Zero Trust Strategies Summit

Identity Powered Zero Trust

Gurinder Bhatti
Okta, Global Security Strategist

×

Gurinder Bhatti

Gurinder leads the Okta presales security team and works with both customers and prospects on security-related matters concerning the Okta Identity Cloud as well as general cloud practices. He has been involved with cybersecurity in the Financial Services industry for two decades having worked at the New York Stock Exchange, Moody’s, and other FinServ organizations.

While Zero Trust has become an industry slogan among security advocates, it also has been diluted by being associated with specific solutions and technologies. Let’s move beyond the buzzword and beyond the diatribe of repeated messages that fall short in providing a clear and concise message. For security practitioners who strongly advocate for ZT, we are going to provide practical and actionable steps on your journey to implementing ZT within your environment.

How to Create a Multi-Layered Approach to Cybersecurity

Brian Knudtson
11:11 Systems, Director of Product Market Intelligence

×

Brian Knudtson

In his 20-year career, Brian has experienced many different perspectives of the IT industry having worked as a customer, value-added reseller, vendor, and service provider, including roles in web development, system administration, post-sales deployment, pre-sales architecting, public cloud design, and technical marketing. Currently, Brian is the Director of Product Market Intelligence at 11:11 Systems. He has been a long-time member of the VMware community, occasionally blogging at http://knudt.net and tweeting at @bknudtson.

Could your organization continue business as usual in the face of a cyber attack? Last year alone, cybercrime rose more than 15%, and attacks are becoming more sophisticated as they become more frequent. Even more scary: half of all organizations have not put a cybersecurity risk plan in place! This is why many organizations are working to adopt a comprehensive, layered approach to security, and one that incorporates Zero Trust strategies. During this presentation we'll discuss:

• How you can adopt an approach that will help you identify and triage threats
• What you can do to prioritize and remediate vulnerabilities
• Why you need to go beyond mere technology to include people and processes as part of your security strategy
• Why a multi-layered, holistic approach to security provides the best defense

Zero Trust – Beyond the Buzzwords

Melissa Bischoping
Tanium, Director, Endpoint Security Research

×

Melissa Bischoping

Melissa Bischoping is a passionate security evangelist whose academic & professional background in human psychology and technology align to educate, advocate, and remediate the difficult security problems faced by businesses and individuals.

She currently works as Director of Endpoint Security Research at Tanium where she analyzes emerging threats, zero-days, and CVEs to provide subject matter expertise for internal and external customers. Prior to Tanium, she held positions in operations and security across the hospitality/casino industry, and industrial/manufacturing industry. Melissa is most interested in topics around adversary emulation, effective purple team operations, zero trust philosophy, and digital forensics and incident response. She was honored to be selected as a 2023 RSA Conference Security Scholar representing the SANS Technology Institute. She has presented at in-person and virtual conferences and roundtables throughout the United States, Canada, and Australia.

Outside of work, Melissa pursues a Master of Science in Information Security Engineering at SANS, where she also competes as part of the nationally-ranked Capture-The-Flag team. Her personal hobbies include DIY home renovation, backyard birding, tennis, and gardening. She lives in northern Virginia with her husband, son, 3 Sphynx cats, and 1 Min-Pin.

Interest into Zero Trust is surging across the globe, including a strategy by the US government to modernize their architecture and shift away from a culture of “trusted networks” and perimeter based security. 
Despite this growing interest, the marketing buzzwords have muddied the definitions of what it means to be “Zero Trust”, and senior leaders often view it as a magic wand, a product they can buy, or a catch-all for security strategy.

In this presentation, we’ll discuss the core concepts for those new to Zero Trust architecture, and get down to the brass tacks of design principles, policy considerations, and technology. We’ll explore the questions you should ask and exercises to determine your Zero Trust readiness and current posture agnostic of vendor-specific language or tooling.

BREAK

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

Tech Session: The Supply Chain of Problems: SBOM, N-Days and Zero Trust

Alex Matrosov
Binarly, Chief Executive Officer

×

Alex Matrosov

Alex Matrosov is CEO and co-founder of Binarly Inc. a firmware security company building an AI-powered platform to protect devices against emerging firmware threats. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. He served as Chief Offensive Security Researcher at Nvidia and Intel Security Center of Excellence (SeCoE).

Alex is the author of numerous research papers and the bestselling award-winning book Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. He is a frequently invited speaker at security conferences, such as REcon, Black Hat, OffensiveCon, WOOT, DEF CON, and many others. Additionally, he was awarded multiple times by Hex-Rays for his open-source contributions to the research community.

Over the past two years, attacks on multiple targets in the semiconductor industry have consistently led to leaks of firmware source code. A compromised developer device could potentially give an attacker access to the source code repository, adding a major gap in the security of the software supply chain. There are multiple policies in place to improve transparency in the firmware supply chain in general, but implementing and adopting them will take years. The technology industry is in the midst of active discussions about the use of "software bill of materials" (SBOMs) to address supply chain security risks.

In order to implement supply chain security practices, there must be better transparency on software dependencies. Previously, any piece of software shipped as black-box without providing any information related to software dependencies and third-party components. Firmware has largely been looked at in the same way. This talk focused to discuss various shades of the supply chain problems.

Panel: CISOs Share Lessons on Implementing ZT Principles

Ryan Naraine
SecurityWeek, Editor-at-Large

×

Ryan Naraine

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs and startups, and a regular speaker at security conferences around the world.

Nick Vigier
Talend, Chief Information Security Officer (CISO)

×

Nick Vigier

Nick Vigier is the chief information security officer at Talend. He is a technology and security leader focused on innovation to drive business results. In his 18 years of security leadership, he has focused on building high performance teams to ensure security is a business driver rather than a cost center. His focus on all areas of security ranging from physical security to risk management through to application security, infrastructure security, and operations gives him a unique perspective on how security can positively impact an organization.

Jason Shockey
Cenlar FSB, Chief Information Security Officer (CISO)

×

Jason Shockey

In the modern era of remote work, multi-cloud deployments and shadow IT sprawl, security leaders are investing heavily on zero trust security principles to manage risk in organizations large and small. Join this CISO panel for a frank discussion on navigating the complexities of zero trust, implementation challenges and the importance of balancing enhanced security with user experience.

BREAK

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

Fireside Chat: The History and Evolution of Zero Trust

Ryan Naraine
SecurityWeek, Editor-at-Large

×

Ryan Naraine

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs and startups, and a regular speaker at security conferences around the world.

Steve Riley
Netskope, Field CTO/Ex-Gartner Analyst

×

Steve Riley

Steve Riley is a Field CTO at Netskope. Having worked at the intersection of cloud and security for pretty much as long as that’s been an actual topic, Steve offers that perspective to field and executive engagements and also supports long-term technology strategy and works with key industry influencers.

A widely-renowned expert speaker, author, researcher, and analyst, Steve joined Netskope from Gartner, where for five years he maintained a collection of cloud security research that included the Magic Quadrant for Cloud Access Security Brokers and the Market Guide for Zero Trust Network Access. Before Gartner, Steve spent four years as Deputy CTO of Riverbed Technology and held various security strategy and technical program management roles at Amazon Web Services for two years and at Microsoft for eleven years. Steve's interest in security began all the way back in 1995, when he convinced his then-employer that it would be a good idea to install a firewall on their brand new internet connection.

Join SecurityWeek editor-at-large Ryan Naraine for a fireside chat with Steve Riley, a former Gartner analyst who now serves as Field CTO at Netskope. Riley will take us on a journey through the origins of Zero Trust Network Access, the cybersecurity framework that has become mandatory to protect digital assets at scale. Steve will share insights on what Zero Trust truly entails, shedding light on the core principles that guide this approach and discussing the historical context that led to its development. 

The discussion will delve into the practical aspects of implementing Zero Trust, addressing the common challenges organizations face and the ramifications from new U.S. government mandates around zero-trust implementation at federal agencies. 

Take 30 with a Techie: Cloud Backup

11:11 Systems is a managed infrastructure solutions provider that holistically addresses the most pressing cloud, connectivity, and security challenges of today while preparing businesses for tomorrow. Tune in to learn how 11:11 Systems’ offerings can help customers achieve strong cyber resilience.

Deploying Passwordless Authentication with Okta

Okta gives you a neutral, powerful and extensible platform that puts identity at the heart of your stack. No matter what industry, use case, or level of support you need, we’ve got you covered. In this demo, we'll showcase how to deploy passwordless authentication with Okta.

Tanium and Azure Active Directory Integration: Unlock Zero Trust at Scale

To manage today's increasingly distributed environments, many IT leaders are evaluating Zero Trust strategies that conditionally grant access to applications or services based on an endpoint's user and device risk. But while denying access to a device with compliance gaps or vulnerabilities sounds good in theory, IT Leaders struggle with two key challenges: limited or outdated data available to make conditional access decisions and the potential productivity impacts associated with denied access for users across an organization. 

Through Tanium's integration with Azure Active Directory, IT leaders can make enhanced conditional access decisions based on an extensive, highly flexible set of real-time device data from Tanium. By denying access to non-compliant or high-risk devices, Tanium and Microsoft deliver enhanced security across a minimized attack surface.

The integration also unlocks Zero Trust at scale for enterprises without significant productivity impacts. Customers can take advantage of Tanium's extensive remediation capabilities to quickly address a device's compliance or other security gaps and enable users to get back to work.

[ON-DEMAND] Take 30 with a Techie: Cloud Backup

11:11 Systems is a managed infrastructure solutions provider that holistically addresses the most pressing cloud, connectivity, and security challenges of today while preparing businesses for tomorrow. Tune in to learn how 11:11 Systems’ offerings can help customers achieve strong cyber resilience.

[ON-DEMAND] Deploying Passwordless Authentication with Okta

Okta gives you a neutral, powerful and extensible platform that puts identity at the heart of your stack. No matter what industry, use case, or level of support you need, we’ve got you covered. In this demo, we'll showcase how to deploy passwordless authentication with Okta.

[ON-DEMAND] Tanium and Azure Active Directory Integration: Unlock Zero Trust at Scale

To manage today's increasingly distributed environments, many IT leaders are evaluating Zero Trust strategies that conditionally grant access to applications or services based on an endpoint's user and device risk. But while denying access to a device with compliance gaps or vulnerabilities sounds good in theory, IT Leaders struggle with two key challenges: limited or outdated data available to make conditional access decisions and the potential productivity impacts associated with denied access for users across an organization. 

Through Tanium's integration with Azure Active Directory, IT leaders can make enhanced conditional access decisions based on an extensive, highly flexible set of real-time device data from Tanium. By denying access to non-compliant or high-risk devices, Tanium and Microsoft deliver enhanced security across a minimized attack surface.

The integration also unlocks Zero Trust at scale for enterprises without significant productivity impacts. Customers can take advantage of Tanium's extensive remediation capabilities to quickly address a device's compliance or other security gaps and enable users to get back to work.