| 9:00 - 9:15 AM |
Welcome and Introductions
- Jeff Moss, Founder, Black Hat + DEF CON
- Steve Wylie, General Manager, Black Hat
|
| 9:15 - 9:30 AM |
Stamping Out "Repeat Offenders"
Cyber security awareness, behaviour and culture have risen up the industry agenda over the last few years. More and more security leaders recognise the need to shape a positive security culture in their organisations. But when it comes to effectively managing human risk, how do we deal with colleagues who repeatedly click links in phishing emails or lose their laptops? In this session, Dr Jessica Barker will:
- Explore the link between security culture and consistently insecure behaviours
- Provide actionable takeaways on more effectively engaging those who routinely practice insecure behaviours
- Address why the last thing we should do is refer to these colleagues as "repeat offenders"
-
Dr. Jessica Barker
Dr. Jessica Barker is an award-winning global leader in the human side of cyber security, named one of the top 20 most influential women in cyber security in the UK. She is Co-Founder and co-CEO of Cygenta, where she follows her passion of positively influencing cyber security awareness, behaviour and culture in organisations around the world. She has delivered cyber security awareness sessions to over 40,000 people in over 23 countries. She is the Former Chair of ClubCISO, a non-commercial community of senior information security leaders with over 400 members.
She is a popular keynote speaker, including keynoting RSA San Francisco in 2020. Jessica is the go-to cyber security expert for many media outlets, appearing on BBC News, Sky News, Channel 4 News, BBC radio and much more. In September 2020, Jessica's book Confident Cyber Security was published by Kogan Page and became a number one Amazon best-seller within hours of publication.
|
| 9:30 - 9:45 AM |
Live Panel Discussion: Stamping Out "Repeat Offenders"
|
| 9:50 - 10:20 AM |
Live Breakout Sessions:
Modern Spartans of the Internet - How to Recruit, Develop, and Retain for Excellence
While the cybersecurity skills gap continues to grow and more and more jobs remain unfilled, how and where do we as leaders look for the talent we need? Just as there is no "silver bullet" for security technology, there is no "silver bullet" for recruiting, developing, and retaining the talent you need. Industry certifications, education, and real-time training all play a role. Is there a way for universities, industry, and organizations alike to work together to make an impact? This breakout discussion, led by Cybrary's CEO Kevin Hanes, will dive into these topics through open dialogue with fellow cybersecurity leaders.
-
Kevin Hanes
Kevin Hanes is the chief executive officer of Cybrary and serves on its board of directors. Cybrary is a company dedicated to building the world's leading cybersecurity professional development platform. The company aspires to be THE destination for individuals and teams to develop, deepen, measure, and prove their cybersecurity skills. Cybrary is driven to positively impact learners' lives while helping organizations solve their cybersecurity skills gaps, succeed against ever-evolving threats, and keep their companies safe from cyberattacks.
Before joining Cybrary in June 2021, Kevin spent 8 years as COO of Secureworks. In that role, he helped transform Secureworks into a recognized global market leader in cybersecurity, he built one of the most respected cybersecurity operations teams in the world, and he led his organization through hyper-growth and an IPO.
Kevin began his career at Dell Technologies in custom software integration and moved into leadership roles with increasing responsibilities and global scope over his 15 year tenure. The experience he gained in the early years at Dell were especially invaluable and formative as the company was pioneering e-commerce and social media strategies, launching products into the datacenter markets for the first time, and expanding globally. Kevin learned the massive power of having clear goals paired with a compelling vision of the future. He also learned how to innovate, invent, find product market fit, and execute with excellence. While working full-time at Dell, Kevin earned his Bachelor's from St. Edward's University in Austin in 2003, graduating magna cum laude, and also earned his Master's at The University of Texas at Austin 2006.
Kevin and his wife Amanda have been married for over 20 years and have three children. When not watching one of his children's sporting events, Kevin especially enjoys sailing and is motivated by opportunities to learn and grow.
Bug Bounties or Beg Bounties
The first security technology bug bounty predated the Internet by over one hundred years: Alfred C Hobbs breaking an unbreakable lock at the Great Exhibition of 1851 for the princely sum of 200 Guineas. With the acceleration of technology adoption, unintended consequences, our adversaries, and the need to quickly understand how "unhackable" things really are, it's safe to say that things have escalated since then.
In 2021, there as many who benefit from engaging the good-faith hacker community as there are folks who find themselves lost in a mish-mash of term confusion, unclear expectations, and general reservations - in spite of the increasingly obvious truth that "it takes an army of allies to overcome an army of adversaries". This breakout is for both.
Casey John Ellis, the Founder, Chairman, and CTO of Bugcrowd, pioneer of the crowdsourced security as-a-service category, and co-founder of The Disclose.io Project will unpack the "family tree" of vulnerability disclosure, bug bounty, and crowdsourced security testing, frame up how we got here, and facilitate a discussion from the group about where it all goes next.
-
Casey John Ellis
Casey is the Founder, Chairman, and CTO if Bugcrowd. He is an 18 year veteran of information security, servicing clients ranging from startups to multinational corporations as a pentester, security and risk consultant and solutions architect, then most recently as a career entrepreneur. Casey pioneered the Crowdsourced Security as a Service model launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosures standardization project in 2016. A proud ex-pat of Sydney Australia, Casey lives with his wife and two kinds in the San Francisco Bay Area. He is happy as long as he’s passionately pursing potential.
Risk Management and Why We're Doing it Wrong in Security
The security industry adopted risk as a key approach to managing security two decades ago but while security risk practices were formalised into security risk frameworks the broader risk community has been innovative and has developed multiple improvements and new approaches. The security risk community is only now waking up to some of the issues with currently implemented security risk practices with new standards, and new tools emerging.
Phil Huggins, the National CISO for Health & Social Care and one of the primary authors of the Open Information Security Risk Universe will describe some of the common pitfalls in current common security risk practices before leading a discussion to discover how attendees have handled these in their own work or what they would like to do and what's holding them back.
-
Phil Huggins
Phil Huggins is a delivery-focused, chartered, security and risk professional with extensive experience of governance, management, system engineering and practical architecture across a wide range of disciplines and technologies. Phil is experienced in briefing and presenting cybersecurity risk concepts to boards and training NEDs. Phil has designed and operated security for critical national infrastructure and sensitive government. Phil has advised and managed global financial services organisations and advised national regulators on cyber resilience and cybersecurity.
|
| 10:25 - 10:55 AM |
Confessions of a Recovering CISO: What I didn't Know About Cyber Insurance
After nearly 20 years as a CISO, I made a big career jump, moving to the cyber underwriting-side of the business. Cyber security expertise plays a integral role in underwriting cyber insurance and I was excited to contribute. But I slowly came to realise that I never really understood cyber insurance as a CISO. During this session, I will share what I discovered in my CISO to underwriter transition. To raise awareness of cyber insurance basics and the very active role CISO can play, we'll address several key topics:
-
Michael Colao
Michael currently serves as the Global Chief Underwriting Officer, direct and indirect cyber risks for AXA XL. Michael previously worked for AXA Group Security as the Corporate Chief Security Officer responsible for Information Security, Physical Security and Operational Resilience for AXA's businesses in the US, UK & Ireland, AXA Investment Managers, AXA XL, Architas, and AXA Global Health. Prior to that, he has been the CISO for several insurance companies, global investment banks, and other financial services firms. Michael became involved with cyber security when working with the Marijuana virus in 1988, and has been working with it since. He graduated from the Massachusetts Institute of Technology where he studied Mathematics and Computer Science. Since then, he has lived in three continents and has lectured globally on cybersecurity and technology issues.
|
| 11:00 - 11:35 AM |
Live Group Discussion
Be a part of the conversation! Join Black Hat Advisory Board members for a moderated discussion on the following:
- What does "moving at the speed of the threat" really mean? Is it possible?
- Supplier security is broken – how do we fix it?
- With more security solutions moving to the cloud, opex costs rising faster than ever – how can we regain control of the security budget and ensure the business stays aligned?
Attendees should come ready to ask questions and actively participate.
|
| 11:35 - 11:50 AM |
SOC in the Spotlight, See What's Possible With Google Cloud Chronicle
Google Cloud is taking a radically different approach to solve modern security challenges of the SOC. Our decades of experience pioneering differentiated approaches to security inform our most powerful security offerings like Chronicle.
Learn how you can leverage a new solution-driven approach to transform your SOC and hear lessons learned from our customers like BBVA and Viacom/CBS who are implementing Chronicle and our security models in complex environments.
-
Anton Chuvakin
Head of Solutions Strategy, Google Cloud
Dr. Anton Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. Anton was, until recently, a Research Vice President and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team. Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance.
|
| 11:55 AM - 12:25 PM |
Lessons From a Global DevSecOps Transformation Initiative
The integration of security into the software development process is the latest evolution step of the DevOps process and concept, with an emphasis on collaboration and everyone working towards the same goal. Nevertheless, security remains the remit of a separate function, with direct impacts to code quality, delivery timelines and costs. In the upcoming presentation, I will share lessons from global DevSecOps transformation initiative at a large multinational, with quantifiable effects of having security champions and architects embedded within development teams. Whilst tooling is an important aspect of process, having the right mindset, organisation structure and change controls will ensure investments made can be sustained in the organisation. I shall be sharing lessons learnt as well as technical and process controls which can be applied to safeguard code quality, productivity and agility in a post pandemic world.
-
Dr. Wendy Ng
Wendy is OneWeb's Cloud Security Architect Lead and subject matter expert. OneWeb is a communications company, leveraging Leo Earth Orbit (LEO) satellites for egalitarian broadband connectivity for all. She defined the strategy for Experian's global DevSecOps transformation initiative. With a background in infrastructure and cloud security, she is a keynote speaker and thought leader with over 70 articles published. Wendy honed her technical consulting skills from experiences in a number of industries, including aerospace, healthcare, financial services, telecommunications, transport logistics, and critical national infrastructure. She started her commercial career as a technical consultant at Cisco, before experiences at PwC and Deloitte. A trained medical and data scientist with practical experience in statistics, machine learning and AI algorithms. Wendy completed her doctoral studies at the University of Oxford in medical genetics and has contributed to the scientific community through peer-reviewed publications.
Articles and Blogs: www.linkedin.com/in/wendyng1/detail/recent-activity/posts
|
| 12:25 - 12:40 PM |
Break in content |
| 12:40 - 1:10 PM |
Fear, Uncertainty and Clout: Cybersecurity's Image Problem and What We Can Do About It.
Those of us who work in cybersecurity have become immune to the ways we tend to represent threats: military and fantasy imagery, acronyms, and fancy animals among them. How do these representations play out for so-called 'ordinary' people who don't share our specialist knowledge? Based on new research into the rhetoric of cybersecurity, this talk combines a light-hearted critique of security jargon with serious analysis of its impact on protection from threats, and even who gets to work in cybersecurity. It doesn't have to be this way, and Victoria has ideas for how we might empower people to protect themselves and help solve our recruitment issues.
-
Dr. Victoria Baines
Dr Victoria Baines is a leading authority in the field of online trust, safety and cybersecurity. She frequently contributes to major broadcast media outlets on digital ethics, cybercrime and the misuse of emerging technologies, including Virtual Reality and Artificial Intelligence. Her areas of research include electronic surveillance, cybercrime futures, and security rhetoric. She also provides research expertise to a number of international organisations, including Interpol, UNICEF and the Council of Europe.
Victoria is co-host of the award-nominated Cyber Warrior Princess podcast, demystifying cybersecurity for a popular audience. She regularly addresses both specialist and non-specialist audiences, and has been named as one of the top 25 women in cybersecurity (IT Guru & SC Magazine).
For several years Victoria was Facebook's Trust & Safety Manager for Europe, Middle East and Africa. Her work focused on operational support to law enforcement, and strategic engagement with policy makers on criminal activity online. Before joining Facebook, Victoria led the Strategy team at Europol's European Cybercrime Centre (EC3), where she was responsible for the EU's cyber threat analysis. She designed and developed the iOCTA, Europe's flagship threat assessment on cybercrime, and authored 2020, scenarios for the future of cybercrime that were the basis for a successful short film series of the same name.
Prior to this, Victoria was Principal Analyst at the UK Serious Organised Crime Agency (SOCA), the forerunner of the National Crime Agency. She began her career in law enforcement in 2005 as a Higher Intelligence Analyst for Surrey Police. In 2008, the International Association for Law Enforcement Intelligence Analysts recognised Victoria's work with a global award for outstanding achievement.
Victoria serves on the Advisory Boards of cybersecurity provider Reliance ACSN and the International Association of Internet Hotlines (INHOPE), and is a trustee of the Lucy Faithfull Foundation. She is a graduate of Trinity College, Oxford and holds a doctorate from the University of Nottingham, UK. She is a Visiting Fellow at Bournemouth University's School of Computing, a former Visiting Research Fellow at Oxford University, and was guest lecturer at Stanford University in 2019 and 2020.
|
| 1:15 - 1:45 PM |
Black Hat Briefings Preview
Daniel Cuthbert, a member of the Black Hat Advisory Board, will provide a review of the hottest topics being covered during the Black Hat Briefings to give summit attendees a leg up on what to attend and what to look for during the conference. This conversation will set the premise for audience conversation and offer a framework for post-event action items for attendees.
|
| 1:45 - 2:15 PM |
Locknote
At the close of the Executives Summit, join Black Hat Advisory Board members for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways from the Executive Summit and how these trends will impact future InfoSec strategies.
|
| 2:20 - 3:30 PM |
Closing Reception
|
