Building Cybersecurity Resilience in a Complex, Unpredictable World

IT Summit 2024 is the event you don’t want to miss! Join our industry experts and your peers as we discuss these topics and many more:

  • Identify Your Security Infrastructure “Minimum Effective Toolset”
  • “Securely” Enabling the AI LLM-powered Enterprise
  • When a Ransomware Attack Happens – The Unknown/Unknowns
  • Identity-First Security & Zero-Trust Implementation Efficacy

Earn CPE credits while having fun and networking with industry visionaries. Register now and invite your colleagues to join us!

When: September 11th & 12th, 2024

Where: Potawatomi Hotel & Casino
1721 W Canal St, 3rd Floor, Milwaukee, WI 53233

Audience: Leadership, Architectural, and Operational professionals in medium to large enterprises and service providers. Attendance is free of charge and limited to qualified attendees only.

Why I Attend – IT Summit 2023 Highlights

Topics

🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟥 Secure A.I.
🟪 Ransomware

Network, Security & Cloud Infrastructure Automation, AIOps, and Identifying Outdated Infrastructure
Let SynerComm’s experts amplify your team’s effectiveness with AIOps

🟦 Blue Track – Infrastructure Design & Implementation
The following sessions are featured at IT Summit for this topic. Click each to learn more.

🟦 Hunting in High Definition by Sentinel One
🟦 The Modern Attack: Understanding the Adversary by CrowdStrike
🟦 Data and AI Assets Security by Palo Alto Networks
🟦 Comprehensive Identity Protection and Resiliency by Semperis
🟦 Leadership Panel: How The Rise of AI Threats Is Leading to New Challenges, Technologies & Expectations by Abnormal Security
🟦 IoT Device Security: The High Cost of Inaction by Asimily
🟦 Anti-Ransomware for Backups: Strategies for Business Continuity & Compliance by Elastio
🟦 Observability with Network Automation – the Future Now by NetBrain
🟦 Fortifying Digital Frontiers: A People Centric Approach to Security Risks by Proofpoint
🟦 Hybrid, Multi-Cloud Management Maturity Model: A Foundation for Business Agility and Cybersecurity Enhancement by Infoblox
🟦 Are Your Assets Causing an Information Security Crisis? by Axonius
🟦 The Many Ways Hackers Can Bypass MFA by KnowBe4
🟦 Digital Twins: What is it and why you should have it. Network and Security Infrastructure Modeling by SynerComm
🟦 Getting the most out of your PAN NGFW platform investment leveraging an assessment program that has stood the test of time by SynerComm
🟦 An Adversary Simulation Program: Real-World Testing for Enhanced Cybersecurity by SynerComm
🟦 Your Existing NIST or CIS Framework Compliance Evidence Can Chart Your Path Forward by SynerComm
🟦 Penetration Testing APIs: Essential Strategies for Security by SynerComm
🟦 Securing the Software Delivery Lifecycle: SynerComm’s Secure SDLC Practice Area Expert Insights by SynerComm
🟦 The Tides are Changing: Modernizing IT Assurance techniques to address the “breach of the week” by SynerComm
🟦 Everyone has an ASM, but they don’t all look the same by SynerComm

Assessing & Validating Controls
Monitor and validate exposures in your attack surface withSynerComm’s Continuous Pentest (CPT) powered by CASM®– the best of machines and humans

🟧 Orange Track – Assessing & Validating Controls
The following sessions are featured at IT Summit for this topic. Click each to learn more.

🟧 Hunting in High Definition by Sentinel One
🟧 The Modern Attack: Understanding the Adversary by CrowdStrike
🟧 Data and AI Assets Security by Palo Alto Networks
🟧 Comprehensive Identity Protection and Resiliency by Semperis
🟧 Leadership Panel: How The Rise of AI Threats Is Leading to New Challenges, Technologies & Expectations by Abnormal Security
🟧 Anti-Ransomware for Backups: Strategies for Business Continuity & Compliance by Elastio
🟧 Are Your Assets Causing an Information Security Crisis? by Axonius
🟧 The Many Ways Hackers Can Bypass MFA by KnowBe4
🟧 M365 Scorecard – A False Sense of Security! Who is watching the watchers? by SynerComm
🟧 Uncensored LLMs are here – Is your InfoSec program prepared? by SynerComm
🟧 Getting the most out of your PAN NGFW platform investment leveraging an assessment program that has stood the test of time by SynerComm
🟧 Ransomware Uncovered: Understanding and Countering the Threat by SynerComm
🟧 An Adversary Simulation Program: Real-World Testing for Enhanced Cybersecurity by SynerComm
🟧 Your Existing NIST or CIS Framework Compliance Evidence Can Chart Your Path Forward by SynerComm
🟧 Penetration Testing APIs: Essential Strategies for Security by SynerComm
🟧 Securing the Software Delivery Lifecycle: SynerComm’s Secure SDLC Practice Area Expert Insights by SynerComm
🟧 The Tides are Changing: Modernizing IT Assurance techniques to address the “breach of the week” by SynerComm
🟧 Enumerating JavaScript Files in Web Application Penetration Testing by SynerComm
🟧 Everyone has an ASM, but they don’t all look the same by SynerComm

Cyber Risk Analysis and Financial Business Impacts
Map cyber risks to dollars with SynerComm’s INSIGHTS

🟩 Green Track – Cyber Risk Analysis
The following sessions are featured at IT Summit for this topic. Click each to learn more.

🟩 Hunting in High Definition by Sentinel One
🟩 IoT Device Security: The High Cost of Inaction by Asimily
🟩 Uncensored LLMs are here – Is your InfoSec program prepared? by SynerComm
🟩 Ransomware Uncovered: Understanding and Countering the Threat by SynerComm
🟩 An Adversary Simulation Program: Real-World Testing for Enhanced Cybersecurity by SynerComm
🟩 Your Existing NIST or CIS Framework Compliance Evidence Can Chart Your Path Forward by SynerComm
🟩 The Tides are Changing: Modernizing IT Assurance techniques to address the “breach of the week” by SynerComm
🟩 Everyone has an ASM, but they don’t all look the same by SynerComm

Secure Artificial Intelligence
Let SynerComm’s experts amplify your team’s effectiveness with AIOps

🟥 Red Track – Secure Artificial Intelligence
The following sessions are featured at IT Summit for this topic. Click each to learn more.

🟥 Hunting in High Definition by Sentinel One
🟥 Data and AI Assets Security by Palo Alto Networks
🟥 Observability with Network Automation – the Future Now by NetBrain
🟥 Leadership Panel: How The Rise of AI Threats Is Leading to New Challenges, Technologies & Expectations by Abnormal Security
🟥 M365 Scorecard – A False Sense of Security! Who is watching the watchers? by SynerComm
🟥 Uncensored LLMs are here – Is your InfoSec program prepared? by SynerComm

Keynote Guest

Townsend Bell

Motorsports Commentator @ NBC Sports
and former INDYCAR driver

Panelists

Kevin Richards

President, Cyber Risk Solutions
@ X-Analytics

Dr. Srinidhi Varadarajan

Chief Scientist
@ Elastio

Roger Grimes

Cybersecurity Author & Data-Driven Defense Evangelist @ KnowBe4

Don’t forget to register for IT Summit today

Schedule

Wednesday
Thursday

Sept 11th, 12:15pm-7:15pm

12:15pm

Doors Open

Solution Fair
12:15pm-7:15pm
Visit SELECT and GOLD business partners who are on-site and available to share the latest in IT solutions.

2:40pm

The Many Ways Hackers Can Bypass MFA
2:40pm-3:10pm in Inspire Room
by KnowBe4
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls

Anti-Ransomware for Backups: Strategies for Business Continuity & Compliance
2:40pm-3:10pm in Clarity Room
by Elastio
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟪 Ransomware

3:20pm

💬 Thought Leadership Roundtable ¹
3:20pm-5:10pm in Harmony Room
by SynerComm
🟩🟦🟧🟥🟪 All Tracks

M365 Scorecard - A False Sense of Security! Who is watching the watchers?
3:20pm-3:50pm in Inspire Room
by SynerComm
🟧 Assessing & Validating Controls
🟥 Secure Artificial Intelligence
🟪 Ransomware

Digital Twins: What is it and why you should have it. Network and Security Infrastructure Modeling
3:20pm-3:50pm in Serenity Room
by SynerComm
🟦 Infrastructure Design & Operations

Enumerating JavaScript Files in Web Application Penetration Testing
3:20pm-3:50pm in Clarity Room
by SynerComm
🟧 Assessing & Validating Controls

4:00pm

The Tides are Changing: Modernizing IT Assurance techniques to address the "breach of the week”
4:00pm-4:30pm in Inspire Room
by SynerComm
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟪 Ransomware

Penetration Testing APIs: Essential Strategies for Security
4:00pm-4:30pm in Serenity Room
by SynerComm
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟪 Ransomware

An Adversary Simulation Program: Real-World Testing for Enhanced Cybersecurity
4:00pm-4:30pm in Clarity Room
by SynerComm
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟪 Ransomware

4:40pm

Uncensored LLMs are here - Is your InfoSec program prepared?
4:40pm-5:10pm in Inspire Room
by SynerComm
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟥 Secure Artificial Intelligence
🟪 Ransomware

Getting the most out of your PAN NGFW platform investment leveraging an assessment program that has stood the test of time
4:40pm-5:10pm in Serenity Room
by SynerComm
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟪 Ransomware

Ransomware Uncovered: Understanding and Countering the Threat
4:40pm-5:10pm in Clarity Room
by SynerComm
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟪 Ransomware

5:15pm

Food & Refreshments
5:15pm-7:15pm

¹ Space and materials are limited. Must register in advance to attend.
² Attendees may compete as a team with their company. Must bring your own computer to compete - 1 computer per team.

Sept 12th, 8:00am-4:15pm

8:00am

Doors Open

Solution Fair
8:00am-3:00pm
Visit SELECT and GOLD business partners who are on-site and available to share the latest in IT solutions.

10:25am

Observability with Network Automation - the Future Now
1:40pm-2:10pm in Serenity Room
by NetBrain
🟦 Infrastructure Design & Operations
🟥 Secure Artificial Intelligence

Leadership Panel: How The Rise of AI Threats Is Leading to New Challenges, Technologies & Expectations
10:25am-10:55am in Clarity Room
by Abnormal Security
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls

Hunting in High Definition
10:25am-10:55am in Harmony Room
by Sentinel One
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟥 Secure Artificial Intelligence
🟪 Ransomware

11:05am

The Modern Attack: Understanding the Adversary
11:05am-11:35am in Serenity Room
by CrowdStrike
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟪 Ransomware

Fortifying Digital Frontiers: A People Centric Approach to Security Risks
11:05am-11:35am in Clarity Room
by Proofpoint
🟦 Infrastructure Design & Operations
🟪 Ransomware

Comprehensive Identity Protection and Resiliency
11:05am-11:35am in Harmony Room
by Semperis
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟪 Ransomware

11:45am

Your Existing NIST or CIS Framework Compliance Evidence Can Chart Your Path Forward
11:45am-12:15pm in Serenity Room
by SynerComm
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟥 Secure Artificial Intelligence
🟪 Ransomware

M365 Scorecard - A False Sense of Security! Who is watching the watchers?
11:45am-12:15pm in Clarity Room
by SynerComm
🟧 Assessing & Validating Controls
🟥 Secure Artificial Intelligence
🟪 Ransomware

Penetration Testing APIs: Essential Strategies for Security
11:45am-12:15pm in Harmony Room
by SynerComm
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟪 Ransomware

12:15pm

Lunch
12:15pm-1:40pm

Unleashing the Power of Flipper Zero: Hands-On Pentesting Workshop
1:00pm-1:40pm in Inspire Room

1:40pm

Data and AI Assets Security
1:40pm-2:10pm in Serenity Room
by Palo Alto Networks
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟥 Secure Artificial Intelligence
🟪 Ransomware

Are Your Assets Causing an Information Security Crisis?
1:40pm-2:10pm in Clarity Room
by Axonius
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls

IoT Device Security: The High Cost of Inaction
1:40pm-2:10pm in Harmony Room
by Asimily
🟦 Infrastructure Design & Operations
🟩 Cyber Risk Analysis

2:20pm

The Tides are Changing: Modernizing IT Assurance techniques to address the "breach of the week”
2:20pm-2:50pm in Serenity Room
by SynerComm
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟪 Ransomware

Digital Twins: What is it and why you should have it. Network and Security Infrastructure Modeling
2:20pm-2:50pm in Clarity Room
by SynerComm
🟦 Infrastructure Design & Operations

Ransomware Uncovered: Understanding and Countering the Threat
2:20pm-2:50pm in Harmony Room
by SynerComm
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟪 Ransomware

3:00pm

Everyone has an ASM, but they don't all look the same
3:00pm-3:30pm in Serenity Room
by SynerComm
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis

Uncensored LLMs are here - Is your InfoSec program prepared?
3:00pm-3:30pm in Clarity Room
by SynerComm
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟥 Secure Artificial Intelligence
🟪 Ransomware

Enumerating JavaScript Files in Web Application Penetration Testing
3:00pm-3:30pm in Harmony Room
by SynerComm
🟧 Assessing & Validating Controls

3:40pm

Securing the Software Delivery Lifecycle: SynerComm's Secure SDLC Practice Area Expert Insights
3:40pm-4:10pm in Inspire Room
by SynerComm
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟪 Ransomware

Getting the most out of your PAN NGFW platform investment leveraging an assessment program that has stood the test of time
3:40pm-4:10pm in Clarity Room
by SynerComm
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟪 Ransomware

An Adversary Simulation Program: Real-World Testing for Enhanced Cybersecurity
3:40pm-4:10pm in Harmony Room
by SynerComm
🟦 Infrastructure Design & Operations
🟧 Assessing & Validating Controls
🟩 Cyber Risk Analysis
🟪 Ransomware

4:15pm

Closing Remarks
4:15pm-5:00pm in Serenity Room

🎟️ Business Partner Raffle
Must be present to win!

¹ Space and materials are limited. Must register in advance to attend.
² Attendees may compete as a team with their company. Must bring your own computer to compete - 1 computer per team.

Don’t forget to register for IT Summit today

Select Partners

Select partners are top-tier sponsors of it summit who present sessions and are on-site and available for more information in the solution fair.

Gold partners

Gold partners are sponsors of it summit who are on-site and available for more information in the solution fair.

Thought leadership roundtable

Time
Wednesday, September 12, 2024
3:20pm-5:10pm in Harmony Room

Abstract
A Tall Task – Ransomware Defense, Information Security Program Efficacy and Agility in an Unpredictable World

In this roundtable our customer panelists and attendees will discuss practical risk assessment, architectural, operational and governance trends, insights and lessons learned as we all embark on a journey to prevent, detect and recover from a ransomware attacks… while AI-enabling your organization… and meeting your business needs.  

We will discuss the role risk frameworks (NIST CSF), controls frameworks (CIS CSC) and financial modeling play in the board room and in the field. Dealing with the complexity of the Known Knowns, Known Unknowns and Unknown Unknowns threats requires a shift in leadership’s expectations of your Information Security program. To deal with the complexity there is a need to not only assess risk but also validate vulnerabilities to focus your resources on what moves the needle.  In parallel we are evolving architectural and security tools capabilities from threat-specific controls to behavioral-based visibility access your endpoints, networks and applications. What is the vision for a future minimum viable toolset and how do we get there?

Speaker
Moderators:

Mark Sollazo – President, CEO, Co-founder @ SynerComm
Kirk Hanratty – VP, Co-founder @ SynerComm

Panelists:

Kevin Richards – President, Cyber Risk Solutions @ X-Analytics

Kevin is a Cybersecurity Strategy & Risk Executive with over 30 years of experience in information security and enterprise risk management. Working with large multi-national corporations, as well as the United States Department of Defense and other U.S. Federal, State and Local agencies, Kevin provides an array of technical and pragmatic perspectives on building and protecting an organization’s critical information assets.

Currently, Kevin serves as President – Cyber Risk Solutions with Secure Systems Innovation Corporation (SSIC), a cyber risk analytics firm whose mission is to improve how businesses manage cyber risk through the power of data analytics. Kevin leads the strategic development and customer success of SSIC’s cyber risk business worldwide. Foundational within this business is the development and market growth of the X-Analytics (www.x-analytics.com), SSIC’s market leading cyber risk decisioning application.

Dr. Srinidhi Varadarajan – Chief Scientist @ Elastio

Srinidhi has more than two decades of experience architecting and building virtualization platforms, advanced networks, high-performance computing environments, scalable file systems, and storage subsystems. His illustrious career includes being Founder and CTO of Cloudistics, Founder and CTO of AppAssure (acquired by Dell), founder and CTO of Librato (acquired by SolarWinds), and the founder and chief architect of SilverDraft Supercomputing. He also served as VP and General Manager of the Data Protection business at Dell after the acquisition of AppAssure.

Srinidhi is the architect of System X supercomputer at Virginia Tech (built-in collaboration with Apple) – ranked # 3 in the world in 2003. He received the NSF Career Award for Internet-scale network modeling and was honored by MIT Technology Review as one of the top 100 (TR100) young innovators transforming technology. He was also named by HPCWire as one of the top researchers in the field of supercomputing. Srinidhi received his Doctorate in Computer Science from Stony Brook, specializing in computer networks.

Roger Grimes – Cybersecurity Author & Data-Driven Defense Evangelist @ KnowBe4

My career professional goal in life is to get more people and companies to use data and the scientific method to improve their computer security, and I do so as the Data-Driven Defense Evangelist at KnowBe4, a security awareness education company. I am a 30+-year senior computer security consultant and cybersecurity architect specializing in general computer security, identity management, PKI, Windows computer security, host security, cloud security, honeypots, APT, and defending against hackers and malware. I have also written 13 books (9 solo, 4 co-written) and over 1,100 national magazine articles on computer security. I was the weekly computer security columnist for InfoWorld/CSO magazines from 2005 to 2019. I frequently get interviewed for radio shows (including NPR’s All Things Considered), podcasts, magazines (including Newsweek) and television. If I leave this world without having made the Internet a safer place for all people to compute, I have failed.

Keynote – Day 1

Time
Wednesday, September 11, 2024
1:00pm-2:30pm in Serenity Room

Abstract
A Tall Task – Information Security Program Efficacy, Ransomware Readiness, and Agility in an Unpredictable World – Day 1

In this keynote we will discuss practical risk assessment, architectural, operational and governance trends, insights and lessons learned as we all embark on a journey to prevent, detect and recover from a ransomware attacks… while AI-enabling your organization… and meeting your business needs.

We will discuss the role risk frameworks (NIST CSF), controls frameworks (CIS CSC) and financial modeling play in the board room and in the field. Dealing with the complexity of the Known Knowns, Known Unknowns and Unknown Unknowns threats requires a shift in leadership’s expectations of your Information Security program. To deal with the complexity there is a need to not only assess risk but also validate vulnerabilities to focus your resources on what moves the needle. In parallel we are evolving architectural and security tools capabilities from threat-specific controls to behavioral-based visibility access your endpoints, networks and applications. What is the vision for a future minimum viable toolset and how do we get there?

Speaker
Moderators:

Mark Sollazo – President, CEO, Co-founder @ SynerComm
Kirk Hanratty – VP, Co-founder @ SynerComm
Marc Spindt – VP Services @ SynerComm
Brian Judd – VP Information Assurance @ SynerComm
Bill Kiley – Practice Leader of Appdev, Software Architect of CASM @ SynerComm

Keynote – Day 2

Time
Thursday, September 12, 2024
8:45am-10:15am in Serenity Room

Abstract
A Tall Task – Information Security Program Efficacy, Ransomware Readiness, and Agility in an Unpredictable World – Day 2

In this keynote we will discuss practical risk assessment, architectural, operational and governance trends, insights and lessons learned as we all embark on a journey to prevent, detect and recover from a ransomware attacks… while AI-enabling your organization… and meeting your business needs.

We will discuss the role risk frameworks (NIST CSF), controls frameworks (CIS CSC) and financial modeling play in the board room and in the field. Dealing with the complexity of the Known Knowns, Known Unknowns and Unknown Unknowns threats requires a shift in leadership’s expectations of your Information Security program. To deal with the complexity there is a need to not only assess risk but also validate vulnerabilities to focus your resources on what moves the needle. In parallel we are evolving architectural and security tools capabilities from threat-specific controls to behavioral-based visibility access your endpoints, networks and applications. What is the vision for a future minimum viable toolset and how do we get there?

Lessons in Resiliency – Preparing for and Dealing with the “Unkowns” of Racing

In this presentation Townsend Bell will share some insights and lessons that he learned from his career as a professional race car driver and NBC Sports TV commentator. Whether you are a cybersecurity professional, a business leader, or a racing enthusiast this presentation will inspire you to embrace the race car driver’s perspective and apply it to your own endeavors.

Speaker
Moderators:

Mark Sollazo – President, CEO, Co-founder @ SynerComm
Kirk Hanratty – VP, Co-founder @ SynerComm
Marc Spindt – VP Services @ SynerComm
Brian Judd – VP Information Assurance @ SynerComm
Bill Kiley – Practice Leader of Appdev, Software Architect of CASM @ SynerComm

Guest Speaker

Townsend Bell – Motorsports Commentator @ NBC Sports and former INDYCAR driver

Townsend Bell is a seasoned professional in the racing industry and a well-known media personality. He is currently a color commentator for NBC Sports TV’s coverage of INDYCAR and IMSA race series and serves as a Lexus Motorcar Brand Ambassador. His racing career spanned over two decades, competing in numerous domestic and international motorsports series.

Highlights of his career include competing in ten Indianapolis 500s, finishing 4th in 2009, and leading 12 laps in 2016 with Andretti Autosport. He also won the 12-Hours of Sebring in 2012, the 24-hours of Daytona in 2014, and the 24-Hours of Le Mans in the GT-Am class in 2016. Townsend Bell hails from San Luis Obispo, California, and currently resides there with his wife Heather and sons Jaxon and Jensen.

Lessons in resiliency – preparing for and dealing with the “unkowns” of racing

Keynote Session

Time
Thursday, September 12, 2024
9:45am-10:15am in Serenity Room

Abstract
In this presentation Townsend Bell will share some insights and lessons that he learned from his career as a professional race car driver and NBC Sports TV commentator. Whether you are a cybersecurity professional, a business leader, or a racing enthusiast this presentation will inspire you to embrace the race car driver’s perspective and apply it to your own endeavors.

Speaker

Townsend Bell – Motorsports Commentator @ NBC Sports and former INDYCAR driver

Townsend Bell is a seasoned professional in the racing industry and a well-known media personality. He is currently a color commentator for NBC Sports TV’s coverage of INDYCAR and IMSA race series and serves as a Lexus Motorcar Brand Ambassador. His racing career spanned over two decades, competing in numerous domestic and international motorsports series.

Highlights of his career include competing in ten Indianapolis 500s, finishing 4th in 2009, and leading 12 laps in 2016 with Andretti Autosport. He also won the 12-Hours of Sebring in 2012, the 24-hours of Daytona in 2014, and the 24-Hours of Le Mans in the GT-Am class in 2016. Townsend Bell hails from San Luis Obispo, California, and currently resides there with his wife Heather and sons Jaxon and Jensen.

Unleashing the power of flipper zero: hands-on pentesting workshop

Workshop

Time
Thursday, September 12, 2024
1:00pm-1:40pm in Inspire Room

Abstract
Dive into the world of pentesting with SynerComm’s exclusive hands-on workshop, featuring the versatile Flipper Zero device. Join our expert pentesters as they guide you through the initial setup and unleash the full potential of your Flipper Zero, equipped with the Flipper WiFi Dev Board. In this immersive session, you’ll explore real-world WiFi attacks, including deauthentication and capturing WPA handshakes, and master the art of capturing and cloning RFID and NFC fobs. Whether you’re a seasoned security professional or a curious newcomer, this workshop offers a unique opportunity to learn cutting-edge techniques in a collaborative, hands-on environment. Limited to 20 participants—reserve your spot and take your pentesting skills to the next level!

⭐ Please sign up in advance. Supplies are limited.

Speaker

Chad Finkenbiner – Information Assurance Consultant @ SynerComm

Chad Finkenbiner has over 15 years of experience in information technology and security. Before joining the team at SynerComm, Chad worked in the healthcare industry supporting medical imaging and voice dictation systems across the country. He also served as a Data Network Specialist in the United States Marine Corps. Chad is skilled in both audit and penetration testing from his home near Louisville, Kentucky. When he isn’t consulting, Chad serves as a professional development mentor, guest speaker, as well as an elected official on his local city council.

As an Information Assurance Consultant with SynerComm, Chad performs network penetration tests, wireless penetration tests, physical penetration tests, risk and vulnerability assessments, information security policy development, and security awareness training. Chad leverages his background to discover security flaws and effectively report and consult on their mitigation.

Hunting in high definition

by

Time
Thursday, September 12, 2024
10:25am-10:55am Harmony Room

Abstract
This session delves into the art of threat hunting, anomaly detection, forensic investigations, and more, presenting a comprehensive approach to bolstering security operations. This presentation explores the concept of amplifying security operations by harnessing the power of high-definition data analysis. One of the key strategies highlighted is the innovative concept of ”Chained Detections.” This methodology involves connecting seemingly unrelated artifacts and events to unveil hidden patterns, identify potential threats, and proactively mitigate risks before they escalate. Join us as we explore the forefront of cybersecurity operations and discover how the art of hunting in high definition, coupled with chained detections, can amplify your security operations.

Speaker

Albert Caballero – Americas Field CISO Director @ SentinelOne

Albert Caballero is a patented cybersecurity expert, technology strategist, and published author with a passion for security engineering, cloud computing, and threat intelligence. Field CISO at SentinelOne, he has acted as Global Head of Security Engineering at Warner Bros. Discovery, CISO of HBO Latin America, and BISO within both WarnerMedia and AT&T. Co-founder of Trapezoid, a cybersecurity software company focused on firmware integrity management, and a SIEM Product Manager, he has also run a large Security Operations Center (SOC) at Terremark, a Verizon Managed Services Provider. He has helped defend government agencies and corporate entities by leading incident response teams and conducting forensic investigations at scale alongside Kroll and other major security services firms.

Why hardware matters – Infrastructure enabled AIOps

by

Time
Wednesday, September 11, 2024
2:40pm-3:10pm Serenity Room

Abstract
As network hardware becomes increasingly democratized, vendors are turning to AI to differentiate their solutions. This session explores the impact of this industry realignment on everything from hardware design, network operation, and org charts. Set against the backdrop of Juniper’s own AI Ops journey, we’ll discuss how networking solution vendors are adapting to these changes, and what it means for consumers.

Speaker

Matt Free – Head of AMER Sales Specialists – AI Data Center @ Juniper Networks

23+ years of strategic sales leadership experience. Proven skills related to recruiting, building, developing and managing high performing sales teams related to software, hardware and services. Proven success in building loyal and long lasting channel relationships that cross architecture, IT/LoB boundaries. Skilled at selling to multi-segment and multi-vertical customers seeking business outcomes for their respective organizations. Trained & certified in Leading with Data & Analytics.

Matt has deep experience in Data Center networking, Compute, Storage and Cloud.

He has spent 20+ years in the DC space at companies like EMC, Nutanix, Cisco and Juniper.

The modern attack: understanding the adversary

by

Time
Thursday, September 12, 2024
11:05am-11:35am Serenity Room

Abstract
Understanding your organization’s exposure and the adversary is key to building resilience against the modern attack. Adversaries continuously evolve their tradecraft and find new, inventive ways to attack organizations around the world. However, this doesn’t mean we always have to play defense by reacting. In this session will discuss the current state of the threat landscape, adversary operations including access and post exploitation along with target environments.

Jeremy Smolik – Director, Solutions Architecture @ Crowdstrike

Jeremy Smolik leads Channel Solutions Architecture for CrowdStrike’s Alliance Partner community. He is a passionate InfoSec evangelist who is convinced that all organizations can achieve security maturity with the right combination of tools plus skills inherent to all humans.

Jeremy has worked with CrowdStrike’s channel partners in various roles for over 5 years, with a focus on enablement and development. He formerly supported National partners in a Sr. Systems Engineer role with Kaspersky Lab, as well as other leadership roles in and around the channel. Jeremy found his love for all things security with foundational network engineering and telecom experience at Polycom, Verizon, and Adtran.

A Chicago native, Jeremy is a lifetime learner who strives to pass on to his wife and two daughters a healthy obsession with DIY hobbies like gardening, backyard barbecue, and too many project cars.

Data and ai assets security

by

Time
Thursday, September 12, 2024
1:40pm-2:10pm Serenity Room

Abstract
We’ll dive into the essential strategies and tools CISOs need to protect data and AI assets. We’ll cover the latest trends, real-world challenges, and best practices in data security and AI protection. You’ll walk away with actionable insights into the evolving threat landscape, regulatory demands, and advanced defense tactics to keep your organization safe.

Comprehensive identity protection and resiliency

by

Time
Thursday, September 12, 2024
11:05am-11:35am Harmony Room

Abstract
In today’s digital world, keeping your organization’s identity systems safe and resilient is more important than ever. Join us for a practical and engaging session where we’ll share key strategies and best practices to protect your identity infrastructure. We’ll cover how to guard against identity-based attacks, ensure continuity, and build trust in your systems. Learn about proactive defense measures, effective incident response, and the role of identity governance.

Speaker

Gil Kirkpatrick – Chief Architect @ Semperis

Gil Kirkpatrick is the Chief Architect for products at Semperis. He is a long-time veteran of the commercial software industry and has focused on identity and access management (IAM) products since the early 1990s. He has been named a Microsoft MVP for Active Directory and Enterprise Mobility for each of the last 17 years, and is the author of Active Directory Programming, as well as the founder of the Directory Experts Conference. At Semperis Gil builds products to prevent, detect, and recover from cyber-attacks on enterprise hybrid identity environments. Gil speaks on cyber-security, identity, and disaster recovery topics at IT conferences around the world.

Leadership panel: how the rise of ai threats is leading to new challenges, technologies & expectations

by

Time
Thursday, September 12, 2024
10:25am-10:55am Clarity Room

Abstract
Come hear from Industry Leaders within Abnormal Security, Footlocker and In-Place Machining as they delve into a discussion around the rise of threats in AI and the challenges that businesses face as a result. Additionally, they’ll address the technologies being developed to address the threats and protect businesses from potential risks. This panel session will offer valuable insights into how AI impacts businesses and the importance of considering its implications on the corporate world

Speaker

Aaron Orchard – Sales Engineer @ Abnormal Security

Aaron Orchard is a Sales Engineer at Abnormal Security, where he shares his vast expertise in cybersecurity and threat intelligence and profound knowledge of email security to help organizations combat modern cyber threats. With a robust background collaborating with the Department of Defense and Intelligence communities, he excels in understanding and mitigating complex security risks. Beyond cybersecurity, Aaron is an avid golfer in the greater Boston area, relishing both the game’s challenge and camaraderie. He also enjoys exploring New England’s landscapes, often hiking with his wife and son, embracing a balanced lifestyle.

Iot device security: the high cost of inaction

by

Time
Thursday, September 12, 2024
1:40pm-2:10pm Harmony Room

Abstract

In today’s era of connected devices, IoT cyberattacks could be hiding in plain sight. And the cost of ignoring them is higher than ever before. Join Asimily IoT expert Peter Hancock as he discusses:

  • The staggering financial and operational impacts of IoT security breaches
  • Why traditional cybersecurity solutions fall short in the world of IoT
  • Key steps and best practices for securing your devices to strategically reduce risk

Speaker

Peter Hancock, VP IoT & IoMT Security Solutions @ Asimily

Peter Hancock has extensive experience in leadership and technology solutions from roles at Optiv Inc., ForgeRock, and Symantec. Hancock drives growth and innovation at Asimily. Peter is passionate about Asimily’s mission to protect critical IoT devices through device inventory management, vulnerability mitigation, and threat detection.

Anti-ransomware for backups: strategies for business continuity & compliance

by

Time
Wednesday, September 11, 2024
2:40pm-3:10pm Clarity Room

Abstract

Are your backups clean, uncompromised and recoverable?

In today’s digital ecosystem, ransomware attacks pose a significant threat to organizations, underscoring the urgent need for robust data protection measures. Join us for a session focused on securing your backups against ransomware to bolster cyber resilience and ensure compliance requirements such as NYDFS data protection policies.

In this session, Elastio Chief Scientist Dr. Srinidhi Varadarajan will cover:

  • The evolving landscape of ransomware threats and their impact on data security
  • Practical insights and best practices for achieving compliance with NYDFS and other data protection compliance policies
  • Real-world case studies and success stories highlighting the importance of proactive backup security measures for cyber resilience and regulatory compliance

Don’t miss this opportunity to gain actionable insights and guidance from a cybersecurity expert on safeguarding your backups against ransomware threats and ensuring alignment with regulatory data protection compliance policies, including NYDFS, DORA, and NIST CSF 2.0.

Speaker

Dr. Srinidhi Varadarajan – Chief Scientist @ Elastio

Srinidhi has more than two decades of experience architecting and building virtualization platforms, advanced networks, high-performance computing environments, scalable file systems, and storage subsystems. His illustrious career includes being Founder and CTO of Cloudistics, Founder and CTO of AppAssure (acquired by Dell), founder and CTO of Librato (acquired by SolarWinds), and the founder and chief architect of SilverDraft Supercomputing. He also served as VP and General Manager of the Data Protection business at Dell after the acquisition of AppAssure.

Srinidhi is the architect of System X supercomputer at Virginia Tech (built-in collaboration with Apple) – ranked # 3 in the world in 2003. He received the NSF Career Award for Internet-scale network modeling and was honored by MIT Technology Review as one of the top 100 (TR100) young innovators transforming technology. He was also named by HPCWire as one of the top researchers in the field of supercomputing. Srinidhi received his Doctorate in Computer Science from Stony Brook, specializing in computer networks.

Observability with network automation – the future now

by

Time
Thursday, September 12, 2024
10:25am-10:55am Serenity Room

Abstract

In today’s fast-paced IT landscape, leaders face the daunting challenge of managing complex, multi-vendor networks while contending with limited resources, frequent issues, and ever-evolving infrastructure. This session will explore how NetBrain transforms these challenges into opportunities by combining advanced network observability with powerful, no-code automation.

Discover how to leverage your team’s existing expertise and NetBrain’s observability tools to automate network troubleshooting, proactively identify and mitigate security risks, and streamline operations. We’ll also delve into emerging leadership principles in automation and AI that are reshaping the future of IT, offering new perspectives on what’s possible and how to lead your team into the next era of innovation.

Speaker

Brian Howard – Sr. Director of North America Channels @ NetBrain

Brian Howard is the Sr. Director for North America Channels at NetBrain. He has over 25 years of experience as a specialist and educator in the network, application, and security observability space. In recent years he has added network automation to his passions. He now helps customers and partners combine network observability with network automation for business outcomes they never imagined.

Fortifying digital frontiers: a people centric approach to security risks

by

Time
Thursday, September 12, 2024
11:05am-11:35am Clarity Room

Abstract
In an era where digital threats are ever-evolving, understanding the landscape of security risks is crucial. This presentation delves into the core areas of threat risk, impersonation risk, data exfiltration risk, and identity risk. We will explore effective strategies to mitigate these risks, emphasizing a human-centric security program that adapts to the complexities of modern digital operations and threat intelligence. Join us to strengthen your security posture with actionable insights.

Speaker

Davin Stilson – Sr. Sales Engineering Manager @ Proofpoint Information Protection

Davin Stilson has been in the security and regulatory compliance industries for over 20 years. Beginning with an educational background in business management and information systems, Davin’s expertise developed in technical fields with an emphasis in networking systems and network security. Hands-on design and implementation of systems provided depth of perspective on what is meaningful to most organizations: people and data. Additional experience selling industry solutions to Fortune 50 organizations all the way down to small businesses has provided additional insights into what tech leaders are thinking and how they are reacting to ever-shifting landscapes. Bridging the gap between shifting requirements and practical solutions to enable business is where Davin’s expertise are utilized. Currently, Davin is focused on partnering with critical organizational leadership to assist in selecting and implementing meaningful solutions to protect unauthorized data and communications from escaping and to assist organizations to effectively communicate without impeding productivity.

Are your assets causing an information security crisis?

by

Time
Thursday, September 12, 2024
1:40pm-2:10pm Clarity Room

Abstract

Complexity is the new norm for security. Today, more than ever before, security teams are under pressure to deliver fast, continuous, and reliable services to the business. With so many tools and an abundance of data at their fingertips, you’d think it would be easier for security and operations teams to find and fix issues that could lead to a data breach, network outages, inaccessible systems or data, and much more. But making sense out of sprawling IT ecosystems requires going back to security basics.

In this session, Adib Sarakby with Axonius, will discuss why we have to focus on our foundations – asset hygiene – as a means to meeting today’s business demands. In addition to demos, topics discussed will include:

  • “Why is network visibility so hard?” How your security team can accurately identify assets and make sense of your IT ecosystem.
  • “What’s impacting performance?” It is more than what’s communicating on your networks. How you can use the data that’s already available to you to baseline and remediate problems before they become security events.
  • “How do I create a sustainable program?” How to ensure an effective asset management program that will make you a true business enable

Speaker

Adib Sarakby – Channel Sales Engineer @ Axonius

Adib Sarakby joined Axonius as a Sr. Sales Engineer and he works closely with the Sales, Channel, and Educational teams to continually enhance Axonius’s products.
CAASM is Adib’s passion and he splits his time between showing companies how a credible comprehensive inventory with Axonius can help close those security coverage gaps while automating security policies.

The many ways hackers can bypass mfa

by

Time
Wednesday, September 11, 2024
2:40pm-3:10pm Inspire Room

Abstract

Too many people think that MFA is a perfect, unhackable solution. Hackers can send you a regular phishing email and entirely take control of your account even if you use a super-duper MFA token or smartphone app. Join us to learn the 12+ ways hackers get around your favorite MFA solution. This session will include a (pre-filmed) hacking demo and real-life successful examples of every attack type. In the end, you will learn how to better defend your MFA solution so that you get maximum benefit and security.

Speaker

Roger Grimes – Cybersecurity Author & Data-Driven Defense Evangelist @ KnowBe4

My career professional goal in life is to get more people and companies to use data and the scientific method to improve their computer security, and I do so as the Data-Driven Defense Evangelist at KnowBe4, a security awareness education company. I am a 30+-year senior computer security consultant and cybersecurity architect specializing in general computer security, identity management, PKI, Windows computer security, host security, cloud security, honeypots, APT, and defending against hackers and malware. I have also written 13 books (9 solo, 4 co-written) and over 1,100 national magazine articles on computer security. I was the weekly computer security columnist for InfoWorld/CSO magazines from 2005 to 2019. I frequently get interviewed for radio shows (including NPR’s All Things Considered), podcasts, magazines (including Newsweek) and television. If I leave this world without having made the Internet a safer place for all people to compute, I have failed.

M365 scorecard – a false sense of security! Who is watching the watchers?

by

Time
Wednesday, September 11, 2024
3:20pm-3:50pm Inspire Room

Thursday, September 12, 2024
11:45am-12:15pm Clarity Room

Abstract

What M365 Scorecard tells you, what CIS CSC tells you and what they doesn’t tell you about your security posture settings will shock you. What is going on in your MFA, Conditional Access environment and compensating controls outside the Microsoft environment?

Speaker

Aaron Howell – Managing Consultant: Multi-Cloud Architecture & Innovations @ SynerComm

Aaron has over 15 years of information technology (IT) experience, operating in the complete lifecycle of Information Technology. He works on projects, designing and implementing multiple solutions across various platforms, supports and improves operations, and drives effective transitions to new infrastructure and technology. Aaron is a “Full Stack” consultant experienced with Scripting & Development, Cloud (AWS and Azure) & Systems, and Network & Security.

Uncensored llms are here – is your infosec program prepared?

by

Time
Wednesday, September 11, 2024
4:40pm-5:10pm Inspire Room

Thursday, September 12, 2024
3:00pm-3:30pm Clarity Room

Abstract

Everyone is focused on how to secure GenAI applications for their business. But how can you prepare to understand and defend against bad actors using uncensured Large Language models to do unethical things to our organizations. In this session we will interact with a LLAMA 3 uncensored LLM and compare it to Meta’s LLAMA 3 for reference. Be prepared to be shocked with the graphic detailed, actionable code-based answers to our nefarious question.

Speaker

Aaron Howell – Managing Consultant: Multi-Cloud Architecture & Innovations @ SynerComm

Aaron has over 15 years of information technology (IT) experience, operating in the complete lifecycle of Information Technology. He works on projects, designing and implementing multiple solutions across various platforms, supports and improves operations, and drives effective transitions to new infrastructure and technology. Aaron is a “Full Stack” consultant experienced with Scripting & Development, Cloud (AWS and Azure) & Systems, and Network & Security.

Digital twins: what is it and why you should have it. Network and security infrastructure modeling

by

Time
Wednesday, September 11, 2024
3:20pm-3:50pm Serenity Room

Thursday, September 12, 2024
2:20pm-2:50pm Clarity Room

Abstract

In this session we discuss and demonstrate real-world examples and lessons learned in an EVE-NG environment from modeling with digital twins and simulating proposed infrastructure changes to validate they have the intended impact on network and security infrastructure functionality prior to executing during an outage window.

Speaker

Andy Piché – Managing Consultant @ SynerComm

Andrew Piche has over 20 years of hands-on experience working on security, networking, data center, and cloud-based solutions. Andrew is experienced working with Palo Alto, Juniper, and Cisco equipment in enterprise, service provider, and data center environments. He has delivered solutions and supported customers in Enterprise, Carrier, Commercial and Government organizations.

Andrew has developed, operated, and supported security, networking, and application delivery solutions using a variety of products from multiple vendors. He is a Palo Alto Certified Network Security Consultant (PCNSC) since 2018 and is the lead in firewall migrations, Best Practice Assessments, and training. He has developed and supported solutions ranging from implementing network security and segmentation to server/system virtualization solutions, support for application load balancing and network segmentations via the F5 solution extend Andrew’s experience beyond traditional firewall skill sets. As a Senior Information Solutions Consultant for SynerComm, Andrew has the background, experience, and customer-focus to treat each customer as though they are SynerComm’s only customer.

Getting the most out of your pan ngfw platform investment leveraging an assessment program that has stood the test of time

by

Time
Wednesday, September 11, 2024
4:40pm-5:10pm Serenity Room

Thursday, September 12, 2024
3:40pm-4:10pm Clarity Room

Abstract

We will delve into our proven assessment process for optimizing your PAN NGFW platform to identify security risks, configuration drift and make detailed platform tuning recommendations specific to your environment. This session will share real-world findings that have helped organization’s over the years fortify their enterprise’s defenses.

Speaker

Andy Piché – Managing Consultant @ SynerComm

Andrew Piche has over 20 years of hands-on experience working on security, networking, data center, and cloud-based solutions. Andrew is experienced working with Palo Alto, Juniper, and Cisco equipment in enterprise, service provider, and data center environments. He has delivered solutions and supported customers in Enterprise, Carrier, Commercial and Government organizations.

Andrew has developed, operated, and supported security, networking, and application delivery solutions using a variety of products from multiple vendors. He is a Palo Alto Certified Network Security Consultant (PCNSC) since 2018 and is the lead in firewall migrations, Best Practice Assessments, and training. He has developed and supported solutions ranging from implementing network security and segmentation to server/system virtualization solutions, support for application load balancing and network segmentations via the F5 solution extend Andrew’s experience beyond traditional firewall skill sets. As a Senior Information Solutions Consultant for SynerComm, Andrew has the background, experience, and customer-focus to treat each customer as though they are SynerComm’s only customer.

Ransomware uncovered: understanding and countering the threat

by

Time
Wednesday, September 11, 2024
4:40pm-5:10pm Clarity Room

Thursday, September 12, 2024
2:20pm-2:50pm Harmony Room

Abstract

Play, Ransomhub, BianLian, Akira, Rhysida – These are some of the most active ransomware groups that are wreaking havoc across various industries in the US andaround the world. In this discussion, we go over how exactly ransomware works, andwe will take a closer look at some of these groups and the tools and malware they are using to take down their targets. We will discuss each step of the targeted attack lifecycle starting from initial compromise to the exfiltration of data and ransomware deployment. We will also discuss how having SynerComm’s ContinuousPenetration Testing service in your corner can help you in the fight to protect your network.

Speaker

Dylan Reuter – Information Assurance Consultant @ SynerComm

Dylan has been working in IT for 7 years. Prior to joining SynerComm, he worked as a software engineer, writing efficient and scalable multi-tenant software for an ERP company in the southern tech hub of Austin, Texas. During his time as a software engineer, Dylan worked professionally with several languages and technologies such as: Python, Perl, GoLang, JavaScript, SQL, and Rust. Dylan’s responsibilities later transitioned to cyber security and penetration testing. He is currently pursuing his Offensive Security Experienced Professional (OSEP) certification.

An adversary simulation program: real-world testing for enhanced cybersecurity

by

Time
Wednesday, September 11, 2024
4:00pm-4:30pm Clarity Room

Thursday, September 12, 2024
3:40pm-4:10pm Harmony Room

Abstract

This session will cover the benefits of stress-testing against real-life attack scenarios and how to improve and validate preventive and detective controls over time.

Speaker

Kyle LeDuc- Sr. Information Assurance Consultant @ SynerComm

Kyle LeDuc has over a decade of experience in the Information Security field. Prior to working at SynerComm, he spent 4 years working at a Fortune 100 health insurance company. While there, he spent time on both blue (cyber defense) and red (cyber offense) teams. He was a member of the team tasked with establishing a 24/7 Security Operations Center (SOC) staffed with 50+ people. He also had responsibilities in creating security policies, investigation procedures, response plans, security sensor tuning, and red teaming. Kyle has also taught Information Security classes at a local university in Minnesota, where he resides.

The tides are changing: modernizing it assurance techniques to address the “Breach of the week”

by

Time
Wednesday, September 11, 2024
4:00pm-4:30pm Inspire Room

Thursday, September 12, 2024
2:20pm-2:50pm Serenity Room

Abstract

As the attack surface of everyone’s IT footprint continues to expand, the demands from the compliance world are changing and expanding along with it in a scramble to keep up. New versions of frameworks, new privacy laws, and new requirements from insurers and clients now require more than just the completion of a checklist or questionnaire related to your IT controls.

The whole process needs to, and finally is changing. During this session, Jeff Lemmermann, a senior member of the SynerComm IT Assurance team, will bring his experiences from both public accounting and IT security in an exploration of:

  1. The importance of control validation
  2. What the MOP process is
  3. Where continuous can help
  4. Applying financial audit concepts like materiality and tolerance to IT assurance

You will also learn what changes are on the horizon that affect IT assurance needs, the importance of measuring business risk, and what SynerComm recommends to produce more value in the process.

Speaker

Jeffrey Lemmermann – Sr. Information Assurance Consultant, CPA, CITP, CISA, CEH @ SynerComm

Your existing nist or cis framework compliance evidence can chart your path forward

by

Time
Thursday, September 12, 2024
11:45am-12:15pm Serenity Room

Abstract

In this session we will explore proven cyber risk assessment methodologies measured against NIST CSF risk framework and CIS CSC control framework implementation efficacy. Assessing and validating cyber risks can lead to significant efficacy and financial ROI. Additional benefits include identifying the minimum viable toolset for your environment and creating a platform for ongoing what-if scenario financial impact analysis.

Speaker

Marc Spindt – VP of Service Delivery / Strategy Consultant @ SynerComm

Marc Spindt has 30 years of Carrier, Large Enterprise, and Service Provider technical, operational, and organizational experience. Marc has worked with SynerComm for 12 years delighting customers with IT organizational improvement and actionable strategic planning. Marc has a BS in Computer Science, an MBA, and he served in the U.S. Air Force. Marc has a long history of building and maturing technology and security services and organizations in industries including Financial Services, Defense Contracting, and Healthcare.

Penetration testing apis: essential strategies for security

by

Time
Wednesday, September 11, 2024
4:00pm-4:30pm Serenity Room

Thursday, September 12, 2024
11:45am-12:15pm Harmony Room

Abstract

APIs are great for operations and security tool integration. In this session we will discuss why you need a strategy, security validation testing and standards before opening up vast amounts of data access. What you don’t know can and will hurt you.

Speaker

Ryan Zagrodnik – Sr. Information Assurance Consultant @ SynerComm

Ryan brings over seventeen years of red and blue team experience. Ryan started his career in 2007 as a System Administrator for a large health insurance corporation. Ryan earned his CISSP in 2011 and has been working in offensive security ever since. Prior to starting at SynerComm, Ryan spent three years on an internal red team for a Fortune 1000. Ryan also spent several years working in offensive and defensive security roles for the U.S. Department of Defense and Department of Education contractors.

Ryan has a broad and diverse security background with a specialization in web application testing. His multiple security roles have allowed him to pick up Network, Development, and Systems Administration capabilities. Ryan has worked with Development teams to deploy security solutions that integrate with their CICD pipelines.

Ryan also has experience deploying, customizing, and maintaining enterprise-level security tools such as Splunk, PaloAlto, CrowdStrike, FireEye, Snort, and Nessus. Ryan also has a strong background in intrusion detection and development of custom IDS rules.

Everyone has an ASM, but they don’t all look the same

by

Time
Thursday, September 12, 2024
3:00pm-3:30pm Serenity Room

Abstract

Discover CASM, SynerComm’s groundbreaking platform designed specifically for penetration testing. It’s more than continuous reconnaissance and vulnerability management; it’s a revolution in organizing assets and vulnerabilities for peak pentester performance. Intrigued? Join us to uncover the strategic advantages that Continuous Penetration Testing offers and learn why ASM is a pentester’s tool.

Speaker

Ryan Zagrodnik – Sr. Information Assurance Consultant @ SynerComm

Enumerating javascript files in web application penetration testing

by

Time
Wednesday, September 11, 2024
3:20pm-3:50pm Clarity Room

Thursday, September 12, 2024
3:00pm-3:30pm Harmony Room

Abstract

In modern web applications, JavaScript files play a crucial part in managing functionality, user permissions, and much more. This talk breaks down the tools and techniques used to enumerate JS files that travel to end user browsers for valuable and potentially exploitable information. We’ll discuss how to enumerate sensitive information, endpoints, parameters, perform response poisoning, and discuss real world case studies where exposed JavaScript lead to critical security vulnerabilities.

Speaker

Alex Philiotis – Information Assurance Consultant @ SynerComm

Alex brings 4 years of consulting experience and just shy of three years of penetration testing experience. Alex started his career working in business consulting in 2019 shortly before receiving his bachelors from Loyola University Chicago. While working, Alex began pursuing offensive and information security as a passion on the side.

After leaving the business consulting world to further pursue offensive security, Alex earned his OSCP in early 2022, followed by his OSWP and OSWA in quick succession.

In his early career, Alex has built a broad and diverse set of security skills with a focus on external penetration testing. His certifications and education have provided him with a strong background in networking and web application assessments.

Securing the software delivery lifecycle: synercomm’s secure sdlc practice area expert insights

by

Time
Thursday, September 12, 2024
3:40pm-4:10pm Inspire Room

Abstract

Join Bill Kiley, SynerComm’s Software Architect, as he unveils common security risks within the Software Delivery Lifecycle (SDL/SDLC). This presentation will dissect the intersection of people, practices, and technology, revealing SynerComm’s capabilities in identifying and mitigating these vulnerabilities. Learn how their comprehensive approach not only identifies but also addresses the security challenges faced in modern SDL environments, ensuring a fortified and resilient software development process.

Speaker

Bill Kiley – Software Architect @ SynerComm

Bill has been designing and developing web applications for 10+ years. He leads the software team at SynerComm in building the CASM® (Continuous Attack Surface Management) app and consults on software security. With a deep interest in data modeling, Bill enjoys solving problems with automation and building secure-by-design applications.

Lodging

SynerComm has partnered with the Potawatomi Hotel, which is part of the same building as the event, itself. To book your room:
SynerComm has partnered with the Potawatomi Hotel, which is part of the same building as the event, itself.
A discounted room block is available to attendees until August 23, 2024.

To book your room:

By Phone:

  1. Call 1-800-729-7244
  2. Mention the group block “SynerComm IT Summit” by August 23, 2024 to lock in a discounted rate.