Stopping Privilege Escalation without Breaking the Bank

MARCH 17th, 2021 @ 2PM ET

Join Steve Hunt a senior cybersecurity analyst at Aite Group and a live CISO Panel that will cover why attackers have been successful gaining privileged access and discuss practical approaches that help organizations modernize their security defenses.

 

Copy of Attivoaite-logo

 

 

CPE Credits

 

Qualifies for CPE Credits 

header-bottom

Register Now

Recent headlines underscore the problem of privilege escalation. However, CISOs are torn between strategy and firefighting. It often seems that protecting corporate assets, confidential data, and uninterrupted service delivery puts a strain on a CISOs limited resources. The situation is compounded by the need to protect everything from highly distributed endpoints to the cloud.

Join this session to hear Steve Hunt  a senior cybersecurity analyst at Aite Group cover why attackers have been successful, decisions that have created weaknesses, and why common security efforts have been insufficient in preventing attacks using advanced techniques. The CISO panel will then discuss alternatives and practical approaches that help organizations modernize their security defenses.

Attend the Web Briefing to learn:
  • Why attackers have been successful and will continue to be
  • What decisions lead to infrastructure weaknesses of so many organizations
  • How MITRE ATT&CK® and Shield serve to identify security control gaps
  • How CISOs can gain management buy-in and support
Digitally generated lock on circuit board in blue room
highlights-top-1
Analyst Overview

Senior cybersecurity analyst from Aite Group will cover why attackers have been and continue to be so successful using advanced techniques.

highlights-top-1
Live Interactive CISO Panel

Get Involved! Ask questions to the live expert CISO panelist and sharing concerns, ideas and get involved with the cybersecurity community.

highlights-top-1
Best Practices

Industry expert will discuss their experiences, intended plans, and exchange best practices for how to address privilege escalation and modernize their security defenses.

Speaker's Panel

Steve Hunt
Senior Analyst, Cybersecurity
Aite Group
Steve Hunt
Senior Analyst, Cybersecurity
Aite Group

Steve Hunt is a speaker, industry analyst and executive coach. He was inducted into the ISSA Cybersecurity Hall of Fame. For over 25 years, Steve has been a strategic advisor to the highest levels of business and government leaders worldwide, assisting over 400 global organizations to identify disruptions before they disrupt, problems before they happen, and game-changing opportunities before the competition. 

 

Among others, clients who have benefitted from his strategic advisory services include British Petroleum, Anadarko, Hess, Exxon Mobil, Haliburton, The White House, Microsoft, Aon Hewitt, Lockheed Martin, Cisco, Symantec, and IBM.

 

Steve has appeared as an analyst on CNBC, Fox News, CNN, and other news programs. His analysis has appeared in the Financial Times, Wall Street Journal, The New York Times, Business Week, and other global publications. Steve was inducted into the Cyber Security Industry Hall of Fame, founded the Communities of Excellence, and CSO Magazine presented him with the “Industry Visionary” Compass Award. Steve earned CPP and CISSP certifications, attended Elizabethtown College, and was a graduate fellow at University of Chicago. Steve’s diverse background lends a fresh perspective on business and society.

Krista E. Arndt
Deputy CISO
Customers Bank
Krista E. Arndt
Deputy CISO
Customers Bank

Krista Arndt is the Deputy CISO and VP, Digital Governance & Cyber Risk at Customers Bank. She has dedicated her career to guiding her peers on Cybersecurity best practices. Krista enjoys helping organizations overcome the unique challenge of balancing an effective Cybersecurity program while enabling business initiatives within the confines of heavily regulated industries.

 

Krista has over 12 years of combined experience in Information Security Risk Management, Governance, & Compliance in the Department of Defense and Financial Industry. With the help of her team, Krista has developed a mature Cyber Risk Management Program providing risk based oversight of 3rd party vendors and organizational security controls in line with FFIEC, SOX, ISO 27001 and NIST. Krista is an active member of FS-ISAC, ISACA, and Infraguard and mentors other women interested in building a career in cybersecurity. When off the clock, Krista takes her affinity for overcoming challenges to the race track, where she competes in a national drag racing series and uses her racing as a forum to advocate for autism awareness.

Daniel Walsh
CISO
VillageMD
Daniel Walsh
CISO
VillageMD

Dan is the Chief Information Security Officer at VillageMD, a national leader in value-based primary care. The VillageMD model enables physicians to deliver excellent clinical results through a specialized care model that optimizes workflow and patient experience.

 

Prior to VillageMD, Dan was CISO at Rally Health, Inc. and has held security and technology leadership roles with UnitedHealth Group and Vanguard.

Troy Stairwalt
CISO
Westfield Insurance
Troy Stairwalt
CISO
Westfield Insurance

Troy’s professional experience in security began at American Family Insurance where he worked as a security analysis, engineer, architect and leading Information Security Team for five years. After twelve years, he went to TIAA starting in IT risk and then spending the greater part of his tenure with the Cyber Forensic Investigations Unit. Troy also spent several years volunteering with a team of international experts writing, reviewing and revising CISM and CRISC certification exam questions and answers for ISACA. After working as an Information Security Architect and SME for information security specific contract language, working with legal counsel and procurement for 3 years, Troy was promoted to CISO in 2019.

 

Motivated individual with strong technical expertise implementing and operating security solutions in heuristic IT environments with 20 years’ specializing in Enterprise Information Security Architecture, Insider Threat mitigation, Cyber Forensic investigations , information security engineering, incident response, vulnerability assessments, security operations, audit – regulatory response and IT risk management. Successfully managed Information Security Unit comprised of 24 direct reports for fortune 300 full line insurance Corporation for 5+ years. Managed Cyber Forensic Unit for fortune 100 financial services company. Proven ability to establish strong working rapports and manage relationships to help achieve business objectives. Leveraged ISO 27002, NIST standards, CobIT and ITIL frameworks to successfully establish policies, standards, and controls required to implement and manage an Information Security program for fortune 100 financial services firm. Managed the associated risk and successfully demonstrated adherence to Industry standards and regulatory mandates including PCI, NACHA, HIPAA, GLBA, MAR,SOX, etc. for both insurance and financial services industries.

 

Core competencies include:
Insider Threat Program Management / Digital Forensics
Business Relationship Management / Continuous Process Improvement
Risk Management / Assessments/ Mitigation / Vulnerability Assessments
Incident Response / Data Analytics / Penetration Testing
Business Continuity / Disaster Recovery / Security and Privacy Policies
Strategic Planning and Governance / Compliance Management

Jason Nester
CISO
Equity Trust Company
Jason Nester
CISO
Equity Trust Company

Jason is the Chief Information Security Officer at Equity Trust Company. During his career Jason has been involved in nearly all areas of Information Technology including working as a Software Developer, System Administrator, Server Engineer, Network Engineer, and Infrastructure Architect. However, his passion has always been in the field of Information Security, specifically around securing and protecting organizations. 

 

Jason spent over a decade working to protect and secure classified data for the Department of Defense, Department of Homeland Security, and the National Geospatial Intelligence Agency. He then moved into the retail world where he formed and led the Information Security practice for a large national retailer, building a comprehensive Information Security program from the ground up. 

 

Jason is passionate about learning about and sharing Information Security practices. He has been a speaker at numerous conferences and groups including DerbyCon, BSides, R-CISC, CSA, VMworld and NeoISF.

John W Graham
CISO
NetJets
John W Graham
CISO
NetJets

John has over 15+ years of executive and leadership experience, including global Fortune 500. He has a track record of success in providing vision, strategy, and leadership for worldwide programs. He is experienced and highly skilled in communicating with C-level executives at a strategic level, aligning requirements with appropriate technology/security solutions for program management, process improvement, operations, and change management objectives. He established and built reputation for working successfully across multiple functional areas to achieve big-picture organizational goals, including transformation, innovation, M&A integration, security assurance, operational efficiencies, and outsourcing initiatives.

Tony Cole
CTO
Attivo Networks
Tony Cole
CTO
Attivo Networks

Tony Cole is a cyber expert with over thirty-five years of experience as a strategist, risk expert, advisor, and board member. Today, he’s the CTO at Attivo Networks, the global leader in lateral movement attack detection and privilege escalation prevention, working to defend enterprises from the impact of cyber-attacks.

 

Prior to joining Attivo Networks, Mr. Cole held executive positions at FireEye, McAfee and Symantec. He’s retired from the U.S. Army, where he worked in intelligence, communications, and cryptography around the world including building out the Network Security Services at the Pentagon. Mr. Cole served previously on numerous boards and government committees including (ISC)² Board of Directors as Treasurer and Chair of Audit and Risk, the NASA Advisory Council under appointment by the NASA Administrator, and the FCC CSRIC (Communications Security, Reliability, and Interoperability Council). Today he serves on the Gula Tech Foundation Grant Advisory Board helping the Foundation give back to the community and drive a more diverse cyber workforce.

 

In 2014, he received the Government Computer News Industry IT Executive of the Year award, and in 2015 he was inducted into the Wash 100 by Executive Mosaic as one of the most influential executives impacting Government. In 2018 he was awarded the Reboot Leadership Influencer Award by SC Media. He has a bachelor’s degree in computer networking and is a Certified Information Systems Security Professional (CISSP).

speakers-bottom

Event Agenda

2:00 PM
Welcome & Introductions
2:05 PM
Privilege Escalation Overview & Concerns by Steve Hunt
2:20 PM
CISO Panel Discussion
3:10 PM
Solution Review
3:20 PM
Live Q&A & Closing

Frequently Asked Questions

faq-top-1 1
Whom is this event intended for?

This Web Briefing is organized for InfoSec and cybersecurity professional looking to expand their knowledge base and interact with fellow industry experts.

faq-top-1 2
What are CyberConnect Web Briefings?

CyberConnect Web Briefings™ are a new format for online interaction with thought leaders, industry analysts and innovative solution providers.  These panel discussions run 60-75 minutes and include an analyst briefing, live interactive discussions, audience Q&A and a review of potential solutions.

faq-top-1 3
How do I participate?

Each CyberConnect Web Briefing encourages interaction between the expert panelists and the audience. This moderated panel, and featured analyst, will take live questions asked during the discussion and provide key takeaways from subject matter experts. Register, attend, network with peers and get involved with the cybersecurity community.

faq-top-1 4
How do I receive my CPE Credit?

All live attendees will receive a certificate of attendance after the Web Briefing. This certificate can be used to apply for your valid CPE credit.

faq-bottom