List of talks and abstracts for May 18th and May 19th.
Event Guide
May 18tH - 19th 2023
Information 04.
History of Day of Shecurity 05.
Sponsors 06.
Virtual Schedule Overview 12.
Main Stage 13.
Future of Cybersecurity & Trending in Cybersecurity 16. Cybersecurity Career, Emotional Intelligence, & Leadership 19. Privacy, Privacy Tech, Trust, & Data 22.
DAY OF SHECURITY
02
Security Operations 25. Governance, Risk, & Compliance 28. Interactive Workshops 31.
In-Person Schedule Overview 33.
Main Room 34.
8th Floor MPR 38. 7th Floor MPR 40.
Contact Us 42.
DAY OF SHECURITY
03
Careers posted by Sponsors Two weeks prior
dayofshecurity.com/careers Password required
Talks will be recorded Virtual & Onsite
Available in the "Replay" section after the event Interact with speakers and other participants through the chat feature There are chats for the event, stages, session rooms, & booths. The tab above the chat box will tell you where you are chatting Networking allows you to randomly meet new people. Try it out and make a connection!
DAY OF SHECURITY
04
Day of Shecurity (DOS) started with a Shecurity Bootcamp Lunch & Learn at the Lookout offices in 2017. From there, DOS was born with its inaugural conference in San Francisco. The first virtual conference was held on March 23, 2021. DOS continues 2023 with a continuation of a virtual conference and a return to smaller, regional, IRL events.
2017, Jun. - SF: Shecurity Bootcamp
2018, Jun. - SF: DOS Conference
2019, Feb. - Boston: DOS Conference
2019, Sept. - Toronto: DOS Conference
2019, Oct. - SF: DOS Conference
2021, Mar. - Virtual: DOS Conference
2021, Oct. - Virtual: DOS Conference
2022, May - Virtual: DOS Conference
DAY OF SHECURITY
05
FOUNDING SPONSORS
DAY OF SHECURITY
06
PREMIERE SPONSORS
DAY OF SHECURITY
07
VIP SPONSORS
DAY OF SHECURITY
08
GOLD SPONSORS
DAY OF SHECURITY
09
BRONZE SPONSORS
DAY OF SHECURITY
10
CONTRIBUTING SPONSORS
DAY OF SHECURITY
1 1
IN-KIND SPONSORS
DAY OF SHECURITY
1 1
VIRTUAL SCHEDULE
9:00 - 9:25 am Networking 9:25 - 9:30 am
Opening Remarks
9:30 - 9:55 am Keynote 10:00 am - 12:00 pm VIP Talks Program Sessions 12:00 - 1:00 pm Visit the Expo Networking 1:00 - 2:25 pm VIP Talks Program Sessions 2:30 - 2:55 pm Keynote 2:55 - 3:00 pm Closing Remarks
DAY OF SHECURITY
12
MAIN STAGE
Speakers: Brenley Brotman & Deidre Diamond Talk Time: 9:25 AM - 9:30 AM PT Opening Remarks
Keynote: Cheat Codes for Success Speaker: Amy Devers Talk Time: 09:30 AM - 09:55 AM PT
Speaker: Annapurna Saripalli Talk Time: 10:00 AM - 10:25 AM PT VIP Microsoft: Data Security
DAY OF SHECURITY
13
MAIN STAGE
Speaker: Mary Nelson Talk Time: 10:30 AM - 10:55 AM PT VIP Lookout
VIP CyberSN: VIP CyberSN: Kick, Kiss, Push: Productive Confrontation Conversations Speaker: Deidre Diamond Talk Time: 11:00 AM - 11:25 AM PT
Speakers: Jemima Samuel, Alicia Zheng, & Saswata Dash Talk Time: 11:30 AM - 12:00 PM PT VIP AWS: Tag, You’re It
DAY OF SHECURITY
14
MAIN STAGE
Speakers: Masha Sedova, Caroline Wong, Diana Kelley, & Elena Elkina Talk Time: 1:30 PM - 2: 25 PM PT How To Build A Personal Brand That Boosts Your Career
Keynote: So You Want To Be A CISO Speaker: Jacqueline "Jack" Powell Talk Time: 2:30 PM - 2:55 PM PT
Speakers: Brenley Brotman & Deidre Diamond Talk Time: 2:55 PM - 3:00 PM PT Closing Remarks
DAY OF SHECURITY
15
FUTURE OF CYBERSECURITY & TRENDING IN CYBERSECURITY
Embedding Secure Frameworks In Stripe's Architecture Speaker: Caitriona Kelly Talk Time: 10:00 AM - 10:25 AM PT
Abstract: A goal of many security engineering teams is to build security guarantees into the foundations, achieving a secure-by- design platform where security is always on by default. However, this is a challenge as, more-often-than-not your platform is already live, and you are coming late to the party. Hear from Stripe about how they built and deployed application security frameworks with large-scale migrations to fundamentally protect their users. Incident Response Planning: The Ultimate Team Sport Speakers: Sneha Regmi & Bianca Sellinger Talk Time: 10:00 AM - 10:25 AM PT Abstract: Incident Management can be like a sport where you find out mid-game whether or not your team is playing well. Under pressure, you'll find out if your team is operating at the championship level or at the consolation level. Get ahead of the game through this session by learning how to prepare and respond to incidents efficiently and effectively. During this session, you will learn how to build an incident response plan, navigate cross-functional relationships, build critical incident response playbooks and test the plan before an actual crisis. These skills transfer over to complex situations in any industry, and at any level, including crisis management at the executive level.
DAY OF SHECURITY
16
FUTURE OF CYBERSECURITY & TRENDING IN CYBERSECURITY
Decoding the Attacker's Mind: Unraveling the Use of ChatGPT for Cyber Offense Capabilities
Speaker: Bri Frost Talk Time: 11:00 AM - 11:25 AM PT
Abstract: By now, everyone has heard of ChatGPT, used it, and discussed how it will change the cyber and tech communities. But have you considered how it can be used against us? Even if we aren't utilizing ChatGPT and other upcoming AI platforms and adapting them into our security routine, cyber attackers are. And they are using it to outpace us quickly. This talk will explore how upcoming AI platforms are being used by cyber attackers to conduct offensive attacks. It will discuss how attackers can train ChatGPT on specific topics, such as phishing, social engineering, or malware distribution, to generate persuasive and believable access vectors.
Avoid The Burnout: Do More With Less Speaker: Neha Ramdeo Talk Time: 11:30 AM - 11:55 AM PT
Abstract: Most security teams are so overwhelmed with operational work that they cannot focus on strategic work that improves the organization's security posture. As a result, they cannot reduce the company's security risk in a meaningful way but instead end up with burnt-out security engineers and teams. Join this talk to learn about what causes organizations to focus heavily on operational work, its side effects, what can be done about it and how to do more with less.
DAY OF SHECURITY
17
FUTURE OF CYBERSECURITY & TRENDING IN CYBERSECURITY
OT And Oh No! Why Cybersecurity In OT Matters
Speaker: Mandie Grosskopf Talk Time: 1:00 PM - 1:25 PM PT
Abstract: This session will dive into what Operational Technology, or OT, is, where it can be found, and the impacts of a cyber incident in this space, as well as potential solutions.
Inside the Insider Threat: Programs, Tools, and Careers
Speaker: Poppy Southcott Talk Time: 1:30 PM - 2:25 PM PT
Abstract: Advanced machine learning and AI tools help companies better detect and respond to data exfiltration and other insider threats, but handling insider risk requires more than incident response. Learn about the difference between insider risk and insider threats, the impacts of failing to address insider risk for technology companies, what to consider when developing an insider risk program, how AI and ML tools help reduce the resources needed for an effective program, and how you can leverage non-technical skills for this career path.
DAY OF SHECURITY
18
CYBERSECURITY CAREER, EMOTIONAL INTELLIGENCE, & LEADERSHIP
How To Find Your True Calling In Cyber Security
Speaker: Shruthi Kamath Talk Time: 10:00 AM - 10:30 AM PT
Abstract: Cybersecurity is a vast domain, and when you start out in the industry, it can seem really confusing. The huge range of options can make it difficult to decide which part is really your area of interest and what you need to do to be successful in what ultimately excites you. In this talk, hear about the experience of starting in a technical cybersecurity role to learning about the importance and benefit that communities bring and how, in the process, it connects to business roles in cybersecurity. The Case For Neuro-Diversity In Cybersecurity: Attract And Retain Neurodivergent Talent Speakers: Becky Miller & Dr. Aleise H. McGowan Talk Time: 10:30 AM - 11:25 AM PT Abstract: The current model used to attract neurodiverse talent to roles in Corporate America is broken. Companies tout their programs as being inclusive and supportive training grounds for stable careers. But these programs are ineffective. After onboarding is complete, many neurodiverse candidates are often met with exclusive spaces, permitted separatism, and unapologetic ableism. In this talk, we will outline actions organizational leaders can take to create and maintain talent programs and pipelines that support disabled and neurodivergent staff. We will also discuss strategies that support equity, and promote inclusion, based on sound educational pedagogy. These methods include the voices of disabled and neurodivergent workers and are aligned to industry standards.
DAY OF SHECURITY
19
CYBERSECURITY CAREER, EMOTIONAL INTELLIGENCE, & LEADERSHIP
Leveraging AI and Online Tools for Career Success Abstract: In security, connecting with others is even more crucial with the need to work across the organization, influence others, and provide training and education. Public speaking skills significantly impact your influence, whether presenting at an all- hands, leading a retro, sharing the management of a critical Sev incident, or working with teams to write secure code. In this talk, we'll discuss ways to present information based on content, audience, and format, as well as how to manage the anxiety so many people experience. Talk "Up” Your Career: Utilizing Public Speaking For Career Progression Speaker: Kelly Thibault Talk Time: 11:30 AM - 11:55 AM PT
Speaker: Lisa Saurs Talk Time: 1:00 PM - 1:25 PM PT
Abstract: The field of cybersecurity is vast, comprising millions of professionals worldwide. However, when it comes to reputation, this community can be surprisingly small. In today's hyper-connected and socially enabled workforce, a strong personal brand is essential for achieving rapid career success. This talk will explore practical steps that cybersecurity professionals can take to build their personal brand effectively, leveraging AI, generative text, organizational tools, personal CRMs, automation options, and how to manage their online presence while mitigating risk. While it may not be necessary to share every aspect of one’s personal life, leveraging these tools can help professionals take control of their professional narrative and establish a compelling online presence.
DAY OF SHECURITY
20
CYBERSECURITY CAREER, EMOTIONAL INTELLIGENCE, & LEADERSHIP
What They Don't Tell You About Leadership...
Speaker: Luz Angeles Talk Time: 2:00 PM - 2:25 PM PT
Abstract: Are you thinking about joining leadership? From the outside looking in it's easy to think leadership is all about motivating your team, buts that’s only the tip of the iceberg. Join me in my talk as I dive into what I wish I had been told about leadership by debunking stereotypes, reflecting on the most important skills actually needed, exploring core values, and being candid in what we truly want in a career.
DAY OF SHECURITY
21
PRIVACY, PRIVACY TECH, TRUST, & DATA
Zero Trust Approach For Securing Infrastructure And Data In Cloud
Speaker: Dr. Abhilasha Vyas Talk Time: 10:00 AM - 10:25 AM PT
Abstract: Cloud security is a shared responsibility model, customers are equally responsible for securing infra and data. With zero trust approach, we organisations can ensure the Secure access to resources and data in cloud. The talk will present a zero trust approach and the importance of zero trust architecture using white papers and documents from cloud service providers. Participants will understand the need for such an approach and can provide secure access to authorise identities. Integrating Privacy into Information Security Management Systems Speakers: Palak Pahwa & Yoko Washington Talk Time: 10:30 AM - 10:55 AM PT Abstract: ISO/IEC 27701 is an internationally recognized Privacy Information Management System standard, an enhancing extension of ISO/IEC 27001, that provides guidance on the protection and privacy of assets, including how organizations should manage personal information and demonstrate compliance with privacy regulations around the world, including GDPR. Tinder got ISO/IEC 27701 certified in Nov 2022, after rigorous and thorough independent assessments of our integrated Information Security and Privacy Management System. Join us on an overview of our journey moving from ISO/IEC 27001 certified to ISO/IEC 27701 certified.
DAY OF SHECURITY
25
PRIVACY, PRIVACY TECH, TRUST, & DATA
Privacy Threat Modeling In Practice
Speakers: Nandita Narla & Kim Wuyts Talk Time: 11:00 AM - 11:55 AM PT
Abstract: Threat modeling is an effective way to reduce privacy risk by anticipating what can go wrong and fixing issues early in the development lifecycle. However, applying privacy threat modeling frameworks to real-world scenarios is challenging due to complex data flows. In this hands-on workshop, we will introduce a systematic methodology for eliciting privacy threats (LINDDUN) and show you how to apply it to a real use case. Help Organizations Protect Against Doxing Attacks Speaker: Parul Khanna Talk Time: 1:00 PM - 1:55 PM PT Abstract: Doxing is a term derived from documents, and hence consists of collecting information on an organization or individual through social media websites, search engines, password-cracking methods, social engineering tools and other sources of publicly displayed information. The main purpose of doxing attacks is to threaten, embarrass, harass, and humiliate the organization or individual. Various tools are used to perform doxing. Tools such as Maltego visualize an organization’s architecture, which helps determine weak links within the organization. This presentation discusses different ways organizations and employees can be doxed and suggests measures to protect against doxing attacks.
DAY OF SHECURITY
26
PRIVACY, PRIVACY TECH, TRUST, & DATA
Models Of Applied Privacy (Map): A Persona Based Approach To Threat Modeling Speaker: Jayati Dev Talk Time: 2:00 PM - 2:25 PM PT Abstract: One element of Privacy by Design is to conduct privacy threat modeling to identify risks to users early. In this paper, we propose a systematic, lightweight privacy threat modeling framework based on attackers' personas that is easy to operationalize and scale. We validate the framework using a repository of 207 privacy breaches and implement it as a persona picker tool to identify, investigate, and remediate relevant threats based on the product developer's scope of privacy risk.
DAY OF SHECURITY
27
SECURITY OPERATIONS
Navigating The Unknowns Speaker: Archana Mendon Nandakumar Talk Time: 10:00 AM - 10:25 AM PT
Abstract: With the increase in the attack surface expansion, today security operation center teams are facing key challenges in actionable detection due to a lack of visibility and alert fatigue that creates monitoring blind spots. In this session, we would talk about the approach of how the convergence of cyber risks with key attackers’ TTP spanned across people, processes, and technology, will help prioritize operational SOC monitoring strategies and help improve detection efficacy as an outcome.
Home Labs for fun and !profit (Put your home lab on your resume!)
Speaker: Kat Fitzgerald Talk Time: 10:30 AM - 11:25 AM PT
Abstract: This is not a demo of everything in my home lab. It will include some info on honeypots, but just a little k8s (k3s) is fun, but has been known to cause breakups. Why are we here? Toys are fun, Security is fun, k8s is fun, I like breaking things, I like building things, I like breaking things I build, LEARNING NEVER ENDS! In this talk, we will cover basic hardware and software, especially focusing on virtualization, containers, k8s (k3s) and distributed management using Ansible. We will also cover how to manage multiple distros for learning, as well as a brief introduction to honeypots within your lab. (see longer description on Hopin)
DAY OF SHECURITY
28
SECURITY OPERATIONS
Beginners Guide To Mobile Application Penetration Testing Speaker: Whitney Phillips Talk Time: 11:30 AM - 11:55 AM PT Abstract: This session will be an introduction into mobile application penetration testing, it will start with a high-level overview of jailbreaking for iOS and rooting for Android. The presenter will then share tools and tips that will help someone new to this field get started.
Devsecops : The Inevitable Wave In Devops World
Speaker: Viraj Gandhi Talk Time: 1:00 PM - 1:25 PM PT
Abstract: Software is everywhere, and modern software consists of 80% of open-source components, automation of software delivery has amplified security risks. Software supply chain security incidents have been growing tremendously, which has changed cybersecurity priorities lately. We all have heard of the Solar Winds attack and how it was a catalyst for the industry to start bringing security into the DevOps culture and secure CI/CD pipeline. The talk will provide insight to the audience on what can go wrong when DevSecOps is not adopted in organizations by going over a few real-world famous attacks that happened in past like NPM supply chain attack issues, SolarWinds attacks, etc. Developers in DevOps attending this talk will take away key techniques to embrace a culture of DevSecOps and best practices on how to shift left from shift right. The talk will help developers in DevOps to broaden their knowledge and start thinking of adding security in DevOps and will guide them to the path of the DevSecOps world.
DAY OF SHECURITY
29
SECURITY OPERATIONS
Seven Steps To Implementing A Successful Incident Response Speaker: Amina Aggarwal Talk Time: 1:30 PM - 2:25 PM PT Abstract: Incident Response Preplans are created for security teams to respond to incidents in an efficient and effective manner. Most of the organisations today consider creating incident preplans as part of the operational security strategy but fail to engage the right teams when the incident happens which slows down the response to the incident. This talk covers the importance of creating IR preplans and how it can be created keeping in mind Business Continuity and Disaster Recovery planning.
DAY OF SHECURITY
30
GOVERNANCE, RISK, & COMPLIANCE
Speaker: Maria Bique Talk Time: 10:00 AM - 10:25 AM PT Combining GRC with ESG
Abstract: Most of the world is online, but not everyone has the skills to benefit from it. Our society is facing an increasing digital skill divide. It doesn't just correlate with growing socioeconomic divide, but it actually worsens it. Disadvantaged individuals are at risk of becoming even more disadvantaged as the increased cybersecurity threat landscape affects them disproportionately. As a result, our safety, democracy and future are at risk. What can we do as security and GRC professionals? This talk explores the synergies between impactful GRC and ESG programs.
passwordless - What, Why, and How Speaker: Pooja Agrawalla Talk Time: 10:30 AM - 10:55 AMPT
Abstract: Passwords are problematic. They are just bad — bad for security and bad for user experiences. The cost to manage and maintain passwords is very extremely high, and its user experience is not great. Yet, despite their shortcomings, passwords remain ubiquitous. The time has come to say farewell to the password. Fortunately, now, we can go passwordless with stronger security and a better user experience. This technical brief explores "what, why, and hows" to finally implement a passwordless authentication.
DAY OF SHECURITY
22
GOVERNANCE, RISK, & COMPLIANCE
7 Ways to Transform Your GRC Program Through Automation
Speaker: Heather Morris Talk Time: 11:00 AM - 11:25 AM PT
Abstract: Inefficient manual processes with disparate data triggers the need for changes in GRC programs. Join this session to learn 7 ways to streamline your GRC processes and gain additional benefits through the use of automation. Cloud Vendor Risk Management For Beginners Speaker: Christina Liu Talk Time: 11:30 AM - 12:00 PM PT Abstract: Companies of every size and industry must evaluate the security risks introduced by third-party apps and services. This talk will provide a primer for getting started on third-party cloud vendor review and risk management. Attendees will learn what risk acceptance is and how it works, what resources may be available to you, and what skills may help you pivot into this type of role. Preparing for a Zero Trust Security Strategy Speaker: Katie Greathouse Talk Time: 1:00 PM - 1:25 PM PM PT Abstract: We'll discuss the journey to a Zero Trust architecture and how a ZT strategy contributes to overall organizational resiliency. Zero Trust Strategy is an approach that enables protection against attacks both inside and outside the network. ZT requires continuous identification and verification of every user, device, and machine before granting them access to information systems. We'll also cover NIST's framework to ZT, the core design concepts and steps to prepare and strengthen a Zero Trust Architecture Strategy.
DAY OF SHECURITY
23
GOVERNANCE, RISK, & COMPLIANCE
Vendor Management: Tinder But Make It Corporate
Speaker: Terra Cooke Talk Time: 1:30 PM - 1:55 PM PT
Abstract: Who loves vendor management? No one. Who loves online dating? Also no one. But here we are with similarities like taking risks, putting your best foot forward, red flags and fishing, in pictures and for your business. Let’s compare the two things you love to hate and how to make mostly good choices.
Audit Prep Through Engineering & Compliance Collaboration Speaker: Paula Burke Talk Time: 2:00 PM - 2:25 PM PT Abstract: How technical should compliance professionals be? How much should engineers know about controls and policies? Compliance and audit-readiness can be challenging at even the most technically advanced companies, but partnership between compliance and engineering teams can enhance the security and effectiveness of any organization. This talk will introduce practical ideas for improving collaboration at audit time–and beyond–that are useful for both teams.
DAY OF SHECURITY
24
INTERACTIVE WORKSHOPS
Transform Accountability To Stop Burn Out
Speaker: Nicole Trick Steinbach Talk Time: 10:00 AM - 10:55 AM PT
Abstract: Burnout for cybersecurity, privacy, and compliance experts is skyrocketing. Over 75% of professionals report burnout symptoms, and 30% are actively planning to leave the profession – right when we are most needed. There are many levers to solve this complex problem; one powerful, immediate lever is shifting how you understand & implement accountability. Join this session to learn and explore a simple accountability mindset framework and start working less and collaborating more. Leading From The Inside Out: Explore, Embody And Express Your Unique Leadership Brand Speaker: Camille McKinney Talk Time: 11:00 AM - 11:55 AM PT Abstract: This session will encourage participants to focus less on the external factors blocking women from growing in their career, and empower them to focus on their own internal barriers to success. The presenter will share why her own career stalled, and the journey she took to overcome the belief that ‘working harder = success.’ The presenter will reveal how developing Self- Leadership is a path toward being more of the impactful leader she wants to be.
DAY OF SHECURITY
31
INTERACTIVE WORKSHOPS
Speaker: Kassy Murphy Talk Time: 1:00 PM - 2:25 PM PT Investigating Security Events ***Pre-registration required
Abstract: This workshop is a hands-on workshop designed to familiarize participants with how to investigate security incidents using Splunk and open source. This session will provide users a way to gain experience searching their data and asking specific questions related to a security investigation. Users will leave with a better understanding of the types of questions that need to be asked during a security investigation, how to identify the data required to answer these questions and how to develop searches that provide answers to the questions in order to advance your security investigation.
Pre-register here for this session.
DAY OF SHECURITY
32
IN-PERSON SCHEDULE
9:00 - 9:50 am
Registration & Networking
9:50 - 10:00 am
Opening Remarks
10:00 - 10:30 am Keynote 10:30 am - 12:00 pm VIP Talks Program Sessions 12:00 - 1:00 pm
Lunch & Lunch Panel
1:00 - 2:00 pm
Meet our Sponsors Networking
2:00 - 3:25 pm VIP Talks
Program Sessions
3:30 - 4:00 pm Keynote 4:00 - 4:10 pm
Closing Remarks
4:10 - 4:45 pm Networking
Chat with Sponsors
DAY OF SHECURITY
33
MAIN ROOM
Speakers: Brenley Brotman, Deidre Diamond, & Poshmark Representative Talk Time: 9:50 AM - 10:00 AM PT Opening Remarks and Welcome from Poshmark
Keynote: Questions are the Answers: 7 questions to Shape Your Security Career
Speaker: Swathi Joshi Talk Time: 10:00 AM - 10:25 AM PT
DAY OF SHECURITY
34
MAIN ROOM
Speakers: Nicole Grinstead, Neslihan Guler, Kim Eudaly, Jessie Duan, & Carrie Bartle Talk Time: 10:30 AM - 11:15 AM PT Abstract: The metaverse is rapidly evolving into a virtual world with immense potential for social, economic, and cultural growth. However, with this growth comes a significant challenge - how to scale security and safety in the metaverse to ensure that all users are protected from potential harm. In this talk, we’ll highlight security and engineering leaders from across Roblox, and the interesting challenges they are tackling to protect our users and their data. We’ll start by sharing our growth journey as a company and then will dive into four technical lightning talks where we’ll share about our work with PKI automation, detection of undesirable content on Roblox, bootstrapping and maturing security policies, and the security and anti-cheat measures of the Roblox game engine. VIP Roblox: Scaling Security & Safety in the Metaverse
DAY OF SHECURITY
35
MAIN ROOM
Three Tactics to Land A Job In Cybersecurity
Speaker: Malinda Coler Talk Time: 11:20 AM - 12:00 PM PT
Abstract: This session will discuss how to get hired in Cybersecurity. Malinda will share three proven tactics to land a job: Key Results Statements, Elevator Pitch, and Networking Blurb. This is an interactive session where attendees will practice material in breakout rooms. 1. Learn how to write a Key Result Statement to be used on resume, LinkedIn, and more 2. Build your Elevator Pitch using a Key Result Statement to ace phone screen interviews 3. Learn how to convert your Elevator Pitch into a Networking Blurb to land networking calls and interviews
Speakers: Divya Karthik, Dhanya Kunnath Rajappan, & Lauren Serrano Talk Time: 12:15 PM - 1:00 PM PT VIP Poshmark: Collaboration Of Technology & Security
DAY OF SHECURITY
36
MAIN ROOM
VIP Lookout: Lookout VIP Talk: Negotiating Strategies for Women
Speaker: Jan D'Alessandro Talk Time: 2:00 PM - 2:30 PM PT
Panel: Giving Back To The Cybersecurity Community
Speakers: Lisa Hall, Matt Torbin, Swathi Joshi, Tad Whitaker, & Kelly Thibault (moderator) Talk Time: 2:25 PM - 3:25 PM PT Abstract: We often talk about getting involved and giving back, but sometimes you don't know where or how to start. Join two of the DOS co-founders and three of the advisory board members for a panel on getting involved and giving back to the cybersecurity community. The panel will be moderated by Kelly Thibault, Executive Director at Secure Diversity.
DAY OF SHECURITY
36
MAIN ROOM
Speaker: Lisa Hall Talk Time: 3:30 - 3:55 PM PT Keynote: The Future of your Security Team
Speakers: Brenley Brotman & Deidre Diamond Talk Time: 4:00 PM - 4:10 PM PT Closing Remarks
DAY OF SHECURITY
37
8TH FLOOR MPR
Use Your Words: Communication For Tough Security Transformations
Speakers: Breanne Boland Talk Time: 10:30 AM - 10:55 AM PT
Abstract: It’s great to know what you need to do to make your company or product more secure, but how do you make it happen? Before all the super-cool hacker antics, you have to get people to agree that the work is necessary and that your proposed way is the best way. This means getting everyone on board, including non-engineers, people who aren't sold on what you're proposing, and even colleagues who try to stay out of tech things altogether. How do we convince them? This talk presents strategies to convince people using their language, demonstrate complicated subjects in easier-to- understand ways, and sometimes use outright bribery. At the end, you’ll understand how to shape people’s behavior and use skills you may already have to get the hard work done. Automate What's Working: Shipping Machine Learning Models In Security Speakers: Samantha Zeitlin Talk Time: 11:00 AM - 11:25 AM PT Abstract: If you've ever wondered how machine learning is used to detect malware and advanced persistent threats, this talk is for you. First, data scientists work with threat researchers to understand what features to use, curate training data, prototype a model, and validate the results. Usually, getting the right data is the hardest part. But after that, we still have to package up the model and get it onto the customer's machine, or into their cloud environment. In this talk, I'll walk through how that all works in a production system, including how we and others evaluate how well our models are doing in the real world.
DAY OF SHECURITY
38
8TH FLOOR MPR
Navigating the security engineering career ladder
Speaker: Lakshmi Sudheer Talk Time: 11:30 AM - 11:55 AM PT
Abstract: Are you a security engineer looking to advance your career to the next level? Join me to learn about the essential technical and soft skills, strategies for setting clear career goals, and tips for overcoming common career obstacles. This talk is perfect for junior and mid-level security engineers looking to level up their careers and become industry leaders.
The Hitchhiker's Guide To Joining The Open- Source Community And Contributing To Kubernetes Speaker: Cailyn Edwards Talk Time: 2:00 PM - 2:55 PM PT Abstract: Far out in the uncharted backwaters of the unfashionable end of the internet lies a small unregarded, yet passionate community of open source projects. Cailyn will walk you through her journey to this community, and share lessons she learned along the way. At the end of this talk you will have a better idea of where to look for projects that need support, and how to select impactful ways to start contributing.
DAY OF SHECURITY
39
8TH FLOOR MPR
Volunteering FTW: Giving Back and Getting Ahead Speaker: Tabatha DiDomenico Talk Time: 3:00 PM - 3:25 PM PT Abstract: Volunteering exposes you to new people, opportunities, and ideas that can boost your knowledge, network, and career while giving back to the infosec community. Based on her experiences as a serial conference volunteer, Tabatha shares a peek behind the curtain, the many benefits of volunteering (hint: it's more fun than most networking events), and how you can get involved today. We'll discuss some suggested roles for new volunteers, managing your time and energy and documenting your experience. Attendees will leave with plenty of tips and insights, ready to make the most of their volunteering experiences and unlock new opportunities for personal and professional growth.
DAY OF SHECURITY
39
7TH FLOOR MPR
Speakers: Savanna Smith & Shiri Bendelac Talk Time: 10:30 AM - 11:25 AM PT Introduction To AI Red Teaming
Abstract: As artificial intelligent (AI) become ubiquitous, we must evaluate the inherent risks across data collection, data processing, storage, and deployment. AI red-teams simulate adversaries to erode the efficacy of a system or to leak sensitive information. This talk provides a primer on AI red- teaming, emphasizing the impact on high-stake scenarios. The future needs AI and cyber security professionals working in collaboration to ensure AI systems are designed with privacy, security, and robustness at their core.
How To Succeed In A Security Interview
Speakers: Merisa Lee & Div Joshi Talk Time: 11:30 AM - 11:50 AM PT
Abstract: Div and Merisa have interviewed and been interviewers for security roles for a combined 20+ years. Their experience covers detection & response, application security, bug bounty, vulnerability management, technical program management, GRC, and manager roles. They will discuss some skills that they look for and how to best approach and prepare to avoid common pitfalls they’ve seen in candidates.
DAY OF SHECURITY
40
7TH FLOOR MPR
GRC As A Foundation For Cyber Security
Speaker: Beck Norris Talk Time: 2:00 PM - 2:25 PM PT
Abstract: Good for a refresher as well as an introduction if you're exploring control frameworks; this session will introduce and reinforce Governance, Risk, and Compliance (GRC) as a base foundation for cyber security, no matter the type of business at play. GRC principles can be operationalized to create an entire Information Security program, and frameworks and guidelines can be tailored to suit specific business needs. This session will cover the basics of two primary security frameworks NIST and ISO 27001 and provide a high-level overview of the similarities and differences of each and will point listeners in the direction of how to identify additional supporting frameworks/guidelines depending upon the context of the need in play.
Jailbreak Your Brain: Stop Anxiety From Stopping You
Speaker: Sandy Hawke Talk Time: 2:30 PM - 3:25 PM PT
Abstract: Cybersecurity pros need a break. Whether you're a threat hunter, incident responder, or a CISO, stress is an inevitable part of the job. Leaving it behind - as soon as your hands lift off the keyboard - is not always so easy. Learn how self-hypnosis can do more than just take the pressure off. As a regular practice, self-hypnosis can release anxiety, maintain focus, and increase self-awareness, communication skills, and overall confidence.
DAY OF SHECURITY
41
CONTACT US
dayofshecurity.com/sponsorship
/company/dayofshecurity
sponsorDOS@securediversity.org
@DayofShecurity
/c/dayofshecurity
DAY OF SHECURITY
42
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42 Page 43 Page 44 Page 45Powered by FlippingBook