PAST EVENTS

Security Architecture Strategies: Chicago (Rosemont/O’Hare), Illinois

 

Strategies to secure business driven enterprise architecture.

 

October 19, 2023

 

9:00am-5:00pm

 

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

 

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

Overview

 

In order to build and run applications securely there are key architectural components that need to be in place. Without infrastructure components like proper encryption, standard authentication methods and logging standards developers are challenged to build secure applications. Without proper pre-production testing and event logging / analysis knowing if an application is under attack and should you worry when it is becomes virtually impossible. With the advent of containers and the ability to scale application across different platforms the problem only gets compounded.

 

This conference will present the key architectural components your company should have in place that will allow you to build, run and monitor applications more securely.

What You Will Learn

 

The C-suite understands that security policies and controls have a direct impact on the ability of organizations to respond to business disruption.

 

In this one day in-person conference, attendees will learn:

  • Outpacing Adversaries: Elevating Defensive Tactics to Automate Resilience
  • Optimizing Risk Framework Assessments, Controls Assessments, and Risk Registers
  • AI and Potential Security Impact on the Business Architecture
  • Securing Your DevOps Infrastructure
  • How Enterprise IT Security Executives are Bolstering Their Architecture (Panel Discussion)

 

Conference Price: $299.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

CONFERENCE AGENDA

8:00am – 9:00am: Registration and Continental Breakfast

9:00am – 10:00am:  Optimizing Risk Framework Assessments, Controls Assessments, and Risk Registers

 

Derek Milroy, Information Security, U.S. Cellular

 

Join us as we kick off the day with information on:

 

  • Risk Register Journey – The journey from saved e-mails, to excel, and beyond!
  • Risk Analysis Basics – Start with Qualitative, add a dash of Quantitative, and maybe some due care and diligence elements?
  • Remediation and Road mapping fun.
  • Reducing BIAS in Analyses, hopefully logical fallacies too.
  • Threat Modeling Primer – Integrating Threat Intel into Risk Analysis processes and procedures.
  • 3rd Party Risk Concerns, 4th Party Risk Concerns, everything’s a party!!!

 

 

Milroy

 

10:00am – 10:30am: Refreshment & Exhibit Break

10:30am – 11:30am: Outpacing Adversaries: Elevating Defensive Tactics to Automate Resilience

 

Adam Cole, Director of Security Operations, LifeOmic, LLC

Dave Patton, Principal Solution Architect, BlinkOps

 

Adversaries today are adapting faster than we are.  They have started to use ChatGPT and other LLM or Automation tools to deal blows that we simply can’t keep up with using manual effort. Our teams must adapt and begin to utilize similar technologies in order to keep apace.

 

Some key takeaways:

  • What are low level automations that teams can use today?
  • How do you go about implementing and measuring your automation capability?
  • What attack patterns are adversaries developing and using that introduce new risk?

 

 

Cole                            Patton

 

11:30am – 12:30pm: Securing Your DevOps Infrastructure

 

Brad Wyatt, Solutions Architect, Cloud Solutions Group (CSG), PSM Partners

 

The IT field continues evolve and traditional physical infrastructure deployments are moving to a more automated code-first approach. Automation can provide consistency across different deployments and configuration changes en masse, but with an ever-changing landscape how can you ensure that your code, pipelines, and runbooks remain secure?

 

In this session we will explore some of the ways to keep your secrets, secret. From using secret stores in code-based deployments to encrypting variables in different automation platforms, learn what tools are available to help guarantee that your company won’t suffer a security incident at the expense of efficiency.

 

In 2021, companies leaked more than 6 million passwords, API keys, and other sensitive data types doubling the number from the prior year. On average, 3 out of every 1,000 commits to GitHub leaked a secret with more than half of the secrets consisting of credentials to either data storages, cloud providers, encryption keys, development tools, or messaging platforms. Upon conclusion of this session, you will have the necessary knowledge and tools to secure your DevOps and Automation practices.

 

 

Wyatt

 

12:30pm – 1:30pm: Lunch & Exhibit Break

1:30pm – 2:30pm:  Fireside Chat: AI and Potential Security Impact on the Business Architecture 

 

John Kellerhals, Chairman, Infragard Members Alliance

 

 

Kellerhals

 

2:30pm – 3:00pm: Refreshment & Exhibit Break

3:00pm – 4:00pm:  How Enterprise IT Security Executives are Bolstering their Architecture (Panel Discussion)

 

In this session, attendees will learn from a panel of executives as to how they are partnering with the business while making sure they are bolstering their architecture.

 

Moderated by: Dan Horwich, President & Executive Director, CAMP IT Conferences

 

Panelists include:

  • Florentin Zlatea, Head of Enterprise Architecture for Cybersecurity and Infrastructure, The Kraft Heinz Company
  • James Mountain, Director of Information Security, Palmer College of Chiropractic
  • Laszlo Gonc, Founder, Next Era Transformation Group
  • Paul Glidden, Security Architect, Procore Technologies
  • Other InfoSec Leaders sharing experiences and lessons learned

 

 

Horwich                       Zlatea                      Mountain                          Gonc                           Glidden

 

Conference Price: $299.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

 

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

CONFERENCE SPONSORS