Name: Beyond the SBOM: What Real Software Supply Chain Security Looks Like
Start: 2025-07-31T17:00:00Z
End: 2025-07-31T17:00:30.000Z
Location: BrightTALK
Rating: 4.6

ISC2 Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.

Security professionals often focus solely on defense. But what if we viewed cybersecurity as a strategic asset that drives sales and builds customer trust? 

This session on January 27, 2026 at 1:00 p.m. Eastern/10:00 a.m. Pacific will explore the untapped potential of cybersecurity to become a key enabler for revenue generation and enhanced customer relationships. We will delve into practical strategies for proactively integrating security considerations into the sales cycle, leveraging security as competitive differentiators, and effectively communicating your security posture to build unwavering customer confidence. This session will demonstrate how a shift in mindset can position cybersecurity as a vital contributor to business growth while upholding ethical responsibilities in data protection, offering actionable insights for security professionals across all levels.

Cybersecurity: From Cost Center to Competitive Advantage

AI has historically struggled to assist in offensive security due to a critical shortage of real-world training data. This session takes a deep dive into the methodology behind recently published research designed to overcome this limitation through adversarial self-learning. Following up on her popular Security Congress 2025 keynote, researcher Alissa Knight will dissect a novel architecture where an AI teaches itself to hack not by studying past attacks, but by engaging in a continuous, high-stakes war game against itself. Attendees will learn the mechanics of this "survival of the fittest" loop, where two competing agents—one constructing defensive puzzles and the other evolving breaking strategies—force the emergence of increasingly sophisticated API attacks without human intervention. The session will move from research theory to validation with a live demonstration against a banking API using Ares, a prototype implementation of this autonomous framework.

Darwinian Offense: Generative Curricula for Autonomous Red Teaming- a Security Congress Encore

In the first half of 2025, over 16 billion passwords were leaked—highlighting the urgent need for stronger, phishing-resistant authentication methods. Despite growing awareness, many organizations still hesitate to adopt passkeys due to perceived complexity, cost concerns, and a lack of clear guidance, as noted in recent research by the FIDO Alliance and HID.  

On December 11, 2025 at 1:00 p.m. Eastern/10:00 a.m Pacific, Sponsor HID Global and Host ISC2 share practical, field-tested insights into accelerating enterprise passkey adoption. Learn how to: 

* Navigate common deployment challenges  

* Align authentication strategies with evolving security goals  

* Drive user adoption and organizational buy-in  

Join us to stay ahead of the passwordless curve and prepare your enterprise for a more secure, streamlined authentication future in 2026.

5 Key Learnings from the Frontlines: Enterprise Passkey Deployment Realities in 2026

Approximately $350 million in preventable losses stem from polymorphic malware, malicious software that constantly changes its code to evade detection. With 18% of new malware using adaptive techniques that challenge traditional defenses, now is the time to enhance your organization's security posture. 

Join us December 9, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific for this webinar where Sponsor, KnowBe4 and Host, ISC2 share valuable insights and proactive strategies to strengthen your security framework against sophisticated attacks.

 In this session, you'll discover: 
- Enhanced detection strategies that go beyond traditional signature-based approaches to identify polymorphic threats before they impact your systems 
- Proactive defense frameworks specifically designed to counter the most sophisticated shape-shifting malware 
- Success stories from organizations that effectively neutralized advanced threats through strategic security improvements
 - Communication templates for building stakeholder support for security enhancements 
- Practical implementation roadmaps to strengthen your security posture against adaptive threats drawing from real-world scenarios and emerging threat intelligence, 
 You'll leave with a practical toolkit of strategies you can be implemented immediately to enhance your organization's resilience.

The Invisible Threat: How Polymorphic Malware is Outsmarting Your Email Security

Preparing for the post-quantum era requires more than awareness - it demands a modern cryptographic foundation built for agility, visibility, and compliance. Organizations must be able to discover and manage their cryptographic assets, modernize and consolidate their infrastructure, and confidently test and implement post-quantum cryptography (PQC).

On December 2, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific, Sponsor Entrust and host ISC2 explore practical steps for aligning your PQC readiness journey with execution - including cryptographic asset management, PKI, and HSMs. We’ll discuss how crypto discovery, agility, and modernization strategies - supported by automation, compliance management, and integrated visibility - can help organizations strengthen security now and through migration. 

Join us to learn how you can move from planning to deploying PQC, building a tech stack ready to secure your organization against quantum threats today and tomorrow.

Building a Post-Quantum Tech Stack: From Readiness to Implementation

AI-driven SOCs promise efficiency gains, but how much automation is too much? While AI-powered security tools enhance SIEM, SOAR, and threat detection, adversaries are exploiting automation blind spots, manipulating AI models, and evading AI-driven defenses.

This session dissects real-world adversarial AI attacks, including a case study on Microsoft Copilot’s AI vulnerabilities—where attackers exploited indirect prompt injection and adversarial inputs to manipulate security workflows.

Attendees will learn how AI can be both a force multiplier and a security risk, gaining:
- An understanding of how attackers bypass AI-powered security automation
- A breakdown of adversarial AI tactics and AI-specific SOC vulnerabilities
- A hybrid AI-human SOC model that reduces false positives while maintaining resilience

This session offers a practical roadmap to securely integrate AI in SOC operations without increasing attack surfaces.

AI-Powered SOCs: Automate Smarter, Defend Better

The cybersecurity landscape is evolving rapidly. As cyberthreats grow in complexity, organizations must stay ahead of the curve by anticipating what’s next. So, what’s in store for our industry in the coming year?

Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he recaps the good, the bad, and the ugly cybersecurity events of 2025 and shares his top five cybersecurity predictions for 2026. This webinar provides a forward-looking perspective, equipping attendees with the insights and strategies needed to stay ahead of emerging threats and capitalize on new opportunities.

The Road Ahead: Top Five Cybersecurity Predictions for 2026

The surge in generative AI and increasingly sophisticated social engineering tactics has given cybercriminals powerful new tools to exploit human vulnerabilities—especially through email. These attacks are no longer just technical; they’re psychological, targeting your employees to gain access, steal data, and inflict financial and reputational damage. 
Join sponsor, Proofpoint and host, ISC2 on October 21, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific for a live 60-minute webinar. During this session we’ll explore actionable approaches for strengthening your human firewall. Discover how to empower your workforce, reduce risk, and build a resilient defense against today’s AI-enhanced threats. Don’t miss it!

How to Modernize Threat Protection in the Age of AI

What does it mean to treat cybersecurity as a true profession—not just a discipline? This session challenges practitioners, leaders, and hiring managers to rethink professional standards in cyber, highlighting the role of credentialing, clear career pathways, and people-centric leadership in retaining and growing talent. Speakers will explore how human factors such as stress and burnout can impact performance, and why self-awareness, empathy, and communication are essential leadership skills in today’s environment. Drawing from workforce insights and neuroscience, this session helps attendees understand how to position themselves for advancement—by building a foundation of professional efficacy, emotional insight, and resilience.

From Technicians to Professionals: The Duty of Care in Cybersecurity (#2)

New to the security industry? Or thinking about transitioning into an information security role? If so, this webinar is for you. Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he provides a one-hour ‘crash course’ on the entire security industry, including:

- Size and growth of the security industry
- Useful vocabulary terms and buzz words
- Five types of cyberthreat actors 
- Modern cyberthreats and tactics
- Categories of security defenses
- Common security job roles
- Security industry ecosystem

Security Industry 101: What Every Newcomer Needs to Know

We’re already into Cybersecurity Awareness Month and that may have you asking: How do you turn mandatory security awareness into a fun and engaging campaign that actually reduces human risk and keeps momentum going for months to come? 

On Tuesday, October 14, 2025 at 1:00 p.m., Eastern/10:00 a.m. Pacific join sponsor KnowBe4 and host ISC2 to discover how to leverage engaging campaign ideas.  This webinar will include KnowBe4's free ready-to-use kit, to run a complete themed campaign all year long. We've done the heavy lifting so you can focus on what matters most: building a stronger security culture that lasts. 

 In this fun and practical session, you'll learn:  
-How to explain cyber threats to users in ways they can relate to and understand in their daily work  
-Real examples and creative campaign ideas showing how admins have created wildly successful cybersecurity awareness campaigns  
-Simple gamification techniques that transform passive learning into competitive fun  
-How to select the right training modules that entertain while they educate and why it matters 
-How to maintain momentum and engagement long after Cybersecurity Awareness Month ends 

 Join us to get practical tools and creative ideas that will make your Cybersecurity Awareness Month campaign the talk of the organization while dramatically reducing your human risk.

Level Up Your Strategies in Cybersecurity Awareness Month and Beyond!

Making the move from military or government roles to the civilian cybersecurity workforce can feel like a big shift. The good news: your discipline, leadership, and technical expertise are in high demand — if you know how to showcase them. 
That’s where ISC2 comes in. Join us for an exclusive webinar featuring two of our own accomplished veterans: 
·         Timothy Campo – Former Navy Information Warfare Naval Officer, now leading Security and Technical Operations at ISC2. 
·         William Orr – USMC veteran and current ISC2 Standards Development Manager. 
Together, they’ll share first-hand insights on: 
·         Translating your military experience into language that resonates with employers. 
·         Leveraging your transferable skills to stand out in the corporate world. 
·         Unlocking the career growth, flexibility, and opportunities unique to civilian cybersecurity. 
Don’t miss this chance to gain practical tools, resources, and insider advice to position yourself for success — and land your next role with confidence.

Ready to Launch Your Cybersecurity Career After Military or Government Service?

Cybersecurity professionals are under more pressure than ever—with 90% of teams reporting skills gaps, 67% facing staffing shortages, and burnout rising across roles. In this opening session, we reveal the latest workforce data from ISC2, CyberSN and Cybermindz to unpack the human and operational impacts of today’s talent crisis. Speakers will explore how stress, role ambiguity, and unsustainable workloads are accelerating risk—both personal and organizational—and introduce the concept of mental resilience as an essential component of operational readiness. Attendees will gain insights into identifying burnout risks in themselves and their teams, along with practical guidance for setting healthier boundaries at work.

The Workforce Under Pressure: Burnout, Skills Gaps and Organizational Risk (#1)

Security teams are tasked with managing a growing number of risks in the cloud, but not every issue poses the same level of threat. Runtime observability helps distinguish what’s truly critical by showing which vulnerabilities, services, and exposures are active in production. To be effective, this visibility must extend across architectures, from VMs and containers to on-prem infrastructure.

This session sponsored by Wiz and hosted by ISC2 on September 25, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific, will explore how runtime insights such as vulnerability validation, API security, network mapping, and host configuration checks can be combined into a unified view. Attendees will learn how this observability-driven approach enables smarter prioritization, supports compliance goals, and improves the impact of security investments.

Runtime Observability: The Missing Link in Modern Cloud Security

As AI reshapes job functions and workflows across cybersecurity, professionals face new questions: Which roles will grow or disappear? What skills will matter most? And how can we stay resilient amid constant change? In this forward-looking session, we explore ISC2 data on AI’s workforce impact alongside real-world insights from hiring trends and resilience research. Speakers will discuss how to prepare for the evolving landscape—from emerging AI-related security roles to the enduring value of human skills like judgment, adaptability, and emotional regulation. Attendees will leave with a clearer view of how to future-proof their careers—and their well-being—in an AI-driven world.

Securing the Future: AI, Resilience, and Evolving Cyber Roles (#3)

The rise of artificial intelligence in cybersecurity is both a blessing and a curse. AI is redefining the cybersecurity battlefield, offering unprecedented advantages for security teams and threat actors.

Join Steve Piper, CEO of CyberEdge and Editor-in-Chief of Security Buzz, as he explores AI’s transformative impact on the IT security industry. On the defense side, AI is revolutionizing threat detection, automating incident response, and predicting vulnerabilities before they’re exploited. However, threat actors are also leveraging AI to enhance phishing attacks, create evasive malware, and orchestrate sophisticated social engineering campaigns. 

This webinar provides a balanced view of AI’s dual role in cybersecurity, showcasing both the opportunities and challenges it presents. Gain insights into how IT security teams can adopt AI to stay ahead, while understanding how adversaries may use it to their advantage. With expert commentary and real-world examples, this session equips attendees with the knowledge to navigate AI’s impact on the evolving threat landscape.

From Shield to Spear: How AI is Reshaping Cyber Defense and Offense

We started with a simple question: what do modern attackers do? After analyzing over 700,000 security incidents, one technique was almost universally present: a staggering 84% of major attacks incorporated Living Off The Land (LOTL) tactics, using the same native tools and utilities your administrators use every day. If the tools are the same, how do you tell an attacker from a user? To find out, we turned our focus to legitimate usage data. By comparing this legitimate activity side-by-side with the malicious activity, we found quite a lot of interesting patterns.  

Join the Bitdefender team and ISC2 at 1:00 p.m. Eastern/10:00 a.m. Pacific on September 16, 2025 to get actionable insights from real-world attacks to better detect threats hiding in plain sight.

Navigating Malware-Free Attacks

ISC2 Security Congress 2025 is right around the corner, and we’re so excited about this year’s speaker line-up that we decided to bring a sample of this year’s content to you early! 
 
Join three of our esteemed conference speakers as they preview their upcoming presentations, all of which relate to aligning cybersecurity strategy with business needs. By joining this webinar you’ll get a snapshot of session content, which includes the following presentations:
·        Building Robust Enterprise-wide Business Information Security Officer (BISO) Programs: Key Elements for Success

·        Cybersecurity: From Cost Center to Competitive Advantage

·        Drop-Shipping a New Security Department into a Multibillion-Dollar Company

Join us live Sept. 11, 2025 at 1:00 p.m. Eastern/10:00 a.m.Pacific to be among the first to gain valuable insights into these sessions, plus have an opportunity to as your questions.
 
Like what you see? Register for ISC2 Security Congress 2025 to unlock access to even more great content this October:  https://web.cvent.com/event/00885cdc-a7ef-4682-81d1-77950c2f3d07/websitePage:e3e1427f-5c48-423a-a0e5-60dcec1c4363?RefId=Attend&utm_campaign=GBL-SecurityCongress&utm_content=congress&utm_medium=bannerep&utm_source=isc2web&utm_term=eventpage

Your Sneak Peek into Cybersecurity and Business Alignment at ISC2 Security Congress 2025- #3

SBOMs are just the beginning. Security teams need deeper visibility, tighter control, and faster response across the entire software delivery pipeline.  

On July 31, 2025 at 1:00 p.m. Eastern/10:00 a.m. Pacific, JFrog and ISC2 will break down what lies beyond Software Bill of Materials (SBOMs), from runtime integrity to compliance mapping, and shares actionable ways to protect your pipeline from emerging threats. If you're struggling to connect the dots across your tools and teams, this session will help you build a truly resilient supply chain.

Beyond the SBOM: What Real Software Supply Chain Security Looks Like

ISC2

Information Security

Cyber Security

software security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Beyond the SBOM: What Real Software Supply Chain Security Looks Like

Presented by

About this talk

ISC2 Security Briefings