Day 1: Tuesday, January 21, 2020

8 a.m. | Registration and continental breakfast with sponsors

8:30 a.m. | Welcome and Legislative Update
Kate Shanks, Vice President, Public Affairs, Kentucky Chamber of Commerce

8:40 a.m. | Selling the Value (and Costs) of Cyber Security to the C-Suite: YUM! Brands, A Case Study
Marc Varner, Corporate Vice President and Global CISO, YUM! Brands, Inc.
Getting corporate buy-in for any comprehensive (and expensive) initiative/project is never easy, especially in the area of Cyber Security which for many corporate executives who may only have a cursory understanding of the potential issues. In this session, YUM Brands, Corporate VP and Chief Information Security Officer will talk about the importance of gaining leadership buy-in to approach cyber security not just as a regulatory matter or legal strategy to protect your company…. but as being good for business.  At a company largely comprised of franchisees, protecting this eco-system is at the forefront of Yum!’s strategy.  His presentation will explore how the digital age and the rise of consumer information and on-line transactions have moved YUM’s perspectives and actions around cyber security from ‘nice to have’, to ‘absolutely must have’ in order to meet both customers and employees’ expectations.

9:15 a.m. | Why is Cybersecurity so Hard?
Bryan Pryor, Vice President, Sales & Marketing, The AME Group (formerly Integrity IT)
Jennifer Erena, Sales & Marketing Coordinator, The AME Group (formerly Integrity IT)

We’ll discuss why cybersecurity is still so hard for business; why cybercriminals are getting better; and why email is still the #1 threat. We will provide examples of basic security still being ignored. There will be an exploration of cybersecurity products that are meant to help but actually are causing confusion and sticker shock. The ever-growing compliance standards will be discussed and their impact on turning cybersecurity into a check box exercise instead of improving security. Also, we will explore the immature state and lack of standards in reporting cybersecurity metrics that prevent us from measuring our investment in security to even know if our security controls are working. A summary of practical tips meant to simplify these problems will be presented.

10:20 a.m. | Cybersecurity Trends and Security Assessment Best Practices
Gui Cozzi, Cybersecurity Practice Lead, Dean Dorton Allen Ford, PLLC
Michael Gilliam, Cybersecurity Services Manager, Dean Dorton Allen Ford, PLLC

We will review the 2019 cyber threat landscape and discuss why cyber security is a growing risk for organizations of all sizes across all industries. We will learn about who the threat actors are, what their motives are, what organizations are being targeted, and what are the commonalities and trends behind the recent data breaches? In order to protect themselves, organizations have to understand what their risks are and how to manage them. Conducting a thorough and meaningful assessment is a fundamental step to achieve these objectives.

11:10 a.m. | The Data Breach Bootcamp
Dana Howard, CIPPP/US, Privacy Law Attorney, Stoll Keenon Ogden PLLC
Jessica Middendorf, Privacy Law Attorney, Stoll Keenon Ogden PLLC
Nealy Williams, Privacy Law Attorney, Stoll Keenon Ogden PLLC

"My company is too small." "It won't happen to me." "I deleted the bad email."  said every small business owner the day before a cybersecurity attack. Headlines reporting massive data breaches have become ubiquitous. Many data breaches, however, do not rise to the level of front page news, and many small businesses erroneously believe that it will not happen to them and/or do not understand their legal obligations to report data breaches. The failure to properly prepare for and report data breaches can cost small businesses big bucks. In this dynamic presentation we will inform you of the legal responsibilities to notify employees or customers of data breaches by walking through real-life simulations. We will review data breach notification laws, and the presenters will work with participants to determine best practices for responding to potential data breach situations at all stages, including pre-incident, the investigation, the reporting, and post-mortem.

12 p.m. | Lunch with sponsors

1 p.m. | Making Sense of Compliance
Joe Danaher, CISM, CRISC, CPHIMS, CISO, The AME Group (formerly Integrity IT)
2020: Data privacy legislation and compliance are becoming the norm for enterprises. Data Security Compliance may not impact you yet but it likely will and here is how: 1) State regulations many are modeled on GDPR 2) Cybersecurity insurers are increasingly requiring compliance. 3) Third-party contracts are requiring IT/Data compliance standards modeled on existing compliance standards. Let's take a look at current compliance standards and identify what they all have in common that will help you be prepared to meet compliance requirements you may already be facing or likely will be facing in the near future.

2:15 p.m. | Learn How to Secure Your Business Against Cyber Threats
Scott Logan, CISSP, Chief Security Officer, NetGain Technologies LLC
When discussing cyber-attacks against your business, the discussion is not if, but when. Attempted cyber-attacks occur against all businesses every day — some are successful and some are not. In today’s world, proliferating devices and mobile workforces contribute to the rapid expansion of the corporate security perimeter. Learn about the simple, proactive, and cost-effective measures that every organization should implement. Are you prepared to handle security threats to your business? Join us for this informative session to protect your business and don't forget to bring your questions for the Q&A at the end of the session.

3:10 p.m.  |  Cyber Security – A Layered Strategy
Steve Platnick, Vice President, MITS, Coker Group
Within a constantly evolving landscape of security requirements, eminent threats, and zero-day attacks the ability to identify and defend against threats, from without or within, in real-time, is a necessity to protect patient identifiable information and ensure regulatory compliance. Simple endpoint anti-virus solutions can't protect critical IT assets and information against the wide range of exploits in use today. Developing a multi-tiered defense policy is the best way to defend against malicious actors of all kinds.

4 p.m. | Closing Remarks and Day One adjournment
Bryan Pryor, Vice President, Sales & Marketing, The AME Group (formerly Integrity IT)


DAY 2: Wednesday, January 22, 2020

8 a.m. | Registration and continental breakfast with sponsors

8:30 a.m. | Welcome and Overview
Bryan Pryor, Vice President, Sales & Marketing, The AME Group (formerly Integrity IT)

8:40 a.m. | Anatomy of an Attack (Red vs. Blue)
Corey Shell, CISSP, Senior Cybersecurity Consultant, Dean Dorton Allen Ford PLLC
John Askew, CISSP, Principal, Graywolf Security

During last year's Kentucky Chamber Cyber Security Conference, we demonstrated how a cyber attack can be launched against an organization and what impact it can have in terms of reputational and financial risks. This year, we will provide live demonstrations from the perspective of the Red Team (Attacker) and the Blue Team (Defender) with an emphasis on Endpoint Detection & Response (EDR) Platform capabilities and how EDR can allow your organization to detect and respond to real-world cyber attacks. In this demonstration, Askew will act as the Red Team (Attacker), while Corey Shell will act as the Blue Team (Defender). We will also discuss how to mitigate the risks associated with these attacks and how organizations can be better prepared to face cyber threats.

10 a.m. | Security Operations Center-as-a-Service and Tales from the Trenches: Cybersecurity War Stories
Tim Smoot, Senior Presales Systems Engineer, Arctic Wolf Networks
In today’s business environment, it’s imperative for organizations of all sizes to have a dynamic online presence. However, with always being connected, there comes real risk to your business. Ransomware attacks, like Petya and WannaCry, have demonstrated how businesses can be brought to a halt by locking access to business-critical data. So, how do you protect yourself? What should you be looking for? In this presentation, Davies will teach you about the importance of managed detection and response for your cybersecurity posture. As well, you will get to hear some of the most interesting attacks that AWN security engineers have successfully hunted down. When it comes to security, you must take a proactive approach in assessing the risks and vulnerabilities.

10:45 a.m. | Is the New Systems Organization Control (SOC) for Cyber Right for Your Organization?
Kelley Miller, CISA, CISM, Principal, MCM CPAs & Advisors
Kourtney Nett, CPA, Partner, Risk Advisory Services Team Leader, MCM CPAs & Advisors

In 2017, the AICPA introduced a new report to its SOC suite, the SOC for Cybersecurity. The purpose of the SOC for Cyber is to report on an entity’s cybersecurity risk management program and controls. In this session we will provide an overview of this new report and will provide insights to consider whether this may be the best report for achieving your organization’s objectives.

11:15 a.m. | PSV and RPA Key Elements of Your Cyber Profile
Richard Taylor, CISA, Principal, MCM Technology Solutions
Jim Kramer, Partner, IT Consulting Team Leader, MCM CPAs & Advisors

Penetration, Social Engineering and Vulnerability (PSV) testing are key elements in increasing a company’s cyber resilience. These preventative, detective and responsive controls along with Robotic Process Automation (RPA) can provide ongoing/ reoccurring test and reporting of infrastructure and training weaknesses.

12 p.m. | Lunch with sponsors

1 p.m. |  Stories from CyberShield, Lessons Learned on a Simulated Cyber Battlefield
Tony Sims, Cybersecurity Specialist, Microsoft Corporation
CyberShield is an annual, Red Team/Blue Team training exercise where National Guard Cyber Defense Teams hone their skills against human adversaries on a virtual cyber battlefield. Some of the most important lessons learned during the exercise have nothing to do with technology nor “1337 hacks”, they are about planning and leadership. Sims has been fortunate enough to attend CyberShield four times, three as a “Network Owner” (simulated corporation leadership) and once as a Red Team member. In this session, he will share key lessons learned from those exercises that can help make your cyber defense operation more successful.

1:45 p.m. | 14 Cybersecurity Awareness Tips from The Muppets
Joe Danaher, CISM, CRISC, CPHIMS, CISO, The AME Group (formerly Integrity IT)
Fourteen end user tips on cybersecurity will be presented by Muppet-like puppets to demonstrate the "Gamification of Cybersecurity Awareness Training". Phishing, password management, open source intelligence, third-party risk and the importance of awareness training will be featured.

2:30 p.m. | Every (Cyber) Breath You Take
Dana Howard, CIPPP/US, Privacy Law Attorney, Stoll Keenon Ogden PLLC
Jessica Middendorf, Privacy Law Attorney, Stoll Keenon Ogden PLLC
Nealy Williams, Privacy Law Attorney, Stoll Keenon Ogden PLLC

It's 8p.m., do you know where your data is? No. Your electric company may know where you are. The mobile app you downloaded once to get a discount from your favorite store may know your geographic location. An artificial intelligence company you know nothing about may have pictures of your children. In this session we will inform you about the types of personal information and data being collected, distributed, and/or sold by various third parties. Some of this information may have been collected with or without authorization, unknowingly or unwittingly. We will provide various tips and recommendations for protecting personal information and data on the internet, including specialized mobile apps that make consumers aware of the types of apps being collected. We will also give you information regarding your legal rights to know what data is being collected and control the usage of that data.

3:15 p.m. | Closing Remarks
Bryan Pryor, Vice President, Sales & Marketing, The AME Group (formerly Integrity IT)

3:30 p.m. | 6th Annual Cyber Security Conference adjourns


© Kentucky Chamber of Commerce · 464 Chenault Road · Frankfort, KY 40601 · (502) 695-4700