West IT & Security Leaders Forum Presentations

It’s 2024 – why do you still rely on manual pen testing to validate your security posture? It’s labor-intensive, doesn’t reveal real-time vulnerabilities at scale, and typically happens only once or twice a year. This lack of automation combined with infrequent testing windows makes it impossible to have a clear and up-to-date understanding of the high-risk attack paths, vulnerabilities and misconfigurations happening inside your IT environment right now.

There’s got to be a better way. And there is. But first, it’s time to stop waiting for Red Teams to take the first step when it comes to validating an organization’s security posture. Blue Teams can take matters into their own hands. By using their own managed security controls, they can do things like create rules in their EDR and WAF to block exploitation attempts from a known vulnerability.

In this session, we’ll talk about the benefits and practical application of automatic, continuous security control testing. And how shifting the power dynamic between Blue and Red Teams can lead to a more optimized approach to security. One that can be automatically built into an existing environment and yield results such as automated testing, continuous validation and coverage at scale.

Finally, we will show real-world examples of threats vs. actual attack paths, vulnerabilities vs. controls, and practical steps to remediation.

Session highlights:

• The problem with traditional pen-testing (it’s expensive, not accurate and can no longer stand alone) and a look at common offensive testing tools.
• Overview of different approaches to continuous offensive testing and security validation (BAS, PTAAS) including advantages and limitations.
• A blueprint and best practices for Blue Teams to take control and optimize their approach to security.
• How continuous testing tools, like BAS, can help with compliance as regulations, standards and requirements become more stringent.
• Examples of real-world exploitations, attack paths and control gaps – and how to solve them.

Presented by: Brian Moran, Sr. Director of Product Marketing, Cymulate

Studies show that employees who are vigilant about cybersecurity in their personal lives tend to bring that same caution to their professional activities, resulting in fewer security breaches. In this session, we’ll focus on ways security professionals can make security more relevant to our end users and give them a greater reason for caring.

Presented by: Emily Cellar, VP of IT Security & Infrastructure, iFIT

Who loves a good audit? Well, you should! Think of them as a helpful nudge to fix what’s weak, make sure you’re playing by the rules, and get your systems running smoother than ever. You’ll see how these check-ups are less of a headache and more like a secret weapon for keeping your tech game strong and secure.

Presented by: Rob Strickland, Interim CIO, InfoVista

In a world where the pace of change equals the pace of expectation, building trust is more important than ever. As innovation speeds ahead, ensuring users feel secure and valued is paramount.

To meet the speed and agility demands of digital business, CIOs are transforming their IT departments and shifting a growing share of IT work from projects to products. At the same time, growth in business-led IT has expanded the span of employees across the enterprise who are responsible for technology initiatives.

This session will explore a cost management model and discuss how evolving IT cost management efforts to focus on value over pure cost will reduce (and even eliminate) reactive calls to cut IT costs. This session will provide a model and tactics to elevate the maturity of IT to focus on value over costs, while still meeting the business directives.

Presented by: Shawnna DelHierro, Chief Technology Officer, STG Consulting
Senior Advisor & Executive Consultant