounding women’s representation in IT
•Effective ways to support workforce diversity and inclusion
National Institutes of Health Clinical Center
Angela JohnsonChief Information Security Officer & VP of IS Infrastructure
Children's Hospital of Wisconsin