Agenda

April 9, 2024
Workshop
1:00 pm - 5:00 pm

OSINT Workshop at RH-ISAC Summit

Join fellow SOC analysts, engineers, and tactical incident response teams for a four-hour SANS Workshop, focused on open-source intelligence (OSINT) and incident handling. This workshop enables participants to sharpen their skills using practical, real-world tools and techniques for conducting incident response investigations...
Session Page
Networking Event
5:00 pm - 7:00 pm

Welcome Reception

Welcome to the 2024 RH-ISAC Cyber Intelligence Summit! Come say hello to old friends, meet new peers, and help kick off the 2024 conference on the Denver City Terrace. Open to all RH-ISAC Summit attendees. No additional registration is required.
Session Page
Networking Event
7:00 pm - 10:00 pm

Private | CISO Dinner

The RH-ISAC CISO Dinner is an invite-only event for select CISOs and special guests of the 2024 RH-ISAC Summit.
Session Page
April 10, 2024
Focus Group
8:00 am - 8:30 am

Consumer Goods Focus Group

All members who manufacture/distribute durable or consumer goods are requested to join us to talk about what the RH-ISAC can do to help support the sector and the unique risks to it. This session is open to all levels from senior management to analyst but we would like the majority to be boots on the ground participants. Topi...
Session Page
Keynote
8:45 am - 9:45 am

Opening Remarks & Keynote: A Decade in Cybersecurity: The RH-ISAC Eras Tour

Challenges surmounted, victories achieved, and warp speed shifts in the cyber threat landscape navigated: There’s no doubt the last decade set the foundation for the strong and collaborative RH-ISAC community that we see today. In this keynote, you’ll hear compelling stories of intelligence sharing, and the teamwork and inno...
Session Page
Main Session
10:00 am - 10:45 am

New Faces of the RH-ISAC – Goals, Priorities, & Creating a Culture of Information Sharing

New energy, ideas, and approaches are the lifeblood that keeps a community alive. With a decade of community building at the RH-ISAC, we know for certain that welcoming in fresh perspectives and people helps to amplify our collective power and collaboration. This panel discussion invites newer faces of the RH-ISAC to share their...
Session Page
Breakout Session
11:15 am - 11:45 am

Threat Actor Baseball Cards: Beyond IoCs and Towards a Holistic Adversary Collection

Cyber Threat Intelligence teams are barraged with consistent updates and changes to threat actor activity clusters. This presentation highlights a methodology (threat actor baseball cards) to collect and store information about threat actors to understand the group’s history, recent activity, tools, infrastructure, and use MIT...
Session Page
Hospitality
11:15 am - 11:45 am

A Story Uncovering Blind Spots in ATO, Online Fraud, and Automated Attacks

The digital age has provided unparalleled opportunities for retail, eCommerce, travel, and hospitality, but with every click comes a potential threat.  Kasada’s Sam Crowther will share frontline experiences combatting online fraud and automated attacks. Gain valuable insights into thinking like an adversary, uncovering unk...
Sponsored By: Kasada
Session Page
Breakout Session
11:15 am - 11:45 am

The Evolving Cyber and Technology Policy Landscape: Implications for Information Security Teams

Federal, state and international policymakers continue to be active in developing new laws and regulations that have direct operational impacts on private sector CISOs and members of their teams. The SEC cybersecurity rule, now in effect, is compelling public companies to adjust their incident reporting and governance procedures...
Session Page
Brown Bag Lunch
12:00 pm - 12:45 pm

LUNCH: Brown Bag Feature Discussions

Grab a sack lunch and find a group to sit with based on a topic of interest. This casual forum allows for free-flowing discussion with fellow practitioners and peers. We’ll have tables assigned with discussion leaders to facilitate conversation on topics from Working Groups and Security Collaboration Effots such as: Ident...
Sponsored By: Varonis
Session Page
Hospitality
12:00 pm - 12:45 pm

LinkSecure: Help Us to Help You Strengthen Your Supply Chain

Retail and hospitality companies face certain risks when using third-party services.  An uptick in breaches across industries and a greater reliance on outsourcing has led to the higher prioritization of third-party risk management.   The RH-ISAC is creating a new program to help mature the cybersecurity capabilities of your ...
Session Page
Hospitality
1:15 pm - 1:45 pm

Risky Business: Examining the Operational Benefits of Enhanced Collaboration Between Cyber Risk Management and CTI Functions

Now, more than ever, information security practitioners are expected to continually balance strategies for addressing a rapidly evolving cyber threat landscape against the need to meet business objectives with limited disruption. Risk management teams are critical in helping business leaders understand the organization’s risk ...
Session Page
Breakout Session
1:15 pm - 1:45 pm

Leaky Spiders Ride The Wave

86% of eCrime actors use evasion techniques to bypass antivirus (AV) software and 80% of attacks use stolen credentials1.  Adversaries continue to evolve. From using evasion techniques — such as removing indicators, hijacking execution flows and masquerading — to get past legacy endpoint solutions to using stolen credent...
Sponsored By: CrowdStrike
Session Page
Breakout Session
1:15 pm - 1:45 pm

Unified Defenses: Malware Sharing in RH-ISAC with Data Lake Integration

Join Aaron Mog, Forward Deployed CISO of Stairwell and JJ Josing, RH-ISAC’s Principal Threat Researcher to delve into the transformative power of malware sharing within the private RH-ISAC malware sharing community amplified by Stairwell’s cutting-edge data lake technology. Explore how data lakes can serve as the backbone fo...
Sponsored By: Stairwell
Session Page
Private Session
1:15 pm - 4:00 pm

Closed-Door CISO Meeting

*SESSION BEGINS AT 1:00 P.M.* PRIVATE SESSION: Open to CISOs Only. This extended breakout session will cover a series of discussion topics as selected by the RH-ISAC's CISO Working Group. Topics may include key challenges and priorities with titles such as: Leadership Perspective: When Neighbors Are Under Attack Th...
Session Page
Breakout Session
2:15 pm - 2:45 pm

Take Your Incident Response Plan to the Next Level

A good incident response plan can improve your efficiency and greatly reduce the stress involved when dealing with a significant incident. But as cybersecurity professionals, it’s easy to get tunnel vision on the technical details of a situation, potentially missing aspects of the bigger picture. And when your business is disr...
Session Page
Breakout Session
2:15 pm - 2:45 pm

Beyond the Hype – How our Threat Research Team Used Large Language Models to Enhance our CTI Activities

The launch of ChatGPT in late 2022 sparked considerable hype for generative AI chatbots. It is based on a large language model (LLM), an AI model that has been trained on a large corpus of text and built an understanding of language.    In threat intelligence, we often deal with human readable information, which unlike mac...
Sponsored By: Netacea
Session Page
Private Session
2:15 pm - 2:45 pm

STORM-0539: The Silent Gift Card Heist | TLP:RED – Core Members Only

Storm-0539 is an unclassified threat actor labeled by Microsoft that has targeted the retail, software, and gaming industries. This talk is an analysis of the Tactics, Techniques and Procedures (TTPs) and objectives the actor carries out on its target. We’ll also delve into their primary motivation, which appears to be retaini...
Session Page
Private Session
2:15 pm - 4:00 pm

Closed-Door CISO Meeting (Cont.)

PRIVATE SESSION: Open to CISOs Only. This extended breakout session will cover a series of discussion topics as selected by the RH-ISAC's CISO Working Group. Topics may include key challenges and priorities with titles such as: Leadership Perspective: When Neighbors Are Under Attack The Effect of Solarwinds' Lawsuit o...
Session Page
Breakout Session
3:15 pm - 4:00 pm

Practitioner Perspectives on Cyber Threat Intelligence 2.0

This panel discussion picks up where our last CTI panel left off, with experienced security practitioners sharing their approach to current and future threats in a constantly evolving landscape.
Session Page
Breakout Session
3:15 pm - 4:00 pm

Catphish: Infiltrating an International Refund Fraud Operation

In the summer of 2023, a refund fraud threat actor attempted to recruit a SHEIN customer service employee to facilitate large amounts of refund requests. SHEIN CTI assumed the identity of the targeted employee, and conducted a month-long operation to gather information from the threat actor. During this investigation, the innerw...
Session Page
Private Session
3:15 pm - 4:00 pm

Closed-Door CISO Meeting (Cont.)

PRIVATE SESSION: Open to CISOs Only. This extended breakout session will cover a series of discussion topics as selected by the RH-ISAC's CISO Working Group. Topics may include key challenges and priorities with titles such as: Leadership Perspective: When Neighbors Are Under Attack The Effect of Solarwinds' Lawsuit o...
Session Page
Breakout Session
3:15 pm - 4:00 pm

Situational Awareness: Protecting the Unknown

How can you apply security controls to assets that you are unaware of? This presentation will delve into the genesis and evolution of a novel approach to enhancing situational awareness for corporate assets. The central theme revolves around the creation of a semi-quantitative C-Suite report metric, incorporating a custom weight...
Session Page
Keynote
4:15 pm - 5:00 pm

Closing Keynote: S.E.ing IRL & with A.I. & Defending Against It With Q.I.

We will look at a real-life successful bank robbery captured on video to see what went right & wrong that led to the bank to be compromised 15 seconds after I walked in and led to the 100% compromise of every computer in the branch including the server room computers!  We will then dive into how A.I. is being used by cri...
Session Page
Networking Event
5:00 pm - 6:00 pm

Happy Hour

Celebrate the first day of the RH-ISAC Summit while enjoying light snacks and drinks!
Session Page
April 11, 2024
Private Session
8:00 am - 8:40 am

Leadership Perspective: When Neighbors are Under Attack | TLP:RED – Core Members Only

During the summer of 2023, multiple casino resorts endured highly-publicized cybersecurity attacks from a single actor which resulted in varied ransomware negotiation approaches and costly disruption of services with impacts to guests. Other competing organizations – near and far – immediately were weighing the events and th...
Session Page
Keynote
9:00 am - 9:45 am

Keynote: Reducing Business Risk with Zero Trust Architecture + AI

Cyber attackers are using AI to generate creative ways to compromise users, as documented in a recent Washington Post article, “Cybersecurity faces a challenge from artificial intelligence’s rise.” Retail & Hospitality organizations must excel at protecting digital assets in the face of these AI-powered cyberthreats. L...
Session Page
Breakout Session
10:00 am - 10:45 am

Elevate Your Security Operations Center with ML and AI

With the retail industry experiencing a 57% increase in cyber threats in the last two years, retail infrastructure has never seemed more vulnerable. Learn more about the latest retail threats from Palo Alto Networks’ expert threat professionals. Hear how Deckers Brands and Home Depot transformed their Security Operations Cente...
Sponsored By: Palo Alto Networks
Session Page
Breakout Session
10:00 am - 10:45 am

Kill Switch to expensive SIEMs

The idea behind this presentation is to provide a fresh insight on how we can overcome challenges encountered with managing a SIEM/Data Lake with growing costs and logging requirements and data retention for compliance purpose, ability to query historical data. We will also discuss how we can secure and control the data routing ...
Session Page
Breakout Session
10:00 am - 10:45 am

Peer-Benchmarked Threat Resilience Metrics

CISOs need to answer the question “how do we compare with our peers?”  Skechers, Canadian Tire and Security Risk Advisors (VECTR.io) will show how to benchmark threat resilience using the shared RH Threat Index.  The presenters will share the free testing platform and 2024 test plan for attendees to level-up their metrics ...
Sponsored By: Security Risk Advisors
Session Page
Hospitality
10:00 am - 10:45 am

Loyalty Under Siege: Defend and Detect Account Takeovers in Reward Programs

This session focuses on the often overlooked but critical aspect of loyalty points programs and their susceptibility to fraud through account takeovers. In this session, IANS Faculty member Gunnar Peterson will dissect how these specific attacks erode the hard-earned trust and loyalty that brands establish with their customers, ...
Sponsored By: IANS Research
Session Page
Breakout Session
11:15 am - 11:45 am

Beyond Chat: GPTs and Security Awareness in the Workplace

Resistance is futile! Learn about the past, present, and future of GPT and other Generative AI technologies, as well as how to prepare for them, use them, and reduce the tremendous risk surrounding them. Communication strategies, best practices, and policy recommendations will be discussed in this fun and highly informative pres...
Session Page
Breakout Session
11:15 am - 11:45 am

Managing Threat Pressure – A Proactive, Data-Driven Approach to Countering Fraud and Product Abuse

The landscape of online threats is constantly evolving as criminals develop new tactics, techniques, and procedures (TTPs) to achieve their goals. These methods can range from simply collecting information to committing fraud, posing a serious risk to businesses and their customers. To combat these threats, organizations must pr...
Sponsored By: Booz Allen Hamilton
Session Page
Breakout Session
11:15 am - 11:45 am

Malware Protection for OT Equipment

Explore the critical topic of protecting Operational Technology (OT) systems from malware threats.  This presentation covers the unique challenges and solutions for safeguarding OT equipment, including:  Understanding OT Environments  Challenges of deploying OT Malware protection  Detection and Prevention Strat...
Session Page
Breakout Session
11:15 am - 11:45 am

Cyber Resiliency: Preparing the Business for Incident Response

We live in a new normal, with unknowns around every corner and every organization should have a plan for the worst. A traditional cyber-focused incident response plan is no longer enough. A larger business lens will be used for this talk and we’ll discuss the required roles, organizations, critical processes, and more- in as m...
Session Page
Networking
12:15 pm - 1:00 pm
Session Page
Private Session
12:15 pm - 2:15 pm

Dark Web Workshop | TLP:RED – Core Members Only

INVITE ONLY: This session is open to RH-ISAC Core Members Only The RH-ISAC's Dark Web Working Group is going to host its first hands on workshop during the RH-ISAC Summit. The workshop will cater to all levels of skills and experiences from beginner to advanced. Join us and learn: 1. Everything you need to know about the Dar...
Session Page
Breakout Session
1:30 pm - 2:15 pm

TPRM “Theater”: Are We Pretending This Actually Works?

Third-party risk management is a multi-billion dollar industry based on arduous questionnaires, human-intensive reviews, and point-in-time risk assessments. But at least it is effective, right? Right? This is not what we found in Kenvue. There is another way. We implemented an automated, model-based TPRM system for cyber risks w...
Session Page
Breakout Session
1:30 pm - 2:15 pm

T-Mobile Boldly Moves Forward with FIDO Passwordless Vision

Most cyberattacks, including ransomware, are caused by stolen credentials through phishing and simple human error. These breaches ultimately have costly consequences for both companies and customers. There is urgency to align to the NIST Cybersecurity Framework, as announced in President Biden’s Executive Order 14028 for st...
Sponsored By: Yubico
Session Page
Private Session
1:30 pm - 2:15 pm

Dark Web Workshop | TLP:RED – Core Members Only

INVITE ONLY: This session is open to RH-ISAC Core Members Only The RH-ISAC's Dark Web Working Group is going to host its first hands on workshop during the RH-ISAC Summit. The workshop will cater to all levels of skills and experiences from beginner to advanced. Join us and learn: 1. Everything you need to know about the Dar...
Session Page
Keynote
2:45 pm - 3:30 pm

Closing Keynote: From Crypto Crime to Cyberwar: Stories From the Front Lines

In this fireside chat, WIRED senior cybersecurity writer Andy Greenberg will draw from his latest two books, Tracers in the Dark and Sandworm, to tell stories from the cryptocurrency-fueled criminal underground to the ongoing conflicts in Ukraine and the Middle East. As a reporter who's spent 17 years embedded in the cyber beat,...
Session Page
Networking
3:30 pm - 4:15 pm

Closing Reception & Prize Drawing

Are you feeling lucky? Did you visit the vendor booths and enter for a chance to win some fun prizes? Help us wrap up the Summit and celebrate another great event at the closing reception - with prizes drawn by our illustrious emcee, Luke Vander Linden....
Session Page
Networking
3:40 pm - 4:15 pm

Andy Greenberg Book Signing

Bring your book and join us in the Capitol Foyer to be signed by Senior Writer, WIRED and our Closing Keynote, Andy Greenberg.
Session Page