Approved for 15.75 CPE's
Approved for 6 CEC's
State of the Cyber Threat Landscape
Regency East Sunday 8:00 – 9:00 AM
Presenter:Shawn Henry, CrowdStrike Services
President of CrowdStrike Services and former FBI executive Shawn Henry will discuss the state of the cyber threat landscape and the importance of viewing
cybersecurity as an enterprise business risk. He will address topics including: supply chain threats and ransomware; adversaries and their motivations with
focus on nation-state actors; examples of recent high-profile attacks and real-world incidents; getting your leadership on board with understanding their
cyber risk; rise in Internet of Things devices and what that means for security; and the convergence of IT and OT, particularly during the global pandemic.
CrowdStrike engages in significant proactive and incident response operations across every major commercial sector and critical infrastructure, protecting organizations' and governments' sensitive data and networks around the world. Hear expert perspectives on the current state of cyber threats to critical and election infrastructure…and what is being done about those.
Projects – From Design through Operation
Why Integrators May Not Bid Your Project
Pecan Monday 9:15 - 10:30 AM
Moderator:John Nemerofsky, Sage Integration
Panelists:Phil Aronson, ADT
Mike Thomas, Integrated Security & Communications
Brad Wilson, RFI
Why do many very qualified security integrators pass on pursuing bid projects. Has the qualification bar been set too low to prohibit unqualified, low-bid contractors? Are the technical requirements too onerous…or too nebulous? Perhaps, it's the need to install and support multiple locations in different locales. Administrative requirements, such as reporting, may be perceived as onerous. Hear the perspectives of several from top systems integrators about what makes a project undesirable from a bidding standpoint.
Scenario Based Testing/System Validation
Pecan Monday 10:45 AM - 12:00 Noon
Moderator:Jim Henry, Independent Consultant
Panelists:Pierre Bourgeix, ESI Convergent
Jeff Bransfield, RS2 Technologies
Jerrod Johnson. Ferguson Enterprises
Joe Lynch, Minuteman Security Technologies
Following a system installation, but prior to acceptance and sign-off, what is the most effective way to reasonably assure that the system works as intended. Is it through a checklist of functional criteria? Through an evaluation of pre-designed scenarios? Should 100% of devices be tested or random sampling be employed based on pre-determined criteria? When is it practical for Client operators to be involved? How might such testing/validation impact completion of the construction project? This session will discuss these issues and the approaches security consultants should take throughout the project to improve the end result and Client satisfaction, whether or not they are involved in the actual system commissioning.
Planning for the Operational Phase of the Life Cycle
Pecan Monday 1:30 - 2:45 PM
Moderator:James Francis, LFJ Consulting Services
Panelists:Todd Davis, Valero Energy Corp.
James Elder, Secured Design
Phil Lake, Knight Security
Operational issues associated with achieving the risk reducing goals of the original system procurement may be obscured because the Client is not a security expert. What is the consultant/integrator responsibility to the Client post-commissioning when the contractual agreements have been concluded? Partially driven by the pandemic, remote managed services, including cloud-based video and access control and network monitoring, have become an important component of some systems integrators' offerings, but value-add services, extended warranty, all-inclusive support contracts, and upgrades have often been overlooked or rejected. As "trusted advisors" to the Client, consultants have the opportunity to both shape and meet Client expectations for reliable system operation, particularly in today's post-pandemic environment.
Human Success Factors in Security Design Projects
Pecan Monday 3:00 - 4:15 PM
Moderator:Frank Pisciotta, Business Protection Specialists
Panelists:Lorna Chandler, Security by Design
Michael Ramstack, Froedtert Hospital
Brad Wilson, RFI
The integrator/consultant team should work together bring about a successful project outcome – which includes a profit for the integrator, an effective security system for the end-user, and a satisfied reference for the consultant. However, integrators and consultants often find themselves at odds during a project for a variety of reasons. It doesn't have to be this way if everyone stays focused on what is in the best interest of the client. Harmony in security projects between the consultant and the integrator can be achieved with the proper coordination, communication and commitment.
Pen Testing – Tales from the Trenches
Blanco/Llano Monday 9:15 - 10:30 AM
Presenter:Michael Glasser, Glasser Security Consulting
Physical security is an important element of cyber security, and physical security penetration testing (red team) work is often misunderstood. This presentation will provide real-life stories of past pen test engagements as well as insight into the techniques used, challenges faces, skills required and all that goes into a proper physical pen test. Note: This session is all about locks, doors and physical issues – not software or social engineering.
Introducing the Security Industry Cyber Certification (SICC)
Blanco/Llano Monday 10:45 AM - 12:00 Noon
Moderator:Ray Coulombe, SecuritySpecifiers
Panelists:Michael Bendis, Syska Hennessy
Chris Peckham, Ollivier Corporation
Elli Voorhees, Security Industry Association
Most project specifications incorporating cyber security elements put the onus for implementing a cyber secure system on the integrator. But what is reasonable to require of an integrator and how can integrators be evaluated on their ability to perform what is expected of them? For example, how many people within a designer or an integrator's organization should aspire to get this certification? How can people obtain the knowledge to pass? This is the premise behind SIA's new Security Industry Cyber Certification for integrator technicians. This session will embody a discussion of tasks and areas of competence which should underlie both this certification and specifications incorporating cybersecurity. Learn more about this certification, timeline, requirements, process, and relevance to security consultants.
CMMC - An Integrator Qualification with Teeth
Blanco/Llano Monday 1:30 - 2:45 PM
Presenter:Andrew Lanning, Integrated Security Technologies
The Department of Defense ("DoD") recently announced the development of the "Cybersecurity Maturity Model Certification" ("CMMC"), a framework aimed at assessing and enhancing the cybersecurity posture of the Defense Industrial Base ("DIB"), particularly as it relates to controlled unclassified information ("CUI") within the supply chain. The CMMC is expected to designate maturity levels ranging from "Basic Cybersecurity Hygiene" to "Advanced." For a given CMMC level, the associated controls and processes, when implemented, are intended to reduce risk against a specific set of cyber threats. While initially targeted at DOD, this will expand to the entire Federal Government and into critical infrastructure. Learn the importance and details of this program as it applies to integrator/contractor qualifications and ability to work on specific types of projects.
Evaluating Cyber Preparedness for Integrated Systems
Blanco/Llano Monday 3:00 - 4:15 PM
Moderator:Min Kyriannis, EMD | JMK
Panelists:Bryan Arce, Valero Energy Corp.,
John Deskurakis, Carrier
Antoinette King, Credo Cyber Consulting
With cybersecurity becoming an increasingly critical component of enterprise networks, an effective means to evaluate integrated systems and devices for cyber safety is essential. Often these products are not vetted, resulting in many questions and concerns about their cybersecurity posture and how they integrate holistically into the network ecosystem. A group of manufacturers, consultants, integrators, and end-users have formed the Global Cyber Consortium (GCC) to collaborate on a methodology which will offer a streamlined and simplified method of validating products and services, thus establishing uniformity to the cyber common criteria. The GCC is initially focusing on the commercial real estate vertical market to establish a baseline, with plans to expand to a number of other key vertical markets. [Note that this session is intended as a follow-on to the General Session "Security's Impact on Intelligent Buildings", with specific focus on cyber-related issues.]
Questions or comments? Contact us at info@AttendConsult.com.
CONSULT is a security industry event sponsored by SecuritySpecifiers. SecuritySpecifiers is an online community and network of security professionals established to address the need for the physical security industry to more effectively engage with designers and consultants.