Midwest IT & Security Leaders Forum 2023

The world now depends on the digital economy. IT is central to the organization’s successful response and there are four pillars of strength required: re-coding the institutional DNA, treating security as survival, responding to the new relationship with work, and reducing the bureaucratic burden.

Presented by: Info-Tech Research Group

Aggressive attacks on Enterprise computer networks are continuing with increased frequency and threatening economic and national security. Actions like vulnerability reduction and passive defenses on their own simply are not cutting it and there needs to be a functional shift in the way we mitigate this substantial threat. Companies can seek to protect their most sensitive data by implementing an environment of actionable intelligence and detection to bring the fight to the adversaries and ensure a proactive approach to securing data. This session will discuss best practices in managing the constant evolution in the security environment.

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Imagine a World Cup qualifying team that made it to the first match but had failed to prepare for its opponents. Stepping out on the pitch, the opposing team would run circles around them. This is the story in cybersecurity today. The impact of a lack of continuous security control validation is that security programs fail and breaches occur constantly. Only by testing controls against known threats can teams generate the data they need to understand performance, tune-up, and improve effectiveness.

In this talk, we will cover how the research team discovered that EDR controls in AttackIQ’s customer environments only stopped top adversary techniques 39 percent of the time, and outline recommendations for how to improve cybersecurity program performance at scale.

In their analysis, the AttackIQ Adversary Research Team selected real-world adversary techniques from MITRE ATT&CK under the following criteria, including: (1) they needed to be common techniques (not edge cases); (2) they needed to have had pronounced historical impacts, including in recent Russian operations in Ukraine; and (3) most importantly, the EDR solution providers needed to consistently block these key techniques in AttackIQ’s lab environment. The goal in selecting these techniques was to find a sweet spot for realistic and popular techniques that could be prevented by recommended security configurations but are not currently being prevented most of the time in customer environments.

Attendees will leave the talk with a deeper understanding of why advanced cyberdefenses fail against threats and how organizations can use automated testing and the MITRE ATT&CK framework to improve their overall security program performance.

Presented by: AttackIQ

Learn how to harness decentralized technologies to transform your business. Understand how IoT & Blockchain work together to ensure security, and transactional integrity, while reducing total cost of operations to near zero. During this session, you’ll engage in the process of building a Decentralized Autonomous Organization- brining the pieces together to provide a foundation to understand opportunities & risks as your organization drives to Next-Gen business.

Security programs have undergone major changes in recent years, to adapt to the changes that Agile development, DevOps pipelines, and faster deployments bring. New DevSecOps programs and models have resulted in a significant security ownership shift to the development teams. But in order for development teams to truly take responsibility for security, they need to embrace and adopt the new security practices. This is no easy feat! It introduces many organizational, process, and tooling challenges. In this session, we will discuss how others have successfully achieved this, and talk about tips and best practices on how you can improve the developer adoption of your security needs, as well as common pitfalls or problems to avoid.

Presented by: Snyk

The software-defined data center (SDDC) is a concept in which all data center infrastructure is virtualized and delivered as a service. Control is fully automated through software, allowing hardware configuration to be maintained through automated policies. SDDC advances virtualization and cloud computing by supporting both legacy enterprise applications and new cloud computing services. It thus provides a solid base for using public, private, and hybrid clouds. By abstracting applications from hardware, SDDC allows apps to run anywhere and even move from place to place. It also allows for greater automation within a data center and faster, simple orchestration across centers.

It is no secret that technology is changing the fabric of business operations and outcomes, and collaboration between IT and the business is more important than ever before. The conversation is no longer about how to align IT with the business, however in many cases technology is still viewed as a commodity rather than an enabler. So what can we do to successfully change this mindset both within our own organizations and across the industry as a whole? During this session, we will discuss the various challenges IT and digital leaders face when undergoing this cultural shift.

Open seating, Buffet-style lunch. Serving food for all tastes, pallets, and preferences. Vegan, vegetarian, and halal options available

 Check back for updates on this session.

Presented by: CrowdStrike

Today, the primary CEO priority is growth, with technology as a key enabler. However, vendor policies pose major roadblocks to innovation, growth, and competitive advantage by forcing you to spend limited budget, resources, and time on projects that may not drive your business. ​Learn how you can take control of your IT roadmap by choosing a Business-Driven Roadmap designed around your business objectives and not the vendor’s. Leverage vendor software, but do it on your terms, on your timetable, and with the flexibility, funding, and freedom to focus on initiatives that support growth and competitive advantage.

Your security team manages risks that affect business units and functions across your entire organization. Security is threaded through every aspect of your business, and your decisions have never mattered more. On a daily basis, you make decisions that affect day-to-day operations, data and system security, executive-level strategy and direction and quite possibly, the future success of your organization. Security leaders straddle the lines of executive, strategic, and tactical decision making, and must be experts at navigating all three of these levels. We’re wearing many hats, often switching between them from meeting to meeting, and it’s imperative that we can effectively communicate and drive decisions that improve and mature our security efforts across the board.

This session will explore ways to enhance engagement with technical teams, business units and executives alike, while still maturing your security program to be more efficient and effective at managing and mitigating risk.

Concepts and topics covered will include:

• The 3 levels of decision making you must navigate on a daily basis and how they impact the rest of the organization
• Applying meaningful metrics to demonstrate value to executives and mature program operations for optimal effectiveness
• Finding program gaps where remediation efforts or SLA compliance is lagging, and taking steps to help affected teams improve and succeed
• How Tenable helps to improve operational efficiency, address threats and vulnerabilities faster, and demonstrate tangible business value at all levels of the organization

Presented by: Tenable

Enterprises have hordes of data and many opportunities to integrate other data sources. But readying data for AI experimentation is expensive and requires an iterative approach.

This session will focus on finding the best opportunities to experiment with AI and on applying agile practices in machine learning initiatives.

 Check back for updates on this session.

Presented by: Tanium

This session will focus on using business platforms to discover, capture, test, and execute automation across the enterprise by delivering improved business outcomes for companies in 2023. Under the promise of becoming hyper-automated, the workforce becomes more creative and productive while providing a more cost-effective solution through automation tasks. Technologies such as Machine Learning, next-generation RPA tools, Low Code/No Code Platforms, and Intelligent Document Processing aim to improve efficiency and enable focus on higher value tasks, but how do you measure the resources invested creating a robust automation strategy vs the recognized ROI achieved from these tools?

Circle back with your Peers on the content so far while grabbing a coffee and a snack

The definition of work-life balance has changed, and the nature of work has changed. Life, family, and work are all integrated, we need software solutions that allow us the flexibility to live our lives and attract a diverse talent. Solutions that improve experience locally while allowing us to operate globally removing the friction, increasing productivity improving employee experience and in turn positively impacting the customer experience. Focused on retention and customer satisfaction.

Presented by: RingCentral

In most markets, there is an abundance of open IT jobs with fewer people able to fill them – and the positions are getting more expensive. Working remotely is the norm, but not optimal (usually). There is less off-shoring and more resources are focused locally or within the same hemisphere.

Additionally, we are still not recruiting enough women and minorities into the rank and file, especially senior IT roles, and we’re losing talent to major tech hubs.

Join us at the roundtable with your peers as we dive into solutions to tackle the following challenges:

• How do you scale staff/team without losing them to major tech hubs?
• How do you create more diversity – not only among race and gender – but diversity of thought Old vs New Thinking?
• How do we mentor universities to implement actionable steps for supplying more IT talent?

Threat actors, Red-Teams, and Ransomware have been abusing Active Directory for years. In fact, attackers have compromised or leveraged AD in 100% of the successful ransomware attacks over the last 3 years.

This discussion will discuss new technologies to help you visualize the risk in your AD and add a layer of security around this very important part of enterprise infrastructure.

Everyone’s journey to being data-driven is unique. It’s like making an apple pie. It’s easy to get the ingredients, but you need to know how to put together the right recipe for a great apple pie.

In this interactive discussion, I will share insights and lessons learned in leading data modernization initiatives and in sharing the journey with customers. Data literacy, culture, governance, quality, technology stack modernization, and architecture are all ingredients in driving towards the right data-driven recipe. The discussion will include tips and tricks for reducing friction points and how to build the right recipe for your organization.

The result of digital transformation: It’s easier to do business with your customers and partners. But with new architectures, web apps and APIs now deployed from on-prem servers to the cloud, it is harder than ever to get a holistic view of all of these potentially vulnerable assets – never mind defend them.

What are your biggest challenges today in defending these diverse assets? What are the known gaps in your current defenses? What are you seeking in the future to defend your apps and APIs?

Topics covered will include:

• How are adversaries preying upon unprotected web apps and APIs?
• How are traditional web application firewalls deployed, and what are they missing?
• What does the future look like with unified web app and API security solutions?

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Highly distributed increasingly complex IT environments are forcing a new wave of network evolution. Traditional network infrastructures were not designed for data growth, connected devices, and edge computing. The time has come for a new approach.

• Automate. Streamline the transition from operations to outcomes, so you can improve your network and the experience of the people it connects.
• Connect. Unify remote, branch, campus and data center connectivity by converging the management of wired, wireless, and WAN networking on a unified cloud-native platform.
• Protect. In a highly distributed environment, the network has become a valuable source of information to help identify and prevent or limit the impact of cyberattacks

You’ve just stepped into your new IT leadership role. Your first 90 days in a new IT leadership role should be focused on learning. Investing this time will help you understand the current state, appreciate the culture and inform your strategy. Prioritize these steps to kickstart improvement:

• Understand your job. Learn the organization and industry you are in
• Define and revise measurements for success
• Articulate your vision and strategy
• Organize people for success
• Build culture
• Revise processes for success & delivery, and suitable for the environment and the times
• Upgrade technologies