Hi [[ session.user.profile.firstName ]]

(ISC)2: Guest to Root – How to Hack Your Own Career Path and Stand Out

I used to be a security professional, but even my boss didn’t remember my name. My brilliant ideas weren’t listened to, I was never invited to speak at conferences and not even my mother visited my blog." In this talk, we've distilled the key skills and traits taken from personal experience as well as industry professionals to present strategies you can employ to increase your stock internally within an organization as well as within the industry. Simply being hard working and skilled in your job is not enough.
Recorded Nov 5 2015 54 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Javvad Malik CISSP®, Security Advocate, Alien Vault
Presentation preview: (ISC)2: Guest to Root – How to Hack Your Own Career Path and Stand Out

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Equifax:重大数据外泄事件回顾 ─ 分析事件根源、探讨解决方案 Mar 28 2018 6:00 am UTC 60 mins
    演讲人: Shawn Xu 许晓晨, Sales Engineer, Tenable APAC
    在绝大多数数据泄露事件中,受害者最终都是因为看上去非常简单的漏洞问题而给自身带来危害。以Equifax 灾难性泄露事件为例,它的发生归根于公司IT未能识别Web Server Apache Struts 的已知漏洞并及时打补丁,而针对此漏洞已有有效的更新和解决方案。直到事件发生之后数月,他们才对外公布此次事件造成的损失或超过 7500 万美元。 类似漏洞所导致的泄漏事件,还相继发生在其它知名企业,如 Merck、Yahoo、Home Depot、Target等,预计导致上亿美元的利润和信誉损失。


    这次将探讨如何通过 Tenable 解决方案,帮助企业准确发现资产并理解攻击面,识别漏洞对机构的威胁,达到自动化确认合规的目标。并以此为基础,让客户更容易调整网络安全策略,加速理解和减少企业安全风险。

    参加Tenable和 (ISC)² 在3月28日下午2:00至3:00的在线研讨会《Equifax:重大数据外泄事件回顾 ─ 分析事件根源、探讨解决方案》,聆听专家分析对数据泄露事件的深入解读,还等什么?赶紧加入我们吧。

  • Minimizing Cyber Exposure – An analysis of Meltdown and Spectre Recorded: Jan 24 2018 61 mins
    Robert Healey, Senior Director Marketing, APAC, Tenable Network Security
    As organizations embrace cloud infrastructure, DevOps methodologies, PAAS, IoT and mobile workforce, there are new risks coming from a broader attack surface. Vulnerability management designed for traditional assets is not enough. To improve security, you need to rethink how you do things. For example, containers have become the de facto standard in cloud architectures today, which means that security needs to move into developers’ build processes while complementing existing solutions.

    Attend this webinar to discover:
    •Where vulnerability management for today’s assets needs to start
    •What the new faces of attacks and remediation look like
    •Why prioritization should not be based on scan results
    •Why reports using Excel are no longer the answer
    •How DevOps can be part of the solution to incorporate security

    Join Tenable and (ISC)² on Jan 24, 2018 (Wed) at 14:00 (Singapore time) to learn how to minimize cyber exposure in a world of cloud, containers and other modern assets.

    Presenter: Robert Healey, Senior Director Marketing, APAC, Tenable Network Security
    Moderator: Clayton Jones, Regional Managing Director, APAC, (ISC)²
  • Security Management in the Cloud Recorded: Jan 17 2018 60 mins
    Presenter: Greg Singh, Technical Director-APAC, Skybox Security | Moderator: Clayton Jones, Managing Director, APAC, (ISC)2
    As organizations migrate workloads to cloud computing, they benefit from flexibility and agility, but network security operations grow increasingly difficult.

    Gaining visibility into cloud environments, extending existing security operations and workflows, ensuring compliance, and managing shared responsibility create new challenges for security professionals. Add to this the complexity of hybrid and multi-cloud environments — and the loss of control within those environments — and it’s no wonder security leaders are scratching their heads over how to best secure their organization’s journey to the cloud.

    This session will look at approaches to addressing the many challenges around cloud security management and best practices for translating on-prem security controls and processes into hybrid and multi-cloud environments.

    Join Skybox Security and (ISC)² on Jan 17, 2018 (Wed) at 14:00 Singapore time to learn more about security management in the cloud.
  • 국내외 보안관제솔루션 시장과 Best Practice Recorded: Jan 10 2018 60 mins
    황원섭, 차장 Security Presales, Micro Focus Korea
    빠르게 진화하는 사이버 위협에 대해 보다 신속·효율적인 보호와 대응을 위해서는 IT 인프라 전반에서 가시성을 확보하고, 보안 사고를 탐지·조사·대응할 수 있어야 합니다. 현재 국내외 다양한 통합로그 분석 및 보안관제 솔루션이 존재하며, 이를 보통 가트너에서 정의한 SIEM(Security Information and Event Management)이라는 명칭으로 불리우고 있습니다. 본 웨비나를 통해서 국내/외 대형 보안관제센터에서 사용 중인 솔루션의 특징 및 고려사항 등을 파악한 후, 향후 관련 솔루션 도입을 검토하신다면 많은 시행착오를 줄일 수 있을 것으로 생각됩니다.
  • 万能なエンドポイントセキュリティを目指して Recorded: Dec 20 2017 52 mins
    Presenter: 株式会社シマンテック エバンジェリスト 髙岡 隆佳 / Moderator: (ISC)2 Director of Business Development, Japan小熊慶一郎

  • Endpoint Security for Cloud Generation & New Integrations Extend Data Protection Recorded: Dec 13 2017 64 mins
    Sam Tong, Senior Principal Systems Engineer, Symantec; Moderator: S.C. Leung, Member, Asia-Pacific Advisory Council, (ISC)²
    First in the Industry to deliver Deception, Mobile Threat Defense, and Endpoint Detection and Response (EDR) in a Single-Agent Architecture. Join us to learn the latest Evolution of Endpoint Security & Data Protection:

    •Defend against ransomware with multi-layered protection
    •Gain enhanced visibility into suspicious files via tunable protection to make better policy decisions
    •Expose, investigate and resolve incidents including file-less attacks with integrated Endpoint Detection and Response
    •Extend advanced security to mobile devices
    •Use deception techniques to expose hidden adversaries and determine their intent to improve security posture
    •Harden environments against cyber-attacks with complete visibility into application attack surface and isolating suspicious applications

    New Integrations Extend Data Protection Beyond Traditional DLP

    Powered by the industry’s leading data loss prevention technology, to give you greater visibility and control over your confidential data.

    •Expanded Information Centric (ICE) Encryption integration
    •Enhanced data classification integration
    •Sensitive Image Recognition
    •Stronger endpoint controls
    •Enhanced data at rest discovery
    •Improved cloud app policy and incident management
    •Flexibility on cloud deployment
    •And More …

    Join Symantec and (ISC)² on Dec 13 at 14:00 (Hong Kong time) and learn about the latest Evolution of Endpoint Security & Data Protection.

    This webinar will be conducted in Cantonese.
  • 深入分析FastFlux僵尸网络 Recorded: Nov 29 2017 59 mins
    演講人: 欧志鹏, Akamai 亚太和日本地区高级企业安全架构师; 主持人:卢佐华, (ISC)² 北京分会理事长

    FastFlux 是一种 DNS 技术,僵尸网络利用其将各种类型的恶意活动(例如网络钓鱼、网络代理、恶意软件交付和恶意软件通信)隐藏于不断变化的受感染主机(充当代理)网络背后。一般来说,FastFlux网络主要用于使恶意软件与其命令和控制服务器 (C&C) 之间的通信更不易于发现。Akamai 对网络和企业流量进行了深入了解,并提供了有关此类FastFlux网络行为的全新独特见解。

    欢迎您加入本次在线研讨会,与 Akamai 亚太及日本地区的企业架构师 Sunny Au (欧展鹏)一起进行深入分析,了解以下内容的更多信息:

    •Flux网络如何利用域名、IP 地址甚至是名称服务器来避开检测

    参加Akamai 和 (ISC)² 在11月29日下午3:00至4:00的在线论坛《深入分析FastFlux 僵尸网络》,聆听专家对僵尸网络的深入解读,还等什么?赶紧加入我们吧。

  • 진화하는 봇(Bot)의 공격을 방어하라 Recorded: Nov 29 2017 64 mins
    정덕진, Technical Project Manager II, Akamai Korea
    Bot은 자동화된 프로그램으로, 웹사이트의 정보를 수집하거나, credential abuse와 같은 악성행위를 수행합니다. Bot으로 인한 피해는 IT 측면의 퍼포먼스 저하 뿐만 아니라, 매출 감소, 경쟁력 저하, 비즈니스 기회 상실과 같이 비즈니스에 심각한 영향을 끼치는 경우까지 퍼져 있습니다. Bot을 운영하는 쪽은 심지어 차단을 회피하기 위한 여러 가지 기술까지 활용하여 지속적으로 대응하기 때문에, 차단만이 모든 문제를 해결해 주는 방법은 아닙니다. 점점 다양해지고 지속적으로 변화하고 발전하는 Bot의 공격 방법 등을 알아보고, 이를 효과적으로 관리하기 위한 접근방법 및 기술에 대해 알아봅니다.
  • In-Depth Analysis of a Fast Flux Botnet Recorded: Nov 22 2017 60 mins
    Or Katz, Principal Lead Security Researcher, Akamai
    In recent years, we have seen large-scale botnets used to execute attacks rarely seen in the past -- botnets that incorporate new features and bigger capabilities than ever before. How and why some of these botnets remain resilient is a question that needs to be answered, and one of the reasons is Fast Flux. Fast Flux is a DNS technique used by botnets to hide various types of malicious activities (such as phishing, web proxying, malware delivery, and malware communication) behind an ever-changing network of compromised hosts acting as proxies. In general, a Fast Flux network is mostly used to make communication between malware and its command and control server (C&C) more resistant to discovery. Akamai’s high visibility to both Web and Enterprise traffic enables new and unique insights on the behavior of such Fast Flux networks.

    In this webinar, you will get an in-depth analysis on:

    - How network fluxing is using domains, IP addresses and even nameservers to become resistant to discovery
    - How Fast Flux networks offer services such as malware communication and hosting of malicious content
    - How botnets are used both for Fast Flux communications and a variety of Web attacks such as Web scraping and credential abuse
    - Best practices for detecting and defending against such botnets

    Join Akamai and (ISC)² on Nov 22 (Wed) at 13:00 (Singapore time) / 16:00 (Sydney time) to learn more about the Fast Flux Botnet.

    Presenter: Or Katz, Principal Lead Security Researcher, Akamai
    Moderator: Ir. Tejinder Singh, Senior Development Expert, T-Systems Malaysia SGA Security Engineering
  • Phishing Incident Response - How to Stop the Chaos! Recorded: Nov 15 2017 61 mins
    Presenter: Duncan Thomas, Director of Sales, PhishMe; Moderator: Clayton Jones, Managing Director, APAC, (ISC)2
    A recent survey conducted among security professionals in Australia, Singapore revealed that up to 95% of respondents said phishing is the #1 threat. Yet many acknowledged they’re unprepared to deal with phishing attacks.

    Attend this webinar to learn why responders are drowning in emails instead of hunting real threats. See why they’re betting on automation whilst we know, tech alone won’t stop threats from getting through and wreaking serious havoc. Learn what rapid changes and investments your peers are planning to turn the tide against phishing and protect their organisations.

    In this webinar, you will learn:

    - How bad is the phishing threat?
    - How confident are companies in their phishing responses?
    - What solutions are companies using—and which ones should they add?
    - How can automation and technology help? Why are humans important, too?
    - How does your organisation compare to organisations in Australia, Singapore and other countries around the globe?

    Join PhishMe and (ISC)² on Nov 15 (Wed) at 14:00 (Singapore time) and learn more about phishing incident response.
  • Equifax: 又一启重大数据外泄事件! 分析事件根源、探讨解决方案 Recorded: Nov 8 2017 59 mins
    演讲人: Disney Cheng 郑学辉, Solution Architect 架构顾问, Tenable 亚太区; 主持人: 吴树鹏, (ISC)² 北京分会会员主席
    Equifax征信数据的外泄将对美国上亿人口产生潜在危害,敏感的个人信息(包括银行账户、信用评分和身份信息)可被犯罪分子利用,导致严重的安全隐患和财务损失。特别令人惊讶的是,犯罪分子利用了已知的网页Apache Struts漏洞发动攻击,而“漏洞补丁”早在数月前就已被公布及可下载使用。


    这次以Apache Struts漏洞为案例, 给大家演示Nessus 漏洞扫描工具以及持续安全监控平台SCCV所能提供的完整IT 和 IoT资产的报表,安全感知,以及法规状态,让漏洞及时呈现且得到完全修补。

    参加Tenable 和 (ISC)² 在11月8日下午2:00至3:00的在线论坛《Equifax:又一启重大数据外泄事件!分析事件根源、探讨解决方案》,聆听专家对时下安全威胁的解读,还等什么?赶紧加入我们吧。
  • 了解安全威胁态势和凭证盗用(撞库)攻击 Recorded: Sep 27 2017 62 mins
    演講人: 李文涛, 阿卡迈(Akamai)大中华区解决方案部门总经理, 萧锦明, Akamai亚太高级企业安全系统架构师; 主持人: 阎光,(ISC)² 上海分会主席,德勤风险咨询副总监

    在今天的会议当中,Akamai 将基于已发布的《2017 年第二季度互联网安全现状》报告,与大家分享有关安全威胁态势的深度见解。

    近些年来,凭据滥用(撞库)攻击已成为一种普遍的威胁,而且复杂性正日益增加。我们也将对此进行详细介绍。凭据滥用(撞库)攻击活动一旦成功,用户将遭受无法访问、数据泄露或欺诈性交易等损失。Akamai 将揭示这些攻击活动中使用的技术以及难以检测出这些活动的原因。我们还将展示抵御此类攻击的方法和解决方案,从而使您的组织不再遭受此类攻击的影响。

    参加Akamai 和 (ISC)² 在09月27日下午2:00至3:00的在线论坛《了解安全威胁趋势和凭证盗用(撞库)攻击》,聆听专家对时下安全威胁的解读,还等什么?赶紧加入我们吧。
  • IoT와 웹 보안 위협의 실체와 대응방안 Recorded: Sep 14 2017 59 mins
    Yongkhi Paek, Senior Security Sales Specialist, Akamai Technologies Korea
    최근 빈번하게 발생하고 주목해야 하는 보안 공격들의 패턴 및 특이사항들에 대해 살펴보고, 기업의 비즈니스 연속성과 안전성을 위해 이러한 공격 위협들에 대해 어떤 효과적이고 효율적인 방법으로 대응 및 대비해야 하는지 알아봅니다.

    1. 최신 웹 보안의 트렌드
    2. 2분기 주요 웹 애플리케이션 공격 분석
    3. 2분기 주요 디도스 공격에 대한 통계
    4. IoT 보안 공격 양상
    5. 웹 보안의 변화 추이
    6. 요약 및 질의답변
  • Improving Credential Abuse Threat Mitigation Recorded: Aug 30 2017 58 mins
    Or Katz, Principal Lead Security Researcher, Akamai & James Tin, Principal Enterprise Security Architect, Akamai
    Credential abuse attacks have become a prevalent threat in recent years, and a successful credential abuse attack campaign can result in damaging consequences such as losing access and control over the accounts, data breach and fraudulent transactions.

    Many of the accounts being abused are compromised account, which are the result of information breach in vulnerable web applications. The problem starts once visitors of highly-secured web applications create login credentials and then recycle those credentials to access another potentially vulnerable web application.

    In this webinar, Akamai will present our latest research on malicious activity that sheds new light on credential abuse attack campaigns characteristics. The research reveals the techniques that are being used and what make these campaigns difficult to detect over long periods of time. We will show how collaboration of attack evidence on different targets can become a solution to mitigate such attacks.

    The speakers will also share key attack data and trends observed from the latest Akamai Q2 2017 State of the Internet Security Report.

    Join Akamai and (ISC)² on Aug 30 (Wed) at 13:00 (Singapore time) to learn more about improving credential abuse threat mitigation.

    - Or Katz, Principal Lead Security Researcher, Akamai
    - James Tin, Principal Enterprise Security Architect, Akamai

    - Clayton Jones, Managing Director, APAC, (ISC)²
  • The Evolution of Vulnerability Management – Program Trends and Solutions Recorded: Jul 19 2017 61 mins
    Michael Aboltins, Technical Product Manager Tenable Asia Pacific, Tenable Network Security
    Frequent cyber security attacks spreading around the world and affecting systems everywhere has become the "new norm". Recent changes in IT architecture such as virtual, mobile & cloud services, plus increasingly sophisticated cyber threats are forcing enterprise security practices and principles to be re-evaluated. Analyst research data shows that system vulnerabilities are still the largest contributing factor in enterprise data breaches. Thus, identifying vulnerable systems on your network and applying mitigations to them must continue to be a strong priority.

    This webinar will provide you with insight into how successful organisations have evolved their Vulnerability Management programs to gain a deeper understanding of their overall Security posture. The presentation will share ideas to boost the effectiveness of your security program now and in future, taking into account the major new IT paradigms including Cloud, Containers & DevOps.

    Join Tenable and (ISC)² on July 19 (Wed) at 14:00 (Singapore time) to learn more about the evolution of vulnerability management.
  • Research Findings: Quantifying ROI for Application Security Recorded: Jul 12 2017 53 mins
    Shelly Yao, Security Architect – South East Asia, Hewlett-Packard Enterprise
    Continuous delivery of application is the new norm. Businesses recognize that applications are a competitive differentiator so they are creating and pushing them out at a lightning pace, thus putting a lot of pressure on development and security teams. HPE Enterprise Security, together with Mainstay Partners, studied data collected from a broad set of Fortify customers to quantify the business value they are experiencing by building security into each phase of development.

    Join HPE and (ISC)² on July 12 (Wed) at 13:00 (Singapore time) to learn about the key findings from the research. Discover the ROI of application security practices for your organization to scale confidently for business growth.

    Presenter: Shelly Yao, Security Architect – South East Asia, Hewlett-Packard Enterprise
    Moderator: Clayton Jones, Regional Managing Director, Asia-Pacific, (ISC)²
  • The Evolution of Vulnerability Management 進化を迫られる脆弱性管理 Recorded: Jun 28 2017 61 mins
    花檀 明伸 (Akinobu Kadan), Senior System Engineer, Tenable Network Security

    このセッションでは、 IT環境の変化が必要とする脆弱性管理製品の新たな要件についてご紹介します。

    - 包括的な脆弱性管理の重要性
    - 脆弱性管理は定期診断から継続的監視へ
    - 継続的な脆弱性管理の効果 〜 統合化された分析、可視化機能と、コンプライアンス評価
    - 新しいインフラへの対応 〜 モバイル、仮想化、クラウド、コンテナ

  • The Dangers Within: 6 Hidden Signs of Cybersecurity Insider Threats Recorded: Jun 28 2017 61 mins
    Jon Piercey, SVP Security & Intelligence APAC, Nuix
    Threats from within the enterprise can pose the biggest cybersecurity risk to the organisation. Whether intentionally or accidentally, users with legitimate credentials can go about the network without triggering suspicion or alert, making their unauthorised activity difficult to detect. Insider threat activity can sometimes hide in plain sight, but what happens when people deliberately cover their tracks?

    In this webinar, you will learn:

    - Where to look for suspicious activity
    - How to set up traps that will catch malicious insiders
    - What finding paths across seemingly disparate data can reveal.

    According to a 2016 industry report, employees cause 77 percent of internal security breaches. Find out who is causing yours.

    Join Nuix’s and (ISC)² on Jun 28 (Wed) at 13:00 (Singapore time) and uncover the six hidden signs that help you detect the presence of insider threat activity.

    Presenter: Jon Piercey, SVP Security & Intelligence APAC, Nuix
    Moderator: Ir. Tejinder Singh, Senior Development Expert,T-Systems Malaysia SGA Security Engineering
  • Collective Security – Prairie Dogs vs Humans Recorded: Jun 21 2017 61 mins
    Duncan Thomas, Director of Sales for APAC, PhishMe; Chuan-Wei Hoo, Technical Advisor, Asia-Pacific, (ISC)²
    As the security industry has continued to underinvest in the human element of security, phishing has become the top attack vector for cyber criminals. Breaches continue to occur in record numbers, identification takes an exorbitantly long time, and the most preferred target is an organization’s human assets. Empowering human assets to provide vetted intelligence into your incident response teams is often overlooked. Every organization has these human sensors, and there’s a natural desire for these employees to want to help.

    In this presentation, you will learn:

    • Why the cybersecurity industry is broken
    • How to reduce susceptibility to human-targeted attacks
    • How to empower users to become human sensors to recognize and report suspected attacks

    Join PhishMe and (ISC)² on Jun 21 (Wed) at 13:00 (Singapore time) and learn how you can empower your team and protect your organization from phishing attacks.
  • 互联网现状/互联网安全现状报告——最新DDoS及Web App攻击趋势概览 Recorded: Jun 7 2017 60 mins
    马俊 James, 阿卡迈中国高级售前工程师, 阿卡迈中国; Moderator: 阎光, (ISC)² 上海分会 会员主席, 德勤风险咨询, 副总监

    Akamai每天都承载了全球 15%到30%的Web流量,因此可以观察到大量的互联网攻击,从包含SQL注入的恶意HTTP请求,到规模高达650Gbps的DDoS攻击。我们的安全专家会对此信息进行分析,对相关趋势和发现进行分享,这些信息都包含在我们按照季度发布的互联网现状/互联网安全现状报告中。我们将在本系列在线研讨会中发布相关信息。

    - 互联网现状报告中的全球网络流量概况
    - APJ区域的网络攻击情况
    - IoT(物联网)僵尸网络是如何改变APJ地区网络攻击的拓扑结构的
    - IoT的安全责任

    参加Akamai 和 (ISC)² 在06月07日下午2:00至3:00的在线论坛《互联网现状/互联网安全现状报告——最新DDoS及Web App攻击趋势概览》,获取DDoS及Web应用攻击的流量和趋势的概览及深度分析,还等什么?赶紧加入我们吧。
Live Webinars for InfoSec Professionals in Asia Pacific Time Zone
Looking for expertise and information to advance your career and tackle your challenges? Subscribe and join us for the educational webinars in APAC time zone. Earn CPEs quickly and at no cost by attending webinars: 1 hour of webinar equals 1 CPE. We welcome members and non members alike.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: (ISC)2: Guest to Root – How to Hack Your Own Career Path and Stand Out
  • Live at: Nov 5 2015 11:20 pm
  • Presented by: Javvad Malik CISSP®, Security Advocate, Alien Vault
  • From:
Your email has been sent.
or close