Sold Out!  

Thanks to all who registered.

"Understanding Cyber Threats - From the Boardroom to the Workforce"

Session Descriptions: 

Session I “Cybersecurity and Corporate Leadership: Connecting the Server Room and the Boardroom” 

Scott Baron, Chief Information Security Officer at Finance of America Holdings

Information security is both a business risk management and governance issue that connects technology, business management, and the boardroom. Senior leaders can no longer ignore the clear link between cyber attacks and their impact on customers’ trust, brand value, revenue, and profits.  Plausible deniability, lack of awareness about information risk, and treating cybersecurity as a mere ‘IT problem’ are no longer acceptable options. CEOs and company boards are accountable for the health of their organizations and for setting levels of risk for their companies. They are also responsible for building a team of trusted information security professionals able to implement a security program that meets risk and governance requirements and that routinely report to the C-suite on the company’s cybersecurity posture. 

In this keynote speech, Mr. Baron will discuss why corporate leaders must understand how cyber risks are being addressed within the company and what the information security staff should be doing to communicate issues, solutions, and progress in addressing those risks. He will also discuss legal liability issues for board members and executive management, and delve into the skills and knowledge needed to be an effective Chief Information Security Officer (CISO). Going forward, senior leaders need to understand their increasing role and visibility in their organization's overall cybersecurity risk posture; while information security professionals will be required to provide meaningful and actionable information to leadership so that effective risk-based actions can be taken.

Speaker Bio: Scott Baron is the Chief Information Security Officer (CISO) for Finance of America Holdings, iNETech, Inc., and an Adjunct Faculty at Salve Regina University where he teaches a first-of-its-kind graduate course on cybersecurity for managers.  With more than 25 years of Information Technology experience and 15 years in Information Security, Scott has helped to pioneer information security and risk programs at numerous fortune 500 companies in the Airline, Utility, and Financial verticals.  He was a Model Contributor for the Oil & Natural Gas Cybersecurity Capability Maturity Model; a Framework Contributor for the NIST Cybersecurity Framework; and an Advisory Group Member for the Bipartisan Policy Center, and the Electric Grid Cyber Security Initiative.  He holds a B.S. in Information Technology from the University of Massachusetts Lowell and is currently pursuing his J.D. from the University of Massachusetts School of Law. 

 

Session II “Profiles in Cybercrime: Understanding the Adversary”

Joe Provost, CEO of Syncstate

There have been numerous studies written about the psychology of a hacker or cyber criminal. Rather than trying to profile a specific group or individual, companies should be reviewing the information they already have that may be of value and try to understand how the adversary may manipulate their system or computer network to infiltrate it, so that they can put the right measures in place to safeguard it.

In this talk, Mr. Provost will examine three case studies of cybercrime and cyber-enabled crime to better understand the adversary and their particular “how-to.” This approach can help companies profile their own security environment and deploy specific lines of defense that may interrupt the adversary’s mission.

Speaker Bio: Joe Provost is a retired Chief Warrant Officer with 25 years of technical, professional, entrepreneurial experience. He has extensive knowledge of network defense against some of the most prolific Advanced Persistent Threats (APTs).  Joe’s previous experience includes military service in the U.S. Army specializing in threat intelligence and Information Operations (IO) warfare within Army Cyber Command and NSA’s TAO; research work with the MIT Lincoln Laboratory’s Cyber Systems group; and leadership experience as the founder/owner of a hi-tech startup (Syncstate 2013-16).  Joe is  also a network engineer and information security expert with CISSP, CEH, and other security designations; and is a frequent guest speaker and panel member at the Pell Center and MIT Geospatial Cyber Security forums and Professional Education series each summer.

Functional expertise and core competencies include: Cyber Hunt and Active Defense services, Incident Response and Forensic Analysis, Security Incident and Event Monitoring Architecture, Network and Web Application Penetration Testing, Cyber Threat and Analysis Operations, Security Operations Center management, and Cyber Range Operations management and Control.

 

Session III  “When Good Tech Goes Bad”

Dan Gortze, Security Manager – SRC Incident Response & Forensics Consulting at SecureWorks

You have spent significant financial and human resources to configure and protect your network and digital assets, purchased several new security tools and software, and now you’re wondering if those technologies will be able to protect your organization against potential cyber intrusions.

In this talk, Mr. Gortze will examine real-life scenarios in which security technologies failed, and even worst cases where threat actors used an organizations’ own security technologies against them. Dan will not focus on the pros and cons of particular technologies, but rather examine the need for proper security architecture and the residual risk posed by the required pervasive visibility of many security technologies. He will also share experience and insights from the field.

Speaker Bio: Daniel Gortze is the Delivery Manager for the SecureWorks Incident Response & Forensics Consulting Team, and has more than nine years of experience in Digital Forensics, Incident Management, and Computer Security.  Dan is responsible for daily operations of three out of seven Secure Works global IR generalist consulting teams, the oversight of all consulting engagements for his teams, and for incident management during large scale client breaches. His team is responsible for providing incident response and digital forensics analysis, log analysis, incident response plan development, incident response training, pre-incident comprise assessments, as well as other incident response focused services.

Prior to joining Dell SecureWorks, Dan worked for a large government defense contractor and a mid-sized university. With experience in small and medium business, higher education and enterprise environments, he has had exposure to and gained proficiency in a wide variety of technologies; leveraging them to both prepare for, and respond to breaches. In addition, Mr. Gortze has led Advanced Persistent Threat (APT) Containment and Eradication Planning for enterprise clients, interfacing with technical staff, management, and senior management to drive plans to completion. He has successfully led multi-million dollar breach responses, coordinating technical team analysis while communicating risk and investigation progress to C-level management, as well as handled many small and medium business engagements, balancing cost with client goals to produce actionable results. These include insider threat responses, acceptable use policy violations, malware outbreaks, and training engagements.

CPEs: 4

Seminar Registration: 8:00AM - 8:30AM  
Seminar Time: 8:30 AM - 12:30PM

Cost: Free

Continental Breakfast  Included

Please note: You must register in advance of this event as space is limited to 90 - please register early.

Cancellations / Refunds Policy

Register Now!