Jeff Miller
10:00 am - 10:50 am
With the release of the NIST CSF 2.0 earlier this year and the addition of the new Govern pillar, companies need to understand how to implement new controls and governance concepts into their organizations to ensure the effectiveness of their cybersecurity program. Additionally, newer technologies are quickly replacing older ones in the areas of threat detection & response and identity & access management. This presentation aims to tie together new concepts in NIST CSF 2.0 with new technologies that will help companies achieve cyber resilience.
Jeff Miller is a unique blend of engineer, teacher, and evangelist of all things cybersecurity. His roots in cybersecurity stem from his engineering degree and tenure at the nation’s second-largest law firm, where he regularly defended against ransomware, the hacktivist group Anonymous, distributed denial of service attacks, and various other threats. Jeff spends much of his time educating organizations on how to adhere to both security regulations and best practices around cybersecurity. Jeff lives, breathes, and bleeds cybersecurity. It’s not just what he does; it’s who he is.
Charissa Kim
11:00 am - 11:50 am
The SOC2 Type II from the American Institute of Certified Public Accountants is the de facto standard of security audits to ensure the security, confidentiality, and privacy of customer data. However, its roots lie in a different time and context. In this talk, the speaker will provide a straightforward cheat sheet for achieving SOC 2 certification effectively and efficiently. She will break down the process, examine its strengths, pinpoint potential pitfalls, and share best practices from her own experience.
Charissa Kim is a Security TPM at Semgrep. She has spoken on various panels and presented at conferences such as the National Cryptologic Foundation (NCF), National Institute of Standards and Technology (NIST), National Initiative for Cybersecurity Education (NICE), and many others. Charissa also founded Cyber Youth Tech (CyTech), a non-profit organization devoted to empowering the next generation of STEM and cybersecurity professionals. Furthermore, Charissa directed and produced K-12 Cyber Talk, a cybersecurity webcast sponsored by the National Security Agency, providing a welcoming environment for K-12 students to learn and explore cybersecurity along with its diverse career options and opportunities. She is also the first female All-American from the National CyberPatriot and Northrup Grumman Nationals competition.
Michael Kosak
1:00 pm - 1:50 pm
The threat from Infostealers, which is malware aimed at stealing critical personal and financial information, has grown substantially over the last 3 years and has been a key factor in some of the largest breaches of 2024. It targets both individuals and organizations, leading to millions of credentials and session tokens either available for sale on the dark web via stealer logs (often for as little as $10) or posted for free in various forums. This briefing will discuss what infostealers are, how they work, where they fit in the larger cybercriminal ecosystems, and how you can protect yourself and/or your organization against them.
Mike Kosak has been an intelligence analyst for over 20 years, starting his career with the US Department of Defense before moving to the private sector in 2012. For the last 8 years, he has focused on Cyber Threat Intelligence. He is currently the Senior Principal Intelligence Analyst at LastPass. His previous private sector roles include manager of the Strategic Intelligence Analysis and Threat Evaluation teams at Bank of America and Cyber Threat Intelligence team lead at TIAA.
Scott Bly
2:00 pm - 2:50 pm
How do you integrate API Security into your DevSecOps processes?
You have DevOps tooling and CI/CD pipelines for your product release cycle. Your Dev & Ops teams work well together. You started a DevSecOps transformation to Shift Left and test code security in pipelines. But how do you integrate the Security teams into DevOps to achieve true DevSecOps?
Then, how do you integrate APIs, as they are behavior-based? Traditional AppSec can’t identify vulnerabilities in API consumption.
Learn how to integrate API testing into Shift Left DevSecOps pipelines to eliminate vulnerabilities. Learn how to bring Dev, Sec, Ops teams together to improve Mean Time To Remediation, and keep your teams happy!
Scott Bly leads the API Security Practice at iSOA Group, integrating security across the API lifecycle. He spent time at Noname Security developing API security programs for high-profile clients. Prior to Noname, Scott ran the Security Improvement Program at AWS, assisting more than 200 customers to measure and improve their cloud security postures.
Scott has served as a Cybersecurity Solutions Architect and holds over 40 certifications in IT and security, including CISSP and CISM, from vendors such as Fortinet, Cisco and AWS. Scott served as the Director of IT for the American Film Institute, where he led their digital transformation. He led a LA-based consulting firm specializing in the SMB and Media/Entertainment space for fifteen years.
Jim Keeler
3:00 pm - 3:50 pm
Building a robust product security program is essential for shipping hardened products, safeguarding your business, and earning customer trust. This talk will explore the essential steps to creating a solid foundation for a successful program. We'll discuss topics ranging from practical strategies for engaging stakeholders to implementing secure coding practices. Whether you're starting from scratch or looking to enhance an existing program, this talk offers lots of ideas and approaches to strengthen your organization's product security defenses.
Jim Keeler is a senior security analyst at CyberQP, a cyber-security startup. With over a decade of development experience and three years as a penetration tester and red team operator, Jim is meticulously constructing the product security program at CyberQP. Jim is passionate about training and collaborating with developers to ship more secure code. When he's not drafting secure coding standards or penetration testing new features, he enjoys playing soccer with his three kids.