Skip to Main Content

Cybersecurity Symposium 2018 NorCal - Strength Through Community

Please select the optional registration items below for the Education Breakout Sessions depending on your area of interest &/or job function.

  • >> Choose one session for each block of time <<
  • 10:15am - 45 min Sessions
  • 11:15am - 45 min Sessions
  • 2:15pm - 45 min Sessions
  • 3:15pm - 45 min Sessions

The Opening Session, General Sessions, Lunch Session, Closing Session and the evening reception do not need to be selected during the registration process.  They will be included in your agenda. 




  • Wednesday, September 5, 2018
    8:00 AM  -  5:00 PM
    Registration and Check In (open all day)
    8:30 AM  -  8:45 AM
    Symposium Welcome & Opening Remarks
    Russ Hicks, President, Public Sector Partners, Inc.
    Sherilyn Hammond, Director of Events and Logistics, Public Sector Partners, Inc

    Opening Remarks:

    Executive Sponsors for the 2018 Cybersecurity Symposium, Northern CA:
    Michael Makstman, Chief Information Security Officer, City & County of San Francisco
    Justin Dietrich, Chief Information Security Officer, County of Santa Clara
    Raj Patel, Chief Information Security Officer, City of Palo Alto
    9:00 AM  -  9:30 AM
    Opening Keynote - Bringing AI to the Cyber Security Battle  (Presented by IBM)

    Speaker: Cindy Compert, CIPT/CIPM, CTO Data Security & Privacy, IBM Security


    Description: Artificial intelligence is changing the game for cybersecurity, analyzing massive quantities of risk data, to speed response times and augment the capabilities of under-resourced security operations. AI security technologies can be leveraged to improve your cybersecurity posture while addressing common organizational challenges, addressing skills shortages, agility, accuracy and speed of response. In this jargon-free session, we'll separate AI fact from fiction and discuss how embedded AI can automatically investigate indicators of compromise, utilize reasoning to provide critical insights, and ultimately accelerate the response cycle.


    Intended Audience: CISO, ISO, CTO, CIO's, Risk & Compliance organizations, SOC Leaders, CyberSecurity Leadership, IT Management

    9:35 AM  -  10:05 AM
    Opening Keynote 2 - Disrupting the Security paradigm  (To Be Presented by Zscaler)
    Speaker: Dr. Amit Sinha, CTO and Executive Vice President of Engineering and Cloud Operations, Zscaler Description: Dr. Amit Sinha is a skilled entrepreneur and technology leader who has driven the research and development of disruptive security and wireless technologies at both startups and market-leading organizations. This keynote will focus on how small and local Government operations can leverage technology and networks in order to overcome both personnel and infrastructure challenges to disrupt the cyber threats facing Security Personnel at all levels of Government and Education. At Zscaler, Dr. Amit Sinha is responsible for managing engineering, cloud operations, and security research. Prior to Zscaler, Amit served as CTO for Motorola’s enterprise networking and communications business, which he joined via its acquisition of AirDefense, where he held the same role. He has also served as chief technologist at Engim, which he co-founded.
    10:15 AM  -  11:00 AM
    Session 1: From Cyber Defense to Cyber Resilience: Charting a new course  (Presented by IBM)
    Speaker: Cindy Compert, CTO Data Security & Privacy, IBM Security Description: Think about it. An organization that cannot swiftly recover from cyberattacks is as ineffective as one that has no defenses at all, yet 77% of organizations do not have a formal, organization-wide incident response plan. Digital government requires that we shift our orientation from defense to resiliency- and that we design our cybersecurity strategy and tactics around supporting key business initiatives and stakeholders. What does it mean to be cyber-resilient? What are the challenges and seven most important factors to improve your cyber resiliency? Join us as we explore a recent study on cyber-resiliency and share best practices for the cyber-resilient organization.
    10:15 AM  -  11:00 AM
    Session 2: Work is not a place you go to but something you do  (Presented by Zscaler)
    Panel Session Speakers:
    Zscaler Auditor- Vaishali Patel
    Justin Dietrich- CISO, County of Santa Clara
    Stormy Maddox- CISO, County of San Mateo


    Description: Everyone is moving to the “Cloud.” We also now have plenty of employees who work remotely vs the typical 8-5 in the office. With this massive shift to the cloud and remote/mobile employees, your traditional hub and spoke model no longer makes sense as your perimeter or network is being extended outside of your walls. How do you provide coverage and control if you can’t build a firewall in the cloud? How can you provide a consistent user experience for your employees who work from the office, a branch location, a coffee shop, home, etc? These are issues occurring for everyone who has started the big Cloud move a few years ago. Stop being reactive and scratching your head on what to do next by attending this session to learn how some of the most tech savvy counties in the heart of Silicon Valley has augmented their Security and Network programs by leveraging a solution that not only resolves these needs but starts to help close the gap between traditional tension with the network and security groups.


    Intended Audience: Anybody focused on Cloud apps for a line of business need/want, Security, Network, and Remote Access for Employees

    10:15 AM  -  11:00 AM
    Session 3: Securing your Networks  (Presented by DPP Technologies)
    Mike Valencia , Vice President, Cities & Cybersecurity, DPPTech
    Nima Iyengar, Vice President, DPPTech


    Description: Securing the outer perimeter of your network:
    1. Importance of securing the network for cities in today's world.
    2. We will be covering the four important areas for securing the network:
        a. Customer Edge
        b. Internet Edge - Internet router, Firewalls for both VPN and Internet connectivity, Intrusion prevention/detection
        c. Data center
        d. End point security
    3. Common challenges and problems faced by cities
    4. Mitigation strategies and solutions.


    Intended Audience: CISOs, CIOs and CTOs that oversee security for networks and data centers.

    10:15 AM  -  11:00 AM
    Session 4: Aligning Security & Compliance on a Fixed Budget  (Presented by DataEndure)

    Speaker: Shahin Pirooz, CTO/CISO, DataEndure


    Description: With shrinking public tolerance for cybersecurity breaches and greater penalties for regulatory noncompliance, the heat and light on and from leadership and directors has intensified dramatically. There is a fundamental expectation that agencies will have the ability to identify and respond to any cyber event. Amidst the added responsibility and heightened expectations, technology leaders are in a valiant fight to keep up.

    Where do you start and how do you best deploy resources on a budget? This session defines a digital defense approach: led with a compliance strategy; paired with a defense in depth security model; and leveraging managed security services to close gaps and extend your reach.

    Attendees will learn to:

    1. Recognize the co-dependence between compliance & security
    2. Understand where you are today vs. where you need to be to secure your organization
    3. Identify where & how to use managed security providers to accelerate your objectives


    Intended Audience: Technology leaders under pressure to strengthen their security posture, who are seeking cost-effective ways to enhance or complement their existing capabilities.

    10:15 AM  -  11:00 AM
    Session 5: To be Presented by Proofpoint  (Presented by Proofpoint)
    Description coming soon!
    11:15 AM  -  12:00 PM
    Session 6: Cybersecurity, Are you gambling with your future? Learn to up your game, improve security  (Presented by Verizon)

    Speaker: Craig Bowman, Vice President, Verizon’s Advanced Solutions Division, Verizon


    Description: Your organization’s security depends on you. The 2018 Verizon Data Breach Investigations Report (DBIR) offers security pros a first-hand view into current cybercrime trends, and a map towards developing a prosperous and mature security program.

    The 2018 DBIR draws on over 53,000 incidents and 2,200-odd confirmed data breaches, studying the impact of malware, DoS attacks, social engineering and other activities across multiple industries. The findings include:

    • Who’s being attacked, who’s behind them and what the primary motivators are
    • How simple errors generate a significant percentage of breaches
    • What percentage of breaches were discovered in 30 days or less

    There is no such thing as a cyber world devoid of risk. But information is power and understanding the threats you face today can only help you improve your security for the incidents you will face tomorrow.

    Mr. Bowman will walk you through patterns in the security landscape and our adversary’s operational methods.


    Intended Audience: Cybersecurity personnel and decision makers, as well as policy makers in the security arena, will find this session interesting and thought-provoking.

    11:15 AM  -  12:00 PM
    Session 7 - Simplifying OT Security  (Presented by Symantec)

    Speaker: Kunal Agarwal, GM, Internet of Things, Symantec


    Description: The world of operational technology (IIOT/ICS) has rapidly evolved in the last year. With the rise of mind-numbing attacks in critical infrastructure (Industroyer, Dragonfly, Trisis) the question is what should one do? The speaker will look across the industry at security solutions in network, endpoint, and gateway to give attendees insight into what threats they should and shouldn't be worried about - and how to secure against the too big to fail vulnerabilities of industrial systems.


    Intended Audience: CISO's, Security Analysts, Security Practitioners, OT Technicians, OT Administrators, and OT Engineers.

    11:15 AM  -  12:00 PM
    Session 8 - The Living Security Assessment: Making Machine Learning Actionable  (Presented by Aruba)
    Dan Desrosiers, Director, Security Sales, Aruba Networks, An HPE Company
    Coy Thorp, Systems Engineering Manager, Aruba Networks, An HPE Company


    Description: We have spent years responding to security threats by conducting security assessments within our organizations. While these assessments provide value, they are "point-in-time" exercises, and they assume that nothing of significance changes within our infrastructure from one assessment to the next. The fact is, this couldn't be farther from the truth. To combat this, the industry is using Machine Learning (ML) and Artificial Intelligence (AI) to breathe life into your current security assessments. The question remains though, is this just snake oil? What's the true value? During this session, we will take a long, hard look at the different definitions of ML and AI in the market today, explore how these technologies can help organizations solve critical security problems, and give attendees important tools that will help them cut through the hype and make the best decisions for keeping their networks – and the users, devices and data on them – secure.

    11:15 AM  -  12:00 PM
    Session 9 - Big Threats, Small Budgets: How Better Integration Mitigates Cybercrime Exposure  (Presented by Fortinet)

    Speaker: Anthony Giandomenico, Senior Security Strategist, Fortiguard Labs, Fortinet


    Description: With the growth of IoT and Cloud, the attack surface that organizations and governments must protect is expanding dramatically. Many solutions exist to solve particular security and technical issues in your network, but as solutions are added, complexity is increased. Add to that shrinking budgets, the demand for speed, and the current cybersecurity skills gap that many organizations experience today and you are left with a seemingly insurmountable challenge. How can you effectively respond?

    This session will address how an integrated architectural approach- one that includes the ability to quickly and effectively audit, recommend and automatically fix the entire network security architecture, will create the best chance of mitigating your exposure and solving security holistically and for the long term.


    Intended Audience: Public Sector, State & Local Government, SMB, Enterprise, Mid-Enterprise security professionals: Director, CISO, CIO, VP, Manager, Architects.

    12:15 PM  -  1:00 PM
    Lunch Keynote: Can Security Be Easy?  (Presented by Nyotron)

    Speaker: Nir Gaist, Founder and CTO, Nyotron


    Description: Ponemon Institute estimates an average breach cost of $3.5 million, with a 27% probability that a U.S. company will experience a breach in the next 24 months. Malware is winning with a never ending supply of new attack vectors, previously unseen methods and malware variants. Why, after organizations have invested billions of dollars in security, are they still so vulnerable? Can security be made easy?

    This presentation will cover the latest threat landscape - from Meltdown and Spectre vulnerabilities to WannaCry ransomware, from the attack that disabled city of Atlanta to activities of nation-states. A new approach to look at security will also be proposed. Instead of fighting an infinite battle with attackers, focusing on the finite intentions behind the attack makes security so much easier.

    Two live hacks will also be part of this interactive presentation, including the infamous Rubber Ducky that remains practically unstoppable by today’s security solutions. You don’t want to miss this!


    Intended Audience: Security practitioners, CISO, Security Architects, IT Admins

    1:00 PM  -  1:30 PM
    Lunch Session 2: What Problems Might Blockchain Solve for Government?

    Speaker: Jonathan Reichental, Ph.D, Chief Information Officer, City of Palo Alto


    Description: Blockchain technology is getting a lot of attention right now. There is significant excitement about its potential game-changing value in a range of contexts. This short session introduces the basics of blockchain technology and discusses it in the context of government. Participants will leave the session with a better understanding of blockchains potential role in government and whether it makes sense for their agency to learn more.

    2:30 PM  -  3:15 PM
    Session 11 - Don't Use Blockchain! .... Unless you really need one!  (Presented by CA Technologies)
    Scott Morrison, Senior Vice President and Distinguished Engineer, CA Technologies
    Lisa Buschmann, Solution Director, Cybersecurity, CA Technologies


    Description: Blockchain, the technology underpinning Bitcoin, is white hot right now. Hardly a day goes by without somebody announcing their new blockchain startup will change the world. It has even become the basis of new funding model—the ICO. If you are a leader in IT, chances are someone in your organization is putting a blockchain-based proposal in front of you right now and promising the world. But the issue with blockchain is that may not be the best choice to solve everyday business problems. It makes perfect sense in a crypto currency like Bitcoin; but blockchain may be vastly too complex and not fit for purpose in your application. A centralized database with a fixed trust model is not exciting, but it might just be a better choice. This talk will put blockchain in context, and help you spot blockchain-washing. You should leave ready to make the right choice about using a blockchain in your organization.


    Intended Audience: CIO, CISO, Department Heads, Infrastructure Leads, DevSecOps Leads - anyone looking into Blockchain technologies

    2:30 PM  -  3:15 PM
    Session 12 - Securing your Data and Identity in Government - Save your data from hackers!  (By BIAS / Oracle Corp.)
    Thom Locke, VP Security, BIAS Corporation
    Manuel Fernandes, Enterprise Security Architect, Oracle Corporation
    Avinash Sankhla, Enterprise Security Architect, BIAS Corporation


    Description: Whether you’re a large or small government department, you have to be more vigilant than ever when it comes to protecting your confidential data. The threat landscape continues to grow more volatile, putting your data at risk. The total number of reported breaches grew by 62 percent over the previous year (Symantec Breach Report), with the number of identities exposed due to those breaches quadrupling to more than 5 million. But your data is not at risk just to hackers. Accidental exposure and device theft/loss accounted for 56 percent of those breach incidents. The National Institute of Standards and Technology (NIST) mandates that U.S. government agencies must employ end-to-end encryption for data-in-transit. The reason is clear. If your data is encrypted, it’s still protected in the event of a breach. Our session will discuss strategies to ensure that your data, identities and infratructure is secure from malicious attack.


    Intended Audience: Chief Information Security Officers, Data Privacy Directors and CIO's

    2:30 PM  -  3:15 PM
    Session 13 - The day after an attack! Breach Mitigation and Communication Planning  (By FireEye / ForeScout)

    Speaker: Bruce Heard, Senior Manager, Security Consulting Services, Mandiant, a FireEye Company


    Description: How an organization communicates to the public about a breach is an essential part of an Incident Response Plan. With Social Media and the pressure from news outlets to disclose more information quicker, the amount of public scrutiny an organization faces as they go through a breach is at an all-time high and can have a significant long-term impact on reputation.

    This session will examine how, what, and when organizations need to communicate about a data breach.

    • What are the reporting laws?
    • What are the common pitfalls to avoid?
    • How do I prepare my executives and elected officials?

    This session will offer an inside look at crisis management around real-world breaches, communications pressures created by today’s threat landscape, and the crisis management planning essentials that public sector organizations need to be aware of.


    Intended Audience: CIOs, CISOs, Managers, Supervisors, Risk Managers, Public Relations, legal, governance,

    2:30 PM  -  3:15 PM
    Session 14 - IRS 1075 Compliance and Audits - What you need to know.  (Presented by Tenable)
    Aleks McKinney, Field Product Manager, Tenable Public Sector
    Patrick Meister, Western Public Sector Mgr, Tenable Public Sector
    Jim Thor, Public Sector Engineer, Tenable Public Sector


    Description: Explanation of IRS 1075 e IRS Publication 1075 compliance on systems that store, process, transmit and/or receive Federal Tax Information and are subject to IRC 6103

    Safeguarding requirements.

    What the auditors are looking for and how to mitigate related vulnerabilities.


    Intended Audience: Public sector security and compliance personnel, CIO's, and CISO's, department and agency heads.

    2:30 PM  -  3:15 PM
    Session 15 - To be presented by Okta  (TBD)
    Description coming soon!
    3:30 PM  -  4:15 PM
    Session 16 - To be Presented by CrowdStrike  (Presented by CrowdStrike)
    Description Coming Soon!
    3:30 PM  -  4:15 PM
    Session 17 -Leveraging the VMware Hypervisor to Secure Data Center Applications  (Presented by VMware)

    Speaker: Chris Corde, Sr. Director Product Management, VMware, Networking and Security Business Unit


    Description: Customers are struggling more and more to keep pace with the requirements of cybersecurity. Most of this struggle is due to the endless arms race between defenders and attackers. We need a better approach. The virtualization layer (hypervisor) can be one of the most powerful tools in security, since it has the context of guest VM operating systems but runs in an isolated trust boundary. Using this tool, you can provide least privilege security approaches (System Integrity, Application Control, Micro-Segmentation, and Encryption) in an agentless fashion while aligning with the operational needs of the modern data center. This session will provide an in-depth review of how we deliver these capabilities at VMware through products like NSX and AppDefense.


    Intended Audience: Practitioners. vAdmins, Security Operations, Security Architecture.

    3:30 PM  -  4:15 PM
    Session 18 - Hacking Web Applications using Burp  (Presented by PTP)

    Speaker: Ronald Hamilton, CISO, PTP


    Description: This session will demonstrate how to test for OWASP Top 10 Web Application Security Vulnerabilities using the proxy tool ""Burp"". We will demonstrate how to detect and test for these vulnerabilities as well as how to avoid them in your applications.


    Intended Audience: Software Developers, AppDev Managers, ISO's, CISO's, Technical Staff, Aspiring Hackers (A working knowledge of HTTP and HTML is recommended)

    3:30 PM  -  4:15 PM
    Session 19 - Privacy Impact Assessments: Insights from the GDPR  (Presented by Spirion)

    Speaker: Scott M. Giordano, V.P., Data Protection, Spirion


    Description: The EU General Data Protection Regulation (GDPR) is now the principle data protection regulation in the EU, and with it comes a distinct approach to protecting personal data. One area that has wide application for the public sector is in the conduct of Privacy Impact Assessments (PIAs). Given the expanded definition of personal data and the increasing sophistication in processing it, PIAs are more relevant now than ever. The GDPR requires a PIA under a number of circumstances, and the guidance given on when and how to conduct them offers tremendous new insight into the entire process. This session will introduce how PIAs are conducted under the GPDR, contrast them with approaches here in the U.S., and offer opportunities for dramatic improvements in the protection of personal data.


    Intended Audience: Legal, compliance, and technical staff; managers, supervisors

    4:30 PM  -  4:45 PM
    CSS2018 Closing Remarks

    Join us for the Closing Remarks, followed by the 2018 Cybersecurity Symposium Event Reception.

    4:45 PM  -  5:30 PM
    2018 Cybersecurity Symposium Reception
    Join us for a reception following the Closing Remarks.