DC CyberWeek

Does your organization rely on partnerships with suppliers or vendors? If so, are you able to determine if their safeguards and security policies are sufficient to prevent a data breach that harms your enterprise?

Cybersecurity consulting firm TSC Advantage invites you to learn about third-party cyber risk management at our upcoming breakfast and brainstorming seminar in Silver Spring, MD, just a short walk from the Metro. 

To secure your enterprise in today’s outsourced business environment, conduct business with the federal government, or meet regulatory requirements, you must understand and protect your entire digital ecosystem. Even though your data may be stored within a third-party’s environment, YOU are ultimately responsible for its security.

Attend this event to:

• Hear how hackers have used third parties to steal information and interrupt business
• Learn how to make cybersecurity part of your enterprise risk management process
• Get a four-step plan to begin third-party cyber risk assessment

Agenda:

8:00 AM: Networking Session and Complimentary Breakfast
8:30 - 9:15 AM: How to Manage Third-Party Cyber Risk Presentation
9:15 - 9:30 AM: Q&A and Networking

Integrated Cyber is the premiere event showcasing Integrated Adaptive Cyber Defense (IACD) strategies.  IACD focuses on accelerating the speed and scale of cyber defense via integration, automation, and information sharing.  The event brings together integrators, service & solution providers and practitioners across commercial, government, critical infrastructure, research and academia to align community efforts, demonstrate advances in cyber defense, and collaborate on innovative security approaches. Speakers from each of these communities, as well as hands-on workshops in the development of IACD playbooks and orchestration solutions. Free event, registration requested.

Interested in adopting or advancing strategies for increasing the speed and scale of cyber defense – join us at: https://secwww.jhuapl.edu/IACD/  and https://www.linkedin.com/groups/8608114

White Hat Academy presents a virtual presentation and interactive hands-on lab covering common web application vulnerabilities and how to guard against them. Participants will be able to practice exploiting web apps using injection, cross-site scripting, and other common attack vectors. Participants will then rewrite the sample code to harden their apps from attack and test whether their fixes are successful.

This virtual event will happen on YouTube Live. To get the most out of this session, you should already have some basic experience with an object-oriented programming language; examples will mostly use Python code.

Integrated Cyber is the premiere event showcasing Integrated Adaptive Cyber Defense (IACD) strategies.  IACD focuses on accelerating the speed and scale of cyber defense via integration, automation, and information sharing.  The event brings together integrators, service & solution providers and practitioners across commercial, government, critical infrastructure, research and academia to align community efforts, demonstrate advances in cyber defense, and collaborate on innovative security approaches. Speakers from each of these communities, as well as hands-on workshops in the development of IACD playbooks and orchestration solutions. Free event, registration requested.

Interested in adopting or advancing strategies for increasing the speed and scale of cyber defense – join us at: https://secwww.jhuapl.edu/IACD/  and https://www.linkedin.com/groups/8608114

Security & Resiliency of Mobile and the Internet-of-Things (IoT)

The transition from desktop and even laptop to mobile computing continues but is a foregone conclusion. We are in a mobile world where users have access, bandwidth, and capabilities that are equal to or rival a fixed office location. Similar to explosive growth and adoption of mobility, we are seeing rapid innovation and expansion of ubiquitous computing and IoT products in everything from automobiles, home automation, to all sorts of consumer products. Please join the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) in a round-table discussion to explore cybersecurity implications of the convergence of mobility and IoT, and what may be on the horizon that current cybersecurity approaches will need to adapt and rapidly reconfigure to provide safety, security, and resilience to our infrastructure, users, and communities.

Hudson Institute, a D.C. think-tank focused on national security and foreign policy, will hold a symposium on quantum technology, led by Senior Fellow Dr. Arthur Herman. The conference will be keynoted by Dr. Aaron VanDevender, Chief Scientist at Founders Fund. Four panels will explore the security and policy implications of the coming quantum revolution. The two morning panels will analyze the risks and opportunities for quantum computing and quantum cybersecurity, respectively. The afternoon panels will highlight international quantum efforts, while the concluding panel will discuss the merits of a US National Quantum Initiative. There will be an introductory technical overview of quantum technology at the outset of the symposium.

9:00-9:10am: Welcoming Remarks
9:10-9:30am: Quantum Technology 101: Educational overview of quantum computing and quantum cybersecurity
9:30-10:00am: Keynote remarks, Aaron VanDevender, Chief Scientist, Founders Fund
10:00-11:15am: Panel Discussion 1: Quantum Computing: The Dark Side and the Bright Side
11:15-11:30: Break
11:30-12:30: Panel Discussion 2: Quantum Cybersecurity: Ushering in an Unhackable Era?
12:30-1:00 pm: Lunch with keynote remarks by member of Congress (invited)
1:00-2:15: The International Quantum Race
2:15-3:15: Does the US Need a National Quantum Initiative?
3:15-3:30: Closing Remarks

Around the world legal frameworks are failing to keep pace with technology. Domestically nations are struggling to secure consumers’ privacy and conflicted about how best to manage the effects of powerful new technologies like artificial intelligence without stifling innovation.

Is regulation necessary, or can voluntary frameworks suffice? Where are the current points of failure in our legal system? Where are the strengths? What responsibilities do technologists have? What should policymakers avoid in developing new regulatory efforts? What are the consequences if we fail? How can policy catalyze innovation?

The American Bar Association Standing Committee on Law and National Security, New America, and Pitt Cyber host a discussion of the widening gap between coding and codes. Former US Attorney David Hickton, known for his groundbreaking cybercrime and cyber espionage indictments, will share his view from the front lines of enforcing existing laws, after which an expert panel discussion will discuss the issues raised.

Join the conversation online by using #CyberLaw and following @NewAmCyber and @PittCyber.

Keynote:

David Hickton

Founding director, Pitt Cyber and former US Attorney, Western District of Pennsylvania

Participants:

Paul Cohen

Founding dean and professor, University of Pittsburgh, School of Computing and Information, former program manager, Information Innovation Office, DARPA

Harvey Rishikof

Chair, Advisory Committee, ABA Standing Committee on Law and National Security and former Dean of Faculty, National War College

Ian Wallace, @pianwallace

Co-director, New America’s Cybersecurity Initiative and senior fellow, International Security Program

Moderator:

Kiersten Todt

Resident scholar, Pitt Cyber and former executive director of the Presidential Commission on Enhancing National Cybersecurity 

Live streaming of this event will be available on the New America website: https://www.newamerica.org/cybersecurity-initiative/events/old-laws-and-new-technology-how-can-we-keep/

Cybersecurity continues to be a top-tier critical issue, and the need to protect the country against significant cyberattacks is at a critical point.  With recent news reports of fairly wide-spread hacking attempts by foreign operatives during the most recent Presidential election, combined with significant data breaches as reported by private companies, cybersecurity is among the top enterprise risk for almost every organization – public and private.

To highlight the criticality of cybersecurity, a Presidential Executive Order was signed on earlier this year focusing on cybersecurity needs of Federal IT infrastructure and coordination between agencies to protect against cyber-attacks.  The executive order also calls out the need to secure the country’s critical infrastructure, reflecting the need a strong public and private partnership in cybersecurity. 

Georgetown University will host a panel discussion to discuss the current state of the public and private cybersecurity partnership in defending the country against cyberattacks.  

Open source software is the foundation for application development worldwide, comprising 80-90% of the code in today’s applications.  It reduces development costs, speeds time to market and accelerates innovation which is driving adoption, but the explosion in open source use has not been accompanied by effective security and management practices.

A 2017 Black Duck analysis of code audits conducted on 1,071 applications found that 97% contained open source, but 67% of the applications had open source vulnerabilities, half of which were categorized as severe.   

Join Black Duck VP of Security Strategy Mike Pittenger for a discussion of best practices in open source security and management to reduce application security risk. You’ll learn:

• Strategies to minimize the impact of open source security vulnerabilities when immediate fixes can’t be made
• Ways to assess the risk associated with a discovered open source vulnerability
• Scalable approaches to designing application testing for different agile-development pipelines

Register Here: http://bit.ly/2wO5WDL

As China launches its 19th Party Congress, its plans to shape cyberspace are becoming ever clearer. Through the publications of government and Party officials, we are increasingly getting insights into Chinese plans for the digital economy. Often however that information is only available to Chinese-speakers. Therefore, through New America, a group of China cyber experts have launched a new effort to translate and analyze key Chinese documents and make them available to a wider audience. 

Due to the significant uptick of the BEC scheme and its threat to U.S. businesses and individuals, the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) are working together to provide up-to-date BEC intelligence to private industry. Held at the unclassified level, this presentation will provide an overview of BEC, information sharing mechanisms, and mitigation strategies.

Register for our partner event Spies & Hackers: Foreign Intelligence Surveillance and Corporate Armies, which will take place starting at 3:00pm

This will be a lively group discussion on the God Key problem. What it is (all access), who it affects (everyone) and what we do now (inadequate) and how Data Centric Design solves this problem. The discussion will touch upon new approaches to data and its management using new ideas, analyses and tools which were developed such as Structured Data Folding with Transmutations (SDFT), eNcrypted Userdata Transit & Storage (NUTS), Continuous Recovery, Asymmetric Anonymity, Key Management with NUTS and much more. Topics will be presented and participation will be encouraged by everyone, it's old school, but perhaps it's time to give this classic method a shot again. Be prepared to be challenged and to think things through.


blognuts.org / 224-300-1408

Presented by the National Security Institute at George Mason University's Antonin Scalia Law School and the Intelligence and National Security Foundation 

Panel 1: Watching the Watchers: Balancing Security, Surveillance, and Privacy

Moderated by: Darren Dick

Panel 2: U.S. Corporations vs. Nation-States in Cyberspace: A Fair Fight?

Moderated by: Kiran Raj

Speakers include: Stewart Baker, Jake Sullivan, Arthur Rizer, Sean Newell & More

Please also join NSI for our partner event "Business Email Compromise: Facts, Threats and Countermeasures,” co-hosted with the Federal Bureau of Investigation (FBI) and the United States Secret Service.  The BEC event will begin at 2:00 pm in Hazel 121.

Interested in looking at job opportunities in Cyber, then plan to  participate in this screened career fair, meeting face to face with major employers and agencies, recruiting for experienced Cyber professionals. (US Citizenship with at least 2 yrs of experience on top of degree required to attend. Some jobs require an active Security Clearance.) Job seekers must register by sending their resume to susan@expoexpertsllc.com.  (Put ‘Attending CS’ in the subject header and we will send you an express pass to enter.)

Employers attending can meet face to face with 100s of qualified professionals in these niche cyber disciplines.  Employers interested in attending, call 877-842-3976 ext. 13.

Job Fair: 3:00PM-7:00PM and Cocktail reception for all from 7:00PM-8:00PM

Join us for an evening of cocktails and stories about actual corporate cyber attacks. You’ll have the chance to hear from experts who were involved first-hand in dealing with the aftermath. What happened? How did it happen? How were the issues resolved? What security measures were put in place to prevent future attacks and mitigate the damage should another attack occur.

In coordination with CyberScoop’s 2017 DC CyberWeek, Eastern Foundry is hosting a pitch competition for start-up companies to help provide solutions for cybersecurity related issues. Judged by industry experts, businesses are invited to participate in the innovative forum that is bringing people, technology and ideas together to address one of the country’s top priorities.

Presented by George Mason University's National Security Institute

Register today and join us for networking, food and drinks - No speeches, no presentations, no lectures - Just good old fashioned networking and tacos... who does not like tacos?! This event is a great opportunity to mingle with members of the local cybersecurity and broader IT community, including executives from vendors, end-users, analysts, media, integrators/contractors, associations and more!

Not all receptions are created equal.  Together, ICIT  and DLT Solutions have created an unforgettable evening at one of the most exclusive venues in America – the Mansion on O.  Mingle with the beltway’s top cybersecurity leaders while exploring the Mansion, unlocking secret doors (literally!), and discovering its world renowned artwork. We’ll have plenty of food, drinks and great conversation.

In recognition of National Cyber Security Awareness Month, NEA is bringing together industry experts and CEOs from its cybersecurity portfolio for a Jeffersonian-style dinner, with special guests from the Department of Homeland Security and the Department of Defense.

The theme for our dinner conversation: Predictions about cyber-security and the future of the Internet. Please come prepared with a prediction and a willingness to contribute to the conversation.

This event is in collaboration with FedScoop’s Cyber Week effort, but attendance at the event is extremely limited and will be closed to the press. 

6pm- 7pm Cocktail Reception, 7pm-9pm Dinner

Interested in a Cyber Career? Get career advice and insights from a panel of successful Cybersecurity Professionals. The ISSA National Capital Chapter is having a Cyber career panel on October 17, 2017, at 6:30 PM as part of CyberScoop's DC CyberWeek. Whether you are a senior cybersecurity expert or just starting your career in cyber, you will benefit from this event.  

Moderator - Tyrone Wilson President of Cover6 Solutions, Organizer of the D.C. Cyber Security Professionals and Breaking Into Cyber Meet Up groups, Virtual CISO.

Panelists:

- Eric Mill, Senior Advisor, U.S. General Services Administration's Technology Transformation Service (pending Agency approval)

- Loren Schwartz, IT Audit Partner, Cotton & Co.

- Michael Misumi, CIO, JHU Applied Physics Laboratory

Cost: Free. Light refreshments will be served. Event location: Center for American Progress (CAP), 1333 H St. NW, 10th Floor, Washington, DC, 20005. RSVP online at ISSA DC Web Site: http://issa-dc.org 

http://cosn.org/events/webinars/dc-cyberweek-ignite-talks

Please join Robert Hoffman for a DC CyberWeek happy hour at the office of Invariant

Delta Risk will host a networking and happy hour social at our new digs in Arlington. Free food, free drinks, and a chance to talk about incident response best practices with our team of cyber security analysts. Oh, and did we mention there will be food? This is a prime opportunity to network with other cyber security leaders and influencers in the greater D.C. region. Join us for a night of good fun and good company, and help us celebrate our 10-year anniversary in style!

Join NeoSystems, Flashpoint and R&K Cyber Solutions in Tysons Corner, October 18, from 5:00PM-7:00PM, for an evening of cybersecurity trends and incident response strategies, followed by a networking happy hour.  Learn about our latest technology updates including Deep and Dark Web risk mitigation, and cloud security and virtualization solutions. Hear from expert strategists about the current incident response landscape, and policy related to the DFARS 7012 clause. We’ll discuss early detection models, actionable steps to ensure compliance, and introduce strategic approaches to implementing proactive security measures. 

Our event will begin with two concurrent presentations, followed by a brief presentation and Q&A with our leading cyber analyst and Director of Intelligence.  Stay for our Capital Grille-hosted networking happy hour and connect with leading cyber professionals in the DC Metro community! 

MACH37, MITRE and Crowell & Moring are teaming up to bring together a select group of cybersecurity startup companies, investors, and strategic partners for our first ever Cybertunity Pitch and Networking Event during DC Cyber Week.
 
Come get a first look at some of the hottest startups-to-watch in cybersecurity. Join us for an evening of pitching and networking with startups, investors, and other strategic partners. This is an opportunity to network and see companies pitch their innovative cyber solutions.
 
A select group of companies-to-watch, including those from the MACH37 ecosystem, will give their 30 second pitch and will then participate in a series of meet and greets with some of the area’s most active players in cybersecurity.

5:00 pm - Refreshments & Introduction

5:15 pm - Keynote Presentation: Aleksandr Yampolskiy, CEO and Cofounder at SecurityScorecard

5:30 pm - Cybertunity Showcase

6:00 pm - Networking 

What's better than a fine cigar and quality whiskey? How about a remote browser and cybersecurity? Balancing security and productivity is a challenge facing organizations of all sizes. Every data collection project requires internet access, and a remote browser provides a secure and anonymous means to complete your mission. Attend our reception on Wednesday, October 18, 2017 at Shelly's Backroom on F Street. Meet with colleagues in leadership positions within DoD and civilian agencies. Learn about how Silo has helped analysts be more secure and effective in their online investigations.

The greatest cyber ideas often involve small businesses. Please join the Washington Cyber Roundtable (WCR) and the Small Business Development Consortium (SBDC) for a panel discussion on the role small businesses play in protecting and advancing the nation's cyber capabilities. During the event attendees will hear from:

Mr. Charles Nelson, Deputy Director for Outreach at U.S. Cyber Command's Capabilities Development Group and Mr. John Mills, Director of Cybersecurity Policy, Strategy, and International Integration in the Office of the CIO at the Department of Defense.

The event will conclude with a happy hour.

• 5:30-6:00pm - Registration 
• 6:00-7:15pm - Presentation in auditorium
• 7:15-8:00pm - Reception on overlook

RansomWare is everywhere and quickly spreading through IT environments. Join us for an informative look at how to prevent ransomware from attacking your network.

The Wanna Cry ransomware attack that crippled hundreds of thousands of IT systems has made the threat of ransomware front-page news around the globe. This news should be especially daunting as research shows that Small to Medium Businesses and Distributed Enterprises suffer from a greater frequency of successful ransomware attacks than large Enterprise organizations. With the stakes – and costs – of a ransomware attack higher than ever, what can small and midsize businesses do to protect themselves?

Join Network Security Leader WatchGuard for an in-depth look at the best tactics for ransomware defense.

Highlights include:
• See ransomware in the wild
• Watch a live ransomware hack
• Learn why Threat Detection & Response is a must for today’s threat landscape
• Experience the ultimate Ransomware prevention solution, powered by Incident Correlation

Join Red Sun Information Systems from 6:00-8:00PM at Hunan Number One for a networking happy hour kicked off with a brief primer on how to keep your employees safe on the web. Grab a drink and learn about cyber-threat mitigation strategies for your non-technical employees followed by an opportunity to meet and chat with other professionals working in cybersecurity. 

We thank our amazing panelists who will be sharing their stories, experiences and tips for those in their cybersecurity career or contemplating a change into a cybersecurity career. We are covering the wide range of backgrounds from government contracting, commercial, large company, small company, entrepreneur and veterans.

Sophia Fadil, AIG;

Jen Havermann, Deloitte,

Tyrone Wilson, Covert6,

Nischit Vaidya, Argotis. 

Never before in history have next-gen technology and the automotive world ever intersected so rapidly. These changes will undoubtedly bring new opportunities to create safer roads and provide unforeseen mobility options for people globally. However, these changes will also present new challenges that must be addressed to ensure safety, privacy, and the trust of the public. The challenge at the center of this discussion is the topic of cybersecurity and if, and how, connected and automated vehicles can be compromised and how they will be protected.

Please join us for drinks, networking, and an in-depth discussion with leading thought leaders (including Moshe Shlisel, CEO of Guardknox and former Deputy Commander of Special Operations for the Israeli Air Force) who are working to secure the car of the future. This event is geared towards post-graduate professionals and those who are currently working in the field of technology. 

Space is limited.

Come join GRIMM for a posh evening in Washington D.C. to celebrate the official launch of CROSSBOW™!

Keith Myers is making a special trip to come and DJ this awesome event! There will be great food and drinks. Plus, lots of great conversation with a wide range of industry experts.

We look forward to celebrating with you and the amazing tech community during DC Cyber Week.

Hope you can join us!

What is CROSSBOW™?

CROSSBOW™ is a cyber security platform which enables you to fully VALIDATE your organization's digital defenses, without the need for costly training or complex setup.

Stop simply "trusting" that your IDS, Phishing Protection or AV is working; with CROSSBOW™ you can setup, customize, and run ADVERSARIAL CAMPAIGNS IN MINUTES, and receive granular reporting about your production environment and degree of compromise.  

CyberArk Impact: Public Sector is a one-day event where we will discuss privilege and administrative account security in the government. 

This event will provide an open forum for you to interact with our executives, ask questions, and network with your peers. We’ll be discussing a number of cyber security issues that continue to affect the public sector.

You'll discover:

· Why defending federal networks against internal and external threats is a must

· DHS’s CDM requirements and vulnerability scanning

· How to automate NIST 800-53 Controls for a more successful Risk Management Framework implementation

With passage of the Technology Modernization Act and Executive Order for Cyber Security seeking to modernize and secure legacy systems, forward-leaning public officials, standards bodies, and IT Communities of Interests are converging for the 4th annual Cyber Resilience Summit on October 19 in Arlington, VA. With growing threats from a tech savvy adversary, Federal agencies need to embrace advanced risk management and modernization practices proven effective in the global IT market.

The 10/19 Cyber Resilience Summit is sold-out. External registration is required via the link below. For questions, email tracie.berardi@it-cisq.org.

Participants will:

• Understand the five stages of a cyber-attack – Reconnaissance, Incursion, Discovery, Capture and Exfiltration
• Apply knowledge and experience to real-world problems
• Expand their security awareness and build cyber skills while earning Continuing Education Credits

Increasingly frequent and severe cyberattacks targeting the private sector globally are fueling debates over whether to allow corporations to engage in “active cyber defense.”  Numerous trends point to the potential for this practice to grow internationally, potentially posing significant dilemmas for governance.

As part of DC CyberWeek, Carnegie’s Cyber Policy Initiative invites you to the launch event of the Carnegie report Private Sector Cyber Defense: Can Active Measure Help Stabilize Cyberspace?

This report assesses the potential risks and benefits of creating space for a legitimate practice of private sector ACD internationally, and explores how insurance companies and policies could provide a framework to bound such activity and incentivize responsible conduct.

Smart cities, connected healthcare devices, digitized records and smart cars and homes have become our new reality. Always-on technology, while it makes our lives more convenient and unlocks potential for the future, is fueled by our personal information, which presents security and privacy concerns for both consumers and businesses. This Twitter chat – coinciding with Week 3 of National Cyber Security Awareness Month – will highlight the growing Internet of Things and discuss how to use cutting-edge technology in safer and more secure ways.

Maintaining a secure information environment is a challenge, particularly for companies and non-profits that are funded by grants, and do not have large security budgets. This roundtable will provide a venue for attendees to discuss how they have tackled this need, what tips they have to share, and what challenges they still face. A portion of the roundtable will be an open house presented by EfficiencyNext where we will discuss the tools we’ve utilized for account and data security, including multi-factor authentication, at-rest data protection, active data protection, API call limiters, firewalls, cloud services, proprietary technology, and locally encrypted devices. We hope everyone will come out of the discussion with new insights, methods, and tools to try.

Join us for dinner and drinks followed by a talk and discussion as we launch the first meeting of DC’s new Data Science & Cybersecurity Meetup.com Group!  This group is focused on cyber security topics (e.g., UEBA, threat analysis, compromised endpoints, insider threats, etc.) so that we may all share knowledge and benefit. We’ll explore how we can use what we learn to construct computational models (or, learn it from data) to construct systems capable of being deployed in production environments. Looking forward to your participation.  

The Parsons Cyber Innovation Center is a model Security Operations Center with several types of control systems such as Electrical Power, Water/Sewage pump stations, building automation and physical access control where Red and Blue teams can practice their skills. Marianne and her team will demo exploits and attack methods, defensive techniques and countermeasures, and discuss the evolution in skills and careers paths of the evolving cybersecurity workforce.