Hi [[ session.user.profile.firstName ]]

ISSA International Series: Breach Report Analysis

It's everyone's favorite time of year. What will we learn from this
year's breach reports? Join us as we review the latest data, look for
lessons and trends, and help you understand what it all means. Our
panel of experts will focus on how security professionals can learn
from the data, and hopefully avoid becoming a statistic for next
year's report.
Recorded May 22 2018 123 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Matt Mosley | Patrick Cable | Paul Williams | Jay Jacobs | Laurance Dine
Presentation preview: ISSA International Series: Breach Report Analysis

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • ISSA Thought Leadership Series: Security Event Overload-How to Net it Out Recorded: Oct 10 2018 55 mins
    ISSA International
    How do you manage the thousands or tens of thousands of security alerts that are generated by your systems each day? Hear about strategies from practitioners who are dealing with “event overload” and then listen to a follow-up with a discussion about how security products that are building actionable information into their reporting in order to ease the burden.

    Moderator: Steve Tcherchian, CISO and Director of Product Management, XYPRO Technology

    Robert Hamilton, Director, Product Marketing, Imperva
    Shelly Herschkovitz, Product Manager, Research & Innovation, Imperva
    Scott McCoy, IT Director, Medtronic
    Jessica Doyle, Director of Threat Assessment for Optiv
  • ISSA International Series: Latest & Greatest Security Attacks & Why They Happen Recorded: Sep 25 2018 87 mins
    ISSA International
    With all the money that we spend on precautions, and mitigations for security vulnerabilities, why do we keep on getting hacked? This question is not new, but will be looked at with respect to recent attacks, that have been successful. While not all of these attacks are brand new or represent unique vulnerabilities, they've been very effective. So come and join us as we look at the issues that are being exploited.
  • ISSA Thought Leadership Series: Eliminating Security Blind Spots in your AWS Recorded: Sep 19 2018 54 mins
    ISSA International
    As consumption of cloud services increases, security teams struggle to maintain visibility of the cloud assets in use across multiple environments throughout the enterprise. In fact, 43% of security pros say lack of visibility into cloud environments are their biggest operational headache. Cloud defenders struggle to answer two simple, but important questions: what do I have, and is it secure? The only way to answer these critical questions is with comprehensive security visibility of your AWS public cloud environments.

    Join us for a discussion on gaining security visibility across all of your AWS accounts, including best practices for:
    - Discovering workloads and resources in use across your AWS accounts, services, and regions
    - Reducing your attack surface by identifying and remediating security issues
    - Finding and responding to critical risks using different assessment methods (agent-based, agent-less, API, etc.)

    Mikhael Felker, Director of Information Security & Risk Management, Farmers Insurance


    Edward Smith, Product Marketing Principal, CloudPassage
    Matthew Hicks, Senior Principal, IT Security | Cyber Security Operations, Amtrak
    Alex Grohmann, Founder, Sicher Consulting
  • ISSA Thought Leadership Series: Cybersecurity risk is a shared responsibility Recorded: Sep 12 2018 63 mins
    ISSA International
    As organizations increase the quantity and complexity of digital services they provide to their customers they are increasingly relying on partners, vendors and 3rd parties to support them.

    This means that the old model of snapshot assessments is falling behind in providing the timely conversations needed in today’s dynamic environment where data sharing is assumed and partners are providing business critical services outside an organization’s infrastructure.

    Join us to discuss how digital attack surfaces are expanding, what information is available to assess risk, the methodology on what makes up a score and where to use them, how to engage in constructive conversations with your partners and showcase results to leadership.

    Ken Dunham

    Vamsi Gullapalli, Product Team, RiskIQ
    Steve Tcherchian, CISO, XYPRO Technology Corporation
    Wayne Proctor, Vice President, Information Security, WestRock
  • ISSA Thought Leadership Series: Email, the Original Sin Recorded: Sep 5 2018 58 mins
    ISSA International
    As email evolved from its early days, nobody could have predicted that there would one day be more than 3.8 Billion email users sending 270 Billion emails a day, and that email would become the number one source of cyberattacks. Business Email Compromise (BEC) and impersonation attacks are now one of the most insidious threats to organizations. Take a walk through the history of email with us to learn how email's "original sin" – its inherent lack of authentication – is being addressed with identity-based automated email authentication, including DMARC enforcement and other strategies to bring trust back to email.

    David Vaughn, Director, ISSA International Board

    Seth Blank, Director of Industry Initiatives, Valimail
    Karl Mattson, President, LA Cyber Lab
  • ISSA International Series: Regulation and Legislation Recorded: Aug 28 2018 124 mins
    ISSA International
    We all realize that our security jobs are much more than just specifying technology and controls, protecting and defending our infrastructure, and investigating incidents. Over the last year privacy has been mainstreamed with GDPR going into effect, California passed its own version of GDPR, and with 40 + privacy laws in the US, and more just over the horizon. In addition, some of the questions around cloud and privacy have been addressed with the Cloud Act (which gives government agencies direct access to consumer information in the cloud). We also see more government export controls looming on the horizon. These controls will impact cyber tools and techniques and our ability to test and mitigate vulnerabilities while complying with laws and regulations.

    While we may not have all the answers, we will review the current state of our world. To do this, we will bring in legislative and regulatory experts to discuss the changes and some of the directions we see looming.

    Some of the questions we will try to address are:

    what happens when these laws and regulations conflict with one another
    what happens when these controls impact our ability to do our job
    can we mitigate any of our liability by just getting insurance.

    Michael Angelo, Chief Security Architect, Micro Focus | NetIQ

    Maher Shomali, Partner, Thomsen & Burke LLP
    Randy Sabett, Cooley, LLP
    Lisa Angelo, Attorney, Cyber Law & Insurance
  • ISSA Thought Leadership Series: Cybersecurity Heroes Aren't Born...They're Made Recorded: Aug 22 2018 52 mins
    ISSA International
    Phishing continues to be one of the fastest growing and most malicious threats to the security of industries of every kind—from financial organizations to government contractors to healthcare firms. Today’s savvy phisher manages to evade even the most sophisticated technical safeguards through carefully planned, socially-engineered emails that are only getting more advanced.

    During this panel, we will discuss key findings from Wombat’s 2018 State of the Phish™ and 2018 Beyond the Phish® Reports. You will gain insight into current vulnerabilities, industry-specific phishing metrics, and emerging threats.

    This collection of data is taken from tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period; data compiled from nearly 85 million questions asked and answered inside the CyberStrength® Knowledge Assessments and interactive training modules, responses from quarterly surveys of InfoSec professionals; and an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors.

    We will also discuss best practices related to security awareness and training. Our panelists will highlight key components and common threads of some of the most successful programs, and help attendees identify ways to apply new techniques and increase the effectiveness of their own cybersecurity education initiatives.

    Jorge Orchilles, SANS Instructor

    Gretel Egan, Brand Communications Manager at Wombat, a division of Proofpoint
    Michael Levin, CEO & Founder, Center for Information Security
    Kurt Wescoe, Chief Architect, Wombat Security
  • ISSA Thought Leadership Series: The Definitive Need for Crypto-Agility Recorded: Aug 8 2018 64 mins
    ISSA International
    On the eve of quantum computing, the definitive need for crypto-agility is greater than ever. The ability to locate, manage, and securely update digital certificates on a network or on a device seems like a simple task, yet with the advent of new Enterprise use cases and flourishing IoT device introductions, management at massive scale becomes a challenge. Facing mounting pressures, IT security personnel and product managers are tasked with implementing solutions fit for today’s environment plus tomorrow’s post-quantum world. Join renowned Public Key Infrastructure (PKI) expert and Certified Security Solutions (CSS) CTO, Ted Shorter, as he outlines the defense against quantum computing and the IoT device invasion, crypto-agility:

    · How can crypto-agility lend itself to a truly future-proof Enterprise and IoT device security strategy?
    · Cryptographic kryptonite: demystifying quantum computing
    · Challenges with digital certificate/device management at scale


    Dr. Shawn Murray, Principal Scientist, US Missile Defense Agency & Director, ISSA International


    Ted Shorter, CTO, Certified Security Solutions (CSS)
    Michael Gardiner, Principal Architect, Gemalto
    Michele Mosca, Founder, Institute for Quantum Computing
    Mike Brown, CTO & Co-Founder, ISARA Corporation
  • ISSA International Series: Trials & Tribulations of Social Engineering Recorded: Jul 24 2018 121 mins
    ISSA International
    We all know about social engineering and phishing; but ‘Is it as simple as sending an email or asking for a click?’ probably not. As hackers and attacks evolve, they will go from simple tricks to very sophisticated attacks. So how do we know what these attacks will be? Simply, we can’t. So how can we detect the new attacks? This session will cover the state of the attacks and the directions they are taking. Ultimately, we will discuss strategies and how we can define the science that will evolve to thwart the evolving various attacks

    Moderated by: Pete Lindstrom, IDC


    Roger Grimes, Data-Driven Defense Evangelist, KnowBe4
    Andrew Lewman, Laxdaela Technology
    Ben Rothke, Senior Security Consultant, Nettitude
    Paul Williams, CEO, Clarity Consulting Corporation
  • ISSA Thought Leadership Series: Is DNS a Part of Your Cyber Security Strategy? Recorded: Jul 11 2018 58 mins
    Kurt Seifried, Cloud Security Alliance | Craig Sanderson, Infoblox | Joe St Sauver, Farsight Security
    Detecting malware, helping to prevent and disrupt command and control communication, ransomware and phishing attacks, being part of a data loss prevention program – DNS can help with this and much more, but are you leveraging it as part of your security controls and processes?

    DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware from spreading and executing.

    Join us for a discussion on this often overlooked topic and learn:

    - About the value of DNS as part of your cyber security strategy
    - How DNS can provide your SIEM with actionable intelligence
    - How DNS can add value to other security controls, such as
    vulnerability scanners and end point protection
  • ISSA International Series: Cloud Services and Enterprise Integrations Recorded: Jun 26 2018 124 mins
    Michael F. Angelo | Stephen Lipka, CISO and Consulant | Vince Campitelli | Mark Kadrich | Michelle Cobb, Skybox Security
    Securing cloud environments is a shared responsibility between your organization and your cloud service provider. But upholding your end of the bargain can be a challenge in these dynamic, complex environments — especially when dealing with a mix of physical networks and public and private clouds. In this webinar, we will discuss issues and strategies for handling Cloud Services and Enterprise Integrations. Amongst the topics covered we will attempt to address the issues of:

    - How do cloud services impact security implementations?

    - Who is responsible for defining security and how does one implement a security management program in an integrated enterprise cloud service environment?

    - What transitional issues may occur during your migration? How do you audit a cloud service?

    Register for the webinar to see the issues and benefits of handling cloud services and enterprise integration.
  • ISSA Thought Leadership Series: Making sense of Fileless Malware Recorded: Jun 13 2018 58 mins
    Debbie Christofferson, ISSA | Shimon N. Oren, Deep Instinct | Rob Boles, Blokworx
    Fileless malware attacks are steadily growing in recent years, both in absolute numbers and in their share of the threat landscape. Fileless attacks pose an increasing threat to organizations and a challenge for security vendors, due to the use of various non-executable file formats for infection, and the ability to conduct parts of the attack vector in-memory only. Cyber criminals are adopting fileless and memory-based attack techniques, which were once mostly used by nation-states. The panel will deal with the various differing definitions of fileless malware, overview some of the solutions and approaches taken by industry players in protecting from fileless threats, and discuss ideas and best practices for dealing with these threats.
  • ISSA International Series: Breach Report Analysis Recorded: May 22 2018 123 mins
    Matt Mosley | Patrick Cable | Paul Williams | Jay Jacobs | Laurance Dine
    It's everyone's favorite time of year. What will we learn from this
    year's breach reports? Join us as we review the latest data, look for
    lessons and trends, and help you understand what it all means. Our
    panel of experts will focus on how security professionals can learn
    from the data, and hopefully avoid becoming a statistic for next
    year's report.
  • Why Automation is Essential to Vulnerability Management Recorded: May 10 2018 62 mins
    John Donovan, ISSA | Ken Wilson, Skybox Security | Larry Ponemon, Ponemon Institute
    ISSA Thought Leadership Series

    Due to the volume of new vulnerabilities announced (14,000 new CVEs in 2017 alone), complex environments in which they exist and an increasingly well-equipped threat landscape, intelligent automation has never been more important to cyber risk reduction. In this panel discussion, we’ll examine where automation is needed to support a risk-focused vulnerability management program.

    Register to learn:

    · What data sources beyond vulnerability scanners are needed to automate vulnerability discovery in physical IT, multi–cloud and OT networks

    · How automation can help break down data silos between vendors, processes and teams

    · Why analytics–driven automation is needed to analyze vulnerabilities in the complete context of your attack surface

    · How automated analysis can identify best remediation options — and not just available patches

    Join the ISSA panel in a webinar that examines why automated solutions are no longer sufficient to counter the threat landscape, and how automated solutions can help build a holistic, proactive vulnerability management program
  • ISSA International Series: IoT/Mobile Security Recorded: Apr 24 2018 66 mins
    Hari Pendyala | S.A. Srinivasa Moorthy | Chris Rouland | Matthew Crouse
    The prolific outburst of IoT devices in our lives has become a boon or a curse. Boon as they make it easy to interact with "Things" and Curse as they make it easy for hackers to invade our privacy and breach security.

    Implementing Security in IoT devices is still after thought.This webinar looks at the challenges of securing IoT devices against threats and discusses about the options available to secure these devices.
  • ISSA International Series: Blockchain and other Mythical Technology Recorded: Mar 27 2018 123 mins
    Mark Kadrich | James Grundvig, Myntum Ltd. | Peter Linder | Brian Russell, Leidos
    We will be examining blockchain technology and its proliferation in our data security architectures. Our speakers will discuss their experiences with BC technology, how it’s working today, plans for taking advantage of it in the future, and possible technical issues that may affect its long term efficacy.
  • ISSA Thought Leadership Series: Security Awareness Strategies Recorded: Mar 21 2018 62 mins
    Jack Koziol, InfoSec Institute | Robb Reck, Ping Identity | Marnie Wilking, Orion Health | Michael Towers, Allergan
    Beating Hackers at Their Own Game: Security Awareness Strategies That Work

    If 2017’s explosion of cybersecurity breaches taught us anything, it’s that our workforces, more than ever, are one of our most critical defenses. But with as much as 30% of employees unable to spot a phishing email, how do you keep hackers from hijacking your data? The seemingly obvious answer is security awareness training. Unfortunately, many security education programs today fail to sufficiently change employees’ security attitudes, skills and behaviors -- providing a false sense of protection and safety. Even worse, 48% of companies do not have an employee security education program.

    If your New Year’s infosec resolutions include launching a security awareness initiative, or reviving an existing one, what better way to guarantee results than to learn from pros who have been in your shoes. Join our expert panel as they share:

    ● Their most effective security awareness strategies to improve your organization’s security posture

    ● Proven methods to get employees to take security seriously (before a breach occurs)

    ● Security awareness program pitfalls to avoid and biggest lessons learned

    ● Predictions on what will cyber attacks will look like in the next couple years and what you should do in your security awareness program today to prepare
  • ISSA International Series: Privacy vs. Security Recorded: Feb 27 2018 121 mins
    Pete Lindstrom, IDC | Randy Sabett, Cooley LLP | Mathieu Gorge, Vigitrust | Brad Keller, Prevalent | Jim Jaeger, Arete
    We are all concerned about Privacy. Every day there we hear about multiple PII breach announcements. Our current solution – lets create laws to require announcements and levy fines to encourage proper activities and protections. With GDPR looming on the horizon, as the most recent and perhaps the most comprehensive regulation yet, we find ourselves wondering if others will adopt similar regulations. If so, do we as security professionals need to be concerned about our ability to perform forensic analysis, and gather information outside of our realm of direct influence to identifier a hacker? Do elements of GDPR create a situation in which hunting for a hacker might violate their privacy rights? In the end will companies still be able to monitor and protect their assets as they do today, or will it require a change? This webinar will provide insight into the Privacy vs Security Debate.
  • ISSA Thought Leadership Series: A Cure for the Common SOC Recorded: Feb 14 2018 55 mins
    Candy Alexander, CISSP, CISM | Rocky DeStefano, JASK | Vince Campitelli II
    With cybersecurity concerns escalating, organizations of all sizes have scrambled to boost budgets, hire talent and improve security operations – all in the hopes of catching up with and defeating a sophisticated and nearly-invisible enemy. But in this rush to build the SOC according to perceived industry best practices, have we truly optimized our human, technological and procedural resources? Or are we all SOC, and no action? If we took a moment to regroup and build the whole system again from scratch, would it be better than the SOC we’ve reached today by throwing resources at the problem? And if so, where did we go wrong – and how do we course correct? Join a panel of experts to discuss their visions of the perfect SOC and its top priorities while exploring how it can be evolved to achieve them.
  • ISSA International Series: 2017 Year in Review & Predictions for 2018 Recorded: Jan 23 2018 121 mins
    Keyaan Williams - ISSA, Kim Jones - Arizona State University, Jedidiah Bracy - IAPP, Shivaun Albright - HP
    2017 was a horrendous year in cyber security every month was filled with major breaches, hacks, and attacks surfacing. The nature and range of the attacks varied from email hacking to recently announced vulnerabilities being exploited, from minor incursions to (potentially) everyone’s financial history being stolen. 2017 will probably go down as the worst year for Cyber Security with all the previous year’s events having been far surpassed. Even our doom and gloom or same old same old predictions of last year have been blown away. The question now, will 2018 bear the full weight and impact of the events of 2017, or will it have its own harrowing events. Will the growing impact and occurrences spotlight security and translate in terms of media and regulatory attention? What kinds of threats will dominate the 2018 landscape?

    Join us, make notes, and then check back in a year to see how our panel of experts did in providing insight and making predictions for the 2018 challenges to InfoSec.
Developing and Connecting Cybersecurity Leaders Globally
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: ISSA International Series: Breach Report Analysis
  • Live at: May 22 2018 4:00 pm
  • Presented by: Matt Mosley | Patrick Cable | Paul Williams | Jay Jacobs | Laurance Dine
  • From:
Your email has been sent.
or close