Analytics, Intelligence & Response

Analytics, Intelligence & Response covers the application of investigative and analytic techniques that help organizations plan for, identify, contain, investigate, and resolve incidents in the enterprise, manufacturing (OT), and integrated technologies (IOT). It also explores threat intelligence, automating response, and broad information sharing. Finally, AIR covers response to cognitive security attacks (dis-/misinformation) against companies, products, and services.

Ideas starters:

  • Communications - Customer and Business Partner Response
  • OT - understanding why detecting, analyzing, and resolving issues in manufacturing is different from IT, including the OT engineering teams
  • Ransomware & incident planning and response
  • ATT&CK framework to help anticipate what could happen, plan for likely events, build (document and automate) processes to deal with those expected events
  • Robotic Process Automation (RPA)
  • Pre-planning Response to respond to incidents at machine speed
  • How to respond when memes and deepfakes impact your company, executives, and products


The battle against online fraudsters continues to rapidly evolve, with social engineering-based attacks increasing. Leading organizations are deploying new policies, technologies and methodologies to enhance fraud prevention, detection, response and recovery programs. Hear use cases and best practices focused on sharing practical knowledge and lessons learned on how to approach the most pressing challenges of anti-fraud professionals.

Ideas starters:

  • Customer-side malware—attacks and detection latest and greatest
  • Social engineering fraud
  • Mobile fraud (client device vs fraudster side)
  • International Organized Crime—goal of awareness and case study examples
  • COVID-19 fraud – goal of sharing lessons learned against specific attack campaigns
  • Cryptocurrency in fraud
  • New authenticators for 2021

C-Suite View

 This track focuses on the intersection of business and security. It features experiences and opinions of CXOs, exploring how to assess risk from a business perspective and then communicate cyber-risk to the board. Sessions will explore ways to leverage limited resource to manage and mitigate risk as well as the latest trends and issues in information security that impact the executive suite.   

Ideas starters:

  • What/Where/How to measure in a meaningful way
  • Navigating cyber liability insurance—perception of coverage vs. what is actually covered
  • BEC for the executive audience
  • Organizations that have products/services in B2B market and how they bake security into their offerings
  • The challenges of being a scapegoat but not being listened to or having authority
  • Where are the gaps and how do you deal with those gaps?
  • Overcoming the odds: stories from those who have been able to do something they never thought they could
  • Scary regulations and how to deal with them
  • Focus on CISOs and other executives understanding what boards are actually looking for

Cloud Security & Virtualization

The Cloud Security & Virtualization track includes sessions on the security aspects of using and leveraging cloud services, virtualization technologies/services, segmentation, container technologies, network function virtualization and hybrid architectures. Critical staffing and skills requirements will also be explored as well as business continuity planning related to rapid cloud-native transformations.

Ideas starters:

  • Cloud security architecture and threat modeling
  • Cloud native deployments: lessons learned
  • Networking for containerization
  • Cloud/control plane access
  • Cloud deployments and baseline control parity from an engineer’s perspective
  • Long term strategic aspects of rapid digital transformation—business continuity planning for things that were stood up to be temporary, but are now baked in
  • Multi-cloud: lessons learned
  • Skills and staffing gaps
  • SaaS and CASB – mobile workforce enablement

DevSecOps & Software Security

DevSecOps & Software Security focuses on the intersection of application, product security and DevOps. Sessions focus on sharing real-world, enterprise-level successes (and failures), covering DevSecOps for risk and compliance and working in step with modern development teams. Expect to see topics on secure software development, SDL, safety engineering, adding resiliency to software, and how-to’s for building security support, compliance, and diagnostics into software and products.

Ideas starters:

  • How a non-elite organization built out its product
  • Building a culture of development that is thinking about security first while also celebrating errors
  • Brining safety principles into security
  • Privacy engineering—case study
  • Case study that gives a holistic view of security posture to prioritize areas of investment
  • Deception in DevSecOps—how modern teams are defending their home turf
  • Effectively communicating security processes
  • Data to help prioritize risk and investment
  • Mitigation efforts
  • Compliance and safety overlaps with DevSecOps and safety

Hackers & Threats (Regular and Advanced)

Hackers & Threats sessions include discussions around the growing underground economy, advanced threats, ransomware, cyber-weapons, new classes of vulnerabilities, exploitation techniques, reverse engineering, and how to combat these problems. Hackers & Threats Advanced features more advanced content, including highly technical live demos, exploit code walk throughs, code dissection and reverse memory analysis.

Ideas starters:

  • New and emerging underground chatter
  • Trends from the trenches (a joint effort from law enforcement or someone who has permission to talk about a joint operation would be great)
  •  How to bring security issues to your larger organization as a whole
  • RDP attacks with people working from home
  • Growth of very targeted attacks on edge computing
  • IoT and IIoT, 5G resurgence
  • How SOC teams process data and interoperate in remote settings
  • Advanced—hardware hacking that affects something big
  • Advanced — how do vulnerabilities create a landscape of pivot points with older vulnerabilities chained together

Human Element

This track explores how people make trust choices by relying on user behavior analytics data to inform innovative ways of securing the human and foster internal and external security communities.  Topics include social engineering, insider threats, information operations, organizational change, building partnerships and how classic attacks and emerging threats now include a human element.

Ideas starters:

  • Social engineering-- Large quantitative analyses
  • UX/AI: leveraging analytics for good
  • WFH human error
  • Misconfiguration
  • Why has security training not been working?
  • Offensive side
  • Information sharing challenges—interesting approaches and modeling for it, particularly across supply chain ecosystem
  • Burnout


This track covers the processes, technologies and policies for managing and controlling digital identities for the enterprise and its customers.

Ideas starters:

  • New authentication techniques
  • Threat evaluation
  • Attack vectors associated with password managers
  • Just in time privilege evaluation
  • General continuous evaluation techniques for fraud and Identity
  • Decentralized ID as an architecture as opposed to trust framework
  • Consumer owned identity wallet concept without blockchain magic
  • Trusted device networks
  • ID verification vs. Privacy
  • Effectiveness of behavior biometric capability
  • Breaking ID models with browser changes


The Law track explores topics at the intersection of cybersecurity, data protection and the law, including developments and trends in new laws and regulations, cases, liability, risk management, transactions, investigations, governance and related topics.

Machine Learning, Artificial Intelligence & Automation

Sessions examine the practical applications and limitations of machine learning and artificial intelligence in cybersecurity, with an eye on issues of ethics and bias as well as democratizing ML&AI. This track will explore defensibility, fundamentals, real-world examples, potential risks, and future evolution of capabilities. Expect to see topics around automated robots and defensive automation as well as the ways in which ML, AI and automation are enabling humans to do a better job and be more efficient.

Ideas starters:

  • The data hungry nature of ML/AI algorithms and privacy implications
  • Bias in ML models with ethics, fairness and accountability as a bigger theme
  • ML supply chain
  • Federated learning
  • Building resilient ML and threat modeling for it
  • Using AI for deep fakes

Open Source Tools

This track provides technical case studies of open-source software and highlights new and innovative open source security tools. The track offers attendees exposure to open-source solutions that have been created and utilized by enterprise practitioners to solve real challenges. Sessions will cover the business challenges addressed and how the presenter utilized open source tools to resolve them. Attendees will be able to download the tools to follow along.

Ideas starters:

  • New and noteworthy open source security tools: how they were used to solve business challenges
  • Case studies of open source tools used to solve real world business security challenges
  • Creative use of open source tools in solving challenges
  • Open source tools usage to solve emerging problems: container security, microservices, or other new and emerging problems
  • Situations where open source security tools helped solve issues stemming from the COVID-19 pandemic

Policy & Government   

This track features sessions on current and proposed government strategies, policies, legislation and standards that could shape the direction of emerging technologies, cyberthreat intelligence sharing, industry standards and security compliance requirements for years to come.

Ideas starters:

  • Will CMMC work?
  • Ransomware in state/local government
  • New normal for public sector workforce implications to employees and citizens
  • What's new in Fed policy
  • International changes in policies and regulations


This dedicated track explores the privacy and security of personal data issues related to artificial intelligence, facial recognition, biometrics, surveillance and differential privacy enhancing technologies, as well as state, federal and international laws and regulations, including as CCPA, GDPR and HIPAA. It also focuses on standards and programmatic strategies for compliance.

Ideas starters:

  • Transborder data flows and the strike down of the Privacy Shield
  • Non-HIPAA health and monitoring of people in the time of COVID
  • Schrems and data transfers
  • Employee monitoring in COVID era
  • Algorithmic governance
  • BIPA
  • Will federal privacy legislation pass this year?
  • IDFA
  • Alternate means of tracking people and the privacy issues/security implications
  • DNS over HTTPS

Professional Development & Personnel Management

This track looks at the “you” side of things, with two distinct paths geared toward advancing careers and positively impacting our profession. Professional development is about improving ourselves, expanding our capabilities and skills, soft skills, and increasing our security career possibilities. Personnel Management focuses on those who lead and manage people, build inclusive and diverse teams for 365 visibility, and help our teams mature and develop themselves to achieve even more.          

Ideas starters:

  • Communication soft skills
  • What D&I can mean and why it’s good for us
  • Case studies on overcoming career challenges
  • Building a security career
  • Developing leadership skills
  • Is there really a cybersecurity job shortage—point/counter point?
  • Coaching
  • Mentoring

Risk Management & Governance             

This track covers the selection and implementation of risk management methodologies, compliance-related sessions on standards, assurance, and instituting governance across the extended enterprise. This track also contains sessions on metrics and measurements that make a difference in reducing risk.

Ideas starters:

  • Risk governance and how it has changed in the “react to COVID world”
  • Effective communication strategies that are not just compliance based
  • Proactive assurance approaches
  • Open source tools being used for risk, governance and compliance
  • Choosing the right tools for governance
  •  Case studies showing use of standards to increase security and lower risk
  • How to motivate people to comply with standards
  • Heavy emphasis on case studies and real learnings; enterprise perspectives particularly valued

Securing the Remote Workforce

This track will cover best practices that emerged from organizations that were forced overnight to secure a remote workforce. It will explore next stages of transformation—what projects have been accelerated or decelerated and how organizations are adjusting for quickly made changes as well the normalization of changes that may have been implemented, both technologically and within the workforce. It will also look into the future and deliver concrete ideas around what lies ahead and how organizations can thrive when change is thrust upon them.

Ideas starters:

  • Case studies of organizations 6-12 months post-pandemic and critical lessons learned
  • Innovative approaches that rose out of forced change
  • Practitioner perspectives: what projects were accelerated or decelerated based on the pandemic and how to achieve prioritization alignment with the executive team
  • How do hackers approach the distributed workforce and how can security teams respond
  • Cultural component: some of our workforce is very happy working from home; how are we going to retain talent in this new world?
  • Prognosticating possible futures—what will things look like 2 years from now, 5 years from now, 10 years from now?
  • The Program Committee looks forward to a small number of “rear view mirror” sessions and will focus the track heavily on future forward-looking innovation

Securing All the Things

This track explores the security policies of interconnected devices and the implications of the home network becoming an extension of the corporate network. Securing All the Things demands that we look at the ways in which the architecture, infrastructure, policy and strategy of non-traditional technology affects security. Sessions will cover managing mobile security and emerging threats to mobile platforms as well as the challenges posed by the interconnectivity of everything. Topics will include product security as well as the security of Industrial Control Systems, OT and manufacturing.

Ideas starters:

  • Android & iOS
  • Nation state anti-human rights
  • ICS— things that control critical infrastructure/manufacturing
  • Something that got on a network connection that shouldn’t have
  • Video surveillance systems
  • Home networking equipment
  • Protection of information and supply chain
  • Drones
  • Defending against small, well-connect attack platforms
  • Disruption in wireless—moving from cellular to satellite
  • Retreat from globalism: heightened demand in industrial control and autonomy
  • How have the electronic things of the world been impacted by COVID?

Security Strategy & Architecture

Security Strategy & Architecture covers the policy, planning, and evolving areas of enterprise security architecture and the management issues of implementing successful security programs. Sessions will include the structures and tools needed to build a security program that enables and enhances business processes, communication, resiliency and hygiene.

Ideas starters:

  • Architect’s experience in driving a security program thru technology change to better position the business for resiliency
  • How architects can work with business to collaborate on new initiatives
  • 5G Technology – What is being marketed vs. the risks and the data that needs to be protected
  • Architecture lessons learned thru failures
  •  Managing differentiation between technology life cycles, capabilities, and product life cycles
  • Balancing strategy for people, process and technology….and avoiding tool fixation
  • How to build more resilient and redundant supply chains, particularly in the face of geopolitical conflicts
  • Business continuity
  • The Program Committee anticipates a lot of COVID-tinged submissions—reminder to keep them strategic, actionable and case-study based, focused on providing differentiating detail

Technology Infrastructure & Operations

This track focuses on the most interesting and challenging elements of current and emerging security infrastructure. Sessions will include topics on strategic planning and implementation lifecycle for all things network and security infrastructure and operations.

Ideas starters:

  • Intersection with cloud—how does cloud transform what you are doing?
  • What traditional enterprises can learn from startups, specifically cloud-native companies
  • As a company grows, what are the things from the traditional enterprise world that need to work their way back in?
  • New communication paradigms (Slack/Teams)
  • Transition—what have we learned? Unanticipated risks?
  • CI/CD pipelines—how to move from development into production
  • Automation—strategies for manufacturers for security automation
  • Development pipeline and where to automate
  • Infrastructure as code
  • Deploying access infrastructures through scripting (APIs, Python)
  • Network infrastructure based—ie data center, wired/wireless