Interactive Learning - Full Day Sessions
June 7 - 9:00am - 3:30pm
Breaking Down Barriers to DevSecOps
Pete Chestna and Irene Gawal, CA Veracode
As the State of New York looks to fully harness the power of digital transformation, DevSecOps is an obvious place to look. When it's used effectively, DevSecOps leads to remarkable flexibility and efficiencies. But your migration cannot leave security requirements behind. In this session we'll explore how to embrace the changes necessary to make security as important as functionality while not sacrificing the velocity of your teams. This session will be useful to you no matter if you are still doing Waterfall or if you've moved on to Agile or even DevOps.
Implementing the NIST Cybersecurity Framework
Jayson Ferron, Interactive Security Training
In 2013, former U.S. President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which called for the development of a voluntary risk-based cybersecurity framework (CSF) that is "prioritized, flexible, repeatable, performance-based, and cost-effective." The CSF was developed through an international partnership of small and large organizations, including owners and operators of the nation's critical infrastructure, with leadership by the National Institute of Standards and Technology (NIST). In this session, we will discover how the framework works, how to implement it and what the proposed changes are as the frameworks moves to version 1.1.
Pen Testing for Managers
Patrick Matthews, Nettitude
This training will provide IT Managers and security auditors with insight into current methods penetration testers or threat actors will use to compromise a target. The goal of the training is to allow IT professionals that don't work as penetration testers to understand current methods with hands-on exercises to understand how to create defenses for these methods.
Interactive Learning - Half Day Sessions
June 7 - 9:00am - 12:00pm
Local Government Cyber Security Toolkit
This session offers actionable guidance to improve local government security practices by providing a review of "Cyber Security Toolkit" resources and services available from state agencies and partner organizations, including election systems specific resources. Best practices and controls to lower risk for IT systems will also be presented.
APIs are a Bridge to Infrastructure Modernization with Secure Access to Data and Business Logic
Mat Keller, CA Technologies
API management is the process of publishing, promoting and overseeing application programming interfaces (APIs) in a secure, scalable environment. It also includes the creation of end-user support resources that define and document the API. Increasingly, agencies are opening their data and applications to partners, developers, mobile apps and cloud services. APIs provide a standardized way to open up and integrate information assets across the web, mobile devices, Service Oriented Architecture (SOA) and the cloud. Secure and managed APIs provide backend integration, mobile optimization, cloud orchestration and developer management. In this three hour API management workshop we'll explore why APIs are fundamental to app initiatives, the importance of management and security for APIs and why single sign-on must be applied across web, mobile and APIs.
How to Overcome the Complexities of Cybersecurity Compliance
F. Paul Greene, Esq., Harter Secrest & Emery LLP
Mike Semel, Semel Consulting
As cyber threats proliferate and change, so do the legal frameworks and regulations meant to address them. In the United States, this has led to a patchwork of federal, state, and even local requirements that overlap, conflict, and create a level of complexity that is nearly impossible for many entities to adequately address. In this session, two seasoned practitioners in the compliance field will give their real-world experience on how best to address this complexity and avoid "check box" compliance that does little to secure your organization. You will leave the session with key insights on how to remain resilient in the face of cyber regulatory complexity, as well as how to communicate internally about the risks that complexity creates. This session will also cover the ethics of legal compliance for attorneys.