Hi [[ session.user.profile.firstName ]]

ISSA International Series: Supply Chain Security - Shifting Left

As Systems continue to be assaulted by hackers, we often wonder why and how they succeed. You have heard it said that they succeed because we have flaws in our cyber supply chain, but what is the cyber supply chain? We know it includes the software and (with recent news ) the hardware. But the chain can even include the environment (power grid, facilities, etc) and ultimately the people.

Michael Angelo, Chief Security Architect, Micro Focus | NetIQ


Thomas Fischer, Security Advocate and Threat Researcher
James McQuiggan, Security Awareness Advocate, KnowBe4
Recorded Mar 3 2020 116 mins
Your place is confirmed,
we'll send you email reminders
Presented by
ISSA International
Presentation preview: ISSA International Series: Supply Chain Security - Shifting Left

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Mid-Market Threat Intelligence May 20 2020 5:00 pm UTC 60 mins
    ISSA International
    The global threat landscape is changing. Mid-market enterprises are facing the same threats as larger ones. Attackers are no longer exclusively focused on high-value intellectual property of the assets of billion-dollar corporations; any organization handling sensitive information has become an inviting target for hackers to exploit.
    This interactive webinar will cover:
    • Current cyberattacks most threatening to mid-market enterprises. Companies are prone to cyberthreats from hackers who are trying to steal private information or gain access to your networks. With a remote workforce, vulnerable isolated employees may be especially unsuspecting.
    • Getting cutting-edge expertise without hiring in-house. With a 30% shortage in staffing of cybersecurity talent, there’s a trend that can greatly impact mid-market companies that don’t have the resources to compete for that talent.
    • Assessing & training your employees. Employee sophistication is a huge piece of the cybersecurity puzzle. Regularly testing your staff’s sophistication and ability to detect threats themselves, your company will become much more resilient.
    • Developing & testing an emergency response plan. The best strategies & tools for prevention can only do so much to prepare you for the inevitable: an attack will be attempted against your company. It’s a matter of when, not if. You need to have a plan that’s been vetted and tested for every possible outcome.
    • How Can You Fund These Efforts? The most efficient way to get started on filling these gaps in your own cybersecurity strategy is by streamlining your budget in other areas. Enabling money savings in your IT program can help to fund more robust and critical cybersecurity efforts and partnerships with knowledge experts.
    • Getting Started With Your Updated Cybersecurity Plan. Getting the security of a fortune 100 company on a mid-market budget. Configuring solutions, design and adapt your approach and make the best policy decisions for your company.
  • Trends and Statistics for Mobile Phishing in the Enterprise May 13 2020 5:00 pm UTC 60 mins
    ISSA International
    Your employees work differently now; often using their own devices to access enterprise data from home, airports, shopping malls, and the local coffee shop. Employees working outside of their corporate perimeters, coupled with the shift to cloud-based services, opens a whole new door of vulnerabilities that organizations need to consider. Namely, phishing threats.

    Learn how evolving phishing threats can leave your corporate data unprotected, and how to address this common yet largely undetected issue.

    Attendees will learn:
    •Why is phishing a bigger problem on mobile
    •How big a concern mobile phishing is to your organization
    •Examples of phishing attacks targeting mobile users
    •How can you stop mobile phishing attacks in your organization

    Chris Hazelton, Director of Product Marketing, Lookout
  • ISSA Thought Leadership Series: Empowering the Modern SOC May 6 2020 5:00 pm UTC 60 mins
    ISSA International
    Force Multiplying Analysts by Orchestrating Threat Intelligence

    It's harder than ever before for analysts to keep up. The nature of today's operating environment has resulted in an ever-increasing volume of alerts paired with a growing complexity and scale of subsequent investigations. In this talk we will be discussing in depth what this means in the daily life of analysts, and how imperative it is to force multiply them to enable quicker and more effective response. We will explore the key role of operationalized threat intelligence, and why (and how) orchestrating it alongside SOC processes and technology can enable organizations be more effective when detecting and responding to threats.


    Sean Ennis, Product Manager, RSA
    Iain Davison, Security Architect & Technical Director of Strategic Alliances & OEM, ThreatConnect
  • ISSA Thought Leadership Series: Proofpoint State of the Phish 2020 Apr 8 2020 5:00 pm UTC 60 mins
    ISSA International
    Cyber criminals are taking a people-centric approach to phishing attacks. Is your organization taking a people-centric approach to phishing prevention? The sixth annual State of the Phish again delivers critical, actionable insights into the current state of the phishing threat, including:

    The end-user awareness and knowledge gaps that could be negatively impacting your cybersecurity defenses.
    The impacts infosec professionals are experiencing as a result of phishing attacks and the ways they’re attempting to combat these threats
    How organizations are delivering phishing awareness training, and the ways they measure program success

    3,500+ technology user insights: Results of a third-party survey of more than 3,500 working adults across seven countries—the United States, Australia, France, Germany, Japan, Spain and the United Kingdom—provide a global perspective on the cybersecurity awareness levels of the average end-user.

    A survey of more than 600 IT security professionals: Proofpoint surveyed IT security professionals from the same seven countries. They shared insights about what they’re experiencing within their organizations, how they are responding to attacks and the steps they’re taking to improve security postures.

    Nearly 50 million simulated phishing emails: Proofpoint compiled and analyzed data from nearly 50 million simulated phishing emails sent to end-users over a one-year period via its cloud-based Security Education Platform.

    More than 9 million reported emails: Proofpoint logged more than 9 million emails reported by their customers’ end users over a 12-month span.

    Robert Martin, Sr. Security Engineer, Cisco Systems, Inc.

    Gretel Egan, Security Awareness Training Strategist, Proofpoint
    Paige Yeater, Director of Information Security Program Management, Mainstay Technologies
    Steve Sanders, Vice President, Internal Audit, CSI
  • ISSA Thought Leadership Series: Dissecting Ransomware to Defeat Threat Actors Recorded: Mar 11 2020 61 mins
    ISSA International
    In 2019, ransomware has caused significant disruption for hospitals, transportation, government agencies, and more. This flavor of malware is particularly vicious and shows no signs of slowing. The positive side, however, is that there is much to be learned from these attacks and ransomware actor profiling can help inform cyber security strategy.

    In this webinar, join subject matter experts as they conduct data driven analysis highlighting the evolution of ransomware from a technical perspective. They will examine high impact samples like REvil, TeslaCrypt, Locky, SimpleLocker, and provide practical advice to defenders.

    This webinar will cover:

    •A deep dive into the evolution of malware
    •Analysis of high impact malware samples
    •Practical takeaways for defenders

    Tim Mackey, Principal Security Strategist, Synopsys CyRC

    Tony Buenger, Cybersecurity Manager & Deputy CISO, Auburn University
    Tarik Saleh, Senior Security Engineer & Malware Researcher, DomainTools
  • ISSA International Series: Supply Chain Security - Shifting Left Recorded: Mar 3 2020 116 mins
    ISSA International
    As Systems continue to be assaulted by hackers, we often wonder why and how they succeed. You have heard it said that they succeed because we have flaws in our cyber supply chain, but what is the cyber supply chain? We know it includes the software and (with recent news ) the hardware. But the chain can even include the environment (power grid, facilities, etc) and ultimately the people.

    Michael Angelo, Chief Security Architect, Micro Focus | NetIQ


    Thomas Fischer, Security Advocate and Threat Researcher
    James McQuiggan, Security Awareness Advocate, KnowBe4
  • Combating Business Email Compromise (BEC) & Email Account Compromise (EAC) Recorded: Feb 19 2020 59 mins
    ISSA International
    Since 2016, Business Email Compromise (BEC) and Email Account Compromise (EAC) have become an exponentially increasing problem, costing organizations over $26 Billion in losses according to the FBI. These very targeted attacks utilize public research and social engineering to target an organization’s people and fraudulently obtain funds and valuable information. So how can you better protect your end users in 2020?

    Join us for our webinar to learn more about these BEC and EAC attacks and how you can effectively protect your organization's most valuable assets: your people and your data. In this session we'll share:
    •Techniques for preventing these cyber threats
    •A framework for understanding where potential gaps exist
    •What a people-centric approach looks like to better protect your company

    Lee Neely, Senior IT and Cybersecurity Professional, LLNL

    Tanner Luxner, Product Marketing Manager, Proofpoint
    Sue Bergamo, CIO & CISO, Episerver
  • ISSA International Series: 2019 - A Year in Review Recorded: Jan 28 2020 55 mins
    ISSA International
    As we head into a new year, we continue to anticipate new and complicated challenges around Cyber Security. This past year we continued to see major breaches, hacks, and attacks surfacing and that does not look to be slowing down. The nature and range of the attacks varied from email hacking to zero days, from minor incursions to (potentially) everyone’s data being stolen. 2019 will probably go down as the new worst year for Cyber Security with all the previous year’s events having been far surpassed. Even our doom and gloom or same old same old predictions of last year have been blown away. The question now, will 2020 bear the full weight and impact of the events of 2019, or will it have its own harrowing events. Will the growing impact and occurrences spotlight security and translate in terms of media and regulatory attention? What kinds of threats will dominate the 2020 landscape?

    Join us, make notes, and then check back in a year to see how our panel of experts did in providing insight and making predictions for the 2020 challenges to InfoSec.

    James McQuiggan, Security Awareness Advocate, KnowBe4

    Ira Winkler, Lead Security Principal, Trustwave
    Jim Reavis, CEO, Cloud Security Alliance
  • ISSA Thought Leadership Series: The Asset Management Resurgence Recorded: Jan 22 2020 59 mins
    ISSA International
    In the world of cybersecurity, asset management has been the boring sibling of more exciting things like threat hunting, deception, and automation. But the foundational challenges of understanding what devices, users, and cloud instances are in our environments have jumped to the top of CISOs priority lists. Despite the amazing tools we have in cybersecurity, teams still struggle to answer basic questions like: how many devices and cloud instances do I have, and are they secure?

    In this webinar, we’ll examine:
    •Why asset management has a bad reputation
    •What’s changed that has made security teams prioritize asset management for cybersecurity
    •The challenges around making sure all assets comply with security policies
    •Six essential questions you should know about every asset

    David Vaughn, Director, ISSA International Board of Directors


    Nathan Burke, Chief Marketing Officer, Axonius
    Brian Bethelmy, CISO, Mancon
  • Software-Defined Segmentation -Challenges of Accelerated Enterprise Recorded: Dec 11 2019 60 mins
    ISSA International
    Businesses have turned to IT for competitive differentiation. They demanded IT bring accelerated delivery, resource conservation and cost savings. IT has responded with DevOps/cloud-based models and practices that utilize automation, autoscaling and playbooks. With this speed comes increased risk, compliance concerns and has left IT staff wondering how they can gain visibility and segmentation across their entire heterogeneous environments easily, effectively and at this new speed of innovation. With the realization that traditional methods of segmentation like VLANs, cloud security groups and firewalls are not suitable for today’s rapidly changing enterprise environments enterprises have turned to software-defined segmentation.

    In this webinar come learn about how modern software-defined segmentation solutions:

    Start with visibility.
    Provide enterprises with easy ways to identify and label workloads.
    Provide easy to implement, granular enforcement that goes way beyond IP address and port but is able to lock down by process, user and domain.
    Enables DevOp automation, provisioning and management.
    Is decoupled from and works in an agnostic fashion across every enterprise platform.
    Provides unparalleled security while enabling compliance and ongoing compliance validation.


    Robert Martin, Sr. Security Engineer, Cisco Systems, Inc.


    Dave Klein, Senior Director, Engineering & Architecture, Guardicore
    Jonathan Fowler, CISO, Consilio
  • Building a People-Centric Cybersecurity Strategy for Healthcare Recorded: Dec 4 2019 56 mins
    ISSA International
    More than 99% of all targeted cyber-attacks rely on users to activate them. Nowadays, threat actors are not going after an organization's technology and infrastructure. They are going after your most valuable assets - your people and your data. So, do you know when or how your people are being targeted? Do you know who the most cyber-attacked people are in your organization? Are your Very Attacked People (VAPs) the same as your Very Important People (VIPs)?

    Join our cybersecurity experts for a deep dive into what the current healthcare threat landscape looks like, how a people-centric approach can help institutions identify and protect your end users, and the latest findings in healthcare threat research.

    In this session, we’ll share:
    •Why cybersecurity transformation is critical right now
    •What a people-centric approach means to today's healthcare threat landscape
    •How hospitals are leveraging a people-centric strategy to improve their security posture
    •How to better protect your patients' data and improve your end-users' safety

    Lee Neely, Senior IT & Security Professional, LLNL


    Ryan Witt, Managing Director, Healthcare Industry Practice, Proofpoint
    Barbara Guerin, CISO, Renown Health
    Andrew Seward, CISO, Solution Health System
  • “Cloud Data Security: Own Your Data Encryption Keys” Recorded: Nov 13 2019 61 mins
    ISSA International
    Numerous cloud trends, including storing sensitive data in cloud and the recognition that data security mandates also apply there, drive both cloud consumers and providers to endeavor to share the challenge of keeping data secure in the cloud. This webinar will explore trends and challenges in multicloud computing, introduce a cloud data security toolkit, including requirements to control cloud data encryption keys. From there we will explore a cloud provider case study: Salesforce Shield Platform Encryption and its newest and most secure key management feature: “Cached Keys”. The webinar will close with potential solutions to multicloud data encryption key management including Salesforce Cached Keys.

    Tylen Cohen Wood, Private Consultant

    Eric Wolff, Senior Product Marketing Manager, Thales
    Tuhin Kumar, Product Manager–Security, Salesforce
  • The Persistent Pernicious Myths and Hidden Truths of Cybersecurity Recorded: Nov 6 2019 62 mins
    ISSA International
    IT implementors are made less successful due to ‘Technical Debt’. Cybersecurity suffers from ‘Myth Debt’, where the same untrue tropes are repeated and hold us back. It takes experience to recognize these myths, but worse still is they can mask the valuable truths that lie within the myth. These never-dying misunderstanding spread outside cybersecurity and falsely inform the IT and business leaders, making it harder still to stop bad things from happening.

    So let’s poke some holes in some myths, pick some or all:
    •Insider threat is the biggest worry
    •Great Pen Tests mean excellent security
    •Any attacker motivated enough can hack you easily
    •Security training and education of devs will get us secure code and apps
    •The cloud is secure. The cloud is insecure
    •Encrypting everything makes for strong security
    •Spending more on security makes security better
    •Excellent endpoint security means we no longer have to worry about network or other security
    •You can’t defend yourself against ransomware

    Jorge Orchilles, SANS Certified Instructor

    Greg Young, VP, Cybersecurity, Trend Micro
    Zane Lackey, Co-Founder, Chief Security Officer, Signal Sciences
    Dr. Cragin Shelton, DSc, CISSP
  • ISSA International Series; Attack of the BotNets- Internet of Terror loT Recorded: Oct 22 2019 115 mins
    ISSA International
    Attacks on IoT have been dreaded for the past 5 years. 2020 is supposed to be the year that these attacks will be realized, or will they? Is this another Y2K scare, or will IoT become real?

    Mark Kadrich, Principal, Kadrich InfoSec Consulting Services

    Don Shin, Lead DDoS Defender Advocate, A10 Networks
    Ryan Leirvik, Principal, Cybersecurity Management Solutions Practice, GRIMM
    David Merritt, VP, Applied Cognitive Solutions
  • Top Five Ways to Identify Automated Attacks to Your Website and Mobile Apps Recorded: Oct 16 2019 60 mins
    ISSA International
    Automated bot attacks are becoming increasingly sophisticated as they learn to avoid detection and stay unidentified longer.
    Tune in for the live webinar on October 16 at 10 am PT as Ido Safruti, co-founder and CTO at PerimeterX and Deepak Patel, VP of Product Marketing at PerimeterX, highlight the top five ways to identify automated bot attacks to your website. We will also cover:
    •Real use cases - attacks that happened in the real world
    •Practical strategies for identifying automated attacks
    Best practices for addressing and blocking bot attacks
  • The 7 Deadly Sins of Insiders: Why They Become Threats Recorded: Oct 9 2019 60 mins
    ISSA International
    In this panel webinar, ObserveIT’s Head of Security, Chris Bush, will discuss the topic of the risk from insider threats. We will illuminate the seven common motives—also known as the seven deadly sins—that influence insider threats, and share best practices for defending against them. We will explore what makes insider threats so different from traditional external threats. We’ll also cover:
    •The seven most common motives for insider threats
    •How to detect & investigate insider threats efficiently and accurately
    •What to do about insider threats in your supply chain
    •How to fit insider threat protection into your broader security program
    •Legal and privacy concerns that often arise within insider threat programs

    Ken Dunham, Senior Director, Technical Cyber Threat Intelligence, Optiv

    Chris Bush, Head of Security, ObserveIT
  • ISSA International Series: New Trends in Security - Outsourcing and Other Tech Recorded: Sep 24 2019 82 mins
    ISSA International
    As deployment models evolve so does the need for our responses. With technology such as Cloud, containers, and rapid update deployment rolling out, what's going on with security?
  • Identities are the new security perimeter in a Zero trust world Recorded: Sep 18 2019 47 mins
    ISSA International
    In a recent Thales survey, two thirds of CISOs cited the increase in cloud service adoption, combined with a lack of strong security solutions, as the main reasons cloud services are the prime targets of attack. As organizations undergo digital and cloud transformation, CISOs and security officers are operating in a high stress environment caused by security, compliance and manageability challenges.
    In this presentation we’ll discuss how identities are becoming the new security perimeter in a zero trust world and present best practices for implementing an access management framework that can help organizations remain secure – and scale – in distributed networking environments.


    Dipto Chakravarty, Chairman of Security, Privacy and Trust COE, IoT Community

    Felice Flake, CEO ScySec, LLC
    Ashley Adams, Product Marketing Manager for Authentication and Access Management, Thales
  • ISSA Thought Leadership Series: Update on the latest cyber threats and trends Recorded: Sep 11 2019 60 mins
    ISSA International
    How protected are you from the latest types of DDoS attacks? Our new cyber threats report confirms that DDoS attacks continue to be an effective means of inflicting damage to brand and revenue.
    During this webinar we’ll provide an in-depth look at our latest findings:

    •Growth and complexity of attacks
    •Emerging new attack trends
    •How to protect your online presence from new and evolving DDoS attacks
    •Which cyber threats most concern senior IT security executives

    And much more.

    Register to attend our webinar to understand the latest developments in DDoS attacks and how to mitigate them.


    Michael Levin, CEO/Founder, Center for Information Security Awareness


    Bob Weiss, CEO, WyzCo Group Inc
    Michael Kaczmarek, VP Product Management, Neustar
  • ISSA International Series: Legislative Aspects Recorded: Aug 27 2019 114 mins
    ISSA International
    While GDPR and CCPA have been the focus for most professionals, legislation is not all about PII. Over the past year there have been numerous pieces of legislation and regulation drafted, which has been missed by most of us. With controls on export, technology use, IoT, consumer device security, and other things looming this is your chance to see what's going on.

    Mathieu Gorge, Vigitrust

    Ross Nodurft, Senior Director of Cybersecurity Services, Venable
    Harley Geiger, Director of Public Policy, Rapid7
    Paul Lanois, Director, Fieldfisher
Developing and Connecting Cybersecurity Leaders Globally
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: ISSA International Series: Supply Chain Security - Shifting Left
  • Live at: Mar 3 2020 5:00 pm
  • Presented by: ISSA International
  • From:
Your email has been sent.
or close