PhishMe Submerge Abstracts

SEE THE DETAILED TRACK INFORMATION AND SPEAKER BIOS BELOW

DEFENSE SESSIONSRESILIENCE SESSIONSGENERAL

TRAINING DAY: WEDNESDAY, NOVEMBER 29
9am Registration/Breakfast
8am–5pm Meet the Experts
9am PhishMe PhishMe Basics

Learn Simulator basics – build a scenario, design your education, select your recipients to launching and understanding basic analytics

9am PhishMe Triage Basics

How to set up and work with Triage step by step: Once Triage is installed and ingesting email what do you do? You start by learning your own network. Setting up the rules to give you the Meta data so you can get a better picture of what you’re looking at and how to use the information to make any Incident Response plan involving Phishing to more likely be a success.

10:15am PhishMe Reporter Overview

By the end of the PhishMe Reporter Overview, attendees will understand why they need reporter, what email clients Reporter is available for, and how to get it for their organization. The integration of Reporter data into existing Simulator Reports will also be covered, showing attendees how they can use Reporter data to further inform them as to the susceptibility or resilience of their organization to phishing attacks

10:15am Integrating PhishMe Triage with Your IR Program

Learn Triage best practices for integrating into your incident response plan.

11:30am Creating Phishing Emails that Work

In this talk, Aaron Riley and Scott Renna will cover the different aspects of a PhishMe program and discuss various lifecycle points in the transformation of your organization’s phishing security posture. We will discuss real world threats and trends as seen from a SOC analyst perspective. At its core, PhishMe is about focusing attention on and investing in your users whom, when properly tuned, can become your organization’s most effective intrusion detection system. This presentation will discuss how to leverage real world scenarios against a user base, as well as, covering the real problems of a phishing program and how to overcome them.

11:30am PhishMe Intelligence Overview

By the end of the PhishMe Intelligence Overview, attendees will understand where our intelligence comes from, why it’s accurate and actionable, and the three methods of delivery: machine-readable, human-readable, and our portal. Regarding our machine-readable feed, we will cover existing integrations with other security infrastructure systems and tools, and how customers can get help setting up new integrations. We will also detail what we include in our intelligence feed, such as watch list items, indicators of compromise, impact scores, and more! How does PhishMe Intelligence enhance the capabilities of PhishMe Triage? We’ll be covering that as well!

12:30pm Lunch/Networking
1:30pm PhishMe PhishMe Program Analysis

Program Analysis: In this track, you will learn how to measure your program against organizational capability, the primary measures of program effectiveness and how PhishMe Professional Services Consultants define and analyze behavioral change at both a scenario response and program trending level.

Program Best Practices: Learn anti-phishing program best practices as implemented by PhishMe Professional Services Consultants. At the end of this course, you will understand how to establish goals for your program, the best approach to planning, implementing, and responding to the effectiveness of your simulations

1:30pm Email Headers: Sifting Through the Hay to Find Needle

We all know the wonderful world of email headers contain lots of useful information. But we also know that it contains a lot of information that is not relevant to our security needs. With the advent of X-Header inside emails, there’s even more to wade through. This talk will go through the various standard email headers that a security analyst may see and provide a determination on its usefulness regarding security. We will show how these headers can be used to assist in vetting reports that will arrive in Triage. Afterwards, we will look at the potential x-headers that an analyst may come upon and show their potential in assisting the vetting of reports.

3pm Malware Analysis 101

One of the largest challenges for enterprise information security is the rapid development, growth, and evolution of the malware used by criminals. This malware represents the tools used by criminals to gain access to protected environments, steal private information, or even lock data away with a ransom demand. These tools are deployed against organizations of all sizes, and the challenge is the same for most: understand the attacker’s objective, identify the malware capabilities, and assess the risk to the enterprise. This presentation will cover the basics of identifying malware content, categorizing it, and utilizing open-source intelligence resources to perform effective triage of new and emergent malware threats.

4:15pm GENERAL SESSION: Bringing It All Together: Full Spectrum Phishing Defense

What does a holistic phishing defense program look like? Following the timeline of an example attack, we will demonstrate how to use all PhishMe’s products make the anti-phishing portion of our defense in depth as robust as it can be. In this talk, we will discuss how we can use reporting from Triage and information from Intelligence to help feed content scenarios in our enterprise environment. We will also discuss how we can use PhishMe Intelligence rules in Triage to respond to phishing campaigns both in real time and proactively. We will also discuss how feedback from Triage can help identify areas in our phishing defense may need more work. At the end of the talk, participants should have a better understanding about how PhishMe’s products work together to build a comprehensive phishing defense program.

8am–5pm PhishMe Excellence Awards and Welcome Reception

THURSDAY, NOVEMBER 30
7am Registration/Breakfast
8:30am–5pm Solutions Center
8:30am–5pm Meet the Experts
8am Opening Keynote: The Ongoing Battle Between Awareness and Defense

Phishing remains the top threat but most organizations can’t see past their existing investments. Join PhishMe CEO and co-Founder, Rohyt Belani as he discusses the state of the market, PhishMe’s evolving approach and how real customers tackle the conflict on a daily basis.

8:40am Customer Keynote: Rock Star status isn’t achieved overnight!

Just because you can sing, doesn’t mean you’re automatically selling out rock concerts. Tuning your phishing resilience program to be in perfect harmony takes time and patience. Hear how Tonia Dudley managed global programs for teams from 20- 130K users and worked across functional teams – with Incident Response, Email Architecture, Networking, Fraud and Senior Management – to build highly successful, scalable programs delivering measurable results.

9:20am Technology Keynote: Phishing – Still your #1 problem in 2030?

Join PhishMe CTO and co-founder, Aaron Higbee as he explores the future of phishing and attacks and how we must continue to evolve to stay ahead of evolving threats

10:15am Product Direction, PhishMe PhishMe and PhishMe Reporter

In this session, you will hear from three PhishMe product experts who will review recent product features, as well as share insight into the roadmaps for PhishMe PhishMe, PhishMe Reporter and PhishMe LMS.

11:30am Round Tables / Lunch – Positive vs Negative Consequence Models
1:15pm Customer Panel: Phishing Defense Best Practices

During this panel, Michael Lattimore will lead the conversation with his esteemed panel of experts to answer the question – How can we activate the human firewall of the Distinguished Users to create a culture of security awareness so they remember that they are the critical component to our security program’s success?

2:45pm Product Direction, PhishMe Triage and PhishMe Intelligence

In this session, you will hear from two PhishMe product experts who will review recent product features and enhancements, as well as share insight into the vision for PhishMe Intelligence and PhishMe Triage. Join us as we take you through the innovation of these two defensive solutions and take a deep dive into what is on the horizon.

2:45pm Repeat Clickers

Heather Bryant will lead the session talking about the roles of emotions in susceptibility and how organizations can address behavioral change in repeat clickers. Do you have a subset of a population who repeatedly fall susceptible to phishing tests? In my experience, there is no correlation between how long a recipient spends on the education or necessarily in how many times he or she may receive remedial training. So how do you address the repeat offender problem?

4pm Metrics and Communication Strategy

Understanding the cybersecurity risks associated with employees in the Intelligence and Defense industry was a factor in CACI’s decision to incorporate anti-phishing training into its Information Security Awareness Program. Join Ava Woods-Fleegal as she discusses how data from anti-phishing training efforts, over the past four years, has helped CACI develop more effective awareness practices. This session will demonstrate how CACI leverages program metrics and its communication strategy to mature its Awareness and Anti-Phishing Programs and provide attendees with different levels of metric sophistication and tips on how to drive Awareness Program support with a strong communication strategy.

4pm So You’ve Got a Malicious URL… Now What?

For those of you who attended last year’s conference, this would be the other half of his topic from last year on malicious documents. Reported phishing emails often contain URLs. VirusTotal will say that they are malicious, but what actually happens when you click on them? Is this phishing email specific to your company? Or is it part of a wider campaign? This topic will explore how to investigate malicious URLs in a safe environment. It will also show tools and various open source intelligence feeds used to analyze and research malicious sites.

4pm Organizational Capability Model – Getting Left of Breach

In this session, we will present and discuss best practices for measurement of an organization’s capability to resist phishing attacks and get ‘Left of Breach’. We will review the base capability model and the phishing kill chain and how they relate to anti-phishing program execution.

5pm Evolution of a Phishing Defense Program

PhishMe Intelligence adds an important layer of protection to our phishing defense. Intelligence provides timely and accurate indicators of phishing that enable us to detect and respond faster to phishing attacks. This presentation describes the evolution of our phishing defense program which includes Simulator, Reporter, Managed Triage, and Intelligence. Learn how Scripps defines goals and results at the four phases of our comprehensive program.

5pm Scaling Your Program Globally

Creating a culture of cybersecurity awareness requires a strategic approach. This is especially true at the AES Corporation, as the impact of our cybersecurity awareness program must span seventeen countries, four continents and seven primary languages. At AES, we strive to set top-level guidelines for improving cybersecurity awareness to enable our local businesses the flexibility to implement the campaigns that are most effective for their audiences.

5pm How to Develop a Phishing Incident and Response Plan

Attackers are changing their tactics to compromise an organization and relying on phishing techniques more than ever to spread their malware. However, most organizations use dated incident response plans that only relate to network intrusion attacks and don’t include anything to mitigate a phishing attack. It’s time that we stop and take a look at developing an incident response plan for phishing attacks. In this talk we will discuss why a company should implement a phishing incident response plan, how they can use the Reporter button, Triage and other tools to help mitigate phishing incidents and compare that with other traditional methods and tools.

6pm Submerge Cocktail Party with Open Bar and Hors D’oeuvres
from 6 -8 at Pose Lounge, roof-level
7:30pm Birds of a Feather Dinner

FRIDAY, DECEMBER 1
7am Networking Breakfast
8:30am–3pm Solutions Center
8:30am–3pm Meet the Experts
8am Customer Panel – Metrics that Matter & Communications

Aurelia Carr-Olverson will lead this panel in the discussion of the human factor being the weakest link in a cybersecurity firewall. Simple unawareness, followed by the act of clicking a link, can open your business to a host of unwelcomed consequences, making training and awareness imperative. With just 24 months of recurring scheduled, quarterly testing (for a total of 8 tests at writing), in conjunction with an actively engaged security awareness program, have brought a marked reduction in our number of individuals who click on potentially dangerous links, with our organization’s scores moving from above between 4-8% over the average susceptibility rate to downward trends measurably below the susceptibly rates. This demonstrates the need for and positive impact of ongoing and continuous training, but the necessary action does not end there. For a program to work solidly, the need for a strong communications program is paramount. Sharing testing results with leadership as well as those tested, is critical to establishing a fortified program. This communication should come in the form of accurate and usable metrics for the organization to see where they’ve been, the improvements they’ve made and the necessary progresses to strive for with an established goal of as near “0% clicking” as realistically possible.

9:30am Role of Emotions in Clicking

Throughout our lives, something has invoked our emotions. It could have been a birth of a child, a death of a loved one, illness and so forth. Overtime we have learned, that perpetrators will prey on your emotions to invoke user behavior and perpetuate an attack. Today, we can see how easily perpetrators will use your emotions to lure you in their Phishing trap by knowing what emotions that will drive your thinking abilities. In this presentation Amber Stone with Blue Cross and Blue Shield of Kanasas City will closely examine the diverse types of emotions, how perpetrators use our emotions against us and what you can do so are not added to the victims list.

9:30am Beyond the BEC

Business E-mail Compromise (BEC) has been an effective attack vector for years now. But identifying and not responding to the attacker’s request for fund transfer is not enough. Walk through the forensic timeline of a BEC attack from recon through results. See the tactics and methods of the attacker change. Identify possible security controls for each phase.

9:30am Protecting Sensitive Data

The Department of Health and Human Services Office of Inspector General maintains a portal identifying all Covered Entities Health Care Providers that have experienced a breach. The goal of my organization is to not end up on this wall of shame. We have implemented many HIPAA compliant safeguards, to protect our infrastructure, applications, and sensitive data. Unfortunately, our spam filtering technology does not detect all emails that have malicious characteristics. We are aware that technical controls are important, but can and are easily circumvented by attackers who successfully phish their targets. PhishMe simulator allow us to address any gaps we may have in user awareness by implementing, and continuously running a phish awareness campaign to make our employees aware, and develop desirable habits to mitigate the risk of a PII/PHI breach due to negligent and/or unaware employees.

10:30am Juggling it all with Simulator, Triage and Reporter

During this session, Darren will present various experiences, tips and tricks, citing positive/negative examples within respective industry/environment that the audience can react to with reverse Q&A session. Learn Triage for integrating into your incident response plan and benefits it has provided. Questions should be around Triage or Simulator or Reporter.

10:30am Orchestration and Automation in Phishing Incident Response

More Info Coming Soon.

10:30m Bringing It All Together. Full Spectrum Phishing Defense Using Triage, Simulator, and Intelligence

What does a holistic phishing defense program look like? Following the timeline of an example attack, we will demonstrate how to use all of PhishMe’s products make the anti-phishing portion of our defense in depth as robust as it can be. In this talk, we will discuss how we can use reporting from Triage and information from Intelligence to help feed content scenarios in our enterprise environment. We will also discuss how we can use PhishMe Intelligence rules in Triage to respond to phishing campaigns both in real time and proactively. We will also discuss how feedback from Triage can help identify areas in our phishing defense may need more work. At the end of the talk, participants should have a better understanding about how PhishMe’s products work together to build a comprehensive phishing defense program.

11:30m PhishMe Integrations Overview

Cyber attackers are constantly introducing more advanced techniques and tactics to infiltrate your network. To help combat these ongoing threats, PhishMe launched the Technology Alliance Program (TAP) for PhishMe PhishMe, PhishMe Intelligence, and PhishMe Triage. Our goal is to help customers maximize their security investments, leverage existing infrastructure, and enhance their security program. PhishMe TAP delivers comprehensive security solutions through industry-leading innovation and partner integration relationships to empower organizations to defend the enterprise against attackers. PhishMe’s strategic technology partnerships integrate complementary and holistic security solutions for enterprise employee readiness, intelligence, and incident response capabilities. This session is an opportunity to learn about PhishMe integrations – what we’ve done, how we do it, and why.”

11:30m Evolution of a Phishing Defense Program

PhishMe Intelligence adds an important layer of protection to our phishing defense. Intelligence provides timely and accurate indicators of phishing that enable us to detect and respond faster to phishing attacks. This presentation describes the evolution of our phishing defense program which includes Simulator, Reporter, Managed Triage, and Intelligence. Learn how Scripps defines goals and results at the four phases of our comprehensive program.

11:30am Scaling Your Program Globally

Creating a culture of cybersecurity awareness requires a strategic approach. This is especially true at the AES Corporation, as the impact of our cybersecurity awareness program must span seventeen countries, four continents and seven primary languages. At AES, we strive to set top-level guidelines for improving cybersecurity awareness to enable our local businesses the flexibility to implement the campaigns that are most effective for their audiences.

12:30pm Lunch
1:30pm Birds of a Feather Roundtable
3pm Event Wrap-Up