Opening remarks with Jerry Geisler, SVP and CISO of Information Security at Walmart. 

Microtargeting. Transitive Data Systems. Digital Weapons of Mass Destruction. How do you navigate a shifting and uncertain future riddled with emerging threats and vulnerabilities? How can you prepare for not just the next "big thing" in technology and security but also the "thing" that comes after the next big thing? Threatcasting is an applied futures methodology that gives practitioners and decision makers a data driven perspective on a range of possible and potential futures over the next decade. Brian David Johsnon (BDJ) will explain the Threatcasting Method with case studies for where it has been used in government, military, and private industry. Finally, he will discuss what he's been seeing in the emerging threat landscape over the last year and take your questions.

Speaker 

Brian David Johnson

Content Level

Includes beginner, intermediate, and advanced content

During the presentation Abby, CJ, and Justin will walk the group through cryptography as we know it today, cryptography as it could be once or if Post Quantum Cryptography takes off, and steps that can be taken today to begin preparing your company, network, and self for a world where post quantum computers could be readily available and used. How serious will you take this, when will you begin preparing, and what action items are you ready to begin? The answer to that question is up to you.

Speaker 

Justin Simpson, Abby Willis, and CJ Mayo 

Content Level

Intermediate to advanced

IoT systems, from smart homes to transportation to manufacturing, have changed the way users interact with computing systems and industrial sectors operate. However, the inevitable integration of IoT sensors and actuators into computing systems has exposed controlled, traditional software to an open, uncontrolled physical environment, which brought new classes of security and privacy concerns. In this talk, I will highlight academic research on the current state of IoT security, reflect on the knowledge we have gained, and discuss what these results mean for the industry.

Speaker 

Dr. Berkay Celik

Content Level

Includes beginner, intermediate, and advanced content

Step away from your seat to grab some delicious, catered eats, and check out the Sp4rkCon expo booths. 

AJ Sanchez, Senior Technical Project Manager, Walmart Information Security

As threats continue to evolve, having additional layered defenses is paramount to securing corporate assets. Nation-state attacks introduce additional physiological and cultural understanding that demolishes the idea of monolithic defenses. Just as we required multiple layers of defenses to secure our infrastructure, diversifying our workforce, ideas, and approach are all paramount to our success against advancing threats.

Speaker 

Octavia Howell

Content Level

Includes beginner, intermediate, and advanced content

Secure coding is simply the practice of developing software and applications in a way that protects against the accidental introduction of security vulnerabilities. Software threats have significantly grown in the last few years and the vulnerabilities in software have caused damage to companies and organizations, both financially and to their brand. Following secure coding standards is a critical step in preventing exploitable entry points into an organization. The good news is that an organization does not have to start from scratch when defining how to implement secure coding practices. There are several resources available across the industry to ensure standards are followed to protect everyone.

Speaker

Serena Curtin, Director, Application Security, Walmart InfoSec

Content Level

Beginner

Mitigating against a phishing campaign is a challenging endeavor for any incident management team in cybersecurity. Yet even with complex tools and significant resources, combating phishing remains a challenging obstacle. This is in part due to phishing being a semantic problem that appeals to the social and human behaviors of the individuals who use email. The primary goal for this research was to understand how individuals are responding to the always persistent phishing emails and how the policies, procedures affect the organization. Through qualitative and quantitative research methods, I illuminate some of the impacts of phishing and phishing campaigns on Walmart on our associates. The work presents an insight into our email use and perceptions of phishing campaigns on associates at Walmart.

Speaker

Chris Fennell, Senior Technical Expert, Incident Response, Walmart InfoSec

Content Level

Intermediate to advanced

How confident are you that the people, processes, and technologies in your detection pipeline are functioning as intended? At Walmart, we use the free and open-source Atomic Red Team library of scripted cyber-attacks to emulate adversary behavior. We've developed a tool called the Atomic Runner that executes these atomic tests around the clock for continuous attack emulation. Combined with automated dashboards and reporting, the Atomic Runner gives us confidence in our capabilities and helps us measure the effectiveness of each of our security controls.

In this presentation Carrie Roberts will discuss lessons learned in the journey to continuous validation and introduce the Atomic Runner tool which will be released to the security community at the conference. Come and learn more about implementing continuous end-to-end prevention and detection validation.

Speaker 

Carrie Roberts, Enterprise Technical Expert, Dynamic Defense Walmart InfoSec

Content Level

Intermediate to advanced

Exhibitor booths close for the day.

The practice of cybersecurity is complex and understanding how to tackle our thorniest challenges seems more like art than science. This talk will share a mental model that can greatly simplify cybersecurity to help us understand the landscape and navigate it better. Furthermore, the model forecasts an interesting twist in the road ahead that may dramatically change how we approach cybersecurity in the future.

Speaker

Sounil Yu, CISO | Author | Cyber Strategist | Board Member | Advisor | Scientist 

Content Level

Intermediate

Closing remarks with Greg Wills, Director of InfoSec Strategy & Architecture at Walmart. 

After Sp4rkCon 2023 wraps up at the David Glass Technology Center, head on over to Bike Rack Brewery at the 8th Street Market to unwind with a night of music, food and fun.

Bring your Sp4rkCon event badge to enjoy some yummy bites on us!

Bike Rack Brewing Co. - 8th St. Brewery & Taproom - Market District

801 SE 8th St #61, Bentonville, AR 72712  (map)

5:30 p.m. to 8 p.m. ;)

Food will be served 6 p.m. to 7 p.m. while supplies lasts.