Agenda

April 9, 2024
Workshop
1:00 pm - 5:00 pm

OSINT Workshop at RH-ISAC Summit

Join fellow SOC analysts, engineers, and tactical incident response teams for a four-hour SANS Workshop, focused on open-source intelligence (OSINT) and incident handling. This workshop enables participants to sharpen their skills using practical, real-world tools and techniques for conducting incident response investigations...
Session Page
Networking Event
5:00 pm - 7:00 pm

Welcome Reception

Welcome to the 2024 RH-ISAC Cyber Intelligence Summit! Come say hello to old friends, meet new peers, and help kick off the 2024 conference on the Denver City Terrace. Open to all RH-ISAC Summit attendees. No additional registration is required.
Session Page
Networking Event
7:00 pm - 10:00 pm

Private | CISO Dinner

The RH-ISAC CISO Dinner is an invite-only event for select CISOs and special guests of the 2024 RH-ISAC Summit.
Session Page
April 10, 2024
Keynote
8:45 am - 9:45 am

Opening Remarks & Keynote: A Decade in Cybersecurity: The RH-ISAC Eras Tour

Challenges surmounted, victories achieved, and warp speed shifts in the cyber threat landscape navigated: There’s no doubt the last decade set the foundation for the strong and collaborative RH-ISAC community that we see today. In this keynote, you’ll hear compelling stories of intelligence sharing, and the teamwork and inno...
Session Page
Breakout Session
11:15 am - 11:45 am

The Evolving Cyber & Technology Policy Landscape: Implications for Information Security Teams

Federal, state and international policymakers continue to be active in developing new laws and regulations that have direct operational impacts on private sector CISOs and members of their teams. The SEC cybersecurity rule, now in effect, is compelling public companies to adjust their incident reporting and governance procedures...
Session Page
Brown Bag Lunch
12:00 pm - 12:45 pm

LUNCH: Brown Bag Featured Discussions

Grab a sack lunch and find a group to sit with based on a topic of interest. This casual forum allows for free-flowing discussion with fellow practitioners and peers. We’ll have tables assigned with discussion leaders to facilitate conversation on topics from Working Groups and Security Collaboration Efforts such as: Fraud:...
Session Page
Private Session
1:15 pm - 4:00 pm

Closed-Door CISO Meeting

*SESSION BEGINS AT 1:00 P.M.* PRIVATE SESSION: Open to CISOs Only. This extended breakout session will cover a series of discussion topics as selected by the RH-ISAC's CISO Working Group. Topics may include key challenges and priorities with titles such as: Leadership Perspective: When Neighbors Are Under Attack Th...
Session Page
Breakout Session
1:15 pm - 1:45 pm

Risky Business: Examining the Operational Benefits of Enhanced Collaboration Between Cyber Risk Management & CTI Functions

Now, more than ever, information security practitioners are expected to continually balance strategies for addressing a rapidly evolving cyber threat landscape against the need to meet business objectives with limited disruption. Risk management teams are critical in helping business leaders understand the organization’s risk ...
Session Page
Breakout Session
2:15 pm - 2:45 pm

Take Your Incident Response Plan to the Next Level

A good incident response plan can improve your efficiency and greatly reduce the stress involved when dealing with a significant incident. But as cybersecurity professionals, it’s easy to get tunnel vision on the technical details of a situation, potentially missing aspects of the bigger picture. And when your business is disr...
Session Page
Breakout Session
2:15 pm - 2:45 pm

Beyond the Hype – How our Threat Research Team Used Large Language Models to Enhance our CTI Activities

The launch of ChatGPT in late 2022 sparked considerable hype for generative AI chatbots. It is based on a large language model (LLM), an AI model that has been trained on a large corpus of text and built an understanding of language.    In threat intelligence, we often deal with human readable information, which unlike mac...
Sponsored By: Netacea
Session Page
Private Session
2:15 pm - 2:45 pm

STORM-0539: The Silent Gift Card Heist | TLP:RED – Core Members Only

Storm-0539 is an unclassified threat actor labeled by Microsoft that has targeted the retail, software, and gaming industries. This talk is an analysis of the Tactics, Techniques and Procedures (TTPs) and objectives the actor carries out on its target. We’ll also delve into their primary motivation, which appears to be retaini...
Session Page
Private Session
2:15 pm - 4:00 pm

Closed-Door CISO Meeting (Cont.)

PRIVATE SESSION: Open to CISOs Only. This extended breakout session will cover a series of discussion topics as selected by the RH-ISAC's CISO Working Group. Topics may include key challenges and priorities with titles such as: Leadership Perspective: When Neighbors Are Under Attack The Effect of Solarwinds' Lawsuit o...
Session Page
Breakout Session
3:15 pm - 4:00 pm

Situational Awareness: Protecting the Unknown

How can you apply security controls to assets that you are unaware of? This presentation will delve into the genesis and evolution of a novel approach to enhancing situational awareness for corporate assets. The central theme revolves around the creation of a semi-quantitative C-Suite report metric, incorporating a custom weight...
Session Page
Breakout Session
3:15 pm - 4:00 pm

Catphish: Infiltrating an International Refund Fraud Operation

In the summer of 2023, a refund fraud threat actor attempted to recruit a SHEIN customer service employee to facilitate large amounts of refund requests. SHEIN CTI assumed the identity of the targeted employee, and conducted a month-long operation to gather information from the threat actor. During this investigation, the innerw...
Session Page
Keynote
4:15 pm - 5:00 pm

Closing Keynote: S.E.ing IRL & with A.I. & Defending Against It With Q.I.

We will look at a real-life successful bank robbery captured on video to see what went right & wrong that led to the bank to be compromised 15 seconds after I walked in and led to the 100% compromise of every computer in the branch including the server room computers!  We will then dive into how A.I. is being used by cri...
Session Page
Networking Event
5:00 pm - 6:00 pm

Happy Hour

Celebrate the first day of the RH-ISAC Summit while enjoying light snacks and drinks!
Session Page
April 11, 2024
Keynote
9:00 am - 9:45 am

Keynote: Reducing Business Risk with Zero Trust Architecture + AI

Cyber attackers are using AI to generate creative ways to compromise users, as documented in a recent Washington Post article, “Cybersecurity faces a challenge from artificial intelligence’s rise.” Retail & Hospitality organizations must excel at protecting digital assets in the face of these AI-powered cyberthreats. L...
Session Page
Breakout Session
10:00 am - 10:45 am

Kill Switch to expensive SIEMs

The idea behind this presentation is to provide a fresh insight on how we can overcome challenges encountered with managing a SIEM/Data Lake with growing costs and logging requirements and data retention for compliance purpose, ability to query historical data. We will also discuss how we can secure and control the data routing ...
Session Page
Breakout Session
10:00 am - 10:45 am

Peer-Benchmarked Threat Resilience Metrics

CISOs need to answer the question “how do we compare with our peers?”  Skechers, Canadian Tire and Security Risk Advisors (VECTR.io) will show how to benchmark threat resilience using the shared RH Threat Index.  The presenters will share the free testing platform and 2024 test plan for attendees to level-up their metrics ...
Sponsored By: Security Risk Advisors
Session Page
Breakout Session
11:15 am - 11:45 am

Cyber Resiliency: Preparing the Business for Incident Response

We live in a new normal, with unknowns around every corner and every organization should have a plan for the worst. A traditional cyber-focused incident response plan is no longer enough. A larger business lens will be used for this talk and we’ll discuss the required roles, organizations, critical processes, and more- in as m...
Session Page
Breakout Session
11:15 am - 11:45 am

Beyond Chat: GPTs & Security Awareness in the Workplace

Resistance is futile! Learn about the past, present, and future of GPT and other Generative AI technologies, as well as how to prepare for them, use them, and reduce the tremendous risk surrounding them. Communication strategies, best practices, and policy recommendations will be discussed in this fun and highly informative pres...
Session Page
Breakout Session
11:15 am - 11:45 am

Managing Threat Pressure – A Proactive, Data-Driven Approach to Countering Fraud & Product Abuse

The landscape of online threats is constantly evolving as criminals develop new tactics, techniques, and procedures (TTPs) to achieve their goals. These methods can range from simply collecting information to committing fraud, posing a serious risk to businesses and their customers. To combat these threats, organizations must pr...
Sponsored By: Booz Allen Hamilton
Session Page
Breakout Session
11:15 am - 11:45 am

Malware Protection for OT Equipment

Explore the critical topic of protecting Operational Technology (OT) systems from malware threats.  This presentation covers the unique challenges and solutions for safeguarding OT equipment, including:  Understanding OT Environments  Challenges of deploying OT Malware protection  Detection and Prevention Strat...
Session Page
Private Session
12:15 pm - 2:15 pm

Dark Web Workshop | TLP:RED – Core Members Only

INVITE ONLY: This session is open to RH-ISAC Core Members Only The RH-ISAC's Dark Web Working Group is going to host its first hands on workshop during the RH-ISAC Summit. The workshop will cater to all levels of skills and experiences from beginner to advanced. Join us and learn: 1. Everything you need to know about the Dar...
Session Page
Breakout Session
1:30 pm - 2:15 pm

TPRM “Theater”: Are We Pretending This Actually Works?

Third-party risk management is a multi-billion dollar industry based on arduous questionnaires, human-intensive reviews, and point-in-time risk assessments. But at least it is effective, right? Right? This is not what we found in Kenvue. There is another way. We implemented an automated, model-based TPRM system for cyber risks w...
Session Page
Breakout Session
1:30 pm - 2:15 pm

Passkey: Because Authentication Should Be Easy & Secure

Over the last year passkeys as a concept has really gained momentum as consumers and organizations alike are assessing what passkeys are and their benefits. The FIDO2/WebAuthn authentication standard is gaining a larger market share, but do employees and consumers know the value of how this standard differs from other ways of se...
Sponsored By: Yubico
Session Page
Keynote
2:45 pm - 3:30 pm

Closing Keynote: From Crypto Crime to Cyberwar: Stories From the Front Lines

In this fireside chat, WIRED senior cybersecurity writer Andy Greenberg will draw from his latest two books, Tracers in the Dark and Sandworm, to tell stories from the cryptocurrency-fueled criminal underground to the ongoing conflicts in Ukraine and the Middle East. As a reporter who's spent 17 years embedded in the cyber beat,...
Session Page
Networking
3:30 pm - 4:30 pm

Closing Reception & Prize Drawing

Are you feeling lucky? Did you visit the vendor booths and enter for a chance to win some fun prizes? Help us wrap up the Summit and celebrate another great event at the closing reception - with prizes drawn by our illustrious emcee, Luke Vander Linden....
Session Page