Join us for the 2nd annual, award-winning virtual Purple Hats Conference—the industry destination for cybersecurity practitioners to collaborate, share ideas, and learn how to evolve from a reactive to proactive threat informed defense!
Founded by AttackIQ, Purple Hats provides free access to globally recognized experts, technical content, and innovative techniques for improving your security posture and building a stronger, more collaborative team.
Contributing writer at The Atlantic, Harvard Kennedy School and Business School professor, author From Strength to Strength: Finding Success, Happiness, and Deep Purpose in the Second Half of Life
Dr. Richard J. Danzig
Senior Fellow at the Johns Hopkins Applied Physics Laboratory, a Trustee of the RAND Corporation, and former U.S. Secretary of the Navy
Dr. Tina Seelig
Executive Director of the Knight-Hennessy Scholars Program and Professor of the Practice in the Department of Management Science and Engineering (MS&E) at Stanford University
Thursday, April 21, 2022 || 8 AM PT || 11 AM ET || 3 PM GMT
Opening General Session :
Breakout Sessions :
Closing General Session :
8:00 AM - 8:30 AM PDT
8:45 AM - 11:30 AM PDT
11:45 AM - 12:30 PM PDT
Breakout Session Tracks
Evidence-based Cybersecurity Management
After a decade of investment in cybersecurity capabilities since Stuxnet and the Shamoon attacks, the cybersecurity world is moving away from a pure ramp of adding security capabilities and towards an evidence-based approach to threat and risk management. What does that mean? At the strategic level, organizations have pivoted from making investments to seeing a validated return on investment. Practically, that means focusing on data-driven decision-making. In a world where nation-states and criminal groups can make moderate investments to disrupt operations, from ransomware as a service to strategic cyberattacks, can we prove that our defenses are working? What adjustments do we need to make to ensure success? This track brings together leading thinkers and practitioners in national security and cybersecurity planning, to include Chief Information Security Officers from the public and private sector, the former commander of U.S. Marine Corps Cyber Command and Assistant Commandant of the U.S. Marine Corps, and one of the world’s leading writers on of technology and risk management, who also happens to be a former U.S. Secretary of the Navy.
Threat-Informed Defense & MITRE ATT&CK
Since MITRE ATT&CK was published in 2015, it has led to a transformation in how security teams think about threats and approach cybersecurity effectiveness. In this talk track, join leading practitioners of threat-informed defense to discuss the state of research and the state of the practice in how teams elevate their security program performance. Join leaders from the Center for Threat-Informed Defense at MITRE Engenuity, policy makers and practitioners in medical device security, including from the FDA, and leaders from IDC and Stripe.
Leading in Cybersecurity
Leadership in cybersecurity is like leadership in any other avenue of human endeavor, with two major caveats: it involves a deep facility with technology, and it carries a deep degree of stress given the impact of potential security program failure. So how do cybersecurity leaders succeed? Cybersecurity leaders today lack data-driven visibility into their security effectiveness, and the result is they don’t know how well their security controls will perform against known threats. How can they solve that problem? Too often the world focuses on the “technology” aspect of cybersecurity, fetishizing speeds and feeds over time-tested leadership principles and practices. This talk track distills the unique challenges facing those tasked to lead teams in a complex environment, an environment defined by escalating attacks on U.S. and allied national interests, and offers clear examples from the field on how to succeed.
Learn from peers on how to technically improve, enhance, and evolve your cybersecurity practice. Submissions for this track will be selected from our Call for Papers on March 14th and published on March 17th.
Applied Solutions for Threat-Informed Defense
Over the last seven years since the publication of the MITRE ATT&CK framework, the cybersecurity community has moved to adopt a threat-informed defense, leveraging ATT&CK to focus the community on known threat behaviors and validating security program performance. How has this transition helped improve the world’s cybersecurity posture and informed purple teams? In this content track, hear from leading cybersecurity solution providers on the front lines of helping customers confront advanced persistent threats, ransomware, and cybercrime – and learn how ATT&CK elevates cybersecurity effectiveness for providers and customers alike.
Purple Teaming for Dummies
Click here for a practical guide for building a purple team to maximize your security effectiveness.