August 2020 Summit #3: Technical Blue Print for Data Protection
This session will lay out the technical blue print to achieve data protection success. Discover why Forcepoint is a 9x Gartner MQ Leader for DLP. Forcepoint Dynamic Data Protection can allow your organization to prioritize high-risk activity and automate policies to protect data in near real-time, providing the highest security & workforce productivity. During this final session to the Path to Smart Data Protection learn how Forcepoint can help your organization:
• Profile high-risk activity based on data incidents, data models and endpoint collector events
• Dynamically allocate individual risk scores based on a person’s behavior and the value of the data they access
• Apply automated controls to any interactions with sensitive data based on individual risk level.
RecordedJan 13 202144 mins
Your place is confirmed, we'll send you email reminders
Steve Piper, CISSP, Founder & CEO, CyberEdge Group
This year was particularly challenging for IT security professionals. For a short while, we thought we finally had this pandemic kicked. Then the Delta variant came along, further extending the work-from-home movement and its associated cybersecurity risks. Meanwhile, we saw record-setting ransomware attacks, including high-profile attacks on critical infrastructure, while the shortage of IT security talent worsened. On a brighter note, we saw increased adoption of promising security technologies, such as zero trust network access (ZTNA) and secure access service edge (SASE).
So, what does next year have in store for the cybersecurity industry? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he shares his top five cybersecurity predictions for 2022.
Cloud is an intrinsic part of our everyday lives both personally and professionally. With more organizations running vital business functions in the cloud, the demand for cloud security professionals has never been higher.
(ISC)2 interviewed about 50 Certified Cloud Security Professionals (CCSPs) who achieved this credential mid or later in their careers and asked them why they chose to add the CCSP to their skillset and the benefits they experienced as a result. And we want to share their answers with YOU!
Join our live panel of distinguished CCSPs and host Brandon Dunlap on Wednesday, December 8th at 1pm EST to find out why our panelists and thousands of others have pursued the CCSP credential.
Accelerate Your Career in Cloud Security – with CCSP
A common challenge experienced by security practitioners is communicating with business leaders, from the C-suite to the board. In this presentation, Eoin Hinchy, a former security leader and now CEO of the award-winning, fast-growing start-up, Tines, will share the lessons he's learned transitioning from a security practitioner role to that of a business leader. Join Tines and (ISC)2 on November 30, 2021 at 1:00 p.m. Eastern for insights on to balance security risk with the other requirements of the business. Attendees will come away with tips on how best to engage the business leaders in their companies.
Taking the step toward earning the (ISC)² Certified Cloud Security Professional (CCSP) credential puts you on a path to excel as an expert in cloud security. CCSP empowers individuals and organizations with the highest level of mastery in cloud security.
But how do you get started? How do you prepare? And why…what tangible benefits will you gain? Join (ISC)² for a panel discussion as industry professionals share their stories, experience and tips toward preparing for the Certified Cloud Security Professional certification. Areas for discussion will include:
- Why you should consider CCSP
- How to prepare for CCSP
- How CCSP can accelerate your career progression
Matt Chiodi, Chief Security Officers of Public Cloud, Palo Alto Networks; Brandon Dunlap, Moderator
Palo Alto Networks Unit 42 cloud threat researchers wanted to understand how supply chain attacks occur in the cloud native applications. To gain insight into this growing threat, they analyzed data from a variety of public data sources around the world. Additionally, they executed a red team exercise at the request of a large SaaS provider against their cloud-based software development environment. Unit 42’s findings indicate that many organizations are still have a long way to go in achieving supply chain security in the cloud. Join Palo Alto Network and (ISC)2 on November 16, 2021 at 1:00p.m. Eastern for the Unit 42 Cloud Threat Report and how supply chain attacks in the cloud can occur and provide actionable recommendations organizations can adopt to protect their cloud native supply chains.
Srikrupa Srivatsan, Director, Product Marketing, Infoblox; Brandon Dunlap, Moderator
With hybrid workplaces now the new norm and supply chain attacks on the rise, there’s an increased exposure to cyber-attacks, which can cause substantial disruption to any organization or industry. This increased exposure is forcing companies to not only invest and improve their own cybersecurity posture, but also manage third party risk and protect against cyber risks with cyber insurance. Certain best practices and technologies help reduce your risk and improve your security score while helping to keep insurance premium costs low. DNS security is one such approach that provides extended visibility, protection and security automation to improve a company’s security posture.
Join Infoblox and (ISC)2 November 11th, at 1 p.m., ET/ 10 a.m. PT for this webinar to learn more about:
o Why organizations invest in cyber insurance
o Getting the most out of cyber insurance
o How DNS security improves security scores and reduces cyber insurance premiums
Steve Piper, CISSP, Founder & CEO, CyberEdge Group
Recruiting and retaining qualified IT security talent has never been more challenging. Nearly nine in 10 organizations are experiencing a shortfall, according to CyberEdge’s 2021 Cyberthreat Defense Report. That’s up from eight in 10 organizations just three years ago. This weighs heavily on the minds of IT security managers as ‘lack of skilled personnel’ is consistently rated as one of the top inhibitors to successfully defending networks against cyberthreats. So, what can organizations do to mitigate the effects of this talent shortage? Well, if you’re willing to ‘think outside the box,’ there is hope. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he:
Examines the shortage of IT security personnel by job role
Proposes creative ways for recruiting new security talent
Suggests clever ways for retaining the talent you already have
Identifies technologies that enable security teams to do more with less
Adesoji Ogunjobii, CISSP-ISSAP, CCSP, Chris Clinton, CISSP, Samana Haider, CISSP, Tiffany Temple, CISSP, SSCP
The future is created by what you do today. Oftentimes we don’t feel we are ready to take what seems like a big step forward. But we want to show you why now is the best time to make that first step on your CISSP journey.
People from all walks of life, of various generation, from every industry and with different lifestyles have all succeeded in their mission to achieve the CISSP. Through this webinar our panel of CISSPs want to share the different paths you can take to achieve the CISSP and the benefits that the CISSP brings to your career.
Join our live panel of distinguished CISSPs and host Brandon Dunlap on Tuesday, November 9th at 1pm ET to take that first step on the ladder to harnessing the CISSP credential. Stronger cybersecurity starts with CISSP!
Sander Vinberg, Threat Research Evangelist, F5 Labs; Brandon Dunlap, Moderator
F5 Labs, one of F5 Networks’ information security research teams, publishes the Application Protection Report to help bridge the divide between tactics and strategy in information security. Join F5 Labs and (ISC)2 on November 4, 2021 at 1:00p.m. Eastern as we will share the findings from the 2021 Application Protection Report, which covers the explosion of ransomware in 2021, formjacking attacks such as Magecart, API security, and cloud misconfigurations, among others. We will wrap up by recommending mitigations for the most frequently observed attack vectors, as well as some strategic insights on the direction of information security as a whole.
Roger Grimes, Data-Driven Defense Evangelist, KnowBe4; Brandon Dunlap, Moderator
Everyone knows that multi-factor authentication (MFA) is more secure than a simple login name and password, but too many people think that MFA is a perfect, unhackable solution. It isn't! Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, and (ISC)2 on October 28, 2021 at 1:00 p.m. Eastern/10:00 a.m. Pacific as he explores the many ways hackers can and do get around your favorite MFA solution. This webinar includes a (pre-filmed) hacking demo by KnowBe4's Chief Hacking Officer Kevin Mitnick, and real-life successful examples of every attack type. It will end by telling you how to better defend your MFA solution so that you get maximum benefit and security. We’ll also examine the good and bad of MFA and how to become a better computer security defender in the process, including:
· Ways hackers get around multi-factor authentication
· How to defend your multi-factor authentication solution
· The role humans play in a blended-defense strategy
Jonathan Kilgannon, Cathy Marsh and Mirtha Collins
Building a strong cybersecurity team takes grit. The best results don’t always come at the first pass. When BT, a world-leading communications provider headquartered in London with offices globally, tasked CSIRT Training Specialist Jonathan Kilgannon with raising the bar for success among the company’s CISSP candidates, he delivered. Average exam pass rates jumped to 90% percent — a 40% increase — following the changes he implemented in the training process. Find out how identifying the right candidates, preparing them in advance and (ISC)2 Official In-Person Team Training made all the difference.
Clar Rosso, Zachary Tudor, Lori Ross O'Neil and Dr. Casey Marks
Join us for (ISC)2 Security Congress Town Hall to learn what’s next for (ISC)2 and hear directly from members of the Board of Directors.
CEO Clar Rosso will provide a strategic update for our association, including recent accomplishments and milestones, as well as what members can expect in 2022 and beyond.
Then, a panel consisting of (ISC)² Board members and management will answer members’ questions about the association, membership, certifications, workforce trends and other cybersecurity issues and challenges facing the profession.
Town Hall is open to (ISC)2 members and associates, as well as all Security Congress attendees.
Clar Rosso, CEO, (ISC)2
Zachary Tudor, CISSP, Board of Directors Chairperson
Lori Ross O'Neil, CISSP Board of Directors Vice Chairperson
Dr. Casey Marks, Chief Qualifications Officer, (ISC)2
Steve Piper, CISSP, Founder & CEO, CyberEdge Group
Zero trust network access (ZTNA) has been one of the most widely discussed and debated security technology categories in recent years. While most enterprise IT security teams have already started drinking the zero trust Kool-Aid, there are still some skeptics who are hesitant to embrace zero trust architectures for a variety of reasons. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he debunks five common zero trust security myths so you can distinguish between fact and fiction.
Chris Alden, Senior Sales Manager, Synology; Brandon Dunlap, Moderator
During 2020, the worldwide shift to remote work led to a staggering rise in cybercrime, as criminals targeted gaps in previously secure on-site networks. With over 50% of employers expecting to keep employees working remotely, and payments for a ransomware attacks averaging $100,000, businesses must work proactively to protect their data. It is essential for business to have an effective plan in place to protect at-risk systems, detect and mitigate ransomware attacks in real time, and quickly restore affected systems. Join Synology and (ISC)2 on September 28, 2021 at 1:00 p.m. Eastern/10:00 a.m. as we discuss actionable strategies for ransomware preparedness and look at real-world examples and case studies.
Key takeaways include:
Actionable ransomware preparedness tips
Protecting PC data and the elements of a robust ransomware recovery plan
Why and how to backup Microsoft 365 & Google Workspace data
Setting up remote backup to a secondary server or cloud
Aqua Security and ESG Research have partnered to survey and understand how organizations go about addressing challenges of security cloud native applications. With multiple stakeholders across engineering, DevOps, cloud, security and compliance teams, and competing priorities for addressing security pain points, many organizations are either stopping short of fully implementing the needed processes and tools, or conversely fail because they try to do too much at once. Join Aqua Security, ESG Research and (ISC)2 on September 23, 2021 at 1:00 p.m. Eastern/10:00 a.m. Pacific as we review some of the key considerations as well as benchmark results from our survey to date.
When you tell people you’re thinking about CISSP, you’ve probably been told:
• CISSP is globally renowned - those holding it are highly sought-after.
• Achieving certification means you get paid more.
• CISSP is HARD to earn.
• It’s a LONG exam.
But what you probably haven’t heard are the unexpected surprises along the way CISSPs never imagined in their certification journey. For example, learning that CISSP is a broad certification that focuses on governance: Do you understand the technology? The people? The management?
Join us for a panel discussion as CISSP-certified members share their personal stories and the unanticipated ways certification continues to benefit their careers. After all is said, you’ll be amazed at what CISSP can do for you in your professional growth and career.
Hear expert insights from: AJ Yawn, Jerome Leach and Angus Macrae
Ronald Eddings & Chris Cochran, Hosts, Hacker Valley Studio Podcast; Brandon Dunlap, Moderator
As IT and security teams struggle to manage a complex sprawl of devices, users, cloud services, and software, there's one certainty we can rely on (thanks to the second law of thermodynamics): things will only get more complex.
But there's good news.
What we previously thought of as "asset management" has evolved. Today, we have “asset intelligence”, which moves from a spreadsheet approach — focused on getting an inventory of devices — to an API-driven, always up-to-date way of seeing all assets through integrations of existing tools, data correlation at scale, and querying capabilities to find and respond to gaps. Join Axonious and (ISC)2 on September 16, 2021 at 1:00 p.m. Eastern/10:00 a.m. Pacific and hear from Ronald Eddings and Chris Cochran, producers and hosts of the Hacker Valley Studio Podcast and learn how this new approach to asset intelligence and the emerging Cyber Asset Attack Surface Management (CAASM) category helps IT and security teams improve security hygiene, reduce manual work, and remediate gaps.
The U.S. Department of Defense (DoD) Directive 8570.1 requires every full- and part-time military service member, defense contractor, civilian and foreign employee with "privileged access" to a DoD system — regardless of job series or occupational specialty — to get an approved IA baseline certification. Which certifications are the right fit for your team?
Government agencies have trusted (ISC)² to train and certify their cybersecurity personnel for more than two decades. With the recent addition of (ISC)2 Certified Cloud Security Professional (CCSP) and HealthCare Information Security and Privacy Practitioner (HCISPP) certifications, the entire portfolio of (ISC)² certifications now meet the requirements for different security workforce categories within the Department, depending on the functional area the role covers. Discussion topics include:
• How to Become DoD 8570 Compliant
• (ISC)2 Certifications Overview: IA Baseline Certification Requirements
• How to Maximize Your Training and Certification Budget
• Keep Your Team’s Cybersecurity Skills Sharp
Be prepared for 45 minutes well-spent and discover how (ISC)2 can help you train and certify your team to become DoD 8570 compliant.
Mark Sangster, V.P. and Industry Security Strategist, eSentire; Brandon Dunlap, Moderator
The majority of crippling cyberattacks begin with a simple phishing email. And while most companies provide some form of annual training, they focus on overly simplistic lures taken from public events that fail to represent the real danger of targeted criminal campaigns. Join eSentire and (ISC)2 on September 14, 2021 at 1:00 p.m. Eastern/10:00 a.m. Pacific as they explore how to build a comprehensive training and testing program that leverages realistic threat scenarios to foster context-relevant security awareness that drives behavioral change:
· Use risk management data and accurate phishing lures to build comprehensive awareness training
· Maximize your resources and programs to increase return on investment
· Conduct testing that improves resilience
· Meet regulatory requirements and demonstrate program success to your leadership
Steve Piper, CISSP, Founder & CEO, CyberEdge Group
Colonial Pipeline, CNA Financial, JBS Foods, Garmin, and Travelex. All victimized by high-profile ransomware attacks. All paid ransoms. Did these companies do the right thing by paying ransoms to accelerate data and system recovery? Or are they merely funding the ransomware industry and prompting even more attacks? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews key findings from CyberEdge’s 2021 Cyberthreat Defense Report. In this webinar, Steve will:
- Examine disturbing ransomware trends, by country and by industry
- Evaluate key factors that go into deciding whether to pay ransoms
- Outline ways to be prepared for a successful ransomware attack
- Review technologies to help give security teams the upper hand
(ISC)² Security Briefings - In-depth examination of infosec topics.
(ISC)² Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.