Skip to Main Content

Cybersecurity Symposium 2018 NorCal - Strength Through Community

Please select the optional registration items below for the Education Breakout Sessions depending on your area of interest &/or job function.

  • >> Choose one session for each block of time <<
  • 10:15am - 45 min Sessions
  • 11:15am - 45 min Sessions
  • 2:15pm - 45 min Sessions
  • 3:15pm - 45 min Sessions
 

The Opening Session, General Sessions, Lunch Session, Closing Session and the evening reception do not need to be selected during the registration process.  They will be included in your agenda. 


 

 

Agenda

  Go
  • Closed  Closed
  • Optional  Optional
  • Wednesday, September 5, 2018
  •  
    8:00 AM  -  5:00 PM
    Registration and Check In (open all day)  (Bayshore Foyer)
    Bayshore Foyer - 1st floor
    Speakers:
    8:30 AM  -  8:45 AM
    Symposium Welcome & Opening Remarks  (Gateway Ballroom - 2nd Floor)
    Gateway Ballroom, 2nd Floor
    Welcome:
    Russ Hicks, President, Public Sector Partners, Inc.
    Sherilyn Hammond, Director of Events and Logistics, Public Sector Partners, Inc

    Opening Remarks:

    Executive Sponsors for the 2018 Cybersecurity Symposium, Northern CA:
    Michael Makstman, Chief Information Security Officer, City & County of San Francisco
    Justin Dietrich, Chief Information Security Officer, County of Santa Clara
    Raj Patel, Chief Information Security Officer, City of Palo Alto
    9:00 AM  -  9:30 AM
    Opening Keynote - Bringing AI to the Cyber Security Battle  (By IBM-Gateway Ballroom-Flr 2)
    Gateway Ballroom, 2nd Floor

    Speaker: Cindy Compert, CIPT/CIPM, CTO Data Security & Privacy, IBM Security

     

    Description: Artificial intelligence is changing the game for cybersecurity, analyzing massive quantities of risk data, to speed response times and augment the capabilities of under-resourced security operations. AI security technologies can be leveraged to improve your cybersecurity posture while addressing common organizational challenges, addressing skills shortages, agility, accuracy and speed of response. In this jargon-free session, we'll separate AI fact from fiction and discuss how embedded AI can automatically investigate indicators of compromise, utilize reasoning to provide critical insights, and ultimately accelerate the response cycle.

     

    Intended Audience: CISO, ISO, CTO, CIO's, Risk & Compliance organizations, SOC Leaders, CyberSecurity Leadership, IT Management

    9:35 AM  -  10:05 AM
    Opening Keynote 2 - Disrupting the Security paradigm  (By Zscaler-Gateway Blrm -Flr 2)
    Gateway Ballroom, 2nd Floor
    Speaker: Dr. Amit Sinha, CTO and Executive Vice President of Engineering and Cloud Operations, Zscaler Description: Dr. Amit Sinha is a skilled entrepreneur and technology leader who has driven the research and development of disruptive security and wireless technologies at both startups and market-leading organizations. This keynote will focus on how small and local Government operations can leverage technology and networks in order to overcome both personnel and infrastructure challenges to disrupt the cyber threats facing Security Personnel at all levels of Government and Education. At Zscaler, Dr. Amit Sinha is responsible for managing engineering, cloud operations, and security research. Prior to Zscaler, Amit served as CTO for Motorola’s enterprise networking and communications business, which he joined via its acquisition of AirDefense, where he held the same role. He has also served as chief technologist at Engim, which he co-founded.
    10:15 AM  -  11:00 AM
    Session 1: From Cyber Defense to Cyber Resilience: Charting a new course  (By IBM- DONNER-1st Flr)
    Donner - 1st Floor
    Speaker: Cindy Compert, CTO Data Security & Privacy, IBM Security Description: Think about it. An organization that cannot swiftly recover from cyberattacks is as ineffective as one that has no defenses at all, yet 77% of organizations do not have a formal, organization-wide incident response plan. Digital government requires that we shift our orientation from defense to resiliency- and that we design our cybersecurity strategy and tactics around supporting key business initiatives and stakeholders. What does it mean to be cyber-resilient? What are the challenges and seven most important factors to improve your cyber resiliency? Join us as we explore a recent study on cyber-resiliency and share best practices for the cyber-resilient organization.
     Optional 
    10:15 AM  -  11:00 AM
    Session 2: Work is not a place you go to but something you do  (By Zscaler- SISKIYOU - 1st Flr)
    Sisyiyou - 1st Floor
    Panel Session Speakers:
    Zscaler Auditor- Vaishali Patel
    Justin Dietrich- CISO, County of Santa Clara
    Stormy Maddux- CISO, County of San Mateo

     

    Description: Everyone is moving to the “Cloud.” We also now have plenty of employees who work remotely vs the typical 8-5 in the office. With this massive shift to the cloud and remote/mobile employees, your traditional hub and spoke model no longer makes sense as your perimeter or network is being extended outside of your walls. How do you provide coverage and control if you can’t build a firewall in the cloud? How can you provide a consistent user experience for your employees who work from the office, a branch location, a coffee shop, home, etc? These are issues occurring for everyone who has started the big Cloud move a few years ago. Stop being reactive and scratching your head on what to do next by attending this session to learn how some of the most tech savvy counties in the heart of Silicon Valley has augmented their Security and Network programs by leveraging a solution that not only resolves these needs but starts to help close the gap between traditional tension with the network and security groups.

     

    Intended Audience: Anybody focused on Cloud apps for a line of business need/want, Security, Network, and Remote Access for Employees

     Optional 
    10:15 AM  -  11:00 AM
    Session 3: Securing your Networks  (By DPP Tech - OAK- 2nd Floor)
    Oak - 2nd Floor
    Speakers:
    Mike Valencia , Vice President, Cities & Cybersecurity, DPPTech
    Nima Iyengar, Vice President, DPPTech

     

    Description: Securing the outer perimeter of your network:
    1. Importance of securing the network for cities in today's world.
    2. We will be covering the four important areas for securing the network:
        a. Customer Edge
        b. Internet Edge - Internet router, Firewalls for both VPN and Internet connectivity, Intrusion prevention/detection
        c. Data center
        d. End point security
    3. Common challenges and problems faced by cities
    4. Mitigation strategies and solutions.

     

    Intended Audience: CISOs, CIOs and CTOs that oversee security for networks and data centers.

     Optional 
    10:15 AM  -  11:00 AM
    Session 4: Aligning Security & Compliance on a Fixed Budget  (By DataEndure- CASCADE-1st Flr)
    Cascade - 1st Floor

    Speaker: Shahin Pirooz, CTO/CISO, DataEndure

     

    Description: With shrinking public tolerance for cybersecurity breaches and greater penalties for regulatory noncompliance, the heat and light on and from leadership and directors has intensified dramatically. There is a fundamental expectation that agencies will have the ability to identify and respond to any cyber event. Amidst the added responsibility and heightened expectations, technology leaders are in a valiant fight to keep up.

    Where do you start and how do you best deploy resources on a budget? This session defines a digital defense approach: led with a compliance strategy; paired with a defense in depth security model; and leveraging managed security services to close gaps and extend your reach.

    Attendees will learn to:

    1. Recognize the co-dependence between compliance & security
    2. Understand where you are today vs. where you need to be to secure your organization
    3. Identify where & how to use managed security providers to accelerate your objectives

     

    Intended Audience: Technology leaders under pressure to strengthen their security posture, who are seeking cost-effective ways to enhance or complement their existing capabilities.

     Optional 
    10:15 AM  -  11:00 AM
    Session 5: Modern DLP - Why everything about traditional data loss prevention is backwards & how to  (By Proofpoint - SIERRA 1st Flr)
    Sierra - 1st Floor

    Speaker: Stephen Chan, Senior Director, Information Protection, Proofpoint

     

    Description: Traditional DLP is focusing on the wrong end of the problem. Just the term DLP shows we’re thinking about things backwards. DLP also focuses on "things." That’s wrong — DLP is about people, but not the ones you think. DLP has traditionally been binary, but unfortunately, the world is fuzzy. Instead of identifying their most vulnerable vectors, DLP leaders try to apply DLP everywhere. As a result, CIO's are going broke, and CISO’s are risking revolts. DLP's forecast is cloudy. In fact, the cloud is more than just one vector. It’s thousands. It’s also where DLP should call home.

    Modern DLP looks at the major data loss issues plaguing today's organizations from a different perspective. It enables firms to properly prioritize their own DLP risk and lay out an appropriate response. This changes what for most firms has been an unattainable goal, into something practical, achievable, and consequently, cost-effective. Approaching data loss using a Modern DLP framework will maximize the security of your firm's data and assets in a manner that meets your goals and budget.

     

    Intended Audience: Everyone: Executive, Managers, Supervisors, Architects, Technical staff

     Optional 
    11:15 AM  -  12:00 PM
    Session 6: Cybersecurity, Are you gambling with your future? Learn to up your game, improve security  (By Verizon- DONNER-1st Flr)
    Donner - 1st Floor

    Speaker: Craig Bowman, Vice President, Verizon’s Advanced Solutions Division, Verizon

     

    Description: Your organization’s security depends on you. The 2018 Verizon Data Breach Investigations Report (DBIR) offers security pros a first-hand view into current cybercrime trends, and a map towards developing a prosperous and mature security program.

    The 2018 DBIR draws on over 53,000 incidents and 2,200-odd confirmed data breaches, studying the impact of malware, DoS attacks, social engineering and other activities across multiple industries. The findings include:

    • Who’s being attacked, who’s behind them and what the primary motivators are
    • How simple errors generate a significant percentage of breaches
    • What percentage of breaches were discovered in 30 days or less

    There is no such thing as a cyber world devoid of risk. But information is power and understanding the threats you face today can only help you improve your security for the incidents you will face tomorrow.

    Mr. Bowman will walk you through patterns in the security landscape and our adversary’s operational methods.

     

    Intended Audience: Cybersecurity personnel and decision makers, as well as policy makers in the security arena, will find this session interesting and thought-provoking.

     Optional  Closed 
    11:15 AM  -  12:00 PM
    Session 7 - Simplifying OT Security  (By Symantec -OAK- 2nd Floor)
    Oak - 2nd Floor

    Speaker: Kunal Agarwal, GM, Internet of Things, Symantec

     

    Description: Public industrial control systems, or critical infrastructure is under major siege from a variety of accidental and targeted infections. These attacks have had adversaries take control of operational equipment that serves millions of Americans and give a simple ability to turn the ‘off switch’ on power or water. This was the story of Symantec’s most recent discovery Dragonfly. In this session, you will learn more about cyber warfare and attacks afflicting public infrastructure, as well as techniques to protect operational technology that keeps our municipalities, states, and country running.

     

    Intended Audience: CISO's, Security Analysts, Security Practitioners, OT Technicians, OT Administrators, and OT Engineers.

     Optional 
    11:15 AM  -  12:00 PM
    Session 8 - The Living Security Assessment: Making Machine Learning Actionable  (By Aruba - SISYIYOU - 1st Flr)
    Sisyiyou - 1st Floor
    Speakers:
    Bob Filer, Consulting Systems Engineer for Security and the former Director of Security Technical Marketing, Aruba Networks, An HPE Company
    Coy Thorp, Systems Engineering Manager, Aruba Networks, An HPE Company

     

    Description: We have spent years responding to security threats by conducting security assessments within our organizations. While these assessments provide value, they are "point-in-time" exercises, and they assume that nothing of significance changes within our infrastructure from one assessment to the next. The fact is, this couldn't be farther from the truth. To combat this, the industry is using Machine Learning (ML) and Artificial Intelligence (AI) to breathe life into your current security assessments. The question remains though, is this just snake oil? What's the true value? During this session, we will take a long, hard look at the different definitions of ML and AI in the market today, explore how these technologies can help organizations solve critical security problems, and give attendees important tools that will help them cut through the hype and make the best decisions for keeping their networks – and the users, devices and data on them – secure.

     Optional 
    11:15 AM  -  12:00 PM
    Session 9 - Big Threats, Small Budgets: How Better Integration Mitigates Cybercrime Exposure  (By Fortinet- CASCADE-1st Flr)
    Cascade - 1st Floor

    Speaker: Brian McLean, Systems Engineering Manager, Fortinet

     

    Description: With the growth of IoT and Cloud, the attack surface that organizations and governments must protect is expanding dramatically. Many solutions exist to solve particular security and technical issues in your network, but as solutions are added, complexity is increased. Add to that shrinking budgets, the demand for speed, and the current cybersecurity skills gap that many organizations experience today and you are left with a seemingly insurmountable challenge. How can you effectively respond?

    This session will address how an integrated architectural approach- one that includes the ability to quickly and effectively audit, recommend and automatically fix the entire network security architecture, will create the best chance of mitigating your exposure and solving security holistically and for the long term.

     

    Intended Audience: Public Sector, State & Local Government, SMB, Enterprise, Mid-Enterprise security professionals: Director, CISO, CIO, VP, Manager, Architects.

     Optional  Closed 
    11:15 AM  -  12:00 PM
    Session 10 - OPEN  (By Palo Alto NW- SIERRA 2nd FL)
    Sierra - 1st Floor
    Description coming soon!!
     Optional  Closed 
    12:15 PM  -  1:00 PM
    Lunch Keynote 1: Can Security Be Easy?  (By Nyotron - Gateway Ballroom)
    Gateway Ballroom, 2nd Floor

    Speaker: Nir Gaist, Founder and CTO, Nyotron

     

    Description: Ponemon Institute estimates an average breach cost of $3.5 million, with a 27% probability that a U.S. company will experience a breach in the next 24 months. Malware is winning with a never ending supply of new attack vectors, previously unseen methods and malware variants. Why, after organizations have invested billions of dollars in security, are they still so vulnerable? Can security be made easy?

    This presentation will cover the latest threat landscape - from Meltdown and Spectre vulnerabilities to WannaCry ransomware, from the attack that disabled city of Atlanta to activities of nation-states. A new approach to look at security will also be proposed. Instead of fighting an infinite battle with attackers, focusing on the finite intentions behind the attack makes security so much easier.

    Two live hacks will also be part of this interactive presentation, including the infamous Rubber Ducky that remains practically unstoppable by today’s security solutions. You don’t want to miss this!

     

    Intended Audience: Security practitioners, CISO, Security Architects, IT Admins

    1:00 PM  -  1:30 PM
    Lunch Keynote 2: What Problems Might Blockchain Solve for Government?  (Gateway Ballroom - 2nd Floor)
    Gateway Ballroom, 2nd Floor

    Speaker: Jonathan Reichental, Ph.D, Chief Information Officer, City of Palo Alto

     

    Description: Blockchain technology is getting a lot of attention right now. There is significant excitement about its potential game-changing value in a range of contexts. This short session introduces the basics of blockchain technology and discusses it in the context of government. Participants will leave the session with a better understanding of blockchains potential role in government and whether it makes sense for their agency to learn more.

    2:30 PM  -  3:15 PM
    Session 11 - Don't Use Blockchain! .... Unless you really need one!  (By CA - SISIYOU - 1st Floor)
    Sisyiyou - 1st Floor
    Speakers:
    Scott Morrison, Senior Vice President and Distinguished Engineer, CA Technologies
    Lisa Buschmann, Solution Director, Cybersecurity, CA Technologies

     

    Description: Blockchain, the technology underpinning Bitcoin, is white hot right now. Hardly a day goes by without somebody announcing their new blockchain startup will change the world. It has even become the basis of new funding model—the ICO. If you are a leader in IT, chances are someone in your organization is putting a blockchain-based proposal in front of you right now and promising the world. But the issue with blockchain is that may not be the best choice to solve everyday business problems. It makes perfect sense in a crypto currency like Bitcoin; but blockchain may be vastly too complex and not fit for purpose in your application. A centralized database with a fixed trust model is not exciting, but it might just be a better choice. This talk will put blockchain in context, and help you spot blockchain-washing. You should leave ready to make the right choice about using a blockchain in your organization.

     

    Intended Audience: CIO, CISO, Department Heads, Infrastructure Leads, DevSecOps Leads - anyone looking into Blockchain technologies

     Optional 
    2:30 PM  -  3:15 PM
    Session 12 - Securing your Data and Identity in Government - Save your data from hackers!  (By BIAS/Oracle- DONNER-1st Flr)
    Donner - 1st Floor
    Speakers:
    Thom Locke, VP Security, BIAS Corporation
    Troy Kitch, Sr. Directory, Oracle Cloud Business Group, Security, Oracle Corporation
    Satish Kandagadla, Director/Solution Architect – Security | BIAS Corporation

     

    Description: Whether you’re a large or small government department, you have to be more vigilant than ever when it comes to protecting your confidential data. The threat landscape continues to grow more volatile, putting your data at risk. The total number of reported breaches grew by 62 percent over the previous year (Symantec Breach Report), with the number of identities exposed due to those breaches quadrupling to more than 5 million. But your data is not at risk just to hackers. Accidental exposure and device theft/loss accounted for 56 percent of those breach incidents. The National Institute of Standards and Technology (NIST) mandates that U.S. government agencies must employ end-to-end encryption for data-in-transit. The reason is clear. If your data is encrypted, it’s still protected in the event of a breach. Our session will discuss strategies to ensure that your data, identities and infratructure is secure from malicious attack.

     

    Intended Audience: Chief Information Security Officers, Data Privacy Directors and CIO's

     Optional  Closed 
    2:30 PM  -  3:15 PM
    Session 13 - The day after an attack! Breach Mitigation and Communication Planning  (By FireEye / ForeScout-OAK-FL2)
    Oak - 2nd Floor

    Speaker: Bruce Heard, Senior Manager, Security Consulting Services, Mandiant, a FireEye Company

     

    Description: How an organization communicates to the public about a breach is an essential part of an Incident Response Plan. With Social Media and the pressure from news outlets to disclose more information quicker, the amount of public scrutiny an organization faces as they go through a breach is at an all-time high and can have a significant long-term impact on reputation.

    This session will examine how, what, and when organizations need to communicate about a data breach.

    • What are the reporting laws?
    • What are the common pitfalls to avoid?
    • How do I prepare my executives and elected officials?

    This session will offer an inside look at crisis management around real-world breaches, communications pressures created by today’s threat landscape, and the crisis management planning essentials that public sector organizations need to be aware of.

     

    Intended Audience: CIOs, CISOs, Managers, Supervisors, Risk Managers, Public Relations, legal, governance,

     Optional 
    2:30 PM  -  3:15 PM
    Session 14 - IRS 1075 Compliance and Audits - What you need to know.  (By Tenable- CASCADE-1st Flr)
    Cascade - 1st Floor
    Speakers:
    Patrick Meister, Western Public Sector Mgr, Tenable Public Sector
    Jim Thor, Public Sector Engineer, Tenable Public Sector

     

    Description: Explanation of IRS 1075 e IRS Publication 1075 compliance on systems that store, process, transmit and/or receive Federal Tax Information and are subject to IRC 6103

    Safeguarding requirements.

    What the auditors are looking for and how to mitigate related vulnerabilities.

     

    Intended Audience: Public sector security and compliance personnel, CIO's, and CISO's, department and agency heads.

     Optional 
    2:30 PM  -  3:15 PM
    Session 15 - In a Cloud World Identity is the Perimeter  (By Okta - SIERRA 1st Floor)
    Sierra - 1st Floor
    Speakers:
    Jim Faut, Cloud Enterprise Architect, Okta
    Stormy Maddox, CISO, County of San Mateo

     

    Description: Agencies are poised to embrace the benefits of a modern cloud solution faster than ever before. However, there is a potentially disastrous challenge when trying to bridge legacy on premise solutions with tools not purpose built for a smooth transition to the cloud. When we apply the security strategy of the past (walls, rules and excessively complicated passwords) we unintentionally create roadblocks to getting the job done for agency employees. So, employees create unorthodox ways to simplify the complex, circumventing the mote we've built around our systems. What can be done to unite security and simplicity, support mission achievement and make embracing the benefits of cloud a reality? To do this we need a fundamental shift in IT, moving the perimeter to purpose built identity.

     

    Intended audience: CIO, CISO, CTO, Directors, IT Management, any security practitioners

     Optional 
    3:30 PM  -  4:15 PM
    Session 16 - What we have learned from high-profile breaches that can help us stop the next one  (By CrowdStrike-SISKIYOU-1st Fl)
    Sisyiyou - 1st Floor

    Speaker: Jackie Castelli, Director of Product Marketing, Crowdstrike

     

    Description: This session will get into the details of some of the most eye-opening breach investigations that CrowdStrike conducted last past year, and their implications for organizations of all sizes. It will also include recommendation on how to stop those type of breaches as well as some new research on “breakout time” – the time from initial intrusion to the first signs of lateral movement that precede a breach – and what defenders must do to respond before adversaries can press their attack.

     

    Intended Audience: CISO, Security leaders, and threat hunters

     Optional 
    3:30 PM  -  4:15 PM
    Session 17 -Leveraging the VMware Hypervisor to Secure Data Center Applications  (By VMware - DONNER - 1st Flr)
    Donner - 1st Floor

    Speaker: Chris Corde, Sr. Director Product Management, VMware, Networking and Security Business Unit

     

    Description: Customers are struggling more and more to keep pace with the requirements of cybersecurity. Most of this struggle is due to the endless arms race between defenders and attackers. We need a better approach. The virtualization layer (hypervisor) can be one of the most powerful tools in security, since it has the context of guest VM operating systems but runs in an isolated trust boundary. Using this tool, you can provide least privilege security approaches (System Integrity, Application Control, Micro-Segmentation, and Encryption) in an agentless fashion while aligning with the operational needs of the modern data center. This session will provide an in-depth review of how we deliver these capabilities at VMware through products like NSX and AppDefense.

     

    Intended Audience: Practitioners. vAdmins, Security Operations, Security Architecture.

     Optional 
    3:30 PM  -  4:15 PM
    Session 18 - Hacking Web Applications using Burp  (By PTP - OAK- 2nd Floor)
    Oak - 2nd Floor

    Speaker: Ronald Hamilton, CISO, PTP

     

    Description: This session will demonstrate how to test for OWASP Top 10 Web Application Security Vulnerabilities using the proxy tool ""Burp"". We will demonstrate how to detect and test for these vulnerabilities as well as how to avoid them in your applications.

     

    Intended Audience: Software Developers, AppDev Managers, ISO's, CISO's, Technical Staff, Aspiring Hackers (A working knowledge of HTTP and HTML is recommended)

     Optional 
    3:30 PM  -  4:15 PM
    Session 19 - Privacy Impact Assessments: Insights from the GDPR  (By Spirion - CASCADE - 1st Flr)
    Cascade - 1st Floor

    Speaker: Scott M. Giordano, V.P., Data Protection, Spirion

     

    Description: The EU General Data Protection Regulation (GDPR) is now the principle data protection regulation in the EU, and with it comes a distinct approach to protecting personal data. One area that has wide application for the public sector is in the conduct of Privacy Impact Assessments (PIAs). Given the expanded definition of personal data and the increasing sophistication in processing it, PIAs are more relevant now than ever. The GDPR requires a PIA under a number of circumstances, and the guidance given on when and how to conduct them offers tremendous new insight into the entire process. This session will introduce how PIAs are conducted under the GPDR, contrast them with approaches here in the U.S., and offer opportunities for dramatic improvements in the protection of personal data.

     

    Intended Audience: Legal, compliance, and technical staff; managers, supervisors

     Optional 
    3:30 PM  -  4:15 PM
    Session 20 - Assessments - Threat Hunting: The Difference Between Safe and Sorry  (By Dasher - SIERRA 1st Floor)
    Sierra - 1st Floor

    Speaker: Ashish Shah, Senior Solution Architect, Dasher Technologies

     

    Description: The chances are very high that hidden threats are already in your organization’s networks. Organizations can’t afford to believe that their security measures are perfect and impenetrable, no matter how thorough their security precautions might be. Having a perimeter and defending it are not enough because the perimeter has faded away as new technologies and interconnected devices have emerged. Prevention systems alone are insufficient to counter sophisticated, frequent, and focused human adversaries who are elusive and know how to get around most security and monitoring tools by, for example, making their attacks look like normal activity.

    Threat hunting, with the use of ML/AI and UEBA, proactively puts security on the offense. In this session, we will explore what threat hunting is, why it is important, how to get started and who should do it.

     

    Intended Audience: Medium level security professionals

     Optional 
    4:30 PM  -  4:45 PM
    CSS2018 Closing Remarks  (Gateway Ballroom - 2nd Floor)
    Gateway Ballroom, 2nd Floor

    Join us for the Closing Remarks, followed by the 2018 Cybersecurity Symposium Event Reception.

    4:45 PM  -  5:30 PM
    2018 Cybersecurity Symposium Reception  (Solution Center - 1st & 2nd FL)
    1st & 2nd Floors - Foyers
    Join us for a reception following the Closing Remarks.
Top