Day 1
Michael Mercer
Chief Security Officer at Federal Bureau of Investigation
Title: Security Training and Education: The End User
Summary: As our society becomes more technology driven, users of technology, specifically devices, must become more familiar with risks and vulnerabilities. Conducting annual security awareness training is not sufficient. As a security professional, you must provide the end user with processes and procedures that not only protect the organization’s information, but the users information as well. By conducting training, you are only providing the user with the ‘how to’; with education, you are providing the ‘why.’
Bio: Mr. Mercer is the Chief Security Officer for the Federal Bureau of Investigation (FBI) in the Denver Field Office, which covers nine Resident Agency offices located throughout Colorado and Wyoming. He joined the FBI in 1991 and has been the Division’s Chief Security Officer for the past 12 years. Mr. Mercer’s responsibilities include information, industrial, physical, and personnel security. He directs the Denver FBI Security Squad in identifying, developing, implementing, and maintaining security processes that reduce risk, respond to incidents, and limit exposure to liability. His office also establishes and implements appropriate standards and risk controls. In addition, Mr. Mercer received his B.S. Information Systems from Strayer University and his M.S. Information Assurance from Regis University and is a certified ethical hacker.
Day 2
Michael Breslin
Director of Strategic Client Relations at LexisNexis Special Services, Inc.
Title: Overview of Operational Intelligence – Importance of Data, Intelligence and Analytics
Summary: Michael Breslin will provide a synopsis of current threat landscape, including cyber, fraud, insider threat, domestic, mass shootings, human trafficking, and lessons learned from his time in the United States Secret Service. He will discuss intelligence analysis as a field and the tools and techniques associated with intelligence as related to law enforcement, homeland security, cybersecurity, and competitive business intelligence. He will talk about his career in law enforcement as it relates to criminal investigations and career opportunities in law enforcement and private sector.
Bio: Michael has more than two decades of experience in federal law enforcement and transnational financial and cybercrime investigations. He serves on the Cyber Investigations Advisory Board of the U.S Secret Service and is the Strategic Client Relations Director for Federal Law Enforcement at LexisNexis Risk Solutions. Prior to joining LexisNexis Risk Solutions, Michael served as deputy assistant director for the Office of Investigations for the Secret Service where he oversaw the planning and coordination of investigative responsibilities. Michael is also a Board Member for the National Center for Missing and Exploited Children. Mr. Breslin is a member of the Senior Executive Service and is a published author of numerous articles on homeland security, defense, and threat mitigation methods.
Day 3
Hossein Siadati
Senior Security Engineer at Datadog
Title: Taking Bad Pills and Using Rouge Software: Which One is Worse?
Summary: In this talk, Hossein Siadati will go over the notion of software integrity, provide real examples of what has gone terribly wrong in its absence, talk about Biden’s recent executive order on the subject matter, and present an open source framework that secures the software supply chains to avoid attacks similar to “Chicago Tylenol murders”.
Bio: Hossein Siadati is a software engineer and Cyber Security researcher. Currently, he is a senior Security Engineer at DataDog where he works on Software Integrity & Trust. Prior to that, he was a Google engineer working on security of software supply chains, and before that a post-doctoral fellow at the Center for Cyber Security at NYU. His topics of interest include authentication, network security, fraud prevention and detection, and software supply chain security. He has published several peer-reviewed papers on those topics in renowned conferences such as ACM CCS, IEEE VIS, and Financial Cryptography.
Day 4
Greg Foss
Principal Cloud Security Researcher at Lacework Labs
Title: Enterprise-Grade Crime Ops
Summary: Data theft, remote access trojans, credential stuffing, and much more are nothing new to the threat landscape that we have all become accustomed to. Though adversaries are now expanding upon their core capabilities with more modular and extensive malware, allowing for more diversity in their overall operations and becoming much more brazen as a result. Shifting trade-craft towards more destructive attacks combined with outright extortion and the sale of direct access into corporate networks. These are just a few of the trends that Lacework Labs is actively tracking related to the various growing (and lucrative) underground trends. In this talk, I’ll dig into threat actors’ latest techniques, tips for defending against them, and what to expect as these underground markets continue to evolve.
Bio: Greg Foss is a Principal Cloud Security Researcher with Lacework Labs, where he focuses on large-scale data science and threat research intending to help to secure customers' cloud environments. In previous roles, Foss led a threat research team, built and ran a global security operations program, consulted in red teaming, and worked as a security analyst for the Federal Government. In addition, he is a seasoned public speaker, having been interviewed across media outlets, delivering presentations at conferences across the globe, and has had his research published in various news outlets. Foss spends time with his wife and two children in his free time and is an avid swimmer and runner.
Day 5
Aurobindo Sundaram
Head of Information Assurance & Data Protection, RELX
Title: A year in the Life of a CISO
Summary: There are security technologies available to mitigate nearly every threat. Why do we have so many security issues then? Why are the very best companies brought down by attackers having failed to do apparently simple things such as patching a machine; changing user passwords; and securing application code from SQL injection attacks? It turns out that the real world is very different from what you might imagine. Complexities of organizations & technology, the rate of change of systems, and governance limitations in global organizations result in systemic security issues that are hard to address. As a future security professional, you will hear first-hand from a CISO who talks to you about good intentions and goals; and how reality affects them.
Bio: Aurobindo Sundaram is the Head of Information Assurance & Data Protection at RELX, a global provider of information and analytics for professional and business customers across industries. He works closely with the company’s Board of Directors, Group & division CEOs and functional heads, Chief Technology Officers, and Chief Information Security Officers to articulate and implement RELX’s global information security program. His remit extends across 30,000+ employees, offices in 40+ countries, and customers in 180+ countries. Aurobindo has graduate degrees in computer science and management and is a CISSP.