Hi [[ session.user.profile.firstName ]]

How Cyber (measured in dollars) Earns a Spot on the Risk Register

Cyber has yet to be fully integrated into the suite of business functions and monitored risks within most organizations. GRC is the mechanism to align cyber and the business, but it’s current state is not sufficient. Governance hierarchy is ineffective (CISOs reporting to the CIO or COO), Risk leveraging ambiguous risk measurements, and Compliance mistaken as security. Moving forward, Governance must be redefined, making CISOs business leaders, reporting to the Board. Risk should leverage traceable data to measure in a common business language. Compliance should be the baseline for security initiatives, not the end goal. When these initiatives can be achieved, GRC will transform cyber into a business enabler.

Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security where he leads the effort to quantify cyber risk in financial terms. Prior to Nehemiah he founded PivotPoint Risk Analytics which focused on cyber risk quantification through value-at-risk modeling and simulations. Jerry has a broad background in cyber, having worked for incident response, malware analysis, and services companies. He has spoken at a number of conferences worldwide including ISS World MEA in Dubai, InfoSecurity Russia in Moscow, and TM World Forum in Nice, France. He holds an MBA from the University of Massachusetts, an MS in Computer Science from the University of Pennsylvania, and a BS in Electrical Engineering from the University of Buffalo.
Live online May 17 5:00 pm UTC
or after on demand 75 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security
Presentation preview: How Cyber (measured in dollars) Earns a Spot on the Risk Register

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How Cyber (measured in dollars) Earns a Spot on the Risk Register May 17 2018 5:00 pm UTC 75 mins
    Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security
    Cyber has yet to be fully integrated into the suite of business functions and monitored risks within most organizations. GRC is the mechanism to align cyber and the business, but it’s current state is not sufficient. Governance hierarchy is ineffective (CISOs reporting to the CIO or COO), Risk leveraging ambiguous risk measurements, and Compliance mistaken as security. Moving forward, Governance must be redefined, making CISOs business leaders, reporting to the Board. Risk should leverage traceable data to measure in a common business language. Compliance should be the baseline for security initiatives, not the end goal. When these initiatives can be achieved, GRC will transform cyber into a business enabler.

    Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security where he leads the effort to quantify cyber risk in financial terms. Prior to Nehemiah he founded PivotPoint Risk Analytics which focused on cyber risk quantification through value-at-risk modeling and simulations. Jerry has a broad background in cyber, having worked for incident response, malware analysis, and services companies. He has spoken at a number of conferences worldwide including ISS World MEA in Dubai, InfoSecurity Russia in Moscow, and TM World Forum in Nice, France. He holds an MBA from the University of Massachusetts, an MS in Computer Science from the University of Pennsylvania, and a BS in Electrical Engineering from the University of Buffalo.
  • Is Threat Hunting the Next Frontier: Separating the Hype from the Reality May 3 2018 5:00 pm UTC 75 mins
    Dr. James Stanger Chief Technology Evangelist, CompTIA
    One of the more interesting-sounding job skills today is that of the “threat hunter.” Let’s talk about the activity of “threat hunting,” and deconstruct it a little bit. The idea behind threat hunting is to proactively look for adversaries and for traces of their activity. So, is threat hunting all that it’s cracked up to be? Is looking for trouble really the best approach today? It’s very possible that the one key element of threat hunting is one fundamental assumption: That you’ve already been hacked, but you just don’t quite realize it yet. In this presentation, James will discuss the benefits and drawbacks of “active defense,” and where it fits in with other security activities.
  • Gamification and Security: The Role of Competitions in Readiness and Defense Recorded: Apr 26 2018 57 mins
    Lisa Jiggetts, Founder, President & CEO of the Women's Society of Cyberjutsu
    Security operations face intensifying pressures along numerous fronts, including a constantly shifting threat landscape, an increasingly complex environment to defend, and an extreme shortage of skills. This panel of distinguished security experts will discuss the role that competitions – at the primary school, collegiate and professional levels – can play in attracting workers to the security arena, growing their skills, and developing methods to identify and defend against the greatest threats and risks of the day.

    Lisa Jiggetts, the Founder & CEO of the Women's Society of Cyberjutsu, one of the fastest growing nonprofits dedicated to women in cybersecurity, will spearhead this panel of experts is cyber security and competitions.

    Other panelists include Mika Devonshire, Director of Forensics and Cyber Risk Analytics at SSIC; Marcelle Lee, Threat Researcher at LookingGlass Cyber Solutions; and Dan Manson, Professor of Computer Information Systems at Cal Poly Pomona.
  • ISSA International Series: IoT/Mobile Security Recorded: Apr 24 2018 66 mins
    Hari Pendyala | S.A. Srinivasa Moorthy | Chris Rouland | Matthew Crouse
    The prolific outburst of IoT devices in our lives has become a boon or a curse. Boon as they make it easy to interact with "Things" and Curse as they make it easy for hackers to invade our privacy and breach security.

    Implementing Security in IoT devices is still after thought.This webinar looks at the challenges of securing IoT devices against threats and discusses about the options available to secure these devices.
  • GDPR and you! Perfect together....? Recorded: Mar 29 2018 58 mins
    Joshua Marpet. Red Lion, COO/Founder
    GDPR is a huge topic, with issues ranging from "What does it mean to my business processes?" to "Do I have to care about it?" And that's besides the technical bits! Together, let's explore what it means for a sample company. We'll discuss data, geography, and business processes. You'll learn about some of the pitfalls, and some of the opportunities inherent in GDPR. And maybe we can make it work for you, instead of causing a headache. Want to find out? Just show up.

    Joshua Marpet is an accomplished speaker, long time information and physical security practitioner, as well as a start up CEO and serial entrepreneur.
    He has presented on topics ranging from Facial Recognition to National Security, to audiences from government agencies, law enforcement, Fortune 5 companies, and many others. His research encompasses Digital Forensics, business security maturity, and how not to start an information security business!

    Joshua has been in the hot seat, at all levels of IT and Infosec. From the Federal Reserve, to law enforcement, to being an entrepreneur, Josh has been there. Let's talk.
  • ISSA International Series: Blockchain and other Mythical Technology Recorded: Mar 27 2018 123 mins
    Mark Kadrich | James Grundvig, Myntum Ltd. | Peter Linder | Brian Russell, Leidos
    We will be examining blockchain technology and its proliferation in our data security architectures. Our speakers will discuss their experiences with BC technology, how it’s working today, plans for taking advantage of it in the future, and possible technical issues that may affect its long term efficacy.
  • The Best Defense Is An Offense-Informed Defense Recorded: Mar 27 2018 43 mins
    Jeff Schmidt, VP & Chief Security Officer, Columbus Collaboratory
    In this session, you will learn how an offense-informed defense approach will enable your security team to cut through the noise, be more effective at both identifying the most likely and riskiest attacks and thwarting them faster at less cost. We will discuss how to understand not only the attack vectors, the attackers’ tactics, techniques and procedures but also the residual effects so that, in an environment of almost immeasurable alerts and alarms, your team can focus on the indicators that are the most important.

    Jeff Schmidt, VP and Chief Cyber Security Innovator at Columbus Collaboratory is an accomplished cybersecurity expert with a background in security and risk management. He founded JAS Global Advisors LLC, a security consulting firm in Chicago, and Authis, a provider of innovative risk-managed identity services for the financial sector. Jeff is a board member for Delta Risk LLC, A Chertoff Group Company, a global advisory firm focused on security and risk management. In 1998, he worked with the FBI to create the InfraGard Program, receiving commendations from the Attorney General and the Director of the FBI. He is an adjunct professor of systems security engineering at the Stevens Institute of Technology and a Zurich Cyber Risk Fellow, Cyber Statecraft Initiative, at The Atlantic Council. Jeff received a Bachelor of Science in computer information systems and an MBA from the Fisher College of Business at The Ohio State University.
  • The Future of Passwords Recorded: Mar 22 2018 58 mins
    Hamza Sirag
    This webinar will provide an overview of the future of passwords. Passwords have become very important, protecting a treasure trove of information. You will get an inside look at the techniques and tactics used conduct password attacks. We will discuss the various countermeasures available, new improvements made to the latest operating systems to prevent successful password attacks, and how the industry is trying to eliminate passwords. We will conclude by discussing ways we can potentially circumvent new countermeasures.

    Hamza Sirag Hamza is currently an Information Security consultant. He has spent the majority of his time immersed in the world of cybersecurity. He has had the opportunity to lead complex penetration tests for a variety of federal and commercial clients. He is the founder of Beltway Hackers, a Northern VA based meetup group focused on offensive cybersecurity. https://www.meetup.com/Beltway-Hackers
  • ISSA Thought Leadership Series: Security Awareness Strategies Recorded: Mar 21 2018 62 mins
    Jack Koziol, InfoSec Institute | Robb Reck, Ping Identity | Marnie Wilking, Orion Health | Michael Towers, Allergan
    Beating Hackers at Their Own Game: Security Awareness Strategies That Work

    If 2017’s explosion of cybersecurity breaches taught us anything, it’s that our workforces, more than ever, are one of our most critical defenses. But with as much as 30% of employees unable to spot a phishing email, how do you keep hackers from hijacking your data? The seemingly obvious answer is security awareness training. Unfortunately, many security education programs today fail to sufficiently change employees’ security attitudes, skills and behaviors -- providing a false sense of protection and safety. Even worse, 48% of companies do not have an employee security education program.

    If your New Year’s infosec resolutions include launching a security awareness initiative, or reviving an existing one, what better way to guarantee results than to learn from pros who have been in your shoes. Join our expert panel as they share:

    ● Their most effective security awareness strategies to improve your organization’s security posture

    ● Proven methods to get employees to take security seriously (before a breach occurs)

    ● Security awareness program pitfalls to avoid and biggest lessons learned

    ● Predictions on what will cyber attacks will look like in the next couple years and what you should do in your security awareness program today to prepare
  • How to secure the Windows OS in 2018 Recorded: Mar 1 2018 60 mins
    Sami Laiho
    At the end of 2017 there were more than a million new malware samples found for Windows per day. The old ways of protecting computers are not powerful enough anymore. Join to learn how one of the leading security experts in the world, Sami Laiho, explains how to protect your endpoints proactively. You’ll learn tips & tricks on how to implement hard disk encryption, Whitelisting and Principle of Least Privilege.


    Sami Laiho is one of the world’s leading professionals in the Windows OS and Security. Sami has been working with and teaching OS troubleshooting, management, and security for more than 15 years. Sami’s session was evaluated as the best session in TechEd North America, Europe and Australia in 2014, and Nordic Infrastructure Conference in 2016 and 2017. At Ignite 2017 Sami was evaluated as the Best External Speaker! Sami is also an author at PluralSight and the newly appointed conference chair at the TechMentor conference.
  • ISSA International Series: Privacy vs. Security Recorded: Feb 27 2018 121 mins
    Pete Lindstrom, IDC | Randy Sabett, Cooley LLP | Mathieu Gorge, Vigitrust | Brad Keller, Prevalent | Jim Jaeger, Arete
    We are all concerned about Privacy. Every day there we hear about multiple PII breach announcements. Our current solution – lets create laws to require announcements and levy fines to encourage proper activities and protections. With GDPR looming on the horizon, as the most recent and perhaps the most comprehensive regulation yet, we find ourselves wondering if others will adopt similar regulations. If so, do we as security professionals need to be concerned about our ability to perform forensic analysis, and gather information outside of our realm of direct influence to identifier a hacker? Do elements of GDPR create a situation in which hunting for a hacker might violate their privacy rights? In the end will companies still be able to monitor and protect their assets as they do today, or will it require a change? This webinar will provide insight into the Privacy vs Security Debate.
  • ISSA Thought Leadership Series: A Cure for the Common SOC Recorded: Feb 14 2018 55 mins
    Candy Alexander, CISSP, CISM | Rocky DeStefano, JASK | Vince Campitelli II
    With cybersecurity concerns escalating, organizations of all sizes have scrambled to boost budgets, hire talent and improve security operations – all in the hopes of catching up with and defeating a sophisticated and nearly-invisible enemy. But in this rush to build the SOC according to perceived industry best practices, have we truly optimized our human, technological and procedural resources? Or are we all SOC, and no action? If we took a moment to regroup and build the whole system again from scratch, would it be better than the SOC we’ve reached today by throwing resources at the problem? And if so, where did we go wrong – and how do we course correct? Join a panel of experts to discuss their visions of the perfect SOC and its top priorities while exploring how it can be evolved to achieve them.
  • Attacker's Methodology Recorded: Feb 1 2018 23 mins
    Jason Dion, CISSP - Cyber Security Trainer at Dion Training Solutions
    A brief overview of the Attacker's Methodology. In this webinar we began our quest to think like an attacker. We will cover the 6 stages of an attack: reconnaissance, scanning & enumeration, gaining access, escalating privileges, maintaining access, and covering your tracks.
  • Let's talk about OSSTMM with Pete Herzog from inside out Recorded: Dec 14 2017 60 mins
    Pete Herzog, Managing Director at ISECOM
    In early 2000, the Open Source Security Testing Methodology Manual (OSSTMM) was released with the primary objective of improving how the enterprise conducted security testing. Key sections of this methodology include operational, human, physical, wireless, telecommunication, and data network security testing. Today, OSSTMM is widely regarded as a methodology for penetration testing world-wide, offering a standard approach to conducting security testing. Frank Shirmo of ITPG Secure Compliance, a Cyber Security Boutique in Northern Virginia will be joined by Pete Herzog, the creator of OSSTMM, to answer key questions, and provide clarifications on OSSTMM for CTOs, CISOs, CIOs, Security Engineers and Analysts, and all other stakeholders interested in the topic of security testing.
  • Best Cyber Breach Protection: Certified NIST RMF Professionals Recorded: Dec 8 2017 64 mins
    Dr. Ron Ross, Mr. Richard Spires, and Dr. Victor Berlin
    Dr. Ron Ross (NIST), Richard Spires (Learning Tree Int’l), and Dr. Victor Berlin (Mission Critical Institute) will discuss how hiring Certified NIST RMF Professionals can be your key to cybersecurity breach protection.

    Dr. Ron Ross, Fellow, National Institute of Standards and Technology
    Ron Ross is a Fellow at the National Institute of Standards and Technology. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the NIST Risk Management Framework.

    Mr. Richard Spires, CEO, Learning Tree International (CIO, DHS, IRA ret.)
    Richard Spires is CEO of Learning Tree International. Previously he has served as the U.S. Department of Homeland Security’s (DHS) Chief Information Officer (CIO) and IRS’s CIO. Spires also served as the Vice-Chairman of the Federal Government CIO Council and the Co-Chairman of the Committee for National Security Systems (CNSS).

    Dr. V. N. Berlin, CEO, Mission Critical Institute
    Victor Berlin is the CEO of Mission Critical Institute (MCI). MCI enables universities to graduate career-ready cybersecurity risk management professionals by utilizing MCI’s cutting-edge cybersecurity education system. Dr. Berlin has over 15 years of cybersecurity graduate level education experience which includes serving as the founding president of the first accredited cybersecurity graduate university, University of Fairfax.
  • Leading through adversity and burnout to create a high performing security team Recorded: Nov 30 2017 51 mins
    Sharon Smith, CISSP ITPG Secure Compliance VP, Cybersecurity Strategy and Advisory Services
    Security professionals are constantly in a state of adversity, always trying to battle the unseen advisory with little resources and lack of understanding from leadership. Often there is little to no recognition of a job well done, because no one can see the results of a good security team, no breach. It is only when there is an issue that the lights shine on the security team and that is when everyone asks why is it going wrong? This makes leadership within security that much harder, how do you help a team that is up against constant adversity from burning out and leaving. In this webinar, Sharon Smith will discuss the Five Pillars of a high performance security team and how you as a leader can tap into these to help your team achieve more and get better results.
  • AI and the Scientific Method for Cyber Investigation Automation Recorded: Nov 16 2017 48 mins
    Shawn Riley, Chief Data Officer | Cybersecurity Scientist at DarkLight
    "Artificial Intelligence" is arguably one of the most over-used terms in cybersecurity today and despite the potential, most organizations are in the dark about how best to apply it -- and more importantly, how to explain the results it produces. We will discuss how encoding expert tradecraft using scientific methods and common knowledge / data models - can produce AI with explainable results for improved investigation and an active cyber defense.
  • Top cyber threats in the financial sector Recorded: Nov 16 2017 49 mins
    Candid Wueest, Principal Threat Researcher, Symantec
    Financial institutions are increasingly facing attacks on multiple fronts.

    Cyber criminals continue to target online banking using malware to hijack customer transactions and banking sessions. While there has been an overall drop in infections related to these consumer threats, financial institutions are now facing new types of attacks in the form of large-scale financial heists.

    Attack groups such as Fin7 and Lazarus are deliberately targeting financial institutions in audacious attacks that are reaping large rewards. They are using living off the land and fileless attack tactics similar to APT groups. But also extortion with DDoS attacks or business email compromise (BEC) scams are increasingly bothering financial corporations.

    In this webcast on the current financial threat landscape, Symantec takes a look at the most prevalent and significant financial threats.

    In this webcast we will review:
    - The top threats facing financial institutions with statistics and examples
    - Explore the most common techniques employed in financial attacks
    - Provide case studies of the most high-profile financial attacks of the past 12 months
  • Defending from Attack: Winning the Cyber Conflict Recorded: Nov 14 2017 31 mins
    Griff James, Director, Damrod Analysis Ltd.
    Effective responses to modern IT risks requires a transition from cyber security to cyber defense. This presentation introduces analysis based on proven military tools to understand, assess, and defend against cyber-attack. See how Petya worked its way in, and how to defend against it. Take away valuable tools and frameworks to develop your defenses.

    Presenter:

    Griff is trained as a Canadian Infantry Officer and is a graduate of the Johnson-Shoyama Graduate School of Public Policy. After a two-year stint as a Strategic Policy Analyst at the Treasury Board Secretariat in Ottawa, he moved to London where he completed a Master’s Degree at the LSE. Unable to find “real” work, he got into software development as a Scrum Master, leading the development of a web based application. This experience fostered an interest in cybersecurity, and Griff went on to a boutique start-up providing application security to Fortune 500 companies. Frustrated by the disconnect between technologies and poor analysis within cyber security, Griff founded cyber defense firm Damrod Analysis in 2017. He is London based, where he and his wife are expecting their first child shortly.
  • Social Engineering: Still a threat? Recorded: Oct 26 2017 55 mins
    Tarrell "Mac" McCrory, CISSP, CEH
    When you hear the term Social Engineering, the first thing that pops into your mind will invariably be phishing emails. However, there are many aspects of social engineering that are, more often than not, completely overlooked. Identity impersonation, physical penetration, and various other means can just as easily be employed to breach company after company. While the ability to detect malware and other types of breaches get better by the day, these types of attacks are rarely discovered quickly, if at all. Enterprise level security accounts for many of these, but rarely all. Join the indepth discussion of how Social Engineering can be dangerous for an organization and what can be done about.


    Previously, Mr. McCrory was one of the founding employees of PhishMe, Inc. where he developed and ran many social engineering engagements as a Managed Services Consultant, teaching management of various Fortune 500 and Global 100 comapnies how to deal with phishing and on occassion, various other forms of social engineering attacks.

    Mr. McCrory is also currently working on his first book and working as an independent consultant.
Cybersecurity and Compliance
Founded in 1999, ITPG Secure Compliance is dedicated to preventing information security breaches that put organizations at risk of noncompliance. Based in Vienna, VA, our subject matter experts are sought-after authorities on PCI DSS, HIPAA Security and Privacy Rule, FERPA and other industry security requirements. Our IT security consultants and virtual CISOs have decades of experience assessing security risks and vulnerabilities, recommending mitigation strategies and mapping remediation plans to strengthen enterprise security posture. We work with corporate, association, and state agency clients that span multiple industries and for multiple resellers. Visit our web site www.itpgsecure.com

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How Cyber (measured in dollars) Earns a Spot on the Risk Register
  • Live at: May 17 2018 5:00 pm
  • Presented by: Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security
  • From:
Your email has been sent.
or close