8:30-9am: Badge Pickup & Coffee

​

9am-12pm: Fortify Your Defenses: Zero Trust & Supply Chain Security Unleashed

Presented by: Walter Hirsekorn, General Manager of ISG

 

Dive into our high-energy workshop to master Zero Trust and Supply Chain Security. Learn to lock down cloud and remote systems with advanced MFA and ZTNA techniques, minimize breach risks using AI-driven analytics, and fortify supply chains through third-party risk assessments, real-time visibility, and SBOMs. Arm yourself with cutting-edge knowledge to dominate today’s cyber threats! 

Part 1: Zero Trust Architecture

• Implement Continuous Verification: Attendees will learn how to apply the "never trust, always verify" principle to ensure ongoing authentication and authorization of users, devices, and applications in distributed environments like cloud systems and remote work setups.

  • Exploring multi-factor authentication (MFA) and identity-based access controls to enforce continuous verification.

  • Case studies on implementing Zero Trust in hybrid cloud environments.

• Secure Distributed Systems: Understand techniques for protecting cloud and remote infrastructures by replacing outdated perimeter-based defenses with Zero Trust controls that minimize unauthorized access risks.

  • Transitioning from traditional VPNs to Zero Trust Network Access (ZTNA) solutions.

  • Best practices for securing remote workforce endpoints with Zero Trust policies.

• Reduce Breach Risks: Gain practical strategies for deploying Zero Trust policies and tools to significantly lower the likelihood of security breaches through real-time monitoring and access control.

  • Leveraging AI-driven analytics for real-time threat detection in Zero Trust frameworks.

  • Developing incident response plans tailored to Zero Trust environments.

Part 2: Supply Chain Security

• Conduct Third-Party Risk Assessments: Learn how to evaluate and mitigate risks from third-party vendors and software by implementing structured risk assessment processes to identify vulnerabilities.

  • Designing vendor risk scoring models to prioritize mitigation efforts.

  • Conducting due diligence audits for third-party software dependencies.

• Enhance Supply Chain Visibility: Understand methods to improve transparency across the supply chain, enabling better tracking and monitoring of components to detect potential security threats early.

  • Implementing real-time monitoring tools for supply chain component tracking.

  • Strategies for integrating supply chain visibility into existing cybersecurity frameworks.

• Adopt Software Bill of Materials (SBOMs): Discover how to create and utilize SBOMs to document software components, ensuring greater control over supply chain integrity and rapid response to vulnerabilities.

  • Tools and formats for generating and maintaining SBOMs etc.

  • Using SBOMs for vulnerability management and compliance reporting.

​

12-1pm: Security Workshop Lunch

​

1-4pm: Vendor and Contract Management for IT and IT Security Professionals

Presented by: Jonathan Kimmitt, Chief Information Security Officer of Alias Cybersecurity

 

This class is divided into three parts: Vendor Management and Contract Management. The Vendor Management part of the class provides an overview of vendor management and its importance in cybersecurity. It discusses common vendor risks, regulatory compliance requirements, risk assessment, and due diligence for vendors. The best practices for vendor management are covered, including developing a vendor management program, vendor selection and evaluation, contract negotiation and management, effective communication and collaboration with vendors, monitoring and auditing vendor performance, and managing third-party risks. It also covers managing vendor risks during an incident, legal and regulatory considerations for vendor management, and building a successful vendor management program. The class concludes with key takeaways and best practices for effective vendor management for CISOs.

 

The Contract Management part of the class introduces the concept of vendor/contract management and its ultimate goal of protecting people and organizations. It covers risk management, security and privacy risk assessment, procurement/contract life cycle, contracts and the law, IT role in the contract process, IT expectations during the process, types of contracts, liability concerns for IT, and the contract life cycle. The class also covers pre-contract preparation and documentation, contract negotiation and agreement, meeting contract requirements, and end of contract processes.  There will be hands-on review of various types of contracts throughout the class, to give experience in reviewing and redlining contracts. The class concludes with key takeaways, best practices, and the importance of ongoing monitoring and evaluation of vendor performance and continuous improvement in contract management practices.

 

AI Governance for Contracts: AI Governance for contracts  focuses on ensuring protections when engaging vendors that utilize AI technologies and equipping participants with the knowledge to manage AI-related risks effectively. The session covers essential topics such as identifying potential AI risks, establishing a AI risk management framework, and implementing due diligence during vendor selection. Attendees will also learn how to enforce contractual safeguards and continuously monitor vendor compliance with AI governance standards.