Join us for the 2nd annual, award-winning virtual Purple Hats Conference—the industry destination for cybersecurity practitioners to collaborate, share ideas, and learn how to evolve from a reactive to proactive threat informed defense! 

Founded by AttackIQ, Purple Hats provides free access to globally recognized experts, technical content, and innovative techniques for improving your security posture and building a stronger, more collaborative team.

Featured Speakers

Jen Easterly
Jen Easterly
Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA)
Arthur Brooks
Arthur Brooks
Contributing writer at The Atlantic, Harvard Kennedy School and Business School professor, author From Strength to Strength: Finding Success, Happiness, and Deep Purpose in the Second Half of Life
Dr. Richard J. Danzig
Dr. Richard J. Danzig
Senior Fellow at the Johns Hopkins Applied Physics Laboratory, a Trustee of the RAND Corporation, and former U.S. Secretary of the Navy
Dr. Melanie Mitchell
Dr. Melanie Mitchell
Davis Professor
Sante Fe Institute
Dr. Tina Seelig
Dr. Tina Seelig
Executive Director of the Knight-Hennessy Scholars Program and Professor of the Practice in the Department of Management Science and Engineering (MS&E) at Stanford University
Lt. General Loretta (Lori) Reynolds
Lt. General Loretta (Lori) Reynolds
Lieutenant General
United States Marine Corps (Ret.)
Ronald Eddings
Ronald Eddings
Co-Founder
Hacker Valley Media
Chris Cochran
Chris Cochran
Founder & Producer
Hacker Valley Media
Toby Shapshak
Toby Shapshak
Editor-in-Chief and Publisher
Stuff
Suzanne Schwartz
Suzanne Schwartz
Director of the Office of Strategic Partnerships and Technology Innovation
FDA

Agenda-at-a-Glance

Thursday, April 21, 2022 || 8 AM PT || 11 AM ET || 3 PM GMT

Opening General Session : 

Breakout Sessions : 

Closing General Session :

8:00 AM - 8:30 AM PDT

8:45 AM - 11:30 AM PDT

11:45 AM - 12:30 PM PDT

Breakout Session Tracks

Evidence-based Cybersecurity Management

After a decade of investment in cybersecurity capabilities since Stuxnet and the Shamoon attacks, the cybersecurity world is moving away from a pure ramp of adding security capabilities and towards an evidence-based approach to threat and risk management. What does that mean? At the strategic level, organizations have pivoted from making investments to seeing a validated return on investment. Practically, that means focusing on data-driven decision-making. In a world where nation-states and criminal groups can make moderate investments to disrupt operations, from ransomware as a service to strategic cyberattacks, can we prove that our defenses are working? What adjustments do we need to make to ensure success? This track brings together leading thinkers and practitioners in national security and cybersecurity planning, to include Chief Information Security Officers from the public and private sector, the former commander of U.S. Marine Corps Cyber Command and Assistant Commandant of the U.S. Marine Corps, and one of the world’s leading writers on of technology and risk management, who also happens to be a former U.S. Secretary of the Navy.

Threat-Informed Defense & MITRE ATT&CK

Since MITRE ATT&CK was published in 2015, it has led to a transformation in how security teams think about threats and approach cybersecurity effectiveness. In this talk track, join leading practitioners of threat-informed defense to discuss the state of research and the state of the practice in how teams elevate their security program performance. Join leaders from the Center for Threat-Informed Defense at MITRE Engenuity, policy makers and practitioners in medical device security, including from the FDA, and leaders from IDC and Stripe.

Leading in Cybersecurity

Leadership in cybersecurity is like leadership in any other avenue of human endeavor, with two major caveats: it involves a deep facility with technology, and it carries a deep degree of stress given the impact of potential security program failure. So how do cybersecurity leaders succeed? Cybersecurity leaders today lack data-driven visibility into their security effectiveness, and the result is they don’t know how well their security controls will perform against known threats. How can they solve that problem? Too often the world focuses on the “technology” aspect of cybersecurity, fetishizing speeds and feeds over time-tested leadership principles and practices. This talk track distills the unique challenges facing those tasked to lead teams in a complex environment, an environment defined by escalating attacks on U.S. and allied national interests, and offers clear examples from the field on how to succeed.

Technical

Learn from peers on how to technically improve, enhance, and evolve your cybersecurity practice. Submissions for this track will be selected from our Call for Papers on March 14th and published on March 17th.  

Applied Solutions for Threat-Informed Defense

Over the last seven years since the publication of the MITRE ATT&CK framework, the cybersecurity community has moved to adopt a threat-informed defense, leveraging ATT&CK to focus the community on known threat behaviors and validating security program performance. How has this transition helped improve the world’s cybersecurity posture and informed purple teams? In this content track, hear from leading cybersecurity solution providers on the front lines of helping customers confront advanced persistent threats, ransomware, and cybercrime – and learn how ATT&CK elevates cybersecurity effectiveness for providers and customers alike.

Sponsors

Purple Teaming for Dummies

Click here for a practical guide for building a purple team to maximize your security effectiveness.