KEYNOTE. Theater 5 Wednesday 2nd May

Transkript

1 Theater 5 Wednesday 2nd May 2nd 3rd May 2018 Øksnehallen, Copenhagen KEYNOTE Hvem er fremtidens hackere? DANISH Morten A. Eskildsen, Datalogistuderende / Hacker / Kaptajn Cyberlandsholdet 2017, MDevelopment Morten Eskildsen, 25 år og kaptajn for det danske Cyberlandshold 2017, fortæller om sine oplevelser med Cyberlandsholdet til EM i hacking. Specielt interessant er netop de andre 150 hackere som deltog. Deltagerne kommer fra forskellige lande, baggrunde, uddannelser og ideologier. Fælles for dem er, at de har evnerne til at hacke dig. Spørgsmålet er derfor, hvad der skal til, for at en whitehat hacker pludselig ender som blackhat? Hvilke (manglende) etiske overvejelser ligger der til grund for denne transformation? Hvordan beskytter vi os imod hackerne? For det kan vi da godt, eller kan vi? Big Data and Privacy: is your Data Private? (Video Presentation) ENGLISH YvesAlexandre de Montjoye, Assistant Professor, Imperial College, London Privacy does it still matter? What can mobile phone data be used for? How do we safely use big data while moving forward? YvesAlexandre de Montjoye will discuss how traditional data protection mechanisms fail to protect people s privacy in the age of big data. More specifically, he will show how sensitive information can often be inferred from seemingly innocuous data. De nye sårbarheder Meltdown og Spectre set fra en computer arkitekturvinkel DANISH Jan Madsen, Professor, sektionsleder og vicedirektør, DTU Jan Madsen er ekspert indenfor design af indlejrede systemer, med specielt fokus på metoder og værktøjer til system modellering og analyse af applikationsafvikling på multicore eksekveringsplatforme, herunder hardware/software codesign. Han er professor i computerbaserede systemer ved DTU Informatik, hvor han leder sektionen for Embedded Systems Engineering. Robotterne overtager Skynet version 0.2 DANISH Keld Norman, Itsikkerhedskonsulent, Dubex Kom og få et indblik i hvordan Danmarks nuværende ITsikkerhed står til, og få et sjældent indblik i hvordan hackerne, eller rettere hvordan de automatiseret autonome kunstig intelligens beriget robotter og det der er værre, arbejder for hackerne. Keld har undersøgt Danmarks 12½ millioner (RIPE) tildelte IPadresser, kigget på over hjemmesiders forsider, set 6000 forskellige remotedesktop logins igennem og over 600 åbne FTPservers fillister. I den her præsentation konkluderer han et par ting omkring Danmarks ITsikkerhed som måske kan bruges som de dårlige eksempler vi alle skal lære noget af? Her vil blive vist forunderlige ting som lidt vil skræmme men mest sysselsætte og forhåbentlig få dig til at tænke og handle anderledes i fremtiden! Sikring af kritisk infrastruktur adskiller det sig fra alt andet? DANISH Carsten Nielsen, Head of Product Management, Kamstrup IoT forbinder hele verden og dette har også indlydelse på forsyningssektoren, hvor forbrugernes elmålere indgår som en del af den kritiske infrastruktur. Men hvilke trusler findes der og hvordan imødegås de i forsyningssektoren? Hvordan sikrer man data bedst muligt i forbindelse med Sunddataplatformen, hvor data skal arbejde for bedre sundhed? Lisbeth Nielsen, Assistant Director, Sundhedsdatastyrelsen & Søren Brunak, Research Director (PhD) Novo Nordisk Foundation Center for Protein Research DANISH Sundhedsdatastyrelsen er godt i gang med at etablere Sundhedsplatformen, som vil skabe helt nye måder at arbejde med og udstille sundhedsdata på. Rammen om arbejdet med platformen er naturligvis sikkerhed for data; herunder itsikkerhed. Hvordan arbejder man at få mere ud af data på et område, hvor sikkerheden altid er til diskussion på grund af den høje følsomhed, og der samtidig er en stor driftsportefølje? Søren Brunak er opponent på dette oplæg. Danmark Statistik: Digital tillid er afgørende for vores omdømme. Sådan øger vi sikkerheden DANISH Annie Stahel, itchef, Danmarks Statistik og Bo Guldager Clausen, driftsansvarlig, Danmarks Statis tik I Danmarks Statistik er datasikkerhed en topprioritet, for det er vigtigt, at borgere og virksomheder kan være trygge ved vores løsninger. Derfor arbejder vi med udtrykket digital tillid, som bl.a. indebærer en stor opgave med at få designet og implementeret systemer, så indkomne data afidentificeres (pseudonymiseres) straks ved modtagelsen. Desuden arbejder vi med løbende med forbedring af afskærmningen af fortrolige data for at sikre en endnu højere grad af sikkerhed og er naturligvis også ved at gøre os klar til at efterleve GDPR.

2 Theater 1 Wednesday 2nd May 2nd 3rd May 2018 Øksnehallen, Copenhagen 9.45 State of the Net ENGLISH Mikko Hypponen CRO, FSecure Where are we today? Where are we going? Who are the attackers? What are their motives? How do they work? And how are we going to secure our networks over the next decade? AI as the Future of IT Security: Sophos introduces Deep Learning to fight against all known & unknown IT security threats Per Söderqvist, Sales Engineer Team Lead Nordics, Sophos ENGLISH As modern It security threats continue to evolve, so do Sophos solutions. We have added a special kind of artificial intelligence to our NextGen Endpoint and Network protection solutions to proactively address the challenge of constantly developing threat landscape. Deep Learning neural network, an advanced form of machine learning, works like a human brain that learns automatically to detect and block both known and unknown malware, exploits and other vulnerabilities. This results in a high accuracy rate and a lower false positive rate, thus, offering you unparalleled, simple, yet better IT protection. Physical Infrastructure, Virtual, Cloud: What about security? ENGLISH Frédéric Donnat, Cloud Technical Architect, Outpost24 IT infrastructures are constantly evolving and today we are in the "Cloud" and "Containers" area. These technological evolutions bring changes in the way of apprehending and managing security, with benefits but also disadvantages Do you even hunt, bro? ENGLISH Jesper Mikkelsen, Cyber Defense Specialist, Trend Micro Danmark You receive an alert from your AV solution, what do you do? A. Acknowledge the alert, and move on? B. Reimage the infected endpoint, and move on? C. No of the above.? Attend this session and find out, why threat hunting is a must, when it comes to combating todays threats and adversaries. Nok om GDPR og Compliance Du bliver hacket alligevel så hvad skal du gøre? DANISH Claus JensenFangel, Senior Security Architect, Atea Security I de seneste mange måneder har der været fokus på de forestående krav om stilles til virksomhedernes og organisationernes IT og informationssikkerhed, men der er intet, som er 100% sikkert: Vi kommer alligevel til at se "succesfulde" hackerangreb i fremtiden. Indlægget vil fokusere på en top5 liste over de vigtigste aktiviteter og opgaver, som du bør fokus på i din organisation i forbindelse med disse hændelser. Apple ios integration til Cisco s produkter DANISH Tom Stampe Raavig, CCIE, Netteam Lær om det nyeste indenfor ios integration til Cisco s produkter. Med udgangspunkt i Cisco Security Connector, vil du i sessionen høre om hvordan du som virksomhed sikrer medarbejdernes mobile enheder hvorend de befinder sig. At sikre enhederne er ikke den eneste bekymring da medarbejderne hver dag er udsat for større og større risiko: Hvordan forhindrer du f.eks. brugerne i at klikke på phishing links i sms beskeder og er der fri adgang til virksomhedens data fra de trådløse enheder? Med det stigende antal trusler er det fundamentalt at virksomheder, nu og ind i fremtiden, kan sikre brugerne og virksomhedens følsomme data til enhver tid hvilket kræver visibilitet og oversigt over hvad der sker på enhederne. Every Cloud has a Privileged Lining ENGLISH David Higgins, Director of Strategic Accounts, EMEA, CyberArk As organisations across the world look to adopt and leverage cloud platforms, a newtier of privileged access is introduced. Privileged Access achieved through console users or Access Keys provides a new, unprecedented level of access not seen before. Without the appropriate management of these users and keys, organisations are open to a very large risk which is very simple to exploit. In this session we review recent incidents where privileged access within Cloud Platforms has been exploited, what practices led to this incident and best practices on how these risks can be mitigated. State of the Phish 2018: What Your Peers are Doing to Reduce Successful Phishing Attacks ENGLISH Paul Down, EMEA Area Director, Wombat Security Technologies Aggregation and analysis of data from tens of millions of simulated phishing attacks sent through Wombat s Security Education Platform over a 12month period Reponses from quarterly surveys of Wombat s, as well as data from an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors Insights into current vulnerabilities, industryspecific phishing metrics, and emerging threats Operationalise GDPR and Privacy by Design: What to Automate in Your Privacy Programme ENGLISH Ian Evans, Managing Director, OneTrust EMEA To operationalise GDPR, companies will need to build the principles of privacy by design into all of their business processes. In this session, learn about the different parts of a privacy programme from PIA/DPIAs, data mapping, consent management, and cookie compliance to subject rights requests and vendor risk management. Discover how your organization can streamline privacy management through software automation, and where humans are absolutely essential.

3 Theater 2 Wednesday 2nd May 2nd 3rd May 2018 Øksnehallen, Copenhagen Is your cloud as secure as it is easy? DANISH Christian V. Petersen Security Engineer Team, Check point Der ligger noget uundgåeligt og attrativt i den måde man kan bygge services på hos div cloudproviders; fx AWS, Azure og GCP. Skalering og elasticitet følger med som en selvfølge og man kan deploye ting med meget få klik og let betaling! Men er det sikkkert? Hvordan får jeg kontrol over mit cloudmiljø? Hvordan kan jeg sikre det uden at begrænse det? Hvad nu hvis jeg har både AWS og Azure? Check Point CloudGuard arkitekturen giver den samme velkendte sikkerhed vi kender fra traditionelle onprem løsninger men designet til cloudløsninger. The Cyber Security architecture of the future DANISH Niels Zimmer Poulsen Team Leader Security Engineer Team, Denmark, Check point Check Point Infinity giver en komplet beskyttelse mod kendte og zerodays angreb på tværs af diverse miljøer, herunder cloud og mobile. Det enkle, forretningsorienteret management interface reducerer kompleksiteten, hvilket gør det lettere at levere sikkerhed og compliance med et begrænset personale og budget. Infinity hjælper organisationer til at levere fleksibel og sikker IT, der kan tilpasses, efterhånden som forretningsbehovet ændres. Gennem avanceret Threatprevention, forretningsorienteret Policy Management og cloudbased ThreatIntelligence leverer Infinity et solidt grundlag for en bæredygtig og effektiv risk management strategi. Sikkerhed i balance angreb og forsvar i en digital virkelighed DANISH Jacob Herbst CTO, Dubex Trusselsbilledet er i konstant forandring og at ramme det rigtige sikkerhedsniveau i den digitale virkelighed er svært. Det kræver prioritering og fokus og det kræver ikke mindst den rigtige tilgang og processer. Indlægget kikker på det aktuelle trusselsbillede og giver dig inspiration med hjem om hvordan du rammer det rigtige sikkerhedsniveau og hvilke discipliner der skal være på plads indenfor bl.a. risikostyring, fundamental sikkerhed, awareness, overvågning og incident response. Sikkerhedsdesign anno 2020 begynd i dag! DANISH Thomas Wong, Principal Security Consultant, Ezenta Hvad hvis du startede fra bunden? Hvordan ville du bygge dit sikkerhedsdesign, hvis du startede forfra? Hvad skal dertil, hvis du skal være Best in Class i 2020? Hvilke trusler skal vi forholde os til? Skal vi drive det hele selv? Kom og hør vores holistiske bud på sikkerhedsdesign anno 2020, som indeholder både tekniske og bløde løsninger. How to safely embrace the Hybrid Cloud in a DevOps World? ENGLISH Arnfinn Strand, Cloud Security Engineer Europe, Check Point How do you build a secure Hybrid Cloud without impacting the scalability, dynamic and flexibility that is provided in a Cloud only solution? We will look at the shared model for responsibility in the cloud solutions and security that follows the dynamics of the cloud. The session will demo securityorchestration and why you will need the best security. Scandinavia through the eyes of an attacker ENGLISH Mikael Le Gall, Manager of Sales Engineering, Rapid7 As security professionals we often spend a lot of time looking at the inside of our networks to understand where risk lies. Attackers initially view us from a different vantage point, looking for ways to easily infiltrate. Rapid7's Sonar technology conducts internetwide surveys across different services and protocols to gain insights into global exposure to common vulnerabilities. The data collected is available to the public in an effort to enable security research. Essentially, if Sonar can see it, so can an attacker. Join us to learn more about the overall exposure in Scandinavia, and how countries in the region stack up against the rest of the world. Secure cloud services on mobile ENGLISH Marielle Hagblad, Sales Engineer, MobileIron Are you using cloud services? Mobile devices? With MobileIron Access you can make sure that access to e.g. Office365 or Sales Force is enabled in a secure way, so that your data remains safe and that you are able to prevent access from unauthorized users, apps and devices. MobileIron Access enables your users to be productive with their devices and cloud services from anywhere while keeping data secure and protected. Let s talk about mobile first, but without compromising on security. Ransomware og ukendt malware en af de største trusler mod data integritet DANISH Patrick Veis, Associate Security Engineer, Check point Ransomware er den mest irriterende og dyreste variant af malware i øjeblikket, og har gennem mange år været til stor gene for flere virksomheder. Check Point har en stor indsigt i de forskellige typer af malware og er eksperter i beskyttelse mod ransomware ved løbende at indsamle ny statistik om igangværende angreb, som forebygges ved at sende information om angrebsmønstrene til vores globale kunder. En af de bedste mekanismer til detektering af ukendt malware, herunder ransomware, er via sandboxing. Via nye detekteringsmekanismer har Check Point én af de mest effektive malware nuldags trussels detekteringsteknologier tilgængelige i dag. GDPR it's time to comply ENGLISH Sunny Gill, Security Expert Europe, Check Point The majority of GDPR details how personal data is collected, treated, stored and shared; adopting a riskbased approach to mitigate personal data breaches. A small but important part of GDPR discusses how technology can play a role. We will look at how Check Point can assist with some of the requirements of GDPR that can be facilitated by our Check Point Affinity Architecture.

4 Theater 6 Wednesday 2nd May 2nd 3rd May 2018 Øksnehallen, Copenhagen Is DNS a Part of Your Cyber Security Strategy? ENGLISH Erik Peeters, Senior System Engineer, BE, Luxembourg, DK, Norway, Infoblox / Exclusive Network Detecting malware, helping to prevent and disrupt command and control communication, ransomware and phishing attacks, being part of a data loss prevention program DNS can help with this and much more, but are you leveraging it as part of your security controls and processes? DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware from spreading and executing. In this session, you'll learn: The value of DNS How DNS can provide your SIEM with actionable intelligence How DNS can add value to other security controls, such as vulnerability scanners and end point protection. Byg fundamentet for fremtidens sikkerhed DANISH Kaare S. Mortensen, Pre Sales Consultant, Gemalto / Exclusive Network I kraft af de mange sikkerheds udfordringer vore IT afdelinger udsættes for fra dag til dag, er en konstant fokus på data sikkerhed nødvendig. Temaer som flytning til Cloud, GDPR, Datalæk, Hacking, Sporbarhed og meget andet udfordrer. Gemalto vil i dette indlæg gennemgå de kerne systemer, der kan sikre data, simplificere brug af kryptering, verificere adgang og i det hele taget fjerne en stor del af de sikkerheds bekymringer IT afdelinger er udsat for. Kan du stoppe en motiveret hacker? ENGLISH Morten von Seelen, Manager, Deloitte Medierne flyder over med beretninger om avancerede angreb og flere eksperter er efterhånden enige om, at man aldrig helt kan stoppe denne type angreb. Men kan jeres virksomhed stoppe en enkelt motiveret hacker, som hverken har noget stort budget eller forhåndskendskab til jeres virksomhed? Vil en angriber kunne komme ind hos jer ved hjælp af simple og primitive metoder? Deloittes Cyber Operations har gennem utallige penetrationstests og Red Teams afprøvet en række metoder, som ofte har været brugt ved simple hackerangreb, og identificeret en række angrebsmetoder, der er særligt effektive. Giv din Office365implementering et brugervenligt sikkerhedsløft DANISH Nikolaj Holm Vang, Director, Strategic Alliances Office365 er nu en realitet for de fleste, og med GDPR lige om hjørnet, er der en række sikkerhedselementer der bør adresseres. Office365 og sikkerhed kan godt gå håndihånd, udfordringen er at gøre det nemt for brugerne samtidig. Sessionen indeholder Live demo og stiller skarpt på bla: Værktøjer til at løse Office365udfordringer Hvordan vi får brugerne til at anvende OneDrive og ikke Dropbox, som de har vænnet sig til At sikre mindre spam og ordentlig sikkerhed. Embedding Security into DevOps ENGLISH Justin Harris, EMEA Cloud Architect, Palo Alto DevOps operates at a rapid and dynamic pace, using the cloud to create and deploy. Security teams exercise industry best practices of policy change control to eliminate potential security holes. Companies are increasingly looking to evolve so that security becomes part of the DevOps fabric. In this session we discuss and demonstrate how customers can automate the deployment of the VMSeries next generation firewall to protect DevOps environments in the cloud. This session wraps up with a discussion of sample templates and scripts to get started and a video demonstration of a fully automated VMSeries deployment. Sikkerhed i en skyet fremtid fokus på Microsoft Office 365 DANISH Magnus Cohn, Head of Sales, Keepit & Bjørn Sindal Poulsen, group IT/CISO, Maersk Training Hør erfaringerne fra Mærsk Training Sikkerhedsbilledet ændrer sig konstant, og det kan være svært at følge med, når der skal understøttes nye teknologier og cloudtjenester. Et eksempel er Office 365. Løsningen er et fantastisk værktøj til enhver organisation, men der er også indbygget en stor risiko. Kom og hør om sikkerhed i en skyet fremtid, når Bjørn Sindahl Poulsen kommer og fortæller om selskabets løsninger og udfordringer i forhold til Office 365. Du bliver klogere på sikkerhed i clouden og hører mere om de primære kilder til datatab i skyen samt hvilke elementer, det er vigtigt at overveje, når data flyttes til en cloudtjeneste som Office 365. So you didn t get hacked. Now what? (a/k/a how to fail gracefully?) ENGLISH Erik de Jong, Chief Research Officer, FoxIT / FortConsult With all the news about data breaches, attacks on banks and geopolitical games in the cyber domain, more and more people wake up to the fact that they could be next. Now what? Erik de Jong discusses the fundamentals of failing gracefully. Knowing that in many instances we cannot prevent an incident, what can we do to make sure that when the inevitable happens, the process is as painless as possible? Full of real life examples that allow us to learn from the mistakes of others, Erik talk about preparation, investigation, communication, recovery and many other topics, all in the context of serious incident response. Fix Backup once and for all and stop wasting your time ENGLISH Salvatore Buccoliero, Channel System Engineer Nordic, Rubrik Meet the next generation scale Out Backup Appliance from Rubrik. You have no idea how it will affect your life until you have tried it. We kid you not. You will want to see this Ethernal Blue, RowHammer, Spectre, Meltdown and BranchScope ENGLISH Simon Wikberg, Sales Engineer, SonicWall Todays need for fast and vast data with ease of all kinds of gadgets, the assets become ever more vulnerable to attack, loss or compromise. As methodologies changing rapidly, so must your holistic measures to mitigate them. With compliance such as GDPR lurking round the corner, we have concerns about not only what's inside our company walls. We need to cover Internet of Thing coming up as well as them already in place. A holistic security is required to cover both Endpoint and machinery performing computation, regardless if on premise or cloud. Especially as new attack vectors evolve as never seen before. Come and get a glimpse of how.

5 Theater 7 Wednesday 2nd May 2nd 3rd May 2018 Øksnehallen, Copenhagen Digital Transformation: Cureall, Placebo or Poison Pill? ENGLISH Mr Steve Mulhearn, Director Enhanced Technology UKI & DACH, Fortinet Are you really ready for Digital Transformation? While the business benefits are clear, technology adoption, the escalating threat landscape and compliance to any number of standards and legal requirements are all challenges to any DX efforts. If your organization is moving into the Digital future, you need to make sure that your security infrastructure isn t stuck in the past. This session will provide the insight towards a comprehensive and adaptive security architecture that can support your organization s changing objectives and more importantly, evolve as the cyber threat challenge evolves as well. GDPR Plug and Play løsning DANISH Daniel HartfieldTraun, informationssikkerhedsjurist & Kåre Rude Andersen, Security and Monitoring Specialist, DPO Advisor Less talk, more action! Oplev, hvor nemt og hurtigt dine GDPRudfordringer kan løses. Livedemo en håndterer alt fra behandlingsfortegnelser og databehandleraftaler til databeskyttelse og Datatilsynet. Der er naturligvis konkurrencer og tid til spørgsmål. The Four Pitfalls of Privilege: How to Defend Critical Accounts and Systems ENGLISH Karl Lankford, Senior Solutions Engineer, BOMGAR More and more organisations are realizing they need to do more to protect access to their privileged accounts and systems, to mitigate the risk of a cyberattack and meet industry security standards. But traditional approaches to privileged access and identity management often leave organisations exposed because their focus is too narrow. Or they re looking at bells and whistles of new technology, such as AI, and missing the fundamentals. This session will outline the Four Pitfalls of Privilege to highlight some of the most common challenges that organisations face, and how they can address and overcome them. Hvordan kan IBM Watson for Cyber Security i kombination med IBM Qradar optimere håndteringen af sikkerhedshændelser Niels B. Andersen, Sales leader, IBM SOAR Nordic, IBM Denmark på vegne af Arrow DANISH Den øget mængde af avancerede Cyber angreb, sætter en betydelig belastning hos virksomheder, som skal analysere potentielle sikkerhedshændelser indenfor kort tid. Virksomheder skal gennemgå flere datakilder både interne og eksterne som f.eks. trusselsfeeds, sikkerhedsblogs, forskningsartikler som hurtigt kan blive overvældende. IBMs QRadar Advisor kombinerer Watsons kognitive egenskaber med information, der findes i ustrukturerede dokumenter på nettet og korrelerer dem med lokale hændelseslogs fra QRadar. Denne sammenlægning af teknologier giver præcise og konsekvente analyseresultater og identificering af skjulte trusler. Værdi/risikobaseret tilgang til identity management og sikker, stabil firewalldrift til lokal infrastruktur og cloud Jesper Bak Engel, Product Manager og Poul Erik Boeberg, Service & Solution Manager, KMD KEYNOTE Struktureret Compliance på tværs af ISO9001, ISO27001 & EU GDPR DANISH Jesper B. Hansen, Senior konsultent, Siscon & Bo Skadkaer, Quality Manager, TERACOM Bo Skadkær og Jesper B. Hansen giver inspiration til et effektivt og samlet complianceprogram for både ISO9001, ISO27001, og GDPR. Oplægget giver inspiration til, hvordan du bedst indsamler og strukturerer eksisterende dokumentation og viden fra flere interne interessenter og transformerer disse oplysninger til et godt fundament for efterlevelse af både ISO9001, ISO27001 og GDPR. Oplægget har stort fokus på complianceprogrammet og effektivt vedligehold efter 25. maj Bryder din verden sammen efter den 25. maj? Det gør den nok ikke, men dit daglige arbejde bliver lettere, hvis du får opbygget et velstruktureret Complianceprogram med ex. operationelt årshjul med automatiserede kontroller. Automated protection against Zero day attacks ENGLISH Morten Brok, Business Developer IT Security, Secu A/S, SentinelOne / Exclusive Networks Attend this session and learn from our Danish customer well known retailer why they moved to a 360 degrees autonomous next generation endpoint security solution. Timing is off the essence, especially when it comes to cyber security. However, most security solutions today still rely on human intervention with patches and updates which is an ongoing task to counter attacks like zero day. Join in and explore: How a next generation endpoint security solution protects and detects against Zero Day Why traditional security cannot cope with attacks like Zero Day What tangible savings and efficiency steps they achieved Have you looked at your network lately, and noticed the DNS vulnerabilities? ENGLISH Randy D Souza, senior solutions engineer, Akamai You would be amazed of what threats use DNS.The presentation is going to cover advanced threats in the network, and why looking at DNS as a security vulnerability is in any organization s best interest. I will cover some examples of threats our research team has discovered, as well as how difficult they can be to discover using traditional AntiVirus, Secure Web Gateways, and Firewalls. Stil de rigtige sikkerhedskrav til IoTindtoget på danske sygehuse. Nye teknologier kan tilsidesætte patientsikkerheden Henrik Johanning, CEO, Genau & More ENGLISH

6 Theater 8 Wednesday 2nd May 2nd 3rd May 2018 Øksnehallen, Copenhagen graders sikkerhed med Palo Alto Networks Integrerede platform for optimal beskyttelse DANISH Mikkel Bossen, SE Manager, Norway, Iceland & Denmark Du kender det, udfordringen er: Zero Day, Poly morphing malware, phising, ID og Password tyveri, Malware, Ransomware, Patching issues, Signaturopdatering, Endpoints, AV, Cloud og SaaS sikkerhed, GDPR osv. Rækken er nærmest endeløs og udfordringen kolossal nærmest skræmmende. Sådan behøver det ikke at være! Kom og hør hvordan Palo Alto Networks kan hjælpe dig med at få overblik og kontrol over dine data og styr på sikkerheden, og ikke mindst hjælpe dig til at være mere klar til krav under GDPR. De kriminelle har allerede en plan for Har din virksomhed også en plan for beskyttelse? DANISH Leif Jensen, Nordisk direktør, Kaspersky Lab I Danmark er vi ofte lidt naive, når det gælder itsikkerhed. Selv om der kom flere "lig på bordet" i 2017,er vi stadig ikke gode nok til at beskytte os effektivt imod blandt andet ransomware og DDoSangreb. Og når det gælder kritisk infrastruktur og produktions miljøer, så er vi kun lige begyndt at tænke på det. Leif Jensen vil fortælle om, hvad vi kan forvente os fra de kriminelle i 2018 samt på længere sigt også her i Danmark. From Circumstantial Evidence to Hard Facts, Fra Indicier til Fakta! ENGLISH Daniel Joseph Barry, VP Strategy and Market Development, Napatech As cyber security attacks continue to become more sophisticated, it is no longer a question of if you are going to be breached but when. When a breach happens, time is of the essence. The faster a breach is detected and contained, the less damage and cost. The faster a security incident is analyzed and determined to be a threat or not, the more incidents can be handled. Circumstantial evidence is not enough. Only the hard facts of what happened and when are enough to provide certainty. What tools are required to move from circumstantial evidence to hard facts? Managing the Modern Attack Surface ENGLISH Gavin Millard, Technical Director, Tenable The network is unrecognisable as cloud, containers, custom web apps, IoT, and OT all warp the perimeter. Against this, 2017 saw the number of discovered vulnerabilities almost treble. Unsurprising then that security continues to struggle to measure and manage the modern attack surface. Even if you know it s flawed, finding and fixing issues is easier said than done.with failure not an option, especially as GDPR fines threaten to eradicate profit margins, this session will help understand your full environment with all its dark corners, unmanaged assets, and forgotten systems to determine and then reduce your cyber exposure gap. Is your data protected on end user devices? ENGLISH Martin Everhøj, IT Consultant, Netcloud With mobile workforce and the use of multiple devices (laptops, phones and cloud services) it can be a challenge to get an overview of all devices, their content and protection level. No matter how many products procured, the essential work of defining a security baseline, setting up maintenance processes and having tools to respond to incidents should be prioritized! With this presentation, we would like to point to some typical pitfalls and suggestions to remediation. How UEBA and Advanced analytics will improve your threat detection and response. Jan Quach, Solution Director, Logpoint TBA ITsikkerhedstrusler er vi ved at lave selvmål? DANISH Niels Mogensen, Security Evangelist, Consia Ransomware, Petya, Meltdown og Spectre Vi er kommet på fornavn med truslerne, der optræder scenevant i medierne nu også både i radio og på TV. Trusler får megen opmærksomhed, og vi hører folk snakke om dem i kantinen og på direktionsgangen. Vi forbereder os naturligvis på, at de dukker op hos os. Vi bruger mange ressourcer på at beskytte vores data, applikationer og infrastruktur imod disse "bad boys". Men er vi ved at lave et selvmål? Glemmer vi den største trussel af dem alle OS SELV og ved vi i det hele taget, om vi er ramt og hvad gør vi så? I dette indlæg vil vi diskutere håndtering af de trusler, vi ikke kender til. Vi snakker om sikkerhedsdesigns, baselining, og hvilke whistleblowers vi har til rådighed. Protecting Network and Users from Advanced Malware with one SKU ENGLISH Peter Johansson, Regional Manager Nordics, Baltics, Ukraine, Russia, WatchGuard Technologies Let me tell you how WatchGuard protects the company network and workers on the road against Advanced Malware, Ransomware, Phishing attacks and more with Unified Threat Management, AI with Machine Learning, very high visibility and unlimited support 24/7 while educating happy clickers with only one SKU. Maintain awareness of threats and vulnerabilities ENGLISH Gerhard Giese, Manager European Team of Security Architects, Akamai Technologies The industrialization, nationalization, and monetization of attacks is making security more complex Akamai has visibility into 50 million web application attacks and hundreds of DDoS attacks weekly and more than 150 people in the SOC and multiple teams dedicated solely to threat research. No security provider has more insight into DDoS and web application threats than Akamai. Attend this presentation and arm yourself with the latest data, analysis, and indepth research on the everchanging threat landscape.

7 Theater 5 Thursday 3rd May 2nd 3rd May 2018 Øksnehallen, Copenhagen KEYNOTE Hacker Challenge ENGLISH Powered by Deloitte Hacking is all about breaking the security of an application or infrastructure and is often surrounded with great mystery. In this session we will follow a group of hackers work from beginning to end and show you live how hackers really work. The session is accompanied by Deloitte Hacking experts who will explain the hackers choises and actions. AI or Die: Redefining what it means to be human in the digital age ENGLISH Alix Rübsaam, PhD Candidate, University of Amsterdam Several thinkers and innovators (Stephen Hawking, Elon Musk, etc.) have predicted that the rise of Artificial Intelligence means the end of humankind is near. They see our brain as a computer. For a long time, the computer has been the metaphor to explain the way we think. But this metaphor exists in a long tradition of ideas that are used to understand what it means to be human. From this, we can learn how our technologies contribute to how we think about ourselves and our future. The end of humankind is, thus, more the end of a way of thinking. Privacy by design why og how? ENGLISH Kirsten Marie Petersen, Advokatfuldmægtig/Assistant Attorney, Kammeradvokaten / Advokatfirmaet Poul Schmith Based on Kammeradvokaten s experience I will give an input on how to handle privacy by design in practice A vision for citizen s data in a nonviolent way: how to get control of our own data ENGLISH Steven Gort, Data Whisperer, ICTU Discipl is a vision in which society progresses towards a highly automated economy. To do that, the idea is to focus on a path to zero cost by using solutions that are free in usage, open source, highly automated and easily employable, a form of edemocracy. A step towards people being more in control of and possessing their own data, to a level where there s no need for central registers owned by third parties as we only need citizens as prosumers (both consumer and producer) that care for all needs to be fulfilled in a smart and nonviolent way. Sådan klarer du kravene til behandlingssikkerhed i GDPR DANISH Emil Bisgaard, Erhvervsjuridisk rådgiver, Kammeradvokaten / Advokatfirmaet Poul Schmith GDPR lige på trapperne! Det skal du som itchef være opmærksom på. Sådan sikrer og dokumenterer du compliance med GDPRkravene til behandlingssikkerhed.

8 Theater 1 Thursday 3rd May 2nd 3rd May 2018 Øksnehallen, Copenhagen 9.45 KEYNOTE Er du klar, når krisen rammer? DANISH Peter Troels Brahe, Security Advisor, FortConsult Der er efterhånden bred enighed om, at virksomheder ikke kan undgå at blive ramt af et sikkerhedsbrud det er blot et spørgsmål om tid. Når man har accepteret den ubehagelige sandhed, er det nærliggende at fokusere på, hvordan man minimerer skaden. Beredskab er altafgørende, da det oftest er timerne umiddelbart efter sikkerhedsbruddet, der afgør, om man lander på forsiderne eller undgår katastrofen. Peter Troels Brahe fortæller om, hvordan virksomheder forbereder sig på sikkerhedsbrud og gennemfører regelmæssige brandøvelser, der simulerer hackerangreb og om hvordan du lærer at reagere hurtigt og hensigtsmæssigt, når uheldet er ude. Opdag ittruslen før det er for sent DANISH Ebbe Petersen, ebusiness pioneer og CEO, Bitrater Group En tidssvarende bekæmpelse af cybertruslen fra de stadig mere professionelle itkriminelle kræver realtime, kontekstuel og prædiktiv trussel intelligence af alle aspekter af nuværende og fremtidige trusler. Det stiller ikke blot store krav til den teknologi, som vi anvender men også til organisationen. Samarbejde mellem itsikkerhedsbranchen og øvrige aktører er afgørende for at være på forkant. Samtidig er der behov for et styrket nationalt privat/offentligt amarbejde om itsikkerhed. Sikkerhed i balance angreb og forsvar i en digital virkelighed DANISH Jacob Herbst, CTO, Dubex Trusselsbilledet er i konstant forandring og at ramme det rigtige sikkerhedsniveau i den digitale virkelighed er svært. Det kræver prioritering og fokus og det kræver ikke mindst den rigtige tilgang og processer. Indlægget kikker på det aktuelle trusselsbillede og giver dig inspiration med hjem om hvordan du rammer det rigtige sikkerhedsniveau og hvilke discipliner der skal være på plads indenfor bl.a. risikostyring, fundamental sikkerhed, awareness, overvågning og incident response. Predictions from the Cyber Crystal Ball DANISH Christian Nielsen, Senior Security Engineer, Trend Micro Hvert år graver Trend Micros researchers sig gennem trusseldata: de angreb og typer af sårbarheder, de har set og undersøgt, undersøger trusselaktører som f.eks. den cyberkriminelle underverden. Alle disse ting med flere hjælper med at forudsige, hvad der kan komme næste gang. Deltag i Trend Micro kig i krystalkuglen, hvor vi vil diskutere de top forudsigelser, som Trend Microresearchers har afdækket, bla.: Trussels tendenser Skift i brugeradfærd og infrastrukturændringer Nok om GDPR og Compliance Du bliver hacket alligevel så hvad skal du gøre? DANISH Niels Erik Ankvist, Atea Security I de seneste mange måneder har der været fokus på de forestående krav om stilles til virksomhedernes og organisationernes ITog informationssikkerhed, men der er intet, som er 100% sikkert: Vi kommer alligevel til at se "succesfulde" hackerangreb i fremtiden. Indlægget vil fokusere på en top5 liste over de vigtigste aktiviteter og opgaver, som du bør fokus på i din organisation i forbindelse med disse hændelser. Apple ios integration til Cisco s produkter DANISH Tom Stampe Raavig, CCIE, Netteam Lær om det nyeste indenfor Apple integration til Cisco's produkter. Med udgangspunkt i Cisco Security Connector, vil du i sessionen høre om hvordan du som virksomhed sikrer medarbejdernes mobile enheder hvorend de befinder sig. At sikre enhederne er ikke den eneste bekymring da medarbejderne hver dag er udsat for større og større risiko: Hvordan forhindrer du f.eks. brugerne i at klikke på phishing links i sms beskeder og er der fri adgang til virksomhedens data fra de trådløse enheder? Med det stigende antal trusler er det fundamentalt at virksomheder, nu og ind i fremtiden, kan sikre brugerne og virksomhedens følsomme data til enhver tid hvilket kræver visibilitet og oversigt over hvad der sker på enhederne. Data Driven Security: Improve Your Security Posture To Defeat Your Adversary ENGLISH Duo Presentation, Splunk and Palo Alto Networks Today's complex, multifaceted infosec challenges can cause IT and security teams to spend unnecessary cycles trying to perform the fundamentals basic hygiene, assessing posture, and validating security "readiness". With most organizations getting attacked weekly, ensuring these functions are efficient and effective is more important than ever. In this session you'll learn how endtoend security visibility is a critical first step to improving your security posture. By combining endpoint, network, user activity, and threat intelligence you can be truly datadriven and: Identify malicious activity and gain key context to help prevent similar threats Apply methods to help improve accuracy and further mitigate risk Automate context gathering and response actions to accelerate investigations, and to more effectively contain and prevent threats

9 Theater 2 Thursday 3rd May 2nd 3rd May 2018 Øksnehallen, Copenhagen KEYNOTE The Shift to SelfLearning, SelfDefending Networks ENGLISH John Dyer, Account Director, Darktrace This session is designed to help security professionals learn about: The current and future cyberthreat landscape Leveraging machine learning and AI algorithms to defend against neverseenbefore cyberthreats How new technologies enable you to preempt emerging threats and reduce incident response time Why automation and autonomous response is enabling security teams to neutralize inprogress attacks, prioritise resources, and tangibly lower risk Realworld examples of subtle, unknown threats that routinely bypass traditional controls How to Tackle the GDPR: A Typical Privacy & Security Roadmap ENGLISH Ian Evans, Managing Director, OneTrust EMEA As a new era of privacy regulations approaches, security and compliance professionals need to make GDPR a top priority. It is essential to build a roadmap with both privacy and security in mind. In this session, we ll discuss the importance of privacy management within the context of your existing security and compliance ecosystem how it fits into the larger puzzle, why it has been precariously overlooked in the past, and how it can be seamlessly integrated as a function among the information security. We ll address the importance of demonstrating ongoing compliance with privacy regulations like GDPR, and how privacy management software can support security and GRC teams. Don t watch that, watch this! ENGLISH Richard Leadbetter, EMEA Security Specialist, Aruba (A Hewlett Packard Enterprise Company) Since we were children we were always told to fear strangers; beware of the person outside but what if the problem wasn t outside and you knew the person all along and how does this apply to your network? This presentation will focus on how to quickly deal with the unknowns, and provide the necessary extra focus on what we thought we knew without the need to get stressed about it all. Why Privileged Account Management should be your Number 1 security priority ENGLISH Scott Shields, Security Engineer, Thycotic While security is a top priority, nearly twothirds of respondents still rely on manual methods to manage privileged account passwords. That s an alarming statistic when you consider that privileged account passwords and access are a prime target for hackers and one of the biggest cyber security risks for breaching the defenses of any organization. Join us as we highlight research results that reveal several security gaps in how organizations manage and secure their privileged account passwords and access. You ll get key recommendations for how to address the most common shortcomings in PAM security, including how automated PAM solutions can secure privileged credentials throughout your IT infrastructure while enhancing your productivity. Compliance and GDPR ENGLISH Stephen Broscoe, Senior Director, Channel Sales, Absolute Software IT Security professionals face constant challenges around compliance, risk management, privacy and data protection. Join Stephen Broscoe as he discusses security and compliance best practices and how technology from Absolute Software including asset inventory reporting, data awareness and data protection tools and application persistence can assist in addressing these issues and in helping companies be prepared for incoming General Data Protection Regulation legislation. Enterprise Authentication: How to solve the Security/Simplicity Tradeoff with FIDO ENGLISH Tommaso De Orchi, Director of productmanagement, Yubico During the session, Yubico will share how to protect your entire organization from phishing, malware, and maninthemiddle attack, while also provide a comparison of enterprise authentication techniques, including username/password, onetime password, mobile push, smart card, and FIDO. By the end of this session you will know: Which are the strongest authentication solutions available today and what does the future of authentication look like? A Hacker s Confessions: Red Teaming DANISH Michael Moltke, itsikkerhedschef, FortConsult Flere og flere sikkerhedsbrud sker som følge af den menneskelige faktor. Dette har skabt et større behov for at simulere angreb fra start til slut og teste medarbejdernes evner til at reagere på trusler. FortConsults Michael Moltke viser, hvordan ondsindede hackere opererer i den virkelige verden: hvad de går efter, hvordan de forbereder sig, og hvordan de eksekverer deres angreb. Han fortæller om de seneste trends og arbejdsmetoder, som vi ser blandt cyberkriminelle, og fortæller war stories om hvordan han selv har fået lov til at bryde ind i topsikre virksomheder, ved at udnytte medarbejdernes uopmærksomhed. Det vil tage år at sikre industrielle systemer mod cyberangreb DANISH Luke HerbertHansen, Principal Consultant, FSecure Corporation Trods en lang historie med industrielle systemer er lovgivning og standarder for cybersikkerhed i sådanne systemer kun langsomt under udvikling. Imens står ejere af industrielle systemer f.eks. energiselskaber overfor en betydelig udfordring med hensyn til at sikre systemerne, som ofte er kritiske, komplekse og koblede til partnersystemer og sjældent bygget med henblik på forsvar mod cybertrusler. Men cybertruslen vokser og det er nødvendigt at sikre systemerne; en diciplin som både udfordrer det ledelsesmæssige og det operationelle niveau. Luke HerbertHansen, PhD, fortæller om sine erfaringer med at forsvare industrielle systemer, udvikle EU lovgivning på området og præsenterer en lille guide til hvordan vi alle kunne udføre vores eget lille StuxNet angreb.

10 Theater 6 Thursday 3rd May 2nd 3rd May 2018 Øksnehallen, Copenhagen EU GDPR Bryder din verden sammen efter den 25. maj? DANISH Lars Bærentzen, CEO, Siscon Hos Siscon er vi ikke bange for at dele praktisk konsulentviden. Adm. Direktør Lars Bærentzen har samlet en solid række tips, tricks for best practice i implementeringen af GDPR samt potentielle faldgruber, og serverer dem for dig i et praktisk orienteret oplæg. Erfaringerne stammer fra en lang række projekter sammen med både offentlige og private kunder. Bryder din verden sammen efter den 25. maj? Det gør den nok ikke, men dit daglige arbejde bliver en del lettere, hvis du får opbygget et operationelt årshjul med automatiserede kontroller. Det er en hjørnesten i EU GDPR arbejdet, som Lars Bærentzen også vil komme med et konkret bud på. Challenges in connecting OT and IT networks securely ENGLISH Michael Appelby, Head of Sales and Business development, Zybersafe Securing critical infrastructure poses many challenges, especially when integrating complex industrial systems (ICS) towards business systems that have different security requirements. There are many pitfalls in connecting OT and IT networks safely. Come join the session for Zybersafe s view on how best to secure data integrity and confidentiality between OT and IT networks. Zero Trust building the new information security network ENGLISH Peter Koch, CSO & Partner, Credocom The largest single vulnerability in modern IT systems is TRUST, so how do you build an efficient information security network, that effectively mitigates this trust vulnerability creating a more efficient programmable network while increasing security significantly. The Zero Trust model might be the answer. Originally published 10 years ago by Forrester Zero Trust is now becoming the preferred strategy by many large enterprises to protect their key asssets. Why you shouldn't buy our services ENGLISH Andreas AarisLarsen, Senior security consultant, Fsecure A look at the current way organisations are purchasing cyber security services, the real reasons for why they're buying them and the undesired results that this brings. The presentation will discuss a change in strategy, to ensure purchasing the services that actually meets the needs of the customers rather that what customers and providers think is needed, how to maximise the return of investment for security projects, and steps that can be taken by both customers and cyber security services providers to obtain this, moving testing goals and approaches above and beyond that of standards and policy compliance. Stopping a Live Hack using BDO MDR and BDO EDR ENGLISH The Master and Guru with n MDR and Cyber Security Dori Fisher from BDO Israel, Head of security consultans Henrik Falkenthros from BDO Denmark. KEYNOTE Kom og oplev den lækkede præsentation fra Cyber Crime Syndicate DANISH Thomas Wong, Principal Security Consultant, Ezenta Cyber crime er ikke længere enkelte personer, men bliver i højere grad drevet af professionelle mennesker og som en professionel virksomhed. Kom og hør hvordan de itkriminelle driver deres virksomhed med succes og hvilke forventninger de har til fremtiden. Få de 10 bud på, hvordan de itkriminelle ikke anbefaler, at I som virksomhed skal agere. Sådan beskytter du kritisk IT/SCADA med Hackeren på arbejde DANISH Mikael Vingaard, beredskabskoordinatorit, Energinet Uanset om du arbejder med kritisk infrastruktur, forretningsservice eller leverer ydelse til borgerne er informationssikkerhed, et punkt man bare må tage stilling til! Medierne er ofte fulde af skrækhistorier, ITSikkerhedsfirmaerne vil gerne sælge deres dyre produkter, og topledelsen stiller løbende spørgsmål om hvad det rigtige niveau til informationssikkerheden er... og om det virkelig behøver at koste så meget! Indlægget vil afmystificere ICS/SCADA og ikke mindst komme med nogle konkrete forslag til hvordan du kan øge sikkerheden i disse kritiske miljøer uden at det koster en formue i nye sikkerheds produkter!

11 Theater 7 Thursday 3rd May 2nd 3rd May 2018 Øksnehallen, Copenhagen Stop angreb og malware mod klienter med Palo Alto Networks "multimethod" endpoint løsning DANISH Mikkel Bossen, SE Manager, Norway, Iceland & Denmark, Palo Alto Palo Alto Networks har endnu en gang sat standarden for hvordan endpoint sikkerhed bør laves. Vi anvender flere metoder for at stoppe malware og udnyttelse af sårbarheder, her i blandt machine learning, for at sikre at endpoints ikke bliver ramt af skadelig kode. Vores klient er en reel afløser for gammel Antivirus uden at udnytte mange ressourcer på endpointet. Dette betyder at vores klient er brugbar i alle typer af miljøer inklusiv virtuelle desktops og servere samt SCADA miljøer. Med en cloudbaseret management er løsningen nem at implementere og administrere. Hvad gør du, når først de er kommet igennem porten? DANISH Henrik Kirkeskov Nielsen, Security Sales Lead Amir Comae, VMware Vi bruger utallige af penge på at sikre IT infrastrukturen på den traditionelle måde, men måske skal vi have en anden approach. Kom og hør hvorfor Gartner bl.a. anbefaler mikro segmentering som værende én af de teknologier som burde implementeres i både private og offentlige IT infrastrukturer. Et stigende antal trusler og angreb i den seneste tid, gør at mange private virksomheder, såvel som offentlige ser på teknologier til at standse et evt. angreb fra hackere, såfremt uheldet skulle være ude. Tendensen er desværre, at malware bliver mere og mere intelligent, og spreder sig som ringe i vandet når først de er kommet ind. Kom og hør hvordan mikro segmentering med NSX kan være med til at sikre at det ikke sker. Vi bruger utallige af penge på at sikre IT infrastrukturen på den traditionelle måde, men måske skal vi have en anden approach. Kom og hør hvorfor Gartner bl.a. anbefaler mikro segmentering som værende én af de teknologier som burde implementeres i både private og offentlige IT infrastrukturer. Et stigende antal trusler og angreb i den seneste tid, gør at mange private virksomheder, såvel som offentlige ser på teknologier til at standse et evt. angreb fra hackere, såfremt uheldet skulle være ude. Atea Security ser desværre, at tendensen er, at malware bliver mere og mere intelligent, og spreder sig som ringe i vandet når først de er kommet ind. Kom og hør hvordan mikro segmentering med NSX kan være med til at sikre at det ikke sker. 68% of companies are illprepared for credential stuffing attacks. Are you? ENGLISH Gerhard Giese, Manager European Team of Security Architects, Akamai Technologies Bots can represent 3070% of website traffic, making it critical to understand who is behind them and what they are doing. To protect yourself from poor performance, customer churn and even fraud, you need an effective bot management strategy that brings bots under control. Distinguish attackers from legitimate customers to stop malicious activity from even the most sophisticated bots it is the key for advanced bot detections systems. Attend this session to learn on how to protect yourself, your customers and your bottom line from costly credential stuffing attacks and other botbased risks. How do you assess the benefits, risks and challenges of moving to the cloud? ENGLISH Morten Lauritzen, Sales Engineer, Citrix Today s technology landscape is fast evolving into an alwayson, continuous flow of information which is constantly being reimagined to meet the demands of a digital business transformation. With cloud rapidly becoming the enabling platform of choice and displaying traditional deployment models, we are force to rethink the conventional thinking around security in application and network. There are many myths about cloud amongst them Cloud is less secure than onpremises capabilities. However, in truth there are some simple question you need to ask yourself. What is your business strategy? Is it focused on stability or innovation? How highpriority are the benefits or rewards that cloud provisioning could offer? Digital Transformation: Cureall, Placebo or Poison Pill? ENGLISH Mr Steve Mulhearn, Director Enhanced Technology UKI & DACH, Fortinet Are you really ready for Digital Transformation? While the business benefits are clear, technology adoption, the escalating threat landscape and compliance to any number of standards and legal requirements are all challenges to any DX efforts. If your organization is moving into the Digital future, you need to make sure that your security infrastructure isn t stuck in the past. This session will provide the insight towards a comprehensive and adaptive security architecture that can support your organization s changing objectives and more importantly, evolve as the cyber threat challenge evolves as well Prevention is still better than Cure ENGLISH Guido Adriaansens, Sales, Engineering, EMEA North, Commaxx Patch, App control, privilege management beats AV Balancing DevOps Velocity with Security Risk ENGLISH Josh Kirkwood, DevOps Security Lead, CyberArk Developers want to run fast but are organizations equipped to handle the security risk that comes with DevOps speed? Companies with faster code delivery were 62% more likely to see YoY revenue growth of 25% or more. How can you keep security in focus when DevOps is delivering such value?