DAY 1
MONDAY, JUNE 27, 2022
11:00AM - 11:45AM EASTERN
[INTERACTIVE SESSION]
The Evolution of the CISO Role: Transcending New Frontiers
CISOs are constantly challenged by disruptive changes across the dynamic enterprise ecosystem. A new era has dawned for CISO’s and it is imperative they acquire and expand their skills to drive the change agenda successfully. The CISOs mission spans across multiple organizational tiers and technology and business tiers ranging from cloud, identity management, enterprise risks management and strategic planning aligned with business goals and objectives.
This thought provoking and seminal session will explore whether CISO’s are just technology leaders or has the era of the business focused, enabling CISO arrived – and what does it entails.
11:45AM - 12:00PM EASTERN
[INTERACTIVE NETWORKING BREAK]
Hometown & First Job Skill That You Use Today
Participants will share where they are from, their first job, and a skill/takeaway that they still use today learned from that job.
12:00PM - 12:45PM EASTERN
[INTERACTIVE SESSION]
Cyber Risk Intelligence and the Meaning of a True Risk Exchange
Cyber risk intelligence is critical for businesses that operate in the digital world. It is the collection, evaluation, and analysis of cyber threat information by those with access to all-source information.
Like other areas of important business intelligence, cyber threat intelligence is qualitative information put into action to help develop security strategies and aid in identifying threats and opportunities.
In this session, Gary Phipps at CyberGRX explores:
Third-party cyber risk management vs self-assessments
Cyber risk intelligence in the wake of huge, high-profile breaches
The meaning of a true risk exchange
Gary Phipps
VP of Solution Architecture
CyberGRX
12:45PM - 1:15PM EASTERN
[30 MINUTE BREAK]
1:15PM - 2:00PM EASTERN
[INTERACTIVE SESSION]
Security as a Shared Responsibility.
Can a security practitioner or team ensure security of company assets alone? Who owns the systems and data? Let’s discuss!
2:00PM - 2:15PM EASTERN
[INTERACTIVE NETWORKING BREAK]
Favorite Vacation Spot
Participants will share their favorite vacation spot (and something they like about it), and place(s) they'd like to go next.
2:15PM - 3:00PM EASTERN
[INTERACTIVE SESSION]
Cyber Insurance
TBD
3:00PM - 3:15PM EASTERN
[INTERACTIVE NETWORKING BREAK]
Two Truths and a Lie
Participants will share 2 truths and 1 lie about themselves. Other participants will try to guess the lie.
3:15PM - 4:00PM EASTERN
[INTERACTIVE SESSION]
Ransomware - Defeating ransomware – What is the Best Defense?
-
Ransomware has been a prevalent attack vector for a decade
-
Why does this continue to plague us
-
How do we defend against it
-
What’s the best way to recover
-
If payments are made illegal, would you still consider paying to recover
DAY 2
TUESDAY, JUNE 28, 2022
11:00AM - 11:45AM EASTERN
[INTERACTIVE SESSION]
Top Concerns for CISO's & Security Leaders
What keeps you up at night? We all have concerns about threats, attack vectors, and new vulnerabilities hitting the street every day.
How do we help keep each other informed about top issues when they are changing at record speeds? What is your biggest challenge and area of focus this year?
Let's have an open discussion about how we can all remain informed at the right level.
11:45AM - 12:00PM EASTERN
[INTERACTIVE NETWORKING BREAK]
Bucket List Item
Participants will share a bucket list item that they'd like to accomplish, and/or one that was recently accomplished.
12:00PM - 12:45PM EASTERN
[INTERACTIVE SESSION]
Preventing a Wave of Destruction from Bots as a Service with Machine Learning
Bad bots continue to be big trouble. Not only do they account for a quarter of all Internet traffic, it’s now easier than ever for the average, non-technical person to launch malicious bot attacks, thanks to bots as a service (BaaS)*.* The wake of destruction wrought by these bots can seriously jeopardize businesses’ website performance, customer experience, data security and overall reputation.
Once upon a time, you had to be a bot expert to figure out how to forge your browser fingerprint realistically, generate human-like behavior, and route your requests through residential proxies. But now, having money trumps technical knowledge when it comes to launching hard-hitting bot attacks.
Indeed, people are increasingly monetizing bots, providing them in exchange for a subscription fee. Bot users can outsource the creation of sophisticated bots to bot expert companies, which handle everything, from crafting a realistic fingerprint, to routing requests through proxies and forging CAPTCHAs. Users can interact with a bot through a paid API, but only pay for successful requests, e.g. requests that are not blocked.
BaaS exist for different purposes ranging from scraping, to credential stuffing and scalping, putting every industry at risk.
Since these bots are sophisticated — and can be launched by just about anyone, thanks to BaaS — they require strong mitigations, such as:
- ML-based behavioral detection engine;
- Residential proxy detection; and
- Anti-CAPTCHA farms features.
This talk will reveal the inner workings of a modern bot detection engine. We will see which signals are collected, and how they are enriched. We will discuss why it is mandatory to analyze both server-side and client-side signals to protect websites against the threats posed by bots as a service.
12:45PM - 1:15PM
[30 MINUTE BREAK]
1:15PM - 2:00PM EASTERN
[INTERACTIVE SESSION]
Building a Culture of Security
We all know the saying “culture eats strategy for lunch”, right? Join us to share success stories on how you have embedded cybersecurity into the culture of your company so that it is top of mind for your entire organization.
Because let’s face it, if cybersecurity is not part of your company culture, it won’t matter what your cybersecurity strategy is.
2:00PM - 2:15PM EASTERN
[INTERACTIVE NETWORKING BREAK]
Share a Background Image
Participants will share a background image with the group, and talk briefly about it. This can be a pet, enjoyed activity, family member, hometown, vacation spot, etc.
2:15PM - 3:00PM EASTERN
[INTERACTIVE SESSION]
How to Reduce the Risk of Phishing to the Organization Through a No-cost Modification to your Existing Security Awareness Program.
In this session I will describe a no-cost approach that we have used and introduced to other organizations to reduce the risk of phishing. The approach allows organizations to reduce risk in a quantifiable way that can be used in leadership and board presentations.
Director Cyber Security Operations and Risk, HIPAA Security Official
Wellmark Blue Cross Blue Shield
3:00PM - 3:15PM EASTERN
[INTERACTIVE NETWORKING BREAK]
Get to Know Your Peers: Share Things You Like to do for Fun Outside of Work
Participants will share things they like to do for fun outside of work (hobbies, outside activities, musical instruments, cooking, pets, kids, etc.).
3:15PM - 4:00PM EASTERN
[INTERACTIVE SESSION]
Zero Trust Networking
What is it really?? And why is this such a buzzword throughout the Industry? In this discussion, we will go over the background of ZTN, the benefits it brings to your Company, and also the pitfalls to avoid.
DAY 2 | ONCON ICON AWARDS
TUESDAY, JUNE 28, 2022 AT 8PM - 9PM EASTERN
AWARDS CEREMONY AGENDA:
7:30pm Eastern
Awards Ceremony Waiting Room Opens & 30 Minute Countdown Begins *Refer to the meeting link in the calendar invite.
7:55pm Eastern
Webcams Are Encouraged To Be Turned On At This Time
8:00pm Eastern
Awards Ceremony Start & Opening Remarks
Awards Presenters:
-
Sujeet Bambawale | Chief Information Security Officer | 7-Eleven
-
Mark Alvarado | Director of Cyber Security & IT Compliance | Academy Sports + Outdoors
-
Amit Basu | Vice President, CIO & CISO | International Seaways
-
Patricia Collins Weedon | Group SVP and CISO | Discovery
-
Shelbi Rombout | Deputy Chief Information Security Officer | U.S. Bank
-
Michael Bray | Chief Information Security Officer | The Vancouver Clinic
-
Mark Connelly | CISO | Boston Consulting Group
-
Garrett Smiley | Chief Information Security Officer | Serco, Inc.
-
Edmond Mack | VP Security Architecture | GSK
-
Drew Perry | CISO | Valvoline
9:00pm Eastern
Awards Ceremony Conclusion. *We will try to conclude the awards ceremony as close to 9pm as possible, but it is possible that we conclude before or after 9pm Eastern.