HexCon22 – As it happened

Brendon Baxter

Sep 21, 2022

53 min read

Thank you all for being a part of HexCon22, we hope to see you all next year!

4:00 pm CST 23/09/2022

Aaaaand that’s a wrap! HexCon22 came to an end after 3 eventful days.

3:55 pm CST 23/09/2022 @Keynote: Closing Keynote by Apu Pavithran

Hexnode CEO Apu Pavithran delivered the closing keynote to mark the conclusion of HexCon22. He talked about the change in terms of digitalization and thanked everyone who managed to find time to join us for the event.

3:30 pm CST 23/09/2022 @Industry Speaker: Sacrifices That Kill Your Career: Work-life balances of the modern tech professional

Ambitiously pursuing career goals while at the same time not losing out on the emotional and personal ties that you have with people, especially the ones you have some sort of relationship with is the gist of work-life balance. Joshua Belks, Co-Founder and Tech Psychologist at OPSEC360, took the platform at HexCon22 as he explained the dos and don’ts of work-life balance using examples from his own life. Joshua talked about the various sacrifices one needs to make to have a good work-life balance. An introspective session that got the crowd thinking at various instances is what Joshua Belks, an intuitive decision-maker and visionary innovator, catered to the crowd at HexCon22.

3:10 pm CST 23/09/2022 @Industry Speaker: The Principle of Need to Have Available

Yiannis Pavlosoglou, founder and CEO at Kiberna, took a session on ‘The Need to Have Available’ principle and understood how different it is from the ‘Need to Know’ principle. He also talked about the methodology of their analysis for significant cyber incidents in 2021. He discussed the disadvantages of the main principle and how to minimize ransomware impact. He concluded by giving ideas for future work and diving further into IAM.

3:05 pm CST 23/09/2022 @Industry Speaker: Communicating Cybersecurity Effectively

IT Governance, Risk Management, and Compliance Assistant Manager at Oman Air, Jacqueline Jayne went live at HexCon22 to promote the importance of effectively communicating cybersecurity in an organization. Jacqueline commanded the attention of the audience by breaking down the problem using relatable scenarios and use cases. The key points from the session included:

  • The value of effective communication
  • How people move from learning to an actual change in their behavior
  • What won’t work and what does work
2:50 pm CST 23/09/2022 @Industry Speaker: Data Privacy and Trust: Striking a Balance Between Security and Convenience

Fatma Al Lawat, IT Governance, Risk Management, and Compliance Assistant Manager at Oman Air, used the HexCon22 platform to explain how to strike a balance between security and convenience using relatable scenarios and real-life examples. An engaging session that held the audience’s attention the entire time without wavering! Fatma went into the details of achieving trust within data privacy. Key takeaways from the session included:

  • Privacy paradox
  • Places we give up our privacy online
  • Best practices to balance internet usage and privacy
2:35 pm CST 23/09/2022 @Industry Speaker: The Right Stuff

‘The Right Stuff’ elucidates on the techniques developed from Mainframe to network, cloud and beyond across the creation of 5 cost-effective cyber security programs. Rich Owen, CEO and Chief Evangelist, Johnny Security Seed, LLC talked about the problem behind the technology. He also suggested creating a security and privacy governance program and elaborated on how to maintain the program.

2:25 pm CST 23/09/2022 @Industry Speaker: IoT Risk Management

Mani Keerthi N, IT Security Manager at Ballard Power Systems, was live at HexCon22 as she handled an engaging session on IoT risk management. Mani Keerthi went into the minute details of IoT vulnerabilities and used real-world, easy-to-understand examples to explain the vulnerabilities, tactics, and baseline criteria. Key takeaways from the session included:

  • IoT applications
  • NIST guidance
  • IoT risk mitigation goals
  • Device cybersecurity requirements
  • ERM Overview

2:05 pm CST 23/09/2022 @Industry Speaker: Who can do what with what? The user awareness challenges of device management

While many organizations permit staff to use personally owned devices, there is uncertainty within policies and awareness-raising activities. Moreover, even with business-owned devices, there can be potentially significant shortfalls in whether organizations can manage their devices and whether the support staff is equipped. Steven Furnell, Professor of Cyber Security at the University of Nottingham took us for an insightful session as he dived deep into device management at HexCon22.

1:55 pm CST 23/09/2022 @Industry Speaker: The Age of Transactional Business is gone, drive more revenue with Digital Ethics in Cybersecurity

Digital Ethics in Cybersecurity What do you mean by Digital Ethics? How does one practice digital ethics in cybersecurity? By the end of the session, the crowd knew it all from the Technology and Operational Improvement Catalyst at LAM Technology, Pablo Romera. Pablo opened the spectators’ eyes to the meaning of the saying “Just because something is legal doesn’t make it right.” Key takeaways from the session included:

  • Definition of ethics
  • Managing Risk Vs. Managing Negligence
  • Spectrum of risk
  • Code of ethics: The Golden Rule

The highly informative session made way for a new way of thinking – Making money doing the right thing.

1:50 pm CST 23/09/2022 @Industry Speaker: Steps to Take when the Cyberthreat is Heightened

Founder and CEO of VigiTrust, Mathieu Gorge took us through a set of steps to be taken by cyberthreat is heightened. He talked about topics such as:

  • Cyber-welfare
  • Worldwide data protection and regulation
  • Critical infrastructure considerations
  • The geopolitical impact of cyberattacks

In his experiences as a cybersecurity professional, he has taken steps within his own organization with his very own process to understand cybersecurity and cyber-accountability and shared this in his session.

1:40 pm CST 23/09/2022 @Industry Speaker: How to counter data theft by eliminating the insider threat

Simon Cuthbert, Founder & CEO of VARChannels spoke on the ways to counter data theft by eliminating the insider threat at HexCon22. He showed us a cyber insider mitigation checklist. The key takeaways from his session were:

  • The cost of preventing insider attacks is rising
  • The longer we take to detect, the more we have to pay for it
  • Regular users are as dangerous as privileged ones
  • Human error is the most common cause of data breach
  • Insider threat detection must become the dominant element in a cyber security system.
1:25 pm CST 23/09/2022 @Industry Speaker: Data security strategies: Protecting data in the age of digital economy

A seasoned information security professional with a career spanning two decades, Moshe Ferber is currently the Chairman of Cloud Security Alliance. His 25-minute session covered data security strategies. To keep it simple, as Moshe put it:

  • What happens to data
  • Who stores said data
  • Where this data can be stored
  • How this data can be stored

His short and concise session provided valuable tips and information on how to protect data, and how to further information security by investing in new data protection techniques.

1:20 pm CST 23/09/2022 @Industry Speaker: The Art and Science of Cybercrime Investigation

Cybercrime! Cybercrime! Cybercrime! Left, right, up and down all everyone’s talking about is cybercrimes! But how do we combat it? Where do we begin? Jeff Lanza, a man described as the “#1 FBI Agent Keynote Speaker” and a phenomenal presenter, went live at HexCon22 as he covered the intricacies of combatting cybercrimes. The crowd heard it from the man himself as he used the platform to cover the art, science, and future of combatting cybercrimes. Key takeaways included:

  • Cybercrime organization chart
  • Real-life case studies of cybercrimes and attacks
  • Silk Road – Online Criminal Market

The session handled by an FBI agent with more than 20 years of experience and a cyber security and identity theft expert, was indeed fact-filled and enlightening!

1:10 pm CST 23/09/2022 @Industry Speaker: Compliance is not security

While maintaining compliance standards is essential, does compliance alone guarantee security? Aaron Birnbaum, Sr Cybersecurity Analyst at Tiber Creek Consulting Inc talked about this at HexCon22. His session covered:

  • What is compliance?
  • What is security?
  • What is the real difference between them?
  • Why is this a problem?
  • What can we do?
12:50 pm CST 23/09/2022 @Industry Speaker: Cyber-Hygiene Essentials

Bestselling author and Cybersecurity Evangelist Donald Allen took a very informative session on the essentials of cyber-hygiene. Having interviewed various cybersecurity experts all around the world, Mr. Allen educated viewers on the various measures taken to prevent potential cyberattacks as an individual. This included his 9-Step Cyber-Hygiene Mantra – a simple, concise set of points followed to ensure that one stays as prepared as possible to avoid potential attacks.

12:50 pm CST 23/09/2022 @Industry Speaker: Hackers are on Steroids: How to have the mindset of one and stay secure.

Cybersecurity Compliance strategist and professional Software Architect from DataSeal, Elvis Otieno, went live at HexCon22 as he undertook the daunting task of breaking down the mindset of a hacker and dished out a few tips and tricks to become one. The key takeaways of the session included:

  • Who are ethical hackers?
  • What is their skill set?
  • What motivates them?
  • How is it done?
  • Reasons for hacking
  • Watch now as Elvis summarizes the entire session into 2 main points:
  • The human mindset is more important than strategy
  • We always show a little bit of who we are in whatever we do
12:45 pm CST 23/09/2022 @Industry Speaker: 5 Sure Fire Ways To Kill Security Awareness In Your Organization

Nathan Caldwell, Security Awareness Evangelist, Arctic Wolf, shared the common mistakes that companies make when creating their security awareness programs. He talked about 5 sure ways to kill security awareness in your organization. He said that creating ongoing security awareness is the best way to tackle cyber threats.

12:35 pm CST 23/09/2022 @Industry Speaker: Cybersecurity in enterprise risk management

John Giannakakis, Co-Founder of G+P Law Firm, shared his thoughts on the inclusion and incorporation of cyber risks in enterprise risk management. Enterprises worldwide struggle with the handling of cyber risk and its inclusion within the current enterprise risk management framework. He outlined the various reasons why enterprises struggle with the mitigation of cyber risks and advocated for cyber risk to be a key factor within enterprise risk management frameworks.

12:15 pm CST 23/09/2022 @Industry Speaker: Cybersecurity skills gap: An acceptable business risk?

Cybersecurity skill gap – What is it? How does it affect us? Is it just about hacking organizations? Why is it so important? Do we have options and the means to fill the gap? All of these questions were answered by a man committed to closing the cybersecurity skills gap, the Founder of FreeCyber, Codrut Andrei. The session saw a cybersecurity leader and mentor tackle the above questions while setting a pace that was easy to understand and follow. There wasn’t even a single minute of boredom as the crowd saw an innovative thinker as well as the creator and implementer of enterprise-grade information security teams and programs get into his element and rock the show! The key highlights from the session included:

  • Where are we today?
  • Why do we have so many open jobs but can’t fill them?
  • Burnout – reason why people shift from Cybersecurity.
12:10 pm CST 23/09/2022 @Industry Speaker: Smart Tips to Run Your Business Remotely and Keep it Safe from Hackers

Burton Kelso, Chief Technology Expert at Integral, spoke at HexCon22 on smart ways to manage enterprises remotely and safely. He said some of the most serious hazards to remote employees include:

  • Ransomware
  • Social media threats
  • Malicious websites
  • Phishing
  • Weak passwords

He concluded by suggesting ways to be followed to keep you safe from cybercriminals, like:

  1. Back up your data and your devices
  2. Protect and manage your mobile devices. It includes:
  3. Use BitLocker and FileVault for Windows and Mac devices respectively
  4. Keep an eye on the free Wi-Fi hotspots where you connect your mobile devices.

11:55 am CST 23/09/2022 @Industry Speaker: Outsmarting IoT defense: The Hacker’s Perspective

Natali Tshuva, Co-founder and CEO of Sternum, flipped the switch on IoT security and gave us the hacker’s perspective of outsmarting IoT security. A former Reverse Engineer at Israeli’s Unit 8200, Natali has taken us on a journey from the rise of IoT, how IoT devices are a vulnerable and consequential asset that can be manipulated by hackers to breach an enterprise infrastructure; in addition to this, she also advocated for IoT security to be brought to industry standards so as to stay ahead of potential cyberattacks.

11:50 am CST 23/09/2022 @Industry Speaker: Information overload- Sift through millions of vulns to find those most relevant to you

Andrew Wilder, Vice President and Chief Information Security Officer at Hillenbrand, used the HexCon22 platform to talk about “Information Overload”. Andrew explained the importance of sifting through the millions of vulnerabilities to find the most relevant ones. How many vulnerabilities do you have in your environment today? Are you focusing your resources on the right priorities? By the end of the session everyone in the audience got an idea as to how to answer these questions. The key highlights of the session included:

  • Case study: Ireland’s Public Healthcare Ransomware
  • Lack of focus on root cause elimination
  • Lack of communication and poor knowledge transfer
  • Most common exploits and how to counter them
11:40 am CST 23/09/2022 @Industry Speaker: Winning the War with Cybersecurity: How Compliance Frameworks can Help

Kimberly Simon, VP of Marketing & Strategic Partnerships at ControlCase, shared tactics for winning the war with cybersecurity and emphasized how compliance can help. She started off by discussing who is the target of all the cybercriminals. She also showed compromised credentials and phishing as the top 2 initial attack vectors. She also discussed how we are arming the company to protect our clients.

11:25 am CST 23/09/2022 @Industry Speaker: Phishing, spyware…is your mobile fleet protected?

Dejan Draguljevic, Sr. Executive VP at Pradeo presented a session on mobile security, more precisely, phishing and spyware, and the measures taken to protect mobile devices from existing and emerging forms of malware. He also educated us on how Pradeo’s Mobile Threat Defense solution can be integrated with UEM frameworks to further secure mobile devices.

11:20 am CST 23/09/2022 @Industry Speaker: How to break a Datacenter?

Fred Steefland, CEO of Secior (Datacenter Cybersecurity), went live at HexCon22 as he expertly pieced together a session on breaking data centers. The crowd was enthralled by Steefland, a cybersecurity ‘veteran’ with more than 28 years of security & intelligence experience, as he shone a light on facts that proved his introductory quote borrowed from Wendy Broadhouse, “Without data centers, there would be no internet.” Key points in the session included:

  • What is a data center?
  • IT-OT-IoT convergence
  • How to break a data center?
11:10 am CST 23/09/2022 @Industry Speaker: The Nature and Scale of Cyber Crime – Why the Focus has shifted from Security to Resilience

As global connectivity and usage of cloud services increase, the risk of cybercrimes also escalates. Traditional security measures may no longer be enough to ensure data security. Simon Newman, Interim CEO of Cyber Resilience Center for London discussed cybercrime and security resilience at HexCon22. He talked about:

  • The growing use of technology in business
  • Using technology to reach new customers, innovate and grow
  • How growth leads to increased risk of breaches and cyber attacks
  • What cyber threats and statistics actually depict
  • Challenges faced by law enforcement committees and their possible way out
  • The future threats and how to respond to them
11:05 am CST 23/09/2022 @Industry Speaker: How to Integrate SAST/SCA/ DAST/Secret Scanning at IDE, VCS and CI/CD level.

Sehaj Taneja, Application Security Engineer at N-able Solutions, took a session on the integration of SAST, SCA, Secret Scanning at IDE, VCS and CI/CD Levels. Here, he has taken a look at how a Secure Software Development Life Cycle can be broken down and how we can add security at each stage with various tools and resources.

10:45 am CST 23/09/2022 @Industry Speaker: Mitigating cybersecurity incidents with artificial intelligence

Using an Artificial Intelligence Digital Twin model, Igor van Gemert explained to us how he and his team at ResilientShield use AI to secure factories and cities, all from a cybersecurity architecture standpoint. He gave some insight on how artificial intelligence in the information technology and operational technology domains helps mitigate cybersecurity risks, with a faster reaction speed than human beings.

10:45 am CST 23/09/2022 @Industry Speaker: Threat actors – The spy who came in from the cold.

What or who are threat actors? What do they do? How do they invade or attack? How do we catch them? The HexCon22 crowd saw Shyam Sundar Ramaswami, Sr Staff, Cyber Security Architect at GE Healthcare, answer the above questions using simple everyday examples. A most refreshing session with key highlights:

  • Threat actors – definition
  • Command and Control servers
  • Code Injection and Windows Process Injection
  • Traditional sandbox and dynamic analysis
10:40 am CST 23/09/2022 @Panel Session: Breaking down Zero Trust

Jaye Tillson and John Spiegel, Director of Strategy and Director of Network Transformation at Axis Security used the HexCon22 platform to break down the concept of ‘Zero Trust’ for giving a comprehensive knowledge to all of us. They talked about the Security ServiceEdge forum, its mission and purpose. They interviewed the founders of zero-trust to know more about it. They found that Zero-trust is a philosophy, not a strategy and told us never to trust, always verify.

10:15 am CST 23/09/2022 @Industry Speaker: From Business Disabler to Business Enabler – The new CISO role

The educative session focusing on the new CISO role – from business disabler to business enabler was taken by May Brooks Kempler, Founder and Chairwoman of the Board at Helena as she shared her knowledge and experience with us. She discussed social engineering and who had access to our data. She explained the characteristics of our cyber enemies. She found that most employees did not know the business goals of the company they were working for.

10:10 am CST 23/09/2022 @Industry Speaker: The ingredients of Email Risk

James Linton has quite the reputation. A social engineer and former email prankster who was known for duping high-profile celebrities and politicians, James took us through his journey as an email prankster, and his blueprint of how he managed to prank so many high-profile personalities. This is something you don’t want to miss, so you can still catch it on-demand!

10:00 am CST 23/09/2022 @Industry Speaker: Identity Security in a Post Pandemic world

The pandemic’s exponential surge in identity theft cases has affected almost all sectors. Bil Harmer, a business executive, discussed the importance of identity security in a post-pandemic world. The virtual crowd at HexCon22 to watched Bil Harmer, Operating Partner – Security at Craft Ventures, as he explained the current scenario with respect to identity security. The key highlights of the session included:

  • Digital Acceleration
  • The impact of one wrong click
  • Top 4 security challenges in a Work from Home world
  • Security platform strategies

10:00 am CST 23/09/2022 @Industry Speaker: Cybersecurity and “Just Culture”

Lesley Kipling, Chief Cybersecurity Advisor at Microsoft, talked about cybersecurity and introduces us to a concept called ‘Just Culture,’ at Hexcon 2022. She believes that protecting identities is key and that philosophy is at the heart of the zero-trust strategy. She requested everyone to not depend on passwords, and instead use authentication as it makes life tougher for the attackers.

10:00 am CST 23/09/2022

HexCon22 day 3 kicked off.

9:00 am CST 23/09/2022

Want to know whats cooking for day 3 of HexCon22? Here’s the agenda:

4:00 pm CST 22/09/2022

Day two of HexCon22 concluded after many informative and engaging sessions.

3:30 pm CST 22/09/2022 @Industry Speakers: Making the most of C’loud Threat Modeling

What exactly is Threat Modelling? How can it be applied to Cloud? Nitin Sharma, from the Product Security team at Salesforce, broke down the “Whats”, “Whens”, and “Hows” of Cloud Threat Modelling. The key highlights of the session included:

  • Myths about Cloud Security
  • Understanding Threat, Vulnerability, and Risks
  • Cloud Threat and Assessment and Mitigation

3:25 pm CST 22/09/2022 @Industry Speakers: Modernizing the Security Goals: – “CIA” is half the story (or less)

HexCon22 saw Brett Osborne, cyber security and GRC architect talk about modernizing security goals. He said managing encryption keys is critical so organizations should look to get an expert. He described 6 cybersecurity objectives and divides them into 2 acronyms, CIA – Confidentiality Integrity Availability and FBI – Functional usability Bonafide authenticity Individual privacy.

3:10 pm CST 22/09/2022 @Industry Speakers: Data Privacy and data protection for zero trust in hybrid cloud

Ulf Mattsson is the Chief Security Strategist at Protegrity. In his session, he went into great detail about issues regarding data privacy and protection for Zero Trust in the hybrid cloud, elaborating on topics like:

  • The difference between Zero-Trust Architecture and Zero-Knowledge Proofs
  • Data leaks and breaches
  • Preserving the quality and integrity of data
  • Data Analytics and its various use cases

3:10 pm CST 22/09/2022 @Industry Speakers: Can you ever be ready for a breach? Views from a management perspective

We saw Sharon Knowles, Founder of Da Vinci CyberSecurity talk about cyber breaches from a management perspective and ways to contain and remediate them. She said it is important for senior management to be involved in the incident response simulation. The purpose is to take better decisions in the present keeping the future in mind. She advised the CEOs to handle both external and internal communication when responding to a breach.

3:00 pm CST 22/09/2022 @Industry Speakers: 5 Recommendations to Secure Identities

Global Principal Cloud Security Lead at Atos, Dwayne Natwick went live at HexCon22 as he handled an engaging session breaking down the concepts of cloud identity. An informative session from a visionary and goal-focused leader with a track record of managing the whole lifecycle of IT products and services, including sales and marketing, saw him go through his list of recommendations to secure identities. Important highlights of the session included:

  • Zero Trust
  • Least Privilege
  • Device Management
  • Conditional Access and Risk Identification
  • User experience leads to User Adoption
2:40 pm CST 22/09/2022 @Industry Speakers: Privacy and Security as a part of the agenda

Dr. Valerie Lyons, Chief Operations Officer of BH Consulting in Dublin has an accomplished career as an industry expert in Information Privacy, Compliance and much more. She addressed the various legislative holes left behind due to a reactive response to cybersecurity breaches, as well as the challenges faced when technology outpaces legislative regulation. She also went on to dissect the misuse of personal data by companies to gain profits, when in fact, maintaining privacy is the solution.

2:40 pm CST 22/09/2022 @Industry Speakers: Two Cybersecurity value aspects you are missing

At HexCon22, Matthew Rosenquist, CISO & cybersecurity strategist at Inc discussed the underutilized areas which could help improve and highlight the value of cybersecurity to the overall organization. He said that he believes if cybersecurity software can support the overall mission of the business, it brings a tremendous amount of value to the table. He explained how cyber securities realize their full value potential based on 3 areas: Build, Compare and Compete.

2:15 pm CST 22/09/2022 @Industry Speakers: Modern cyberwarfare: from supply chain attacks to watering holes

What is cyber warfare? What are the techniques used? What else do we need to know? Andrei Bozeanu, CEO and Founder of Dekeneas, explained the concept of cyber warfare and the different techniques used. The highlights included:

  • What is cyber warfare?
  • What are Supply Chain attacks?
  • Case study: Solar Winds Hack
  • What is the Watering Hole attack?
  • How to counter the different attacks?
2:10 pm CST 22/09/2022 @Industry Speakers: Enough marketing BS! What does real-world cybersecurity protection look like?

The session on “Marketing BS ‘v’ Real Security” by Andy Harris, CTO at Osirium, was about the need for a balanced cybersecurity posture. He explained the difference between advertisements and reality as cybersecurity companies focus on selling what doesn’t or shouldn’t happen. He referred to the “wolf” problem as the cybersecurity companies want people to care about the things that shouldn’t happen or are yet to happen.

1:55 pm CST 22/09/2022 @Industry Speakers: The value of non-traditional professionals pivoting to Cybersecurity

Who are non-traditional professionals? A nurse, in cybersecurity? Interesting, right! Marylyn Harris, a nurse who went to business school, recounted her life story to emphasize the value of non-traditional professionals in cybersecurity. President and Sr Business Consultant at Harrland Healthcare Consulting LLC, Marylyn Harris handled an intriguing session highlighting the value of non-traditional professionals in cybersecurity. Key takeaways included:

  • Who are non-traditional professionals?
  • What do they bring to the table with respect to cybersecurity?
  • Practices to stay Cybersafe

1:45 pm CST 22/09/2022 @Industry Speakers: Smart Devices & IoT is a threat to compliance and digital transformation!

Zhanwei Chan works as the APAC IoT Lead at Check Point. He cited many examples of how smart devices and IoT were a threat to the compliance and digital transformation of an organization. He went into detail on specific cybersecurity issues that prevent organizations from achieving digital transformation. “You cannot protect what you can’t see”, said Zhanwei as he stressed the importance of securing your IoT’s Operational Technology.

1:40 pm CST 22/09/2022 @Industry Speakers: Understanding “Human Side” of Cybersecurity: What mature companies have in common

The greatest challenge in cybersecurity isn’t often technological—it’s human. Christopher Crummey, Director of Executive and Board Services at Sygnia, elaborated on ‘Understanding “Human Side” of Cybersecurity: What mature companies have in common.’ He said that most of the cyber-attack vectors are based on human behavior, either on what they didn’t do or what they did do. He also gave the following recommendations to overcome the issues:

  • Lead, plan and communicate with humans in mind
  • Build the cybersecurity policies with a “frictionless” model as the goal.
  • Counteract biases in your runbook and leadership
  • Train and prepare as much as possible for the crisis that we can expect.
1:30 pm CST 22/09/2022 @Panel Session: DevSecOps

Amith Manoj, Lead Brand Strategist at Hexnode, had a conversation with Sam Sehgal, Program Lead – DevSecOps, Strategy, and Architecture, SDL Automation at Dell, Chris Kirschke, Cloud Portfolio Information Security Officer at Albertsons Companies and Kapil Bareja, Global Technical Leader at Saviynt, about DevSecOps. The panel mainly focused on:

  • Important security considerations for DevOps teams and the security landscape
  • Where does security fit in with the SDLC?
  • How to build a successful DevSecOps team?
  • Security practices in DevSecOps
  • The hardest challenge faced during the creation of a DevSecOps team

1:25 pm CST 22/09/2022 @Industry Speaker: Establishing a Trust Anchor upon Digital Onboarding of remote employees

Manuel Grata Loureiro provided some insight on establishing a Trust Anchor for new employees working from anywhere. In the new age of remote work, especially since the COVID-19 pandemic, identity verification became a very real issue – something that could be solved by a Zero Trust framework. According to Manuel, “Zero Trust is about validating every transaction – including Identity Onboarding.”

1:15 pm CST 22/09/2022 @Industry Speaker: Security communities as an important element of cybersecurity

How important are security communities with regard to cybersecurity? What exactly constitutes a security community? Are hackers a part of this community? Also, who protects them? So many questions! And who better than a cybersecurity engineer and the Community Lead of the award-winning project Diary of Hackers, Moses Joshua to answer these questions! He discussed the following points in detail:

  • Power of Association
  • Why do professionals need to work together to combat cybersecurity?
  • Tips to close the cybersecurity skill gap

1:10 pm CST 22/09/2022 @Industry Speaker: Data fidelity in the data-centric environment

In the session “Data fidelity in the data-centric environment”, Dr. Char Sample, Visiting Researcher at the University of Warwick talked about the transition from a non-centric to a data-centric environment. She briefly explained the data-centric environment and the McCumber Legacy. She discussed the evolution of data and information. She also covered data manipulation and ways to counter manipulation in her session.

12:45 pm CST 22/09/2022 @Industry Speaker: Digital Trust & Cybersecurity: A Call for Openness & Interoperability

“It’s all about Digital Trust”, said David Mahdi in his session regarding the very same. David stressed on the importance of establishing and maintaining Digital Trust. He said that the entire basis of Digital Trust is rooted in cryptography. He went on to explain in detail about the NIST Zero Trust Architecture, as well as some pointers when buying/renewing security products with open standards.

12:40 pm CST 22/09/2022 @Industry Speaker: The Psychology of Social Engineering

Isn’t it alarming that one may be influenced to divulge confidential information by psychological exploitation? Victoria Granovia, Founder of CyberToronto gave an insightful session on the psychology of social engineering. She described social engineering as a hack by leveraging a human weakness to gain what the attacker wants. She also talked about dual systems theory and challenges to the cognitive process.

12:25 pm CST 22/09/2022 @Industry Speaker: How Safe are you Online?

Living in a world of digital revolution guarantees one thing, everything you do leaves a trace. Ben Owen, Co-Director EMEA Region at Fortalice Solutions, handled a riveting session detailing the different ways attackers can use your information. Ben, an intelligence collection professional with over 20 years in the industry, answered the question – “How safe are you online?” using a live case study. The key highlights included:

  • Digital breadcrumbs
  • The rise in social engineering
  • Personal Attacks Vs. Business Attacks

12:10 pm CST 22/09/2022 @Industry Speaker: Saving the Internet with Zero Trust

Tina Gravel, CEO of Pinecone Hill LLC talked about saving the internet with Zero Trust. She spoke in detail about:

  • Risks and threats on the internet
  • The basic principles of Zero Trust
  • The need for Zero Trust
  • How Zero Trust makes all security processes better

12:00 pm CST 22/09/2022 @Industry Speaker: Securing the Digital Beachhead: The Myth of Cybersecurity Compliance

Mike Crandall is the CEO of Digital Beachhead Inc. In his session, Mike attempted to expose the “myth” of cybersecurity compliance, and took a look at the differences between compliance and security, while looking to bridge the gap between the two. Mike talked about the struggle to attain ‘Cyber Nirvana’ by combining awareness, compliance and security to get as close as possible to the ‘Finish Line’.

11:55 am CST 22/09/2022 @Industry Speaker: Privileged Credentials: Are you ready to protect the keys of the kingdom?

Change is the only constant thing. Digital Transformation is not in the future, it is the present! In this fast-paced world changing by the second, we need to innovate to survive. This raises the question – “How to reconcile security and innovation?”. David Muniz, Knowledge Management Analyst at Senhasegura, explained the need to understand digital transformation and the privacy era. A large part of the session followed the protection of privileged credentials. Key takeaways included:

  • Concept of Privileged Credentials
  • What is PAM (Privileged Access Management)
  • How to implement PAM?
11:35 am CST 22/09/2022 @Industry Speaker: Cybersecurity is for everyone

Everyone has the right to be protected from cyber threats. At HexCon22 Kim Kennedy, CEO of Empire of We, elaborated on why cybersecurity is for everyone. She said that hackers are everywhere and that they can be anyone. So, she described a list of things industry leaders can do to make cyber threats less frequent and less harmful. She also covered a list of things each one of us can do to secure ourselves from cyber threats.

11:20 am CST 22/09/2022 @Industry Speaker: Making Cyber not Cyber

Jeff Man has led quite the life. Jeff took us through his career, from being a cryptanalyst at the NSA to his current day job as a Senior Consultant for Online Business Systems. His session covered the early days of Information Security, going through changing trends within the realm of information security. He stressed the principle of People-Process-Technology, with a Purpose.

11:05 am CST 22/09/2022 @Industry Speaker: Incident Response War Stories

Mike Saylor, CEO of Blackswan Cybersecurity and DFIR, delivered a simple yet impactful session on the otherwise overlooked topic of Incident Response. He used the HexCon22 platform to explain the significance of communication and preparation concerning incident response planning and responding to a breach. The key highlights of the session included:

  • Response to a breach and Incident Response
  • Legal consideration from a Response Breach Coach
  • Insurance claims and risk reductions.

10:50 am CST 22/09/2022 @Industry Speaker: Protecting the Crown Jewels: Intellectual Property Protection 101

The theft of IP assets comes with enormous monetary losses and significant reputational damage. HexCon22 saw Frank Figgliugzzi, National Security Contributor, NBC News, talking about ‘Protecting the Crown Jewels: Intellectual Property Protection 101’. He mentioned the 3 questions that business leaders should ask their staff, key partners and other critical members of the companies:

  • What is proprietary to the company that gives them their competitive advantage?
  • Where is the most critical information located, both digitally and physically?
  • Who has access to your most critical business information and who wants what you have?

10:40 am CST 22/09/2022 @Industry Speaker: Disruptive cyber-attacks on critical infrastructures

Catch Ali Kingston Mwila’s session on-demand where he talked about the disruptive nature of cyberattacks on critical infrastructure. He went into great detail about major sectors affected by cyber-attacks from health and transport to energy, government and much more. Citing historic examples from history’s worst cyber-attacks, Ali brought to light the nature, types and effects of these attacks, as well as provided insight on the various defense strategies that can be taken to prevent them.

10:30 am CST 22/09/2022 @Industry Speaker: Leverage your Network to build your Net Worth in CyberSecurity

What is your net worth with regard to cybersecurity? Can you leverage your network to build your net worth in cybersecurity? Aarti Gadhia, Board Director for ObserveID and Founder of SHE (Sharing Her Empowerment), explained networking and how it fits in with building your net worth in cybersecurity. The key takeaways of the session included:

  • Importance of networking while building personal net worth
  • Get Comfortable, Reduce Anxiety
  • Do’s and Don’ts of networking remotely or in person
  • Join now and learn the ropes of networking from the master herself!
10:00 am CST 22/09/2022 @Industry Speaker: Interview with Joe Tidy

Hexnode’s PR, Media and Events Manager, Sarika Abraham, had a conversation with Joe Tidy, Cybernews reporter at BBC News during HexCon22. He stated future wars will take place in the cyber realm as well as the physical realm. Even though Russia managed to disable the military communications of Ukraine during their invasion, he said we are yet to see the true impact cyber warfare can have. He further requested everyone to take cybersecurity seriously as it can affect our way of life and ease of life.

10:00 am CST 22/09/2022

HexCon22 day 2 kicked off.

9:00 am CST 22/09/2022

Check out the agenda for HexCon22 day 2!

4:00 pm CST 21/09/2022

After a lot of interesting and insightful sessions, day one came to a close.

3:30 pm CST 21/09/2022 @Industry Speaker: Cybercrime Finds a way

Rick Holland, CISO, Vice President Strategy of Digital Shadows is a seasoned cybersecurity leader with a unique background as a practitioner, vendor executive, and Forrester Research industry analyst. HexCon22 saw him explain the different cybercrimes that can occur across the surface, deep and dark web. The agenda for the session included:

  • Basics
  • Tango Down: Law Enforcement Activity
  • Different Types of Cybercrimes
  • Protection Against Ransomware
  • Learning from Mistakes
3:30 pm CST 21/09/2022 @Industry Speaker: Built for business and rugged device management

Robin Hammond, Director of North America Carrier Marketing, Bullitt Group and Tim Shepherd, Senior Director – Applications and Product Marketing, Bullitt Group, talked about how device management is viewed from the perspective of rugged device owners. The main agenda of the session included:

  • Why are rugged devices should interest people?
  • Why should CAT phones be considered for businesses?
  • What are the challenges faced during fleet deployment?

3:25 pm CST 21/09/2022 @Industry Speaker: Why Should I Care About Vulnerabilities? And How To Manage Them

Chuck Davis, vCISO of Caveat Labs talked about why we shouldn’t ignore vulnerabilities and how we should manage them. He described the difficulty with patches in the 1990s and the common vulnerabilities and exposures (CVE) database, national vulnerability database (NVD) and common vulnerability scoring system (CVSS). He clearly explained the CVSS score calculator and its components. The whole purpose is to prioritize the vulnerabilities and know the severity score. He concluded by saying that in the cybersecurity industry, success is invisible and failures are in the headlines.

3:10 pm CST 21/09/2022 @Industry Speaker: Positive Impact and Influence on the Next Cybersecurity Generation

Dr. Joseph J. Burt-Miller Jr., assistant project manager at the U.S. Department of Homeland Security, talked about how cybersecurity inspired him and how a positive outlook can improve cybersecurity for the future. He also went in depth about his personal experiences in the field of cybersecurity and also how the current generation can inspire future generations to have a much more secure online environment.

2:50 pm CST 21/09/2022 @Industry Speaker: Secure Browser or Browser Isolation 101

Co-Founder of Security Architecture Podcast and VP of Solution Architecture “Herjavec Group” delivered an engaging session on browser security and isolation. The session saw him break down the big concepts using simple understandable examples. Key points of the session included:

  • Need for browser security
  • What is Remote Browser Isolation and its features
  • Different attacks that can be prevented by browser security or isolation
  • Alignment of browser security and browser isolation with SASE/SSE
2:50 pm CST 21/09/2022 @Industry Speaker: Cybersecurity is everybody’s problem – How to make non-technical teams care

Jennifer Cox, Security Engineering Manager at Tenable, used the HexCon22 platform to talk about how to make non-technical teams care about cybersecurity as it is everybody’s problem. She said that to make people care:

  • First illustrate the situation, by using pictures, props, etc. The goal is to create a situation in their mind as well.
  • Use analogies to explain and find something they would care about or that interests them.
  • Know your audience. Refrain from taking irrelevant examples to explain.
  • Avoid using technical jargon and acronyms with non-technical teams.
  • Incentivize if possible
2:35 pm CST 21/09/2022 @Industry Speaker: Misunderstanding Draining ROI

Dr. Shayanna Mungo, best-selling author and communication breakdowns expert, talked about how misunderstandings in a company can drain the return on investment or ROI. She also explained how a positive workplace can boost your ROI and how people work better in a well-managed team.

2:20 pm CST 21/09/2022 @Industry Speaker: Microsoft Defender for Office 365 evasion: The story of confirmed vulnerability

The live demo session handled by Sergey Chubarov, Consultant, Instructor, and Conference Speaker for Microsoft, helped viewers understand a vulnerability in Microsoft Defender and how it could bypass security. The key highlights of the session included:

  • Microsoft Defender for Office 365 Safe Attachments
  • Inside the sandbox
  • How attackers can bypass Safe Attachments
  • Vulnerability Conformation and remediation by the vendor
  • Testing malicious links
  • How attackers bypass Safe Links

2:10 pm CST 21/09/2022 @Industry Speaker: CyberWar and Peace

Nick Shevelyov, Strategic Advision, Glynn 100, talked about CyberWar and peace. He said that the more we invest in technology upfront, the more effective will be the security risk management. He believed in the discipline to set up controls for continuously checking on your controls if they are working as effectively as thought. He encouraged everyone to think through and verify rather than trust. He even told that multiple privacy laws are coming up and it must be treated as a human right. In this session, he also talked about the war of Troy to refer to third-party software that we allow on our devices.

2:05 pm CST 21/09/2022 @Industry Speaker: IoT security – challenges and best practices

Sunil David, Advisor at TagBox, discussed how IoT security is a growing concern in the ever-evolving business landscape. He also talked about recent IoT-related cyber-attacks, the current state of IoT security, why a holistic security approach is essential, and also why security must be considered first.

1:45 pm CST 21/09/2022 @Product training: Windows management

Microsoft’s Windows operating system, one of the most widely known operating systems, is used to power a multitude of personal computers and mobile devices across the world. Managing devices powered by such a widely popular OS should not cause additional headaches for the IT department. Vishnu, Account Manager-Sales and Business Development at Hexnode, offered an informative session filled with tips and workarounds to better manage windows operated devices in a corporate setting.

1:45 pm CST 21/09/2022 @Industry Speaker: A Guide to Effective Management for Remote Teams for Security Leaders

How can security leaders effectively manage their teams remotely? A growing concern in a world where remote working or Work from Home is gradually becoming the default option. What makes the security industry so unique regarding the challenges in remote management? Dr. Stacy Thayer, Sr Manager of Events and Marcom at Netography and Adjunct Professor of Cyberpsychology at Norfolk State University went through the “Whys” and “Whats” of efficiently managing remote teams. The key concepts included:

  • What makes a good manager?
  • Knowing the different types of remote employees
  • Roadmap for Success
  • Resources and Warning Signs
1:40 pm CST 21/09/2022 @Industry Speaker: Unlocking leadership mindset to prioritize cybersecurity investments

Marcos Semola, Cybersecurity Partner at E&Y talked about rapidly growing cybersecurity threats and how we could work to unlock the leadership mindset to prioritize investment in cybersecurity properly. He explained the gap between the necessary level of information security and the current level of information security. He also discussed the NIST cybersecurity framework and its components. We also saw the top trends in cybersecurity, top technologies and even the seven layers of the metaverse in his session.

1:35 pm CST 21/09/2022 @Industry Speaker: SaaS: The forgotten part of the cloud shared responsibility model

Capital One’s CISO, Jerich Beason, discussed the importance of SaaS security in the contemporary world. He went into great length about the rising threats that the growth of SaaS apps has raised. The seminar’s other main topics included:

  • Top cloud security tools.
  • Top SaaS security risks.
  • How to deal with these risks.

1:15 pm CST 21/09/2022 @Industry Speaker: Strategic security programs for modern organizations

Warner Moore, Founder of Gamma Force and Tech Community Coalition, a non-profit organization whose mission is to enable the greater tech community, used the HexCon22 platform to explain strategic security programs for modern organizations. Key points included:

  • The issues faced by the security department
  • The lack of understanding about the importance of the department

Warner briefly touched on how to structure the security department and improve efficiency by focusing on:

  • What to target or protect
  • Building capabilities instead of buying tools – Know your assets and hone their skills
  • Encouraging questions
1:00 pm CST 21/09/2022 @Industry Speaker: Key focus areas for reducing the cost of a data breach

Ashwin Ram, Cyber Security Evangelist from the office of the CTO, Check Point Software Technologies Ltd, talked about how to reduce the cost of data breaches. He also explained:

  • How the cost of a data breach is calculated.
  • Average time taken to identify and contain data breaches.
  • Weak security practices that are commonly exploited.
  • Why prevention is better than detection.
  • Key points you should look out for if you want to stay ahead of data breaches.

12:50 pm CST 21/09/2022 @Product training: Android management

Everyone’s familiar with the open-source mobile operating system, Android. It is the leading mobile operating system with a market share of around 70 percent. Device Management for such a widely used operating system should not be a hassle. Anju P from the Product Consultant team at Hexnode handled an engaging session explaining the various features offered by Hexnode UEM regarding Android Device Management.

12:50 pm CST 21/09/2022 @Industry Speaker: Hacks That Bypass Multi-Factor Authentication and How to Make Your MFA Solution Phishing Resistant

Did you know that Multi-Factor Authentication is not secure completely? Check this session by Roger A Gimes, Data-Driven Security Evangelist at KnowBe4, regarding hacks That Bypass Multi-Factor Authentication and how to make your MFA solution phishing resistant. He talked about Network Session Hijacking, a very common way to bypass MFA. Here he urged everyone to use phishing resistant/resilient MFA and provided some of the solutions.

12:30 pm CST 21/09/2022 @Industry Speaker: The Vital Nature of Vision and Power of Mindset

International speaker, bestselling author, and inspiring life coach, Danny Bader went live with an inspiring talk on the importance of vision and the power of a positive mindset. The session gave a quick insight into the incident that got Danny to write his first book, Back to Life. The key highlights of the talk were:

  • Model – develop vision, create reality
  • Importance of vision
  • Power of beliefs and mindset
  • Aura – Meaning and Significance

12:30 pm CST 21/09/2022 @Industry Speaker: Confessions of a CIA spy – The art of human hacking

Peter Warmka, an adjunct professor at Webster University and a former CIA employee, discussed the theory behind human hacking. He also discussed in detail some other aspects of human hacking, such as:

  • The danger it can bring.
  • Possible goals of those who engage in human hacking.
  • Insider threats, and much more.

Peter also shared some insights on events that happened in the past.

12:15 pm CST 21/09/2022 @Industry Speaker: Mobile devices and apps are the new endpoint threat

Philip Ingram, CEO of Grey Hare Media and Grey Hare Security talked about mobile devices and applications as the new endpoint threat. He said cyber threats cause one of the biggest pieces of damage to the company by spoiling its brand reputation. He beautifully emphasized that none of the apps are free, it either takes our time or data. He also urged us to be careful of the permissions we give to the apps we install. He highlighted the new threats like espionage and encrochat and gives a couple of ideas to minimize risks on mobile devices.

12:05 pm CST 21/09/2022 @Industry Speaker: Leading Safe – Forging a resilient cybersecurity workforce

Jacob Luna, senior cloud advisory consultant at Oracle, talked about how to fortify cybersecurity. He also discussed the dangers and repercussions of data breaches as well as new and unconventional methods that can keep you safe online. Jacob also mentioned several aspects of cybersecurity in general, including:

  • How mentoring can improve cybersecurity for future generations
  • How diversity in the workplace benefits the sector
  • Why cybersecurity requires strong leadership
11:55 am CST 21/09/2022 @Industry Speaker: Demystifying Zero-Trust

What exactly is Zero-Trust? How and where do we use it? How to implement it? Where to start? Fret not! All your questions are being answered at HexCon22 Live. Atef Abdelkefi, Founder and CEO of CyberYoom, broke down the complexities of Zero-Trust and answered all the above questions in his informative session. The key highlights of the session included:

  • Zero-Trust core principles
  • Difference between Defense in Depth and Zero-Trust
  • Zero-Trust Pillars
  • Zero-Trust Architectural Components
  • The Zero-Trust Maturity Model
11:50 am CST 21/09/2022 @Product training: Mac management

One of the most popular desktop OS, second only to Microsoft Windows, macOS is a proprietary graphical OS that powers every Mac. Saikrishnan R, Lead Product Consultant at Hexnode explained the easy management of Mac-operated devices using Hexnode UEM.

11:35 am CST 21/09/2022 @Industry Speaker: Securing Software Supply Chain: common threats and how to protect against them

Roman Zhukov, Product Security Manager, Intel used the HexCon 2022 platform to talk about securing the software supply chain. He spoke regarding the industry best practices and gave us 5 practical recommendations on software supply chain security. They were:

  • Check the health of the 3rd parties
  • Manage permissions and secrets
  • Enable endpoint observability using UEM
  • Zero tolerance to known common vulnerabilities and exposures (CVE)
  • Make all artifacts trusted
11:25 am CST 21/09/2022 @Industry Speaker: Information Protection and Governance

What is data? How to manage a large amount of data generated? Are there any rules or regulations regarding the storage and management of this data? Dr. Abhilasha Rakesh Vyas, Business Unit Head, Cloud Security at CloudThat, went live on HexCon22 with her stand on the challenging process of data management. The key points included:

  • Know your data.
  • Protect your data.
  • Prevent data loss.
  • Governing data.
11:20 am CST 21/09/2022 @Industry Speaker: Prepare for the Future of Work with Unified Endpoint Management

Andrew Hewitt, senior analyst at Forrester, and Rachana Vijayan, CMO and Director of Sales Hexnode, discussed how the pandemic has changed the way businesses handle endpoint management as well as how to get ready for the future by modernizing your strategy. The webinar’s agenda included:

  • The current and future state of Unified Endpoint Management.
  • Key approaches to endpoint management in the market.
  • Best practices for the future.

11:00 am CST 21/09/2022 @Product training: iOS management

iOS is named among the most popular mobile operating systems. A powerful operating system that powers devices like iPhone and iPod Touch. Why should managing these iOS devices be any difficult? Christy from the Product Consultant team at Hexnode offered tips and hacks to manage all your iOS devices using Hexnode UEM.

10:45 am CST 21/09/2022 @Industry speaker: What you need to know about the ransomware economy – The big business of extortion and bigger business of response

Walt Powell, Field CISO at CDW, talked about the ransomware economy. He explained how the Russia – Ukraine conflict caused us to get what we are today. Walt also discussed the cyber victims, the different threat groups and the layered business model. He gave his predictions about Ransome groups:

  • They will look to diversify and blend even further
  • The competition among different ransomware operators will increase as all want a larger share of the pie.
  • It can take down the productions and not just files.
10:30 am CST 21/09/2022 @Industry speaker: The untold story of poor vulnerability management

Randy Varela, Offensive Security Engineer Lead at ATTI Cyber, talked about the seriousness of the topic of cyber vulnerabilities and provided some alarming data. Additionally, he discussed many facets of vulnerability management and patch management, as well as the differences between the two. Additionally, Randy offered some advice on how to enhance your vulnerability management strategy.

10:15 am CST 21/09/2022 @Keynote: Interview with Ciaran Martin

Ciaran Martin, former and first CEO of National Cyber Security Center, UK, and currently a professor at Blavatnik School of Government, University of Oxford, and Apu Pavithran, CEO and Founder of Hexnode discussed about how to reduce the risk of a major cyber incident and how to reduce the harm if one happens. Ciaran also briefly explained the four most important pillars of cyber security:

  • Get an overview of cyber threats.
  • How to build up your defenses.
  • Ways to strengthen your response to cyber incidents.
  • How can we work as a community to minimize cyber threats?

10:10 am CST 21/09/2022 @Industry speaker: Cameras, CACs & Clocks: Enterprise IoT Security Sucks – A Story of Two Million Interrogated Devices

Brian Contos, the Chief Security Officer of Phosphorus Cybersecurity Inc spoke about how enterprise security sucks. Their research found that 67% of the organizations had a known IoT security breach. He said that all IoT device passwords are out of compliance, it maybe in terms of how often they are rotated, managed, etc.
He talked about the different IoT devices and their vulnerabilities, for example:

  • Printers are one of the most vulnerable devices to cyberattacks. In 2019, Black Hat research found that over 10000 devices had critical level vulnerabilities.
  • Security cameras are sometimes shipped with malware already present in them. The cameras are known to record audio when they are supposed to be mute or even turned on when they are supposed to be off.

10:00 am CST 21/09/2022 @Keynote: The Future in focus

HexCon22 started great as our board of directors shared Hexnode’s vision for the future and talked about how the company plans to move forward to help customers simplify their work routines.


Brendon Baxter

Product Evangelist@Hexnode. Read. Write. Sleep. Repeat.

Share your thoughts