|Sunday, October 22|
3:00 p.m. - 6:00 p.m.
4:30 p.m. - 5:00 p.m.
David Raucher, Director of IT and Managed Services, CHR Solutions
This brief overview of cybersecurity topics and terminology will assist those who do not work in this area on a regular basis to be ready for the discussions to follow throughout the Summit. This is an optional session designed to provide fundamental understanding of the cybersecurity topic.
5:00 p.m. - 6:00 p.m.
|Monday, October 23|
|7:30 a.m. - 4:30 p.m.||REGISTRATION|
|7:30 a.m. - 8:30 a.m.||BREAKFAST|
|8:25 a.m. - 8:30 a.m.||
|8:30 a.m. - 9:30 a.m.||
Opening Keynote: Understanding the Threat Environment
Ryan Manship, Vice President, RedTeam Security Consulting
|9:30 a.m. - Noon||Cyber Tabletop Exercises
Take part in an active group discussion of how best to handle specific cyber incidents. Attendees will be break out into small groups and presented several cyber threat scenarios then each group will collectively formulate response strategies. Take the lessons you learn back to your company to assess, develop and update your cyber plans, programs, policies and procedures.
|10:35 a.m. - 10:45 a.m.||BREAK|
|Noon - 1:15 p.m.||LUNCH|
|1:15 p.m. - 2:15 p.m.||
Law Enforcement: Your Partner in Cyber Crime
Jaykumar Patel, Supervisory Special Agent, Mission Critical Engagement Unit, FBI
From investigating cyber attacks, providing lessons learned and resources to assist industry with mitigating threats, and working with affected companies to respond and recover when or if an incident occurs, law enforcement is a critical partner in the fight against cyber threats. Hear from law enforcement officials about how to best collaborate on matters of forensics and evidence gathering.
|2:15 p.m. - 3:15 p.m.||
The Role of Cyber Insurance
Carri Bennet, Partner, Bennet & Bennet
In today’s threat environment where risk can never be entirely mitigated, transferring the risk via an insurance policy is an important component of your company's cyber program. However, the insurance marketplace is nascent and often misunderstood. Learn more about what to look for when contacting an insurance provider and how to evaluate various policies.
|3:15 p.m. - 3:30 p.m.||BREAK|
|3:30 p.m. - 4:30 p.m.||
LEVELED LEARNING SESSIONS A
Level I: How to Build an Effective Cyber Risk Management Program
Kathy Whitbeck, Director, Network Management Center, Nsight
Where does an ISP begin with developing an effective security program to address the current cyber landscape, especially when faced with limited resources? This session is a great place to start. Learn what it takes to build a strong foundation of cyber risk mitigation and how to plan for future development.
Level II: Cybersecurity Best Practices
Frank Bulk, CTO, Premier Communications
The NIST Cybersecurity Framework, CIS Controls, ISO certification, BITAG—there is no shortage of best practices for ISPs. Learn more about how standards and best practices are developed, which ones may be the most beneficial, and how your company can incorporate them into your operational environment.
|5:00 p.m. - 6:00 p.m.||
|Tuesday, October 24|
|7:30 a.m. - 8:00 a.m.||
|8:00 a.m. - 8:50 a.m.||
Greg Jackson, Senior Cybersecurity Advisor
What does it take to have confidence in your cybersecurity? Can you get to a point where you sleep comfortably at night? Given the constant stream of headlines, it may seem like sleeping soundly is but a dream itself, but confidence in your cybersecurity is achievable if you understand how and why cyber attacks occur, use that insight to create resilient information systems, and then test your cybersecurity before a cyber criminal does. Learn about the essentials of a comprehensive cybersecurity program that Dynetics uses as the basis for its Cyber Resilience Certification Program.
Sponsored Breakfast Presentation by Dynetics
|9:00 a.m. - 9:50 a.m.||
LEVELED LEARNING SESSIONS B
Level I: Assessing Threats and Responding Accordingly
Sean Wolfgang, Intelligence Analyst II, National Cyber-Forensics & Training Alliance (NCFTA)
Keeping pace with a constantly shifting threat environment takes a well-trained team and well-constructed policies and procedures. This session will address the basics of baseline analytics that small telcos should be running, as well as best practices in the area of intelligence collection and analysis. Learn how to plan for rapid reaction to the most likely threats while avoiding panic and wasted resources on non-threats.
Level II: Supply Chain Risk Management
Tony Howlett, CTO, Codero
Your network is only as secure as its weakest link. Learn more about monitoring and mitigating supply chain cyber risks, including what questions you should be asking of third parties and methods to protect your assets and customer data.
|10:00 a.m. - 10:50 a.m.||
LEVELED LEARNING SESSIONS C
Level I: Mitigating Ransomware, Extortion and eCrime Through Threat Data Feeds
Matthew Stith, Product Manager, Deteque
The Spamhaus Project provides real-time threat monitoring and reputation blocklist resources for ISPs, email service providers, corporations, universities, governments and military networks. These resources are used to block the vast majority of spam and malware on the Internet today. Learn how to protect your network through DNS-based Blocklists (DNSBLs), Spamhaus DROP lists, Botnet C&C data, and the Spamhaus Response Policy Zone (RPZ) data for DNS resolvers, which prevents Internet users from clicking on malicious links in phishing and malware emails.
Level II: Putting Your Network Security to the Test
Josh Smith, Elite Ethical Hacker, Dynetics
This technical session is devoted to tools, tactics and techniques IT professionals should be implementing regularly to build a strong defense against cyber threats, including open source options available to smaller companies and the benefits of network penetration testing.
|10:50 a.m. - 11:00 a.m.||
|11:00 a.m. - Noon||
Closing Keynote: Learning from Our Fail: Online Collaboration in the Security Community
Current models of internet security have been significantly shaped by security failures of the past. The more collaboration and sharing within the security community, the better those models and specific tactics become. This look at “where we are now,” “how we got here” and “where we go next” as a security community reminds us that those who don’t know history are doomed to repeat it.