Hi [[ session.user.profile.firstName ]]

ISSA International Series: Trials & Tribulations of Social Engineering

We all know about social engineering and phishing; but ‘Is it as simple as sending an email or asking for a click?’ probably not. As hackers and attacks evolve, they will go from simple tricks to very sophisticated attacks. So how do we know what these attacks will be? Simply, we can’t. So how can we detect the new attacks? This session will cover the state of the attacks and the directions they are taking. Ultimately, we will discuss strategies and how we can define the science that will evolve to thwart the evolving various attacks

Moderated by: Pete Lindstrom, IDC


Roger Grimes, Data-Driven Defense Evangelist, KnowBe4
Andrew Lewman, Laxdaela Technology
Ben Rothke, Senior Security Consultant, Nettitude
Paul Williams, CEO, Clarity Consulting Corporation
Recorded Jul 24 2018 121 mins
Your place is confirmed,
we'll send you email reminders
Presented by
ISSA International
Presentation preview: ISSA International Series: Trials & Tribulations of Social Engineering

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How to Prevent Organizational Risk when Faced with Modern Multifaceted Attacks Jan 27 2021 6:00 pm UTC 60 mins
    Thom Bailey, Senior Director of Product Strategy
    In this session, Thom Bailey, senior director of product strategy at Mimecast, will explore the benefits of a consolidated cyber resilience platform to layer security, enhance visibility, and more effectively reduce mean time to remediate (MTTR). Attendees can expect to learn how to leverage an open API platform that uses shared threat intelligence to integrate with prevention, detection, and response technologies, and identify phishing emails with machine learning using real-life attacks to train and educate end users. With this knowledge session, attendees will gain an understanding of business risk with a Risk Score, comprised of aggregated data, to better gauge their organization’s security posture.

    5 Benefits of Attending Session:

    • Learn the benefits of a consolidated cyber resilience platform to layer your security, enhance visibility, and more effectively reduce time to respond/remediate (MTTR)
    • Leverage an open API platform that uses shared Threat Intelligence to integrate with the prevention, detection, and response technologies
    • Identify phishing emails with Machine Learning - and use real-life de-weaponized phishing attacks to both train and educate end-users
    • Understand and manage business risk with a Risk Score comprised of aggregated data to gauge the organization’s security posture
  • Pseudonymization vs. Encryption: Fight! Jan 19 2021 6:00 pm UTC 60 mins
    Patrick Walsh
    The user data you hold is now toxic -- meaning the penalties for losing control of that data are now potentially very costly. Technical measures must be taken to protect the privacy of that user data, which means you probably need to adopt a PET. But what PET is appropriate? Join us as we discuss the limits of pseudonymization and the landscape of encryption options available. We’ll examine a few well-known companies that are using encryption to make privacy a first-class part of their product by embracing end-to-end encryption and customer held encryption keys. We’ll also touch on encryption techniques like secure multi-party computation, homomorphic encryption, and transform cryptography.
  • A Birds Eye View for Crossing Borders in Cyber Security: Hiring or Relocating Jan 7 2021 6:00 pm UTC 60 mins
    ISSA International
    Three women leaders will share their experience in relocating and hiring across borders, their insights on key success factors, how to prepare for, locate and mine opportunities, and how to mesh your own goals with the job market and organizational needs. We will also gain a perspective on what a go-forward plan would include in today’s climate.
  • Life of a CISO Jan 5 2021 5:00 pm UTC 60 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
  • User-Centric Privacy: Designing Effective Protections that Meet Users' Needs Dec 17 2020 6:00 pm UTC 60 mins
    Florian Schaub, CIPP/US, CIPT Assistant Professor, University of Michigan School of Information.
    Privacy engineering aims to respect and protect user privacy. In order to ensure that privacy protections actually meet people’s privacy needs it is important to understand those needs, concerns and expectations and build privacy into systems with a user-centric perspective. This session will draw on the speaker's research regarding privacy notices and controls online, on smartphones and with smart speakers to discuss how and why privacy controls are often misaligned with user needs and how we can design privacy for users instead of past them. It will also examine how user studies can inform the design of user-centric privacy protections to more effectively meet user needs, as well as benefit companies.
  • 2021 Trends Dec 16 2020 6:00 pm UTC 60 mins
    Peter Kilmek & Brian Anderson
    With digital disruptions increasing on a global scale, 2020 saw organizations reprioritizing their security requirements. Now more than ever security professionals need to be innovative in their approach as current projects shift and change without notice. With no foreseeable end to pandemic’s global impact, we anticipate sophisticated security threats to increase in volume and severity well into 2021.

    Join us in a discussion of three key trends we see coming in 2021:

    •The changing and evolving workplace causing unknown vulnerabilities
    •Security’s role in your cloud transformation process
    •Protecting your data and all paths to it
  • Using the NIST Cybersecurity Framework to Align your Organization’s Risk Dec 15 2020 6:00 pm UTC 60 mins
    Patrick von Schlag, President, Deep Creek Center, Inc.
    All organizations are concerned about cybersecurity risk and its impact on their business. This is especially true in the context of digital business strategy and how effectively the organization can manage its risk profile as their business models continue to adapt to meet changing conditions. In this session we will discuss using the NIST Cybersecurity Framework as a vehicle to identify, prioritize, and execute your cybersecurity risk management program, and introduce a roadmap to help you plan your assessments and actions. Whether you are a small- or medium-sized business or a global enterprise, this approach can help better align cybersecurity into your overall organizational risk management program and provide a vehicle to help you build the adaptive culture you’ll need to sustain success.
  • Putting in place MFA and good access security to protect against ransomware Dec 9 2020 6:00 pm UTC 60 mins
    ISSA International
    Ransomware attacks targeting enterprises in a variety of sectors have skyrocketed during the first half of 2020. Criminals are taking advantage of our reliance on digital communications and remote working for sinister purposes. As a result, most of the ransomware incidents can be attributed to a limited number of intrusion vectors, with the top three being badly secured remote desktop protocol (RDP) endpoints, email phishing, and the exploitation of zero-day VPN vulnerabilities. Join us in this session to understand how weak credentials and lack of access security exposes your organization to RDP and VPN-based ransomware attacks and hear from Thales experts on how you can protect against them.
  • Zero-Trust from Aspirational to Overdue Dec 8 2020 6:00 pm UTC 60 mins
    John Checco
    Globally, firms face a dynamic cybersecurity threat landscape. To combat new threats to remote workers, many firms have reacted with point products to secure their new perimeter. However, this has resulted in increased costs, marginalized impact, and lower ROI.
    In order to achieve true resiliency, firms need to rethink their approach and adopt a holistic Zero Trust model that is long-term and cost-effective.
    Join our panel of experts on Dec. 8th at 10 am PT as they explore the new Zero Trust security paradigm. In this session, they’ll cover:

    •What Zero Trust is and what it isn't
    •Why firms are rapidly adopting this model
    •Where change will be most effective, most disruptive, and most challenging
  • Future proof your Cloud Security & Governance strategy and be prepared for 2021 Dec 3 2020 6:00 pm UTC 60 mins
    Malini Rao - Global Head of Cybersecurity & GRC Operations
    As many organization are going digital as part of digital transformation strategy, businesses and organizations need to be more strategic with their security controls. Market forces continue to push organization to rapid and comprehensive digital transformation, accelerating the use of technologies such as the cloud and agile and increasing exposure to the many inherent security issues.

    According to IDC, the pandemic has impacted the long-term cloud strategy of many organizations, causing an accelerated move to cloud. Due to the sudden shift and adoption of going digital and work from anywhere due to COVID-19 pandemic (the new normal), businesses have had a short time to reflect and reassess their cloud strategy, how security fits in the picture and how they can ensure that remote workers and their devices are protected and have the security they need to keep their organizations safe and comply with compliance requirements and regulations. As more than half the global economy turns digital by 2023, a new species of enterprise will be required to compete and thrive. IDC 2020 predictions show that enterprises will prepare for the digitized economy by accelerating investments in key technologies and new operating models to become hyper speed, hyperscaled, and hyperconnected organizations.

    With more assets and data moving to the cloud, cybercriminals are geared up and equipped to target the organizations moving their critical data to cloud. We will discuss lessons learnt from 2020 and top tips to reduce your attack surface in the cloud and future-proof your cloud security strategy for 2021 so you are well prepared and have cloud security as your top priority for 2021.

    A strong cloud security and Governance strategy will help ensure organizations can take advantage of cloud environment benefits at the same time ensure that the attack surface is reduced and have the risk appetite and mitigation strategy well planned for cloud risks.
  • Life of a CISO - Defending A Compromised Network Dec 3 2020 4:00 pm UTC 60 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    Here’s the hard truth: if you haven’t detected an attack/compromise in the last 12 months, it is NOT because it’s not happening – it’s because you’re not looking in the right places.

    According to Dr. Eric Cole, Founder and CEO of Secure Anchor, a compromise in your network is inevitable – if it isn’t already happening now, it will soon. Given that 100% security simply doesn’t exist, what can you do to control and minimize the damage from attacks?

    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress.

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • The Rise of Zero Trust in the Digital Era Dec 2 2020 6:00 pm UTC 60 mins
    Dave Taku. Director Product Management, RSA Identity & Access Assurance
    Almost a decade since “Zero Trust” emerged as an approach to network security, the buzz around it is stronger than it has ever been. Zero Trust rejects the outdated idea that everything inside the internal network is safe, while everything outside it is unsafe.

    The recent rise of Zero Trust suggests the time has come to completely rethink how we define trust in considering how to secure critical data and resources. But why is Zero Trust in particular gaining traction now? And is it really the best way to ensure effective security today? To answer these questions, join this session with Dave Taku.
  • Integrating Data Privacy and Brand Protection into your Cybersecurity Recorded: Nov 19 2020 29 mins
    Alex Nette, President, Hive Systems
    Cybersecurity is about how we protect our information, but do we ever stop to ask ourselves what we’re protecting and why? Your company likely collects customer, employee and proprietary information, so the responsibility to protect the data and respond in the event of a cybercrime is yours. This isn’t a big company problem.

    Data privacy issues and data breaches happen to small and mid-sized businesses all the time and can put your company’s reputation and ability to do business at risk.

    This 30-minute live discussion led by Alex Nette, one of the leading cybersecurity experts for small-medium businesses, takes you through a critical examination of your business practices with respect to data privacy and brand protection.
    - Do you really need to be collecting all this information?
    - Do you understand your risk points?
    - Are you in compliance with privacy laws (GDPR, CCPA) and cybersecurity best practices?
    - What if something goes wrong?

    Alex wants every business to benefit from the same strategy and tactics that large enterprises employ. In this webinar, he draws on years of experience in protecting critical data to share a perspective on how to look at your data practices and where to start.

    Alex Nette
    Alex started Hive Systems as he felt that every company deserves big business cybersecurity, even when they have small or medium business budgets. He brings executive level expertise in the establishment and continuous improvement of cybersecurity programs and applies his work from various cybersecurity disciplines in a holistic approach that prioritizes organization’s operations. Alex has provided cybersecurity consulting to the public sector for federal, state, and local agencies, and in the private sector for a wide variety of industry segments.
  • Reshaping Your SOC Team in the Wake of Remote Work Recorded: Nov 19 2020 62 mins
    Jason Mical
    High-performing SOCs are aligned with organizational needs and deliver actionable business value, but leaders need to have sufficient talent, tools and technology in place to be successful. Analyst burnout continues to be a challenge in the industry. According to the Devo SOC Performance Report 78% of personnel say that working in the SOC is painful. CISOs have a responsibility to reduce the stress and pain that come with working in a SOC to ultimately improve retention and effectiveness.

    Join this webinar and hear industry experts discuss strategies to:
    •Identify common areas of analyst turnover and burnout
    •Share recommendations for improving the culture of the SOC
    •Learn measurements to validate improvements in SOC effectiveness
  • Securing Your Digital Future: Merging Mobile and Security Strategies Recorded: Nov 18 2020 55 mins
    Steve Banda | Senior Manager, Security Solutions, Lookout
    Mobile devices, apps, networks, and cloud services are all interconnected and complex to manage, let alone, secure. Yet in today’s world of remote workers, organizations are tasked with the challenge of making mobile simple, secure, and scalable for all employees. With mobile devices at the intersection of our personal and professional, we need on-demand access to work resources as well as the immediate flexibility to manage our personal tasks. Security is essential but privacy must be respected.

    This session demonstrates how mobile management and security strategies are merging to satisfy the requirements of a mobile-first world. We will cover how managed and unmanaged devices – app security, malware, phishing and content protection, identity management, and security intelligence services – integrate to make it easier to scale device and platform deployment, while gaining visibility and remediating today’s advanced mobile threats.
  • Why Securing Cloud Based Email Requires a Different Approach Recorded: Nov 18 2020 41 mins
    Michael Landewe, Cofounder at Avanan
    The Evolution Beyond Secure Email Gateways - is here.

    Email gateways including Proofpoint, Mimecast, and Barracuda were designed to protect on-premises email servers, but when you moved your email to the cloud, it revealed five vulnerabilities that continue to expose your users to attacks.

    It's why companies are switching from gateway vendors. Come learn how the migration to Office 365 and Gmail necessitated an evolution in how to secure cloud email, and why Secure Email Gateways are not the right answer.
  • Deceiving the Attacker Recorded: Nov 17 2020 56 mins
    Diana Kelley | Chris Roberts | Christina Fowler
    When it comes to deception technology, the industry is evolving beyond simple honeypots to a more automated, scalable, and effective approach.

    Join this episode of The (Security) Balancing Act to discover how deception technology can be used by organizations to detect, investigate and respond to malicious intruders. How does deceiving the attacker save your company and buy you time?

    During this episode, we'll go over:
    - What is deception technology and what does it help with?
    - How does it work? (e.g. Deception decoys, lures, honeytokens, traps, grids)
    - Is your organization ready to adopt deception?
    - What do you need to do before you buy the technology / build it in-house?
    - Key benefits of using deception for threat hunting
    - What else can deception be used for?
    - Deception use cases
    - The role of AI in deception (e.g. dynamic deception)

    - Chris Roberts, vCISO, Researcher, Hacker, Consultant, Devils Advocate
    - Christina Fowler, Chief Cyber Intel Strategist at MITRE Corporation

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Supply Chain Fraud- A Critical Vector in Email Fraud Attacks Recorded: Nov 11 2020 60 mins
    ISSA International
    Among various types of business email compromise (BEC) and email account compromise (EAC) attacks, supply chain fraud often accounts for the biggest financial losses. These types of threats leverage both impersonation and account compromise and are often used jointly in the same attack. So how can you better protect your company and your end users?

    Join our experts for a webinar on how to identify and gain visibility to these cyber threats to reduce your supply chain risk.

    In this session we'll talk about:
    •The BEC/EAC variants
    •Real life examples of supply chain fraud attacks
    •How to address email scams from supply chain
  • Lessons from a global transformation initiative for emerging leaders Recorded: Nov 5 2020 57 mins
    Wendy Ng. Head of IT Strategy at Experian
    In 2019 and 2020, Wendy Ng had the privilege of being a subject matter expert for Experian’s DevSecOps transformation program.

    DevSecOps describes a set of practices that speed up quality software development by encouraging collaboration between the previously separate disciplines of software development, security and IT operations. In this presentation, Wendy will share some of the lessons learned and behaviors that supported the transformation initiative, which may also help you in your leadership journey.
  • Using Jupyter Notebooks for Repeatable Investigation Automation Recorded: Nov 4 2020 57 mins
    Chad Anderson, Senior Security Researcher, DomainTools
    Given the current economic climate and scrutinized security budgets as a result of COVID-19, security teams are finding it more difficult to fill gaps in their threat intelligence collection requirements, therefore limiting their potential effectiveness and efficiency.

    This leaves analysts asking themselves questions like: if I’m starting an investigation from a single or list of indicators, how can I move faster and act as a force multiplier on my team? The resounding answer from seasoned security professionals is automation. In this webinar, join subject matter experts to learn how to harness the power of automation, use open source tools and data sources to build Jupyter Notebook playbooks, and effectively collaborate with team members.

    In this webinar you will learn:
    •The value of using automation in your investigations
    •Practical strategies for collecting information on indicators
    •How to take advantage of pre-existing Jupyter Notebooks playbooks
Developing and Connecting Cybersecurity Leaders Globally
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: ISSA International Series: Trials & Tribulations of Social Engineering
  • Live at: Jul 24 2018 4:00 pm
  • Presented by: ISSA International
  • From:
Your email has been sent.
or close