Agenda

The Agenda is currently being developed, check back for updates.

Monday, October 9, 2023
3:30 PM - 3:50 PM
3:30 PM - 3:50 PM
Jessica C. Davis Brad Hanly

What is the state of the MSSP and security MSP market? What are the key services and offerings that managed security service providers offer to their clients? How many tools are technologies are in the average MSP/MSSP stack? How often do MSPs/MSSPs interact with their clients? How often are MSPs/MSSPs seeing certain types of attacks at their client sites? MSSP Alert conducted research in June and July of 2023 together with Arctic Wolf. Join us for this fireside chat to kick off the conference to share these research findings and find out how your business aligns with these benchmarks.

3:50 PM - 4:15 PM
3:50 PM - 4:15 PM
Simon-David Williams

Cyberattacks happen every day, and MSP's and MSSP's are positioned to be the defenders for end user organizations and also for individuals. Service providers can be the heroes here, by understanding how the dark side works and being the "Jedis" in the war against cybercrime. In this session you'll be guided by just such a Jedi in the war against cybercrime as he takes you on a tour of the Dark Web. You'll get a view of in-process ransomware attacks, learn how to proceed in an active cybercrime to secure the people and the business, and get important best practices for dealing with an active incident. 

4:15 PM - 5:00 PM
4:15 PM - 5:00 PM
Robert Cioffi

Imagine hackers using your RMM to install Ransomware on all your clients simultaneously? It’s the ultimate nightmare scenario every MSP fears the most.

Progressive Computing was one such victim of the Kaseya VSA attack in 2021 and victoriously battled to win back their business after ransomware was installed across their entire client base.

This is a personal story. A human story. An emotional story. Prepared to be frightened and inspired.

Key Learning Objectives:

  • Why community is a critical success factor in the war on cybercrime
  • Lessons about why strong leadership, culture, and core values can lead any company through their darkest hours or times of crisis
  • Traps and pitfalls to avoid during a crisis, and how to adjust communications, roles, and processes in wartime
5:00 PM - 7:00 PM
5:00 PM - 7:00 PM
 
 
Tuesday, October 10, 2023
7:15 AM - 8:00 AM
7:15 AM - 8:00 AM
 

More Managed Service Providers (MSPs) are delivering security services outside of traditional MDR services. But standing up a SOC is capital intensive and challenging with the talent shortage and thousands of point solutions. How do you find the right master MSSP partner to deliver advanced security for your clients?  Join Overwatch by High Wire Networks over breakfast to explore what aspects to outsource, how to find the right MSSP partner, and how to maintain value delivery to your customers through a partnership.

7:30 AM - 8:30 AM
7:30 AM - 8:30 AM
 

 

 

8:30 AM - 9:00 AM
8:30 AM - 9:00 AM
David MacKinnon

Preparing a disaster response plan is one thing. But have you practiced the plan itself in a simulation? Learn why this step, often skipped, is so important, and some best practices for creating and practicing your plan. Be ready when an incident occurs. 

9:00 AM - 9:30 AM
9:00 AM - 9:30 AM
Jessica C. Davis Abby Thoennes

An official from CISA's JCDC talks about the agency's cyberdefense plan for MSPs, how the agency works with the managed services market, and what's to come in the months ahead. 

Key Learning Objectives: 

  • What CISA is and how we are here to help the MSP/MSSP community
  • What does JCDC do and what is cyber defense planning
9:35 AM - 10:20 AM
9:35 AM - 10:20 AM
 

If there’s one thing, we’re certain of its cybersecurity requires great team collaboration and cooperation. But with dozens of cyber tech vendors, stretched MSPs, and limited end-user IT resources, how do you manage an effective security operations (SecOps) program? Our panel includes an MDR provider, an MSP, and an IT department manager to share their views on how to strike the right balance in a Shared Responsibility Model to achieve powerful yet practical SecOps. 

9:35 AM - 10:20 AM
Jay Tipton Robert Cioffi Wayne Selk

This panel will examine the importance of community in surviving cybersecurity incidents and delve into the origin story of a new offering from CompTIA, the Emergency Response Team. Learn what this team can do to help your organization if you experience an incident. Find out how you, too, can help in providing the community that is needed by other MSPs that may experience an incident.

10:20 AM - 10:45 AM
10:20 AM - 10:45 AM
 
 
10:45 AM - 11:30 AM
10:45 AM - 11:30 AM
David Wagner Michael E. Crean

Find your sweet spot, drive new revenue streams and deliver enhanced solutions to clients. This panel discussion will examine how MSSPs and MSPs can leverage a client’s existing infrastructure through the use of an Open XDR approach. 

Key Learning Objectives: 

  • By leveraging the client's existing infrastructure through an Open XDR approach, these MSSPs will showcase how they maximize the potential of investments to bring greater value and comprehensive security services to their customers.
  • Stellar Cyber's panel emphasizes the collaborative and innovative approach of MSSPs in harnessing open platforms for the benefit of their clients
  • This panel will help you find your goldilocks go-to-market strategy
10:45 AM - 11:30 AM
Abby Thoennes

An official from CISA's JCDC talks about the agency's RMM and best practices for MSPs.

11:35 AM - 12:20 PM
11:35 AM - 12:20 PM
Andrew Murphy

Ransomware turned 10. There was a 55.5% increase in HTTPS vs HTTP phishing attacks. The last year has been one for the record books in numerous ways and the realm of cyber threats was no exception. As traditionally active threat categories, such as malware, trended downward, others spiked unexpectedly. Analysts, researchers and security companies have been working quickly and constantly to identify and block emerging threats, but attackers have been just as quick in devising new tricks and tactics.

Key Learning Objectives: 

  • Takeaway knowledge on the latest cyber threats (malware, phishing, ransomware); learn something new
  • Understand the landscape and what to look for in order to be preemptive of an attack
  • Learn strategies for mitigating attacks if/when they do happen
11:35 AM - 12:20 PM
Jesse Miller

Virtual CISO services can enhance your managed security service business, but there are a number of factors to consider when looking to provide this as part of your portfolio. In this session/panel, we’ll dive into what you need to know to create, package, price, and sell vCISO services, whether you are new to offering these services or are looking to refine your offering for better service, efficiency, and profitability.

12:20 PM - 1:30 PM
12:20 PM - 1:30 PM
 
 
1:30 PM - 2:15 PM
1:30 PM - 2:15 PM
Erik Holmes

Snapshot-in-time penetration tests are limited in scope, limited by human testers, limited by time, and limited by findings based on what the testers are presented with during the testing period. The results have a very short shelf life with little insight into how to properly prioritize and correct the findings. Continuous Security Testing allows an organization to understand their security posture every day, discover new issues immediately, and prioritize findings based on the business's needs. Finally, Continuous Security Testing allows an organization to immediately validate remediation.

Key learning objectives:

  • The limitations of penetration tests
  • The importance of continually testing your security settings, controls, and team
  • How to quickly implement a continuous security testing program

 

1:30 PM - 2:15 PM
 

In an era where cloud technology has revolutionized the way organizations operate, ensuring robust cloud security is paramount. But not just for the security of your cloud assets. With attackers increasingly traversing back and forth between on-premises and cloud environments, ignoring the link between the two could mean allowing threats to spread. And while you've heard about attackers exploiting on-prem devices to get to cloud, we're increasingly seeing the opposite as well. Join as we look at the state of the market in cloud security, and as we explore a recent attack that exploited cloud infrastructure to pivot to the on-premises environment. Learn what this real-world incident means for you and gain insights for safeguarding your organization against cloud-based threats.

 

2:20 PM - 3:05 PM
2:20 PM - 3:05 PM
Josh Stegall Cesar Vargas Michael E. Crean

Learn how AI and ML are affecting cybersecurity in both positive and negative ways and how AI based solutions can help you and your clients combat the threats posed by generative AI.

Key Learning Objectives:

  • Following this session you'll be able to understand: The growing number of threats posed by generative AI across malware and advanced persistent threats leading to more cyber incidents and data breaches
  • AI-based solutions are better poised to combat these threats and why
  • How AI-based solutions can make you more efficient as an MSSP
2:20 PM - 3:05 PM
Sunny Kaila

In this session, Sunny Kaila, CEO of IT By Design, a global talent authority with over 600 team members, will discuss how a focus on talent development and growth can help SMBs grow their businesses 10x. In this session, Sunny will discuss different talent strategies that Leaders can use to help create self-transforming teams that lead and hold each other accountable. Creating organizations where your teams lead and drive accountability themselves, allowing owners to have a balanced and fulfilling life, while also supporting the growth of their team and leaders. 

3:05 PM - 3:30 PM
3:05 PM - 3:30 PM
 
 
3:30 PM - 4:15 PM
3:30 PM - 4:15 PM
David Leone Doug Denny

In an ever-evolving cyber threat landscape, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) play a critical role in safeguarding businesses from sophisticated attacks. This presentation abstract provides a glimpse into our upcoming session, where we will explore the realm of cutting-edge cyber threats and unveil an exclusive partnership opportunity with Perception Point.

Join us as we delve into the fascinating world of advanced cyber threats, including:

Phishing Redefined: Discover the intricacies of sophisticated attacks like "Quishing" and "Two-Step Phishing" that are designed to outwit traditional security measures.

GenAI Cyber Attacks: Uncover the enigmatic realm of GenAI cyber attacks, where artificial intelligence and machine learning are leveraged by adversaries to launch devastating assaults.

Business Email Compromise (BEC): Gain insights into the tactics, techniques, and procedures employed by cybercriminals in BEC attacks, a growing menace to organizations worldwide.

Browser-Based Threats: Explore the rising trend of attacks occurring within web browsers and learn how to defend against these elusive threats.

But that's not all. We are excited to introduce you to Perception Point, a leader in advanced threat detection and prevention. Learn how their cutting-edge technology can bolster your MSP/MSSP offerings, fortifying your security stack against even the most cunning adversaries.

Furthermore, discover our exclusive MSP program, designed to address the unique challenges that MSPs and MSSPs face in today's dynamic cybersecurity landscape. We will elaborate on how this program empowers you with the tools, resources, and expertise needed to stay ahead of emerging threats and provide unparalleled protection to your clients.

Join us for this enlightening session, where we bridge the gap between advanced cyber threat knowledge and practical solutions for MSPs and MSSPs. Together, we will build a more resilient and secure digital future.

 

3:30 PM - 4:15 PM
Mike Saylor

Specializing in vertical markets offers a number of business benefits to MSSPs. In this session, you’ll hear from BlackSwan Cybersecurity which has created three specialties – education, healthcare, and auto dealerships. You’ll learn how the company broke into these markets; how the specialization has helped in operations, sales, technology, and other functions; and what you can do to prepare for specializing in a vertical market yourself.

Key Learning Objectives:

  • Think about the unique or special needs of a target vertical
  • Determine how to build a team, service, or product that aligns with the needs of a target vertical
  • Conceptualize a business model that incorporates the pieces and economics necessary to be secured to be successful, including overhead, partnerships, expenses, marketing, and pricing
4:20 PM - 5:05 PM
4:20 PM - 5:05 PM
 

Join our expert panel to learn how MSPs can strengthen cyber resilience. Discover alarming stats about cyber threats and the lack of incident response plans. Explore the importance of cybersecurity frameworks in preventing and responding to attacks. Get practical tips for crafting an effective incident response plan from an MSP perspective. Equip your business to thrive in the digital age.

Key Learning Objectives

  • Learn how to build true cyber resilience within your business 
  • How to use cybersecurity framework properly 
  • Discover a practical exercise from Greg Jones that you can test readiness within any business
4:20 PM - 5:05 PM
Bob Miller

This discussion centers around establishing an organization's security maturity level (SML) and taking that knowledge and crafting a real security strategy that improves the enterprise security practice. The talk centers around the breakdown of needs into measurable efforts that when completed raise the SML of the enterprise. The SML allows a company to create a meaningful roadmap to achieve their security strategy.

5:05 PM - 7:00 PM
5:05 PM - 7:00 PM
 

 

Wednesday, October 11, 2023
7:15 AM - 8:00 AM
7:15 AM - 8:00 AM
Eric Russo

The cybersecurity industry is full of acronyms, and “XDR” is one that is not universally well understood. This acronym was introduced by Gartner in 2018. Flash forward to 2023, and many vendors claim they are offering ‘XDR’ in some form. But what does it actually mean? What can, and should, XDR do for an MSP and MSSP, and why is it such an important consideration?

Key Learning Objectives: 

  • What XDR is, and what it is not
  • The benefits of XDR for MSPs and their customers
  • Things MSPs should look for when investigating an XDR solution
7:30 AM - 8:30 AM
7:30 AM - 8:30 AM
 
 
8:30 AM - 9:15 AM
8:30 AM - 9:15 AM
Linda Rose

The key to selling your company is knowing what drives valuation and what specific buyers (Strategics and Private Equity) look for in assessing a technology service provider. In this session, Linda will share the 8 key variable buyers look for when valuing a company, and "best in class" KPIs to strive for when preparing for a sale. Whether you are contemplating a sale in 12 months or 60 months, this is a session you won't want to miss. 

Key Learning Objectives: 

  • Understand that company value is more than top-line revenue and bottom-line net income
  • Learn that buyers purchase future opportunities, not past performance, therefor we must show the sustainability of your company 
  • Learn to run your business on metrics you can monitor 
8:30 AM - 9:15 AM
Eric Kalseth

We get it. Battling cybercrime is tough, especially for those running small businesses. MSPs often have limited budget, staff, and time, making investment in strong cybersecurity difficult.

As a result, SMBs have become an excellent target for cybercriminals. Threat actors prey on finding vulnerabilities you’ve yet to lock down. With threats constantly evolving and becoming more sophisticated, it's challenging for small businesses to keep up with the latest preventive measures.

Technology alone cannot prevent every attack and unfortunately, SMBs are bearing the brunt of this reality. However, the good news is that as technology evolves, so does the support system for SMBs.

Key Learning Objectives:

  • Why SMBs are particularly vulnerable to an attack
  • How you can identify and mitigate the cognitive bias that prevents change
  • How adversaries are exploiting legitimate IT tools, stolen credentials, access permissions, and unpatched vulnerabilities
9:20 AM - 10:05 AM
9:20 AM - 10:05 AM
Ted Roller

Is your managed service business stuck at its current annual recurring revenue level? Are you struggling to double the size of your business? This is the session for you. Learn the steps you need to take to take the business to the next level.

9:20 AM - 10:05 AM
Andrew Maguire

Advanced malware, phishing threats, as well as EDR and XDR false positives are a vast drain on time, money, and skilled MDR SOC resources. Today, a sandbox detonation environment is the last line of defense for identifying malicious threats that bypass existing security controls. But not all sandbox technology is created equal. Sandbox technology has evolved beyond single file submissions to a fully automated solution with integrations into industry-leading EDR, XDR, SIEM, and SOAR platforms, such as CrowdStrike and SentinelOne. Join this session to get up to date on sandboxing and how critical it is to the success or failure of the SOC. 

Key Learning Objectives: 

  • In this breakout session, join VMRay’s Senior Product Marketing Manager, Andrew Maguire, to understand how sandbox technology can improve your MDR’s economy of service 
  • In addition, learn how critical the underlying technology is to the success or failure of SOC Teams when dealing with advanced Anti-Sandbox evasion techniques employed by today’s modern malware families
  • At the end of this session, attendees will walk away with practical tips to reduce attacker dwell times in your client networks
10:05 AM - 10:30 AM
10:05 AM - 10:30 AM
 
 
10:30 AM - 11:15 AM
10:30 AM - 11:15 AM
Jessica C. Davis Dave Sobel

Everybody has been experimenting with tools like ChatGPT, but it is there really an opportunity for MSP's when it comes to advanced technologies such as artificial intelligence and machine learning? We'll take a look at how MSP's can use these technologies today, what managed services end user customers are expecting from them, and how you can get ready for the next opportunities around data, analytics, machine learning and AI. 

10:30 AM - 11:15 AM
 

Msps and MSSPs have adopted one of the most difficult roles in the Defense ecosystem. These service providers perform control capabilities on behalf of their clients in the Defense Industrial Base and as such, bear the burden of validating implementation on their client's behalf. 

MSPs and MSSPs will need a CMMC L2 certification or as validated by a 3rd party; required to implement all 110 controls. As such, they will need a System Security Plan along with a Shared Responsibility Matrix and be fully prepared for assessment. How would you prepare and what is meaningful to an assessor? 

Key Learning Objectives: 

  • Able to understand their role in the Defense ecosystem 
  • Able to understand requirements to prepare their team and environment for assessment 
  • Determine if the ROI for serving defense contractors aligns with their business goals
11:20 AM - 12:00 PM
11:20 AM - 12:00 PM
Abraham Garver

The MSP M&A market, including PE investments, has been super hot over the past few years. In this session we'll examine the trends and the impact interest rates have had on M&As this year. You will hear about MSP valuations in 2023 and what PE firms are looking for when it comes to investing in managed service providers. Plus, we'll offer key tips on how to increase your valuation before you put your business on the market. Whether you are ready to sell today or you want to get ready in the next 5 years, this is the session you won't want to miss.