WikiLeaks Vault 7: Facts, Fiction & Implications

BrightTALK caught up with Twistlock's CEO Ben Bernstein for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:
- Trends in the cyber threat landscape
- What companies can be doing to better improve their security posture
- 2016's biggest breaches (including Yahoo) and why they happened
- Preparations to take in advance of GDPR in May 2018
- Cyber security in the financial sector
- AI & Machine learning and the influence it'll have on the security industry

About the Speaker:
Ben Bernstein co-founded Twistlock, Inc. in 2015, and serves as its Chief Executive Officer. Ben has 14+ years of experience in enterprise security and operating systems. He is a Microsoft veteran with extensive experiences in both software development and product management. Ben is a veteran of the Israeli Intelligence Corps. He has a B.A cum laude in Computer Science from the Technion in Israel and an MBA with a scholarship of excellence from the Interdisciplinary Center in Israel. Ben hates writing about himself in third body.

BrightTALK caught up with Mocana's Bill Diotte for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:
- The difference between securing IoT networks than tradition enterprise IT networks
- The role of government regulation in IoT security
- The 'mission critical' elements that need protecting in IoT networks
- The threat actors and motives targeting IoT networks
- The role of cyber warfare in global geo-politics

About the Speaker:
William (Bill) Diotte is a technology entrepreneur, CEO and Board Member with over 20 years of experience in working with tech-driven companies from startup stage to Fortune 500. Prior to joining Mocana as Chief Executive, he was the co-founder and CEO of software defined networking pioneer BroadHop Inc., acquired by Cisco. Starting off his career as a manufacturing engineer, he became an executive and managing director with both Gemini and SRI Consulting serving high tech companies in the software and telecom markets. Bill has also served as a Board Member to LiveAction, Inc., and is an investor and advisor to several companies in the software infrastructure and security space.

BrightTALK caught up with Fidelis Cybersecurity's John Bambenek for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The future of Cyber warfare
- The tasks for the US political administration on an information security level
- The Yahoo breach and who was to blame
- GDPR and the steps that companies need to take to prepare for the legislation
- A vision of the threatscape; new actors, motives and techniques
- AI and machine learning and the role it has to play in the cyber security industry

About the Speaker:
John Bambenek is Manager of Threat Intelligence Systems at Fidelis Cybersecurity and an incident handler with the Internet Storm Center. He is also a faculty member of the Department of Computer Science at the University of Illinois where he teaches courses in cybersecurity. He has been researching security threats and criminal organizations for 17 years and coordinating with US and foreign law enforcement entities to help bring criminal actors to justice.

BrightTALK caught up with JP Bourget, Chief Security Officer of Syncurity, for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- What's to be learnt from the Yahoo breach revelations
- Cyber security and how it's moved into the political sphere
- The supposed Russian Hack of the US Elections and what it means for Cyber Warfare
- The top challenges for US cyber teams in 2017
- Trends in the threatscape, threat actors and motives

About the Speaker:
JP Bourget, Founder and Chief Security Officer of Syncurity, has over 10 years experience in Cybersecurity. Over the past 5 years JP has focused on Incident Response, SIEM and Network Security Management. JP is was a founding organizer of BSides Rochester, a local, free Information Security Conference. In 2013, JP was a participant and organizer of Cycle Override, a 2700 mile cross country bicycle ride from Virginia to San Francisco, by way of Defcon 21, in order to raise Information Security awareness and raise money for the Electronic Frontier Organization. (@EFF) Prior to forming Syncurity, JP was Network Security Manager for a $200 million global manufacturing company, with presence in USA, Europe and China. JP was an adjunct professor at Rochester Institute of Technology, teaching undergraduate classes in Network Security and Forensics.

BrightTALK caught up with Chris Pierson, CSO of Viewpost for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:
- Regulation and security for new IoT networks
- Secure DevOps and building defenses in from the ground up
- V2V (vehicle-to-vehicle) security and how we secure communications between vehicles as the technology kicks off
- His view, in his role at Viewpost of the evolving threatscape
- The influence of the alleged Russian meddling in the US presidential election and what it means for cyber warfare moving forwards

About the Speaker:
Dr. Chris Pierson is the EVP, Chief Security Officer & General Counsel for Viewpost - a Fintech payments company. He is a globally recognized cybersecurity expert and entrepreneur who holds several cybersecurity and technology patents. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee and is a Distinguished Fellow of the Ponemon Institute. Previously, Chris was the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s U.S. banking operations leading its privacy and data protection program.

BrightTALK caught up with Gary Hayslip, CISO of the City of San Diego for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- Cyber challenges for the new Trump administration
- How to improve diversity and equality in the information security industry
- Critical infrastructure and its specific vulnerabilities
- How to prepare IoT networks to ensure that they're not at risk from malicious threat actors
- The evolution of cyber threats

About the Speaker:
As CISO for the City of San Diego, Gary Hayslip advises the City’s executive leadership (mayoral, city council, and 30+ city departments and agencies) on protecting city government information resources. He oversees citywide cybersecurity strategy and the enterprise cybersecurity program, operations, compliance and risk assessment services. His mission includes creating a “risk aware” culture that places high value on securing city information resources and protecting personal information entrusted to the City. He is Co-Chair for Cybertech and an active member of ISSA, ISACA, OWASP and INFRAGARD.

Noise is the enemy of breach detection and response. After a major data breach it is often the case that signs of an attacker existed, but were buried in thousands of other security alerts that were mainly false positives.

With machine learning, meaningful signs of an attack are more easily detected and isolated, so a security operator can focus on precisely the right issue.

This session will examine:
- The problem of noise
- The role of machine learning in sifting through vast amounts of data to get to the fidelity needed to detect an attacker
- Best practices for including machine learning in your security operations

About the Presenter:
Kasey Cross is a Sr. Product Marketing Manager at Palo Alto Networks, joining this month through the acquisition of LightCyber. She has over 10 years of experience in marketing positions at cybersecurity companies including Imperva, A10 Networks, and SonicWALL. She was also the CEO of Menlo Logic and led the company through its successful acquisition by Cavium Networks. She graduated from Duke University.

BrightTALK caught up with Chenxi Wang, Founder of The Jane Project and Twistlock's Chief Strategy Officer for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The Yahoo Breach and some of her suspected reasons why
- The influence of the supposed Russian US election hack and what it means for cyber warfare
- Diversity in the cyber industry and how it can be improved
- AI & Machine learning and use cases for security
- The key vulnerabilities in IoT networks that we should be thinking about

Wikileaks recently published a throve of documents, "Vault 7 Year Zero", which they claim expose a wide-ranging hacking tools used by the Central Intelligence Agency (CIA). If true, these cyber-weapons include malware that targets Windows, Android, iOS, OSX and Linux computers as well as internet routers. In some cases, it might use smart TVs and other IoT devices in cyber surveillance and espionage.

Join this panel discussion and find out more about the Vault 7 leak:
- Truth / Fiction
- How likely are you to get hacked
- Security and privacy implications
- Long-term effect across the tech industry and its relationship with government agencies

Moderator:
Vince Tocce a.k.a. Vince in the Bay

Speakers:
Jake Kouns, CISO of Risk Based Security
Kenesa Ahmad, Chair of Women in Security and Privacy (WISP)

BrightTALK caught up with vArmour's Chief Strategist, Mark Weatherford for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The rise of Ransomware and where companies are more vulnerable
- DDoS and why it's still a key threat to businesses
- The increased vulnerability of the IoT
- Challenges for Donald Trump and his new cyber team
- How to boost equality and diversity in the information security industry
- How cloud and virtualization are changing the security game

About the Speaker:
Mark Weatherford is Chief Cybersecurity Strategist at vArmour, the data center and cloud security company. He was formerly a Principal at the Chertoff Group, was Deputy Under Secretary for Cybersecurity at DHS, was Chief Security Officer at the North American Electric Reliability Corporation (NERC) and was the CISO for the states of California and Colorado. He also served as a cryptologic officer in the US Navy. Weatherford is a Director on the Boards of Coalfire, the Center for Cyber and Homeland Security (CCHS) at the George Washington University, and the National Cybersecurity Center (NCC) in Colorado Springs. He is also on the Advisory Board at both Cylance and AlertEnterprise.

BrightTALK caught up with Acalvio Technologies security expert Chris Roberts for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The Yahoo breach and steps to take to avoid it happening to other companies
- Communication between the techies and senior management
- Cyber security lessons that the Trump administration could learn
- The Russian hack of the US election
- AI & Machine learning in Cyber Security
- The need for regulation in the growing world of the IoT
- Improving equality in the cyber security industry

About the Speaker:
Regarded as one of the world’s foremost experts on counter threat intelligence within the cyber security industry, Chris Roberts is the chief security architect for Acalvio Technologies, helping to drive technology innovation and product leadership. Roberts directs a portfolio of services within Acalvio designed to improve the physical and digital security posture of both enterprise, industrial and government clients. In addition, Roberts works to shape the next generation of deception platforms and helps companies with their maturity modeling and overall security solutions.

BrightTALK caught up with Digital Shadow's James Chappell for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- Equality in the security industry

- The influence of the supposed Russian Hack of the US Election on the politics of cyber

- The evolution of the threatscape; new threats and threat actors

- The Yahoo breach revelations and what they mean for data protection

- The influence of GDPR on the security industry

- Financial Security and where the banks are most vulnerable

The traditional security perimeter is proving to no longer be an effective cyber security control and fast growing technologies, such as cloud, mobile and virtualization make the boundaries of an organization blurry.

For many years, organizations have protected their valuable and sensitive information by building a fence around assets, and all of the data that flowed in and out was either via a single internet access point or on physical devices.

This meant that a traditional perimeter was an effective measure as the boundaries were known. As long as the internet access was controlled by the data that flowed through it, it was possible to protect, monitor and control that data.

Organizations protected internet access with firewalls, VPNs, access controls, IDS, IPS, SIEMs, email gateways, and so forth, building multiple levels of security on the so-called perimeter. On physical devices, systems management and antivirus protected those systems and kept them updated with the latest security patches.

This is a traditional security approach, used for nearly 30 years. However, in today’s world it is no longer effective alone. The perimeter has moved and we need to move with it.

During this session, attendees will learn about how identity and access management is evolving fast and becoming the new security perimeter, including:

• Why the traditional perimeter is no longer effective
• What hacker techniques are being used to compromise organizations
• What some governments are doing to protect their citizens
• Technologies that will help create the new cyber security perimeter

BrightTALK caught up with TopSpin Security's Rami Mizrahi for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The Yahoo breach and who was to blame

- Nation-state cyber warfare attacks

- How to improve your endpoint detection

- How to improve your network security stance

- The evolution of the threatscape and threat actors

- The role of regulation in financial security

It’s that time of year again: RSA Conference 2017 is upon us. The trends in the security industry are moving more quickly than ever, and the newest methods of preventing cyberattacks have quickly shifted away from solely building walls of defense and into analytics of the data gathered about your network and the way users and attackers use it.

But what about the tried and true methods for thwarting hackers like traditional Vulnerability Management programs? Many organizations have allowed their VM programs to languish and become ineffective because it’s often seen as too old of a technology and too difficult to make successful.

But that’s only because they’ve really never done it right.

Join Nathan Wenzler, Principal Security Architect at AsTech Consulting, to learn why Vulnerability Management is still a critically key component to a successful security program.

This discussion will highlight:
- The issues that lead companies to ignore their VM programs
- Real-world examples and case studies of solutions you can use to resurrect one of the best tools in your security arsenal

About the Presenter:
Nathan Wenzler is the Principal Security Architect at AsTech Consulting, a leading information security consulting firm. Wenzler has nearly two decades of experience designing, implementing and managing both technical and non-technical solutions for IT and Information Security organizations.

BrightTALK caught up with Menlo Security's Jason Steer for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The Russian hack of the US election

- AI & Machine learning in Cyber Security

- The Yahoo breach and steps to take to avoid it happening to other companies

- The leading prevention technologies currently and how to adopt them

- Cyber warfare in today's political spectrum

BrightTALK will be broadcasting its in-depth interview with easyJet Head of Payment Security John Elliott in conversation with BrightTALK Information Security Community Manager.

Topics up for discussion will include:

- The new political climate and it's effect on Cyber Security and global cyber warfare

- The supposed Russian hack on the 2016 US election

- GDPR and what companies need to be doing to prepare for 2018

- Equal opportunities in the information security industry

- The rise of AI & Machine learning and how it'll influence the cyber world

- IoT and how to keep connected devices all safe and secure

- Incident response and steps to take if you've been breached!

- The 2017 threatscape and what you shoud be concentrating on

All this and much more - join us for the broadcast.

Join this in-depth interview at RSA Conference with John DiMaria, Global Product Champion for Information Security & Business Continuity at BSI Group.

Viewers will learn John's insights around:
- Preparing for GDPR
- Challenges for the new U.S. administration
- Protecting our critical infrastructure
- Protecting the IoT: personal accountability, product certifications, regulation
- The threat landscape
- The importance of security awareness training

As the largest cybersecurity show on the earth, the RSA Conference always offers new products, insights and approaches to securing the latest connected devices. So with more Internet of Things (IoT) devices than ever before hitting the markets, what can be done to secure your corner of cyberspace. Let’s explore what we learned at the RSA Conference in San Francisco this year.

About the Presenter:
During his distinguished career, Dan Lohrmann has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan. Lohrmann joined Security Mentor, Inc. in August, 2014, and he currently serves as the Chief Security Officer (CSO) and Chief Strategist for this award-winning training company. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors.