Earn up to 6.5 CPE credits by attending this virtual event.
The Biden administration’s Executive Order on Improving the Nation’s Cybersecurity in May 2021 contains a provision to implement zero trust architecture across the federal agencies. Zero trust was already gaining momentum before this executive order, but now it is accelerating even more so in both the public and private sectors.
On March 29-30 SC Media hosted practitioners and experts who shared their experiences and insights on this trending topic, including:
- Results from our zero-trust research survey
- Lessons from the federal government’s pursuit of zero trust
- Improving your zero-trust maturity while optimizing your investments
- Leveraging zero trust to employ a responsible BYOD strategy
DAY 1 | MARCH 29
10:45 AM ET
11:00 AM ET
KEYNOTE | Private-sector lessons from the U.S.’s implementation of zero trust
Gregory Touhill, Director – CERT Division, Software Engineering Institute + former United States CISO
In May 2021, the Biden White House issued an executive order calling for the federal government to “advance toward Zero Trust Architecture.” Since then, the U.S. Office of Management and Budget (OMB) has publicly submitted its own zero-trust strategy, while the Pentagon announced a new office dedicated to adopting a zero-trust cyber model. Of course, there will be challenges getting these programs off the ground – and these stumbling blocks will serve as important lessons for private-sector organizations that are seriously looking to build zero-trust architectures of their own. In this keynote session, SEI CERT Chief Gregory Touhill, and once the nation’s first-ever federal CISO, will share his perspectives on the government’s progress in zero trust, and why the corporate world should be watching carefully as this initiative continues.
11:30 AM ET
Identity-focused security for your zero trust journey
Ryan Terry, Sr. Solutions Product Marketing Manager, Okta
With increasingly distributed workforces and the rise in identity-based attacks, identity has become the de facto perimeter for organizations today. Identity is the foundation of a zero-trust architecture, as you need to ensure the right people have the right level of access, on the right device, to the right resource, in the right context. Learn how a comprehensive, identity-first security strategy can tie the complexities of protecting people and assets together in a seamless experience.
12:00 PM ET
Zero trust: Where do you think you’re going?
Helen Patton, Advisory CISO, Duo Security
While the concept of zero-trust networking is nearly a decade old, the last few years have seen its popularity in industry discussions grow exponentially. Zero-trust strategies can benefit businesses of every size, but you may still be trying to find the truth among the buzz and answer “what IS zero trust, anyway?” If you ask ten vendors what zero-trust strategy means, you’ll get ten different answers. The question should be “what does it mean to you”?
Join this session with Duo Advisory CISO Helen Patton for a grounded discussion on the realities of zero trust for an existing security portfolio, and actionable items that will help you move the needle on delivering a zero-trust vision for your organization. In this session, you will learn:
- How to fit Zero Trust into your existing security strategy
- How you’re already using zero-trust methods, even if you’re not
- What to do after getting through the basics
12:30 PM ET
Zero Trust Perspectives: A mindset, not a toolset
Heather Adkins, Sr. Director of Information Security, Google Cloud Security
Jeanette Manfra, Director for Government Security and Compliance, Google Cloud Security
Tim Knudsen, Head of Google Security – Zero Trust, Google Cloud Security
One of the most used buzzwords in cybersecurity today is undoubtedly “zero trust.” It’s been used to describe a wide range of approaches and products, leading to a fair bit of confusion about the term itself. Join this panel of Google leaders as they shed light on how you can think about frameworks to protect against common security threats, as well as the work Google is doing to build a unified zero trust system.
12:45 PM ET
1:30 PM ET
RESEARCH SESSION | CRA State of Zero Trust Survey: Government mandates do not correlate to commercial adoption
Matt Alderman, EVP – Foresight, CyberRisk Alliance
Bill Brenner, VP – Content Strategy, CyberRisk Alliance
Zero Trust has received a lot of attention thanks to Biden’s Executive Order mandating zero trust architectures in the federal agencies. However, commercial understanding of zero trust architectures is lacking and adoption is slow. In a survey conducted by CyberRisk Alliance’s Business Intelligence Unit in February 2022, 300 security leaders and executives shared their challenges and strategies for zero trust architectures. Among the findings:
- Only 35% are very familiar with zero trust concepts
- Only 36% have implemented zero trust, but another 47% plan to in the next year
- Nearly half of those who haven’t implemented zero trust are constrained by management/money
- Only 35% are “highly confident” in their zero trust capabilities
In this session, CyberRisk Alliance EVP Matt Alderman and VP Bill Brenner will explore what the findings mean for the future of Zero Trust.
2:00 PM ET
Simplify your modern workplace transformation with innovative zero trust
Lisa Lorenzin, Sr. Director of Transformation Strategy AMS/FED/SLED, Zscaler
Transitioning to a zero-trust architecture improves the risk framework and reduces the attack surface of an entire environment, while at the same time enabling organizations to accelerate their digital transformation. The evolution to zero trust can be simplified and expedited by a natural progression – from older hardware-based or cloud-based perimeter security architectures, to a modern, purpose-built, cloud-delivered zero trust approach. Zscaler’s Zero Trust Exchange enables the modern workplace, cyber threat protection, and infrastructure modernization.
2:30 PM ET
Why identity is the first pillar of zero trust
Carolyn Crandall, Chief Security Advocate, Attivo
Tony Cole, CTO, Attivo
Protecting identities has become such a significant concern that it has now become the first pillar in zero trust. This session will explore factors that have driven this shift and how organizations are modifying their security controls for increased identity visibility and detection.
Security teams typically implement zero trust architectures focusing on user and device authentication and authorization. However, traditional tools like IAM, PAM, EDR and MFA do not provide visibility to entitlement overprovisioning, access to resources, and credential and domain controller exposures. They also do not cover identity-based attack detection.
Join to learn about new approaches for implementing zero trust that include identity exposure visibility and attack detection and response.
3:00 PM ET
Zero Trust Integrations: Keys to success
Jason Garbis, Chief Product Officer, Appgate
Leo Taddeo, Chief Information Security Officer & President, Appgate
People are the new perimeter, rendering traditional security models ineffective. Zero trust is a modern approach being adopted by businesses and governments alike because it works. Unlike the old connect first, authenticate second model, zero trust starts from a default deny posture and extends limited, earned trust, which is continuously re-evaluated. Access can be restricted or revoked in real-time based on pre-defined policies. This significantly reduces the attack surface.
Join this discussion to:
- Explore zero trust and how enterprises can adopt ZT incrementally
- Discover the ways the five Zero Trust Maturity model pillars affect security planning
- Learn insights and specific examples of scale and resilience.
3:30 PM ET
KEYNOTE | Does zero trust mean a BYOD free-for-all?
Raj Badhwar, Former SVP, Global CISO, Voya Financial
The philosophy behind zero trust architectures seems to mesh nicely with Bring Your Own Device strategies: if all network identities and devices are subjected to verification and approval before being granted access to data or systems, then why not give users the flexibility to employ any device of choice? Still, it’s not quite that simple. BYOD devices can potentially be compromised with malware during personal usage, and some zero-trust platform providers focus only on managed devices and do not incorporate dual-use devices into their offerings. Also, some users of BYOD devices might become encumbered by the constant need to repeatedly reauthenticate. This session will explore both the benefits and potential challenges of a zero-trust enabled BYOD policy while also examining how to optimize mobile security through MAM and MDM technology.
DAY 2 | MARCH 30
10:45 AM ET
11:00 AM ET
KEYNOTE | 5 ROI-focused zero trust projects that require minimal investment
Eric Anderson, Director – Enterprise Security, Adobe | Board Member, Identity Defined Security Alliance
A lot of strategic and financial planning goes into developing a zero-trust architecture. To win the necessary buy-in from executive decision-makers, it’s important to demonstrate that your zero-trust implementation projects will yield a return on investment, whether it’s in the form of cost savings, time savings or an improved user experience. Fortunately, there are several results-oriented zero-trust projects that don’t require a heavy investment, as most of the infrastructure and technology required is already present in your network. This session will reveal five such low-hanging-fruit zero-trust implementations, and explain how just a few small policy or settings tweaks, coupled with some minor tech additions, can achieve desired results.
11:30 AM ET
PAM checklist: The steps to gaining privileged access security
Joseph Carson, Chief Security Scientist and Advisory CISO, Delinea
Today, all users should be considered privileged users; as such they must be prevented from having too much privileged access—or being “overprivileged.” Follow the steps in our PAM checklist to plan your strategic journey to privileged access security. Almost all users are now privileged users. With 80% of breaches involving the compromise of IT and business user credentials (IDs and passwords,) you must create a plan to reduce the risks posed by “overprivileged access” users, applications, and services. Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, as he guides you through the steps of an easy-to-understand PAM checklist. Whether you’re starting a new PAM project or strengthening an existing Privileged Access Solution, you’ll benefit from this session.
12:00 PM ET
Secure hybrid Active Directory with zero trust identity administration and resilience
Bob Bobel, Founder & CEO, Cayosoft
Hybrid Active Directory changes everything. It adds a layer of complexity to each component of Microsoft management, especially identity governance, administration, backup, and recovery. Increasing the complexity of Microsoft environments brings new urgency to implementing strong security controls, in order to prevent costly outages from cyberattacks or unwanted changes. Security-minded organizations are establishing new initiatives to make themselves less susceptible and more resilient to ransomware attacks, as well as insider malicious changes and mistakes.
Most modern security initiatives include moving to a zero-trust identity administrative model, in which least privilege delegation and just-in-time (JIT) access assignments are critical requirements of this “never trust, always verify” approach. Join us as we discuss the key aspects of zero trust, that all day-to-day administrators and help desk staff should follow, including how to:
- Unify least-privileged delegation using hybrid roles, across Active Directory, Azure AD, and Office 365
- Implement rules to strengthen compliance and efficiency over admin tasks
- Monitor, alert, and optionally rollback suspect changes across Microsoft platforms
- Prepare for cyberattacks with instant Active Directory full forest recovery
12:30 PM ET
Zero trust and the dangers of the implicit trust
Martyn Crew, Director – Solutions Marketing, Gigamon
The tenets of zero trust are well defined in NIST SP 800-207, but have organizations and security architects really taken them on-board? Are we exhibiting a familiarity bias: over-trusting certain network and software components, while ignoring others that may represent security vulnerabilities? Are we looking too much at the actual network we are trying to protect, and disregarding unmanaged devices, such as IoT/OT/ICS, BYOD? Is EDR the solution or just an initial step towards a solution on the road? Join us as we explore these issues and offer suggestions on how to address them.
12:45 PM ET
1:30 PM ET
THOUGHT LEADERSHIP PANEL | Reporter Roundtable: An industry-by-industry look at zero trust
Jessica Davis, Senior Editor – Healthcare, SC Media
Derek Johnson, Senior Reporter, SC Media
Joe Uchill, Senior Reporter, SC Media
Zero trust is a strategy that can be applied to essentially any industry vertical. Still, some sectors have pounced on the trend and gotten off to a strong head start, while others are lying back but watching closely. Leveraging the expert insights of SC Media’s editorial staff, this session will look at recent zero trust news across a trio of industries – government, healthcare and finance – comparing and contrasting their progress so far while exploring potential use cases in each sector.
2:00 PM ET
Quickly get started with zero trust by using Teleport
Allen Vailiencourt, Solutions Engineer, Teleport
As zero trust directives continue to gain momentum, organizations are scrambling to update their processes to adhere to a zero-trust model. It can be overwhelming if you’re trying to do it manually, but by leveraging Teleport, you can go from zero to zero trust in no time!
2:30 PM ET
Escaping cyber complexity with zero trust
Tal Laufer, Vice President of Product, Perimeter 81
Security professionals today are facing increasing complexity. Eighty-seven percent of companies plan to continue remote work post-Covid and over 45% of companies maintain hybrid networks. Yet while the network attack surface grows, IT and Security professionals must also deal with an increasing number of tools to manage. Adopting zero trust security through converged, cloud-based solutions, like Secure Access Service Edge (SASE), enables organizations to strengthen their security posture, reduce risk and eliminate tool sprawl. Join this session, led by Perimeter 81’s VP of Product, Tal Laufer, to learn more about the modern workforce trends impacting security. Discover how one company was able to replace their open-source VPN and rapidly scale their network security with Zero Trust Network Access delivered through unified, SASE technology.
3:00 PM ET
Advancing zero trust security strategy
Aaron Rose, Security Architect & Evangelist – Office of the CTO, Check Point Software
Today, Check Point reports that globally, there were 40% more attacks weekly on organizations in 2021 compared to 2020. The zero trust architecture, now over 20 years in the making, must evolve to support modern-day challenges. In the past 24 months, underlined by the shift of employees.
3:30 PM ET
KEYNOTE | The quest for “absolute zero”: Common gaps in zero-trust architectures and why they persist
Bryan Willett, CISO, Lexmark International
A full-fledged zero-trust architecture typically doesn’t materialize all at once. Organizations often develop it in phases as they gradually mature their zero-trust programs over time. During this maturation process, gaps in zero-trust practices can form – creating potential weak spots. This session will look at some of the most common holes in zero-trust architectures, the business reasons why these gaps form and linger, and what steps can be taken to close them.