Zero Trust Interactive Forum - Agenda

CCSE: Zero Trust Interactive Forum is a two-day virtual event, consisting of fiery panel discussions, enterprise presentations, sponsor sessions, case studies, technical workshops and targeted lunch & learn seminars; creating an agile digital learning and networking environment for senior IT security leaders.

REGISTER NOW

16th June

09.30:
Welcome

------

09.30-09.50:
Keep it Simple, Stupid

  • Thom Langford - Security Advocate, SentinelOne

Is there a link between streamlining the security tools stack (through capability consolidation) and better data governance and privacy protection? Or are these concepts mutually exclusive?

Best of breed or technology consolidation? Overly expensive versus good enough but jack of all trades (and master of none)? And do these concepts affect your overarching information security programme anyway? Are there critical factors to consider, and are there signs when you may have made the wrong decision?

In this talk you will discover;

1. If there really is a connection between the tech stack and your infosec programme.
2. What are the implications of getting it wrong, or even, right.
3. How to recognise where you you will find the most value in your technology stack, and why.
 

-----

09.55-10.35:
PANEL: Zero Trust, ZTA, and ZTNA: What do they actually all mean?

  • Frank Satterwhite - Principal Cyber Security Consultant, 1600 Cyber GmbH
  • Fabrizio Di Carlo - Information Security Architect, Deutsche Börse
  • Steve Brown - Director, Cyber Security, Mastercard
  • Scott Storey - Lead Tutor, CAPSLOCK
  • Rajesh Ganesan - Vice President of Product Management, ManageEngine

 

With Zero Trust the new kid on the block and a security framework many are considering, it’s important to understand what it actually encompasses and what definition vendors go by. To add to the confusion, Zero Trust Architecture/Access and Zero Trust Network Access are terms also thrown into the mix. In this conversation we’ll explore how to get started with Zero Trust, the key terms to get your head around and what questions to ask vendors with Zero Trust solutions.

------

10.40-11.00:
Frictionless Zero Trust: Top 5 CISO Best Practices

  • Kapil Raina - VP Zero Trust and Identity, CrowdStrike

 

------

11.05-11.45:
PANEL: Can Zero Trust and DevOps go hand-in-hand?

  • Lera Leonteva - DevOps Security Architect, Manager, PwC
  • Wendy Ng - Cloud Security Architect Lead, OneWeb
  • Steve Bond - Group Head of Cyber Security, William Hill
  • Frank Morris - Managing Director, EMEA - Security Consulting, SIG, Synopsys

 

With the increasing transition to distributed cloud architectures and microservices applications, it’s wise to consider how to achieve this with a Zero Trust environment in mind. For applications, it can be easier to build the security requirements into code, but taking a lift-and-shift approach might not be conducive to this security framework. Also, as the DevOps environment is so dynamic, how can a Zero Trust approach support this and avoid slowing down the pipeline? This panel discussion will consider how we can next level our DevSecOps strategy and facilitate rapid, yet secure, digital transformation.

------

11.50-12.30:
End-to-end threat handling demo with SentinelOne: Detect, Contain & Recover in Minimal Time with AI & Automation

  • Elliott Went - SentinelOne
  • John Pease - SentinelOne

Join our demo to learn:
* How to stay ahead of the emerging threat techniques
* Understand how to automate your protection, reducing time to containment
* Build a robust layered endpoint protection policy
* Why full automated remediation is important
* How rollback is the last line of defence
 

------

12.35-13.00:
Trust or Not Trust? Is there a new mindset about CyberSecurity using Zero Trust?

  • Filipi Pires - Security Researcher & Cybersecurity Advocate


The journey to a zero trust architecture can seem like climbing a mountain at times. Determining which approach you should take, looking for a solution which is safe and efficient. When you set off it can be tough going. I'm hoping these principles will make it easier to understand what is needed when planning your transition to a zero trust architecture. During this presentation, we going to talk about some of those important principals to build this new vision about Zero Trust as a culture, and we'll talk some "brainstorming" about architecture to increase your environment...

------

13.05-14.05:
Frictionless Zero Trust to stop supply chain and ransomware attacks

  • Sascha Dubbel - Sr Product Marketing Manager, Identity and Zero Trust, CrowdStrike
  • Naren Vaideeswaran - Product Marketing Manager, CrowdStrike

As organizations accelerate their digital transformation initiatives, they are simultaneously dealing with remote workforce and preparing for the post-COVID-19 world when employees return to work. These sudden shifts are being exploited by the hackers for launching devastating attacks - like, for example, the most recent Conti ransomware, Maze ransomware and supply chain attacks. Join us over lunch and learn how CrowdStrike Zero Trust solution can detect and stop these attacks much earlier, with attack path visibility, security automation and real-time policy enforcement, making security frictionless for your organisation.

------

14.10-14.55:
PANEL: Securing business-critical legacy systems

  • Haroon Malik - Cyber Security Director
  • Joyce Rodriguez - Head of Cyber Threat Prevention, Shell
  • Rob Hornbuckle - Chief Information Security Officer, Allegiant
  • Steve Brown - Director, Cyber Security, Mastercard
  • Max Heinemeyer - Director of Threat Hunting, Darktrace

 

When moving towards Zero Trust principles, legacy systems must not be forgotten. As patches and modernisation programmes can be more challenging to roll out or non-existent in some cases, legacy systems could house the flaws in your security. In this discussion we’ll discuss how others are securing business critical legacy systems using a Zero Trust framework. We’ll compare businesses at different stages and explore:
- The limitations of Zero Trust with legacy systems
- What to do when migration or modernisation isn’t an easy option
- How to avoid creating vulnerabilities during upgrades/implementing new security measures
- An outline of the key steps to secure these systems

------

15.00-15.20:
How to break legacy systems limitations and introduce Zero Trust globally. Is passwordless authentication scaling an option for the nearest future?

• Is it possible to protect legacy systems in the same way as cloud apps?
• Can you integrate new security solutions without any software development?

During this showcase, you will:
• See the live deployment of multi-factor authentication on a legacy system.
• See our approach to easy and fast passwordless authentication deployment.
 

  • Marcin Szary - CTO & Co-Founder, Secfense
  • Krzysztof Góźdź, Sales Manager, Secfense
  • Antoni Sikora - Head of Growth, Secfense

------

15.25-16.05:
Technical Workshop - Session details follow soon

  • Max Heinemeyer - Director, Threat Hunting 

------

16.10-16.35:
Embracing Zero Trust in the Enterprise

  • Brian Meister - Sr. Principal Architect, Verizon Media

In 2017, the Verizon Media Enterprise Identity team began working towards zero trust security practices as a north star vision for navigating the Yahoo+AOL merger. In this session we will discuss practical steps to follow (as well as pitfalls to avoid) when embracing Zero Trust for the first time as we review the significant impact Zero Trust has made in our identity platform integrations and cultural engagement for builders in the Verizon Media enterprise.

------

REGISTER NOW

17th June

09.30:
Welcome

------

09.30-09.50:
Enhancing Zero Trust Postures with Autonomous Cyber AI

  • Max Heinemeyer, Director of Threat Hunting, Darktrace

Insider threats, supply chain attacks, and compromised credentials appear again and again in today’s high-profile cyber-attacks. Meanwhile, organizations are opening up new doors to attackers as they adopt cloud, multi-cloud, and hybrid infrastructures. The ‘zero trust’ model of security has become an increasingly popular framework for organizations seeking to protect themselves amid digital transformation efforts and new ways of working.

In this session, discover:
• How today’s threat landscape is continually expanding, with evolving attack methods such as double-extortion ransomware
• How AI can complement zero trust and integrate with its architecture
• How Cyber AI detected and analysed a 2FA compromise via a hijacked Microsoft 365 account
 

------

09.55-10.35:
PANEL: Closing the security gap in your third-party connections

  • Sonya Moisset - Lead Security Engineer, Photobox
  • Frank Satterwhite - Principal Cyber Security Consultant, 1600 Cyber GmbH
  • Ahsan Qureshi - Independent Cyber Security Consultant 
  • Prathiba Shah - COO, SkyHive.io
  • Thom Langford - Security Advocate, SentinelOne

 

3rd party breaches are on the rise and for those with unvetted partners, they offer an attractive entry point for attackers wanting to steal your data. Cybersecurity teams need to prioritise identity to secure remote access and move away from the traditional approach where you’re unlikely to know the user or device accessing your network. In this conversation, we’ll explore:
- The current threat landscape with 3rd party data breaches
- Assessing the security of your third-party connections
- What to focus on when reviewing your vendor management process
- How to have secure partner connections from onboard to offboard

------

10.40-11.00:
Zero Trust - A model for more effective security

Implementing a Zero Trust framework across an organization requires leading with a “never trust and always verify” mindset to secure your data and resources. Over the years, organizations have increasingly implemented Zero Trust frameworks into their environment due to the technological advancements and modern-day workforce changes such as SaaS applications, cloud-based data centers, mobile devices, remote workforce, and much more, which have caused the network perimeter to become challenging to define.

  • Vimal Raj - Head of Strategic Accounts, ManageEngine

------

11.05-11.45:
PANEL: Avoid ‘zero trust’ in your new framework

  • Steve Furnell - Professor of Cyber Security, University of Nottingham
  • Jean Carlos - Group Head of Information Security, Nomad Foods
  • Dr. Andrew Aken - Cyber Security Evangelist, Twitter
  • Steve Turner - Principal Analyst, Forrester
  • Kapil Raina - VP Zero Trust & Identity, CrowdStrike

 

As you’ve most likely experienced, change management is often the biggest hurdle for IT teams. This perhaps couldn’t be more true when you’re asking employees and stakeholders to take an extra step to log in or restrict their access to parts of the network. From a cybersecurity perspective, Zero Trust seems like a robust way to go, but how will you embed this new way of working into the fabric of the organisation? This panel discussion will together touch on:
- Defining the ‘Why’ to the organisation
- How to leverage the CEO and senior executives
- How far can you achieve frictionless adoption
- Reflections on what could have been approached differently

------

11.50-12.30:
Beyond the perimeter: Continuous monitoring with NIST's Zero Trust security model

  • Jay Reddy, Sr. Technical Evangelist, ManageEngine

This session focuses on:

• How to overcome the challenges of a perimeter-based security model with Zero Trust.
• Orchestrating a Zero Trust security framework established on access-based user provisioning, visibility, and governance.
• The role of security analytics in monitoring a Zero Trust environment.
• How Zero Trust supports Gartner's Continuous Adaptive Risk and Trust Assessment (CARTA) by continuously evaluating users and devices based on contextual access policies.
• How you can incorporate this approach into your existing security framework.
 

------

12.35-12.55:
Your software is vulnerable. Ask a hacker if you wonder how.

  • Boris Cipot - Senior Sales Engineer, Synopsys

The centerpiece of modern life is technology, and it all runs on software. But all that code is prone to risk and vulnerabilities. Even as we raise our risk awareness, we often miss the thing that is responsible for the next big breach. It’s vital to understand the threats we face in today’s software supply chain and stay aware of the ways that make the software we depend on more secure.

 

------

13.00-14.00:
Zero Trust: Good Idea, but what’s next? - Session delivered by Duo Cisco

  • Richard Archdeacon, Advisoroy CISO, EMEA Region, Duo Cisco

The term “Zero Trust” is appearing more frequently within the security sector. The concept of “Zero Trust” was first described by John Kindervag in 2009. With security environments of IT professionals becoming more complex and users demanding more flexibility, trust isn’t easy to come by. Security professionals now need a strategic approach to address the increasing need of the business and the multiple elements of their hybrid cloud and on-prem environments.

Discussion points:
• How to take your first steps to implement and measure a successful IAM programme
• Why more organisations are adopting zero-trust strategies
• Best practices and lessons - How passwordless can help.

 

------

14.05-14.45:
PANEL: Take trust out of your corporate network with a new model for IAM

  • Jean Carlos - Group Head of Information Security, Nomad Foods
  • Martin Ingram - Product Owner, Identity and Access Management, Royal Bank of Scotland
  • Paul McKay - Principle Analyst, Forrester
  • Kamil Zacharski - Senior Director, IAM Engineering and Application Support, Royal Bank of Canada
  • Richard Archdeacon - Advisoroy CISO, EMEA Region, Duo Cisco

 

Implicit trust in a corporate network needs a rethink, especially with new cloud applications and an increasingly hybrid way of working. This is where Zero Trust comes in. One area that's getting lots of attention is Zero Trust in identity & access management (IAM), which needs to balance end-user experience while not compromising your security posture. In this discussion, we’ll focus on how to reposition your IAM strategy in line with Zero Trust principles. We’ll also explore the technologies that support this strategy, facilitating seamless but secure access and using automation to reduce the manual load on cyber teams.

------

14.50-15.10:
Growing a Secure Environment Using Zero Trust Principles

  • Rebecca Nielsen - Director of Technology Integration, PKH Enterprises


Zero Trust is the latest buzzword in security, building on previous concepts such as Defense in Depth and layered security. While Zero Trust better addresses our current mobile highly interconnected world, achieving security goals remains elusive. This presentation will address some of the challenges organizations must overcome to achieve the results promised by a Zero Trust Environment.

------

15.15-15.35:
Zero Trust Network Architecture

  • Jason Soroko - CTO-PKI, SSL247 (A Sectigo Company)

Recent cyberattacks have shown that security perimeters are not unbreachable and that all network connections, both inside and outside the enterprise, should be considered potentially hostile. Jason Soroko explains how Sectigo views the Zero Trust Network Architecture and how certificate-based authentication is essential to implementing the secure enterprise of today and tomorrow.

 

------

15.40-16.00:
You Can't Phish an Empty Pond: How passwordless is the next essential step in your Zero-Trust journey

  • Richard Archdeacon - Advisoroy CISO, EMEA Region, Duo Cisco
  • Josh Green - Technical Marketing Engineer, Duo Cisco

We have all heard how important zero-trust is to our organisational security, but most of us are still carrying around some baggage from a past relationship: the password. Let's talk about how to get that obstacle out of your Zero-Trust path. Where does passwordless fit logically? How, and importantly, where will it work?

 

REGISTER NOW

Hotel & Travel

Sponsors

Silver Sponsor

  • Secfense
  • SSL247

 

Lunch & Learn Sponsor

  • Duo

 

Lunch & Learn Sponsor

  • Crowdstrike

 

Technical Workshop Sponsor

  • DarkTrace

 

Technical Workshop Sponsor

  • Sentinel One

 

Technical Workshop Sponsor

  • Manage Engine

 

Media Partner

  • Linux Magazine
  • ADMIN Magazine
  • CyberSecurityJobSite.com

 

Knowledge Partner

  • ISC2

 

Zero Trust Partner

  • InfoSec Conferences
  • IoT Now
  • The EE

 

Media Partner

  • Computing Security
  • Network Computing

 

Newsletter Sign Up