InfraGard Washington State Evergreen Chapter
Cyber Security Summit
8 CPE/CEUs with full attendance
Wed, March 8, 2023
7:30AM - 6:45PM PST
Hyatt Regency Bellevue
900 Bellevue Way NE
Bellevue, WA, 98004
C-Suite/Sr. Level Executives Only (Directors, Managers, Heads of IT, etc). Sales/marketing professionals & students will not be admitted.
or call 212.655.4505 ext. 247
The Seventh Annual Seattle/Bellevue Cyber Security Summit connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. Admission is $195 each, giving you access to all Interactive Panels, Discussions, Catered Breakfast, Lunch & Cocktail Reception.
Chief of Cybersecurity
CISA (Cyber Security & Infrastructure Agency), US Dept. of Homeland Security
Our conferences have been rated as one of The Top 5 Must Attend Conferences for the last 5 years. Learn from renowned experts from around the globe on how to protect & defend your business from cyber attacks during interactive Panels & Fast Track Discussions.2
Evaluate & See demonstrations from dozens of cutting-edge solution providers that can best protect your enterprise from the latest threats.3
Time, Travel & Money
Many senior executives simply don’t have the time to travel for up to a week to the large cyber trade shows. Our mission is to bring the cyber summit to the executives in the nation’s top cities. Our events are always for just one day only and are produced within first class hotels, not convention centers.4
Engage, Network, Socialize & Share
Engage, Network, Socialize & Share with hundreds of fellow Powerful Business Leaders, C-Suite Executives & Entrepreneurs.
CEUs / CPE Credits
By attending a full day at the Cyber Security Summit, you will receive a certificate granting you 8 Continuing Education Units or Continuing Professional Education Credits. To earn these credits you must participate for the entire summit & confirm your attendance at the end of the day.6
By investing one day at the summit, you may save your company millions of dollars, avoid stock devaluation and potential litigation.7
Each Cyber Security Summit is “By Invitation Only” and all attendees are pre-screened & approved in advance. On-site attendance is limited to approx. 300 Sr. Level Executives to maintain an intimate, non-trade show like environment.8
Did Uber, Facebook, Microsoft, Equifax, and thousands of other businesses that were hacked do everything within their power to avoid being victimized? Is your company next? Learn the latest defensive measures at the Cyber Security Summit from your peers and from thought leaders in the industry.
For any questions, please contact Samantha@CyberSummitUSA.com or call 212.655.4505 ext. 225
To speak or exhibit at an upcoming summit, contact BRand@CyberSecuritySummit.com or call 212.655.4505 ext. 223
Explore sessions, connect with experts, build your customized schedule and much more!
To become an official strategic marketing partner with the Cyber Security Summit, contact MHutton@CyberSecuritySummit.com or call 212.655.4505 ext. 241
This educational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Additional content & speakers will be added leading up to the Summit. Please check back for updates.
Meet, Engage & Enjoy Breakfast with fellow Business Leaders, Cyber Experts, Government Officials & Thought Leaders.
In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised. In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from attacks across all areas of their digital environment. Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organization.
Threat management programs aiming to establish visibility, detection, investigation and response are becoming more complex as infrastructure and workforces expand and adapt. This not only makes threat management more challenging but can also dramatically increase our exposure to attack. So how can we do a better job of proactively understanding and reducing the risks and exposures associated with this disparate environment, while simultaneously significantly reducing the stress on our threat management systems and teams?
Join us to hear what we have learned from thousands of engagements in this developing field, which we are referring to as Exposure Management. This approach has the goal helping organizations reduce risk and inefficiencies and get the most out of the tools, processes and people that they have. All while enabling the business to evolve and thrive.
What separates top performing cybersecurity teams from everyone else? It’s largely their ability to quickly uncover, understand and remediate threats. Enter low-code security automation. This powerful and extensible technology can unlock the potential of your security team with machine-speed decision making. But just what can you do with low-code security automation – and how can it help take your team from good to great?
“Pay Up, or Else”. The number of organizations who have been faced with this scenario has been steadily increasing over the past several years as ransomware attacks continue to rise — both in numbers and the size of payouts.
The clear and present danger of a ransomware attack looms large among cyber executives and business leaders as the number of vulnerabilities increases daily. According to a 2022 CRA Business Intelligence survey, nearly one in four respondents reported that their organization experienced one or more ransomware attacks in the past 12 months, and almost one out of three of these organizations said the attacker succeeded in gaining access to their systems, encrypting files, and demanding a ransom
According to this survey, many believe that the worst is yet to come and that they are at a significantly higher risk of a cyberattack than ever before – it’s not a matter of “if,” but “when.”
Preparing for the inevitable and defending against the threat of a ransomware attack requires constant evaluation and assessment, and then making the necessary adjustments.
On this panel, our lineup of industry experts will discuss the key security measures enterprises must take, going beyond backup and recovery and anti-malware/anti-virus solutions to include endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS security tools, SIEM, DLP and encryption, and cloud security software.
Alexander Salazar Jr
InfraGard Washington State Evergreen Chapter
Cofounder & SVP, Chief of Strategy
Director of Security Engineering
Industrial Control System
Chief Technology Officer
Fleet Device Management
Vice President of Product Management
When choosing any vendor, public sector organizations look at matrixed capabilities to make their decision, but they usually miss an important one: Culture.
In cybersecurity, typical vendors have high turnover. The turnover creates unsatisfactory results for cities and counties, including missed expectations. Since day one, Critical Insight has been determined not to be a high-turnover company. Our Founder will talk about the culture of the company from mission-focus to employee sourcing and hiring to career development and remote work, and our key values that have our employee retention rate over 90% – through the pandemic and “great resignation.” He will discuss how this creates stability, reliability, and consistent company contacts for customers.
Three learning outcomes:
During the past 10 years I’ve participated in many security incidents, received confidential readouts of other company incidents, collaborated with top well-known incident response firms as well as government agencies. It’s with these experiences and learnings I’ve applied an overlay of Zero Trust to the problem. Having also delivered Zero Trust strategies at two globally-recognized enterprises we can speak to the reality of the problem and solution.
In 2022 I presented how my Enterprise Security teams delivered Zero Trust at Adobe and Cisco. So, let’s talk about why we prioritized the initiative; a forward thinking strategy that really defended against the attacks we were seeing. During this session we’ll discuss some high-profile security incidents from the past year, reviewing the themes, kill chain, and how or where a Zero Trust strategy might help prevent the attack, slow them down, or reduce risk.
As an example, many high profile hacks all started similarly. Related to an employee or contractor credential theft (or purchase) and an MFA fatigue or bypass. These are NOT highly sophisticated attacks and there are strategies that can save your bacon.
As security practitioners, we’re always trying to find ways to get ahead of attackers and mitigate threats before they wreak havoc in our environments. But, traditional defense-in-depth strategies rely more on reactive controls to build walls that we hope will stop attacks from being successful. However, time and again, we see news headlines proving how often and how easily these reactive approaches are defeated.
Today’s attack surface requires a different approach, focusing on preventative risk mitigation strategies that give more visibility, more context and a better mechanism to tie technical risk to business context. While reactive controls are still necessary, the more we can identify areas of risk before the attackers do and close the gaps in our defenses, the fewer attacks will take place and the more effective those reactive controls will be.
Preventative security strategies are driven by making better decisions about how, when and where to mitigate risks. In this talk, we’ll review techniques to implement within your security program that will give a better understanding of the technical and business risk across your attack surface, how to identify the areas to focus on first and ways to drive a more meaningful approach to mitigating risks before cyberattacks exploit your weaknesses.
Use of the cloud is continuously growing, not surprisingly so due to its perceived lower costs, greater agility, and ability to increase computing power with increased demand & continuously deploy new applications and software features.
Despite the appeal of cloud, there are many security risks and vulnerabilities and managing these risks has proven to be a big challenge as cyber criminals shift their tactics to cloud data and systems in responses to this increased use of the cloud. According to a CRA Business Intelligence’s September 2022 Cloud Security Survey, misconfigurations, lack of oversight, and little visibility across the organization are among their chief concerns regarding cloud deployments.
If organizations are going to successfully adopt/transition to the cloud, they must ensure security is part of their program. An effective cloud security program includes various process and technology capabilities to effectively keep up with the current threat landscape and vulnerabilities.
Chief Technology Evangelist
Container Security Presales Engineer
Senior Director, Incident Response & Cloud Operations
Varonis System, Inc.
Cloud Architect and Field CTO
Principal Security Architect
CSO, Prisma Cloud
Palo Alto Networks
Security breaches become headlines, and breach headlines that were rare just five years ago seem to occupy today’s daily news cycle. At the same time, the outdated image of an information security practitioner running through the office, brandishing their flaming sword of justice and screaming, “thou shall not pass!” is now from a bygone era. In fact, many of today’s data breaches are made possible by missteps and misconfigurations, and compounding this are security issues introduced to website authentication mechanisms that enforce bad end user behavior. As a result, security debt has become a significant problem for most organizations, and attackers will exploit it to their advantage.
The Cyber Security landscape is overflowing with vendors making it very difficult for practitioners to determine what solutions and vendors can actually positively impact organizational risk while reducing complexity and maximizing resource management. Extrahop will discuss how to identify market shifts and offer a roadmap to be ahead of the technology curve in determining what vendors and technology to evaluate.
Few environments are as fast-changing and rapidly evolving as cloud computing. In a matter of just a few years, growth has exploded, and the cloud’s capabilities continue multiplying. Along with the growth in the cloud is a near equivalent growth in attacks on cloud networks. According to Check Point researchers, attacks on cloud-based networks increased by 48 percent in 2022 compared to 2021. In fact, Gartner says 95% of cybersecurity professionals are concerned about public cloud security. Making matters worse, also according to Gartner, there is a 52% cloud computing skills gap with today’s cybersecurity professional needs and overall, there is a 2.72M shortage of cybersecurity professionals. All of these facts lead to a significant need for a smart, powerful, comprehensive, and complete security platform to manage and secure today’s multi-cloud, cloud-native deployments. Enter CNAPP – Cloud Native Application Protection Platform. In this session, we’ll discuss what CNAPP is, why it’s needed, and several available resources where you can learn more.
Security programs have undergone major changes in recent years, to adapt to the changes that Agile development, DevOps pipelines, and faster deployments bring. New DevSecOps programs and models have resulted in a significant security ownership shift to the development teams. But, in order for development teams to truly take responsibility for security, they need to embrace and adopt the new security practices. This is no easy feat! It introduces many organizational, process, and tooling challenges. In this session, we will discuss specific examples of how top brands are using Snyk to successfully achieve this. In addition to these use cases, we’ll share tips and best practices on how you can improve the developer adoption of your security needs, as well as common pitfalls or problems to avoid.
Despite having distinct differences, data privacy and compliance are deeply intertwined with cyber security. As focus on data privacy and compliance increases, business leaders can expect to see vast changes related to how consumer data is managed, shared, and secured. Policy & laws on data privacy and compliance continue to expand and become increasingly stringent, so it is important for companies and their respective business leaders to consider these areas as they develop & evaluate their cyber security strategies. For instance, last year the SEC proposed amendments to its rules on cyber security, risk management, strategy, governance, and incident disclosure by public companies.
At a more granular level, there are various initiatives to protect specific consumer data and ensure enterprises are compliant in doing so – particularly health data and children’s personal information. The American Data Privacy and Protection Act (ADPPA) if passed could greatly impact health data beyond the scope of HIPAA by establishing a national framework to protect & preserve the privacy of consumer data collected by entities not covered by HIPAA. In an American Medical Association survey, about 75% of surveyed patients expressed concern and confusion related to the privacy of their health data and how it is handled. The ADPPA could help clear up some of this confusion by establishing clear expectations. Another critical area is the collection of personal information of children. The Children’s Online Privacy Protection Act (COPPA) helps put parents in control of how their children’s data is handled and ensures that all entities in possession of this data sustain its confidentiality, security, and integrity.
Maintaining strong data privacy and compliance practices is imperative in preventing sensitive personal data from becoming compromised. This information is extremely valuable to cyber criminals, who seek to utilize compromised data to steal others’ identities or resell such PII.
This panel will look at the latest data privacy policies and implications for what this means for business leaders in the future. Our lineup of experts will lend their insights and offer best practices relating to privacy, compliance, and identity protection.
WiCyS Western Washington Affiliate
Regional Vice President of Sales - West
Sales Engineer Director
Sr. Manager, Privacy, Risk & Compliance
Sr. Regional Sales Manager
Principal Technologist, Data Protection and Cloud Expert
Senior Vice President, Global Solutions Engineering
For almost all organizations, the reality is not if, but now when, there will be some sort of breach or data compromise. The goal of this talk is not to incite fear, but quite the opposite: confidence, through preparation. We will discuss topics and tactics to address before and after the “boom”, helping better prepare, react, and respond for the best outcome for your customers and company
SIEMs have evolved over the past few decades due to the evolving threat landscape, increasingly complex architectures, and ever-increasing data volume and velocity. In this session, we will cover the history of SIEMs and introduce a new strategy leveraging the concept of detection-as-code to optimize detections and threat hunting.
Taking a detection-as-code approach will show how to use a language most already know — Python and SQL. Leveraging the detection-as-code approach, we will also show how to write detections, test them, and introduce software development lifecycle best practices that can be used for version control, collaboration, and integration with your CI/CD pipeline.
To be eligible to earn your Full 8 CPE Credits, delegates must be in attendance for the full day. In order to claim any raffle prizes, you must be present during the cocktail reception.
Discuss and share the latest in cyber protection with our renowned security experts during interactive Panels & Round Table discussions. View our Security Content Sharing portal for past Cyber Security Summit solutions to protect your business from cyber attacks.
Chief of Cybersecurity, Region 10 Seattle Office,
CISA (Cyber Security & Infrastructure Agency), US Dept. of Homeland Security
Cybersecurity State Coordinator, State of WA,
CISA (Cyber Security & Infrastructure Agency), US Dept. of Homeland Security
The Cyber Security Summit connects cutting-edge solution providers with Sr. Executives to analyze & diagnose cybersecurity flaws through interactive panels & roundtable discussions. View the latest presentations given at the Cyber Security Summit through our Security Content Sharing portal.
The Cyber Security Summit is proud to be in partnership with some of the industry’s leading organizations in technology, information security, and business leadership.
If your media outlet or association is interested in becoming a strategic industry partner with The Cyber Security Summit, please contact Megan Hutton at MHutton@CyberSecuritySummit.com or call at 212.655.4505 ext 241.
Thank you for registering for the Cyber Security Summit. Please bring a copy of your confirmation email with you. Our networking breakfast will start promptly at 7:30 AM. To receive your full 8 CEU / CPE credits, you must attend for the entire day. We look forward to seeing you soon!
Find out how you can become a sponsor and grow your business by meeting and spending quality time with key decision makers and dramatically shorten your sales cycle.
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|