Agenda

• 7:30 – 8:00 AM: Registration and continental breakfast

• 8:00 – 8:50 AM: Russell Eubanks - Cyverity, on “Cyber Rosetta Stone”!

• 8:50 – 9:00 AM: Stretch and speaker transition

• 9:00 – 9:50 AM: Chip Crane - IBM, on “Think like a CISO”!

• 9:50 – 10:15 AM: Jacob Masters - INSPYR, “Employment Update From the Trenches”

Agenda

• 7:30 – 8:00 AM: Registration and continental breakfast

• 8:00 – 8:50 AM: Jeffrey Sweet (Resolute Cybersecurity Strategies) on “Distilling a Cybersecurity Strategy!”

• 8:50 – 9:00 AM: Stretch and speaker transition

• 9:00 - 9:20 AM: Chris Horner (Triaxiom Security) on “Protecting Yourself From People Like Me ”!

• 9:00 – 9:50 AM: Dexian on “Employment update from the trenches”!

• 9:50 – 10:15 AM: Closing comments and networking

Summary

Led by Robert (Bob) Henry (Senior Solution Engineer at Corelight), this hands-on event is for aspiring analysts and practitioners engaged in Incident Response/Handling, Threat Hunting and CSI: Cyber Security Investigations.

Agenda

• 1:00 PM – 1:15 PM: Registration

• 1:15 PM – 5:00 PM: Hands-on Workshop

Agenda

• 8:00 AM – 8:30 AM: Registration and continental breakfast

• 8:30 AM – 9:00 AM: Workshop Kickoff

• 9:00 AM – 12:00 PM: Workshop

Agenda

• 7:30 – 8:00 AM: Registration and continental breakfast

• 8:00 – 8:50 AM: Mike Brannon (National Gyspum) on “Secure your Microsoft 365 solutions with Microsoft Security tools!”

• 8:50 – 9:00 AM: Stretch and speaker transition

• 9:00 – 9:20 AM: Claire LaVelle (Verizon) on “Optimizing PCI Compliance in Financial Institutions!”

• 9:20 – 9:50 AM: Robert (Bob) Henry (Corelight) on "Does network telemetry still matter in today's threat landscape?"

• 9:50 – 10:15 AM: Closing comments and networking

Agenda

• 7:30 – 8:00 AM: Registration and continental breakfast.

• 8:00 – 9:00 AM: Mike Holcomb, "Countdown to Industrial Destruction!"

• 9:00 – 9:15 AM: Intro to Phish Club!

• 9:15 – 10:00 AM: CRIBL, Single Pane of Glass for Threat Hunting, SIEM and SOAR Tools!

  Thank you to our sponsor, CRIBL and TAILWIND!

Featuring a Lockpick Village and a Silent Auction (proceeds to charity)

• 5:30 – 6:30 PM: Registration and Mixing

• 6:30 – 7:00 PM: Rick Doten presents “Managing A Neurodivergent Workforce”

• 8:00PM: Silent Auction Winners Announced!

  Proceeds given to a charity to be identified.

  This is purely voluntary. If you decide to provide an auction item, we will need what you are donating and starting bid price a week in advance so we can print up bid cards. Example: Bourbon tasting session for a group of 5-10 tasters, starting bid $200.00 Submit auction donation details to info@charlotteissa.org !

• Bonus Activity - Lockpick Village sponsored by Fox Pick!

  Come out to Top Golf and get a chance to learn how to pick locks with Fox Pick! Fox Pick will be running their Fox Pick Village and will have both of their custom one-of-a-kind games, Felix's Breakout and the newest, head-to-head one, Pic Tac Toe!

Agenda

• 8:00 AM - 8:15 AM: Registration + Breakfast

• 8:15 AM - Kickoff & Workshop session!

  Bonus after hours event will be announced at the kickoff!

Course Scenario: Remote work, combined with cloud adoption and unprecedented employee turnover, has created a perfect storm for organizations trying to protect their most strategic and sensitive data. Insider threats are the top cybersecurity concern among CISOs globally. As the Data Loss Prevention (DLP) and Insider Threat Management (ITM) markets converge, a people-centric approach is required to fuel your cybersecurity strategy. The primary objective of both sets of technology is to prevent data loss and misuse of data. DLP monitors file activity and leverages content scanning to determine whether users are handling sensitive data according to corporate policy. ITM monitors user activities such as application usage, user input/output, website access and file movement. It also captures screenshots of high-risk activity for visual evidence to accelerate investigations.

In this free workshop, you will learn:

• Best practices on how to protect people and defend data!

• How to detect and respond to potential insider threats!

• How to investigate insider threat and data loss incidents!

• How to stop data loss through cloud sharing tools and personal webmail; And much more!

Participant Requirements: In order to participate in the hands-on lab, you will need to bring your own personal laptop.

Agenda

• 7:30 – 8:00 AM: Check-in, continental breakfast, & networking

• 8:00 – 8:50 AM: Dr. Peter Scheuermann (Senior Technical Project Manager at Planet Technologies) on "Servant Leadership and Modern-Day Application in Cybersecurity!"

• 8:50 – 9:10 AM: Cain Wooldridge (Account Manager at Dexian) on ”Navigating the IT Job Market: Trends, Tactics, and Triumphs”

• 9:10 – 10:00 AM: Nia Luckey (Senior Cybersecurity Business Consultant at InfoSys) “Leveraging Federal Compliance Best Practices to protect AI Data!”

• 10:00 – 10:15 AM: Networking and book signing

Thank you to our sponsor Dexian!

Speaker Topics

Details coming soon!

Agenda

• 8:00 – 8:45 AM: Breakfast + Introduction to Compliance Controls like SOX, CCPA, etc., and their relationship with Identity Security

• 8:45 – 9:00 AM: Break

• 9:00 – 9:45 AM: SailPoint's Approach to Regulatory Compliance

• 9:45 – 10:15 AM: Break & Light Snacks

• 10:15 – 11:15 AM: Hands-On Lab - Building Your Identity Governance Platform*

• 11:15 AM – 12:00 PM: SailPoint Customer Spotlight: Real-World Implementation and Auditing Successes

*Hands on lab participation limited to 25 attendees, and each attendee is required to furnish a laptop.

Workshop provided & sponsored by Sailpoint!

Special thanks to Mike Brannon and National Gypsum for providing the space for this event!

Compliance-Centric Identity Security Workshop

Join the Charlotte ISSA and SailPoint for an immersive 4-hour workshop dedicated to bolstering identity governance in a rapidly evolving regulatory landscape!

This event is curated for those aiming to reinforce their enterprise's defense against compliance challenges through strategic identity security measures:

• Review Key Regulations: Grasp the intricacies of specific identity compliance controls as they relate to SOX, CCPA, GLBA, etc and their connection to identity security.

• SailPoint's Unique Stance: Discover SailPoint's specialized approach to regulatory compliance, ensuring robust identity governance.

• Hands-On Experience: Engage in a real-time lab, allowing you to set up and test your identity governance platform, anchored by insights from a SailPoint customer's implementation journey.

Agenda

• 7:30 – 8:00 AM: Check-in, continental breakfast, & networking

• 8:00 – 8:50 AM: Marlon Harris (SOC Manager at Hanesbrands) on "Being Cyber"

• 8:50 – 9:00 AM: Stretch and speaker transition

• 9:00 – 9:50 AM: Rachael Schweizer (Senior Director of Global Cybersecurity Engineering at Pfizer) & Jon Bagg (Co-Founder and CEO of Salem Cyber) on “A Cyber Leader's Guide to Safely Adopting AI”

• 9:50 – 10:15 AM: Closing comments and networking

Sponsored by Salem Cyber!

Speaker Topics

Marlon Harris — "Being Cyber"

There is a broad misconception that you have to be some ‘super brainiac’, overly gifted individual to take on a career in cyber. While there are disciplines to be learned, Cyber is a dynamic, evolving ecosystem that just requires its tenants to continue learning. I hope to share how many can shape their thinking into joining the ‘Cyber’ ranks. Many may discover that their hidden talents are brought to life in this field.

Rachael Schweizer & Jon Bagg — "A Cyber Leader's Guide to Safely Adopting AI"

Generative AI is invading every aspect of Enterprise technology. Join us for a discussion of top risks presented by the current wave of generative AI; then, hear from a local cyber leader on her organization’s approach to enabling the business to use AI safely.

REGISTER HERE

Join the Charlotte ISSA Community on August 10th, 2023 for a Live Fire Cyber Range Attack Simulation Workshop hosted by Cyberbit. Using the Cyberbit Platform, workshop participants will be immersed in a hyper-realistic environment with enterprise grade networks, commercial security tools from Palo Alto Networks & Splunk and real-works cyber-attack scenarios. Attendees will work to detect and respond to a live attack. This Live Fire Exercise is designed for SOC and Incident Response Teams and qualifies for CPE Credit with (ISC)2.

Agenda

• 7:30 – 8:00 AM: Registration and continental breakfast

• 8:00 – 8:50 AM: Jeffrey Sweet, Director Security Assessments, American Electric Power

• 8:50 – 9:00 AM: Stretch and speaker transition

• 9:00 – 9:50 AM: Jennifer Minella, Founder and Principle Advisor, Network Security - Viszen Security

• 10:00 – 10:30 AM: Networking + Bonus Event - Jennifer Minella, book signing! Secure a copy of Jennifer's book at Amazon - https://a.co/d/8OcIDsJ

Speaker Topics

Jeffrey Sweet - "Supply Chain Risk, It’s Not Just About Cyber Security""

In this session, Jeffrey will discuss Supply Chain Risk and the variety of elements that factor into that risk:

• Supply Chain Risk is greater than Cyber Security Risk

• How do you decide what is risky to your business?

• How much risk is acceptable?

• How do you evaluate the risk?

• How do you track risk?

• Who is responsible for responding to the risk?

• How do you track risk and for how long?

These are all questions that will be answered during this presentation.

Jennifer “JJ” Minella - "CISO's Briefing for Securing IoT"

Managing the sprawl of IoT is like trying to catch a fish with your bare hands. With today’s leading guidance in theory, most CISOs, security architects, and network engineers are struggling to find meaningful and actionable guidance.

In this session, JJ will share:

• How to categorize/classify different IoT for security program purposes, including a common vendor-neutral lexicon you can use for your environment.

• Applying Zero Trust principles to IoT: Addressing identity, authentication, authorization and segmentation across different types of IoT.

• Creating policy for IoT devices in the enterprise to address risk, use cases, and compliance.

Agenda

• 3:00 – 3:15 PM: Registration & networking

• 3:15 – 4:15 PM: Introduce Charlotte cyber community’s organizations (ISSA, ISC2, CSA, & ISACA) by each group’s leader

• 4:15 - 5:00 PM: The Journey of Cybersecurity by Amanda John @ Eliassen Group

• 5:00 - 5:30 PM: Speaker Q&A

• 5:30 - 8:30 PM: Social Mixer at Legion Brewing Southpark

Speaker Topics

Amanda John - "The Journey of Cybersecurity"

Journey #1 and #2 will be paths into security for individuals wanting to break in, one with no technical background and one with a limited technical background. Both journeys will offers paths utilizing free and low cost resources for training and certification and suggestions on how to plug into various communities. Journey #3 will be the path for the mid market security leader trying to compete with the enterprise organization to hire security resources- what are some local programs to plug in with, what are some local companies doing interesting things to emulate, what do you need to be open to in order to be competitive?

Agenda

• 7:30 – 8:00 AM: Registration and continental breakfast

• 8:00 – 8:50 AM: Jack Freund (Bitsight) on "Why ESG Demands Better Cyber Risk Management"

• 8:50 – 9:00 AM: Stretch and speaker transition

• 9:00 – 9:50 AM: Jeff Crume (IBM) on "Adversarial AI - Lying Chatbots, Deepfakes, and more ..."

• 10:00 – 10:15 AM: Closing comments and networking

Speaker Topics

Jack Freund - "Why ESG Demands Better Cyber Risk Management"

This session will discuss why a greater investor community focus on ESG will ultimately mean greater emphasis on cyber risk management. Beginning with an overview of ESG concerns and ratings, Jack will discuss how cyber fits into the overall view of Boards and the Investor community governance concerns.

The session will conclude with a conversation about how traditional cybersecurity governance can be adapted to this new paradigm and ways in which it will need to change.TBD

Jeff Crume - “Adversarial AI - Lying Chatbots, Deep Fakes and more …”

This presentation will explore the potential dangers of adversarial AI, lying chatbots, and deep fakes. We will discuss how these technologies are becoming more sophisticated and how they can be used to deceive people, spread disinformation, and even cause harm. Through real-world examples and demonstrations, we will explore the implications of these technologies for society in order to gain a better understanding of these emerging technologies and the risks they pose. (Note: This description was written by ChatGPT.)

Sponsored by Elliassen Group!

Agenda

• 7:30 – 8:00 AM: Registration and continental breakfast

• 8:00 – 8:50 AM: Trevor Lyness (Recorded Future) on "Reducing Operational Risk with Threat Intelligence"

• 8:50 – 9:00 AM: Stretch and speaker transition

• 9:00 – 9:50 AM: Mike Brannon (National Gypsum) on "How do YOU handle your SOC Operations?"

• 10:00 – 10:15 AM: Closing comments and networking

Speaker Topics

Trevor Lyness - “Reducing Operational Risk with Threat Intelligence"

This discussion will focus on what and how specific risks can be mitigated with threat intelligence and the benefits of doing so, including how to:

-       Gain visibility into your expanding digital footprint and reduce the effects of digital transformation on your organization’s security posture,

-       Monitor additional attack vectors from third-party vendors and suppliers to reduce third-party risks, and

-       Increase your team’s efficiency by reducing the reliance on manual processes.

Mike Brannon – "How do YOU handle your SOC Operations?"

This interactive discussion focuses on the various approaches to Security Operations and uses National Gypsum’s journey to a Managed SOC tied to Microsoft Sentinel to exemplify key points.

Agenda:

7:30AM - 8:00AM, Registration and continental breakfast

8:00AM - 8:50AM, Torry Crass, NC Board of Elections

Topic - "Help! My EDR is Attacking Me: Incident Response Trends"

8:50AM – 9:00AM, Stretch and speaker transition

9:00AM – 9:50AM, Doug Cassel, SentenilOne

Topic - "Why to Build a CTF"

9:50AM-10:15, Closing comments and networking

Speaker Topics

Torry Crass – “Help my EDR is Attacking Me: Incident Response Trends”

Join us for a conversation with Torry Crass, NC Board of Elections CISO focused on trending threats and how to better prepare for incident response.

Doug Cassel – “Why” to build a CTF?

Actual Interactive CTF – come ready to play! (Awards and gift cards)

“Why” …to build a CTF discussion?