Name: Ransomware in the Wild: Lessons Learned
Start: 2023-09-12T17:00:00Z
End: 2023-09-12T17:01:01.000Z
Location: BrightTALK
Rating: 4.8

ISC2 Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.

Security professionals often focus solely on defense. But what if we viewed cybersecurity as a strategic asset that drives sales and builds customer trust? 

This session on January 27, 2026 at 1:00 p.m. Eastern/10:00 a.m. Pacific will explore the untapped potential of cybersecurity to become a key enabler for revenue generation and enhanced customer relationships. We will delve into practical strategies for proactively integrating security considerations into the sales cycle, leveraging security as competitive differentiators, and effectively communicating your security posture to build unwavering customer confidence. This session will demonstrate how a shift in mindset can position cybersecurity as a vital contributor to business growth while upholding ethical responsibilities in data protection, offering actionable insights for security professionals across all levels.

Cybersecurity: From Cost Center to Competitive Advantage

AI has historically struggled to assist in offensive security due to a critical shortage of real-world training data. This session takes a deep dive into the methodology behind recently published research designed to overcome this limitation through adversarial self-learning. Following up on her popular Security Congress 2025 keynote, researcher Alissa Knight will dissect a novel architecture where an AI teaches itself to hack not by studying past attacks, but by engaging in a continuous, high-stakes war game against itself. Attendees will learn the mechanics of this "survival of the fittest" loop, where two competing agents—one constructing defensive puzzles and the other evolving breaking strategies—force the emergence of increasingly sophisticated API attacks without human intervention. The session will move from research theory to validation with a live demonstration against a banking API using Ares, a prototype implementation of this autonomous framework.

Darwinian Offense: Generative Curricula for Autonomous Red Teaming- a Security Congress Encore

In the first half of 2025, over 16 billion passwords were leaked—highlighting the urgent need for stronger, phishing-resistant authentication methods. Despite growing awareness, many organizations still hesitate to adopt passkeys due to perceived complexity, cost concerns, and a lack of clear guidance, as noted in recent research by the FIDO Alliance and HID.  

On December 11, 2025 at 1:00 p.m. Eastern/10:00 a.m Pacific, Sponsor HID Global and Host ISC2 share practical, field-tested insights into accelerating enterprise passkey adoption. Learn how to: 

* Navigate common deployment challenges  

* Align authentication strategies with evolving security goals  

* Drive user adoption and organizational buy-in  

Join us to stay ahead of the passwordless curve and prepare your enterprise for a more secure, streamlined authentication future in 2026.

5 Key Learnings from the Frontlines: Enterprise Passkey Deployment Realities in 2026

Approximately $350 million in preventable losses stem from polymorphic malware, malicious software that constantly changes its code to evade detection. With 18% of new malware using adaptive techniques that challenge traditional defenses, now is the time to enhance your organization's security posture. 

Join us December 9, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific for this webinar where Sponsor, KnowBe4 and Host, ISC2 share valuable insights and proactive strategies to strengthen your security framework against sophisticated attacks.

 In this session, you'll discover: 
- Enhanced detection strategies that go beyond traditional signature-based approaches to identify polymorphic threats before they impact your systems 
- Proactive defense frameworks specifically designed to counter the most sophisticated shape-shifting malware 
- Success stories from organizations that effectively neutralized advanced threats through strategic security improvements
 - Communication templates for building stakeholder support for security enhancements 
- Practical implementation roadmaps to strengthen your security posture against adaptive threats drawing from real-world scenarios and emerging threat intelligence, 
 You'll leave with a practical toolkit of strategies you can be implemented immediately to enhance your organization's resilience.

The Invisible Threat: How Polymorphic Malware is Outsmarting Your Email Security

Preparing for the post-quantum era requires more than awareness - it demands a modern cryptographic foundation built for agility, visibility, and compliance. Organizations must be able to discover and manage their cryptographic assets, modernize and consolidate their infrastructure, and confidently test and implement post-quantum cryptography (PQC).

On December 2, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific, Sponsor Entrust and host ISC2 explore practical steps for aligning your PQC readiness journey with execution - including cryptographic asset management, PKI, and HSMs. We’ll discuss how crypto discovery, agility, and modernization strategies - supported by automation, compliance management, and integrated visibility - can help organizations strengthen security now and through migration. 

Join us to learn how you can move from planning to deploying PQC, building a tech stack ready to secure your organization against quantum threats today and tomorrow.

Building a Post-Quantum Tech Stack: From Readiness to Implementation

AI-driven SOCs promise efficiency gains, but how much automation is too much? While AI-powered security tools enhance SIEM, SOAR, and threat detection, adversaries are exploiting automation blind spots, manipulating AI models, and evading AI-driven defenses.

This session dissects real-world adversarial AI attacks, including a case study on Microsoft Copilot’s AI vulnerabilities—where attackers exploited indirect prompt injection and adversarial inputs to manipulate security workflows.

Attendees will learn how AI can be both a force multiplier and a security risk, gaining:
- An understanding of how attackers bypass AI-powered security automation
- A breakdown of adversarial AI tactics and AI-specific SOC vulnerabilities
- A hybrid AI-human SOC model that reduces false positives while maintaining resilience

This session offers a practical roadmap to securely integrate AI in SOC operations without increasing attack surfaces.

AI-Powered SOCs: Automate Smarter, Defend Better

The cybersecurity landscape is evolving rapidly. As cyberthreats grow in complexity, organizations must stay ahead of the curve by anticipating what’s next. So, what’s in store for our industry in the coming year?

Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he recaps the good, the bad, and the ugly cybersecurity events of 2025 and shares his top five cybersecurity predictions for 2026. This webinar provides a forward-looking perspective, equipping attendees with the insights and strategies needed to stay ahead of emerging threats and capitalize on new opportunities.

The Road Ahead: Top Five Cybersecurity Predictions for 2026

The surge in generative AI and increasingly sophisticated social engineering tactics has given cybercriminals powerful new tools to exploit human vulnerabilities—especially through email. These attacks are no longer just technical; they’re psychological, targeting your employees to gain access, steal data, and inflict financial and reputational damage. 
Join sponsor, Proofpoint and host, ISC2 on October 21, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific for a live 60-minute webinar. During this session we’ll explore actionable approaches for strengthening your human firewall. Discover how to empower your workforce, reduce risk, and build a resilient defense against today’s AI-enhanced threats. Don’t miss it!

How to Modernize Threat Protection in the Age of AI

What does it mean to treat cybersecurity as a true profession—not just a discipline? This session challenges practitioners, leaders, and hiring managers to rethink professional standards in cyber, highlighting the role of credentialing, clear career pathways, and people-centric leadership in retaining and growing talent. Speakers will explore how human factors such as stress and burnout can impact performance, and why self-awareness, empathy, and communication are essential leadership skills in today’s environment. Drawing from workforce insights and neuroscience, this session helps attendees understand how to position themselves for advancement—by building a foundation of professional efficacy, emotional insight, and resilience.

From Technicians to Professionals: The Duty of Care in Cybersecurity (#2)

New to the security industry? Or thinking about transitioning into an information security role? If so, this webinar is for you. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he provides a one-hour ‘crash course’ on the entire security industry, including:

- Size and growth of the security industry
- Useful vocabulary terms and buzz words
- Five types of cyberthreat actors 
- Modern cyberthreats and tactics
- Categories of security defenses
- Common security job roles
- Security industry ecosystem

Security Industry 101: What Every Newcomer Needs to Know

We’re already into Cybersecurity Awareness Month and that may have you asking: How do you turn mandatory security awareness into a fun and engaging campaign that actually reduces human risk and keeps momentum going for months to come? 

On Tuesday, October 14, 2025 at 1:00 p.m., Eastern/10:00 a.m. Pacific join sponsor KnowBe4 and host ISC2 to discover how to leverage engaging campaign ideas.  This webinar will include KnowBe4's free ready-to-use kit, to run a complete themed campaign all year long. We've done the heavy lifting so you can focus on what matters most: building a stronger security culture that lasts. 

 In this fun and practical session, you'll learn:  
-How to explain cyber threats to users in ways they can relate to and understand in their daily work  
-Real examples and creative campaign ideas showing how admins have created wildly successful cybersecurity awareness campaigns  
-Simple gamification techniques that transform passive learning into competitive fun  
-How to select the right training modules that entertain while they educate and why it matters 
-How to maintain momentum and engagement long after Cybersecurity Awareness Month ends 

 Join us to get practical tools and creative ideas that will make your Cybersecurity Awareness Month campaign the talk of the organization while dramatically reducing your human risk.

Level Up Your Strategies in Cybersecurity Awareness Month and Beyond!

Making the move from military or government roles to the civilian cybersecurity workforce can feel like a big shift. The good news: your discipline, leadership, and technical expertise are in high demand — if you know how to showcase them. 
That’s where ISC2 comes in. Join us for an exclusive webinar featuring two of our own accomplished veterans: 
·         Timothy Campo – Former Navy Information Warfare Naval Officer, now leading Security and Technical Operations at ISC2. 
·         William Orr – USMC veteran and current ISC2 Standards Development Manager. 
Together, they’ll share first-hand insights on: 
·         Translating your military experience into language that resonates with employers. 
·         Leveraging your transferable skills to stand out in the corporate world. 
·         Unlocking the career growth, flexibility, and opportunities unique to civilian cybersecurity. 
Don’t miss this chance to gain practical tools, resources, and insider advice to position yourself for success — and land your next role with confidence.

Ready to Launch Your Cybersecurity Career After Military or Government Service?

Cybersecurity professionals are under more pressure than ever—with 90% of teams reporting skills gaps, 67% facing staffing shortages, and burnout rising across roles. In this opening session, we reveal the latest workforce data from ISC2, CyberSN and Cybermindz to unpack the human and operational impacts of today’s talent crisis. Speakers will explore how stress, role ambiguity, and unsustainable workloads are accelerating risk—both personal and organizational—and introduce the concept of mental resilience as an essential component of operational readiness. Attendees will gain insights into identifying burnout risks in themselves and their teams, along with practical guidance for setting healthier boundaries at work.

The Workforce Under Pressure: Burnout, Skills Gaps and Organizational Risk (#1)

Security teams are tasked with managing a growing number of risks in the cloud, but not every issue poses the same level of threat. Runtime observability helps distinguish what’s truly critical by showing which vulnerabilities, services, and exposures are active in production. To be effective, this visibility must extend across architectures, from VMs and containers to on-prem infrastructure.

This session sponsored by Wiz and hosted by ISC2 on September 25, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific, will explore how runtime insights such as vulnerability validation, API security, network mapping, and host configuration checks can be combined into a unified view. Attendees will learn how this observability-driven approach enables smarter prioritization, supports compliance goals, and improves the impact of security investments.

Runtime Observability: The Missing Link in Modern Cloud Security

As AI reshapes job functions and workflows across cybersecurity, professionals face new questions: Which roles will grow or disappear? What skills will matter most? And how can we stay resilient amid constant change? In this forward-looking session, we explore ISC2 data on AI’s workforce impact alongside real-world insights from hiring trends and resilience research. Speakers will discuss how to prepare for the evolving landscape—from emerging AI-related security roles to the enduring value of human skills like judgment, adaptability, and emotional regulation. Attendees will leave with a clearer view of how to future-proof their careers—and their well-being—in an AI-driven world.

Securing the Future: AI, Resilience, and Evolving Cyber Roles (#3)

The rise of artificial intelligence in cybersecurity is both a blessing and a curse. AI is redefining the cybersecurity battlefield, offering unprecedented advantages for security teams and threat actors.

Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he explores AI’s transformative impact on the IT security industry. On the defense side, AI is revolutionizing threat detection, automating incident response, and predicting vulnerabilities before they’re exploited. However, threat actors are also leveraging AI to enhance phishing attacks, create evasive malware, and orchestrate sophisticated social engineering campaigns. 

This webinar provides a balanced view of AI’s dual role in cybersecurity, showcasing both the opportunities and challenges it presents. Gain insights into how IT security teams can adopt AI to stay ahead, while understanding how adversaries may use it to their advantage. With expert commentary and real-world examples, this session equips attendees with the knowledge to navigate AI’s impact on the evolving threat landscape.

From Shield to Spear: How AI is Reshaping Cyber Defense and Offense

We started with a simple question: what do modern attackers do? After analyzing over 700,000 security incidents, one technique was almost universally present: a staggering 84% of major attacks incorporated Living Off The Land (LOTL) tactics, using the same native tools and utilities your administrators use every day. If the tools are the same, how do you tell an attacker from a user? To find out, we turned our focus to legitimate usage data. By comparing this legitimate activity side-by-side with the malicious activity, we found quite a lot of interesting patterns.  

Join the Bitdefender team and ISC2 at 1:00 p.m. Eastern/10:00 a.m. Pacific on September 16, 2025 to get actionable insights from real-world attacks to better detect threats hiding in plain sight.

Navigating Malware-Free Attacks

ISC2 Security Congress 2025 is right around the corner, and we’re so excited about this year’s speaker line-up that we decided to bring a sample of this year’s content to you early! 
 
Join three of our esteemed conference speakers as they preview their upcoming presentations, all of which relate to aligning cybersecurity strategy with business needs. By joining this webinar you’ll get a snapshot of session content, which includes the following presentations:
·        Building Robust Enterprise-wide Business Information Security Officer (BISO) Programs: Key Elements for Success

·        Cybersecurity: From Cost Center to Competitive Advantage

·        Drop-Shipping a New Security Department into a Multibillion-Dollar Company

Join us live Sept. 11, 2025 at 1:00 p.m. Eastern/10:00 a.m.Pacific to be among the first to gain valuable insights into these sessions, plus have an opportunity to as your questions.
 
Like what you see? Register for ISC2 Security Congress 2025 to unlock access to even more great content this October:  https://web.cvent.com/event/00885cdc-a7ef-4682-81d1-77950c2f3d07/websitePage:e3e1427f-5c48-423a-a0e5-60dcec1c4363?RefId=Attend&utm_campaign=GBL-SecurityCongress&utm_content=congress&utm_medium=bannerep&utm_source=isc2web&utm_term=eventpage

Your Sneak Peek into Cybersecurity and Business Alignment at ISC2 Security Congress 2025- #3

Materiality is a focus point of the SEC’s new cybersecurity incident reporting rule.  There are clear definitions of what material looks like in finance terms - to your CFO and CEO.  What does material mean in cybersecurity?   

Our panel of experts will discuss steps you can take to define what is material to the cybersecurity of your organization in terms the board of directors and C-suite will understand – and comply with the new rules. 

Join us November 7, 2023 at 1:00 p.m. Eastern/10:00 a.m. Pacific as our panel of experts discusses this hot topic.

Living In an SEC Material World

Changes in how we build, run and secure information systems have also changed how we look at authentication and access control. The emerging concept of identity is transforming the ways that humans and non-human actors alike make use of data and compute power. At the same time, organizations’ focus on identity also means that it has become a focus for attackers. To assess the ways that old and new attacks are targeting digital identities, F5 Labs is presenting findings from our 2023 Identity Threat Report: The Unpatchables. 

In a follow-up to the September session on credential stuffing, this talk will focus on phishing and multi-factor authentication bypass techniques. As phishing has grown over the last several years, its tools and tactics have transformed. We will identify which organizations are most targeted and explore recent developments that make it harder to spot and trickier to mitigate, using a combination of Dark Web intelligence and quantitative methods. 

This talk on October 19, 2023 at 1:00 p.m. Eastern/10:00 a.m. Pacific will cover recent developments in attacker approaches to circumvent multi-factor authentication, what these developments mean for defenders, and which forms of MFA are able to resist the new approaches.

Findings From the 2023 Identity Threat Report, Pt 2: Phishing & MFA Bypass

Artificial intelligence developers have made huge strides in recent months, transforming a wide variety of human endeavors. Unfortunately, that includes ransomware. Attend this webinar and get expert insights and forecasts about the trends we can expect to see as ransomware—already a significant and costly threat—gains new, AI-based capabilities, including: 
- Extreme customization of phishing, smishing, and email attacks 
- Relentless, automated attacks that could make current security strategies obsolete 
- Extreme optimization of attacks, from finding vulnerabilities to ransom negotiations 

Plus, see how you can fight back against the coming wave of threats using advanced strategies that incorporate AI. Like all technologies, AI can be used for good or ill. Attend this important webinar to understand how both threats and defensive strategies are being transformed by the AI revolution.

Presenter: Fleming Shi, Chief Technology Officer, Barracuda Networks AND Anastasia Hurley, Principal Product Marketing Manager, Barracuda Networks
Moderator: Yohanna Kho, CISSP

This Changes Everything: Ransomware in the Age of Artificial Intelligence

Despite the growing awareness of ransomware threats and an availability of numerous tools, the Asia Pacific and Japan (APJ) region continues to witness a significant rise in victim companies. In the latest State of the Internet report, Akamai’s threat researchers meticulously examine the evolving ransomware landscape. Gain deep insights into the ‘who, what, and how’ aspects, especially concerning APJ, alongside Reuben Koh, a contributor to the report. 

Join us for this session to understand: 
- The evolving tactics and prominent trends in ransomware 
- Which ransomware operators are currently dominating the scene in APJ 
- Which industries are bearing the brunt of these attacks 
- The most potent attack techniques employed 
- How to better defend against ransomware

Presenter: Reuben Koh, Director, Security Technology and Strategy, APJ, Akamai
Moderator: Emily Kong, CISSP, CCSP

What’s Changing in Ransomware for Asia Pacific: Who, What and How?

Since its inception, the malware loader known as BumbleBee has been involved in numerous cyberattacks, delivering harmful payloads from known malware families.  It has consistently showcased its ability to evolve and resist detection - a clear signal that its development is far from over. This makes BumbleBee an interesting and important object of research. To protect itself against manual as well as automated analysis, BumbleBee uses various techniques to detect isolated analysis environments. Most of this logic is taken from an open-source sandbox detection project.
 
Join VMRay and (ISC)2 on 27 July 2023 at 1 p.m. BST to hear insights into BumbleBee's modus operandi, focusing on its unique sandbox detection techniques. We’ll provide an in-depth analysis, discuss its trajectory, and outline a path forward for security teams.

Busy Bees- The Transformation of Malicious Loader BumbleBee

As organisations continue the push to Zero Trust, we’ve all got some Trust issues to work on. The best thing to do is get it all out in the open and don’t let your relationship with your networks get toxic. Moving to Zero Trust requires a good foundation that your organization can build trust on.

On 6 July 2023 join Corelight and (ISC)2 at 1:00 p.m. BST as we discuss how security teams can use network visibility to resolve trust issues in Zero Trust deployment and lay the groundwork for the future.

I Have Trust Issues & So Does My CISO

Top-Rated Sponsored Webinars from Second Half of 2023

The ransomware scourge continues to plague the cybersecurity industry. To help ensure you and your company are better prepared, we will share insights and lessons learned from ransomware case studies. 

In this session, on September 12, 2023 at 1:00 p.m./ 10:00 a.m. Pacific IANS and (ISC)2 will lead you through: 

• What went right (and wrong) in these examples and how best to incorporate that experience into your defenses and program 
• Threat actor behavior and how to take advantage of their internal processes to thwart them 
• TTPs used in various ransomware operations  
• Alert monitoring – from investigating to remediating  
• The reality and best practices around backups and recovery

Ransomware in the Wild: Lessons Learned

(ISC)2

ISC2

CISSP

Information Security

Cyber Security

Ransomware

CIEM

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Ransomware in the Wild: Lessons Learned

Presented by

About this talk

ISC2 Security Briefings