9:00 - 10:30 a.m.
Welcome Address
Keynote: “Artificial Intelligence: Innovation for Cyber Defenders”
Government and higher education continue to be a prime target for sophisticated cyberattacks from both criminal and nation-state actors. While these cyberattacks pose a serious threat to both government and higher education, they also present an opportunity for innovation between the government, higher education and the private sector. Artificial intelligence (AI) is a rapidly developing field that has the potential to revolutionize the way we defend against cyberattacks.
Jon Ford, Managing Director, Mandiant Consulting, Google Public Sector
Mr. Ford is 25-year veteran in cybersecurity, incident response, and intelligence-led cyber operations in both government and commercial sectors. Prior to joining Mandiant, Mr. Ford served in executive leadership roles for the Federal Bureau of Investigation (FBI). Mr. Ford served as the responsible executive to the U.S. Cryptologic Centers for strategic and tactical oversight of global cyber operations and key asset protection. In these roles. Mr. Ford developed the framework used by the U.S. Government to manage risk of cyberthreats supporting government and critical infrastructure capabilities receiving recognition by the White House National Security Council and the United States Congress. Currently, Mr. Ford serves as the Head of Mandiant’s State, Local and Education markets and professional services. Mr. Ford leads operations, strategy, and solutions for global partners and globally leads Mandiant’s Insider Threat risk solutions. Mr. Ford coaches boards and executives on how to measure and manage enterprise risk and regularly speaks at industry conferences. Mr. Ford is a member of the Geneva Dialogue on Responsible Behaviour in Cyberspace and the Global Forum on Cyber Expertise. Mr. Ford is the founder of Mandiant's Elevate program to advance women in IT security into senior leadership and board positions.11:00 - 11:50 a.m.
The Importance of SASE in Today’s Threat Landscape
Ryan Young, Vandis
The emergence of Secure Access Service Edge (SASE) signifies a crucial shift in network security. With organizations transitioning to hybrid work models, the conventional VPN infrastructure exposes significant vulnerabilities, particularly by leaving firewalls susceptible to potential attacks. This vulnerability is exacerbated by the limitations inherent in legacy VPNs, such as providing broad network access without adequate segmentation, thereby increasing the risk of internal data breaches and unauthorized lateral movement within networks.
SASE emerges as a purpose-built solution for the contemporary era, offering a Zero Trust Access approach that fundamentally alters the security paradigm. By default, it grants application-level access, thereby reducing the attack surface by relocating the remote access architecture from dedicated firewalls. Additionally, SASE tackles performance issues commonly associated with legacy VPNs, such as traffic congestion and the 'trombone effect,' by facilitating connections to points-of-presence worldwide, thus enhancing user experience and operational efficiency.
Join us as we discuss how the transition from legacy VPNs to SASE is not merely a technological upgrade but a strategic maneuver to bolster cybersecurity defenses. Let's explore taking a proactive stance against the evolving threat landscape, so that organizations like yours are not left vulnerable due to outdated remote access solutions.
Harnessing the Power of AI: Transforming Cybersecurity in the Public Sector
Kiran Bhujle, SVAM International Inc.
Shahryar Shaghaghi, SVAM International Inc.
In the rapidly evolving cybersecurity landscape, artificial intelligence (AI) has emerged as a game-changing force, revolutionizing how we detect, respond to, and mitigate cyberthreats. While it's crucial to acknowledge the benefits AI brings to cybersecurity, it's also important to understand the potential risks and threats it may pose, particularly when it falls into the wrong hands or is manipulated for malicious purposes. Integrating AI into their cybersecurity strategies has become imperative as public sector organizations face an ever-increasing volume of sophisticated attacks. This session explores AI's profound impact on public sector cybersecurity, exploring its applications, challenges, and best practices for effective implementation. Through a real-world approach and proven methodology, attendees will comprehensively understand how AI transforms threat detection, incident response, and vulnerability management within the public sector. Attendees will gain invaluable insights into why AI poses greater cyber risks due to its ability to create highly convincing fake content, manipulate data, and exploit vulnerabilities. Additionally, how AI's transformative power enables them to fortify their organizations' cyber defenses and stay ahead of the ever-evolving threat landscape. Join us as we explore the frontier of AI-driven cybersecurity and unlock its full potential for protecting critical infrastructure and safeguarding citizen data.
Hacking and the Theory of Everything
Tyler Wrightson, Leet Cyber Security
Join Tyler Wrightson for a quick update on what's happened in the world since last year's talk about weaponizing Artificial Intelligence for nefarious purposes.
Then participate in a conversation about simplifying and understanding Hacking and Security for every organization. There are foundational gaps in the knowledge of many individuals who are tasked with securing organizations and technologies. Luckily, everyone can understand how to approach hacking and handle cyber criminals and start to win the war against hackers.
Closing Cyber Exposure Gaps in the Modern Attack Surface
Christopher Jensen, Tenable
With the dramatic rise of ransomware, nation state-sponsored threats, and a flood of new vulnerabilities, cybersecurity teams are under siege. Cyberattack paths have exploded in number and complexity, with attacks coming from directions not even considered in the recent past. This “modern attack surface” is growing rapidly, always changing and increasingly interconnected, presenting a monumental challenge for security teams. While attackers probe for the weakest link in your sprawling attack surface—and move laterally in search of valuable assets—security teams are often constrained by siloed and incomplete attack surface views, and they must rely on just-in-time detection and response to react to attackers’ moves. Closing cyber exposure gaps effectively requires an exposure management approach that is holistic, proactive, and preventive, with a laser focus on these three key factors: A unified view of all assets and associated software vulnerabilities, configuration vulnerabilities and entitlement (identity) vulnerabilities; predictive capabilities that enable understanding of relationships between assets, exposures, privileges and threats across an attack path; and dynamic risk-based prioritization to continuously identify and address the exploitable vulnerabilities, attack and breach pathways that pose the greatest risk.
The State (and Local) of the Cyber Threat Landscape
Mike Woodward, Center for Internet Security, Inc.
Tim Davis, Center for Internet Security, Inc.
In this presentation, two members of the CIS Cyber Threat Intelligence (CTI) team will lead a discussion on the cyber threat landscape for SLTT governments. Cyber Threat Actors' (CTAs) use of Generative Artificial Intelligence represents a new chapter for malicious cyber campaigns. However, CTAs continue to leverage common attack vectors, such as phishing and unpatched vulnerabilities, to carry out high-impact attacks. This presentation will cover the most common attack vectors seen by SLTTs, an overview of disruptive threats like ransomware, the types of cyber threats impacting the elections community, and a discussion on how CTAs are incorporating new technologies. The CIS CTI team will provide a unique insight into the types of incidents reported to the MS- and EI-ISAC, and an overview of incident response lessons learned, which help inform cybersecurity response plans.
ASIA: Security Behavior and Human Psychology
Paper: Influence of Cynicism and Exhaustion on Security Compliance Behavior: the moderating role of work experience and self-regulation
Paper: Exploring Deviance in Gig Work: Role of Job Demands-Resources and Financial Needs
12:50 - 1:40 p.m.
From Zero to Zero Trust in 50 Minutes
Adam Ford, Zscaler
Cybersecurity threat actors are moving at the speed of AI, targeting the data and systems which provide vital resident services and drive our economy. Given this challenge, it's imperative that we adopt Zero Trust principles and arm the good guys with AI to prevent data loss in-flight and at-rest in order to keep systems online.
AI and Changing Identity Threats to Agency Online Fraud
George Freeman, LexisNexis Risk Solutions
Amy Crawford, LexisNexis Risk Solutions
Government organizations globally are seeing exponential increases in online identity threats sourced from AI-generated content on the dark web. This is leading to increased threats of financial losses to citizen benefits programs that are actively being targeted. According to the FTC, “Consumers reported losing more than $10 billion to fraud in 2023,” – a new benchmark. Sophisticated “zero-click” device compromises and increases in generative AI-created social engineering phishing and smishing content are flooding user devices. As digital tokens like passkeys replace passwords, online identity continues to experience even more sophisticated account takeovers. Government agencies are challenged to provide effective online identity assurance workflows that can prevent this fraud. Online Identity Assurance provides much needed risk exposure throughout user online sessions, not just at the front door. Multiple touch points evaluating risk can make the difference between genuine citizens approved for state assistance versus fraudulent giveaways. The game changer exposing online risk is Behavioral Biometrics, the data behind a real person’s device habits. Government agency portals can be further protected from bad actors by evaluating velocities (how fast or how much an identity applies) and anomalies (e.g. how many identities tied to a device or physical address). By processing this data through an intelligent rules-based policy, organizations can make risk decisions on any device or identity. Once an online account is created, agencies can then perform advanced risk assessments during account changes, the leading threat vector for account takeovers. Solutions described above are helping government agencies in all fifty states improve equitable access initiatives.
Unraveling Cybersecurity Mesh: The Power of a Platform Approach
Jim Richberg, Fortinet
Join Jim Richberg, Fortinet’s Head of Cyber Policy and Global Field CISO, as he addresses pivotal questions surrounding the progressive strategy of the cybersecurity mesh architecture/platform approach. This session will cover understanding cybersecurity mesh, empowering resource-constrained organizations, implementation insights and getting started. Don’t miss out on this session as we delve deeper into the world of cybersecurity mesh and uncover strategies to bolster your organization's security posture.
Insights that may Transform your Approach to a Successful Cybersecurity Practice
NYS Forum Information Security Workgroup Panel:
Moderator Emma Yeager, Gartner
Eric Dull, Deloitte
Jason Teplitz, Crowdstrike
Nicholas Tankersley, Cribl
Today's cybersecurity landscape is less about complex analytical approaches and more about effectively managing the overwhelming volume of data that can often mask critical threats while also putting a strain on resources and budgets. Clear visibility, clean data, and efficient data processing are key to uncovering these risks. This panel will bring together experts from Deloitte, Cribl, and Crowdstrike to address these challenges from three unique perspectives. They'll share their success stories in enhancing threat detection, mitigation, and remediation, while also discussing how organizations are gaining efficiency operating their cyber processes.
ssh [email protected] ********
Samantha Baltzersen, Albany FBI
Roderick Link, Albany FBI
Log in with FBI Albany for case briefs and a look forward over the evolving cyber threat landscape.
ASIA: AI and Cybersecurity
Paper: Exploring Usage Patterns and Responsible Implementation of Generative AI
Paper: The Hidden Dangers of Publicly Accessible LLMs: A Case Study on Gab AI
2:10 - 3:00 p.m.
Don’t Be Crawling with Bugs! Security Leaders Take on Vulnerability Management, Penetration Testing, and Secure Software Development Lifecycle
Christie Hall, NYSTEC
Sean Murray, NYSTEC
Younus Rashid, Cyber Castellum
Ben Spear, NYS Board of Elections
This panel discussion will include perspectives from various security leaders who have deep knowledge of best practices for vulnerability management, penetration testing as well as Secure Software Development Lifecycle (SSDLC). Without these practices in place organizations are highly exploitable and may suffer needlessly. This group of expert panelists represent public and private organizations who work within the New York State government ecosystem or support it. They will share their knowledge, as well as a few horror stories, to help you improve the security posture and reduce risk to your organization.
Artificial Intelligence (AI) and Security – Adversarial AI, Defensive AI, and the Security of AI
Srinivas Tummalapenta, IBM Consulting
Join us for a discussion on the evolving risk landscape and how organizations can adapt their security strategies to stay ahead of emerging threats with a particular focus on Artificial Intelligence (AI). We'll explore both the role of AI in security and security for AI, including what is currently possible, what is on the horizon, and how it is expected to impact the future of AI deployment and usage. Learn how organizations are protecting AI solutions and leveraging AI to enhance their security operations and bolster their resilience against potential threats.
Considerations for AI/ML’s application to Security Operations Centers (SOCs)
Jeff Janies, Deloitte
Eric Dull, Deloitte
In this breakout session, we will cover specific considerations that we have discovered in integrating AI/ML applications into Security Operations Center’s (SOC’s) workflows. Using our experience in deploying AI/ML platforms and models across a variety of industries, we will discuss several categories of consideration including data management/curation, cloud agnosticism through containerization, establishing mechanics to finally automate the feedback loops required for analytic improvement and generation of labeled data, and effectively and safely using AI.
Penetration Test != CTF
Patrick Matthews, LRQA
Using the Rocky Horror Picture show as a backdrop, I will pierce the confusing of "mono" color testing to open some eyes to what a penetration test really is: a security assurance assessment conducted under the clients’ parameters. Unfortunately, all the “pentest” models are for CTF, exam taking or a tester's ego, not answering security assurance questions for most common type of engagements. Since the end goal of any engagement is to provide some level of assurance based on “some methodology,” “that answers some concern,” “governing body requirement,” or “insurance due diligence.” Through this talk, I will speak about how a business can get the assurance they need from a penetration testing company and how testers/security providers can meet a client needs. I will touch on the contradiction of guidelines and the short fall of frameworks, such as OWSAP Top10 or CWE Top concerns, to build a better security assurance methodology.
2024 Data Breach Investigations Report
Neal Maguire, Verizon
Join us for an exclusive session where Chris Novak, a recognized cybersecurity expert and original co-author of the Data Breach Investigations Report (DBIR), unveils insights from the highly anticipated 2024 edition. Gain firsthand access to the latest trends and findings drawn from real-world data breaches investigated by Verizon and its partners. Explore the dynamic landscape of cybersecurity threats, including emerging attack vectors, industries most targeted, and prevalent tactics employed by threat actors. Discover actionable recommendations to fortify your organization's defenses against evolving cyber threats. Whether you're a cybersecurity professional, industry leader, or IT enthusiast, Chris Novak's presentation offers invaluable insights to enhance incident response strategies, bolster security postures, and mitigate risk effectively.
ASIA: Resilience and Robustness
Paper: Federated Learning Robustness on Real World Data in Intelligent Transportation Systems
Paper: Improving Federated Learning Security with Trust Evaluation to Detect Adversarial Attacks Systems
3:30 - 4:20 p.m.
How to Ensure You Are Not Replaced by Generative AI-Large Language Models: Prepare for Post-GPT Future of Cyber-Resilient AI-ML Software Development and Education & Training Skills Development
Yogesh Malhotra, Global Risk Management Network, LLC
Over the course of the last seven years, as the Silicon Valley/Wall Street/Pentagon/Global Digital CEO-CTO-CxO/digital transformation and risk management pioneers, our prior New York State cybersecurity presentations have advanced New York State information technology, cybersecurity, artificial intelligence (AI), machine learning (ML), quantum computing, cryptography, and cloud computing practices. At the 2023 annual presentation, advancing upon 30-year R&D-driven global practices leadership, we shared why ChatGPT, large language models (LLMs) and generative AI cannot be trusted and why we still need to advance R&D on them for advancing beyond the limitations of ChatGPT, LLMs, and generative AI.
Some analysts ‘predict’ that within five years or so, ongoing AI-ML advances will surpass artificial general intelligence (AGI), rendering human-like skills obsolete resulting in the “real existential crisis” of development and sustenance of future ‘employable’ skills. The CEO of world-leading AI firm, NVIDIA, has defined such AGI in terms of human ‘test-taking capabilities.’ Drawing upon our recent R&D-driven global practices development, we will share insight on how to ensure you are not replaced by generative AI LLMs, as well as prepare for a post-GPT future of cyber-resilient AI-ML software development and skills development.
Securing Generative AI at Scale: A Risk Lifecycle Approach
Alex Vulovic, Arctiq (formerly DynTek Services, Inc.)
The cost of generative AI is decreasing rapidly. Every vendor is talking about incorporating it into their product stack. It’s likely your employees, clients, and business leaders are talking about how they can use GenAI within the organization. In this talk, we’ll explain how GenAI functions. We’ll walk through the compliance and governance risks when using GenAI – either on its own or as part of another product – and we’ll discuss how to address those issues. We’ll share our lessons learned from architecting a variety of GenAI use cases and a strategy for successfully evaluating and managing governance, risk, and compliance as you look to evaluate the use of GenAI within your organization.
Cybercrime — Challenges and Solutions
Carl Mazzanti, eMazzanti Technologies
Cybercrime is big business. In 2023, the FBI’s Internet Crime Complaint Center (IC3) reported record-breaking numbers: more than 880,000 complaints with losses totaling more than $12.5 billion. eMazzanti Technologies President Carl Mazzanti will provide an illuminating, incisive overview of this critical topic, with highlights and recommendations that include cybercrime (sociology of hacking, monetization of the hack); cloud security (protection that the cloud can, and cannot, offer); how AI enables cybercriminals to design even more effective attacks, including realistic-looking phishing and other emails; a brief look at some additional legal exposures that can be triggered by a hack (regulatory and compliance Requirements, such as HIPAA and PCI); tips on designing a cyber insurance policy, including how insurance companies increasingly look at policyholders’ cybersecurity plans; and stepping up your business’ protection with contingency planning and testing (business testing, disaster recovery, and incident response).
Data Quality – The Never-Ending SIEM Problem
Mark Bonsack, Axoflow, Inc.
For years, relational databases have provided a mechanism to store and retrieve transactional data with speed and scale. More recently, "data lakes" and other object storage have served business and operational needs as data volumes have grown exponentially. However, in the security world these data structures are not nearly as useful, leaving the data collected by security practitioners far less rigorously prepared and governed. For years, SIEMs have consigned themselves to being able to "collect anything, in any format" without a traditional database schema or governance policy. However, this delayed- or no-schema approach has yielded less-than-optimal results for security practitioners due to the challenges with the necessary data curation processes needed prior to analysis. The reality is that security data has no less of a need for a schema than traditional transactional data. The SIEM world has now realized that the earlier that schema is applied, the more cost-effective and successful detection engineering and analysis operations will be. Utilizing optimized telemetry pipelines, organizations can now automatically create, manage, visualize and govern these schemas and data flows, ensuring that only appropriate data is collected, curated, and delivered to the desired destinations in the formats best suited to each individual tool or storage location. In this presentation we will walk through the history of security data analysis, the unique challenges security data presents, and discover the universal, SIEM-independent benefits of telemetry optimization. Learn how to make SIEMs much less costly and far more rewarding for your analysts and detection engineers!
Using Automation for Good, Not Evil: Latest Threat Trends and How to Defend at Scale
Preston Miller, Palo Alto Networks
Barry Rosenberg, Palo Alto Networks
Well-funded cyberthreat actors are continuously innovating in machine learning, automation, and artificial intelligence. Even worse, threat groups are now making their malicious tools and support available to non-sophisticated criminals. These “ransomware-as-a-service” offerings have significantly lowered the technical barriers to entry, further increasing the volume and pace of successful cyberattacks. This session will cover each of these threat trends, what to expect with the emergence of AI, and real-world examples of how these technologies can impact organizations when used for evil. On the flip side, we’ll discuss how to apply the same principles to scale up and accelerate our security operations. We must transform from a manual model built on human-driven triage to a new approach that makes automation the foundation of the SOC. By automating workflows, augmenting human analysts with machine learning (ML)-driven intelligence, and orchestrating response activity across tools, we will dramatically improve our security posture and overall resiliency.
ASIA: Security and Privacy in Healthcare
Paper: A Security and Privacy Assessment Framework for Accessible Technologies for Blind and Visually Impaired People (BVIP)
Paper: Pixels and Privacy: An Examination of the Use and Implications of Tracking Technologies in the Healthcare Setting