Washington DC Agenda

The 2018 Agenda is coming soon.

A copy of the 2017 agenda is below.

8:30am – 9:00am
Continental Breakfast and Registration
9:00am – 9:10am
Welcome and Opening Remarks

9:10am – 9:30am
Session 1: Polling the Audience

  • What is your data security role at your organization?
  • What are your pain points, biggest issues?
  • What do you want to get out of the seminar?

9:30am – 10:30am
Session 2: Information Sharing, Law Enforcement, and Vulnerability Programs: Pros and Cons

  • Federal legislative landscape and the Cybersecurity Information Sharing Act (CISA)
    • Building information sharing and trust between public and private sectors
    • Corporate views on information sharing
  • Information Sharing and Analysis Centers (ISACs)
  • Law enforcement landscape
    • How, who, and when to contact law enforcement
    • Responding to law enforcement requests for data (including location monitoring data)
    • Encryption backdoor debate
    • United States v. Microsoft and similar Google decisions
  • Vulnerability programs – what are they and when can you white hat hack

10:30am – 11:00am
Coffee Break

11:00am – 12:00pm
Session 3: Data Security and Privacy Litigation

  • Class Actions’ Viability — Injury (Standing)
    • The Spokeo Effect — 2017 appellate decisions, e.g.:
      • Attias v. CareFirst (D.C. Cir.)
      • Katz v. The Donna Karan Co. (2d Cir.)
      • Kuhns v. Scottrade
      • Robins v. Spokeo on remand (9th Cir.)
    • Neiman Marcus v Remijas (7th Cir.)
    • Mohammad S. Galaria & Anthony Hancock v. Nationwide Insurance Company (6th Cir)
  • New causes of action and theories of recovery
  • Am I covered? Insurance coverage and related litigation
    • Engl v. Natural Grocers
    • Equifax

12:00pm – 1:00pm
Networking Luncheon

1:00pm- 2:00pm
Session 4: Fighting the Cyber War: Corporate Governance, People and Process

  • Where are you today? Where do you want/need to be?
  • Extracting Lessons Learned from 2016 Security Incidents
  • Proactive Risk Assessments – Prioritizing Your Security Controls
    • Risk appetite
  • Due Diligence in Deals
    • Yahoo!
  • Creating a Security Culture
  • Are structured to respond?
    • Building a comprehensive response plan
    • Implementation in the trenches
  • Board responsibility for cyber
  • Enforcing best practices for corrective actions
  • Considering Insider Threat
  • Impact of failure
    • Loss of market share and valuation
    • Reputational hit with customers/users

2:00pm – 3:00pm
Session 5: Fighting the Cyber War: Technology (Identify, Protect, Detect, Respond, Recover)

  • Perimeter Defenses – Secure Your Employees Where they Are
  • User-based rules
  • Defense in Depth
  • Security by Design
  • Monitoring and threat detection
    • Threat detection
    • “I didn’t know” is no longer acceptable
  • Actionable Intelligence: Need for Trusted Processes and Workflows (Automation and Orchestration)
  • Pen-testing
  • Mock exercises

3:00pm – 3:30pm
Networking Break

3:30pm – 4:30pm
Session 6: Avoiding Lightning in the Cloud and Addressing New Threats

  • The Cloud
    • Assessing Data Privacy Considerations in the Cloud
    • Negotiating up front as to Incident Response
    • Data commingling
    • Export Controls and economic sanctions Issues
    • Data Transfer Issues
  • IoT Devices
    • Unique Cybersecurity and Privacy Risks
    • Federal efforts to encourage IoT Security
  • DDoS Attacks
  • Privacy Shield
  • Implementation of the E.U. General Data Protection Regulations in May 2018
    • How it applies to U.S. companies
    • What is Informed Consent under the GDPR?
    • Sanctions and Fines

4:30pm – 5:30pm
Networking Reception


8:30am – 9:00am
Continental Breakfast
9:00am – 10:00am
Session 7: Operating in the Shadows

  • Darknet/TOR
  • Cybercriminals, recent arrests, and the impact on the threat landscape
  • International cooperation
  • Geolocation challenges
  • Anomaly Detection: Breaking the code of Zero Days

10:00am – 11:00am
Session 8: Recent Attacks and the Aftermath: Digital World Vulnerabilities, Physical World Consequences

  • FedEX, Recktt Benckiser and Hollywood
  • Presbyterian ransomware attacks
  • FDA guidance on protecting medical devices against cybersecurity attacks
  • Tencent hack of Tesla Model S
  • D-Link internet camera vulnerabilities
  • Dallas emergency siren hack
  • What else?  Critical infrastructure? Elections? Product tampering?

11:00am – 11:30am
Coffee Break

11:30am – 12:30pm
Session 9: Ethics in Cybersecurity

  • Threat landscape for law firms
  • Ethical obligations of law firms to protect client data (and understand technology)
  • How are companies (especially in regulated industries) scrutinizing and managing law firms?
  • What do you require of opposing counsel and other third parties when turning over information in discovery?
  • What assurances do we have from the government with sensitive info?
  • Ethical obligations when advising client on how to handle cybersecurity-related legal issues


Agenda is subject to change.