Hi [[ session.user.profile.firstName ]]

Cybercast by ITPG Secure Compliance

  • Date
  • Rating
  • Views
  • Attacker's Methodology
    Attacker's Methodology Jason Dion, CISSP - Cyber Security Trainer at Dion Training Solutions Recorded: Feb 1 2018 23 mins
    A brief overview of the Attacker's Methodology. In this webinar we began our quest to think like an attacker. We will cover the 6 stages of an attack: reconnaissance, scanning & enumeration, gaining access, escalating privileges, maintaining access, and covering your tracks.
  • Let's talk about OSSTMM with Pete Herzog from inside out
    Let's talk about OSSTMM with Pete Herzog from inside out Pete Herzog, Managing Director at ISECOM Recorded: Dec 14 2017 60 mins
    In early 2000, the Open Source Security Testing Methodology Manual (OSSTMM) was released with the primary objective of improving how the enterprise conducted security testing. Key sections of this methodology include operational, human, physical, wireless, telecommunication, and data network security testing. Today, OSSTMM is widely regarded as a methodology for penetration testing world-wide, offering a standard approach to conducting security testing. Frank Shirmo of ITPG Secure Compliance, a Cyber Security Boutique in Northern Virginia will be joined by Pete Herzog, the creator of OSSTMM, to answer key questions, and provide clarifications on OSSTMM for CTOs, CISOs, CIOs, Security Engineers and Analysts, and all other stakeholders interested in the topic of security testing.
  • Best Cyber Breach Protection: Certified NIST RMF Professionals
    Best Cyber Breach Protection: Certified NIST RMF Professionals Dr. Ron Ross, Mr. Richard Spires, and Dr. Victor Berlin Recorded: Dec 8 2017 64 mins
    Dr. Ron Ross (NIST), Richard Spires (Learning Tree Int’l), and Dr. Victor Berlin (Mission Critical Institute) will discuss how hiring Certified NIST RMF Professionals can be your key to cybersecurity breach protection.

    Dr. Ron Ross, Fellow, National Institute of Standards and Technology
    Ron Ross is a Fellow at the National Institute of Standards and Technology. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the NIST Risk Management Framework.

    Mr. Richard Spires, CEO, Learning Tree International (CIO, DHS, IRA ret.)
    Richard Spires is CEO of Learning Tree International. Previously he has served as the U.S. Department of Homeland Security’s (DHS) Chief Information Officer (CIO) and IRS’s CIO. Spires also served as the Vice-Chairman of the Federal Government CIO Council and the Co-Chairman of the Committee for National Security Systems (CNSS).

    Dr. V. N. Berlin, CEO, Mission Critical Institute
    Victor Berlin is the CEO of Mission Critical Institute (MCI). MCI enables universities to graduate career-ready cybersecurity risk management professionals by utilizing MCI’s cutting-edge cybersecurity education system. Dr. Berlin has over 15 years of cybersecurity graduate level education experience which includes serving as the founding president of the first accredited cybersecurity graduate university, University of Fairfax.
  • Leading through adversity and burnout to create a high performing security team
    Leading through adversity and burnout to create a high performing security team Sharon Smith, CISSP ITPG Secure Compliance VP, Cybersecurity Strategy and Advisory Services Recorded: Nov 30 2017 51 mins
    Security professionals are constantly in a state of adversity, always trying to battle the unseen advisory with little resources and lack of understanding from leadership. Often there is little to no recognition of a job well done, because no one can see the results of a good security team, no breach. It is only when there is an issue that the lights shine on the security team and that is when everyone asks why is it going wrong? This makes leadership within security that much harder, how do you help a team that is up against constant adversity from burning out and leaving. In this webinar, Sharon Smith will discuss the Five Pillars of a high performance security team and how you as a leader can tap into these to help your team achieve more and get better results.
  • AI and the Scientific Method for Cyber Investigation Automation
    AI and the Scientific Method for Cyber Investigation Automation Shawn Riley, Chief Data Officer | Cybersecurity Scientist at DarkLight Recorded: Nov 16 2017 48 mins
    "Artificial Intelligence" is arguably one of the most over-used terms in cybersecurity today and despite the potential, most organizations are in the dark about how best to apply it -- and more importantly, how to explain the results it produces. We will discuss how encoding expert tradecraft using scientific methods and common knowledge / data models - can produce AI with explainable results for improved investigation and an active cyber defense.
  • Top cyber threats in the financial sector
    Top cyber threats in the financial sector Candid Wueest, Principal Threat Researcher, Symantec Recorded: Nov 16 2017 49 mins
    Financial institutions are increasingly facing attacks on multiple fronts.

    Cyber criminals continue to target online banking using malware to hijack customer transactions and banking sessions. While there has been an overall drop in infections related to these consumer threats, financial institutions are now facing new types of attacks in the form of large-scale financial heists.

    Attack groups such as Fin7 and Lazarus are deliberately targeting financial institutions in audacious attacks that are reaping large rewards. They are using living off the land and fileless attack tactics similar to APT groups. But also extortion with DDoS attacks or business email compromise (BEC) scams are increasingly bothering financial corporations.

    In this webcast on the current financial threat landscape, Symantec takes a look at the most prevalent and significant financial threats.

    In this webcast we will review:
    - The top threats facing financial institutions with statistics and examples
    - Explore the most common techniques employed in financial attacks
    - Provide case studies of the most high-profile financial attacks of the past 12 months
  • Defending from Attack: Winning the Cyber Conflict
    Defending from Attack: Winning the Cyber Conflict Griff James, Director, Damrod Analysis Ltd. Recorded: Nov 14 2017 31 mins
    Effective responses to modern IT risks requires a transition from cyber security to cyber defense. This presentation introduces analysis based on proven military tools to understand, assess, and defend against cyber-attack. See how Petya worked its way in, and how to defend against it. Take away valuable tools and frameworks to develop your defenses.

    Presenter:

    Griff is trained as a Canadian Infantry Officer and is a graduate of the Johnson-Shoyama Graduate School of Public Policy. After a two-year stint as a Strategic Policy Analyst at the Treasury Board Secretariat in Ottawa, he moved to London where he completed a Master’s Degree at the LSE. Unable to find “real” work, he got into software development as a Scrum Master, leading the development of a web based application. This experience fostered an interest in cybersecurity, and Griff went on to a boutique start-up providing application security to Fortune 500 companies. Frustrated by the disconnect between technologies and poor analysis within cyber security, Griff founded cyber defense firm Damrod Analysis in 2017. He is London based, where he and his wife are expecting their first child shortly.
  • Social Engineering: Still a threat?
    Social Engineering: Still a threat? Tarrell "Mac" McCrory, CISSP, CEH Recorded: Oct 26 2017 55 mins
    When you hear the term Social Engineering, the first thing that pops into your mind will invariably be phishing emails. However, there are many aspects of social engineering that are, more often than not, completely overlooked. Identity impersonation, physical penetration, and various other means can just as easily be employed to breach company after company. While the ability to detect malware and other types of breaches get better by the day, these types of attacks are rarely discovered quickly, if at all. Enterprise level security accounts for many of these, but rarely all. Join the indepth discussion of how Social Engineering can be dangerous for an organization and what can be done about.


    Previously, Mr. McCrory was one of the founding employees of PhishMe, Inc. where he developed and ran many social engineering engagements as a Managed Services Consultant, teaching management of various Fortune 500 and Global 100 comapnies how to deal with phishing and on occassion, various other forms of social engineering attacks.

    Mr. McCrory is also currently working on his first book and working as an independent consultant.
  • NIST 800-171 Protect CUI or Risk Losing Federal Business
    NIST 800-171 Protect CUI or Risk Losing Federal Business Kelly Handerhan, CISSP, PMP, CASP, CEH, Cybrary.it SME Recorded: Oct 12 2017 63 mins
    Federal contractors that process, store or transmit what’s called Controlled Unclassified Information have until December to implement new, more stringent security guidelines to protect that information. Chances are your organization already meets some of the requirements, but it’s unlikely that you meet them all. Join us to identify what’s new, what’s not, what you have to do and how to assess the impact.
  • A Secure Model of IoT Using Blockchain
    A Secure Model of IoT Using Blockchain Ahmed Banafa, Lecturer and IoT Expert, College of Engineering, San Jose State University Recorded: Oct 10 2017 49 mins
    As the Internet of Things (IoT) adds more and more devices to the digital fold every day, organizations of all sizes are recognizing the IoT's potential to improve business processes and, ultimately, accelerate growth.

    Meanwhile, the number and variety of IoT solutions has expanded exponentially, creating real challenges. Chief among them: the urgent need for a secure IoT model for performing common tasks such as sensing, processing, storing information, and communicating. But developing such a model involves overcoming numerous hurdles.

    Of course, there are multiple ways of looking at the IoT. For instance, the system view divides the IoT into blocks, such as connected things, gateways, network services, and cloud services, while the business view consists of platform, connectivity, business model, and applications. But one common thread connects all these views: security is paramount

    IoT applications and devices is the next wave of technology, but security is a big concern. This webinar will explain the convergence of IoT and Blockchain technology.

Embed in website or blog