InfoSec World is one of the longest-running information security events in the U.S. Entering its 23rd year, security professionals planning conference calendars for 2017 might be wondering what we have up our sleeves to make this year’s event better than ever. What we’re not doing is taking the focus off of great content, top-notch speakers and information exchange.
InfoSec World 2017 attendees will experience a greater number of interactive sessions, including an entire roundtable track, a tabletop exercise double session and a closing panel that encourages participation. Plus, we’ve included additional networking hours. We know that security professionals love their hallway tracks, and MIS Training Institute (MISTI) has committed to giving our customers what they’ve asked for — not to mention complimentary mimosas.
Must-Attend Sessions at InfoSec World 2017
The InfoSec World 2017 main conference will feature more than 70 talks and collaborative sessions presented by familiar speakers as well as new voices. The goal of the advisory board is to pick all five-star talks, but the sessions described below are the top few that promise to be standouts.
‘The Exploits Used in Ransomware Campaigns’
Ransomware was all the rage in 2016, forcing larger organizations to evaluate file backup processes and capabilities. The question of whether or not to pay was hotly debated. Each company tried to decide for itself what would happen if its systems were exploited and data held hostage.
In recent months, ransomware authors have taken the game of stealing and encrypting victims’ data to greater heights, promising to dox, or blackmail, organizations that properly prepared for an attack and therefore don’t need to heed criminals’ demands.
During his session, “The Exploits Used in Ransomware Campaigns,” security researcher Brad Antoniewicz of Open DNS/Cisco will break down the attack chain of a ransomware campaign and explain what he calls “the carefully orchestrated sequence of events” that leads to compromise. Antoniewicz will also demonstrate one new, unpublished vulnerability, plus open source tools that can be used to identify the presence of malicious content.
‘Secure Data Logistics: How Information Security Can Learn From Armored Cars’
Before online banking and the cybercrime that followed, banks relied upon armored trucks and heavily armed guards to protect the paper money transacted throughout the workday. Over the decades, armored logistics companies learned best practices in dealing with the Butch Cassidys of the world, as well as less successful attempts.
Dunbar Armored, the largest armored logistics company in the U.S., has had to withstand all types of attacks against its trucks and drivers. Dunbar’s chief operating officer (COO), Chris Ensey, along with the Rapid7 vice president for managed services, David Etue, will present a fun yet enlightening talk about some more outrageous robbery attempts during “Secure Data Logistics: How Information Security Can Learn From Armored Cars.” The speakers will draw parallels between physical security controls and cyber equivalents, and share security tools IT organizations can use — some for free — to achieve better data protection.
‘Your Data Was Breached, Now What?’
Every time a major breach hits the headlines, security professionals are reminded of the importance of a strong incident response (IR) plan. Many companies have plans that were created collaboratively with IT teams, legal and HR departments, and key executives. These plans outline what the company will do if an incident is detected internally or when it is notified by law enforcement that sensitive data has been found on the Dark Web.
But those plans are often left unattended. Who actually has the time to run a mock incident, anyway? You will if you attend “Your Data Was Breached, Now What?” In this interactive incident response table top, the dynamic duo of Diana Kelley, executive security advisor at IBM, and Ed Moyle, director of thought leadership and research at ISACA, will assign attendees roles and responsibilities. Together, participants will discuss strategic approaches to post-breach investigation and response.
‘1998 Called and It Wants Its Stupid Internet Law Back … Before It Destroys the World’
Famous author, blogger and activist Cory Doctorow is on a mission. He and his colleagues at the Electronic Frontier Foundation (EFF) filed a lawsuit against the U.S. government to invalidate section 1201 of the Digital Millennium Copyright Act. Created in 1998 for the device types that existed back then, the law made it a felony for system owners to tamper with manufacturer settings in an effort to stop piracy.
Today, digital rights management (DRM) issues have expanded to myriad Internet of Things (IoT) devices, including voting machines, insulin pumps, lightbulbs, cars, smartphones, tablets and computers. Security researchers who are diligently attempting to find and disclose vulnerabilities to make the IoT more secure are now at risk of committing a felony just for doing their jobs.
During “1998 Called and It Wants Its Stupid Internet Law Back … Before It Destroys the World,” Doctorow will explain the state of the EFF’s fight and share his thoughts on how eliminating DRM altogether will change the information security industry for all time.
‘What We Learn From Hackers … and the Government’
It has long been said that cybercriminals are better collaborators than the defenders of data. Over the years, many law enforcement agencies in particular have been reticent to work with former criminals or those that occupy a gray area in hacker society. That said, through dealings with criminals and deviants, federal prosecutors have learned a lot about the minds and motivations of the cyber underbelly.
InfoSec World favorite Erez Liebermann, chief counsel of cybersecurity and privacy at Prudential Financial, and Andrew Pak, trial attorney of computer crimes and intellectual property at the Department of Justice (DOJ), will share what they’ve learned over the years in the field. They’ll also explain how organizations can become better at information sharing, as the criminals have, to better protect our organizations from malicious attacks.
It Ain’t Over Til It’s Over
The five talks outlined above only skim the surface of this conference. The InfoSec World 2017 agenda is chock full of timely talks, such as “Forensics and Discovery Obligations vs. International Privacy Law” and “Cyber Liability Insurance 101.” For those interested in getting their hands dirty, InfoSec World will offer 10 workshops, five of which are hands on, meaning attendees will learn how to analyze malware, reverse engineer exploits, practice red and blue team hunting techniques and more.
If your role no longer includes hands-on-keyboards technical wok, join one of our interactive summits on risk management, security leadership or cloud security. These day-long events have each been built to instigate information sharing so participants can end their day with new ideas, new industry colleagues and new resources to bring back to the office.
Learn More About InfoSec World
Security Intelligence Staff