Earn up to 6.5 CPE credits by attending this virtual event.
This past March, the CyberRisk Alliance shared the results of its Zero Trust research survey. While only 36% of organizations had fully implemented Zero Trust, 47% of organizations said they plan to follow suit within the next year.
From the results, it’s clear that Zero Trust remains a high priority for organizations, but there are still gaps in capabilities that are slowing down adoption. So how can organizations effectively roll out a “never trust, always verify” security model?
On October 11-12, SC Media will host practitioners and experts who will share their experiences and insights on this trending topic, including:
– Proving the merits of Zero Trust and achieving stakeholder buy-in
– Perfecting your Zero Trust workflows, policies and implementation strategies
– Determining which solutions will best enable Zero Trust for you
Tuesday, October 11 Agenda
OPENING KEYNOTE | 11:00 AM | Think you achieved Zero Trust? Not so fast
Companies can be quick to boast that they have deployed a full-fledged zero-trust program — when in fact they are actually at the beginning of a long journey fraught with challenges and setbacks. This session will examine some of the key omissions and oversights that companies are guilty of when rolling out a zero-trust strategy. It will challenge your perceptions of what actually constitutes a mature zero-trust program, while asking the question if there is any room for exceptions to least-privilege policies if you want to achieve true zero-trust status.
PLATINUM SESSION | Identity-focused security for your zero trust journey
Ryan Terry: Sr. Solutions Product Marketing Manager, Okta
With increasingly distributed workforces and the rise in identity-based attacks, identity has become the de facto perimeter for organizations today. Identity is the foundation of a zero trust architecture, as you need to ensure the right people have the right level of access, on the right device, to the right resource, in the right context. Learn how a comprehensive, identity-first security strategy can tie the complexities of protecting people and assets together in a seamless experience.
GOLD SESSION | Fortinet’s universal ZTNA enables secure application from anywhere security
Eric Schwake: Director of Product Marketing, Fortinet
Today’s hybrid workforce has increased the attack surface of organizations everywhere. Whether working from home or while traveling, employees need the same access to applications and quality of protection and control as when they are on-site.
Fortinet’s Universal ZTNA brings together the industry-leading technologies and tools to provide a solution which helps secure and control access to applications for employees and their devices wherever they’re working.
RESEARCH SESSION | CRA Study: Zero trust adoption faces ongoing headwinds
Bill Brenner: VP of Content Strategy, CyberRisk Alliance
Dana Jackson: VP of Research, CyberRisk Alliance
Security practitioners participated in a September 2022 study about their challenges, strategies, and successes with zero trust. In this session, CRA VP of Content Strategy Bill Brenner and CRA VP of Research Dana Jackson discuss the key takeaways.
GOLD SESSION | What are the 3 main stages of zero trust and why does it matter to you?
Suzi Jacobs: Zscaler
Alignment is the key to a future-proof cloud strategy that can adapt to shifting business needs in any organization. Being in IT, you play an important role in guiding all parties toward alignment on the project phases, expectations and outcome.
In this session we’ll walk through:
• A brief history of zero trust and the 3 main stages
• The unique approach offered by the Zero Trust Exchange, and why a comprehensive zero trust architecture matters
CLOSING KEYNOTE | 2:00 PM | Privacy: The forgotten Zero Trust ingredient
Does the team responsible for your company’s zero-trust implementation include a privacy professional among its ranks? If not, you may be missing a key source of expertise and perspective. According to privacy expert Dr. Lisa McKee, CISOs and other traditional security pros are sometimes so heavily invested in the technology and architecture behind zero trust that they don’t spend enough time mapping the company’s sensitive data and crafting responsible data stewardship policies to protect that information. Join Dr. McKee in this eye-opening session for a better understanding of what dedicated privacy professionals can bring to the table when formulating zero trust policies and strategy.
Wednesday, October 12 Agenda
OPENING KEYNOTE | 11:00 AM | Zero trust perceptions and misconceptions: An MIT study
The concept of zero trust is gaining credibility in both the public and private sector. Even so, businesses are closely watching how federal agencies are currently implementing their presidentially mandated zero-trust architectures in order to learn from their successes and their mistakes. After all, there is still much to untangle in terms of how organizations can optimally build, test and evaluate the solutions and capabilities needed to enforce zero-trust policies. One organization looking to demystify zero trust, while dispelling common misconceptions around it, is the Massachusetts Institute of Technology’s Lincoln Laboratory, which recently studied 10 companies and government organizations that adopted zero-trust strategies. This session will explore many of the insightful findings, takeaways and recommendations that MIT researchers gleaned from their study.
PLATINUM SESSION | Have zero trust in your zero trust
Robert Shields: Director of Data Security, PMM, Cohesity
Zero Trust provides the guiding principles for strict access controls and network schemes to improve the security of information systems. However, threat actors may eventually breach these controls through vulnerabilities or social engineering. Expect that breach to happen and be prepared by having strong recovery capabilities that are designed to withstand and recover from ransomware and other catastrophic events.
THOUGHT LEADERSHIP PANEL | Zero trust from a risk professional’s POV
Jerald Dawkins: CTO, Cerberus Sentinel
Jack Jones: Chairman, FAIR Institute
Rajeev Gupta: Co-founder and Chief Product Officer, Cowbell Cyber
To what extent does a successful zero-trust initiative quantifiably reduce risk calculations? Enough to satisfy the strict compliance requirements of your internal GRC professionals? Enough to qualify your company for cyber insurance coverage, and perhaps even reduce your premiums? In this session you’ll hear from a panel of risk experts and discover just how much impact zero trust can actually have on the cyber risk assessment process.
SILVER SESSION | Zero Trust: where do you think you’re going?
Helen Patton, Advisory CISO Cisco Secure/Duo
Nothing in security ever stays still, and Zero Trust is no different. While many organizations have begun their journey to zero trust, the elements and opportunities are changing. In this session, we’ll review where zero trust is today, where it is going tomorrow, and how to plan for the zero trust of the future.
CLOSING KEYNOTE | 1:30 PM | SASE & zero trust: Networking + security all under one umbrella
Among companies that lean heavily on cloud-based services, the relatively new concept of Secure Access Server Edge, or SASE, has presented security professionals with a viable road map to zero trust. Combining wide area network (WAN) capabilities with cyber services such as security web gateway, CASB, firewalls as a service and zero trust network access (ZTNA), SASE has become one of the hotter security buzzwords since entering the cyber lexicon in 2019. But what exactly are the advantages of pursuing zero-trust via a broader SASE-based architecture? This session will seek to answer this question, from the perspective of a CIO that has implemented this very approach.
*Please check back for updates to this agenda*