Hi [[ session.user.profile.firstName ]]

The Persistent Pernicious Myths and Hidden Truths of Cybersecurity

IT implementors are made less successful due to ‘Technical Debt’. Cybersecurity suffers from ‘Myth Debt’, where the same untrue tropes are repeated and hold us back. It takes experience to recognize these myths, but worse still is they can mask the valuable truths that lie within the myth. These never-dying misunderstanding spread outside cybersecurity and falsely inform the IT and business leaders, making it harder still to stop bad things from happening.

So let’s poke some holes in some myths, pick some or all:
•Insider threat is the biggest worry
•Great Pen Tests mean excellent security
•Any attacker motivated enough can hack you easily
•Security training and education of devs will get us secure code and apps
•The cloud is secure. The cloud is insecure
•Encrypting everything makes for strong security
•Spending more on security makes security better
•Excellent endpoint security means we no longer have to worry about network or other security
•You can’t defend yourself against ransomware

Moderator:
Jorge Orchilles, SANS Certified Instructor

Speakers:
Greg Young, VP, Cybersecurity, Trend Micro
Zane Lackey, Co-Founder, Chief Security Officer, Signal Sciences
Dr. Cragin Shelton, DSc, CISSP
Recorded Nov 6 2019 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
ISSA International
Presentation preview: The Persistent Pernicious Myths and Hidden Truths of Cybersecurity

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • ISSA Thought Leadership Series: Dissecting Ransomware to Defeat Threat Actors Mar 11 2020 5:00 pm UTC 60 mins
    ISSA International
    In 2019, ransomware has caused significant disruption for hospitals, transportation, government agencies, and more. This flavor of malware is particularly vicious and shows no signs of slowing. The positive side, however, is that there is much to be learned from these attacks and ransomware actor profiling can help inform cyber security strategy.

    In this webinar, join subject matter experts as they conduct data driven analysis highlighting the evolution of ransomware from a technical perspective. They will examine high impact samples like REvil, TeslaCrypt, Locky, SimpleLocker, and provide practical advice to defenders.

    This webinar will cover:

    •A deep dive into the evolution of malware
    •Analysis of high impact malware samples
    •Practical takeaways for defenders

    Speaker:

    Tarik Saleh, Senior Security Engineer & Malware Researcher, DomainTools
  • Combating Business Email Compromise (BEC) & Email Account Compromise (EAC) Feb 19 2020 6:00 pm UTC 60 mins
    ISSA International
    Since 2016, Business Email Compromise (BEC) and Email Account Compromise (EAC) have become an exponentially increasing problem, costing organizations over $26 Billion in losses according to the FBI. These very targeted attacks utilize public research and social engineering to target an organization’s people and fraudulently obtain funds and valuable information. So how can you better protect your end users in 2020?

    Join us for our webinar to learn more about these BEC and EAC attacks and how you can effectively protect your organization's most valuable assets: your people and your data. In this session we'll share:
    •Techniques for preventing these cyber threats
    •A framework for understanding where potential gaps exist
    •What a people-centric approach looks like to better protect your company

    Moderator:
    Lee Neely, Senior IT and Cybersecurity Professional, LLNL

    Speakers:
    Tanner Luxner, Product Marketing Manager, Proofpoint
    Sue Bergamo, CIO & CISO, Episerver
  • ISSA International Series: 2019 - A Year in Review Recorded: Jan 28 2020 55 mins
    ISSA International
    As we head into a new year, we continue to anticipate new and complicated challenges around Cyber Security. This past year we continued to see major breaches, hacks, and attacks surfacing and that does not look to be slowing down. The nature and range of the attacks varied from email hacking to zero days, from minor incursions to (potentially) everyone’s data being stolen. 2019 will probably go down as the new worst year for Cyber Security with all the previous year’s events having been far surpassed. Even our doom and gloom or same old same old predictions of last year have been blown away. The question now, will 2020 bear the full weight and impact of the events of 2019, or will it have its own harrowing events. Will the growing impact and occurrences spotlight security and translate in terms of media and regulatory attention? What kinds of threats will dominate the 2020 landscape?

    Join us, make notes, and then check back in a year to see how our panel of experts did in providing insight and making predictions for the 2020 challenges to InfoSec.


    Moderator:
    James McQuiggan, Security Awareness Advocate, KnowBe4

    Speakers:
    Ira Winkler, Lead Security Principal, Trustwave
    Jim Reavis, CEO, Cloud Security Alliance
  • ISSA Thought Leadership Series: The Asset Management Resurgence Recorded: Jan 22 2020 59 mins
    ISSA International
    In the world of cybersecurity, asset management has been the boring sibling of more exciting things like threat hunting, deception, and automation. But the foundational challenges of understanding what devices, users, and cloud instances are in our environments have jumped to the top of CISOs priority lists. Despite the amazing tools we have in cybersecurity, teams still struggle to answer basic questions like: how many devices and cloud instances do I have, and are they secure?

    In this webinar, we’ll examine:
    •Why asset management has a bad reputation
    •What’s changed that has made security teams prioritize asset management for cybersecurity
    •The challenges around making sure all assets comply with security policies
    •Six essential questions you should know about every asset

    Moderator:
    David Vaughn, Director, ISSA International Board of Directors

    Speakers:

    Nathan Burke, Chief Marketing Officer, Axonius
    Brian Bethelmy, CISO, Mancon
  • Software-Defined Segmentation -Challenges of Accelerated Enterprise Recorded: Dec 11 2019 60 mins
    ISSA International
    Businesses have turned to IT for competitive differentiation. They demanded IT bring accelerated delivery, resource conservation and cost savings. IT has responded with DevOps/cloud-based models and practices that utilize automation, autoscaling and playbooks. With this speed comes increased risk, compliance concerns and has left IT staff wondering how they can gain visibility and segmentation across their entire heterogeneous environments easily, effectively and at this new speed of innovation. With the realization that traditional methods of segmentation like VLANs, cloud security groups and firewalls are not suitable for today’s rapidly changing enterprise environments enterprises have turned to software-defined segmentation.

    In this webinar come learn about how modern software-defined segmentation solutions:

    Start with visibility.
    Provide enterprises with easy ways to identify and label workloads.
    Provide easy to implement, granular enforcement that goes way beyond IP address and port but is able to lock down by process, user and domain.
    Enables DevOp automation, provisioning and management.
    Is decoupled from and works in an agnostic fashion across every enterprise platform.
    Provides unparalleled security while enabling compliance and ongoing compliance validation.

    Moderator:

    Robert Martin, Sr. Security Engineer, Cisco Systems, Inc.

    Speakers:

    Dave Klein, Senior Director, Engineering & Architecture, Guardicore
    Jonathan Fowler, CISO, Consilio
  • Building a People-Centric Cybersecurity Strategy for Healthcare Recorded: Dec 4 2019 56 mins
    ISSA International
    More than 99% of all targeted cyber-attacks rely on users to activate them. Nowadays, threat actors are not going after an organization's technology and infrastructure. They are going after your most valuable assets - your people and your data. So, do you know when or how your people are being targeted? Do you know who the most cyber-attacked people are in your organization? Are your Very Attacked People (VAPs) the same as your Very Important People (VIPs)?

    Join our cybersecurity experts for a deep dive into what the current healthcare threat landscape looks like, how a people-centric approach can help institutions identify and protect your end users, and the latest findings in healthcare threat research.

    In this session, we’ll share:
    •Why cybersecurity transformation is critical right now
    •What a people-centric approach means to today's healthcare threat landscape
    •How hospitals are leveraging a people-centric strategy to improve their security posture
    •How to better protect your patients' data and improve your end-users' safety

    Moderator:
    Lee Neely, Senior IT & Security Professional, LLNL

    Speakers:

    Ryan Witt, Managing Director, Healthcare Industry Practice, Proofpoint
    Barbara Guerin, CISO, Renown Health
    Andrew Seward, CISO, Solution Health System
  • “Cloud Data Security: Own Your Data Encryption Keys” Recorded: Nov 13 2019 61 mins
    ISSA International
    Numerous cloud trends, including storing sensitive data in cloud and the recognition that data security mandates also apply there, drive both cloud consumers and providers to endeavor to share the challenge of keeping data secure in the cloud. This webinar will explore trends and challenges in multicloud computing, introduce a cloud data security toolkit, including requirements to control cloud data encryption keys. From there we will explore a cloud provider case study: Salesforce Shield Platform Encryption and its newest and most secure key management feature: “Cached Keys”. The webinar will close with potential solutions to multicloud data encryption key management including Salesforce Cached Keys.

    Moderator:
    Tylen Cohen Wood, Private Consultant

    Speakers:
    Eric Wolff, Senior Product Marketing Manager, Thales
    Tuhin Kumar, Product Manager–Security, Salesforce
  • The Persistent Pernicious Myths and Hidden Truths of Cybersecurity Recorded: Nov 6 2019 62 mins
    ISSA International
    IT implementors are made less successful due to ‘Technical Debt’. Cybersecurity suffers from ‘Myth Debt’, where the same untrue tropes are repeated and hold us back. It takes experience to recognize these myths, but worse still is they can mask the valuable truths that lie within the myth. These never-dying misunderstanding spread outside cybersecurity and falsely inform the IT and business leaders, making it harder still to stop bad things from happening.

    So let’s poke some holes in some myths, pick some or all:
    •Insider threat is the biggest worry
    •Great Pen Tests mean excellent security
    •Any attacker motivated enough can hack you easily
    •Security training and education of devs will get us secure code and apps
    •The cloud is secure. The cloud is insecure
    •Encrypting everything makes for strong security
    •Spending more on security makes security better
    •Excellent endpoint security means we no longer have to worry about network or other security
    •You can’t defend yourself against ransomware

    Moderator:
    Jorge Orchilles, SANS Certified Instructor

    Speakers:
    Greg Young, VP, Cybersecurity, Trend Micro
    Zane Lackey, Co-Founder, Chief Security Officer, Signal Sciences
    Dr. Cragin Shelton, DSc, CISSP
  • ISSA International Series; Attack of the BotNets- Internet of Terror loT Recorded: Oct 22 2019 115 mins
    ISSA International
    Attacks on IoT have been dreaded for the past 5 years. 2020 is supposed to be the year that these attacks will be realized, or will they? Is this another Y2K scare, or will IoT become real?

    Moderator:
    Mark Kadrich, Principal, Kadrich InfoSec Consulting Services

    Speakers:
    Don Shin, Lead DDoS Defender Advocate, A10 Networks
    Ryan Leirvik, Principal, Cybersecurity Management Solutions Practice, GRIMM
    David Merritt, VP, Applied Cognitive Solutions
  • Top Five Ways to Identify Automated Attacks to Your Website and Mobile Apps Recorded: Oct 16 2019 60 mins
    ISSA International
    Automated bot attacks are becoming increasingly sophisticated as they learn to avoid detection and stay unidentified longer.
    Tune in for the live webinar on October 16 at 10 am PT as Ido Safruti, co-founder and CTO at PerimeterX and Deepak Patel, VP of Product Marketing at PerimeterX, highlight the top five ways to identify automated bot attacks to your website. We will also cover:
    •Real use cases - attacks that happened in the real world
    •Practical strategies for identifying automated attacks
    Best practices for addressing and blocking bot attacks
  • The 7 Deadly Sins of Insiders: Why They Become Threats Recorded: Oct 9 2019 60 mins
    ISSA International
    In this panel webinar, ObserveIT’s Head of Security, Chris Bush, will discuss the topic of the risk from insider threats. We will illuminate the seven common motives—also known as the seven deadly sins—that influence insider threats, and share best practices for defending against them. We will explore what makes insider threats so different from traditional external threats. We’ll also cover:
    •The seven most common motives for insider threats
    •How to detect & investigate insider threats efficiently and accurately
    •What to do about insider threats in your supply chain
    •How to fit insider threat protection into your broader security program
    •Legal and privacy concerns that often arise within insider threat programs

    Moderator:
    Ken Dunham, Senior Director, Technical Cyber Threat Intelligence, Optiv

    Speaker:
    Chris Bush, Head of Security, ObserveIT
  • ISSA International Series: New Trends in Security - Outsourcing and Other Tech Recorded: Sep 24 2019 82 mins
    ISSA International
    As deployment models evolve so does the need for our responses. With technology such as Cloud, containers, and rapid update deployment rolling out, what's going on with security?
  • Identities are the new security perimeter in a Zero trust world Recorded: Sep 18 2019 47 mins
    ISSA International
    In a recent Thales survey, two thirds of CISOs cited the increase in cloud service adoption, combined with a lack of strong security solutions, as the main reasons cloud services are the prime targets of attack. As organizations undergo digital and cloud transformation, CISOs and security officers are operating in a high stress environment caused by security, compliance and manageability challenges.
    In this presentation we’ll discuss how identities are becoming the new security perimeter in a zero trust world and present best practices for implementing an access management framework that can help organizations remain secure – and scale – in distributed networking environments.

    Moderator:

    Dipto Chakravarty, Chairman of Security, Privacy and Trust COE, IoT Community

    Speakers:
    Felice Flake, CEO ScySec, LLC
    Ashley Adams, Product Marketing Manager for Authentication and Access Management, Thales
  • ISSA Thought Leadership Series: Update on the latest cyber threats and trends Recorded: Sep 11 2019 60 mins
    ISSA International
    How protected are you from the latest types of DDoS attacks? Our new cyber threats report confirms that DDoS attacks continue to be an effective means of inflicting damage to brand and revenue.
    During this webinar we’ll provide an in-depth look at our latest findings:

    •Growth and complexity of attacks
    •Emerging new attack trends
    •How to protect your online presence from new and evolving DDoS attacks
    •Which cyber threats most concern senior IT security executives

    And much more.

    Register to attend our webinar to understand the latest developments in DDoS attacks and how to mitigate them.

    Moderator:

    Michael Levin, CEO/Founder, Center for Information Security Awareness

    Speakers:

    Bob Weiss, CEO, WyzCo Group Inc
    Michael Kaczmarek, VP Product Management, Neustar
  • ISSA International Series: Legislative Aspects Recorded: Aug 27 2019 114 mins
    ISSA International
    While GDPR and CCPA have been the focus for most professionals, legislation is not all about PII. Over the past year there have been numerous pieces of legislation and regulation drafted, which has been missed by most of us. With controls on export, technology use, IoT, consumer device security, and other things looming this is your chance to see what's going on.

    Moderator:
    Mathieu Gorge, Vigitrust

    Speakers:
    Ross Nodurft, Senior Director of Cybersecurity Services, Venable
    Harley Geiger, Director of Public Policy, Rapid7
    Paul Lanois, Director, Fieldfisher
  • ISSA Thought Leadership Series: Paving the Way to a Passwordless Future Recorded: Aug 21 2019 64 mins
    ISSA International
    It is increasingly apparent that authenticating only with username and password is no longer sufficient as stolen passwords are responsible for 81% of data breaches. And even though many organizations have implemented multi-factor authentication (MFA) through mobile push, or One Time Passwords (OTP) via SMS and mobile apps, these authentication techniques have been shown to be vulnerable to account takeovers.

    Attend this webinar to learn:

    * How WebAuthn, the new web authentication standard, is paving the way for a highly secure passwordless future
    * The key benefits of passwordless login for your employees, partners, and customers
    * Best practices for enterprise authentication

    Speaker:
    Abby Guha, Senior Director, Product Marketing, Yubico
  • ISSA Thought Leadership Series: Beyond the Phish - Snapshot of End User Behavior Recorded: Aug 14 2019 63 mins
    ISSA International
    Phishing is one of InfoSec's longstanding threats. But for cyber criminals, email is just one entry point of many. How can you better prepare you and other end users in your organization for cyber security threats beyond email-based social engineering?

    During this session, we will share results from the Proofpoint’s Beyond the Phish® Report, which examines end-user understanding of a broad range of cyber security topics and best practices. The report features analysis of data related to nearly 130 million cyber security questions and offers insights into employee knowledge levels across 14 categories, 16 industries, and more than 20 commonly used department classifications.

    We’ll share:

    - The importance of assessing and training end users about cyber security threats beyond email-based social engineering
    - The strengths and weaknesses among end users across 14 cyber security topics, highlighting how end-user knowledge levels vary across industries
    - A more holistic view of susceptibility by looking beyond knowledge assessments and training activities
    - How you can use this information to reduce the risk of successful cyber attacks within your organization

    Join our experts as we dive into the report and share best practices and pitfalls as we stimulate a stronger security culture.
  • ISSA International Series: Privacy- GDPR a Year Later Recorded: Jun 25 2019 103 mins
    ISSA International
    The first year is always the most critical as we wind our way through legislation with companies, courts, and people working to understand and adjust the rules. Well It has been one year since GDPR became active. In that time how many cases have been tried, fines levied, and what changes have been made?
  • ISSA Thought Leadership Series - Zero Trust: The Evolution of Perimeter Security Recorded: Jun 14 2019 58 mins
    ISSA International
    One key aspect of digital transformation for many companies has been the evolution and rise of the remote user. Application access from any device, anywhere has become an imperative for success, but with transformation comes challenges with attack surface and network vulnerability.

    Adopting a zero trust model is key to combat cybercriminals who are probing security perimeters and enterprise resources for vulnerabilities with a distinct purpose. Application access and identity is one of the key areas to begin.

    Join us on ……May 15th at 1pm EST for a discussion with Akamai security professional Faraz Siddiqui as he shares steps you can take to protect your network against breaches by evolving access policies and solutions.
  • ISSA Thought Leadership Series: Passwordless Authentication Recorded: Jun 12 2019 58 mins
    ISSA International
    Why passwords are a thin illusion of protection and what to do about it. Passwords have become nothing more than a thin illusion of protection. Human nature and human error are the weakest links in protecting organizations from cyberattacks and data breaches. Users choose poor passwords and then re-use them across multiple applications and systems, leaving them vulnerable to phishing and social engineering by bad actors. For years, users have been encouraged to create complex passwords and change them frequently.

    It is time to remove human error from the equation.

    The adoption of passwordless authentication protects against phishing attempts and minimizes the threat of stolen credentials. Passwordless technology generally combines: Multi-layered risk analysis that evaluates location, devices, access rights and typing sequences; Intricate yet convenient 2FA/MFA methods;
    Biometrics and hardware authentication keys

    Learn how passwordless authentication works and how it can help you increase security while reducing friction for your users.

    Speakers:
    Stephen Cox, Vice President and Chief Security Architect, SecureAuth
    Mike McKinzie, Solutions Advisor, Swivel Secure
Developing and Connecting Cybersecurity Leaders Globally
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Persistent Pernicious Myths and Hidden Truths of Cybersecurity
  • Live at: Nov 6 2019 6:00 pm
  • Presented by: ISSA International
  • From:
Your email has been sent.
or close