Speakers
Eric Kuehn, Principal Security Consultant at Secure Ideas; Member of the IANS Faculty - Secure Ideas
- Presenation: I Get Knocked Down - But Getting Up Isn’t Enough
"I get knocked down, but I get up again - you're never gonna keep me down." Chumbawamba had the right spirit, but most organizations have the wrong execution. The good news? You probably have a recovery plan and a resilience strategy. The bad news? Having them isn't the same as having them work.
In this talk, I'll break down why resilience and recovery fail in practice even when organizations think they've planned for both, what the difference actually looks like when things go wrong, and how to pressure-test whether your plans will hold up when Chumbawamba's optimism meets reality.
You've got a plan. Let's find out if it works.
Bio: I've spent 26 years working across enterprise operations, engineering, architecture, and security. Most of that time has been spent on identity; specifically Active Directory and everything that touches it, which turns out to be just about everything. At Bank of America I built and managed the AD infrastructure for a global enterprise: 6 million objects, 11 forests, 35 domains, and enough edge cases to fill a conference talk or two. Since 2017 I've led the consulting team at Secure Ideas, where we spend our time breaking into networks and applications professionally and helping organizations understand what that means for their actual business risk, not just a list of CVEs. On the defensive side, I focus on identity architecture, PAM, and making sure privileged access is actually privileged. On the offensive side, I lead network and web application penetration testing across all verticals. I also design and facilitate tabletop exercises for client leadership teams, walking executives and security teams through identity-based attack scenarios in a way that connects technical risk to business impact. As IANS Faculty, I advise organizations on identity security and other infosec topics. Outside of client work I teach and speak. I've authored courses on AD red teaming, network penetration testing, and CISSP preparation, and I've presented at BSides events, Palmetto Cyber Conference, Triangle InfoSeCon, and others; mostly on ways attackers abuse directory services and what defenders can do about it. I also contributed to the MITRE ATT&CK Framework. If you're dealing with an identity problem, whether that's a complex AD environment, a PAM implementation, or figuring out how badly your directory can be abused, that's the kind of work I do.
Frank DaPalo, Vice President, Chief Information Security Officer (CISO) at Enpro
Presentation: TBA
Bio: Frank is an accomplished security and risk management leader with more than 25 years of experience, including 12 years leading global security & infrastructure teams for enterprise organizations. Frank has a passion for designing and implementing effective cybersecurity programs and initiatives at enterprise scale in highly matrixed and diverse environments. Frank specializes in greenfield security program development, accelerating information security program transformations (fixer uppers), and driving complex merger & acquisition integrations and divestitures. Frank currently serves as Enpro’s first CISO, responsible for building and maturing all aspects of Enpro’s information security and regulatory compliance programs globally. Prior to Enpro, Frank held roles in the areas of security operations, security architecture, strategy, threat & vulnerability management, third-party risk, and regulatory compliance (HIPAA, PCI, FFIEC, DFARS), and assurance for organizations including GE, Humana, and Applebees (franchisee). Frank is a proud US Army veteran, graduate of the FBI CISO Academy, and regularly volunteers his time by mentoring others interested in cybersecurity, serving on advisory boards, and by serving on the leadership team for the Cloud Security Alliance’s Zero Trust Working Group. Areas of expertise include: • Risk management • Cybersecurity Strategy • Zero trust • M&A • Board advisory • Agile cybersecurity • DevSecOps (DevOps) • Security operations • Security process creation & refinement • Cloud security architecture • Security framework implementation (ISO, NIST, DFARS, CMMC) • Building regulatory compliance programs • Security culture builder.
Joshua Brant, Director - Emerging Technology & Cybersecurity Strategy | CISSP, CISM, CCSP, HCISPP, CCISO, CEH, CRISC - LRS
Presentation: “ Ever wonder what it’s really like to face a ransomware attack"?
Join us on Wednesday, April 22nd for a candid conversation with Josh Brant, Cyber Strategist at LRS. He’ll walk us through a real-life cyber incident and share the valuable lessons our customers learned along the way.
What to Expect:
- - A behind-the-scenes look at a ransomware event
- - Practical insights and takeaways
- - A chance to ask questions and engage with peers
Bio: Joshua brings over 20 years of experience to the field, with a focus on developing and implementing comprehensive security programs. His career spans both corporate and consultancy roles, providing a well-rounded perspective on the challenges facing modern organizations.
Previously serving as CISO at a global manufacturing company, he gained firsthand experience managing enterprise-wide security initiatives. This background informs his current work leading a vCISO practice and MSSP services, where he assists clients in strengthening their security postures across various industries.
His expertise covers a broad range of areas including:
- Building security programs from the ground up
- Addressing compliance, operational, strategic, and financial security risks
- Aligning security measures with business objectives
- Developing and leading high-performing security teams
In his current role, he provides strategic guidance to help organizations navigate the complex landscape of network security. His approach emphasizes practical, implementable solutions that balance protection with operational efficiency.
With experience spanning the evolution of cybersecurity over two decades, he offers insights into both the technical and managerial aspects of maintaining strong security in an increasingly connected world.