Filter by

Reset

Tuesday, September 17, 2024 | 2:00 PM - 6:00 PM
Registration
Wednesday, September 18, 2024 | 7:00 AM - 7:00 PM
Registration
Wednesday, September 18, 2024 | 8:00 AM - 8:45 AM
Continental Breakfast
Wednesday, September 18, 2024 | 9:00 AM - 10:30 AM
Keynote Sessions

9:00AM - 9:35AM
Opening Remarks
By Kevin Mandia, Security Advisor, Google Cloud

9:35AM - 10:10AM
Ransomware: Cyber's Evolving Cash Cow
With Kim Zetter, Brett Callow, Kimberly Goody, and Allan “Ransomware Sommelier” Liska

10:10AM - 10:30AM
Emerging Threats: What You Need to Know Now
With John Hultquist and Margi Murphy

Kevin Mandia
Kevin Mandia, Strategic Advisor, Google Cloud
John Hultquist
John Hultquist, Chief Analyst, Mandiant Intelligence at Google Cloud
Margi Murphy
Margi Murphy, Reporter, Bloomberg
Allan “Ransomware Sommelier” Liska
Allan “Ransomware Sommelier” Liska, Senior Security Architect and Ransomware Specialist, Recorded Future
Brett Callow
Brett Callow, Managing Director, FTI Consulting
Kim Zetter
Kim Zetter, Cyber & National Security Journalist,
Kimberly Goody
Kimberly Goody, Head of Financial Crime Analysis, Mandiant, Google Cloud
Wednesday, September 18, 2024 | 10:00 AM - 7:00 PM
Expo
Wednesday, September 18, 2024 | 10:30 AM - 11:00 AM
Morning Break
Wednesday, September 18, 2024 | 11:00 AM - 11:20 AM
Adaptive Use Case Management (UCM) for Incident Detection and Response, in an Evolving Threat Landscape

In an age where cyber threats are constantly evolving, traditional incident detection and response methods are no longer sufficient. This presentation delves into the strategies for developing adaptive use case management that can keep pace with the ever-changing threat landscape. We will discuss the importance of continuous monitoring and playbook optimization using real-time threat analysis, for more effective detection and response capabilities. Participants will learn how to create and maintain dynamic use cases that align with their organization's security objectives, ensuring a robust defense against sophisticated cyber attacks. Through case studies and practical advice, we will illustrate how adaptive use case management can transform incident response processes and fortify cybersecurity resilience.

Geordie Marin
Geordie Marin, Use Case Management Team Lead, CyberProof
Sponsor Track
Wednesday, September 18, 2024 | 11:00 AM - 11:30 AM
The Cloud Security Blind Spot Support Group: Discuss Attack Surface Management in the Cloud
Andras Borbely
Andras Borbely, Technology Solutions Consultant, Google Cloud Security
Birds of a Feather
Wednesday, September 18, 2024 | 11:00 AM - 11:45 AM
Geopolitical Catalyst - How the Russia-Ukraine War has changed the Hacktivist Landscape

Hacktivism has been present in the threat landscape for decades but since 2022 it has significantly changed to geopolitical motivated activity. This presentation provides understanding of the hacktivist landscape and provides some innovative methodologies to track and monitor the threat landscape. This talk will explore what the geopolitical catalyst was for the shift in Hacktivist activity. How hacktivism has changed. What type of attacks we see and the type of groups using them. What the overall intent and motivations of the Hacktivist groups are. It will explain that Hacktivist activity and information operations are largely entwined. It will explain a new methodology on how to track and monitor Hacktivist groups, by putting them into categories - with four key ones being presented. This talk will challenge traditional views on cyber threats, by shifting the focus from technical indicators and capability to looking at intent to drive analysis. Many organizations are struggling to understand how to view hacktivism in terms of the threat landscape, this talk aims to clarify misconceptions and provide clearer understandings of the Hacktivist threat landscape.

Davyn Baumann
Davyn Baumann, Senior Analyst, Mandiant, Google Cloud
Intelligence
Wednesday, September 18, 2024 | 11:00 AM - 11:45 AM
Blurred (Identity) Lines: Encryption in Cloud and Impact on Security and Data

Cloud Encryption is seen as a valuable component of a robust data security strategy. But what does cloud encryption actually offer in terms of security? Cloud Encryption has multiple different types including Cloud Service Provider Managed and Customer Managed. Depending on the type - the security offered can range from another robust layer of access control to a false sense of security. In this talk, we’ll cover the following:

  • Types of encryption (such as CSP Managed, Customer Managed)
  • Default encryption for services in cloud.
  • How cloud encryption impacts data perimeters.
  • How cloud encryption translates into and impacts cloud identity and access management.
  • Best practices and considerations for how to implement cloud encryption and data security in cloud.
Jason Kao
Jason Kao, Founder, Fog Security
Cloud Security
Wednesday, September 18, 2024 | 11:00 AM - 11:45 AM
Long Live: Effects of the Longtail of Dwell Times

The cybersecurity industry celebrates the reduction of dwell times. The latest M-Trends report states the global median dwell time is 10 days; however, more than 10% of incidents investigated had dwell times of more than 6 months—with some at over 5 years. In this session we will discuss the motivations and tactics behind attacks with various dwell times, and the impact these attacks can have on organizations. Guidance will be provided for how to hunt for these types of intrusions, as well as steps to take to temper these squatters.

Kirstie Failey
Kirstie Failey, Principal Threat Analyst, Mandiant, Google Cloud Security
Kerry Matre
Kerry Matre, Head of Mandiant PMM, Mandiant, Google Cloud
Security Threats and Exploits
Wednesday, September 18, 2024 | 11:00 AM - 11:45 AM
Secure Remote Identity Verification in the Era of Generative AI

In the digital era, safeguarding remote identity verification is critical. Inherence-based security factors are the most trusted way of verifying users whether they’re customers or the workforce, but deepfakes and synthetic media pose significant challenges. To combat deepfake attacks, science-based biometrics as a service can enable remote identification for customers and workforce that is reliable, easy to administer, and almost effortless to use. This should start at onboarding and continue at risk-based inflection points throughout the identity lifecycle. This talk will explore challenges to enabling remote identity across the enterprise and share best practices from customers in the most security conscious organizations around the world By understanding the implications of generative AI on remote identity verification, organizations can develop effective strategies to ensure the security and integrity of their remote identity verification systems, protecting against deepfakes and other synthetic media-based attacks, and maintaining user trust and privacy.

Andrew Bud
Andrew Bud, CEO & Founder, iProov
Intersection of AI and Cybersecurity
Wednesday, September 18, 2024 | 11:00 AM - 11:45 AM
Developing Effective SOC Capabilities using a Knowledge-Based Approach to People, Processes, and Technology

Preventing, detecting, and responding to cybersecurity events increasingly depends on an organizations ability to match security operations needs with the correct people, process, and technology requirements. At the heart of this dependency is the robust, mature, and capable Security Operations Center (SOC). However, existing cybersecurity frameworks are limited and not designed for developing capable, effective SOCs. This is because there is no single approach to SOC development. Organizational needs are unique and therefore the roles, services, and tools needed for the SOC to support organizational mission and goals must also be unique. Developing or improving a SOC is a process which must be flexible. To assist organizations is this process, the SEI has developed OSCAR, the Ontology for SOC Creation Assistance and Replication. OSCAR is a structured knowledge base developed using description logics which organizes SOC knowledge in to 5 domains and more than 80 classes. Built based on interviews with SOC experts and years of institutional knowledge and experience, OSCAR provide new perspectives on SOC development and a new tool for teams to use when developing SOC capabilities.

Justin Novak
Justin Novak, Senior Security Operations Researcher, SEI
Security Operations
Wednesday, September 18, 2024 | 11:00 AM - 11:45 AM
Build a High Value Quantitative Risk Management Program on a Budget

Delve into the trenches with a pragmatic guide to implement quantitative risk management. Gain knowledge of methods for quantitative program design that comprise risk primitives, analysis approach, and workflow design. Risk primitives such as capacity, appetite, tolerance, and KRIs are described. Understand what modifications can be made to simplify operational use of FAIR for first timers and how to embrace Python and R for analysis with an open source approach. Be empowered to address workflow challenges using a simplified approach to the entire risk lifecycle from assessment intake and management to modeling and reporting output and finally risk decisions with trending and ROI analysis. Additionally, learn implementation and operation of the program design through people, process, and technology. Finally, close the gap for the last mile of transition to quant risk management and learn how to communicate and report risk from the boardroom to the team room.

Tim Anderson
Tim Anderson, VP of Compliance and Risk, ID.me
Matthew Harding
Matthew Harding, Dir, Risk Management, ID.me
Third Party and Cyber Risk Management
Wednesday, September 18, 2024 | 11:00 AM - 11:45 AM
Security Controls: Stupid but Important

Application teams often have to navigate a complex web of security teams and requirements in order to launch a secure and compliant solution. Once the solution has been launched, the teams have to survive audits and maintain the security of the application while keeping up with changing requirements and implementations, all while working hard to run and grow their business.

While regulatory complexity is a large contributor to the challenge, it can be further exacerbated by the lack of a clear, well lit path provided by legal, compliance, and security teams. Application teams often receive conflicting requirements and priorities from various teams, or follow a path that leads to them launching a solution that is security, but not compliant, or vise-versa? Security teams are often frustrated with the focus on compliance requirements, rather than leveraging them to meet shared goals.

Russ Ayres (Equifax) and Derek Coulson (Mandiant) will review how Equifax simplified its control requirements framework to help internal customers navigate security requirements more easily and enable proper auditing scoping and response using the Equifax Security Controls Framework.

Derek Coulson
Derek Coulson, Technical Leader, Mandiant
Russ Ayres
Russ Ayres, SVP Cyber, Deputy CISO, Equifax
Next Gen CISO
Wednesday, September 18, 2024 | 11:00 AM - 12:00 PM
Capture the Flag

Experience Google Threat Intelligence's CTF game – a thrilling cybersecurity experience – at the mWISE Expo. Players dive into a simulated threat hunt using real-world data from CISA, ransom notes, and the dark web. This hands-on challenge lets you practice with tools and data used by real investigators. By solving puzzles and analyzing evidence, you'll capture flags while learning valuable cybersecurity skills. Whether you're a beginner or an expert, this CTF is your chance to test your knowledge, compete against others, and gain practical threat intelligence experience.

Wednesday, September 18, 2024 | 11:30 AM - 11:50 AM
Security At Scale 2.0: Why 2024 is the Year for Outsourced SecOps

The necessity for diverse and outsourced managed security services (MSS) has never been more imperative than in today's cyber landscape. This presentation will outline the key drivers behind this growing need, including the usual suspects (people, process and technology), but also delve into modern challenges these programs must address such as the rise in cloud usage, generative AI, machine learning (ML) and more. Optiv has expanded its strategic alliance with Google Cloud to provide our clients with just that - a simplified approach to improving security maturity. Join us as we discuss Optiv MDR on the Google Security Operations platform and the variety of other ways we offer clients flexibility and scalability for their SecOps program.

John Pelton
John Pelton, Senior Director, Detection & Response, Optiv
Sponsor Track
Wednesday, September 18, 2024 | 11:45 AM - 1:30 PM
Lunch
Wednesday, September 18, 2024 | 12:00 PM - 12:30 PM
Threat Modeling at Scale: From One to Many
Dylan Marcoux
Dylan Marcoux, Principal Consultant, Mandiant
Timothy Watkins
Timothy Watkins, Senior Consultant, Mandiant
Birds of a Feather
Wednesday, September 18, 2024 | 1:00 PM - 1:20 PM
From Reactive to Proactive: Empowering Security Teams with Cutting-Edge Capabilities

See how Google Cloud Security pushes the boundaries on proactive, intelligence-driven security with a deep dive into the world of threat detection, investigation, and response (TDIR). Explore a use case with us that highlights the essential capabilities every security team needs to have in their arsenal.

Kristen Cooper
Kristen Cooper, SecOps Product Marketing, Google
TJ Alldridge
TJ Alldridge, Product Marketing Manager, Google Cloud Marketing
Alexa Rzasa
Alexa Rzasa, Sr. Product Marketing Manager, Google Cloud Security
Sponsor Track
Wednesday, September 18, 2024 | 1:00 PM - 1:30 PM
Security Awareness and Education
Teressa Gehrke
Teressa Gehrke, CEO, PopCykol
Birds of a Feather
Wednesday, September 18, 2024 | 1:00 PM - 2:00 PM
Capture the Flag

Experience Google Threat Intelligence's CTF game – a thrilling cybersecurity experience – at the mWISE Expo. Players dive into a simulated threat hunt using real-world data from CISA, ransom notes, and the dark web. This hands-on challenge lets you practice with tools and data used by real investigators. By solving puzzles and analyzing evidence, you'll capture flags while learning valuable cybersecurity skills. Whether you're a beginner or an expert, this CTF is your chance to test your knowledge, compete against others, and gain practical threat intelligence experience.

Wednesday, September 18, 2024 | 1:30 PM - 2:15 PM
Unlocking eBPF: The Future of App and Data Security

In an increasingly sophisticated era of cyber threats, having complete visibility into applications, API, and data is paramount. However, enterprises have their applications running across hundreds of hosts in multiple subdomains and building an inventory of such apps and data flows is very difficult, if not impossible.

Enter eBPF (Extended Berkeley Packet Filter), a revolutionary technology that extends the capabilities of the Linux kernel, enabling real-time visibility into running apps regardless of their language and framework.

This talk explores the transformative power of eBPF in modern security engineering. Attendees will learn how eBPF's dynamic tracing and filtering capabilities provide unparalleled visibility into application, data flow, and API behaviour, allowing for proactive vulnerability detection and risk assessment.

Discover how integrating eBPF into your security strategy can safeguard your applications and data against evolving cyber threats, ensuring robust and resilient protection for your digital assets. Join us to unlock the full potential of eBPF and step into the future of app and data security.

Kiran Sama
Kiran Sama, Staff Security Engineer, Coupang
BUCHI REDDY BUSI REDDY
BUCHI REDDY BUSI REDDY, CEO, Levo, Inc
Security Engineering
Wednesday, September 18, 2024 | 1:30 PM - 2:15 PM
From Job Interview to Crypto Heist: How North Korea sponsored threat actor stole crypto currencies

This talk exposes a sophisticated cyber-espionage campaign orchestrated by a North Korean threat actor targeting a cryptocurrency company. Threat actor tactics, techniques, and procedures (TTPs), that inclued social engineering to gain initial access, in-depth source code reviews, and exploitation of a logical vulnerability that resulted in the exfiltration of millions of dollars worth of cryptocurrency.

Through the lens of real-world investigations, the threat actor's motivations and the broader implications of their activities will be analysed. Furthermore, this talk will shed light on the lack of robust security monitoring in cloud environments, a critical factor that contributed to the success of this attack. The importance of implementing comprehensive security measures in cloud infrastructures to mitigate the risk of similar attacks in the future will also be discussed. Attendees will gain valuable insights into the evolving landscape of cyber threats, and the vulnerabilities often present in cloud environments.

This knowledge will empower organizations to better understand and defend against sophisticated cyber attacks targeting their valuable digital assets.

Yi Han Ang
Yi Han Ang, Senior Consultant, Mandiant
Sun Pu
Sun Pu, Security Consultant, Google Cloud - Mandiant
Security Operations
Wednesday, September 18, 2024 | 1:30 PM - 2:15 PM
RaaS is Dead, Long Live RaaS: Evolution and Resilience in the Ransomware Landscape

Ransomware is evolving, challenging old paradigms and reshaping power dynamics. Our talk, "RaaS is Dead, Long Live RaaS," explores the shift from a hierarchical Ransomware as a Service (RaaS) to a decentralized model where affiliates gain autonomy. RaaS platforms, adapting to this change, now offer better incentives and support to attract skilled affiliates. We'll discuss how law enforcement crackdowns and the rapid advancement of hacking techniques have catalyzed these changes.

The presentation will also examine the ransomware industry's resilience and innovation, considering the implications for cybersecurity defenses. We aim to provide insights into the adaptability of digital extortion and its impact on future security strategies. Join us for a detailed look at the ransomware market's transformation and what it signifies for the fight against cybercrime.

John Fokker
John Fokker, Head of Threat Intelligence, Trellix
Security Threats and Exploits
Wednesday, September 18, 2024 | 1:30 PM - 2:15 PM
Leveling Up: Empowering Security Operations with AI

The year was 2023, and AI was everywhere. While consumers used Generative AI to help them with a variety of tasks, from image generation to helping them write emails or term papers, vendors were detailing their ever-evolving plans to add some type of AI to their existing solutions. The ideas ranged from the obvious, embedding it into spreadsheets, workbooks, search engines, and image editors, to the mind boggling, such as AI powered shoes, cat pain detectors and even AI powered toothbrushes. But what about cybersecurity, and security operations in particular? We all know the surveys that tell SecOps teams feel pressured, isolated, and eventually, burn-out, but analysts are often our first line of defense. We understand that detection can be hard, and rule writing takes several iterations to optimize results. Threat hunting is like looking for a needle in a pile of needles. AI promises a great leap forward in efficiency, and practicality. In this presentation, we will examine how AI can supercharge your security operations teams to drive these efficiencies and greater productivity, leading to better and faster detections, efficient analysis of threats, and rapid threat hunting.

Mike Epplin
Mike Epplin, Security Advisor, Google Cloud Security
Intersection of AI and Cybersecurity
Wednesday, September 18, 2024 | 1:30 PM - 2:15 PM
Leverage Your Threat Intel Providers and Gain a Competitive Advantage!

Digital transformation not only fundamentally changed the way we work, but it’s also expanded the current threat landscape exponentially. Today’s enterprise attack surface is dynamic, transitory, and has far more available for attackers to target than ever before, making it even harder to defend against threats. How can you leverage your threat intel and make it a competitive advantage?

Join Erin Joe, Office of the CISO at Google Cloud and former SVP at Mandiant as she discusses today’s threat landscape and the role threat intelligence plays in securing vulnerabilities in your attack surface with partners, Ryan Whelan, Managing Director and the Global Head of Cyber Intelligence at Accenture Security; and Michael Leland, Chief Cybersecurity Evangelist at SentinelOne.

Erin Joe
Erin Joe, Senior Executive, OCISO, Google Cloud
Michael Leland
Michael Leland, Chief Cybersecurity Evangelist, SentinelOne
Ryan Whelan
Ryan Whelan, Managing Director, Accenture
Intelligence
Wednesday, September 18, 2024 | 1:30 PM - 2:15 PM
Generative AI Cyber Incident Response Tabletop Exercise

Join April Mardock, CISO for Seattle Public Schools, as she teaches how to run a cyber incident response tabletop session with the help of Generative AI.

April will provide both a tabletop session that you can participate in dynamically, as well as teach you how to lead your own tabletop, and tune the exercise for your organization's strengths and weaknesses.

April Mardock
April Mardock, Ciso, Seattle Public Schools
Next Gen CISO
Wednesday, September 18, 2024 | 1:30 PM - 2:15 PM
The Cloud Security Paradox: Secure Cloud, Insecure Use?

The cloud is secure, right? Well, yes and no. Cloud providers invest heavily in security, largely exceeding what most organizations can achieve on their own. Yet, headlines scream of cloud breaches and leaks. What gives? The truth is, cloud security isn't merely a shared responsibility; it's a shared opportunity. The "customer's fault" narrative is too simplistic. It's not just about misconfigurations (though those are a major problem). It's about a fundamental disconnect between the cloud's potential for security and the realities of how organizations use it. In this talk, we'll dive into this paradox. We'll explore:

  • The Myth of "Set It and Forget It": Why cloud security requires ongoing vigilance and adaptation, not just ticking boxes.
  • The Shared Responsibility Model and Shared Fate: What you're truly responsible for, where the cloud provider steps in, and where you have to work together.
  • Secure by Design, Insecure by Default?: How to leverage cloud-native security features and avoid common misconfigurations.
Anton Chuvakin
Anton Chuvakin, Senior Staff Consultant, Google Cloud
Cloud Security
Wednesday, September 18, 2024 | 2:00 PM - 2:20 PM
The changing landscape of Threat Intelligence and Security Operations

PwC discusses their view on the threat landscape and how its influencing security operations transformation, Gain valuable insights into the successes, ROI and challenges faced by clients in overhauling their SecOps strategies.

Matthew Wilden
Matthew Wilden, Principal, Google Cybersecurity Alliance Leader, PwC US, PwC
Allison Wikoff
Allison Wikoff, Director, Global Threat Intelligence - Americas Lead, PwC
Sponsor Track
Wednesday, September 18, 2024 | 2:00 PM - 2:30 PM
Adversarial Deception Strategies
Rohan Durve
Rohan Durve, APT66, Mandiant
Paul Laine
Paul Laine, Senior Security Consultant, Mandiant
Birds of a Feather
Wednesday, September 18, 2024 | 2:30 PM - 2:50 PM
The Future of Log Collection: A Deep Dive into Scalable Security Log Collection

In this Deloitte sponsor session, we will address overcoming technical debt in security log collection and introduce a framework for engineering scalable data pipelines to enable complex use cases.

Alex Glowacki
Alex Glowacki, Senior Consultant, Deloitte
Sponsor Track
Wednesday, September 18, 2024 | 2:30 PM - 3:15 PM
Cloudpocalypse? Nah, We've Got This: Mastering Cloud Incident Response

Does your incident response plan account for the complexities of the cloud? This session empowers security professionals to seamlessly integrate cloud security considerations into their existing response strategy. We'll unveil the critical importance of a cloud-aware incident response plan and explore the unique challenges it presents. Dive deep into cloud-specific procedures for containment, eradication, and recovery, ensuring you're prepared for any cloud-borne threat. Next, we'll delve into the power of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) for advanced cloud incident response. Discover how these tools can streamline detection, investigation, and remediation, saving you valuable time and resources. The session concludes with practical guidance on building a robust cloud-aware incident response plan. Learn how to identify cloud-specific risks, define roles and responsibilities, and map out clear response workflows. We'll even explore the importance of conducting effective tabletop exercises to test your plan's efficacy and ensure your team is prepared to handle any cloud security incident with confidence.

Andras Borbely
Andras Borbely, Technology Solutions Consultant, Google Cloud Security
Cloud Security
Wednesday, September 18, 2024 | 2:30 PM - 3:15 PM
Looking Around Corners and Defending Against 'the security hotness'

Cybersecurity defenders face a constant challenge: balancing the need to adopt innovative technologies with the imperative to protect their organizations. Recent examples like Supply Chain Security, Large Language Models, and Generative AI highlight the tension between business demands and security concerns.

This talk presents a practical framework for evaluating and integrating new technologies into existing security programs and risk registers. We will address key decision points for ensuring safe and productive implementation within an organization. Attendees will learn how to:

  • Cut through the hype cycle and assess new technologies objectively.
  • Identify potential risks and develop mitigation strategies.
  • Communicate effectively with stakeholders, including CIOs, about the benefits and challenges of new technology adoption.
  • Make informed decisions that enable innovation while maintaining security.

By the end of this talk, attendees will be equipped to confidently navigate the introduction of new technologies without compromising their organization's security posture.

Taylor Lehmann
Taylor Lehmann, Director, Security Engineering, Office of the CISO, Google
Tim Crothers
Tim Crothers, Director, Office of the CISO, Google Cloud, Google
Next Gen CISO
Wednesday, September 18, 2024 | 2:30 PM - 3:15 PM
Lessons Learned from the Summer of Supply Chain Attacks

This panel will discuss the record-breaking number of supply chain attacks in the summer of 2023, highlighting key incidents such as 3CX, MOVEit, and Barracuda. The panel will discuss lessons learned, emerging trends, increased global cooperation and the shift in government expectations. The panel will address cyber preparedness and risk tolerance. The panel will offer thoughts on minimizing legal exposure, cyber reporting obligations, and handling threat actor communications, especially if company officials or family member are approached or threatened. Finally, the panel will discuss how cyber investigators can approach multi-cloud environments despite the many challenges these types of investigations present and how they can enhance incident response in complex environments. The panel will discuss the need for enhanced data protection and methods for enhancing security posture and incident preparedness. The panel will also address how the increase in supply chain attacks affected the way a company and counsel think about risks as well as the need to understand legal, regulatory, and contractual requirements in a complex environment.

Erin Joe
Erin Joe, Senior Executive, OCISO, Google Cloud
Lyn Brown
Lyn Brown, Of Counsel, Wiley Rein
Jennifer Burnside
Jennifer Burnside, Practice Leader, Crisis Communications, Google Cloud Security
Josh Waldman
Josh Waldman, Associate, Wiley Rein LLP
Third Party and Cyber Risk Management
Wednesday, September 18, 2024 | 2:30 PM - 3:15 PM
Understanding the ORBs: PRC Actors, Obfuscation Networks, and the Coming IOC Extinction

Since 2020 Chinese Espionage operations have fundamentally changed. Gone are the days of actor registered infrastructure and command and control reuse. A new practice of "Operational Relay Box" (ORB) networks has risen to obfuscate CNE network traffic via a TOR like network of registered VPS space and compromised end of life home routers.

This presentation will:

  • Demonstrate the ways ORBs have made blocking network IOCs Extinct
  • Provide a 4 quadrant signature and detection approach that will allow defenders and threat hunters to pivot through these complex networks. (Censys, YARA, Netflow, Active Scanning)
  • Define a scalable universal anatomy for talking about ORB networks and map signature types to these components.
  • Utilize an active PLA and MSS leveraged ORB network to provide real world examples of what manifestations of these ORB networks look like.
  • And Finally Shift the world view of network defenders from IOC blocking to detecting ephemeral infrastructure networks leveraged by multiple malicious APT actors.
Michael Raggi
Michael Raggi, Principal Threat Analyst, Mandiant, Google Cloud
Intelligence
Wednesday, September 18, 2024 | 2:30 PM - 3:15 PM
How GenAI is Shifting the Defender Landscape

Generative AI is shifting the defender landscape‚ from how practitioners do their job, to the user experience of the tooling, to how we think about securing AI workloads in the cloud. In this session, Google Cloud Security leaders will surface insights from conversations with CISOs, the latest Mandiant research, and Google DeepMind innovations to elucidate macro trends seen at the intersection of security and AI and what they mean for your organization. At a time when 88% of organizations have a difficult time investigating and responding to threats in a timely manner, you will also gain an understanding of real-world use cases for how AI is evolving the security lifecycle to be semi-autonomous, so defenders gain and maintain the upper-hand as threats continue to evolve.

Steph Hay
Steph Hay, Sr Director UX, Google Cloud
Umesh Shankar
Umesh Shankar, Chief Technologist, Google Cloud Security
Intersection of AI and Cybersecurity
Wednesday, September 18, 2024 | 2:30 PM - 3:15 PM
Versus Killnet

The infamous Russian hacktivist group, Killnet, operated as a rabid cyber army, orchestrated by a select few to create chaos and inflict harm. Despite its notoriety, investigating the true operators behind Killnet proved to be a significant challenge, given its checkered history and inconsistent behavior. However, through an in-depth investigation and direct confrontation with the gang, we shed the veil of secrecy shrouding the group and will share a compelling personal account detailing how we disrupted Killnet, plunging it into a death spiral. Our strategy to dismantle this cyber army hinged on identifying a critical vulnerability – its connection to the Russian illegal drug marketplace - Solaris. By exposing this nefarious link and diverting proceeds from the Russian drug operation to support a Ukrainian charity, we triggered widespread questioning of Killnet's leadership and actions. This created an instability and within the group and beyond, ultimately leading to loss of support of the Russian government and breaking of financial ties. As of the beginning of this year, Killnet changed drastically, leaving behind remnants of a group once synonymous with disruptive hacktivism.

Alex Holden
Alex Holden, Chief Information Security Officer, Hold Security, LLC
Security Threats and Exploits
Wednesday, September 18, 2024 | 2:30 PM - 3:15 PM
Supercharge Your Frontlines: Purpose-Built CTI for IR & SOC Success

This presentation examines a Cyber Threat Intel (CTI) team designed to integrate seamlessly with Incident Response (IR) and Security Operation Center (SOC) teams based on real world experiences from Mandiant’s Advanced Practices team. CTI provides organizations with context needed to understand adversaries, their tactics, and the industry or assets they target. Attendees will gain insight to help develop a CTI function of value to frontline defenders.

Key insights:

  • Action: Identify intel directly enhancing IR and SOC operations
  • Structure: Outline CTI team roles & skills needed to support frontline operations
  • Insights: Translate data into actionable intel 
  • Integration: Embed workflows & outputs into IR playbooks and SOC alert triage
  • Peril: Lessons from 15+ years of frontline CTI support

Attendee takeaways:

  • A CTI team blueprint, purpose-built for frontline operations
  • Methods to ensure output is timely, relevant, and actionable
  • Seamless frontline services integration strategies
  • Benefit from years of frontline CTI support experience

Ideal Audience: Security leads, CTI managers, SOC analysts & incident responders interested in maximizing CTI value

Nick Richard
Nick Richard, Senior Manager, Mandiant, now part of Google Cloud
Security Operations
Wednesday, September 18, 2024 | 3:00 PM - 3:20 PM
You have The Defender's Advantage. Capitalize on it!

The Defender's Advantage is based on the notion that you have control over the landscape where you will meet your adversaries. Come learn about the six critical functions of cyber defense and how to activate them. It is through this activation that you can ready your organization to face modern threats, confidently.

Kerry Matre
Kerry Matre, Head of Mandiant PMM, Mandiant, Google Cloud
Sponsor Track
Wednesday, September 18, 2024 | 3:00 PM - 3:30 PM
Microsoft Cloud (Entra ID/O365) Telemetry and Detection Opportunities
John Stoner
John Stoner, Principal Security Strategist, Google
Birds of a Feather
Wednesday, September 18, 2024 | 3:15 PM - 3:45 PM
Afternoon Break
Wednesday, September 18, 2024 | 3:45 PM - 4:30 PM
At the breaking point: is your email safe against ransomware and state-sponsored attacks?

As cyber threats become increasingly sophisticated, driven by generative AI, organizations need robust, proactive defenses. This session reveals how AI-powered collaboration tools using the principles of Zero Trust provide a critical first line of defense against email-based attacks, empowering secure work from anywhere.

Rancho Iyer
Rancho Iyer, Specialists Customer Engineering Manager, Google
Adam Ehret
Adam Ehret, SVP IT, Equifax
Adam Currie
Adam Currie, VP, CISO, HCL Software Products LTD
Security Engineering
Wednesday, September 18, 2024 | 3:45 PM - 4:30 PM
Serverless Security: A Holistic Approach to Managing Risk in the Cloud

Serverless computing revolutionizes app development, but introduces unique security challenges due to its dynamic nature and reliance on third-party services. Drawing on insights from Google Cloud's security practices and real-world incidents, this talk explores the root causes of significant vulnerabilities exploited over the past decade. We'll delve into critical issues such as insecure coding practices, supply chain attacks, and misconfigurations, illustrating their potential consequences. Through data-driven insights attendees will gain actionable recommendations for hardening serverless security.

Serverless security is not solely about safeguarding individual applications; it has far-reaching implications for the entire cloud ecosystem. The interconnected nature of serverless architectures means that a vulnerability in one component can cascade, potentially compromising multiple services and users. Therefore, a holistic approach to serverless security is essential, encompassing not only secure coding practices within applications but also robust protection for the underlying infrastructure, data storage, and network communications.

Charles DeBeck
Charles DeBeck, Cyber Threat Intelligence Expert, Google LLC
Cloud Security
Wednesday, September 18, 2024 | 3:45 PM - 4:30 PM
The Dark Side of Innovation: Generative AI in Cybercrime

The landscape of cyber threats is undergoing a transformative shift with the integration of Generative AI (GenAI) technologies by cybercriminals. This presentation delves into how GenAI tools are increasingly being adopted in the cybercrime arena, highlighting specific cases where these technologies have been utilized for malicious purposes. We will explore a range of examples including phishing attacks crafted with AI-generated content, the use of deepfakes for identity fraud, and AI-driven network intrusion techniques.

The presentation will then pivot to discuss future predictions, suggesting potential new vectors of cyber attacks powered by further advancements in AI technologies.It will also critically analyze the escalating arms race between cybersecurity measures and AI-enhanced cybercrime methodologies.

Finally we will challenge the audience to consider whether the rise of AI in cybercrime is a trend of necessity or opportunity, and what this means for the future of both cybersecurity strategies and criminal tactics. We will delve into the implications of AI's dual-use nature, reflecting on how its potential for misuse shapes the evolving landscape of cybersecurity.

John Fokker
John Fokker, Head of Threat Intelligence, Trellix
Intersection of AI and Cybersecurity
Wednesday, September 18, 2024 | 3:45 PM - 4:30 PM
Analyzing VirusTotal's Malware Executables Collection with LLMs

VirusTotal has been using Large Language Models (LLMs) to analyze malware for over a year, starting with macros and scripts. This experience gave us a good grasp of what LLMs can and can't do. But the real challenge was always executables. So, we took on a huge task: disassembling all the binaries and memory dumps in VirusTotal and using LLMs to figure out how they work.

In this talk, we'll share what we've learned from this massive project. We'll be upfront about the challenges of using LLMs on complex malware and the wins we've had, including how LLMs provide an approach for pivoting that shows very promising early results.

Come hear our story and get a glimpse of the future of malware analysis with AI. We'll have a real talk about how (besides the hype) there are areas where LLMs are making a real difference and what's next in this exciting field.

Vicente Diaz
Vicente Diaz, Threat Intel Strategist, VirusTotal
Intelligence
Wednesday, September 18, 2024 | 3:45 PM - 4:30 PM
Improving Healthcare Incident Response in the Wake of Recent Healthcare Breaches

Recent prominent breaches at healthcare organizations have proven that the healthcare sector is a primary target for financially motivated threat actors. The extended recovery times associated with these incidents have demonstrated that there exists opportunities for improvement in the incident response and management programs.

Using the NIST incident response framework as a template, we will highlight improvements in preparation, detection, containment, and recovery phases as applicable to the healthcare sector. Healthcare is a critical industry quite literally impacting people’s lives. Ensuring that this important service is available to the public at all times is a necessity. Through the changes suggested in this talk, an incident response program will be able to meet goals of confidentiality, integrity, and availability.

To highlight an example of the talk, we will discuss building automations through a Security Orchestration and Response tool to automate containment of suspected infected hosts.

Christopher Tanzer
Christopher Tanzer, Director, Cyber Investigations & Response, McKesson
Lawrence Taub
Lawrence Taub, Consulting Leader, Mandiant
Security Operations
Wednesday, September 18, 2024 | 3:45 PM - 4:30 PM
Secure-by-Default: Tackling Shared Libraries

Shared libraries are common in code development to increase efficiency, and provide a well-developed set of subroutines and functions. When a vulnerability is discovered in a shared library, it poses a serious risk to any organization that used that library - think Log4j. But, in the scenario that the vulnerability is not disclosed or fixed by the open source project and developers are unaware that they need to reconfigure it, this exposes organizations to even greater risk. In this session Mandiant and Ivanti will detail the discovery, remediation and disclosure of a vulnerability in the Apache XML Security for C++ library, which is part of the Apache Santuario project. By default, the library resolves references to external URIs passed in Extensible Markup Language (XML) signatures, allowing for server-side request forgery (SSRF). There is no way to disable this feature through configuration alone, and there is no patch available. Mandiant reported the non-secure default configuration in xml-security-c to the Apache Software Foundation (ASF). The ASF did not issue a CVE or a new release of xml-security-c.

Jacob Thompson
Jacob Thompson, Staff Vulnerability Engineer, Mandiant
Daniel Spicer
Daniel Spicer, CSO, Ivanti
Security Threats and Exploits
Wednesday, September 18, 2024 | 3:45 PM - 4:30 PM
Rites of passage as a CISO

Join Kevin Mandia and seasoned CISOs discuss what you need to know to be a successful CISO.

Kevin Mandia
Kevin Mandia, Strategic Advisor, Google Cloud
Next Gen CISO
Wednesday, September 18, 2024 | 4:45 PM - 5:30 PM
Unmasking the Hidden Danger: The Critical Role of Insider Threat Penetration Testing

Insider threats pose a significant and increasing risk to organizations across industries. The Insider Threat Pen Test is a novel approach to cyber security that proactively identifies and addresses vulnerabilities stemming from both accidental malicious insider and this presentation delves into the methodology behind this Pen Test, illustrating how it complements traditional external penetration testing by focusing on internal systems, processes, and human behavior. Through in-depth case studies from various sectors, we showcase the actionable insights gained from this approach. These insights empower organizations to strengthen their security culture, implement targeted mitigation strategies, and foster a proactive cyber security mindset. Attendees will learn how the Insider Threat Pen Test can be leveraged to reduce the risk of data breaches, intellectual property theft, operational disruptions, and other costly consequences of insider threats. Ultimately, this presentation demonstrates how the Insider Threat Pen Test serves as a business enabler, enhancing organizational resilience and safeguarding critical assets in an ever-evolving threat landscape.

Ian Trimble
Ian Trimble, Insider Risk Manager, Google
Shahzad Azad
Shahzad Azad, Technical Manager - Insider Risk Services, Mandiant, Google Cloud
Third Party and Cyber Risk Management
Wednesday, September 18, 2024 | 4:45 PM - 5:30 PM
Knock Knock... Who's There? Threat Actors! Real-World Case Studies in Cyber Defense

Cyberattacks are now an inevitability, with Threat Actors targeting organizations of all sizes and sophistication.

This presentation confronts this reality, focusing on proactive defense strategies against these relentless threats. This presentation will go through real-world case studies, to dissect recent breaches and close calls, and what the defenders had to do in order to detect, respond and protect the organization.

The presentation goes beyond threat identification; it showcases successful real-world defense strategies, offering practical approaches to mitigate risks, detect anomalies, and respond dynamically to attacks. Topics covered include threat intelligence sharing, incident response protocols, and fostering a security-conscious culture all the way to the board level.

By showcasing organizations that have successfully defended against cyberattacks, the presentation inspires confidence and provides a roadmap for building resilient cybersecurity frameworks in todays rapidly changing environment.

Ryan Malfara
Ryan Malfara, Principal Consultant, Google
Lyle Sudin
Lyle Sudin, Managing Director and Senior Client Advisor, Mandiant, part of Google Cloud
Security Threats and Exploits
Wednesday, September 18, 2024 | 4:45 PM - 5:30 PM
Things We Think And Do Not Say: A Mission statement for incident responders and crisis managers

Microsoft, like many organizations, is under constant attack by sophisticated actors. Responding to attacks by sophisticated actors requires coordination across multiple groups with sometimes competing interests. In this session we identify the critical challenges experienced in dealing with a large-scale compromise including providing clear and actionable intelligence to multiple stakeholders while actively investigating, containing, and remediating the event, quickly addressing telemetry gaps or visibility gaps, and challenges associated with working with cross-disciplinary teams.

Roberto Bamberger
Roberto Bamberger, Senior Principal Security Research Manager, Microsoft Corporation
Security Operations
Wednesday, September 18, 2024 | 4:45 PM - 5:30 PM
Gaining Trust in Zero Trust

A key skill we use every day is collaboration – but how can you collaborate if you don't have trust? I address this topic in "Gaining Trust in Zero Trust." Working in the cybersecurity space, we embrace the motto "zero trust" – but this mindset can creep into our everyday interactions. A whirlwind tour of history reveals how this concept evolved (for example Mikhail Gorbachev and President Ronald Reagan discussed "trust, but verify!") I offer a few tips to help gain trust with any type of research findings: don't embarrass anyone, don't speculate, and be genuine – report the actual findings, even if it's a bitter pill.

Luis Rodriguez
Luis Rodriguez, Lead Research Practitioner, Trellix
Next Gen CISO
Wednesday, September 18, 2024 | 4:45 PM - 5:30 PM
Minimizing Permissions for Cloud Forensics: A Practical Guide for Tightening Access in the Cloud

This talk addresses a critical challenge for security operations centers (SOCs) and incident response (IR) teams in cloud environments: minimizing the permissions required for forensic investigations while maintaining efficient collaboration with cloud teams. Key topics include:

  • The Power of Dedicated Forensics Accounts: Learn why creating dedicated GCP/AWS/Azure forensics accounts can be a best practice, along with implementation steps
  • Extracting Data from Containers: Discover various methods to acquire data from containers, including sidecars, snapshots of the container filesystems, and the Kubernetes API
  • Temporary Credentials for Secure Access: We'll delve into assigning temporary credentials for cloud resources, using virtual machine snapshots as an example
  • Leveraging Tagging for Granular Permissions: Explore how tagging resources can minimize the permissions needed for specific investigations
  • RBAC Best Practices for IAM: Gain insights into best practices for Role-Based Access Control (RBAC) within IAM, specifically tailored for security operations and incident response teams
Christopher Doman
Christopher Doman, CTO, Cado Security Ltd
Cloud Security
Wednesday, September 18, 2024 | 5:30 PM - 7:00 PM
Welcome Reception
Thursday, September 19, 2024 | 7:00 AM - 5:30 PM
Registration
Thursday, September 19, 2024 | 8:00 AM - 8:45 AM
Continental Breakfast
Thursday, September 19, 2024 | 9:00 AM - 10:30 AM
Keynote Sessions

9:00AM - 9:25AM
Cybersecurity brought to you by the letter V
By Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA)

9:25AM - 10:00AM
Countering Sophisticated Threats: Insights from the Frontlines
With Charles Carmakal, Christofer Hoff, Kimberly Peretti, and Steven Martin

10:00AM - 10:30AM
How Will We Know When AI Becomes Truly Intelligent?
With David Eagleman

Kevin Mandia
Kevin Mandia, Strategic Advisor, Google Cloud
Charles Carmakal
Charles Carmakal, Chief Technology Officer, Mandiant Consulting, Mandiant, Google Cloud
Christofer Hoff
Christofer Hoff, Chief Secure Technology Officer, LastPass
Kimberly Peretti
Kimberly Peretti, Partner, Alston & Bird
Steven Martin
Steven Martin, Chief Information Security Officer, UnitedHealth Group
Jen Easterly
Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA)
David Eagleman
David Eagleman, Neuroscientist, Stanford | Host of PBS's The Brain | Host of Top Science Podcast Inner Cosmos,
Thursday, September 19, 2024 | 10:00 AM - 5:30 PM
Expo
Thursday, September 19, 2024 | 10:30 AM - 11:00 AM
Morning Break
Thursday, September 19, 2024 | 11:00 AM - 11:20 AM
Building Cyber Resilience in a World of Weaponized GenAI

GenAI has created a dichotomy between risk and opportunity. AI enables threat actors to rapidly produce sophisticated attacks, while CISOs are concerned about weaponization, data leakage, model poisoning, and bias. This session investigates AI risks and how to build resilience with GenAI.

Sean Morton
Sean Morton, SVP, Strategy & Services, Trellix
Sponsor Track
Thursday, September 19, 2024 | 11:00 AM - 11:30 AM
Cloud Incident Response: Roundtable Discussion Sharing Strategies for Surviving Cloudpocalypse
Andras Borbely
Andras Borbely, Technology Solutions Consultant, Google Cloud Security
Birds of a Feather
Thursday, September 19, 2024 | 11:00 AM - 11:45 AM
Navigating the SEC Cyber Rule: Exercising to drive compliance

In the world of cybersecurity, staying compliant with the SEC Cyber rule is a top priority. But what does this mean for your company's cyber security efforts?

In this session, we'll delve into the impact of the SEC Cyber rule on your organization's cyber security strategy, process, and governance. But that's not all. We'll also explore the vital role that conducting robust ransomware exercises plays in refining your incident and annual disclosures.

Not only will we address the operational aspects of disclosure, but we'll also highlight how executive and board-level involvement is crucial in refining your cyber disclosures. Collaboration between roles tht have different perspectives, such as CISO, CIO, GC, and CFO, is essential when it comes to addressing ransomware incidents, ensuring effective cyber disclosures, and when to discuss these critical issues with the board.

Don't miss out on this opportunity to gain valuable insights, enhancing your understanding and impact of the SEC Cyber rule and enabling you to confidently address ransomware incidents and drive effective cyber disclosures.

Matt Gorham
Matt Gorham, Senior Managing Director, PwC
Security Operations
Thursday, September 19, 2024 | 11:00 AM - 11:45 AM
Cyber Threat Simulation & Emulation - An Intelligence Use Case

Cyber Threat Simulation vs. Emulation: A Comparative Overview

Cyber Threat Simulation

  • How it works: Simulates realistic attack scenarios within a controlled environment. This often involves deploying software agents or scripts that mimic the behaviors and techniques of real-world threats.
  • Focus: Primarily assesses the effectiveness of existing security controls, incident response procedures, and employee awareness.
  • Benefits: Safely tests defenses without risking damage to production systems. Provides valuable insights into potential weaknesses and areas for improvement. Offers a training ground for security teams to practice response and mitigation strategies.

Cyber Threat Emulation

  • How it works: Replicates the specific behaviors and characteristics of known malware, specific attacker groups or attack tools.
  • Focus: Deeper analysis of specific threats to understand their capabilities, propagation methods, and potential impact.
  • Benefits: Allows for in-depth threat research and analysis. Aids in the development of more targeted detection and mitigation strategies. Can help assess the effectiveness of specific security products against known threats.
Robert Feeney
Robert Feeney, Principal Cyber Consultant, Mandiant
Hatem Mohamed
Hatem Mohamed, Senior Red Team Consultant, Google Cloud - Mandiant, Google
Intelligence
Thursday, September 19, 2024 | 11:00 AM - 11:45 AM
Tales of Cloud Compromise: Lessons Learned from Mandiant Investigations in 2023

Mandiant's front-line experiences in incident response reveal common overlooked areas leading to cloud compromises. Drawing on numerous technical case studies, we cover patterns and offer strategies to fortify cloud environments: 1) Living off the Land (in the Cloud): We observe that intrusions often stem from traditional on-premise systems like Active Directory, VMware infrastructure, and MDM/EDR tools. Our discussion will delve into how these platforms can be safeguarded to prevent such incidents. 2) Extended Attack Surface: Cloud and hybrid environments naturally extend organizational attack surfaces. This section will explore the challenges posed by inadequate controls, the sprawl of credentials and the array of tools attackers utilize to exploit these vulnerabilities. 3) Third-Party Access: 2023 has seen a significant rise in incidents involving third parties and Managed Service Providers. We'll tackle the critical question: How can organizations continue to engage third parties without compromising their security posture? We will also cover proactive defense strategies and robust incident response capabilities to protect and react swiftly to threats within cloud environments.

Will Silverstone
Will Silverstone, Senior Consultant, Mandiant
Omar ElAhdan
Omar ElAhdan, Principal, Mandiant/Google Cloud
Cloud Security
Thursday, September 19, 2024 | 11:00 AM - 11:45 AM
The Good, the Bad, and the “What the Hell Were you Thinking': Clarifying the Rules of Engagement when Working with Managed Service Providers

Managed Service Providers (MSPs) play a pivotal role in modern IT supply chains. However, law enforcement agencies, including the FBI and the Cybersecurity & Infrastructure Security Agency (CISA), have repeatedly warned about the increasing focus of cybercriminals on MSPs. Given their ubiquitous access to client networks and industry-specific vulnerabilities, MSPs have rapidly become a target of choice for threat actors.

In this session, we will delve into the cybersecurity risks associated with outsourcing to an MSP and what your organization can do to mitigate these risks. By highlighting real-world incidents, we’ll review how organizations have been victimized, the key lessons learned (for both the client and MSP), and the essential steps to address similar attacks. By the end of this session, participants will have gained valuable insights into establishing clear rules of engagement and aligning ongoing security expectations with their MSP. This session is essential for both MSPs and the organizations that use them, as it emphasizes the importance of collaboration to ensure a resilient and secure IT environment.

Brian Horton
Brian Horton, Founder, Managing Director, Breadcrumb Cybersecurity
Third Party and Cyber Risk Management
Thursday, September 19, 2024 | 11:00 AM - 11:45 AM
Weaponized Convenience: Inside the Rise of Remote Tool Abuse

In an era of remote work and distributed IT environments, remote administration tools (RATs) and remote monitoring and management (RMM) tools have become indispensable for system admins and managed service providers (MSPs). However, the same features that make these tools efficient also make them attractive targets for malicious actors. Advanced threat actors are increasingly leveraging legitimate RATs and RMMs to gain unauthorized access to networks, bypassing traditional security controls and evading detection.

This presentation will provide an overview of the growing trend of weaponized remote access. Attendees will be guided through compelling real-world examples, dissecting the tactics, techniques, and procedures (TTPs) employed by adversaries to leverage these tools for malicious purposes. Furthermore, actionable insights will be provided, empowering organizations to enhance their detection capabilities and fortify their defenses against such sophisticated attacks. By understanding the evolving threat landscape and implementing effective countermeasures, attendees will be better equipped to safeguard their systems and data from the perils of weaponized remote access.

Fernando Tomlinson
Fernando Tomlinson, Technical Manager, Incident Response, Mandiant/ Google Cloud
Nader Zaveri
Nader Zaveri, Senior Manager - Incident Response & Remediation, Mandiant/Google
Security Threats and Exploits
Thursday, September 19, 2024 | 11:00 AM - 12:00 PM
Capture the Flag

Experience Google Threat Intelligence's CTF game – a thrilling cybersecurity experience – at the mWISE Expo. Players dive into a simulated threat hunt using real-world data from CISA, ransom notes, and the dark web. This hands-on challenge lets you practice with tools and data used by real investigators. By solving puzzles and analyzing evidence, you'll capture flags while learning valuable cybersecurity skills. Whether you're a beginner or an expert, this CTF is your chance to test your knowledge, compete against others, and gain practical threat intelligence experience.

Thursday, September 19, 2024 | 11:30 AM - 11:50 AM
Impacts of AI in Security

Artificial Intelligence is a pervasive part of our lives today and cybersecurity teams and adversaries alike have learned to harness the speed and power of machines to strengthen their capabilities. With machine learning becoming one of the most important tools of defense, leaders must balance the overwhelming speed and accuracy advantage of AI with the need for measured and intuitive interactions with a real-world human element. Join this session to discuss:

  • What these trends mean for security teams.
  • What happens when the velocity of innovation outpaces the capabilities of human intellect.
  • The evolving role of automation in the effective practice of securing our digital world.
Chris Boehm
Chris Boehm, Global Field CISO, SentinelOne
Sponsor Track
Thursday, September 19, 2024 | 11:45 AM - 1:15 PM
Rewards of Risk Lunch sponsored by PwC and Google Cloud

Sponsors PwC and Google Cloud Security host a special luncheon: Rewards of Risk Lunch with Guest Speaker Angie Morgan. Learn how to develop the clarity, confidence, and courage needed to bet on yourself. You will leave with the motivation and tools needed to develop a risk-taker mindset and begin building a more rewarding life. Join us 11:45 AM-1:15 PM in Room 505. RSVP here. (Limited seats available.)

Angie Morgan
Angie Morgan, Leadership Expert. Marine Corps Veteran. Executive Coach.,
Thursday, September 19, 2024 | 11:45 AM - 1:30 PM
Lunch
Thursday, September 19, 2024 | 12:00 PM - 12:30 PM
A conversation around Continuous Threat and Exposure Management (CTEM)
Daniel DeCloss
Daniel DeCloss, Founder / CTO, PlexTrac
Birds of a Feather
Thursday, September 19, 2024 | 1:00 PM - 1:20 PM
Operationalizing Cyber Threat Intelligence (Where, Why, How to Adopt for Optimal Effectiveness)

Despite advancements in threat intelligence, users continue to struggle with data overload and deriving actionable insights from volumes of raw data.This talk discusses a strategic approach to implementing threat intelligence at the network sensor and the SIEM to address this persistent challenge.

James Lagermann
James Lagermann, Director of Technical Alliances, Corelight, Inc.
Sponsor Track
Thursday, September 19, 2024 | 1:00 PM - 2:00 PM
Capture the Flag

Experience Google Threat Intelligence's CTF game – a thrilling cybersecurity experience – at the mWISE Expo. Players dive into a simulated threat hunt using real-world data from CISA, ransom notes, and the dark web. This hands-on challenge lets you practice with tools and data used by real investigators. By solving puzzles and analyzing evidence, you'll capture flags while learning valuable cybersecurity skills. Whether you're a beginner or an expert, this CTF is your chance to test your knowledge, compete against others, and gain practical threat intelligence experience.

Thursday, September 19, 2024 | 1:30 PM - 1:50 PM
Rubrik, Cyber Resilience meets IR

In the ever-evolving world of cybersecurity, dealing with cyberattacks has become a daunting challenge for organizations across the globe. The aftermath of such attacks can be catastrophic, leaving organizations stymied for weeks or even months as they scramble to determine the true scope of an attack through recovering their data and systems. A game-changing partnership between Rubrik and Mandiant is set to turn the tables on these malicious actors, dramatically reducing the entire intrusion lifecycle from initial detection through full recovery – all with the goal of keeping businesses running during ransomware attacks.

Carl Norwich
Carl Norwich, GTM Leader, Rubrik
Sponsor Track
Thursday, September 19, 2024 | 1:30 PM - 2:15 PM
Evolving Fraud Landscape: Trends, Tactics, and Tools for Staying Ahead

The fight against online fraud is a relentless arms race, constantly evolving with new threats and sophisticated tactics. This session will provide a deep dive into the latest trends in bot attacks, account takeovers, payment fraud, and SMS toll fraud. We'll uncover the evolving tactics used by fraudsters, from advanced automation and AI-powered attacks to social engineering and phishing schemes.

You'll gain actionable insights into building a robust fraud defense strategy that adapts to the dynamic threat landscape. We'll cover best practices for detection, prevention, and mitigation, including leveraging machine learning, behavioral analytics, and real-time risk assessment. We'll also discuss the importance of layering security measures and staying ahead of the curve through continuous monitoring and adaptation.

This session will equip you with the knowledge and strategies to proactively combat fraud, protect your customers, and safeguard your bottom line.

Josue (Sway) Fontanez
Josue (Sway) Fontanez, Product Manager, Google Inc.
Cloud Security
Thursday, September 19, 2024 | 1:30 PM - 2:15 PM
Threat Modeling as a Fitness Function: Iteratively Improving the Security Posture of your Software

Threat modeling is a key technique that is used to analyze what could go wrong in a given software architecture. More often than not, the main output of a threat modeling exercise is a list of mitigations for how to ensure that “what could go wrong” actually “doesn’t go wrong”. While critical, this process can be so much more. By fostering collaboration between security and product teams, threat modeling can strengthen relationships, build trust, and ultimately enhance your software's security. In this talk we outline how threat modeling can be used as a fitness function to iteratively improve the security posture of the software you are building. Instead of doing one shot threat models to enumerate and mitigate threats, we outline a new model where threat modeling takes input from a wide variety of other sources, ranging from threat intelligence to software development artifacts, and produces outputs in the form of mitigations, vulnerability research, and detections. We’ll then show how to tie these inputs and outputs into a feedback loop that improves the security posture of your organization over time while also building trust and better working relationships between teams.

Matt Shelton
Matt Shelton, Security Engineering Manager, Mandiant, Google Cloud
Security Engineering
Thursday, September 19, 2024 | 1:30 PM - 2:15 PM
Addressing Security Threats with Enhanced Caller Verification Methods

Explore the critical vulnerabilities of IT Help Desks and Call Centers. Learn how to address the alarming trend of security breaches stemming from insufficient authentication practices. Organizations apply Multi-Factor Authentication (MFA) to their online and mobile experiences, while leaving the IT Help Desk protected only by weak security questions. This is comparable to locking the front door while leaving the window open. Bad actors have noticed the open window of the IT Help Desk in a BIG way this year, using it as an entry point for breaches. Learn from real-world breaches, discuss existing security gaps, and discover how to effectively apply cybersecurity strategies specifically to IT Help Desks and Call Centers to reduce risks and operational costs. Key points: Introduction to IT Help Desk Vulnerabilities Identifying the Challenges with Traditional Verification Methods Real-World Consequences of Inadequate Security Exploring secure caller verification methods Q&A session

Tracey Nyholt
Tracey Nyholt, CEO and Founder, TechJutsu
Security Threats and Exploits
Thursday, September 19, 2024 | 1:30 PM - 2:15 PM
Wholesome Hashes for a DNS Breakfast: How to Chew Through Adversary Automation

In this day and age, malicious threat actors and APTs are leaning ever harder on AI and automation to speed up and obfuscate their operations. By utilizing hashes created from content, headers, SOA records, Name servers, and more, threat hunters can uniquely identify both the characteristics of malicious infrastructure that is unlikely to change and that which is changing rapidly. Both of which can be of critical value for defenders.

Automatically generated phishing pages with minor, target-specific changes can be found en-masse, rapidly rotating infrastructure can be picked out like the blinding eyesore it is, and seemingly innocuous infrastructure can be caught hiding amongst the sheep so that the wolves never get (or stay) in the fence line.

This talk will cover (in depth) how our threat hunters have utilized hashes, fuzzy hashes, and similarity searches to protect our clients and mitigate attacks before they are launched. Case studies will include 1 or 2 of the following: Scattered Spider, Latrodectus, Prolific Puma, SocGholish, Duke Eugene’s Android Malware, Meduza Stealer, as well as the malicious fake trading apps that we’re tracking via this method.

Kasey Best
Kasey Best, Director of Threat Intelligence, Silent Push
Security Operations
Thursday, September 19, 2024 | 1:30 PM - 2:15 PM
The Data Must Flow: An Analyst-First Perspective on the Next Age for SOCs

As data flowing into security operations centers has exponentially increased, analysts are increasingly tasked with scaling far beyond the level their tools and organizational design allow. With the era of "new" AI at our doorstep, we risk further burying our SOC analysts in more and more "data" to sift through. In an effort to combat this, we'll attempt to layout an analyst-first perspective for the new SOC that must rise to meet this challenge - one in which the human behind the analysis is the fulcrum for this new AI-assisted leverage, rather than an inconvenience to be replaced.

To accomplish this, we focus our attention and technology on amplifying the core work products of analysts while using automation to drive the machine - ensuring that every piece of analysis flows back into the system, lightening the load for future analysts and establishing an institutional "SOC memory" which new analysts can seamlessly leverage in their daily efforts.

Austin Baker
Austin Baker, Senior Staff Security Engineer, LinkedIn
Intersection of AI and Cybersecurity
Thursday, September 19, 2024 | 1:30 PM - 2:15 PM
Threat Modeling at Scale: From One to Many

In an ever-evolving threat landscape, organizations must proactively identify and mitigate security risks to safeguard their assets. This talk presents a practical roadmap for initiating and maturing threat modeling capabilities within an organization. We begin by demystifying threat modeling, emphasizing its role as a proactive risk management strategy rather than a reactive response to incidents. We outline a structured approach to introduce threat modeling, starting with identifying critical assets, defining scope, and conducting modeling exercises. Recognizing that threat modeling is an ongoing journey, we explore strategies for maturing capabilities over time. We delve into integrating threat modeling into the SDLC, fostering collaboration between security and developers, and continuously refining the modeling process based on lessons learned and emerging threats. This talk is designed for security professionals, developers, and decision-makers seeking actionable guidance on building a robust threat modeling program.

Dylan Marcoux
Dylan Marcoux, Principal Consultant, Mandiant
Timothy Watkins
Timothy Watkins, Senior Consultant, Mandiant
Intelligence
Thursday, September 19, 2024 | 2:00 PM - 2:20 PM
Active Cloud Risk: How to Combat the Most Critical Threats

Cloud has changed the way we develop, deploy, and scale apps. Traditional perimeter and end-point security does not address the distributed and ephemeral nature of cloud. Blind spots leave room for adversaries to go undetected. Security teams need to address active cloud risk in real time. Tools, like Cloud Security Posture Management (CSPM), that rely on point-in-time assessments need to catch up in detecting and mitigating active threats.

This session will address the distinction between static and active cloud risks, common tactics used in cloud attacks, and the 555 framework that sets a new standard in detecting, prioritizing, and responding to active cloud risks and threats.

Eric Carter
Eric Carter, Director, Product Marketing, Sysdig
Sponsor Track
Thursday, September 19, 2024 | 2:00 PM - 2:30 PM
From Partner to Predator: Navigating the Third-Party Ecosystem
Brian Meyer
Brian Meyer, Principal Security Consultant, Mandiant, now part of Google Cloud
Birds of a Feather
Thursday, September 19, 2024 | 2:30 PM - 2:50 PM
The Browser Context

In modern cybersecurity operations, analysts face overwhelming challenges, with thousands of alerts generated per day and a proliferation of tools that complicate their workflows. The process of triaging these alerts can consume hours, severely impacting the efficiency of incident response. Moreover, when an attack originates from a browser, it often leaves no traceable evidence, further complicating detection and investigation efforts. This highlights the urgent need for more integrated and efficient security solutions that can streamline alert management and improve visibility into browser-based threats.

Victor Monga
Victor Monga, Sr. Marketing Solutions Architect, Menlo Security
Sponsor Track
Thursday, September 19, 2024 | 2:30 PM - 3:15 PM
I Wish I'd Known This Before We Got Sued

Topic: Strategies for Safeguarding Legal Privilege in In-House Counsel
Narrative: Retaining legal privilege during cross-border incident response efforts presents unique challenges. When local laws fail to recognize privilege for in-house counsel, preserving it becomes paramount. Moreover, when incidents span multiple countries with inconsistent privilege rules, maximizing protections requires finesse. This program delves into practical dos and don’ts during litigation, drawing from real-world war stories shared by seasoned panelists and will cover: 

  • Preserving Privilege Amid Legal Ambiguity
  • Navigating Cross-Border Privilege Challenges
  • Dos and Don’ts During Litigation
  • War Stories from the Trenches

In conclusion, safeguarding privilege requires vigilance, adaptability, and a keen understanding of legal nuances. By learning from real-world scenarios, in-house and external counsel can fortify their privilege protections and navigate the legal landscape effectively.

Chris Bloomfield
Chris Bloomfield, Attorney, Eversheds Sutherland
Rachel Reid
Rachel Reid, Partner, Eversheds Sutherland
Ming Zhu
Ming Zhu, Senior Counsel, Google LLC
Third Party and Cyber Risk Management
Thursday, September 19, 2024 | 2:30 PM - 3:15 PM
Securing Artificial Intelligence (AI): A layered approach to protecting AI systems

In the era of rapid AI adoption, new AI systems are increasingly becoming targets for threat actors, thereby creating fresh gaps in cybersecurity posture management. This Deloitte talk underscores the importance of a multi-layer, 'secure by design' approach, offering comprehensive protection across all layers of AI systems. We'll delve into every facet of the AI system from the model and its supply chain, architected for MLOps, to data provenance, to the infrastructure and management planes. Discover how this cross-industry framework not only ensures compliance with industry standards but also provides a roadmap to navigate the rapidly shifting threat landscape, including how we've used it to augment Google's Vertex AI AI-as-a-Service platform. We invite you to join us and explore the inherent value of a 'secure by design' approach in fortifying enterprise-wide security and resilience against emerging threats.

David Caswell
David Caswell, Managing Director, Deloitte
Arnav Jain
Arnav Jain, Cyber Risk Manager, Deloitte & Touche LLP
Intersection of AI and Cybersecurity
Thursday, September 19, 2024 | 2:30 PM - 3:15 PM
Building Resilience: Healthcare Industry

The healthcare and life sciences (HCLS) industry has been under increasing levels of attack. We have seen a rapid rise in large system-wide disruptions in care due to ransomware and other destructive attacks. What began years ago as protected health information (PHI) data theft has now escalated into attacks that disrupt surgeries, divert patients from emergency care, and interrupt the drug supply. The threat landscape includes all sectors -- from payment and delivery, to medical devices and biologic drug development. In the face of these challenges, the industry is now thinking beyond attack avoidance towards resiliency in operations -- or as the President's Council of Advisors on Science and Technology (PCAST) noted in the recent Strategy for Cyber-Physical Resilience report. "the ability of a system to anticipate, withstand, recover from, and adapt to cyberattacks." In this panel, we will hear from security leaders across the industry about the current challenges, the cross-sector work that is underway, and what we can anticipate in the future to create a more resilient healthcare system.

Mike Kijewski
Mike Kijewski, CEO, Medcrypt
Bill Reid
Bill Reid, Advisor, Office of the CISO, Google
Charles Fracchia
Charles Fracchia, CEO, Black Mesa
Errol Weiss
Errol Weiss, CSO, Health-ISAC
Intelligence
Thursday, September 19, 2024 | 2:30 PM - 3:15 PM
Facing the Reality of Risk Prioritization in an AI World

Every security program regardless of maturity deals with resource limitations — personnel, time, budget, etc. — and can’t possibly address every potential risk in their environment simultaneously. But every program must still answer the questions, “Are we working on the right things?” and “Are we getting better?” In this presentation, PlexTrac Founder and CTO and security industry veteran Dan DeCloss will present strategies for harnessing contextual scoring of proactive security and threat intelligence data to prioritize remediation based on business impact. He'll present practical methods for scoring risk without relying on "black box" algorithms, how to leverage risk frameworks like NIST, Mitre ATTACK, and PCI, the role AI and threat intelligence play in prioritized remediation, and how to measure the overall effectiveness of proactive security efforts over time.

Daniel DeCloss
Daniel DeCloss, Founder / CTO, PlexTrac
Security Threats and Exploits
Thursday, September 19, 2024 | 2:30 PM - 3:15 PM
Metrics that Matter: How to Choose Cloud Security KPIs For Your Business

As cloud security operations mature within the organizations, implementing effective metrics is vital for measuring cloud security posture and operational readiness. Organizations often face challenges in tracking security metrics without incurring resource overheads.

This talk discuss examples of both potentially effective and ineffective metrics based on real-life experiences, tailored to various business scenarios and risk appetite. We will explores how to prioritize metrics that inform leadership and drive continuous improvement in cloud security posture. The session also introduces concepts like the Exploit Prediction Scoring System (EPSS) for prioritizing vulnerability remediation and Protection Level Agreements (PLAs) for building effective KPIs. The goal is to not only measure but enhance cloud security operations, empowering teams to identify cloud security metrics truly matter to their business.

Emma Yuan Fang
Emma Yuan Fang, Senior Manager, Senior Cloud Security Architect, EPAM Systems
Cloud Security
Thursday, September 19, 2024 | 2:30 PM - 3:15 PM
Red Teaming for AI

Will we reach a point where all text boxes are handled by a LLM? Even though most organizations are building on top of foundation models rather than trying to build their own. How can we build and maintain a security boundary with an intelligent system that can't really think? How do concepts like prompt injection, multi-stage exploits, SQLi, etc. mean to a loan application chatbot? What can a non-deterministic system do in a deterministic world?

Mandiant has exploited developer-assistance chatbots during its Red Team Assessments to gain privileges within a client environment. Its consultants have explored and bypassed protections built to restrict the scope of a financial services chatbot. How can these and other stories help improve the security of future applications built on top of GenAI and LLMs?

Brice Daniels
Brice Daniels, Senior Regional Leader, Mandiant, Google Cloud
Christopher White
Christopher White, Principal, Boston Consulting Group
Security Operations
Thursday, September 19, 2024 | 3:00 PM - 3:20 PM
Your Security Team's Force Multiplier: Mandiant Hunt and Managed Defense

Learn how Mandiant Managed Defense provides continuous monitoring and expert analysis to identify and mitigate threats in real-time. Discover how Mandiant Hunt proactively hunts for hidden adversaries within your environment, uncovering the threats missed by other detection mechanisms. Through real-world examples and case studies, we'll illustrate how these services complement your security team to strengthen your security posture and ensure your organization remains resilient in the face of evolving threats.

Ed Murphy
Ed Murphy, Group Product Manager, Google
Sponsor Track
Thursday, September 19, 2024 | 3:00 PM - 3:30 PM
Game On: Understanding Threat Intelligence Through Gamification
Roxey Davis
Roxey Davis, Conference Director, Cyberjutsu
Birds of a Feather
Thursday, September 19, 2024 | 3:15 PM - 3:45 PM
Afternoon Break
Thursday, September 19, 2024 | 3:30 PM - 3:50 PM
Securing AI: Frontline Lessons from the Customer Trenches

In an era where AI adoption is accelerating across industries, ensuring robust security for AI systems is crucial. Join us for a panel discussion featuring experts from across Google who'll share firsthand insights from their customer interactions. They'll delve into real-world examples of the security challenges organizations grapple with when deploying AI, the lessons they've learned, and practical tips to improve security of your AI models, applications, and data. Get a clear, comprehensive picture of AI security from the people who help our customers protect their valuable AI systems.

Bill Reid
Bill Reid, Advisor, Office of the CISO, Google
Naveed Makhani
Naveed Makhani, Group Product Manager, Google
Muhammad Muneer
Muhammad Muneer, Incident Response Consultant, Mandiant/ Google Cloud
Jessica Mulreany
Jessica Mulreany, Product Marketing, Google Cloud Security
Sponsor Track
Thursday, September 19, 2024 | 3:45 PM - 4:30 PM
From Manual Mayhem to AI-Powered SOC: How Generative AI is Revolutionizing Security Operations

Ditch the manual grind! Google Security Operations & Foresite unveil a revolutionary SOC powered by generative AI. This talk dives deep into empowering analysts & automating tedious tasks. Witness AI transform security:

  • Automated Threat Detection & Response: Generative AI triages alerts, prioritizes threats, & automates initial response, freeing analysts for high-impact investigations.
  • Enhanced Threat Hunting: Uncover hidden threats with AI-powered anomaly detection. Generative models can identify subtle patterns & entities invisible to traditional methods.
  • Streamlined Incident Response: Generate investigative playbooks & automate repetitive tasks, expediting incident resolution & reducing analyst workload.
  • Continuous Threat Intelligence: AI analyzes vast data sets to identify emerging threats & indicators of compromise (IOCs), keeping your defenses ahead of the curve.

This talk is a real world showcase of applications in practice.

Jeremy Hehl
Jeremy Hehl, Vice President, Business Development, Foresite Cybersecurity, Inc.
Intersection of AI and Cybersecurity
Thursday, September 19, 2024 | 3:45 PM - 4:30 PM
Offensive Cyber Counterintelligence: Approach Mapping the Strategic Targeting, Confrontation, and Neutralization of 21st Century Spies

Countering advanced persistent threats (APTs) and cyber threat actors (CTAs) has contextualized the ever-evolving landscape of counterintelligence (CI). Offensive cyber counterintelligence (OCCI) has clearly emerged as a critical component in the CI arsenal. A comprehensive understanding of OCCI’s effectiveness in addressing threats posed by APTs/CTAs remains elusive. This breakout aims to fill intelligence gaps in the digital threat landscape by examining the multifaceted variables and dynamics of OCCI. While OCCI is a crucial mechanism in the field of intelligence, there is a lack of research that systematically assesses the interplay between key variables influencing the efficacy of OCCI. What impact do attribution accuracy, operational timing, deterrence effectiveness, repercussions against the accused entity, and tactical adaptations have on the success of offensive cyber counterintelligence (OCCI) strategies against Advanced Persistent Threats (APTs) and Cyber Threat Actors (CTAs)? The breakout aims to provide nuanced insights that go beyond singular dimensions of CI. Further refining OCCI strategies will provide meaningful insight for policy decisions.

Benjamin Nixon
Benjamin Nixon, Intelligence Officer, Defense Intelligence Agency
Intelligence
Thursday, September 19, 2024 | 3:45 PM - 4:30 PM
ASPM from A to…M! Your Application Security Posture Management Crash Course

According to Gartner, 40% of companies developing proprietary applications will adopt an Application Security Posture Management (ASPM) solution by 2026. Why? Because with increasing cloud security complexity involving a multitude of scanners, languages, and frameworks, organizations are finding it more and more difficult to prioritize fixes amongst a sea of alerts. This lack of clarity leads to protracted risk windows. A survey conducted by the Cloud Security Alliance found that 18% of organizations reported taking more than 4 days to address critical vulnerabilities—with 3% exceeding two weeks. That’s too long for the well-being of your infrastructure, and that’s where ASPM can help. During the course of this session, we’ll take you through ASPM basics— what it is, who’s using it, how it differs from similar solutions (death by acronyms!), its benefits, the best-of-breed tools that can integrate with an ASPM solution, considerations and steps for implementing, and—what everyone’s buzzing about—how AI factors in to modern ASPM solutions.

Eyal Golombek
Eyal Golombek, Head of Product Growth, Dazz.io
Cloud Security
Thursday, September 19, 2024 | 3:45 PM - 4:30 PM
Securing AI Systems: Detecting and Stopping GenAI-Enabled Threat Actors

Generative AI has given defenders an edge, but it's also opened new avenues for enabling cyber threat actors to conduct phishing, social engineering, vulnerability research, and other abusive activities. A cross-team collaboration spent months tracking, defending and learning from threat actors attempting to abuse Google's AI systems; tactics that can ultimately work across different AI systems.

In our talk, we will discuss the types of abusive behavior seen from threat actors, including novel-AI TTPs that haven't been publicly shared before, like jailbreak prompts and prompt injection attacks. We'll then share actionable best practices for how enterprises can be proactive in detecting and stopping abuse and exploitation of their AI systems, based on these learnings.

Audience members will walk away with the knowledge of which implementations to prioritize within their environments to stay ahead of the curve and retain their edge.

Jonathan Looi
Jonathan Looi, Security Engineer, Google
Security Engineering
Thursday, September 19, 2024 | 3:45 PM - 4:30 PM
Turning Chaos into Privileges: Processing Attacker Data with AI

When conducting adversarial emulation engagements, making sense of all the data available to the attacker is THE biggest challenge. As a defender, if you don't know the needle in the haystack the threat actor will find even exists, how can you protect against it? How can you make sense of the vast amounts of structured and unstructured data to give yourself the advantage?

Data permeates the modern organization; structured data such as computer-readable output from tools and unstructured data; such as data from clients which is created by and for other employees. This data can be challenging to parse, process and understand from a security implication perspective but artificial Intelligence (AI) might just change all that.

Our presentation will focus on a number of case studies where we obtained unstructured data during our complex adversarial emulation engagements with global clients and how we processed this into structured data that could be used to better defend organizations using AI. We will showcase the lessons learned and key take-aways for other organizations and highlight other problems that can be solved with this approach both for red and blue teams.

Jay Christiansen
Jay Christiansen, Senior Manager, EMEA Red Team Lead, Mandiant, part of Google Cloud
Matthijs Gielen
Matthijs Gielen, Senior Consultant, Google Cloud / Mandiant
Security Operations
Thursday, September 19, 2024 | 3:45 PM - 4:30 PM
SAIF From Day One: Lessons from Securing AI

AI is advancing rapidly, and it is important that risk management strategies evolve along with it. To help achieve this evolution, Google introduced the Secure AI Framework (SAIF). Join us to learn the top risks and how SAIF evolves to offer a practical approach to addressing them. We will also cover how to implement it for popular scenarios.

Anton Chuvakin
Anton Chuvakin, Senior Staff Consultant, Google Cloud
Taylor Lehmann
Taylor Lehmann, Director, Security Engineering, Office of the CISO, Google
Security Threats and Exploits
Thursday, September 19, 2024 | 4:45 PM - 5:30 PM
Effective ROI: Practical Controls to Protect Against Impacts of Data Theft and Ransomware

Multi-faceted extortion via ransomware or data theft is a popular end goal for attackers, representing a global threat targeting organizations in all industries. These threats not only have a financial impact on organizations, but can also have long-lasting reputational and trust impacts. This presentation will focus on the core programmatic and technical controls that can not only protect organizations from these threats and risks, but also demonstrate a positive return on investment by better protecting the business.

The presentation will align scalable and actionable programmatic and technical controls that includes coverage for protecting and enhancing detections for:

  • Identities
  • Endpoints
  • Network Architectures
  • Remote Access Platforms
  • Trusted Service Infrastructure (TSI)

The presentation will also highlight common challenges organizations face when ransomware has been deployed, including prolonged downtime, coupled with unforeseen expenses for restoration and recovery. The presentation will demonstrate the proactive processes, architecture designs, and technical controls organizations should consider to ensure the timely and secure recovery of business operations.

Matthew McWhirt
Matthew McWhirt, Senior Practice Leader, Mandiant (Google Cloud)
Security Engineering
Thursday, September 19, 2024 | 4:45 PM - 5:30 PM
Standardizing a Privileged Access Model for a Multi-Cloud environment

Most organisations use more than one public cloud to deploy infrastructure (AWS,Azure,GCP etc.).Having a large distributed deployment opens up avenues for attackers to exploit, misusing the lateral movement paths and inter-dependencies between the clouds. Mandiant has observed attackers compromise entire cloud environments by performing token theft-replay, AiTM attacks. Such compromises often involve abuse of user accounts exposed to multiple clouds, permissions leak, lateral movement paths, trust relationships and integrations between the cloud service providers. This session will walk through Mandiant’s frontline experience of such attacker paths across multi-cloud and delve into the proposed architecture to secure the cloud. This is meant to eliminate attacker paths of lateral movement and privileged escalation. It adopts tiering model practices for segregation of resources, endpoints, accounts, and applies it consistently across multiple cloud platforms. The session delves into security configurations, monitoring and detection mechanisms to secure and harden critical assets across multi-cloud.

Rupanjana Mukherjee
Rupanjana Mukherjee, Principal Security Architect, Google Asia Pacific Pte. Ltd.
Jon Sabberton
Jon Sabberton, Senior Manager, Mandiant
Cloud Security
Thursday, September 19, 2024 | 4:45 PM - 5:30 PM
Unveiling Threat Actor Methods: Investigating Sandbox Artifacts and LNK-to-PDF Malware Delivery

In the landscape of cybersecurity, threat actors leverage deceptive techniques to orchestrate sophisticated attacks. This session explores the use of LNK, ISO and PEEXE files as a conduit to deliver hidden malware payloads while using PDF documents to trick the victim. By dissecting sandbox-generated artifacts for example in VirusTotal, we illuminate the strategies employed by adversaries, enabling practitioners to enhance threat detection and threat hunting methodologies to track this threats using artifacts generated during the execution of the initial payloads, helping with pivoting and hunting. We will see real examples of the PatchWork APT group and other crime groups.

Jose Luis Sanchez Martinez
Jose Luis Sanchez Martinez, Security Engineer, Google
Intelligence
Thursday, September 19, 2024 | 4:45 PM - 5:30 PM
The SIEM Isn't Dead: Comparing SIEMs and Data Lakes in Modern Cybersecurity

In an era where cyber threats are increasingly sophisticated, the need for security data collection and monitoring remains vital, but the SecOps landscape is evolving. This session offers a real and honest discussion about these shifting paradigms.

We'll delve into the strengths and weaknesses of SIEMs and data lakes, foundational components upon which your workflows are built, then cut through the marketing noise to explore how AI/ML are transforming SecOps, enhancing threat detection, and response capabilities. We'll provide insights into where these technologies are headed and how to position your organization today to take full advantage of them in the future.

The road to modernization is fraught with challenges. For those considering a SIEM or data lake migration, we'll discuss common pitfalls and effective strategies to navigate this complex process.

Attendees will walk away with a clear understanding of how to evaluate and choose the best solution for their organization's specific needs, whether it's a traditional SIEM, data lake, or hybrid approach. Step confidently into the next generation of cybersecurity with the tools and insights to outsmart evolving threats.

Fred Frey
Fred Frey, CTO, SnapAttack
Security Operations
Thursday, September 19, 2024 | 4:45 PM - 5:30 PM
Practical use cases for AI in Security Operations

Artificial intelligence (AI) is revolutionizing the way we approach security operations – allowing defenders to elevate their skills and boost productivity by accelerating threat detection, investigation, and response. AI isn’t a future concept: It’s here and available, with early user feedback showing that AI can reduce the time required for common analyst tasks such as triaging complex cases by 7x. In this session, we’ll dive into the real-world applications of AI in Security Operations with hands-on demonstrations and case studies.

Nimmy Reichenberg
Nimmy Reichenberg, Head of Security Operations Product Marketing, Google Cloud
Wendy Willner
Wendy Willner, Product Manager, Google
Intersection of AI and Cybersecurity
Thursday, September 19, 2024 | 4:45 PM - 5:30 PM
Fast Flux: Catching Universally Bad Behavior, Raspberry Robin

Threat actors like Raspberry Robin are known to conduct Fast Flux behaviors to hide their infrastructure. They quickly rotate a domain through numerous IPs across unique ASNs, which can make it harder for some defenders to find and block the infrastructure.

By focusing on IP / ASN diversity features (the number of unique ASNs/IPs a domain has been seen on over a specific period) and creating a simple domain regex filter for the 2-letter domain format used by Raspberry Robin for their infrastructure while bearing in mind the unique Name Server that they are known to use, we can easily create a ruleset that makes it possible for defenders to get lists of their domains that are Indicators of Future Attacks (IOFAs).

FastFlux behaviors create golden opportunities for defenders to hunt for IOFAs. In our research, we haven't found any legitimate enterprises that deploy FastFlux behaviors on their domains. Only threat actors are doing this. Silent Push has one of the only open data sets available for researchers that easily allow searching the open internet by IP / ASN diversity so that more threat analysts can dig through hosts doing these suspicious FastFlux DNS rotations.

Zach Edwards
Zach Edwards, Senior Threat Analyst, Silent Push
Security Threats and Exploits

Filter by

Reset

Tuesday, September 17, 2024 | 8:00 AM - 10:00 AM
Blurred (Identity) Lines: Encryption in Cloud and Impact on Security and Data

Cloud Encryption is seen as a valuable component of a robust data security strategy. But what does cloud encryption actually offer in terms of security? Cloud Encryption has multiple different types including Cloud Service Provider Managed and Customer Managed. Depending on the type - the security offered can range from another robust layer of access control to a false sense of security. In this talk, we’ll cover the following:

  • Types of encryption (such as CSP Managed, Customer Managed)
  • Default encryption for services in cloud.
  • How cloud encryption impacts data perimeters.
  • How cloud encryption translates into and impacts cloud identity and access management.
  • Best practices and considerations for how to implement cloud encryption and data security in cloud.
Jason Kao
Jason Kao, Founder, Fog Security
Cloud Security
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Navigating the SEC Cyber Rule: Exercising to drive compliance

In the world of cybersecurity, staying compliant with the SEC Cyber rule is a top priority. But what does this mean for your company's cyber security efforts?

In this session, we'll delve into the impact of the SEC Cyber rule on your organization's cyber security strategy, process, and governance. But that's not all. We'll also explore the vital role that conducting robust ransomware exercises plays in refining your incident and annual disclosures.

Not only will we address the operational aspects of disclosure, but we'll also highlight how executive and board-level involvement is crucial in refining your cyber disclosures. Collaboration between roles tht have different perspectives, such as CISO, CIO, GC, and CFO, is essential when it comes to addressing ransomware incidents, ensuring effective cyber disclosures, and when to discuss these critical issues with the board.

Don't miss out on this opportunity to gain valuable insights, enhancing your understanding and impact of the SEC Cyber rule and enabling you to confidently address ransomware incidents and drive effective cyber disclosures.

Matt Gorham
Matt Gorham, Senior Managing Director, PwC
Security Operations
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Long Live: Effects of the Longtail of Dwell Times

The cybersecurity industry celebrates the reduction of dwell times. The latest M-Trends report states the global median dwell time is 10 days; however, more than 10% of incidents investigated had dwell times of more than 6 months—with some at over 5 years. In this session we will discuss the motivations and tactics behind attacks with various dwell times, and the impact these attacks can have on organizations. Guidance will be provided for how to hunt for these types of intrusions, as well as steps to take to temper these squatters.

Kirstie Failey
Kirstie Failey, Principal Threat Analyst, Mandiant, Google Cloud Security
Kerry Matre
Kerry Matre, Head of Mandiant PMM, Mandiant, Google Cloud
Security Threats and Exploits
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Geopolitical Catalyst - How the Russia-Ukraine War has changed the Hacktivist Landscape

Hacktivism has been present in the threat landscape for decades but since 2022 it has significantly changed to geopolitical motivated activity. This presentation provides understanding of the hacktivist landscape and provides some innovative methodologies to track and monitor the threat landscape. This talk will explore what the geopolitical catalyst was for the shift in Hacktivist activity. How hacktivism has changed. What type of attacks we see and the type of groups using them. What the overall intent and motivations of the Hacktivist groups are. It will explain that Hacktivist activity and information operations are largely entwined. It will explain a new methodology on how to track and monitor Hacktivist groups, by putting them into categories - with four key ones being presented. This talk will challenge traditional views on cyber threats, by shifting the focus from technical indicators and capability to looking at intent to drive analysis. Many organizations are struggling to understand how to view hacktivism in terms of the threat landscape, this talk aims to clarify misconceptions and provide clearer understandings of the Hacktivist threat landscape.

Davyn Baumann
Davyn Baumann, Senior Analyst, Mandiant, Google Cloud
Intelligence
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Weaponized Convenience: Inside the Rise of Remote Tool Abuse

In an era of remote work and distributed IT environments, remote administration tools (RATs) and remote monitoring and management (RMM) tools have become indispensable for system admins and managed service providers (MSPs). However, the same features that make these tools efficient also make them attractive targets for malicious actors. Advanced threat actors are increasingly leveraging legitimate RATs and RMMs to gain unauthorized access to networks, bypassing traditional security controls and evading detection.

This presentation will provide an overview of the growing trend of weaponized remote access. Attendees will be guided through compelling real-world examples, dissecting the tactics, techniques, and procedures (TTPs) employed by adversaries to leverage these tools for malicious purposes. Furthermore, actionable insights will be provided, empowering organizations to enhance their detection capabilities and fortify their defenses against such sophisticated attacks. By understanding the evolving threat landscape and implementing effective countermeasures, attendees will be better equipped to safeguard their systems and data from the perils of weaponized remote access.

Fernando Tomlinson
Fernando Tomlinson, Technical Manager, Incident Response, Mandiant/ Google Cloud
Nader Zaveri
Nader Zaveri, Senior Manager - Incident Response & Remediation, Mandiant/Google
Security Threats and Exploits
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Developing Effective SOC Capabilities using a Knowledge-Based Approach to People, Processes, and Technology

Preventing, detecting, and responding to cybersecurity events increasingly depends on an organizations ability to match security operations needs with the correct people, process, and technology requirements. At the heart of this dependency is the robust, mature, and capable Security Operations Center (SOC). However, existing cybersecurity frameworks are limited and not designed for developing capable, effective SOCs. This is because there is no single approach to SOC development. Organizational needs are unique and therefore the roles, services, and tools needed for the SOC to support organizational mission and goals must also be unique. Developing or improving a SOC is a process which must be flexible. To assist organizations is this process, the SEI has developed OSCAR, the Ontology for SOC Creation Assistance and Replication. OSCAR is a structured knowledge base developed using description logics which organizes SOC knowledge in to 5 domains and more than 80 classes. Built based on interviews with SOC experts and years of institutional knowledge and experience, OSCAR provide new perspectives on SOC development and a new tool for teams to use when developing SOC capabilities.

Justin Novak
Justin Novak, Senior Security Operations Researcher, SEI
Security Operations
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Cyber Threat Simulation & Emulation - An Intelligence Use Case

Cyber Threat Simulation vs. Emulation: A Comparative Overview

Cyber Threat Simulation

  • How it works: Simulates realistic attack scenarios within a controlled environment. This often involves deploying software agents or scripts that mimic the behaviors and techniques of real-world threats.
  • Focus: Primarily assesses the effectiveness of existing security controls, incident response procedures, and employee awareness.
  • Benefits: Safely tests defenses without risking damage to production systems. Provides valuable insights into potential weaknesses and areas for improvement. Offers a training ground for security teams to practice response and mitigation strategies.

Cyber Threat Emulation

  • How it works: Replicates the specific behaviors and characteristics of known malware, specific attacker groups or attack tools.
  • Focus: Deeper analysis of specific threats to understand their capabilities, propagation methods, and potential impact.
  • Benefits: Allows for in-depth threat research and analysis. Aids in the development of more targeted detection and mitigation strategies. Can help assess the effectiveness of specific security products against known threats.
Robert Feeney
Robert Feeney, Principal Cyber Consultant, Mandiant
Hatem Mohamed
Hatem Mohamed, Senior Red Team Consultant, Google Cloud - Mandiant, Google
Intelligence
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
The Good, the Bad, and the “What the Hell Were you Thinking': Clarifying the Rules of Engagement when Working with Managed Service Providers

Managed Service Providers (MSPs) play a pivotal role in modern IT supply chains. However, law enforcement agencies, including the FBI and the Cybersecurity & Infrastructure Security Agency (CISA), have repeatedly warned about the increasing focus of cybercriminals on MSPs. Given their ubiquitous access to client networks and industry-specific vulnerabilities, MSPs have rapidly become a target of choice for threat actors.

In this session, we will delve into the cybersecurity risks associated with outsourcing to an MSP and what your organization can do to mitigate these risks. By highlighting real-world incidents, we’ll review how organizations have been victimized, the key lessons learned (for both the client and MSP), and the essential steps to address similar attacks. By the end of this session, participants will have gained valuable insights into establishing clear rules of engagement and aligning ongoing security expectations with their MSP. This session is essential for both MSPs and the organizations that use them, as it emphasizes the importance of collaboration to ensure a resilient and secure IT environment.

Brian Horton
Brian Horton, Founder, Managing Director, Breadcrumb Cybersecurity
Third Party and Cyber Risk Management
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Security Controls: Stupid but Important

Application teams often have to navigate a complex web of security teams and requirements in order to launch a secure and compliant solution. Once the solution has been launched, the teams have to survive audits and maintain the security of the application while keeping up with changing requirements and implementations, all while working hard to run and grow their business.

While regulatory complexity is a large contributor to the challenge, it can be further exacerbated by the lack of a clear, well lit path provided by legal, compliance, and security teams. Application teams often receive conflicting requirements and priorities from various teams, or follow a path that leads to them launching a solution that is security, but not compliant, or vise-versa? Security teams are often frustrated with the focus on compliance requirements, rather than leveraging them to meet shared goals.

Russ Ayres (Equifax) and Derek Coulson (Mandiant) will review how Equifax simplified its control requirements framework to help internal customers navigate security requirements more easily and enable proper auditing scoping and response using the Equifax Security Controls Framework.

Derek Coulson
Derek Coulson, Technical Leader, Mandiant
Russ Ayres
Russ Ayres, SVP Cyber, Deputy CISO, Equifax
Next Gen CISO
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Tales of Cloud Compromise: Lessons Learned from Mandiant Investigations in 2023

Mandiant's front-line experiences in incident response reveal common overlooked areas leading to cloud compromises. Drawing on numerous technical case studies, we cover patterns and offer strategies to fortify cloud environments: 1) Living off the Land (in the Cloud): We observe that intrusions often stem from traditional on-premise systems like Active Directory, VMware infrastructure, and MDM/EDR tools. Our discussion will delve into how these platforms can be safeguarded to prevent such incidents. 2) Extended Attack Surface: Cloud and hybrid environments naturally extend organizational attack surfaces. This section will explore the challenges posed by inadequate controls, the sprawl of credentials and the array of tools attackers utilize to exploit these vulnerabilities. 3) Third-Party Access: 2023 has seen a significant rise in incidents involving third parties and Managed Service Providers. We'll tackle the critical question: How can organizations continue to engage third parties without compromising their security posture? We will also cover proactive defense strategies and robust incident response capabilities to protect and react swiftly to threats within cloud environments.

Will Silverstone
Will Silverstone, Senior Consultant, Mandiant
Omar ElAhdan
Omar ElAhdan, Principal, Mandiant/Google Cloud
Cloud Security
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Build a High Value Quantitative Risk Management Program on a Budget

Delve into the trenches with a pragmatic guide to implement quantitative risk management. Gain knowledge of methods for quantitative program design that comprise risk primitives, analysis approach, and workflow design. Risk primitives such as capacity, appetite, tolerance, and KRIs are described. Understand what modifications can be made to simplify operational use of FAIR for first timers and how to embrace Python and R for analysis with an open source approach. Be empowered to address workflow challenges using a simplified approach to the entire risk lifecycle from assessment intake and management to modeling and reporting output and finally risk decisions with trending and ROI analysis. Additionally, learn implementation and operation of the program design through people, process, and technology. Finally, close the gap for the last mile of transition to quant risk management and learn how to communicate and report risk from the boardroom to the team room.

Tim Anderson
Tim Anderson, VP of Compliance and Risk, ID.me
Matthew Harding
Matthew Harding, Dir, Risk Management, ID.me
Third Party and Cyber Risk Management
Tuesday, September 17, 2024 | 11:00 AM - 11:45 AM
Secure Remote Identity Verification in the Era of Generative AI

In the digital era, safeguarding remote identity verification is critical. Inherence-based security factors are the most trusted way of verifying users whether they’re customers or the workforce, but deepfakes and synthetic media pose significant challenges. To combat deepfake attacks, science-based biometrics as a service can enable remote identification for customers and workforce that is reliable, easy to administer, and almost effortless to use. This should start at onboarding and continue at risk-based inflection points throughout the identity lifecycle. This talk will explore challenges to enabling remote identity across the enterprise and share best practices from customers in the most security conscious organizations around the world By understanding the implications of generative AI on remote identity verification, organizations can develop effective strategies to ensure the security and integrity of their remote identity verification systems, protecting against deepfakes and other synthetic media-based attacks, and maintaining user trust and privacy.

Andrew Bud
Andrew Bud, CEO & Founder, iProov
Intersection of AI and Cybersecurity
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
Evolving Fraud Landscape: Trends, Tactics, and Tools for Staying Ahead

The fight against online fraud is a relentless arms race, constantly evolving with new threats and sophisticated tactics. This session will provide a deep dive into the latest trends in bot attacks, account takeovers, payment fraud, and SMS toll fraud. We'll uncover the evolving tactics used by fraudsters, from advanced automation and AI-powered attacks to social engineering and phishing schemes.

You'll gain actionable insights into building a robust fraud defense strategy that adapts to the dynamic threat landscape. We'll cover best practices for detection, prevention, and mitigation, including leveraging machine learning, behavioral analytics, and real-time risk assessment. We'll also discuss the importance of layering security measures and staying ahead of the curve through continuous monitoring and adaptation.

This session will equip you with the knowledge and strategies to proactively combat fraud, protect your customers, and safeguard your bottom line.

Josue (Sway) Fontanez
Josue (Sway) Fontanez, Product Manager, Google Inc.
Cloud Security
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
Leverage Your Threat Intel Providers and Gain a Competitive Advantage!

Digital transformation not only fundamentally changed the way we work, but it’s also expanded the current threat landscape exponentially. Today’s enterprise attack surface is dynamic, transitory, and has far more available for attackers to target than ever before, making it even harder to defend against threats. How can you leverage your threat intel and make it a competitive advantage?

Join Erin Joe, Office of the CISO at Google Cloud and former SVP at Mandiant as she discusses today’s threat landscape and the role threat intelligence plays in securing vulnerabilities in your attack surface with partners, Ryan Whelan, Managing Director and the Global Head of Cyber Intelligence at Accenture Security; and Michael Leland, Chief Cybersecurity Evangelist at SentinelOne.

Erin Joe
Erin Joe, Senior Executive, OCISO, Google Cloud
Michael Leland
Michael Leland, Chief Cybersecurity Evangelist, SentinelOne
Ryan Whelan
Ryan Whelan, Managing Director, Accenture
Intelligence
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
Addressing Security Threats with Enhanced Caller Verification Methods

Explore the critical vulnerabilities of IT Help Desks and Call Centers. Learn how to address the alarming trend of security breaches stemming from insufficient authentication practices. Organizations apply Multi-Factor Authentication (MFA) to their online and mobile experiences, while leaving the IT Help Desk protected only by weak security questions. This is comparable to locking the front door while leaving the window open. Bad actors have noticed the open window of the IT Help Desk in a BIG way this year, using it as an entry point for breaches. Learn from real-world breaches, discuss existing security gaps, and discover how to effectively apply cybersecurity strategies specifically to IT Help Desks and Call Centers to reduce risks and operational costs. Key points: Introduction to IT Help Desk Vulnerabilities Identifying the Challenges with Traditional Verification Methods Real-World Consequences of Inadequate Security Exploring secure caller verification methods Q&A session

Tracey Nyholt
Tracey Nyholt, CEO and Founder, TechJutsu
Security Threats and Exploits
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
Threat Modeling as a Fitness Function: Iteratively Improving the Security Posture of your Software

Threat modeling is a key technique that is used to analyze what could go wrong in a given software architecture. More often than not, the main output of a threat modeling exercise is a list of mitigations for how to ensure that “what could go wrong” actually “doesn’t go wrong”. While critical, this process can be so much more. By fostering collaboration between security and product teams, threat modeling can strengthen relationships, build trust, and ultimately enhance your software's security. In this talk we outline how threat modeling can be used as a fitness function to iteratively improve the security posture of the software you are building. Instead of doing one shot threat models to enumerate and mitigate threats, we outline a new model where threat modeling takes input from a wide variety of other sources, ranging from threat intelligence to software development artifacts, and produces outputs in the form of mitigations, vulnerability research, and detections. We’ll then show how to tie these inputs and outputs into a feedback loop that improves the security posture of your organization over time while also building trust and better working relationships between teams.

Matt Shelton
Matt Shelton, Security Engineering Manager, Mandiant, Google Cloud
Security Engineering
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
Wholesome Hashes for a DNS Breakfast: How to Chew Through Adversary Automation

In this day and age, malicious threat actors and APTs are leaning ever harder on AI and automation to speed up and obfuscate their operations. By utilizing hashes created from content, headers, SOA records, Name servers, and more, threat hunters can uniquely identify both the characteristics of malicious infrastructure that is unlikely to change and that which is changing rapidly. Both of which can be of critical value for defenders.

Automatically generated phishing pages with minor, target-specific changes can be found en-masse, rapidly rotating infrastructure can be picked out like the blinding eyesore it is, and seemingly innocuous infrastructure can be caught hiding amongst the sheep so that the wolves never get (or stay) in the fence line.

This talk will cover (in depth) how our threat hunters have utilized hashes, fuzzy hashes, and similarity searches to protect our clients and mitigate attacks before they are launched. Case studies will include 1 or 2 of the following: Scattered Spider, Latrodectus, Prolific Puma, SocGholish, Duke Eugene’s Android Malware, Meduza Stealer, as well as the malicious fake trading apps that we’re tracking via this method.

Kasey Best
Kasey Best, Director of Threat Intelligence, Silent Push
Security Operations
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
Unlocking eBPF: The Future of App and Data Security

In an increasingly sophisticated era of cyber threats, having complete visibility into applications, API, and data is paramount. However, enterprises have their applications running across hundreds of hosts in multiple subdomains and building an inventory of such apps and data flows is very difficult, if not impossible.

Enter eBPF (Extended Berkeley Packet Filter), a revolutionary technology that extends the capabilities of the Linux kernel, enabling real-time visibility into running apps regardless of their language and framework.

This talk explores the transformative power of eBPF in modern security engineering. Attendees will learn how eBPF's dynamic tracing and filtering capabilities provide unparalleled visibility into application, data flow, and API behaviour, allowing for proactive vulnerability detection and risk assessment.

Discover how integrating eBPF into your security strategy can safeguard your applications and data against evolving cyber threats, ensuring robust and resilient protection for your digital assets. Join us to unlock the full potential of eBPF and step into the future of app and data security.

Kiran Sama
Kiran Sama, Staff Security Engineer, Coupang
BUCHI REDDY BUSI REDDY
BUCHI REDDY BUSI REDDY, CEO, Levo, Inc
Security Engineering
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
The Cloud Security Paradox: Secure Cloud, Insecure Use?

The cloud is secure, right? Well, yes and no. Cloud providers invest heavily in security, largely exceeding what most organizations can achieve on their own. Yet, headlines scream of cloud breaches and leaks. What gives? The truth is, cloud security isn't merely a shared responsibility; it's a shared opportunity. The "customer's fault" narrative is too simplistic. It's not just about misconfigurations (though those are a major problem). It's about a fundamental disconnect between the cloud's potential for security and the realities of how organizations use it. In this talk, we'll dive into this paradox. We'll explore:

  • The Myth of "Set It and Forget It": Why cloud security requires ongoing vigilance and adaptation, not just ticking boxes.
  • The Shared Responsibility Model and Shared Fate: What you're truly responsible for, where the cloud provider steps in, and where you have to work together.
  • Secure by Design, Insecure by Default?: How to leverage cloud-native security features and avoid common misconfigurations.
Anton Chuvakin
Anton Chuvakin, Senior Staff Consultant, Google Cloud
Cloud Security
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
Threat Modeling at Scale: From One to Many

In an ever-evolving threat landscape, organizations must proactively identify and mitigate security risks to safeguard their assets. This talk presents a practical roadmap for initiating and maturing threat modeling capabilities within an organization. We begin by demystifying threat modeling, emphasizing its role as a proactive risk management strategy rather than a reactive response to incidents. We outline a structured approach to introduce threat modeling, starting with identifying critical assets, defining scope, and conducting modeling exercises. Recognizing that threat modeling is an ongoing journey, we explore strategies for maturing capabilities over time. We delve into integrating threat modeling into the SDLC, fostering collaboration between security and developers, and continuously refining the modeling process based on lessons learned and emerging threats. This talk is designed for security professionals, developers, and decision-makers seeking actionable guidance on building a robust threat modeling program.

Dylan Marcoux
Dylan Marcoux, Principal Consultant, Mandiant
Timothy Watkins
Timothy Watkins, Senior Consultant, Mandiant
Intelligence
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
Generative AI Cyber Incident Response Tabletop Exercise

Join April Mardock, CISO for Seattle Public Schools, as she teaches how to run a cyber incident response tabletop session with the help of Generative AI.

April will provide both a tabletop session that you can participate in dynamically, as well as teach you how to lead your own tabletop, and tune the exercise for your organization's strengths and weaknesses.

April Mardock
April Mardock, Ciso, Seattle Public Schools
Next Gen CISO
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
From Job Interview to Crypto Heist: How North Korea sponsored threat actor stole crypto currencies

This talk exposes a sophisticated cyber-espionage campaign orchestrated by a North Korean threat actor targeting a cryptocurrency company. Threat actor tactics, techniques, and procedures (TTPs), that inclued social engineering to gain initial access, in-depth source code reviews, and exploitation of a logical vulnerability that resulted in the exfiltration of millions of dollars worth of cryptocurrency.

Through the lens of real-world investigations, the threat actor's motivations and the broader implications of their activities will be analysed. Furthermore, this talk will shed light on the lack of robust security monitoring in cloud environments, a critical factor that contributed to the success of this attack. The importance of implementing comprehensive security measures in cloud infrastructures to mitigate the risk of similar attacks in the future will also be discussed. Attendees will gain valuable insights into the evolving landscape of cyber threats, and the vulnerabilities often present in cloud environments.

This knowledge will empower organizations to better understand and defend against sophisticated cyber attacks targeting their valuable digital assets.

Yi Han Ang
Yi Han Ang, Senior Consultant, Mandiant
Sun Pu
Sun Pu, Security Consultant, Google Cloud - Mandiant
Security Operations
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
Leveling Up: Empowering Security Operations with AI

The year was 2023, and AI was everywhere. While consumers used Generative AI to help them with a variety of tasks, from image generation to helping them write emails or term papers, vendors were detailing their ever-evolving plans to add some type of AI to their existing solutions. The ideas ranged from the obvious, embedding it into spreadsheets, workbooks, search engines, and image editors, to the mind boggling, such as AI powered shoes, cat pain detectors and even AI powered toothbrushes. But what about cybersecurity, and security operations in particular? We all know the surveys that tell SecOps teams feel pressured, isolated, and eventually, burn-out, but analysts are often our first line of defense. We understand that detection can be hard, and rule writing takes several iterations to optimize results. Threat hunting is like looking for a needle in a pile of needles. AI promises a great leap forward in efficiency, and practicality. In this presentation, we will examine how AI can supercharge your security operations teams to drive these efficiencies and greater productivity, leading to better and faster detections, efficient analysis of threats, and rapid threat hunting.

Mike Epplin
Mike Epplin, Security Advisor, Google Cloud Security
Intersection of AI and Cybersecurity
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
The Data Must Flow: An Analyst-First Perspective on the Next Age for SOCs

As data flowing into security operations centers has exponentially increased, analysts are increasingly tasked with scaling far beyond the level their tools and organizational design allow. With the era of "new" AI at our doorstep, we risk further burying our SOC analysts in more and more "data" to sift through. In an effort to combat this, we'll attempt to layout an analyst-first perspective for the new SOC that must rise to meet this challenge - one in which the human behind the analysis is the fulcrum for this new AI-assisted leverage, rather than an inconvenience to be replaced.

To accomplish this, we focus our attention and technology on amplifying the core work products of analysts while using automation to drive the machine - ensuring that every piece of analysis flows back into the system, lightening the load for future analysts and establishing an institutional "SOC memory" which new analysts can seamlessly leverage in their daily efforts.

Austin Baker
Austin Baker, Senior Staff Security Engineer, LinkedIn
Intersection of AI and Cybersecurity
Tuesday, September 17, 2024 | 1:30 PM - 2:15 PM
RaaS is Dead, Long Live RaaS: Evolution and Resilience in the Ransomware Landscape

Ransomware is evolving, challenging old paradigms and reshaping power dynamics. Our talk, "RaaS is Dead, Long Live RaaS," explores the shift from a hierarchical Ransomware as a Service (RaaS) to a decentralized model where affiliates gain autonomy. RaaS platforms, adapting to this change, now offer better incentives and support to attract skilled affiliates. We'll discuss how law enforcement crackdowns and the rapid advancement of hacking techniques have catalyzed these changes.

The presentation will also examine the ransomware industry's resilience and innovation, considering the implications for cybersecurity defenses. We aim to provide insights into the adaptability of digital extortion and its impact on future security strategies. Join us for a detailed look at the ransomware market's transformation and what it signifies for the fight against cybercrime.

John Fokker
John Fokker, Head of Threat Intelligence, Trellix
Security Threats and Exploits
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Lessons Learned from the Summer of Supply Chain Attacks

This panel will discuss the record-breaking number of supply chain attacks in the summer of 2023, highlighting key incidents such as 3CX, MOVEit, and Barracuda. The panel will discuss lessons learned, emerging trends, increased global cooperation and the shift in government expectations. The panel will address cyber preparedness and risk tolerance. The panel will offer thoughts on minimizing legal exposure, cyber reporting obligations, and handling threat actor communications, especially if company officials or family member are approached or threatened. Finally, the panel will discuss how cyber investigators can approach multi-cloud environments despite the many challenges these types of investigations present and how they can enhance incident response in complex environments. The panel will discuss the need for enhanced data protection and methods for enhancing security posture and incident preparedness. The panel will also address how the increase in supply chain attacks affected the way a company and counsel think about risks as well as the need to understand legal, regulatory, and contractual requirements in a complex environment.

Erin Joe
Erin Joe, Senior Executive, OCISO, Google Cloud
Lyn Brown
Lyn Brown, Of Counsel, Wiley Rein
Jennifer Burnside
Jennifer Burnside, Practice Leader, Crisis Communications, Google Cloud Security
Josh Waldman
Josh Waldman, Associate, Wiley Rein LLP
Third Party and Cyber Risk Management
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Looking Around Corners and Defending Against 'the security hotness'

Cybersecurity defenders face a constant challenge: balancing the need to adopt innovative technologies with the imperative to protect their organizations. Recent examples like Supply Chain Security, Large Language Models, and Generative AI highlight the tension between business demands and security concerns.

This talk presents a practical framework for evaluating and integrating new technologies into existing security programs and risk registers. We will address key decision points for ensuring safe and productive implementation within an organization. Attendees will learn how to:

  • Cut through the hype cycle and assess new technologies objectively.
  • Identify potential risks and develop mitigation strategies.
  • Communicate effectively with stakeholders, including CIOs, about the benefits and challenges of new technology adoption.
  • Make informed decisions that enable innovation while maintaining security.

By the end of this talk, attendees will be equipped to confidently navigate the introduction of new technologies without compromising their organization's security posture.

Taylor Lehmann
Taylor Lehmann, Director, Security Engineering, Office of the CISO, Google
Tim Crothers
Tim Crothers, Director, Office of the CISO, Google Cloud, Google
Next Gen CISO
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Cloudpocalypse? Nah, We've Got This: Mastering Cloud Incident Response

Does your incident response plan account for the complexities of the cloud? This session empowers security professionals to seamlessly integrate cloud security considerations into their existing response strategy. We'll unveil the critical importance of a cloud-aware incident response plan and explore the unique challenges it presents. Dive deep into cloud-specific procedures for containment, eradication, and recovery, ensuring you're prepared for any cloud-borne threat. Next, we'll delve into the power of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) for advanced cloud incident response. Discover how these tools can streamline detection, investigation, and remediation, saving you valuable time and resources. The session concludes with practical guidance on building a robust cloud-aware incident response plan. Learn how to identify cloud-specific risks, define roles and responsibilities, and map out clear response workflows. We'll even explore the importance of conducting effective tabletop exercises to test your plan's efficacy and ensure your team is prepared to handle any cloud security incident with confidence.

Andras Borbely
Andras Borbely, Technology Solutions Consultant, Google Cloud Security
Cloud Security
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Red Teaming for AI

Will we reach a point where all text boxes are handled by a LLM? Even though most organizations are building on top of foundation models rather than trying to build their own. How can we build and maintain a security boundary with an intelligent system that can't really think? How do concepts like prompt injection, multi-stage exploits, SQLi, etc. mean to a loan application chatbot? What can a non-deterministic system do in a deterministic world?

Mandiant has exploited developer-assistance chatbots during its Red Team Assessments to gain privileges within a client environment. Its consultants have explored and bypassed protections built to restrict the scope of a financial services chatbot. How can these and other stories help improve the security of future applications built on top of GenAI and LLMs?

Brice Daniels
Brice Daniels, Senior Regional Leader, Mandiant, Google Cloud
Christopher White
Christopher White, Principal, Boston Consulting Group
Security Operations
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Supercharge Your Frontlines: Purpose-Built CTI for IR & SOC Success

This presentation examines a Cyber Threat Intel (CTI) team designed to integrate seamlessly with Incident Response (IR) and Security Operation Center (SOC) teams based on real world experiences from Mandiant’s Advanced Practices team. CTI provides organizations with context needed to understand adversaries, their tactics, and the industry or assets they target. Attendees will gain insight to help develop a CTI function of value to frontline defenders.

Key insights:

  • Action: Identify intel directly enhancing IR and SOC operations
  • Structure: Outline CTI team roles & skills needed to support frontline operations
  • Insights: Translate data into actionable intel 
  • Integration: Embed workflows & outputs into IR playbooks and SOC alert triage
  • Peril: Lessons from 15+ years of frontline CTI support

Attendee takeaways:

  • A CTI team blueprint, purpose-built for frontline operations
  • Methods to ensure output is timely, relevant, and actionable
  • Seamless frontline services integration strategies
  • Benefit from years of frontline CTI support experience

Ideal Audience: Security leads, CTI managers, SOC analysts & incident responders interested in maximizing CTI value

Nick Richard
Nick Richard, Senior Manager, Mandiant, now part of Google Cloud
Security Operations
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Securing Artificial Intelligence (AI): A layered approach to protecting AI systems

In the era of rapid AI adoption, new AI systems are increasingly becoming targets for threat actors, thereby creating fresh gaps in cybersecurity posture management. This Deloitte talk underscores the importance of a multi-layer, 'secure by design' approach, offering comprehensive protection across all layers of AI systems. We'll delve into every facet of the AI system from the model and its supply chain, architected for MLOps, to data provenance, to the infrastructure and management planes. Discover how this cross-industry framework not only ensures compliance with industry standards but also provides a roadmap to navigate the rapidly shifting threat landscape, including how we've used it to augment Google's Vertex AI AI-as-a-Service platform. We invite you to join us and explore the inherent value of a 'secure by design' approach in fortifying enterprise-wide security and resilience against emerging threats.

David Caswell
David Caswell, Managing Director, Deloitte
Arnav Jain
Arnav Jain, Cyber Risk Manager, Deloitte & Touche LLP
Intersection of AI and Cybersecurity
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Versus Killnet

The infamous Russian hacktivist group, Killnet, operated as a rabid cyber army, orchestrated by a select few to create chaos and inflict harm. Despite its notoriety, investigating the true operators behind Killnet proved to be a significant challenge, given its checkered history and inconsistent behavior. However, through an in-depth investigation and direct confrontation with the gang, we shed the veil of secrecy shrouding the group and will share a compelling personal account detailing how we disrupted Killnet, plunging it into a death spiral. Our strategy to dismantle this cyber army hinged on identifying a critical vulnerability – its connection to the Russian illegal drug marketplace - Solaris. By exposing this nefarious link and diverting proceeds from the Russian drug operation to support a Ukrainian charity, we triggered widespread questioning of Killnet's leadership and actions. This created an instability and within the group and beyond, ultimately leading to loss of support of the Russian government and breaking of financial ties. As of the beginning of this year, Killnet changed drastically, leaving behind remnants of a group once synonymous with disruptive hacktivism.

Alex Holden
Alex Holden, Chief Information Security Officer, Hold Security, LLC
Security Threats and Exploits
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
How GenAI is Shifting the Defender Landscape

Generative AI is shifting the defender landscape‚ from how practitioners do their job, to the user experience of the tooling, to how we think about securing AI workloads in the cloud. In this session, Google Cloud Security leaders will surface insights from conversations with CISOs, the latest Mandiant research, and Google DeepMind innovations to elucidate macro trends seen at the intersection of security and AI and what they mean for your organization. At a time when 88% of organizations have a difficult time investigating and responding to threats in a timely manner, you will also gain an understanding of real-world use cases for how AI is evolving the security lifecycle to be semi-autonomous, so defenders gain and maintain the upper-hand as threats continue to evolve.

Steph Hay
Steph Hay, Sr Director UX, Google Cloud
Umesh Shankar
Umesh Shankar, Chief Technologist, Google Cloud Security
Intersection of AI and Cybersecurity
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Building Resilience: Healthcare Industry

The healthcare and life sciences (HCLS) industry has been under increasing levels of attack. We have seen a rapid rise in large system-wide disruptions in care due to ransomware and other destructive attacks.  What began years ago as protected health information (PHI) data theft has now escalated into attacks that disrupt surgeries, divert patients from emergency care, and interrupt the drug supply. The threat landscape includes all sectors -- from payment and delivery, to medical devices and biologic drug development. In the face of these challenges, the industry is now thinking beyond attack avoidance towards resiliency in operations -- or as the President's Council of Advisors on Science and Technology (PCAST) noted in the recent Strategy for Cyber-Physical Resilience report. "the ability of a system to anticipate, withstand, recover from, and adapt to cyberattacks." In this panel, we will hear from security leaders across the industry about the current challenges, the cross-sector work that is underway, and what we can anticipate in the future to create a more resilient healthcare system.

Mike Kijewski
Mike Kijewski, CEO, Medcrypt
Bill Reid
Bill Reid, Advisor, Office of the CISO, Google
Charles Fracchia
Charles Fracchia, CEO, Black Mesa
Errol Weiss
Errol Weiss, CSO, Health-ISAC
Intelligence
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Facing the Reality of Risk Prioritization in an AI World

Every security program regardless of maturity deals with resource limitations — personnel, time, budget, etc. — and can’t possibly address every potential risk in their environment simultaneously. But every program must still answer the questions, “Are we working on the right things?” and “Are we getting better?” In this presentation, PlexTrac Founder and CTO and security industry veteran Dan DeCloss will present strategies for harnessing contextual scoring of proactive security and threat intelligence data to prioritize remediation based on business impact. He'll present practical methods for scoring risk without relying on "black box" algorithms, how to leverage risk frameworks like NIST, Mitre ATTACK, and PCI, the role AI and threat intelligence play in prioritized remediation, and how to measure the overall effectiveness of proactive security efforts over time.

Daniel DeCloss
Daniel DeCloss, Founder / CTO, PlexTrac
Security Threats and Exploits
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Metrics that Matter: How to Choose Cloud Security KPIs For Your Business

As cloud security operations mature within the organizations, implementing effective metrics is vital for measuring cloud security posture and operational readiness. Organizations often face challenges in tracking security metrics without incurring resource overheads.

This talk discuss examples of both potentially effective and ineffective metrics based on real-life experiences, tailored to various business scenarios and risk appetite. We will explores how to prioritize metrics that inform leadership and drive continuous improvement in cloud security posture. The session also introduces concepts like the Exploit Prediction Scoring System (EPSS) for prioritizing vulnerability remediation and Protection Level Agreements (PLAs) for building effective KPIs. The goal is to not only measure but enhance cloud security operations, empowering teams to identify cloud security metrics truly matter to their business.

Emma Yuan Fang
Emma Yuan Fang, Senior Manager, Senior Cloud Security Architect, EPAM Systems
Cloud Security
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
Understanding the ORBs: PRC Actors, Obfuscation Networks, and the Coming IOC Extinction

Since 2020 Chinese Espionage operations have fundamentally changed. Gone are the days of actor registered infrastructure and command and control reuse. A new practice of "Operational Relay Box" (ORB) networks has risen to obfuscate CNE network traffic via a TOR like network of registered VPS space and compromised end of life home routers.

This presentation will:

  • Demonstrate the ways ORBs have made blocking network IOCs Extinct
  • Provide a 4 quadrant signature and detection approach that will allow defenders and threat hunters to pivot through these complex networks. (Censys, YARA, Netflow, Active Scanning)
  • Define a scalable universal anatomy for talking about ORB networks and map signature types to these components.
  • Utilize an active PLA and MSS leveraged ORB network to provide real world examples of what manifestations of these ORB networks look like.
  • And Finally Shift the world view of network defenders from IOC blocking to detecting ephemeral infrastructure networks leveraged by multiple malicious APT actors.
Michael Raggi
Michael Raggi, Principal Threat Analyst, Mandiant, Google Cloud
Intelligence
Tuesday, September 17, 2024 | 2:30 PM - 3:15 PM
I Wish I'd Known This Before We Got Sued

Topic: Strategies for Safeguarding Legal Privilege in In-House Counsel
Narrative: Retaining legal privilege during cross-border incident response efforts presents unique challenges. When local laws fail to recognize privilege for in-house counsel, preserving it becomes paramount. Moreover, when incidents span multiple countries with inconsistent privilege rules, maximizing protections requires finesse. This program delves into practical dos and don’ts during litigation, drawing from real-world war stories shared by seasoned panelists and will cover: 

  • Preserving Privilege Amid Legal Ambiguity
  • Navigating Cross-Border Privilege Challenges
  • Dos and Don’ts During Litigation
  • War Stories from the Trenches

In conclusion, safeguarding privilege requires vigilance, adaptability, and a keen understanding of legal nuances. By learning from real-world scenarios, in-house and external counsel can fortify their privilege protections and navigate the legal landscape effectively.

Chris Bloomfield
Chris Bloomfield, Attorney, Eversheds Sutherland
Rachel Reid
Rachel Reid, Partner, Eversheds Sutherland
Ming Zhu
Ming Zhu, Senior Counsel, Google LLC
Third Party and Cyber Risk Management
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
Secure-by-Default: Tackling Shared Libraries

Shared libraries are common in code development to increase efficiency, and provide a well-developed set of subroutines and functions. When a vulnerability is discovered in a shared library, it poses a serious risk to any organization that used that library - think Log4j. But, in the scenario that the vulnerability is not disclosed or fixed by the open source project and developers are unaware that they need to reconfigure it, this exposes organizations to even greater risk. In this session Mandiant and Ivanti will detail the discovery, remediation and disclosure of a vulnerability in the Apache XML Security for C++ library, which is part of the Apache Santuario project. By default, the library resolves references to external URIs passed in Extensible Markup Language (XML) signatures, allowing for server-side request forgery (SSRF). There is no way to disable this feature through configuration alone, and there is no patch available. Mandiant reported the non-secure default configuration in xml-security-c to the Apache Software Foundation (ASF). The ASF did not issue a CVE or a new release of xml-security-c.

Jacob Thompson
Jacob Thompson, Staff Vulnerability Engineer, Mandiant
Daniel Spicer
Daniel Spicer, CSO, Ivanti
Security Threats and Exploits
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
Serverless Security: A Holistic Approach to Managing Risk in the Cloud

Serverless computing revolutionizes app development, but introduces unique security challenges due to its dynamic nature and reliance on third-party services. Drawing on insights from Google Cloud's security practices and real-world incidents, this talk explores the root causes of significant vulnerabilities exploited over the past decade. We'll delve into critical issues such as insecure coding practices, supply chain attacks, and misconfigurations, illustrating their potential consequences. Through data-driven insights attendees will gain actionable recommendations for hardening serverless security.

Serverless security is not solely about safeguarding individual applications; it has far-reaching implications for the entire cloud ecosystem. The interconnected nature of serverless architectures means that a vulnerability in one component can cascade, potentially compromising multiple services and users. Therefore, a holistic approach to serverless security is essential, encompassing not only secure coding practices within applications but also robust protection for the underlying infrastructure, data storage, and network communications.

Charles DeBeck
Charles DeBeck, Cyber Threat Intelligence Expert, Google LLC
Cloud Security
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
Rites of passage as a CISO

Join Kevin Mandia and seasoned CISOs discuss what you need to know to be a successful CISO.

Kevin Mandia
Kevin Mandia, Strategic Advisor, Google Cloud
Next Gen CISO
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
At the breaking point: is your email safe against ransomware and state-sponsored attacks?

As cyber threats become increasingly sophisticated, driven by generative AI, organizations need robust, proactive defenses. This session reveals how AI-powered collaboration tools using the principles of Zero Trust provide a critical first line of defense against email-based attacks, empowering secure work from anywhere.

Rancho Iyer
Rancho Iyer, Specialists Customer Engineering Manager, Google
Adam Ehret
Adam Ehret, SVP IT, Equifax
Adam Currie
Adam Currie, VP, CISO, HCL Software Products LTD
Security Engineering
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
From Manual Mayhem to AI-Powered SOC: How Generative AI is Revolutionizing Security Operations

Ditch the manual grind! Google Security Operations & Foresite unveil a revolutionary SOC powered by generative AI. This talk dives deep into empowering analysts & automating tedious tasks. Witness AI transform security:

  • Automated Threat Detection & Response: Generative AI triages alerts, prioritizes threats, & automates initial response, freeing analysts for high-impact investigations.
  • Enhanced Threat Hunting: Uncover hidden threats with AI-powered anomaly detection. Generative models can identify subtle patterns & entities invisible to traditional methods.
  • Streamlined Incident Response: Generate investigative playbooks & automate repetitive tasks, expediting incident resolution & reducing analyst workload.
  • Continuous Threat Intelligence: AI analyzes vast data sets to identify emerging threats & indicators of compromise (IOCs), keeping your defenses ahead of the curve.

This talk is a real world showcase of applications in practice.

Jeremy Hehl
Jeremy Hehl, Vice President, Business Development, Foresite Cybersecurity, Inc.
Intersection of AI and Cybersecurity
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
Offensive Cyber Counterintelligence: Approach Mapping the Strategic Targeting, Confrontation, and Neutralization of 21st Century Spies

Countering advanced persistent threats (APTs) and cyber threat actors (CTAs) has contextualized the ever-evolving landscape of counterintelligence (CI). Offensive cyber counterintelligence (OCCI) has clearly emerged as a critical component in the CI arsenal. A comprehensive understanding of OCCI’s effectiveness in addressing threats posed by APTs/CTAs remains elusive. This breakout aims to fill intelligence gaps in the digital threat landscape by examining the multifaceted variables and dynamics of OCCI. While OCCI is a crucial mechanism in the field of intelligence, there is a lack of research that systematically assesses the interplay between key variables influencing the efficacy of OCCI. What impact do attribution accuracy, operational timing, deterrence effectiveness, repercussions against the accused entity, and tactical adaptations have on the success of offensive cyber counterintelligence (OCCI) strategies against Advanced Persistent Threats (APTs) and Cyber Threat Actors (CTAs)? The breakout aims to provide nuanced insights that go beyond singular dimensions of CI. Further refining OCCI strategies will provide meaningful insight for policy decisions.

Benjamin Nixon
Benjamin Nixon, Intelligence Officer, Defense Intelligence Agency
Intelligence
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
SAIF From Day One: Lessons from Securing AI

AI is advancing rapidly, and it is important that risk management strategies evolve along with it. To help achieve this evolution, Google introduced the Secure AI Framework (SAIF). Join us to learn the top risks and how SAIF evolves to offer a practical approach to addressing them. We will also cover how to implement it for popular scenarios.

Anton Chuvakin
Anton Chuvakin, Senior Staff Consultant, Google Cloud
Taylor Lehmann
Taylor Lehmann, Director, Security Engineering, Office of the CISO, Google
Security Threats and Exploits
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
ASPM from A to…M! Your Application Security Posture Management Crash Course

According to Gartner, 40% of companies developing proprietary applications will adopt an Application Security Posture Management (ASPM) solution by 2026. Why? Because with increasing cloud security complexity involving a multitude of scanners, languages, and frameworks, organizations are finding it more and more difficult to prioritize fixes amongst a sea of alerts. This lack of clarity leads to protracted risk windows. A survey conducted by the Cloud Security Alliance found that 18% of organizations reported taking more than 4 days to address critical vulnerabilities—with 3% exceeding two weeks. That’s too long for the well-being of your infrastructure, and that’s where ASPM can help. During the course of this session, we’ll take you through ASPM basics— what it is, who’s using it, how it differs from similar solutions (death by acronyms!), its benefits, the best-of-breed tools that can integrate with an ASPM solution, considerations and steps for implementing, and—what everyone’s buzzing about—how AI factors in to modern ASPM solutions.

Eyal Golombek
Eyal Golombek, Head of Product Growth, Dazz.io
Cloud Security
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
Securing AI Systems: Detecting and Stopping GenAI-Enabled Threat Actors

Generative AI has given defenders an edge, but it's also opened new avenues for enabling cyber threat actors to conduct phishing, social engineering, vulnerability research, and other abusive activities. A cross-team collaboration spent months tracking, defending and learning from threat actors attempting to abuse Google's AI systems; tactics that can ultimately work across different AI systems.

In our talk, we will discuss the types of abusive behavior seen from threat actors, including novel-AI TTPs that haven't been publicly shared before, like jailbreak prompts and prompt injection attacks. We'll then share actionable best practices for how enterprises can be proactive in detecting and stopping abuse and exploitation of their AI systems, based on these learnings.

Audience members will walk away with the knowledge of which implementations to prioritize within their environments to stay ahead of the curve and retain their edge.

Jonathan Looi
Jonathan Looi, Security Engineer, Google
Security Engineering
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
Turning Chaos into Privileges: Processing Attacker Data with AI

When conducting adversarial emulation engagements, making sense of all the data available to the attacker is THE biggest challenge. As a defender, if you don't know the needle in the haystack the threat actor will find even exists, how can you protect against it? How can you make sense of the vast amounts of structured and unstructured data to give yourself the advantage?

Data permeates the modern organization; structured data such as computer-readable output from tools and unstructured data; such as data from clients which is created by and for other employees. This data can be challenging to parse, process and understand from a security implication perspective but artificial Intelligence (AI) might just change all that.

Our presentation will focus on a number of case studies where we obtained unstructured data during our complex adversarial emulation engagements with global clients and how we processed this into structured data that could be used to better defend organizations using AI. We will showcase the lessons learned and key take-aways for other organizations and highlight other problems that can be solved with this approach both for red and blue teams.

Jay Christiansen
Jay Christiansen, Senior Manager, EMEA Red Team Lead, Mandiant, part of Google Cloud
Matthijs Gielen
Matthijs Gielen, Senior Consultant, Google Cloud / Mandiant
Security Operations
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
Analyzing VirusTotal's Malware Executables Collection with LLMs

VirusTotal has been using Large Language Models (LLMs) to analyze malware for over a year, starting with macros and scripts. This experience gave us a good grasp of what LLMs can and can't do. But the real challenge was always executables. So, we took on a huge task: disassembling all the binaries and memory dumps in VirusTotal and using LLMs to figure out how they work.

In this talk, we'll share what we've learned from this massive project. We'll be upfront about the challenges of using LLMs on complex malware and the wins we've had, including how LLMs provide an approach for pivoting that shows very promising early results.

Come hear our story and get a glimpse of the future of malware analysis with AI. We'll have a real talk about how (besides the hype) there are areas where LLMs are making a real difference and what's next in this exciting field.

Vicente Diaz
Vicente Diaz, Threat Intel Strategist, VirusTotal
Intelligence
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
The Dark Side of Innovation: Generative AI in Cybercrime

The landscape of cyber threats is undergoing a transformative shift with the integration of Generative AI (GenAI) technologies by cybercriminals. This presentation delves into how GenAI tools are increasingly being adopted in the cybercrime arena, highlighting specific cases where these technologies have been utilized for malicious purposes. We will explore a range of examples including phishing attacks crafted with AI-generated content, the use of deepfakes for identity fraud, and AI-driven network intrusion techniques.

The presentation will then pivot to discuss future predictions, suggesting potential new vectors of cyber attacks powered by further advancements in AI technologies.It will also critically analyze the escalating arms race between cybersecurity measures and AI-enhanced cybercrime methodologies.

Finally we will challenge the audience to consider whether the rise of AI in cybercrime is a trend of necessity or opportunity, and what this means for the future of both cybersecurity strategies and criminal tactics. We will delve into the implications of AI's dual-use nature, reflecting on how its potential for misuse shapes the evolving landscape of cybersecurity.

John Fokker
John Fokker, Head of Threat Intelligence, Trellix
Intersection of AI and Cybersecurity
Tuesday, September 17, 2024 | 3:45 PM - 4:30 PM
Improving Healthcare Incident Response in the Wake of Recent Healthcare Breaches

Recent prominent breaches at healthcare organizations have proven that the healthcare sector is a primary target for financially motivated threat actors. The extended recovery times associated with these incidents have demonstrated that there exists opportunities for improvement in the incident response and management programs.

Using the NIST incident response framework as a template, we will highlight improvements in preparation, detection, containment, and recovery phases as applicable to the healthcare sector. Healthcare is a critical industry quite literally impacting people’s lives. Ensuring that this important service is available to the public at all times is a necessity. Through the changes suggested in this talk, an incident response program will be able to meet goals of confidentiality, integrity, and availability.

To highlight an example of the talk, we will discuss building automations through a Security Orchestration and Response tool to automate containment of suspected infected hosts.

Christopher Tanzer
Christopher Tanzer, Director, Cyber Investigations & Response, McKesson
Lawrence Taub
Lawrence Taub, Consulting Leader, Mandiant
Security Operations
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Effective ROI: Practical Controls to Protect Against Impacts of Data Theft and Ransomware

Multi-faceted extortion via ransomware or data theft is a popular end goal for attackers, representing a global threat targeting organizations in all industries. These threats not only have a financial impact on organizations, but can also have long-lasting reputational and trust impacts. This presentation will focus on the core programmatic and technical controls that can not only protect organizations from these threats and risks, but also demonstrate a positive return on investment by better protecting the business.

The presentation will align scalable and actionable programmatic and technical controls that includes coverage for protecting and enhancing detections for:

  • Identities
  • Endpoints
  • Network Architectures
  • Remote Access Platforms
  • Trusted Service Infrastructure (TSI)

The presentation will also highlight common challenges organizations face when ransomware has been deployed, including prolonged downtime, coupled with unforeseen expenses for restoration and recovery. The presentation will demonstrate the proactive processes, architecture designs, and technical controls organizations should consider to ensure the timely and secure recovery of business operations.

Matthew McWhirt
Matthew McWhirt, Senior Practice Leader, Mandiant (Google Cloud)
Security Engineering
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Unveiling Threat Actor Methods: Investigating Sandbox Artifacts and LNK-to-PDF Malware Delivery

In the landscape of cybersecurity, threat actors leverage deceptive techniques to orchestrate sophisticated attacks. This session explores the use of LNK, ISO and PEEXE files as a conduit to deliver hidden malware payloads while using PDF documents to trick the victim. By dissecting sandbox-generated artifacts for example in VirusTotal, we illuminate the strategies employed by adversaries, enabling practitioners to enhance threat detection and threat hunting methodologies to track this threats using artifacts generated during the execution of the initial payloads, helping with pivoting and hunting. We will see real examples of the PatchWork APT group and other crime groups.

Jose Luis Sanchez Martinez
Jose Luis Sanchez Martinez, Security Engineer, Google
Intelligence
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Things We Think And Do Not Say: A Mission statement for incident responders and crisis managers

Microsoft, like many organizations, is under constant attack by sophisticated actors. Responding to attacks by sophisticated actors requires coordination across multiple groups with sometimes competing interests. In this session we identify the critical challenges experienced in dealing with a large-scale compromise including providing clear and actionable intelligence to multiple stakeholders while actively investigating, containing, and remediating the event, quickly addressing telemetry gaps or visibility gaps, and challenges associated with working with cross-disciplinary teams.

Roberto Bamberger
Roberto Bamberger, Senior Principal Security Research Manager, Microsoft Corporation
Security Operations
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Fast Flux: Catching Universally Bad Behavior, Raspberry Robin

Threat actors like Raspberry Robin are known to conduct Fast Flux behaviors to hide their infrastructure. They quickly rotate a domain through numerous IPs across unique ASNs, which can make it harder for some defenders to find and block the infrastructure.

By focusing on IP / ASN diversity features (the number of unique ASNs/IPs a domain has been seen on over a specific period) and creating a simple domain regex filter for the 2-letter domain format used by Raspberry Robin for their infrastructure while bearing in mind the unique Name Server that they are known to use, we can easily create a ruleset that makes it possible for defenders to get lists of their domains that are Indicators of Future Attacks (IOFAs).

FastFlux behaviors create golden opportunities for defenders to hunt for IOFAs. In our research, we haven't found any legitimate enterprises that deploy FastFlux behaviors on their domains. Only threat actors are doing this. Silent Push has one of the only open data sets available for researchers that easily allow searching the open internet by IP / ASN diversity so that more threat analysts can dig through hosts doing these suspicious FastFlux DNS rotations.

Zach Edwards
Zach Edwards, Senior Threat Analyst, Silent Push
Security Threats and Exploits
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Standardizing a Privileged Access Model for a Multi-Cloud environment

Most organisations use more than one public cloud to deploy infrastructure (AWS,Azure,GCP etc.).Having a large distributed deployment opens up avenues for attackers to exploit, misusing the lateral movement paths and inter-dependencies between the clouds. Mandiant has observed attackers compromise entire cloud environments by performing token theft-replay, AiTM attacks. Such compromises often involve abuse of user accounts exposed to multiple clouds, permissions leak, lateral movement paths, trust relationships and integrations between the cloud service providers. This session will walk through Mandiant’s frontline experience of such attacker paths across multi-cloud and delve into the proposed architecture to secure the cloud. This is meant to eliminate attacker paths of lateral movement and privileged escalation. It adopts tiering model practices for segregation of resources, endpoints, accounts, and applies it consistently across multiple cloud platforms. The session delves into security configurations, monitoring and detection mechanisms to secure and harden critical assets across multi-cloud.

Rupanjana Mukherjee
Rupanjana Mukherjee, Principal Security Architect, Google Asia Pacific Pte. Ltd.
Jon Sabberton
Jon Sabberton, Senior Manager, Mandiant
Cloud Security
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Minimizing Permissions for Cloud Forensics: A Practical Guide for Tightening Access in the Cloud

This talk addresses a critical challenge for security operations centers (SOCs) and incident response (IR) teams in cloud environments: minimizing the permissions required for forensic investigations while maintaining efficient collaboration with cloud teams. Key topics include:

  • The Power of Dedicated Forensics Accounts: Learn why creating dedicated GCP/AWS/Azure forensics accounts can be a best practice, along with implementation steps
  • Extracting Data from Containers: Discover various methods to acquire data from containers, including sidecars, snapshots of the container filesystems, and the Kubernetes API
  • Temporary Credentials for Secure Access: We'll delve into assigning temporary credentials for cloud resources, using virtual machine snapshots as an example
  • Leveraging Tagging for Granular Permissions: Explore how tagging resources can minimize the permissions needed for specific investigations
  • RBAC Best Practices for IAM: Gain insights into best practices for Role-Based Access Control (RBAC) within IAM, specifically tailored for security operations and incident response teams
Christopher Doman
Christopher Doman, CTO, Cado Security Ltd
Cloud Security
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Knock Knock... Who's There? Threat Actors! Real-World Case Studies in Cyber Defense

Cyberattacks are now an inevitability, with Threat Actors targeting organizations of all sizes and sophistication.

This presentation confronts this reality, focusing on proactive defense strategies against these relentless threats. This presentation will go through real-world case studies, to dissect recent breaches and close calls, and what the defenders had to do in order to detect, respond and protect the organization.

The presentation goes beyond threat identification; it showcases successful real-world defense strategies, offering practical approaches to mitigate risks, detect anomalies, and respond dynamically to attacks. Topics covered include threat intelligence sharing, incident response protocols, and fostering a security-conscious culture all the way to the board level.

By showcasing organizations that have successfully defended against cyberattacks, the presentation inspires confidence and provides a roadmap for building resilient cybersecurity frameworks in todays rapidly changing environment.

Ryan Malfara
Ryan Malfara, Principal Consultant, Google
Lyle Sudin
Lyle Sudin, Managing Director and Senior Client Advisor, Mandiant, part of Google Cloud
Security Threats and Exploits
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Gaining Trust in Zero Trust

A key skill we use every day is collaboration – but how can you collaborate if you don't have trust? I address this topic in "Gaining Trust in Zero Trust." Working in the cybersecurity space, we embrace the motto "zero trust" – but this mindset can creep into our everyday interactions. A whirlwind tour of history reveals how this concept evolved (for example Mikhail Gorbachev and President Ronald Reagan discussed "trust, but verify!") I offer a few tips to help gain trust with any type of research findings: don't embarrass anyone, don't speculate, and be genuine – report the actual findings, even if it's a bitter pill.

Luis Rodriguez
Luis Rodriguez, Lead Research Practitioner, Trellix
Next Gen CISO
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
The SIEM Isn't Dead: Comparing SIEMs and Data Lakes in Modern Cybersecurity

In an era where cyber threats are increasingly sophisticated, the need for security data collection and monitoring remains vital, but the SecOps landscape is evolving. This session offers a real and honest discussion about these shifting paradigms.

We'll delve into the strengths and weaknesses of SIEMs and data lakes, foundational components upon which your workflows are built, then cut through the marketing noise to explore how AI/ML are transforming SecOps, enhancing threat detection, and response capabilities. We'll provide insights into where these technologies are headed and how to position your organization today to take full advantage of them in the future.

The road to modernization is fraught with challenges. For those considering a SIEM or data lake migration, we'll discuss common pitfalls and effective strategies to navigate this complex process.

Attendees will walk away with a clear understanding of how to evaluate and choose the best solution for their organization's specific needs, whether it's a traditional SIEM, data lake, or hybrid approach. Step confidently into the next generation of cybersecurity with the tools and insights to outsmart evolving threats.

Fred Frey
Fred Frey, CTO, SnapAttack
Security Operations
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Practical use cases for AI in Security Operations

Artificial intelligence (AI) is revolutionizing the way we approach security operations – allowing defenders to elevate their skills and boost productivity by accelerating threat detection, investigation, and response. AI isn’t a future concept: It’s here and available, with early user feedback showing that AI can reduce the time required for common analyst tasks such as triaging complex cases by 7x. In this session, we’ll dive into the real-world applications of AI in Security Operations with hands-on demonstrations and case studies.

Nimmy Reichenberg
Nimmy Reichenberg, Head of Security Operations Product Marketing, Google Cloud
Wendy Willner
Wendy Willner, Product Manager, Google
Intersection of AI and Cybersecurity
Tuesday, September 17, 2024 | 4:45 PM - 5:30 PM
Unmasking the Hidden Danger: The Critical Role of Insider Threat Penetration Testing

Insider threats pose a significant and increasing risk to organizations across industries. The Insider Threat Pen Test is a novel approach to cyber security that proactively identifies and addresses vulnerabilities stemming from both accidental malicious insider and this presentation delves into the methodology behind this Pen Test, illustrating how it complements traditional external penetration testing by focusing on internal systems, processes, and human behavior. Through in-depth case studies from various sectors, we showcase the actionable insights gained from this approach. These insights empower organizations to strengthen their security culture, implement targeted mitigation strategies, and foster a proactive cyber security mindset. Attendees will learn how the Insider Threat Pen Test can be leveraged to reduce the risk of data breaches, intellectual property theft, operational disruptions, and other costly consequences of insider threats. Ultimately, this presentation demonstrates how the Insider Threat Pen Test serves as a business enabler, enhancing organizational resilience and safeguarding critical assets in an ever-evolving threat landscape.

Ian Trimble
Ian Trimble, Insider Risk Manager, Google
Shahzad Azad
Shahzad Azad, Technical Manager - Insider Risk Services, Mandiant, Google Cloud
Third Party and Cyber Risk Management
Wednesday, September 18, 2024 | 9:00 AM - 10:30 AM
Keynote Panel - Ransomware: Cyber's Evolving Cash Cow

9:35AM - 10:10AM
Ransomware: Cyber's Evolving Cash Cow
With Kim Zetter, Brett Callow, Kimberly Goody, and Allan “Ransomware Sommelier” Liska

Allan “Ransomware Sommelier” Liska
Allan “Ransomware Sommelier” Liska, Senior Security Architect and Ransomware Specialist, Recorded Future
Brett Callow
Brett Callow, Managing Director, FTI Consulting
Kim Zetter
Kim Zetter, Cyber & National Security Journalist,
Kimberly Goody
Kimberly Goody, Head of Financial Crime Analysis, Mandiant, Google Cloud
Wednesday, September 18, 2024 | 9:00 AM - 10:30 AM
Keynote - Opening Remarks Kevin Mandia

9:00AM - 9:35AM
Opening Remarks
By Kevin Mandia, Security Advisor, Google Cloud

Kevin Mandia
Kevin Mandia, Strategic Advisor, Google Cloud
Wednesday, September 18, 2024 | 9:00 AM - 10:30 AM
Keynote - Emerging Threats: What You Need to Know Now

10:10AM - 10:30AM
Emerging Threats: What You Need to Know Now
With John Hultquist and Margi Murphy

John Hultquist
John Hultquist, Chief Analyst, Mandiant Intelligence at Google Cloud
Margi Murphy
Margi Murphy, Reporter, Bloomberg
Wednesday, September 18, 2024 | 11:00 AM - 11:20 AM
Adaptive Use Case Management (UCM) for Incident Detection and Response, in an Evolving Threat Landscape

In an age where cyber threats are constantly evolving, traditional incident detection and response methods are no longer sufficient. This presentation delves into the strategies for developing adaptive use case management that can keep pace with the ever-changing threat landscape. We will discuss the importance of continuous monitoring and playbook optimization using real-time threat analysis, for more effective detection and response capabilities. Participants will learn how to create and maintain dynamic use cases that align with their organization's security objectives, ensuring a robust defense against sophisticated cyber attacks. Through case studies and practical advice, we will illustrate how adaptive use case management can transform incident response processes and fortify cybersecurity resilience.

Geordie Marin
Geordie Marin, Use Case Management Team Lead, CyberProof
Sponsor Track
Wednesday, September 18, 2024 | 11:30 AM - 11:50 AM
Security At Scale 2.0: Why 2024 is the Year for Outsourced SecOps

The necessity for diverse and outsourced managed security services (MSS) has never been more imperative than in today's cyber landscape. This presentation will outline the key drivers behind this growing need, including the usual suspects (people, process and technology), but also delve into modern challenges these programs must address such as the rise in cloud usage, generative AI, machine learning (ML) and more. Optiv has expanded its strategic alliance with Google Cloud to provide our clients with just that - a simplified approach to improving security maturity. Join us as we discuss Optiv MDR on the Google Security Operations platform and the variety of other ways we offer clients flexibility and scalability for their SecOps program.

John Pelton
John Pelton, Senior Director, Detection & Response, Optiv
Sponsor Track
Wednesday, September 18, 2024 | 11:30 AM - 12:00 PM
Ransomware: 2015-20 and Beyond

The profitability of ransomware continues to drive groups and their affiliates to ramp up operations, and further invest in their businesses. During this podcast, our guest will share ideas on the latest ransomware stats and trends, including increasingly aggressive extortion attempts, and how organizations can more prepare for and respond to the threat.

Subscribe to the podcast: https://cloud.withgoogle.com/cloudsecurity/podcast

Anton Chuvakin
Anton Chuvakin, Senior Staff Consultant, Google Cloud
Allan “Ransomware Sommelier” Liska
Allan “Ransomware Sommelier” Liska, Senior Security Architect and Ransomware Specialist, Recorded Future
Wednesday, September 18, 2024 | 1:00 PM - 1:20 PM
From Reactive to Proactive: Empowering Security Teams with Cutting-Edge Capabilities

See how Google Cloud Security pushes the boundaries on proactive, intelligence-driven security with a deep dive into the world of threat detection, investigation, and response (TDIR). Explore a use case with us that highlights the essential capabilities every security team needs to have in their arsenal.

Kristen Cooper
Kristen Cooper, SecOps Product Marketing, Google
TJ Alldridge
TJ Alldridge, Product Marketing Manager, Google Cloud Marketing
Alexa Rzasa
Alexa Rzasa, Sr. Product Marketing Manager, Google Cloud Security
Sponsor Track
Wednesday, September 18, 2024 | 2:00 PM - 2:20 PM
The changing landscape of Threat Intelligence and Security Operations

PwC discusses their view on the threat landscape and how its influencing security operations transformation, Gain valuable insights into the successes, ROI and challenges faced by clients in overhauling their SecOps strategies.

Matthew Wilden
Matthew Wilden, Principal, Google Cybersecurity Alliance Leader, PwC US, PwC
Allison Wikoff
Allison Wikoff, Director, Global Threat Intelligence - Americas Lead, PwC
Sponsor Track
Wednesday, September 18, 2024 | 2:30 PM - 2:50 PM
The Future of Log Collection: A Deep Dive into Scalable Security Log Collection

In this Deloitte sponsor session, we will address overcoming technical debt in security log collection and introduce a framework for engineering scalable data pipelines to enable complex use cases.

Alex Glowacki
Alex Glowacki, Senior Consultant, Deloitte
Sponsor Track
Wednesday, September 18, 2024 | 3:00 PM - 3:20 PM
You have The Defender's Advantage. Capitalize on it!

The Defender's Advantage is based on the notion that you have control over the landscape where you will meet your adversaries. Come learn about the six critical functions of cyber defense and how to activate them. It is through this activation that you can ready your organization to face modern threats, confidently.

Kerry Matre
Kerry Matre, Head of Mandiant PMM, Mandiant, Google Cloud
Sponsor Track
Thursday, September 19, 2024 | 9:00 AM - 10:30 AM
Keynote - Cybersecurity brought to you by the letter V

9:00AM - 9:25AM
Cybersecurity brought to you by the letter V
By Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA)

Jen Easterly
Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA)
Thursday, September 19, 2024 | 11:00 AM - 11:20 AM
Building Cyber Resilience in a World of Weaponized GenAI

GenAI has created a dichotomy between risk and opportunity. AI enables threat actors to rapidly produce sophisticated attacks, while CISOs are concerned about weaponization, data leakage, model poisoning, and bias. This session investigates AI risks and how to build resilience with GenAI.

Sean Morton
Sean Morton, SVP, Strategy & Services, Trellix
Sponsor Track
Thursday, September 19, 2024 | 11:30 AM - 11:50 AM
Impacts of AI in Security

Artificial Intelligence is a pervasive part of our lives today and cybersecurity teams and adversaries alike have learned to harness the speed and power of machines to strengthen their capabilities. With machine learning becoming one of the most important tools of defense, leaders must balance the overwhelming speed and accuracy advantage of AI with the need for measured and intuitive interactions with a real-world human element. Join this session to discuss:

  • What these trends mean for security teams.
  • What happens when the velocity of innovation outpaces the capabilities of human intellect.
  • The evolving role of automation in the effective practice of securing our digital world.
Chris Boehm
Chris Boehm, Global Field CISO, SentinelOne
Sponsor Track
Thursday, September 19, 2024 | 1:00 PM - 1:20 PM
Operationalizing Cyber Threat Intelligence (Where, Why, How to Adopt for Optimal Effectiveness)

Despite advancements in threat intelligence, users continue to struggle with data overload and deriving actionable insights from volumes of raw data.This talk discusses a strategic approach to implementing threat intelligence at the network sensor and the SIEM to address this persistent challenge.

James Lagermann
James Lagermann, Director of Technical Alliances, Corelight, Inc.
Sponsor Track
Thursday, September 19, 2024 | 1:30 PM - 1:50 PM
Rubrik, Cyber Resilience meets IR

In the ever-evolving world of cybersecurity, dealing with cyberattacks has become a daunting challenge for organizations across the globe. The aftermath of such attacks can be catastrophic, leaving organizations stymied for weeks or even months as they scramble to determine the true scope of an attack through recovering their data and systems. A game-changing partnership between Rubrik and Mandiant is set to turn the tables on these malicious actors, dramatically reducing the entire intrusion lifecycle from initial detection through full recovery – all with the goal of keeping businesses running during ransomware attacks.

Carl Norwich
Carl Norwich, GTM Leader, Rubrik
Sponsor Track
Thursday, September 19, 2024 | 2:00 PM - 2:20 PM
Active Cloud Risk: How to Combat the Most Critical Threats

Cloud has changed the way we develop, deploy, and scale apps. Traditional perimeter and end-point security does not address the distributed and ephemeral nature of cloud. Blind spots leave room for adversaries to go undetected. Security teams need to address active cloud risk in real time. Tools, like Cloud Security Posture Management (CSPM), that rely on point-in-time assessments need to catch up in detecting and mitigating active threats.

This session will address the distinction between static and active cloud risks, common tactics used in cloud attacks, and the 555 framework that sets a new standard in detecting, prioritizing, and responding to active cloud risks and threats.

Eric Carter
Eric Carter, Director, Product Marketing, Sysdig
Sponsor Track
Thursday, September 19, 2024 | 2:30 PM - 2:50 PM
The Browser Context

In modern cybersecurity operations, analysts face overwhelming challenges, with thousands of alerts generated per day and a proliferation of tools that complicate their workflows. The process of triaging these alerts can consume hours, severely impacting the efficiency of incident response. Moreover, when an attack originates from a browser, it often leaves no traceable evidence, further complicating detection and investigation efforts. This highlights the urgent need for more integrated and efficient security solutions that can streamline alert management and improve visibility into browser-based threats.

Victor Monga
Victor Monga, Sr. Marketing Solutions Architect, Menlo Security
Sponsor Track
Thursday, September 19, 2024 | 2:30 PM - 3:00 PM
Cloud Security Podcast LIVE FROM mWISE 2024 - Transform and Rebuild Securely

The guest shares his journey to becoming a Chief Secure Technology Officer  role and how recent events led to a remarkable opportunity to rebuild and enhance security within his organization. He reveals the complexities of a cloud rebuild, navigating both technological advancements and essential cultural shifts. Learn how his team tackled telemetry collection and observability in their modernized stack, and explore the thought-provoking concept of "simplexity" in cloud security.  

Subscribe to the podcast: https://cloud.withgoogle.com/cloudsecurity/podcast

Anton Chuvakin
Anton Chuvakin, Senior Staff Consultant, Google Cloud
Thursday, September 19, 2024 | 3:00 PM - 3:20 PM
Your Security Team's Force Multiplier: Mandiant Hunt and Managed Defense

Learn how Mandiant Managed Defense provides continuous monitoring and expert analysis to identify and mitigate threats in real-time. Discover how Mandiant Hunt proactively hunts for hidden adversaries within your environment, uncovering the threats missed by other detection mechanisms. Through real-world examples and case studies, we'll illustrate how these services complement your security team to strengthen your security posture and ensure your organization remains resilient in the face of evolving threats.

Ed Murphy
Ed Murphy, Group Product Manager, Google
Sponsor Track
Thursday, September 19, 2024 | 3:30 PM - 3:50 PM
Securing AI: Frontline Lessons from the Customer Trenches

In an era where AI adoption is accelerating across industries, ensuring robust security for AI systems is crucial. Join us for a panel discussion featuring experts from across Google who'll share firsthand insights from their customer interactions. They'll delve into real-world examples of the security challenges organizations grapple with when deploying AI, the lessons they've learned, and practical tips to improve security of your AI models, applications, and data. Get a clear, comprehensive picture of AI security from the people who help our customers protect their valuable AI systems.

Bill Reid
Bill Reid, Advisor, Office of the CISO, Google
Naveed Makhani
Naveed Makhani, Group Product Manager, Google
Muhammad Muneer
Muhammad Muneer, Incident Response Consultant, Mandiant/ Google Cloud
Jessica Mulreany
Jessica Mulreany, Product Marketing, Google Cloud Security
Sponsor Track