Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Greg Dracon of .406 Ventures (far left) moderated a discussion between Rapid7's Corey Thomas, Veracode's Sam King, and Onapsis's Mariano Nunez about staying ahead of the competition. King (speaking), whose company has had three different owners since 2017, said in recent months her role has encompassed both chief executive and chief therapist.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Stellar views from EY's office on the 23rd floor. Next time we'll try to hold the event on a sunny day.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

"I've got a feeling this will be a great conference."

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Michael Daly of Raytheon chatted with Xconomy's Greg Huang about promising cybersecurity tools and ways he tries to keep his data safe. (Pro tip: Stay off social media.)

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

American Superconductor's Daniel McGahn (right) shared with Xconomy's Brian Dowling and the audience how his company survived a corporate espionage plot. He also has pro tips for keeping data secure: "I use a pen. I don't use a computer."

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Plenty of opportunities to exchange ideas and business cards at Xconomy events.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Edna Conway of Cisco contributed to the discussion even before her talk on stage.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

The program left attendees with plenty to talk about.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Law firms are rich targets for hackers because they have access to tons of clients' sensitive info, said Amanda Fennell of Relativity. She and Christopher Ahlberg of Recorded Future explored attack methods and defense strategies.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Unclear what Michael Daly (right) is sharing here, but we know it's not a Facebook status.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

The audience got plenty of chances to ask questions and interact with speakers.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

The program was chock-full of good ideas and useful tips.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Lots of good photo ops, too.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Cybereason's Israel Barak shared takeaways from one of the company's "honeypot" operations, which monitored hackers' tactics as they attacked a fake computer system set up as a trap.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Always a tasty spread at these gatherings.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Attendees reflected on the program while enjoying good food and drink.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Emily Frye of MITRE Corp. and Jeremy Hitchcock of Minim lamented the cyber vulnerabilities of the rapidly growing number of internet-connected devices worldwide.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Glasswing Ventures' Rick Grinnell asked Frye and Hitchcock crucial questions about connected device security.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Cybersecurity is serious business, but Ophir Gaathon of Dust Identity and Edna Conway of Cisco still had fun talking supply chain security.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

HackerOne's Marten Mickos and Mapbox's Olivia Brundage provided a window into the world of ethical hacking and bug bounty programs.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

Mapbox's bug bounty program has averaged finding around 250 vulnerabilities per year since 2015, Brundage said.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

The creative juices (and the wine) were flowing.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

New security tools and tactics were the focus of the day's final panel discussion between (left to right) Michael Figueroa of the Advanced Cyber Security Center, Carbonite's Mohamad Ali, Very Good Security's Mahmoud Abdelkader, and Pixm's Arun K. Buduri.

© 2019 Patankar Photography & Design

Cyber Madness: Case Studies in Security

Cyber Madness: Case Studies in Security

"Dang, I can't believe the event is over already." Thanks to all of our speakers and guests, and see you all next time!

© 2019 Patankar Photography & Design

There are many front lines in the battle to secure cyberspace for any given business: hackers, nation states, corporate espionage, supply chain security, AI-powered cyber tools, and ratcheting-up risks with the Internet of Things.

All these facets—together with the tech companies carving a path through the dangers to take control in the ever-shifting state of play—were the focus of Xconomy’s Cyber Madness forum held in Boston last week. Big thanks to EY, our host, for providing a fantastic space with stunning views, and top-notch support.

And special thanks to Keith Patankar of Patankar Photography & Design for taking photos. Be sure to view the slideshow of them above.

The half-day conference, held April 8, broke open a range of case studies in security to help professionals get their arms around today’s challenges and tomorrow’s innovations in the sector.

“Try to get hacked in order not to get hacked,” was the prescription of Marten Mickos, CEO of HackerOne, a San Francisco-based company that assembles ethical hackers that probe computer systems and collect bounties for spotting vulnerabilities. Mickos and Olivia Brundage, an information security engineer with Washington, DC-based Mapbox, outlined how her mapping startup used the collective to hunt down soft spots in its software application and network infrastructure.

“The bad guys are already in your underwear, in your pockets, stealing everything you have,” Mickos said. “Every system will get hacked, and it is better to enlist the ones who will tell you how they did it so you can fix it.”

The event brought together executives, founders, investors, and security professionals from a range of industries, all seeking practical takeaways about the evolving cyber battlefield.

Michael Daly, Raytheon’s (NYSE: RTN) chief technology officer for cybersecurity and special missions, kicked off the day in a discussion with Xconomy Editor-in-Chief Greg Huang about how he secures his digital self at home, at work, and on the road. He said technologies such as blockchain’s distributed ledger and quantum computing are highest on his list to lead to breakthroughs in cybersecurity.

The intellectual property risks emanating from China came into full view as American Superconductor CEO Daniel McGahn presented how his Ayer, MA-based company (NASDAQ: AMSC) survived a corporate espionage plot and successful cyber theft on the part of its largest customer—a damaging blow that resulted in 600 lost jobs and more than $1 billion in market cap erased.

In 2011, an American Superconducter employee took a $1.7 million bribe from a Chinese customer to steal the source code of software that managed power flow in wind turbines. The theft was investigated and eventually prosecuted by US authorities, resulting in a guilty verdict and a $59 million settlement from the customer, China-based Sinovel.

“It’s very James Bond movie-like. … It sounds fun, but it sucks to live it,” McGahn said. “We are at war with China, and we’re losing.”

The exploding growth of web-connected devices, from thermostats to baby monitors, has raised alarms about how many more entry points hackers now have to get into people’s personal networks. It has also prompted discussion of what security standards these devices should be held to before making their way to store shelves.

The risks are starting to sink in more broadly as the cyber world is increasingly stitched into peoples’ domestic lives, said Emily Frye, director of cyber integration for the MITRE Corp.

“The idea is becoming more real to us because the space we traditionally considered cyber spaces are no longer distinct from our actual bodies, right?” Frye said, highlighting that the internet touches many people’s home climate control systems and even refrigerators.

Moderator Rick Grinnell, co-founder and managing partner of Glasswing Ventures, asked Minim CEO and founder Jeremy Hitchcock whether the IoT industry had learned its lesson in the wake of massive botnet operations such as the Mirai distributed-denial-of-service attack in 2016, which took advantage of security holes in web-connected devices to temporarily render much of the web inaccessible. Hitchcock said software developers know how to write more secure code nowadays, but there isn’t always the incentive to do so for low-cost consumer devices.

“We have the best shovels,” he said, “but just don’t want to commit to digging.”

Cybereason chief information security officer Israel Barak presented step by step how one of his company’s “honeypot” intel-gathering operations quickly learned how a power control system, such as an electrical substation, could be compromised by hackers. Once Cybereason launched its fake computer system, which, to outside hackers, looked and felt like a real power control system, it took two days for it to be compromised.

In a panel of cybersecurity CEOs that included Veracode’s Sam King, Rapid7’s (NASDAQ: RPD) Corey Thomas, and Onapsis’s Mariano Nunez, the question of the day was how do you keep up with how fast the field is changing?

“How do you add sophistication and simplify [the product] at the same time has been one of the harder skillsets to navigate,” Thomas said.

Xconomy deputy editor of tech Jeff Engel contributed to this report.

Brian Dowling is a Senior Editor at Xconomy, based in Boston. You can reach him at bdowling [at] xconomy.com.