2021 Cyburgh, PA Initiative
 | When: May 25 to May 27, 2021 Where: Virtual |
About Event
REGISTER HEREOnline registration is now closed. Please email llawrence@pghtech.org to attend this event.
2021 Cyburgh, PA Initiative
Presented by the Pittsburgh Technology Council and Ethical Intruder
About the Event | Agenda | Keynote Speaker | Panel Discussions | Breakout Sessions | Sponsors
Complete Program Announced!
Vulnerability affects the bottom line of the region’s businesses.
Cyburgh, PA Initiative aims to advance Pittsburgh as an internationally recognized leader in cybersecurity.
Through presentations and idea exchanges, Cyburgh is a forum for cybersecurity professionals and IT and Business professionals to engage with and learn from peers, thought leaders, and solution providers.
About Cyburgh, PA Initiative
Now in its sixth year, Cyburgh is a multi-day, virtual event. At Cyburgh, you’ll hear from thought leaders and subject matter experts from Pittsburgh and beyond. Our focus will be on the business and strategic areas that leaders and technical professionals need to know about.
When: May 25 to May 27, 2021 | 9:00AM to 12:00PM
Where: Virtual
Keynote Speakers
Opening Joint Keynote Discussion with the U.S. Secret Service featuring:
• Greg McAleer, Deputy Assistant Director for the Office of Investigations, detailed to the National Cyber Investigative Joint Task Force (NCIJTF)
• Timothy P. Burke, Special Agent in Charge, Pittsburgh Field Office
• David Smith, Special Agent in Charge, Criminal Investigations Division
Technical Keynote: Adopting to The Changing Security Landscape - Key Trends and Shifts for the New Normal with Dave Kane, CEO, Ethical Intruder
This keynote will address cybersecurity and risk changes, advancements and concerns that have arisen since the pandemic.
Topics include, how remote work has push development to the cloud and the surge in DevSecOPs, how organizations are shaking up Incident Response with actionable Tabletop exercises, and the effects that the influx in collaborative tools have had on data classification, governance, and vendor management practices.
Closing Keynote - Sponsored by Recorded Future
Gregory J. Touhill, Director, CERT Division, Software Engineering Institute (SEI)
Newly appointed in April of 2021, Greg Touhill is the director of Carnegie Mellon University’s SEI’s CERT Division. Touhill was appointed by former President Barack Obama to be the first chief information security officer (CISO) of the United States. Previously he served in the Department of Homeland Security (DHS) as deputy assistant secretary, Office of Cybersecurity and Communications, National Programs and Protection Directorate. Most recently he was president of Appgate Federal, a provider of cybersecurity services to government defense and civil agencies.
Panel Discussions
May 25: Changing Minds and Attitudes – How to Be a Change Maker for a Secure Supply Chain
Not all companies have a CISO, but all companies are vulnerable to threats and attacks from malicious actors. This panel of experts will discuss strategies to bring your entire supply chain onto the same team when it comes to cybersecurity. From overcoming employee apathy and working with outside vendors/customers to gaining management and board buy-in, we’ll discuss strategies to foster a comprehensive culture of security throughout your company’s ecosystem.
Panelists:
- Christopher Fry, CISSP, Cybersecurity Program Manager, compunetix, inc.
- Shari Gribbin, Advisory Solutions Partner with Arch Access Control, CNK Solutions
- Richard Platts, CETL, Director of Technology and Innovation, North Allegheny School District
- Mark Vescovi, CIO, Liberty Tire Recycling
Moderator: David Kane, CEO, Ethical Intruder
May 26: Resiliency in Cybersecurity - Sponsored by GrayMatter
Fighting cyber threats and data breaches is a job that never ends. A comprehensive resilience strategy takes planning, monitoring, a robust incidence response, and recovery. This panel will discuss best practices and lessons learned from the cybersecurity leaders who live and breathe this strategy. Learn how to best prepare and react so you know what to do when this happens to your company.
Panelists:
- Dr. Trebor Z. Evans, PMP, CCISO, CDPSE, Senior Vice President and Chief Information Security Officer (CISO), Dollar Bank
- Jay Saludis, CISSP, CISM, Director Information Security, 84 Lumber
- Peter Zwieryznski, CISSP, Information Security Architect, Koppers Inc.
Moderator: Scott Christensen, Cyber Practice Lead, GrayMatter
May 26: Cybersecurity Maturity Model Certification (CMMC) – Navigating through the Murky Waters of Certification - Sponsored by Schneider Downs
CMMC is an important, but vast certification affecting many of our region’s companies. For companies works with the Department of Defense, this audit ensures that there are appropriate levels of cyber security controls and processes in place to protect controlled unclassified information. This panel will dive into the nuances and best practices of obtaining this certification directly from the source of its creation, CERT and Johns Hopkins University. Connected with these experts, we’ll here industry perspectives from those who have gone through the process and the lessons they learned.
Panelists:
- Gregory Crabb, Principal Consultant, SideChannel & Founder of 10-8, LLC (former CISO of the USPS)
- Troy Fine, Senior Manager, Risk Advisory Services, Schneider Downs
- Sam Merrell, CISSP, Director, Global Information Security & Compliance, Kennametal
- Katie Stewart, Senior Member of the Technical Staff, CERT Division | SEI | Carnegie Mellon University
Moderator: Matthew Butkovic, CISA, CISSP, Technical Director- Cyber Risk and Resilience | CERT Division | SEI | Carnegie Mellon University
May 27: The Evolution of Enterprise and Personal Networks - Sponsored by Expedient
The progression of moving from data center to hybrid, cloud, and multi-cloud is in full speed. From micro-segmentation and zero trust architecture to AI integration and process automation, these tools and strategies help companies stay ahead of increasingly sophisticated threats. With the proliferation of remote/hybrid work and digital transformation initiatives, there are many more devices to secure across multiple networks. This panel will discuss how cybersecurity is constantly evolving and will help you keep you up with the latest trends.
Panelists:
- Craig Burland, Sr Manager Cyber Security Operations, Eaton
- Dave Coughanour, Sr. Director of Cybersecurity, Ansys
- F. Iman Joshua, Head of Information Security, Vimeo
- John Ramsey, CISO, National Student Clearinghouse
Moderator: AJ Kuftic, Principal Technologist, Expedient
Breakout Sessions
Tuesday, May 25: ATO ASAP: Automating Federal Compliance
Creation of a System Security Plan - fundamental to achieving an Authority to Operate - is toil with results often aimed more for compliance than security. Learn about the free open-source tools and component libraries available to the private sector, to cut costs while enhancing security and verification.
Presented by Fen Labalme, CISO, CivicActions and Mary Lazzeri, Federal Strategy, CivicActions
Tuesday, May 25: Integrating Offensive Security
For years we have relied on blue teams and defensive tactics to protect our networks, but many only perform Pentesting or other threat assessments once a year. This speech addresses the need for offensive capabilities and why you need a capable in-house team or strong partner to ensure that you are properly protected, vetted, and ever maturing your security posture and program. Please join us for a rapid-fire discussion about why we must attack not just defend our assets if we are going to properly secure and understand the threats that are introducing risk to our environments.
Presented by Luke McOmie, Offensive Security – Blue Bastion, Ideal Integrations
Wednesday, May 26: Why Firms Need a Security Incident Response Plan
Having a plan for cybersecurity incident response activities enables your team to control the chaos and stress that an incident can create within an organization. It’s why preparation is the first phase, it’s the foundation of the SIRP. Creating the plan, assigning roles and responsibilities, and preparing for what to do during the various phases will help your team to develop the operational maturity that will help to reduce the impact that a security event has on an organization.
Presented by Keith Arnold, Vice President, Advanticom
Wednesday, May 26: The Benefits of Formalizing a Comprehensive Cybersecurity Program
Whether you're a small business or large enterprise, everyone is a target for threat actors across the world. The market for security solutions has grown exponentially making the task of addressing cybersecurity complex. In this session we'll cover the benefits of a comprehensive cybersecurity program that includes people, process, and technology with a focus on how to choose a framework, identify gaps, and create a roadmap for your business regardless of your size, industry, budget, or complexities.
Presented by Michael Yates, CISO, All Lines Technology
Thursday, May 27: Beyond the Buzzwords: Clearing up the Confusion around Zero Trust
While it has been around for more than a decade ‘zero trust’ is one of the most misused terms in the industry today. As zero trust heightened its status as a ‘buzzword’, the term became overused and caused confusion. This presentation aims to clear up the confusion around zero trust by discussing and defining the principles of zero trust and how adopting a zero trust model may help increase your organization’s cybersecurity posture.
Presented by Eric Cornelius, Chief Product Officer at iboss
Thursday, May 27: What to Expect When Conducting Risk Assessments of Your Cloud Provider
Join Mark for this informative session that will explore how to work with a cloud service provider and maintain auditing standards. As the CISO of a Cloud Service Provider, Mark will describe what you should expect and not expect from your provider and how to draw boundaries and expectations from the very beginning. The discussion will go even deeper and help you understand the “why” of what you should and should not expect when it comes to auditing from a Cloud Service Provider and how a provider should address specific compliance regimens (PCI-DSS, HIPAA, SOX etc.). There will be plenty of time for questions and answers where you can pick Mark’s brain and experience with specific scenarios you have within your environment. This session will be designed for both those that conduct audits and internal compliance teams as well as those seeking new providers.
Presented by Mark Houpt, CISO, DataBank
Thursday, May 27: DevSecOps: Stop “Shifting Left” and Start Left Instead
The concept of shifting left and transitioning from a DevOps to a DevSecOps model has become more important than ever in the recent wake of increasingly sophisticated security breaches, software supply chain attacks, and widespread transition from typical to hybrid work environments. In this session, we’ll cover what it means to “start left”, how organizations at any cybersecurity maturity level can adopt this concept, whether well into the shifting left journey or just beginning, to improve their organization’s security posture and cyber hygiene.
Presented by Jacob Wyllie, Director of Cyber Security, Ethical Intruder
Who Should Attend?
Chief Executive Officers, Chief Operations Officers, Chief Information Officers, Chief Information Security Officers, Chief Privacy Officers, Practitioners, Business Leaders, IT Managers and those who want to learn about the challenges and opportunities within cybersecurity.
This program is applicable to all audiences: corporations, small business, academic institutions and public sector - especially those interested in learning how to protect your business and mitigate risk.
Why Attend?
As vulnerability affects the bottom line of our region’s business, it’s critical to stay on top of the latest threats and trends.
• Cyburgh is a learning opportunity for IT and security leaders.
• Cyburgh is a forum for the Pittsburgh IT community to network.
• Cyburgh connects attendees to partners that may help keep their business secure and protect their customers and bottom line.
• Cyburgh brings outside perspectives to the Pittsburgh IT community.
Tuesday, May 25, 2021
9:00 AM | Keynote Address with the U.S. Secret Service
10:00 AM | Panel Discussion: Changing Minds and Attitudes – How to Be a Change Maker for a Secure Supply Chain
11:00 AM | Networking
11:30 AM | Breakout Session: ATO ASAP: Automating Federal Compliance
11:30 AM | Breakout Session: Integrating Offensive Security
12:00 PM |End of Program: Business as Usual with PA Senator, Bob Mensch, Clean Transportation Infrastructure Bill
Wednesday, May 26, 2021
9:00 AM | | Technical Keynote: Adopting to The Changing Security Landscape - Key Trends and Shifts for the New Normal, David Kane, CEO, Ethical Intruder
9:30 AM | Panel Discussion: Resiliency in Cybersecurity - Sponsored by GrayMatter
10:30 AM | Panel Discussion: Cybersecurity Maturity Model Certification (CMMC) – Navigating through the Murky Waters of Certification - Sponsored by Schneider Downs
11:30 AM | Breakout Session: Why Firms Need a Security Incident Response Plan
11:30 AM | Breakout Session: The Benefits of Formalizing a Comprehensive Cybersecurity Program
12:00 PM | End of Program: Business as Usual with Digital Twins: A Discussion with Prith Banerjee, Chief Technology Officer, ANSYS and Charles Fisher, Founder and CEO, Unlearn.AI
Thursday, May 27, 2021
9:00 AM | Panel Discussion: The Evolution of Enterprise and Personal Networks - Sponsored by Expedient
10:00 AM | Breakout Session: Beyond the Buzzwords: Clearing up the Confusion around Zero Trust
10:00 AM | Breakout Session: What to Expect When Conducting Risk Assessments of Your Cloud Provider
10:00 AM | Breakout Session: DevSecOps: Stop “Shifting Left” and Start Left Instead
10:30 AM | Networking
11:00 AM | Closing Keynote: Gregory J. Touhill, Director, CERT Division, Software Engineering Institute (SEI) - Sponsored by Recorded Future
12:00 PM | End of Program: Business as Usual Talking about FedEx Targets Carbon Neutral Operations Featuring Dermot Murray, Sustainability Manager at FedEx
Cost:
FREE | PTC Members
$299 | Non Members
Thank You to our Sponsors!
Presenting Sponsor:
Keynote Sponsor:%20-%20Recorded%20Future-600x165-851ecff.jpg)
Panel Sponsors:
Breakout Session Sponsors:
Community Sponsor:
Supporting Sponsors:
Contact Information:
- For content or logistics questions - Program Director: Monica Takacs, Sr. Director for Industry Networks, mtakacs@pghtech.org
- For registration questions - Taylor Bombalski, Director, Event Planning & Special Programs, tbombalski@pghtech.org
- For sponsorship questions - Ashley Steckel, Director of Business Development and Advertising, asteckel@pghtech.org
- For membership questions - Ryan Gent, Membership Director, rgent@pghtech.org