Sunday, September 23
11:00 am - 11:45 am Registration
11:45 am - 12:00 pm Orientation
12:10 pm - 12:45 pm The New School of Security: Responsive, Effective and ReadyAaron Rinehart - Chief Enterprise Security Architect United Health Group
Modern Security looks completely different and there is a new playbook that changes how security exists from design, to operations, and all the way towards a shift in mindset from security testing to security experimentation. This talk breaks out three key areas: security chaos experimentation, adversity testing and operational instrumentation.
Chaos Engineering takes an approach to injecting controlled objective failure in complex systems. In this presentation, you will learn how to do this in real life from starting small with game day exercises, developing chaos experimentation, and eventually maturing into production level testing. After all, Production systems are always different that Stage. Your attacker is not going to be instrumenting your systems in Stage and neither should you. Aaron Rinehart, the innovation leader behind the Open Source Software tool, ChaoSlingr, will show you why this is important and how security automation and chaos experimentation can you help understand how your security really works.
Adversity Testing shifts security left and adds off-the-shelf attack tools to your CI/CD pipeline. This gets security testing moving in sync with software development and Aaron will cover both conceptual and pragmatic examples of accomplishing this in your organization.
Operational Instrumentation is not unfamiliar to modern engineering organizations, however in the area of security we hope to expose new types of monitoring that modern security teams are implementing. We will cover how this fits into a feedback loop from security to ops to dev and back again. This area is critical for achieving successful outcomes with modern security in distributed systems.
Security is changing and this talk gets you ready for what’s just around the corner.
- New Methods for Instrumenting Security
- Core differences in Security Testing & Security Experimentation
- How to Transform your Security Organization into a Learning Organization
- A broad understanding of Chaos Experimentation
- The Business Value of Security Chaos Engineering & Control Validation
- Exposure to a New Open Source Tool that uses this new method
- Ways to Think Differently about how we Build Security
Aaron RinehartChief Enterprise Security Architect
United Health Group
1:55 pm - 2:25 pm Teaming Humans and Machines: Intelligent and Proactive Defense
Collaborative internal and external partnerships are vital to bridge across siloes within healthcare. Security teams create robust, scalable and repeatable processes, which are proportionate to the risk being mitigated. Streamlining the human role in cyber security as automation provides ways to secure efficiently and effectively especially with the continued growth of electronic health records, Artificial Intelligence, block chain, imaging, interoperability and telemedicine.
In this session:
- Intrusion prevention / detection
- Anti-malware / machine based learning protection
- Efficiency in the resolution process
2:25 pm - 2:55 pm Threats in a Connected Healthcare World
Cybersecurity in the healthcare industry is often fraught with technological misunderstanding and a lack of institutional knowledge about organizational attack surfaces. Attackers use this misunderstanding to find intrusion avenues that may not be protected via already deployed enterprise security solutions.
This talk will cover an overview of healthcare security risks, threats, attack avenues and approaches for defending patients, their records and your systems.
3:00 pm - 3:30 pm Business Meetings
3:30 pm - 4:00 pm Business Meetings
4:00 pm - 4:30 pm Business Meetings
MasterClass4:30 pm - 5:15 pm Serving and Protecting While Improving Security Awareness
Evolving medical technologies improve lives as well as expand access to data and devices for hackers. Cyber criminals continue to successfully and consistently exploit human nature to accomplish their goals. Employees are often the last line of defense between a sophisticated phishing scheme and internal systems, data, and medical devices. This session will provide practical advice to help organizations leverage timely and consistent security awareness and behavior management practices to strengthen the human link.
In this session:
- Providing relatable and relevant case studies to engage employees
- Outlining how and where tools are helpful
- Motivating continuous, positive security actions
- Shifting to detection and response
BrainWeave4:30 pm - 5:15 pm When Shrinkage is Good- Reduce Incident Response Times from Hours to Minutes
Is your security team challenged with alert fatigue, a shortage of skilled staff, and maximizing the company’s product arsenal investment?
Solving such challenges isn’t easy and requires a delicate balance of people, processes, and tools. Investing in a comprehensive platform that enables security operation teams to reduce MTTR, create consistent and audited incident management process and increase analyst productivity is a step in the right direction.
Attend this discussion to learn how a security orchestration platform can automate manual-intensive tasks and reduce response times from hours to minutes.
See how the product’s machine learning suggestions can help your team become smarter with every incident and resolve complex threats faster and more accurately.
Benefits from shrinking your time to respond for every incident include:
- Improve your overall security posture,
- Enhance analyst productivity (from Tier 1-3), and
- Future-proof security operations.
Ignite Session: Three Quick Fire Presentations in Thirty Minutes. Talk about getting to the crux of the matter, fast!5:30 pm - 6:05 pm Strengthening Medical Device Security
Cyber Health CISO Roundtable Discussions: Engage in your choice of targeted discussions for open exchange among industry peers.6:05 pm - 6:45 pm Empowering Security through the Cloud Darren Dannen - Director Security Architecture & Engineering Wellmark Blue Cross and Blue Shield
The cloud offers economic, competitive and collaborative benefits to healthcare. But the sensitive and regulated data kept by healthcare requires heightened security measure. In this session, discuss the challenges and benefits of moving to the cloud. Look at how the changing threat landscape creates risks to traditional security practices. Examine current security trends affecting healthcare and approaches to protecting sensitive data:
•Prioritizing and overcoming challenges to the cloud
• Embracing the cloud with full visibility while managing shadow IT
•Identifying gaps and ensuring regulatory compliance through the cloud
Darren DannenDirector Security Architecture & Engineering
Wellmark Blue Cross and Blue Shield
Cyber Health CISO Roundtable Discussions: Engage in your choice of targeted discussions for open exchange among industry peers6:05 pm - 6:45 pm Tackling Compliance- Collaborative Approaches in the Healthcare Community
Healthcare organizations must balance compliance and risk with changing markets and government regulation. Emerging technologies including the Internet of Medical Things, machine learning, and software platforms for managing medical records are constantly added to the healthcare ecosystem.. Industry standards and government regulations add another level of complexity. Information risk executives need to stay up-to-date in order to minimize risk and maximize response and efficiency.
In this session:
•Staying ahead of new and evolving healthcare legislation
•Keeping up with the effect of tax reform
•Affecting the organizations ability to manage data through intelligent technologies