Title
Location
Time
Presenter/Panalists
Abstract
Breakfast
Hilton Aventura Ballroom
8:00am – 8:40am
Welcome
Hilton Aventura Ballroom
8:45am – 9:00am
ICS Miami Team, Armando Seay and Cynthia Camacho
Welcome by CISA Executive Assistant Director
Hilton Aventura Miami
9:00am – 9:30am
Eric Goldstein
Embedded Threats to ICS Systems
Hilton Ballroom 1
9:30am – 10:00am
Tom Pace, Co-founder and CEO of NetRise
Cybersecurity Threats to firmware, accelerating SBOM and critical infrastructure. Tom Pace will provide his experience on the rise of embedded threats to ICS systems. It is the little known or addressed threat to major critical infrastructure and the quiet but persistent evolving capability of nation state actors seeking to implant disruptive threats to U.S. corporate and government mission critical infrastructure.
NetRise has solutions for one of the important but often ignored risk to all manner of cyber hardware, business networks and critical infrastructure.
Presentation by Armis Healthcare CTO
Hilton Ballroom 1
10:15am – 10:45am
Mohammad (Moh) Waquas
Armis
AI in Cybersecurity: The Double-Edged Sword of Innovation
Hilton Ballroom 1
10:50am – 11:50am
Chris Grove, Director, Cybersecurity Strategy at Nozomi Networks
This talk discusses how AI can be used and misused within cybersecurity for critical infrastructures. Searching for more efficient ways to operate, AI is a natural fit. While AI offers promising avenues for operational efficiency, it simultaneously introduces its own set of risks. How we harness AI is a pivotal factor between success and failure. As our technological landscape expands and evolves, so does the unique set of challenges. Addressing these requires expertise from multiple domains. Organizations running our critical infrastructure navigate an era marked by stringent standards, evolving regulations, and the constant quest for efficiency, pinpointing where to channel our limited resources becomes a top strategic item for today’s lean and agile operations. Ensuring the cybersecurity ecosystem operates as a whole ensures critical organizations are well equipped to handle these challenges.
Presentation by Broward County Government Ft. Lauderdale Airport
Hilton Ballroom 2
10:50am – 11:50pm
Karen MacDougall, IT Specialist for Ft. Lauderdale Airport
Collaborative culture and partnering for risk assessments and observations on the Federal Aviation Administration’s, and other regulations mandates for increased cyber resilience and compliance.
Gray zones attacks and tactics -Against Critical Infrastructure
Hilton Ballroom 3
10:50am – 11:50am
Shawn Whiteside, President Blue Team Alpha
Gray zones attacks and tactics.
Talking through the ways Gray zone attacks are carried out against critical infrastructure.
- Cyber Attack
- Disinformation
- Economic coercion
Lunch and Presentation by Space Forge
Hilton Ballroom 1 and Lobby
11:50pm – 1:00pm
Andrew Parlock, Managing Director Space Forge U.S.
With
Timothy O’Neil, Principal Cyber Threat Intelligence Analyst
MITRE and Former Senior Enlisted Leader US Cyber Command.
From superalloys to pharmaceuticals to next-generation computing. On orbit production and research can deliver results not found anywhere else on earth.
Off Planet manufacturing is here and the cybersecurity and resilience needed to keep to leverage this capability is essential!
Booz Allen Hamilton
Hilton Ballroom
1:00pm – 1:45pm
David Forbes, Director, Cyber Physical Defense at Booz Allen
Leveraging a Cybersecurity Test Environment to increase OT Cybersecurity Readiness
Cybersecurity Strategies What Bad Actors Don’t Want You to Know… ICS Threats and Hacking Demonstrations
Hilton Ballroom
1:50pm – 2:30pm
John Vecchi, CMO Phosphorus
We all depend on industrial infrastructure: power and water as well as products from manufacturing, oil and gas, and mining companies. In 2022 and 2023 the cyberthreats in operational technology – OT – environments have escalated significantly, and it is essential that we examine the cybersecurity strategy for the overall industrial ecosystem to ensure it is keeping pace with the adversaries. Hear about a unique development in malware targeting OT, substantial increases in ransomware groups targeting OT, supply chain risks in the OT environment, and more importantly: what we can – and should – do about it.
It’s Happening Now: Trends to Factor into Industrial Cybersecurity Strategies
Hilton Ballroom 1
2:35pm – 3:15pm
Dawn Cappelli, Director OT CERT, Dragos Corporation
Dawn brings to the conference her deep OT expertise and cybersecurity as Dragos has been at the forefront of major critical infrastructure incident resolutions. The Hanover Maryland based company is a global resource for ICS threat intelligence and expertise.
Protect this House – Building Cybersecurity Panel and an Introduction to MOSAICS 2.0
Hilton Ballroom 2
2:35pm – 3:15pm
Ken Kurz, CIO and CISO, Corporate Office Properties Trust (COPT)
Daryl Haegley, GICSP OCP Technical Director, DAF Control Systems Cyber Resiliency
Moderator: Armando Seay, Creator of The Hack the Building Cybersecurity Conference and Exercise.
Ignore, a buildings cybersecurity risks, and not much in the way of cybersecurity tools, systems and related technologies inside the building will matter.
Ken Kruz is responsible for the cybersecurity of billions in real estate and information systems assets The corporate campuses his firm is responsible for house a wide of array of companies that are essential to national security.
Daryl Haegley is a recognized expert who over the years has advocated for increased awareness of the ICS cybersecurity across a wide array of threat vectors.
Our Nations critical infrastructure is at risk. Cyber threats to Industrial Control Systems (ICS) are expanding across various sectors. Additional Government investment is needed to cross the “valley of death”.
Leverage the solid work from the capability demonstration (JCTD).
Operational Defense of OT with near real time mitigation(s) are needed for critical sites
“…MOSAICS addresses the increasing serious threats to the critical infrastructures upon which we depend to accomplish our Defense critical missions. I can’t say enough good things about the MOSAICS team……. They have assembled a dream team of DoD and industry partners and they are effectively demonstrating the military utility of the integration of sufficiently mature technologies…”
Introduction to MITRE ATT&CK for ICS Presentation
Hilton Ballroom 3
2:35pm – 3:15pm
Jake Steele, ICS Lead for MITRE
MITRE ATT&CK® ICS is a comprehensive framework for identifying, assessing, and mitigating professional (e.g., state-sponsored) cyberattacks on industrial networks. Cyberattacks are rarely as simple structured as they are often portrayed in the media. This is a great presentation for aspiring cybersecurity pprofessionals interested in industrial control cybersecurity.
The SEC cyber regulations: what non-legal cyber practitioners need to know.
Resilience
Hilton Ballroom 1
3:20pm – 3:50pm
Davis Hake, C-founder Resilience
Moderator: Diane Janosek, Executive Director Capitol Technology University and former Deputy Chief of Compliance, National Security Agency,
The new SEC regulations are taking over corporate board room discussions. What is the impact to our nation’s critical infrastructure asset owners and their supply chains that put large SEC regulated corporations potentially at risk as well. What do corporations large and small need to avoid liability.
A fireside chat with MasterCard Director of Cybersecurity Advisory & Products
Hilton Ballroom 1
3:55pm – 4:30pm
Fernando Leitao, Director of Cybersecurity Advisory & Products Mastercard Data & Services
Moderator: JC Vega
Data driven CRQ – Cyber Risk Quantification can help identify and quantify cyber risks, which security gaps represent the greatest risk to the business, communicate the financial risk of cyber, and prioritize where to invest to get the best returns.
The Fight for Truth: Malign Use of AI in Disinformation and Cybercrime
Hilton Ballroom 2
3:55pm – 4:30pm
Charity Wright, Recorded Future – Threat Intelligence Consultant | Researcher
The rise of AI powered malware, disinformation and cyber-attacks is here! Is hour organization ready? Do you know the threat actors, their playbooks and what they are chattering about as the plot their next series of campaigns against U.S. corporations and the government. Acting as a cyber-criminal gang or as proxies for nation states. It is a growing and active clear and present danger that our nation is racing to counter. Recorded Future has been at the forefront in the DoD and Intelligence Community helping to get out in front of the threat and find the needles in the haystack.
The CISO Panel
Hilton Ballroom
4:35pm – 5:05pm
Merritt Baer, CISO Lacework
Dirk Goehring, Director Cybersecurity Crowley
Madison Horn, CEO Critical Fault
Moderator, JC Vega
A cybersecurity industry cross sector discussion with several of our C-suite executives on their priorities, challenges and what is on the horizon for securing their enterprises in 2024.
This panel deliver a broad spectrum of real-world sage experience from a variety of organizations, such as Lacework, a company that secures a world full of clouds, with Automated Security & Compliance for Multi-cloud Environments, Workloads, Containers & K8s.
Madison Horn of Critical Fault and her expertise Madison Horn has over 15 years of experience in cybersecurity, defending American interests against foreign adversaries, nation-states, and terrorist organizations. She began her cybersecurity career at the startup, Fusion X, before moving to Accenture, where she played a lead role in building out their Global Cyber Defense practices, including incident response, hacking, threat intelligence, and threat hunting offerings. These experiences gave her the ability to pursue roles to build out PricewaterhouseCoopers Cloud Security Practice and to be a part of the founding team of Siemens Energy Global Security practice, building cybersecurity capabilities and services for energy companies around the globe.
MasterCard and the deep expertise of Brian Hansen in cybersecurity for IT and the physical assets.
Dirk Goehring who is part of the cybersecurity team at Crowley. The organization is responsible for billions in diverse assets and critical infrastructure.
MITRE Caldera for OT Presentation
Hilton Ballroom 2
4:35pm – 5:05pm
MITRE Caldera Team led by Misha Belisle, MITRE Deterrence Technologies
McLean, Va. & Bedford, Mass., September 5, 2023 —
MITRE Caldera™ for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT).
The first Caldera for OT extensions were developed in partnership between the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) to increase the resiliency of critical infrastructure. Adversary emulation has long helped defenders of information systems exercise and improve their cyber defenses by using real adversary techniques. As an open-source, scalable adversary emulation platform with MITRE ATT&CK® as its backbone, Caldera helps cyber defenders save time, money, and energy by automating adversary emulation operations, security assessments, and red-, blue-, and purple-teaming. With the release of Caldera for OT, defenders of industrial control systems now have the same benefit. Caldera for OT also enables Factory and Security Acceptance Testing (FAT/SAT), where a reliable and consistent testing process is critical to ensure an accurate and repeatable assessment.
“Protecting our nation’s critical infrastructure is essential. With Caldera for OT, we are pleased to partner with CISA to help defenders of operational technology exercise and improve the defenses of these critical systems,” said Yosry Barsoum, vice president and director, Center for Securing the Homeland at MITRE.
This work emerged from CISA and HSSEDI’s collaboration to automate adversary emulation simulations in CISA’s Control Environment Laboratory Resource (CELR), a simulated environment for research on operational technology.
The Healthcare Cybersecurity Panel
Hilton Ballroom 3
4:35pm – 5:05pm
Dr. Michael Mylrea, Distinguished Fellow, Industrial Cybersecurity, University of Miami, Institute of Data Science and Computing; Founder, Cyber Team 7 (Panel Moderator)
Bill Reid, Security Advisor, Office of the CISO, Google Cloud
Mohammad (Moh) Waqas, CTO, Healthcare, Armis
Omar Sangurima, Sloan Kettering Memorial Institute
Hospitals, healthcare and life sciences infrastructure is under attack. Malware targeting these systems has become Killware. Recent research highlights -60% of cybersecurity incidents impact patient care -Average medical devices have six or more security vulnerabilities -Healthcare saw a 700% jump in distributed denial of service (DDoS) attacks in the first half of 2023 -Healthcare sector is the most heavily targeted industry for ransomware attacks, accounting for 30% of reported incidents. To respond to these challenges, our expert panel is going to discuss related opportunities as the challenges, and efforts they are leading to improve security and privacy in critical healthcare networks and systems.
Dinner and Networking event – pre-paid and by invitation Only
The Canopied Patio at Casa D’ Angelo in case of inclement weather indoors.
2906 NE 207th Street, Aventura Florida 33180
6:45pm – 10:00pm
A gathering of invited special C-suite guests and pre-paid attendees for cocktails, dinner and entertainment on the Terrace of the Onyx Tower Office Complex. Located less than 5 minutes from the Aventura Hilton, around the corner from the Hilton Serena Hotel and across the street from Gulf Stream Park and Casino.
Day 2 – Nov 3, 2023
Title
Location
Time
Presenter/Panalists
Abstract
Breakfast
Onyx Tower Terrace and 14th Floor
8:00am – 8:45am
See, protect, and manage the entire attack surface in OT environments.
Onyx Tower Terrace level
9:00am – 9:30am
Juan Carlos Buenano, Chief Technology Officer, Operational Technology (OT) for ARMIS
The threat landscape in the world of cybersecurity is constantly evolving, making it increasingly challenging for organizations and individuals to protect their assets and data.
A fireside with Former National Security Agency General Counsel
Onyx Tower Terrace level
9:35am -10:15am
The rising – Nation State Threats to the U.S. & his thoughts on the National Security Strategy
The ICS and Cybersecurity Education and Workforce Panel
Onyx Tower Terrace Level
9:35am – 10:15am
Dr. Diana Burley, Cybersecurity Expert, Vice Provost Research and Innovation, American University.
Diane Janosek, PhD, National Security Agency Deputy Chief for Compliance, and former Commandant NSA Cryptologic Schools.
Kendra Parlock, Vice President of Partnership Development NPower Baltimore.
Terri-Ann Brown, Director Miami Tech Works
Moderator: Armando Seay, Co-founder the GBC Academy, Cybersecurity investor and entrepreneur. Former Co-founder/board member and CISO, RTGX, Dovestech LLC, MISI DreamPort and MindScape.
Facing the challenge and changing how the pipeline for cybersecurity skills are developed to close the gap.
A recent informal analysis by The GBC Academy again points to gaps and a narrow approach to cybersecurity education and training that leaves out ICS, space, cyber policy and other skills beyond the well-known traditional academic curriculums and available training. A recent cyber skills competition for ICS resulted in not a single academic or government participant being able to defend or analyze OT and IoT threats.
Certificate programs, the Centers of Academic Excellence in Cybersecurity, Cybersecurity workforce grants, are amazing contributors to the cyber workforce pipeline. But all of this and more and we still have a gap in the cybersecurity workforce in terms of numbers and qualifications.
What is the cure and what are the new methods we need to ensure that our nation breaks down the barriers to careers in cybersecurity?
The Maritime Cybersecurity Expert Panel
Onyx Tower 12th floor Break out room A
10:20am – 11:00am
Sean Plankey, Class Zero 3 C.
Nicholas Parham, JD, US Coast Guard, Marine Transportation System Regulations Policy and Strategy
Erica Long, Cybersecurity Partnerships at US Coast Guard
Facing the challenge and changing how the pipeline for cybersecurity skills are developed to close the gap. A recent informal analysis by The GBC Academy again points to gaps and a narrow approach to cybersecurity education and training that leaves out ICS, space, cyber policy and other skills beyond the well-known traditional academic curriculums and available training. A recent cyber skills competition for ICS resulted in not a single academic or government participant being able to defend or analyze OT and IoT threats. Certificate programs, the Centers of Academic Excellence in Cybersecurity, Cybersecurity workforce grants, are amazing contributors to the cyber workforce pipeline. But all of this and more and we still have a gap in the cybersecurity workforce in terms of numbers and qualifications. What is the cure and what are the new methods we need to ensure that our nation breaks down the barriers to careers in cybersecurity?
The Ransomware Hunting Team
Onyx Tower Terrace Level
11:10am – 11:50am
Award winning author and technology reporter for ProPublica,
Renee Dudley.
The paperback version will be available at the conference.
Scattered across the world, an elite team of code crackers is working tirelessly to thwart the defining cyber scourge of our time.
You’ve probably never heard of them. But if you work for a school, a business, a hospital, or a municipal government, or simply cherish your digital data, you may be painfully familiar with the team’s sworn enemy: ransomware. Again and again, an unlikely band of misfits, mostly self-taught and often struggling to make ends meet, have outwitted the underworld of hackers who lock computer networks and demand huge payments in return for the keys.
The CMMC and Manufacturing Cybersecurity panel, stories from the frontlines of helping manufacturers with compliance and while defending against active cybersecurity threats
Onyx Tower 12th Floor A
11:10am – 11:50am
Ross Seay, CEO Maverc LLC, Cyber Advisor, CISO, CMMC Expert, CMMC RP, CISM
Fernando Machado, CISSP, CISM, CISA, CEH and Managing Principal/CISO @ Cybersec Investments | Authorized C3PAO
Regan Edens, Founder, Chief Technology, Security, and Compliance, DTC Global
Jacob Hill
Moderator: Armando Seay, ISC (2) CC, Cyber Insurance Certified, Cybersecurity Executive (co-founder RTGX (exited) and DreamPort Cyber Innovation Center Co-founder (2018-2022), CISO, Senior Cyber Advisor, Inventor OT and CMMC Compliance threat sensor network for manufacturers.
This panel will deal with ransomware attacks and the mitigation and pre-attack and recovery recommendations for any business with a special focus o manufacturers using anonymized cases members of the panel have helped on.
For suppliers to Department of Defense, large defense contractors or the civilian sector. An expert discussion on the CMMC, the DoD updates, tips on how to prepare to comply and also the Cybersecurity and Infrastructure Security Agency (CISA) policy.
Lunch presentation on Workforce Initiatives for the next generation needs of the nation’s space programs
Onyx Tower Terrace Level and Waterfall patio.
11:50am – 1:10pm
Mark Jaster, Founder & CEO – FOUR18 Intelligence Corp. | Innovation Strategist | Cybersecurity | Life Sciences.
Armando Seay, Founder the GBC Academy (cyber workforce development and internships)
Onyx Tower 12th Floor A
1:15pm – 1:50pm
Author, and CMMC expert Fernando Machado will provide considerable experience and tips for companies large and small seeking to comply with the Department of Defense Cyber Security Maturity Model Certification.
For two government administrations, the CMMC has been the talk of the nation. How to comply, when to comply, who should comply the cost of compliance, supplier risk surveys, false claim act litigation fears, and again the cost!
Fernando has the latest updates and tips. This is a great session for MEPs, South Florida Defense Contractors and any business needing interested in cyber resilience and compliance.
Let’s face it, there is no escaping compliance as our nation steps up its regulatory measures to protect the critical businesses and supply chain and a world replete with cybersecurity threats.
Reserved TBD
Onyx Tower 12th Floor B
1:15pm – 1:50pm
Global Maritime Cybersecurity with a discussion on the SEC Cyber Regulations impact
Onyx Tower Terrace Level
1:30pm – 2:00pm
Gatha Sadhir, Global Chief Information Security Officer
Cyber Insurance and its impact on the Cybersecurity Industry, facts and myths
Onyx Tower Terrace Level
2:05pm – 2:30pm
Davis Hake, Co-founder of Resilience, Davis has launched strategic initiatives across the U.S. national security community and private sector. Before co-founding Resilience, Davis ran cybersecurity strategy for Palo Alto Networks, served on the National Security Council, and was a lead author of cybersecurity legislation in the U.S. Congress.
Over the last two years, the Resilience model has proven that by building a holistic approach to managing this risk, organizational security is increased dramatically. 100% of Resilience cyber risk solution clients impacted by ransomware were able to avoid paying an extortion in 2022.
The Artificial Intelligence and Critical Infrastructure
Onyx Tower Terrace Level
2:35pm – 3:05pm
X. Eyee, AI futurist and Expert Dr. Michael Mylrea, AI Expert and Distinguished Scientist
X. Eyee was part of the Google Responsible AI organization, a Blockchain Ambassador at Microsoft, where she worked with Fortune 500 companies.
Day 1 – Nov 2, 2023
