Hi [[ session.user.profile.firstName ]]

(ISC)2 Security Congress

  • Date
  • Rating
  • Views
  • (ISC)² Town Hall - 2017 Security Congress
    (ISC)² Town Hall - 2017 Security Congress David Shearer, CISSP | CEO (ISC)² Recorded: Apr 16 2018 86 mins
    The panel will consist of members from (ISC)² Management and (ISC)² Board of Directors who will be ready to answer any questions that you may have regarding membership, certifications, information security, etc. The meeting is open to member and non-members.
  • DNSSEC, DANE, DPRIVE...Oh My! A Primer on the Critical State of DNS Security
    DNSSEC, DANE, DPRIVE...Oh My! A Primer on the Critical State of DNS Security Dan York, CISSP | DNS Security Program Manager Internet Society Recorded: Mar 22 2018 49 mins
    When was the last time you thought about your Domain Name System (DNS) server? Do you realize DNS is insecure by default? Are you prepared for attacks against your DNS infrastructure? Often a DNS server is set up and then forgotten. You will learn about why you need to be paying attention to this critical core network service. How can DNS Security Extensions (DNSSEC) ensure the integrity of DNS info? How can the DANE protocol add a layer of trust to applications and services using TLS? What is happening with the DPRIVE work to use DNS over TLS? And why should enterprises be concerned?

    This session will explore why you need to pay attention to DNS security for a more trusted and secure internet.

    Learning Objectives:

    • Describe the threats to the security and privacy of DNS servers.
    • Understand and describe the mechanisms to protect DNS, such as DNSSEC, DANE and DPRIVE.
    • List actions to protect attendees' home networks.
  • Hacking the Leadership Code: Surviving and Thriving as a Security Leader
    Hacking the Leadership Code: Surviving and Thriving as a Security Leader Sean Cordero, CISSP,CISA,CRISC,CISM | Senior Executive Director, Optiv Recorded: Mar 21 2018 52 mins
    When security experts are promoted to top leadership positions within their organizations, there often is inadequate time to analyze and jettison the mindsets that worked well as individual contributors but now threaten to undermine their new roles. Often, this drowns out positive changes these leaders hope to see and leaves the security leader gasping to be heard, even though they may be yelling. More of the same will not work. A shift in approach is required.

    This session will provide a firsthand view into what has made some security leaders successful. It will also provide actionable insights for those aspiring to security leadership roles on how to craft a message and an approach that is heard, respected and incites action across the organization.

    Learning Objectives:

    • Identify self-defeating security leadership behaviors which undermine the credibility, resonance and trust needed to drive organizational-wide change; then identify the actions they can take towards addressing their professional gaps.
    • Articulate the differences between a successful security leader and a security expert: How to survive the transition from a security subject matter expert into a person who is now responsible for the success of other professionals, the program and the business
    • Develop a plan of action to improve leadership skills and develop momentum for attendees' security programs in which they become an impactful agent for positive change.
  • 10 Reasons Why Micro-Segmentation and Clouds are Not Secure
    10 Reasons Why Micro-Segmentation and Clouds are Not Secure Predrag "Pez" Zivic, CISSP Recorded: Mar 21 2018 29 mins
    Micro-segmentation and cloud architectures decrease threat landscape by design. However, this smaller threat surface creates a false sense of good security. This presentation will clearly demonstrate 10 security controls that are missing in such architectures. Standard private (OpenStack and NSX) and public cloud architectures (AWS and Azure) with micro-segmentation will be presented and analyzed for 10 security controls that are missing. They include identification, authentication, authorization, vulnerability, anti-virus, advance persistence threat detection, denial of service and data protection, visibility with analytics and security system automation.

    Attendees will learn how to add these 10 controls to micro-segmentation to architect strong security. We'll show how the implementation of most of these controls may be used to set a foundation for zero-trust model implementation.

    Learning Objectives:
    • Learn what security controls are missing in micro-segmentation in private and public cloud implementations
    • Learn how to go about implementing 10 security controls presented
    • Learn how to use these 10 security controls to set a foundation for zero-trust implementation
  • GDPR - What You Need to Know - A Panel Discussion
    GDPR - What You Need to Know - A Panel Discussion Harvey Nusz | Kevin Stoffell | Mariano Benito | Andrew Neal Recorded: Mar 12 2018 62 mins
    The European Union General Data Protection Regulation is a huge culture change for those U.S. companies doing business within the EU or with EU citizens, and those who store these users' data in the United States. And it's coming in less than a year. Join an accomplished panel, including a practitioner from Europe and hear about how to prepare for GDPR, what companies must implement, enforce and measure. We'll also explore compliance controls and how that will change the workforce behavior, while allowing EU citizens access to data.


    Learning Objectives:
    - Understand the major requirements of GDPR, the magnitude, and scope of its differences with U.S. privacy laws (think HIPAA), and truly appreciate the gargantuan task of implementing a cultural change within your workforce to avoid costly fines and breaches.

    - Understand access methodologies and choose the method that fits your needs, as this is key. This new privacy culture will not allow giving read access where a workforce member has no need to access privacy data, and will require obfuscation of privacy data in testing.

    - Learn how best to architect GDPR implementation in your environment, and how to apply architectural principles to maximize effectiveness and minimize unintended consequences.
  • Ignorance: What Does that Event Really Mean?
    Ignorance: What Does that Event Really Mean? Kristy Westphal, Senior Manager, Charles Schwab CISSP, CISA, CRISC, CISM, CIPP/US Recorded: Mar 9 2018 51 mins
    In the worlds of incident response and forensics, we live in the analysis of data. But are our conclusions following a scientific process or just a gut feeling? This talk will explore various cases where the gut feeling wasn't the best way to analyze a security event and the consequences that came from an improper analysis. We'll also explore possible methods that put ego aside and look for the right answers. Critical thinking and scientific processes will be looked at in depth, as well as ways to show organizations that ignorance is not such a bad thing.

    Learning Objectives:
    - Understand why it's important to apply sound processes to incident response, yet also include creative thinking.
    - Understand how to implement critical thinking and scientific methodology to security event analyses.
    - Realize instant value in higher quality security event analyses.
  • Do Containers Fully 'Contain' Security Issues? A Closer Look at Garden & Docker
    Do Containers Fully 'Contain' Security Issues? A Closer Look at Garden & Docker Farshad Abasi, CISSP, Principal Global Security Architect, IT Security Architecture, HSBC Recorded: Mar 9 2018 62 mins
    Container technology has been around in various shapes or forms for some time; however, the recent arrival of Docker, Garden and other providers of a lightweight option to virtualization has put the "container" buzzword on top of most DevOps' toolkits. As usual, what has been overlooked is security and potential issues that can come about as a result.

    This presentation takes a closer look at a few of the more commonly used container technologies today, namely Docker and Warden/Garden, and the associated potential security issues.

    Learning Objectives:
    - Understand what containers are.
    - Be familiar with potential security issues related to containers.
    - Gain knowledge on how to use containers securely in an environment.
  • You Want to Do What with My Cell Phone? Privacy Rights at Border Crossings
    You Want to Do What with My Cell Phone? Privacy Rights at Border Crossings Scott Giordano, Esq, MBA, MS, CISSP Recorded: Feb 19 2018 45 mins
    Imagine the following scenario: You enter (or return to) the United States and border officials demand that you hand over your cell phone and PIN. Or, perhaps you are stopped at a checkpoint or pulled over by law enforcement officials and they make the same demand. Suppose they want all passwords to access your data? Even worse, they want to copy all of your data – can they do that? Demands by law enforcement officials to search mobile devices without a warrant seem to be a daily occurrence. In this session, privacy industry veterans will discuss the legalities of searching cell phones and other mobile devices, including your rights and how you can minimize your exposure.
  • From 10% to 100% Cloud in 3 Years: How (ISC)² is Doing it & Putting Security 1st
    From 10% to 100% Cloud in 3 Years: How (ISC)² is Doing it & Putting Security 1st Wesley Simpson, MSM, COO, (ISC)² Recorded: Jan 16 2018 49 mins
    (ISC)² COO Wesley Simpson, shares the association’s experience as (ISC)² transitions to a 100% cloud-based services model. This interactive discussion explores how (ISC)² decided to go all in with cloud, why the cloud was the best option, how the team ensured its cloud strategy mapped to operational needs, and how security is front and center throughout the entire process. Learn how we are doing it and share your cloud migration experiences. This discussion is for anyone thinking about moving to the cloud, already making the transition or even those who completed a cloud migration but still looking for best practices to apply.
  • Help Wanted! – Addressing the Cybersecurity Skills Shortage
    Help Wanted! – Addressing the Cybersecurity Skills Shortage Gary Beach, Brandon Dunlap, Donald W. Freese, David Shearer, Deidre Diamond Recorded: Jan 15 2018 66 mins
    Panel Moderator: Gary Beach – Author: The U.S. Technology Skills Gap

    Panelist: Brandon Dunlap – Speaker, (ISC)²
    Panelist: Donald W. Freese – Deputy Assistant Director, F.B.I.
    Panelist: David Shearer, CISSP – CEO, (ISC)²
    Panelist: Deidre Diamond – Founder and CEO, CyberSN and #brainbabe

Embed in website or blog