Attack Surface Management Summit

What Our 2022 Data Reveals About the Most Pressing Exposures on Your Attack Surface

Wes Hutcherson
Bishop Fox, Director of Product Strategy and Market Insights

×

Wes Hutcherson

Wes Hutcherson is the Director of Product Marketing for Bishop Fox where he oversees market intelligence, competitive research and go-to-market strategies. His multi-faceted, technology and cyber security experience spans over a decade with market leaders such as eSentire, Hewlett-Packard and Dell SecureWorks.  

Join offensive security experts from Bishop Fox as they share insights gleaned from an analysis of twelve months of findings captured in Cosmos, their award-winning attack surface management platform. Discover which exposures are plaguing modern attack surfaces and which ones pose the greatest risk based on true business impact. We’ll explore:

•  Types, severity, and the nature of prevalent exposures, broken down by attack surface footprint and industry considerations 
• What post-exploitation reveals about the real-world business impact of these exposures 
• Commonly ignored exposures that can lead to complex, high-risk attacks 
• Recommendations for proactive identification and remediation 

Our offensive security roots run deep with two decades of experience. We invite you to leverage the attack surface knowledge captured from thousands of testing engagements to go on the offense and proactively improve your security posture.

You Can’t Protect What You Can’t See: Asset Intelligence as the Core of an Effective Attack Surface Management Strategy

Allen Rogers
Noetic Cyber, Co-Founder & CPO

×

Allen Rogers

Allen Rogers is a co-founder and Chief Product Officer at Noetic Cyber. Allen is a seasoned cybersecurity product strategist and engineering leader. Over his 30-year career he has been a founding member and executive at numerous successful cybersecurity startups with a proven track record of identifying unmet market needs, envisioning innovative solutions, and building and scaling teams to successfully deliver those solutions to market. Most recently Allen served as Director of Engineering at IBM Security after the acquisition of Resilient Systems.

Decreasing visibility, growing attack surfaces, and limited resources have combined to create the perfect storm for security teams trying to protect against attackers. Organizations today can have millions of different assets, not just traditional compute devices but also networks, containers, mobile devices, code repositories, personal data, and people scattered across their organization. And despite dozens of security and risk tools, security teams still face crippling challenges when it comes to protecting the unknown.  

In this session, Noetic’s co-founder and Chief Product Officer Allen Rogers will showcase why asset visibility and intelligence should be at the core of an effective Attack Surface Management strategy. You will walk away with:

• 5 core capabilities of an effective attack surface management strategy
• The value not only of asset visibility, but also the importance of relationships between those assets to get a full 360-degree view of your security and IT estate
• How Cyber Asset Attack Surface Management (CAASM) platforms like Noetic can offer you unparalleled asset visibility, real-time insights and continuous security posture improvement to reduce your attack surface 

BREAK

Please visit our sponsors in the Exhibit Hall. They're standing by now to answer your questions.

Attack Surface Management: Why you should be going further to discover exploitable risks

Marc Gaffan
Cyberpion, CEO

×

Marc Gaffan

Marc Gaffan, Cyperpion’s CEO, is a successful business leader and entrepreneur. With a focus on building and scaling companies, Marc has led startups to become industry leaders with thousands of worldwide customers. Marc has 20 years of Cybersecurity experience, most notably founding Incapsula and bringing it to $100M ARR and its acquisition by Imperva.

SaaS, cloud service, and the reliance on vendors have made organization’s attack surfaces more complex and difficult to manage. But the risk doesn’t stop there. Attackers will exploit any exposure; across your assets and digital supply chains. Beating attackers to these exposed risks requires a systematic approach.

Cyberpion is the attack surface management solution that uses patented Connection Intelligence to provide laser focus into exploitable risks across your entire attack surface – and its digital supply chain. With machine learning-powered discovery engine, contextual risk assessment and prioritization, and end-to-end remediation workflow Cyberpion helps our customers rapidly address exploitable risks and improve their overall security posture.

Why All Roads Lead Back to the Cloud – and Why It’s So Easily Compromised

Nate Robb
Bishop Fox, Cosmos Operator

×

Nate Robb

Nate Robb is a Security Associate at Bishop Fox, where he works as an Operator for Cosmos (formerly CAST). Prior to coming to Bishop Fox, he held roles as a security consultant and spent time as a full-time bug bounty hunter, where he worked to secure Fortune 500 companies, state and Federal Agencies, and small and medium-sized businesses.

79% of companies have experienced at least one cloud data breach in the last 18 months, often due to unknown vulnerabilities.  As cloud infrastructure grows, so do vulnerabilities and misconfigurations. While many organizations spend a lot of time fixing issues they can easily identify with tools, those tools have limitations and don't operate the way a real-world attacker does.  Luckily, an offensive security approach can help surface high-value attack paths so you can proactively identify, understand, and mitigate the most impactful vulnerabilities lurking in your cloud environment.  Join the Adversarial Operators from Bishop Fox as they share real-world examples and explore: 

•  How hackers gain access to cloud environments (even when they aren’t targeting them) 
• Methodologies for exploiting vulnerabilities and escalating privileges 
• Insights gained from compromising additional services and uncovering pathways to sensitive information
• Recommendations for reducing risk in your cloud environment 

Come see how our team's findings can sharpen your cloud security strategy!

Leadership Panel: Mitigating Risk While Attack Surfaces Expand

Ryan Naraine
SecurityWeek, Editor-at-Large

×

Ryan Naraine

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Vinnie Liu
Bishop Fox, CEO

×

Vinnie Liu

Vinnie Liu is CEO and cofounder at Bishop Fox and a veteran leader in the information security industry. With over two decades of experience, he is considered is an expert in offensive security and security strategy; at Bishop Fox, he leads firm strategy and oversees client relationships.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Matthew Honea
Chief Information Security Officer

×

Matthew Honea

Matt Honea is an information security leader who was most recently Chief Information Security Officer (CISO) at SmartNews, a venture-backed media business based in Japan. Matt has worked extensively in the areas of threat intelligence, network defense, malware analysis and physical security. Matt was previously Senior Director of CyberSecurity at Guidewire where he led product and cloud security, and also has worked in the cyber insurance industry and for the U.S. government.

Jason Shockey
Cenlar FSB, Chief Information Security Officer

×

Jason Shockey

Jason Shockey is a Chief Information Security Officer in the financial services industry and  the founder of mycyberpath.com. He is passionate about helping people get into the cybersecurity industry and level up throughout their careers. Prior to his CISO roles, Jason served 20 years active duty in the US Marine Corps from 1999-2019 as a technology leader conducting cyberspace operations, incident response, and cyber risk management. Three of those years he served with the Cyber National Mission Force at Ft. Meade, MD. Jason believes there is a place for everyone on the cybersecurity team.

BREAK

Please visit our sponsors in the Exhibit Hall.

Fireside Chat: Jason Chan, Former Netflix Security Chief

Jason Chan
Former Netflix Security Chief

×

Jason Chan

Jason Chan has spent over twenty years in cybersecurity and is especially passionate about large-scale systems, cloud security, and improving security in modern software development practices. Most recently, Jason built and led the information security team at Netflix for over a decade before retiring in July 2021.

His team at Netflix was known for its contributions to the security community, including over 30 open-source security releases and dozens of conference presentations. He also previously led the security team at VMware and spent most of his earlier career in security consulting. Since retiring from Netflix, Jason has been advising a variety of startups and is also an Executive in Residence at Bessemer Venture Partners.

Jason enjoys coaching, mentoring, and helping folks from underrepresented groups enter and advance in the cybersecurity industry. Outside of work, he enjoys reading, running ultramarathons, and volunteering in habitat restoration, trail maintenance, and wildfire management. He received a BS from the College of Charleston and his MS from Boston University.

Ryan Naraine
SecurityWeek, Editor-at-Large

×

Ryan Naraine

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a veteran cybersecurity strategist who has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's past career as a security journalist included bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World.

Ryan is a director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.

Join us for a fireside chat with Jason Chan, former head of information security at Netflix and operating advisor, Bessemer Venture Partners. Jason joins SecurityWeek editor-at-large Ryan Naraine for a frank discussion on the state of vulnerability management and software development, multi-cloud deployments and expanding attack surfaces, the cyber startup vendor ecosystem, Microsoft's booming cybersecurity business, and some areas still ripe for innovation.

ON-DEMAND: Bishop Fox Demo

Bishop Fox Demo

ON-DEMAND: Noetic Cyber Demo

Watch a 15 minute overview of Noetic Cyber's Cyber Asset Attack Surface Management (CAASM) platform from Andrew Wadsworth, Sr. Security Sales Engineer from Noetic Cyber.

Networking & Virtual Expo