Frontline threat intelligence, expertise and AI-powered
cloud innovation

The presenters will explore the path to recovery from UKG's weeks long system outage it took following the 2021 ransomware attack. We'll explore the long-tail impacts, what was learned and what UKG is now doing, rebuilding in the cloud.

Speakers:

Taylor Lehmann, Google Cloud

Mustapha Keppah, Google Cloud

Learn from two former global CISOs what it takes to protect and defend our healthcare systems from threats to patient safety, care delivery, new treatment development, and the global healthcare supply chain.

Speakers:

Taylor Lehmann, Google Cloud

Brian Cincera - Pfizer

This session covers the five most common tactics, techniques, and procedures (TTPs) that attackers are using to abuse hybrid and cloud environments. It will also provide front-lines experience and actionable recommendations on securing cloud-based systems, workloads, and environments.

Speakers:

Will Silverstone, Mandiant, Google Cloud

Omar ElAhdan, Mandiant, Google Cloud

Speakers:

Natalia Semenova - Google Canada

North Korea’s cyber crime continues to accelerate its development of nuclear weapons, but threat groups - particularly APT43 - are constantly finding new ways to reduce North Korea’s fiscal strain and increase the DPRK’s intel gathering operations.

Speakers:

Michael Barnhart, Mandiant

Jenny Town, Stimson Center

This panel will explain why storytelling matters in CTI and offer actionable advice to help those in the industry to leverage the power of narrative. We will hear from experts in the field on how they use storytelling to communicate CTI across multiple contexts.

Speakers:

Jamie Collier, Mandiant, Google Cloud

Winonna DeSombre, Atlantic Council / Harvard Belfer Center

Andy Greenberg, Wired

Michael Raggi, Proofpoint

Andrew Kopcienski, Mandiant, Google Cloud

This session explores cognitive biases in AI cyber threat analysis, their origins, and their effects on threat detection. It presents a framework to mitigate these biases, combining machine learning techniques, diverse data collection, and enhancing algorithmic transparency.

Speakers:

Thom Kenney, Google

Speakers:

Vicente Diaz - Virus Total, Google Cloud

The goal of the session is to provide a journey and roadmap as to how the concept of “Authentication” has evolved over the years – with alignment to the core components of building a modern and resilient authentication strategy.

Speakers:

Matthew McWhirt, Mandiant

Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our organizations, how do we make sure our D&R is done "the cloud way"? How should a SOC born before cloud deal with cloud?

Speakers:

Anton Chuvakin, Google

For years we have been told that Artificial Intelligence will greatly benefit Security Operations. It appears that recent developments in AI will finally drive this reality. Are security practitioners ready to embrace AI? What should the practitioner know before starting the inevitable journey?

Speakers:

Mike Epplin, Google

Innovation in cyber security defense learned from in the trench work. How hard lessons have driven unexpected innovations in teams defending the largest healthcare networks in the world.

Speakers:

Taylor Lehmann, Google

TJ Bean, HCA Healthcare

Lisa Ackerman, GSK

Mike Leven, 3M

To withstand the risks of cyber attacks, organizations have to design a pragmatic and holistic cyber resilience strategy. This presentation discusses how to design a cyber strategy to insure organizations take an intelligence led approach to ensuring organizations are focusing on what matters.

Speakers:

Sylvain Hirsch, Mandiant

Ryan Malfara, Mandiant

Cyber security is important to security professionals but too often there is a gap between security professionals and “the business.” This talk will give tips on how to discuss security risks with executives and enable the business to make informed decisions on security risks.

Speakers:

Lyle Sudin, Mandiant

Tim Ramsay, Mandiant

This session aims to navigate the evolution from traditional cybersecurity practices towards a proactive approach, focusing on Insider Risk Management (IRM) and Artificial Intelligence (AI) and the Zero-Trust framework.

Speakers:

Shawn Thompson, Mandiant

UNC53 is a China based actor tracked since 2014. The presentation details a recent campaign observed in frontline data, where UNC53 utilized infected USBs to deliver SOGU malware to infect victims in unexpected locations. We’ll dive into the TTPs, malware, and techniques to detect this activity.

Speakers

Raymond Leong, Google

Brendan McKeague, Google

Mandiant has been tracking a Chinese Espionage group dubbed UNC3886 across multiple cases since early 2022. This session covers the full lifecycle observed in across multiple cases while highlighting EDR evasion and multiple 0-day vulnerabilities across products to conduct operations.

Speakers

Alexander Marvi, Mandiant

Brad Slaybaugh, Mandiant

A bank was suffering from repeated incidents where criminals were somehow successfully withdrawing cash from ATMs using fake bank cards. This presentation covers how they achieved this operation through a cyber attack, and how Mandiant investigated the incident.

Speakers

Takahiro Sugiyama, Google