October 2, 2023
Workshop
12:00 pm - 3:00 pm
Strategic Tabletop Exercise
A bespoke strategic TTX with scenario concept, threat actors, and incidents developed for retail and hospitality CISOs and leaders. CISOs and Strategic leaders come together for a three-hour tabletop exercise that addresses the key threat actors, incidents, and consequences impacting our industry. Facilitated by Good Harbor CEO ...
Workshop
1:00 pm - 4:00 pm
Tactical Capture the Flag
This three-hour Capture the Flag (CTF) leveraging open source intelligence (OSINT) tradecraft against a cyber crime group. Retail and hospitality analysts, engineers, and tactical teams will leverage various OSINT and cyber investigative tooling to attribute a threat actor network as well as collect the supporting digital eviden...
Networking Event
5:00 pm - 7:00 pm
Welcome Reception
Welcome to the 2023 RH-ISAC Cyber Intelligence Summit! Come say hello to old friends, meet new peers, and help kick off the 2023 conference by the fire pit on the outdoor patio.
Open to all RH-ISAC Summit attendees. No additional registration is required....
Networking Event
7:00 pm - 9:00 pm
Private | CISO Dinner
The RH-ISAC CISO Dinner is an invite-only event for select CISOs and special guests of the 2023 RH-ISAC Summit.
October 3, 2023
Focus Group
8:00 am - 8:30 am
Franchise Focus Group
All members who use the franchise model are requested to join us to talk about what the RH-ISAC can do to help support the unique risks that come with being a franchisor (or franchisee). We have some ideas, but more importantly, we want to hear from you!
This is during the time when breakfast will be available in the foyer, ...
Keynote
8:45 am - 9:45 am
Opening Keynote: Priorities, Purpose, and the Power of Information Sharing
Threat actors are increasingly collaborating and expanding their capabilities. But we have the power to beat them at their own game. Hear from RH-ISAC CISOs who have set their team’s priorities on sharing cyber threat intelligence, as well as other types of community sharing, to help strengthen our important sectors. They have...
Breakout Session
10:15 am - 11:00 am
Gone in 15 Minutes: Discovering and Eliminating Shadow APIs
APIs are the connective tissue for all things digital and can be found in nearly everything we do online – logins, payments, transfers, online banking, and even autonomous driving. However, the proliferation of APIs has also dramatically increased organizations’ attack surface.
Organizations need to protect not only the A...
Sponsored By: Cequence
Breakout Session
10:15 am - 11:00 am
Practitioner Perspectives: State of CTI, 2023 and Beyond
The constant cyberattacks, geopolitical convulsions, and global health crisis have left CTI teams little time to contemplate the state of cyberthreat intelligence and the challenges facing practitioners in strategy development, threat prioritization, and resource allocation. Join experienced security practitioners and contribute...
Breakout Session
10:15 am - 11:00 am
Cloud Security Insight: Shift Left or Shift Right?
In this session, you will learn about the latest cloud security threats impacting retail and enterprise corporations around the world. Whether it’s misconfigurations, attacks on software supply chains, unpatched vulnerabilities, or challenges with MFA, investments are growing in the cloud, but the threat remains. You will be j...
Sponsored By: Palo Alto Networks
Breakout Session
11:30 am - 12:15 pm
Modernizing SOC: Tech Efficiency, Metrics, and Cost Savings
Co-presented by Aramark and Security Risk Advisors. This case study will discuss how to take out the trash in a traditional SOC model to overcome wasteful spend, technical integration issues and limited response capabilities. Aramark realized significant tech cost savings by establishing an optimized security data pipeline with ...
Sponsored By: Security Risk Advisors
Breakout Session
11:30 am - 12:15 pm
Preparing to Comply with the SEC Cybersecurity Final Rule
In July 2023, the Securities and Exchange Commission (SEC) finalized its rule for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. This new rule sets December 2023 deadlines for publicly traded companies to comply with new requirements to disclose cyber incidents to the SEC within...
Breakout Session
11:30 am - 12:15 pm
Ch-Ch-Changes: How Ransomware Revolutionized the Cybercriminal Underground
Modern ransomware attacks aggressively took over the threat landscape a few years ago, with devastating outcomes. A key component that allowed these attacks to be so destructive and effective is the way that the cybercriminal underground evolved to support such operations, completely changing how the underground economy operates...
Keynote
12:30 pm - 1:40 pm
Lunch & Keynote: Enabling a Resilient Security Posture with Strategic Security Testing
Security testing today is mostly tactical. We use pentesting to satisfy regulators but rarely leverage the data to guide security priorities.
The new National Cybersecurity Strategy makes it clear that organizations need better cyber resilience across the supply chain. A critical component of resilient retail and hospitality ...
Breakout Session
2:00 pm - 2:30 pm
Threat Hunting from Zero
Where do you start with Threat Hunting? I’ve spoken with many individuals who think Threat Hunting is scanning your SIEM for IOCs, but if you’re seeing the IOCs within your SIEM shouldn’t you be blocking those already? Threat Hunting is more complex than most people think and many companies have dedicated Threat Huntin...
Breakout Session
2:00 pm - 2:30 pm
Follow The Crypto: Unmasking Refund Fraud-as-a-Service Operations Through Cryptocurrency Investigations
Refund fraud as a service, which allows consumers to outsource refund fraud to professional social engineers, is highly impactful to e-commerce stores. As consumer-facing criminal services, refund fraud-as-a-service operations prioritize ease of use for their customers. Fiat currency and widely accessible cryptocurrencies (e.g.,...
Sponsored By: Netacea
Focus Group
2:00 pm - 2:30 pm
Consumer Goods Focus Group
All members who manufacture/distribute durable or consumer packaged goods are requested to join us to talk about what the RH-ISAC can do to help support the sector and the unique risks to it.
Topics we can cover include:
Industry and threat specific tagging in MISP
Specific intelligence requirements for CPG/MFG-focuse...
Private Session
2:00 pm - 2:30 pm
The Latest Ransomware Threats | TLP:Amber+Strict
Invite Only: This session is open to retail and hospitality practitioners only (Core Members and prospective members). Sponsors are not permitted to attend.
This session will be an interactive discussion of the ransomware threat landscape for the past year facing the RH-ISAC community. Topics will include the Cl0p compromise...
Breakout Session
2:50 pm - 3:20 pm
Small Team CTI: How Casey’s General Stores Leveraged MISP to Build Their Program
Uncover the secrets of building a Cyber Threat Intelligence (CTI) program with minimal financial resources and draw inspiration from Casey’s General Store’s successful journey. Learn how to create value, secure leadership support, and fund initiatives, and explore MISP's pivotal role in aggregating threat intelligence from v...
Breakout Session
2:50 pm - 3:20 pm
Make Better Risk Decisions to Prevent Future Cyber Attacks
As security practitioners, we’re always trying to find ways to get ahead of attackers and mitigate threats before they wreak havoc in our environments. But, traditional defense-in-depth strategies rely more on reactive controls to build walls that we hope will stop attacks from being successful. However, time and again, we see...
Sponsored By: Tenable
Breakout Session
2:50 pm - 3:20 pm
Security Control Validation on a Budget
Security Control Validation is a form of Purple Teaming that specializes in gap analysis to ensure the coverage and effectiveness of existing security solutions such as EDRS and DLP deployments. This presentation outlines an economical and cost-effective solution to validating security controls within an organization by leveragi...
Keynote
3:45 pm - 4:30 pm
Closing Keynote: Navigating Through a Storm – United Airline’s Security Journey During a Global Crisis
2020 marked the beginning of a historic and turbulent period accompanied by momentous repercussions at a universal scale. At United Airlines, it was the start of an unprecedented cybersecurity journey fueled by numerous unforeseen challenges such as COVID-19, workforce shortages, system outages, and weather-related events...
Networking Event
4:30 pm - 5:30 pm
Happy Hour
Celebrate the first day of the RH-ISAC Summit while enjoying light snacks and drinks!
Networking Event
6:00 pm - 9:00 pm
RH-ISAC Member Meeting & Celebration Dinner
Acknowledge the milestones and celebrate the achievements of the RH-ISAC community. During the meeting we will announce the RH-ISAC Board slate of nominees and honor the winners of the 2023 Peer Choice Awards.
Eligibility:
This event is open to RH-ISAC Core Members only. Core Members are CISOs and their teams from retail and h...
October 4, 2023
Keynote
9:00 am - 9:45 am
Keynote: Panel Discussion on Digital Fraud, Emerging Tech & AI – What Now? What’s Next?
How will digital fraud, emerging technology, and generative artificial intelligence impact an already crowded cyber threat landscape? How is it already? These information security leaders sit down for a candid discussion about the challenges - both known and unknown - retail and hospitality organizations are up against as we fac...
Breakout Session
10:00 am - 10:45 am
Hospitality Threat Landscape Panel Discussion
Calling all hospitality cybersecurity specialists and leaders! This discussion focuses on the evolving hospitality threat landscape, providing insights into current threats and forecasts for the next 6-12 months. Panelists will cover adaptation strategies, success stories, and challenges faced by their teams. The discussion will...
Demo
10:00 am - 10:45 am
FOSStering an ISAC: Enabling a Community with Open-Source Tools
Timely, actionable intelligence is crucial to defending against the latest threats. In an active sharing community, you need a way to collect, normalize, enrich, and vet the shared intelligence at scale while keeping in mind the varying maturity, resources, and staffing of teams amongst membership. Most will have different intel...
Private Session
10:00 am - 1:00 pm
Closed-Door CISO Meeting
PRIVATE SESSION: Open to CISOs Only.
This extended breakout session will cover a series of discussion topics as selected by the RH-ISAC's CISO Working Group. Topics may include key challenges and priorities such as:
Vulnerability Management
Security for Hybrid Cloud/On-Premisis Environments
Ransomware Planning
Z...
Private Session
11:15 am - 1:00 pm
Closed-Door CISO Meeting (Cont.)
PRIVATE SESSION: Open to CISOs Only.
This extended breakout session will cover a series of discussion topics as selected by the RH-ISAC's CISO Working Group. Topics may include key challenges and priorities such as:
Vulnerability Management
Security for Hybrid Cloud/On-Premisis Environments
Ransomware Planning
Z...
Breakout Session
11:15 am - 12:00 pm
Beyond DIY: Understanding Your Options for Modernizing Security Operations
As the retail and hospitality industries continue to experience significant growth, the need for scalable cybersecurity solutions becomes even more critical. The do-it-yourself (DIY) approach has rapidly proven to be unsustainable for many—if not most—organizations, especially when cybersecurity talent so outstrips demand. S...
Sponsored By: Expel
Breakout Session
11:15 am - 12:00 pm
Agile Methodology Meets the Intelligence Cycle: How one Technical Intelligence Team Matured Process
The Intelligence Cycle is well-established, however it lacks the process-rigor of project management methodologies and is foreign to security and technology teams - Learn how Synchrony gained process maturity and improved partner engagement by overlaying Agile methodology onto the Intelligence Cycle....
Private Session
12:15 pm - 2:15 pm
Private Dark Web Session – EXTENDED (Begins at 12:15 p.m.)
INVITE ONLY: This session is TLP:RED and open to RH-ISAC Core Members Only
The session will be split into 3 parts:
Intro to the DWWG (30 minutes)
- Dark web lab setting Fundamentals (The does and don’ts (presentation/walkthrough).
- How we investigate DW alerts, posts etc.
A threat discovery/hunt case study (prese...
Brown Bag Lunch
12:15 pm - 1:00 pm
LUNCH: Brown Bag Birds-of-a-Feature Discussions
Grab a sack lunch and find a group to sit with based on a topic of interest. This casual forum allows for free-flowing discussion with fellow practitioners and peers. We’ll have tables assigned with discussion leaders to facilitate conversation on topics such as:
Identity & Access Management
Incident Response
Op...
Sponsored By: Corelight
Breakout Session
1:30 pm - 2:15 pm
Digital Doppelgangers: The State of Retail Brand Impersonation Online in 2023 & How to Take Back Control of Your Name
With the shift toward online retail, cybercriminals increasingly impersonate retail brands online to take advantage of trusted relationships built with customers. Each quarter sets a new record for spoofs, and a majority of consumers blame the impersonated brand for any resulting account takeover, identity, and payment fraud. Bu...
Sponsored By: Allure Security
Breakout Session
1:30 pm - 2:15 pm
Converging Forces: Fusing Cyber and Fraud Intel in Today’s Complex Threat Landscape
Understanding the threat landscape as it pertains to your organization is a critical first step from defending against cyber attacks. Cyber Threat Intelligence teams are tasked with this objective, and often focus on traditional cyber intrusion methods, often excluding fraud, or at best, passively monitoring for something to be ...
Keynote
2:30 pm - 3:15 pm
Closing Keynote: Malicious Innovation – What We can Learn from Hackers about the Future of Cybersecurity
Cybersecurity isn’t about keeping secrets any more. It's about our way of life, in a fast-changing world that relies on digital technology, from clouds to smartphones, through sensors to stock markets, and so much more. While you may be thinking of how things used to be, today’s criminals are innovating faster than ever. Thi...
Networking
3:15 pm - 4:15 pm
Closing Reception & Prize Drawing
Are you feeling lucky? Did you visit the vendor booths and enter for a chance to win some fun prizes? Help us wrap up the Summit and celebrate another great event at the closing reception - with prizes drawn by our illustrious emcee, Luke Vander Linden....
