Hi [[ session.user.profile.firstName ]]

The Life and Times of the Cybersecurity Professional 2021

ISSA/ESG’s annual research study “The Life and Times of the Cyber Security Professional “is full of valuable information, but only if you know how to use it. We will review pain-points identified by cybersecurity professionals and offer suggestions to use the data to educate the business, build a value proposition and justification for budgeting, training, and professional development time.
Live online Jun 24 5:00 pm UTC
or after on demand 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Candy Alexander, ISSA International President and Jon Oltsik, Senior Principal Analyst and ESG Fellow
Presentation preview: The Life and Times of the Cybersecurity Professional 2021

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Latest DDoS Trends and the rise and rise of ransom-driven attacks Aug 18 2021 5:00 pm UTC 60 mins
    Vivek Ganti, Product Marketing Manager at Cloudflare
    DDoS attacks have dominated the charts in terms of frequency, sophistication, and geo-distribution over the last year. Ransom DDoS attacks are also surging, crippling organizations' network infrastructure and taking them offline while demanding ransom in bitcoin. Unlike ransomware attacks, these ransom DDoS attacks do not even require the hacker to access an organization’s internal systems before they can be carried out.

    There are no signs of DDoS attacks going away anytime soon. How do organizations ensure that their Internet assets are protected against threats of any size or kind?

    In this webinar, you’ll learn about:

    * Key Q2 2021 DDoS attack trends
    * Ransom DDoS threats — and what you can do if you are affected
    * Steps organizations can take to make the impact of DDoS attacks a thing of the past
  • Defend your financial services organization against sophisticated fraud Aug 11 2021 5:00 pm UTC 60 mins
    Carl Mosby III and Shehzad Shahbuddin with Shape Security
    In financial services, keeping gross fraud loss in check is critical to the brand and the bottom line. Unfortunately, financial services institutions are lucrative targets for organized crime rings and the tools that enable cybercriminals are becoming more sophisticated and less expensive. You need the latest intelligence if you want to protect your organization.

    Join this session to learn:

    • New threats from organized crime rings related to the credential marketplace landscape.
    • Insights and evidence around how criminal organizations are increasingly reverting to manual (i.e., human-driven) fraud methods, and how to stop them.
    • The latest machine learning algorithms trained by attack profile, risk surface, and historical fraud records that specifically protect banks, credit unions, and other financial institutions.
  • Why Breach and Attack Has Become a Foundational Security Tool Aug 10 2021 5:00 pm UTC 60 mins
    From “Hype” to “Critical” Why Breach and Attack Has Become a Foundational Security Tool

    Join us as we discuss why Breach and Attack Simulation (BAS) has quickly ascended into the limelight in 2021. With both Gartner and IDC’s recent publications pointing to BAS as a critical tool to enable a successful security strategy, we’ll discuss how this technology is helping security teams drive business impact and reduce overall risk by validating security controls, identifying and prioritizing threats by risk to the business, and operationalizing threat intelligence efforts.
  • Protecting Data and Enabling the Workforce in a Post-Pandemic World Jul 14 2021 5:00 pm UTC 60 mins
    Samuel Shiflett - Sales Engineer
    Enterprises were already well on their way to digital and network transformation when the pandemic hit in 2020. COVID accelerated the cloud journey and transformation, demonstrating where legacy approaches fell short. Making sense of SASE, its components, and the network delivering these services has companies scrambling as they attempt to enable a modern workforce that's in the office, at home, and around the world. Join Netskope as we discuss the building blocks of SASE and how you can safely enable your organization's transformation and ensure the effectiveness and productivity of your modern workforce.
  • Zero Trust and the New Normal of Cybersecurity Jun 30 2021 5:00 pm UTC 60 mins
    Doug McKillip, Solutions Architect, A10 Networks and Babur Nawaz Khan, Product Marketing, A10 Networks
    2020 was an eventful year for cybersecurity, with an unprecedented rise in cyberattacks. Many organizations were caught off guard as the pandemic accelerated and dictated the need for remote work and education. However, the accelerated move to everything cloud has left many wondering about the future, whether their on-premises investments have been rendered obsolete or if the “new normal” would only rely on cloud-only solutions.

    The pandemic has also highlighted the need for fool-proof Zero Trust implementations to enhance the security of networks against modern cyberattacks, whether they are initiated from the outside or within. However, with most internet traffic encrypted, it is becoming increasingly difficult to effectively implement a Zero Trust approach.

    In this webinar, we will discuss:
    * What the “new normal” of cybersecurity might look like in a post-pandemic world
    * What role will Zero Trust play in the future of cybersecurity
    * Why effective decryption is essential for a fool-proof Zero Trust implementation
  • The Life and Times of the Cybersecurity Professional 2021 Jun 24 2021 5:00 pm UTC 60 mins
    Candy Alexander, ISSA International President and Jon Oltsik, Senior Principal Analyst and ESG Fellow
    ISSA/ESG’s annual research study “The Life and Times of the Cyber Security Professional “is full of valuable information, but only if you know how to use it. We will review pain-points identified by cybersecurity professionals and offer suggestions to use the data to educate the business, build a value proposition and justification for budgeting, training, and professional development time.
  • Cybersecurity Asset Management Trends 2021 Recorded: Jun 16 2021 48 mins
    Noah Simon, Director of Product Marketing at Axonius and Jake Munroe, Product Marketing Manager at Axonius
    Cybersecurity Asset Management Trends 2021: The pandemic’s impact on cybersecurity and priorities for the future

    Last year’s overnight shift to remote work drove rapid changes in security and IT priorities — resulting in more challenges than ever before.

    Now, as teams prepare for a post-pandemic “new normal”, IT and security teams are facing fresh obstacles.

    Axonius partnered with Enterprise Strategy Group (ESG) for a global survey of IT and cybersecurity professionals to explore how the pandemic impacted IT complexity, and what security initiatives teams are prioritizing post-pandemic.

    Register now for Cybersecurity Asset Management Trends 2021: The pandemic’s impact on cybersecurity and priorities for the future on June 16 at 1:00 p.m. E.T. Noah Simon and Jake Munroe of Axonius will dive into the survey’s findings to share key insights and takeaways from security leaders and practitioners worldwide, including:
    72% of respondents report increased complexity over the past two years.
    55% cite increased remote workers as the top cause of complexity (compared to only 22% last year)
    87% say the pandemic has accelerated cloud infrastructure adoption
    82% plan to increase investment in asset inventory
  • Why Privacy (usually) Needs Anonymity Recorded: Jun 15 2021 60 mins
    George Rosamond
    Privacy finally earned its legitimate place in the world of the technology despite years of being dismissed as the domain of the paranoid or the guilty. But strong privacy often requires what some consider its nefarious sibling, anonymity. Is collecting so much identifying data about users really critical to security? This presentation will approach how strong privacy enhancing technologies should also be appreciating the necessity of anonymity, or at least pseudonymity, in their design.
  • Is your enterprise MFA solution effective? Recorded: Jun 9 2021 60 mins
    Dan Hall, Principal Product Manager, Akamai
    MFA is critical to reducing risk in the enterprise. But not all MFA factors are equally effective. Join us as we discuss how attackers are taking advantage of weaknesses in the most popular MFA factor. We will review a strong authentication factor based on the FIDO2 standards, which presents its own challenges in balancing security against cost and productivity. Finally, we will introduce a modern authentication factor and service tailored to your business model and needs that delivers a secure, cost effective and low friction solution.

    What you will learn:
    • Why the most popular MFA factor should worry a security professional
    • The advantages of a strong authentication factor based on FIDO2
    • The Risk Management challenge: security vs cost & productivity
    • How to solve the Risk Management challenge with a modern authentication factor
  • Data Privacy: A World of Opportunities Recorded: Jun 3 2021 60 mins
    Shivangi Nadkarni
    The session will cover:
    • What really is Data Privacy – and how is it different from Data Security
    • Implementing Data Privacy in organizations
    • Opportunities in the domain of Data Privacy
  • Going Multicloud: Managing identities and privileges risk in AWS and Azure Recorded: May 19 2021 55 mins
    Or Priel, VP Product Management
    Midsize and large organizations are moving rapidly to multi cloud, with 75% adopting a multi and/or hybrid cloud strategy by this year [Gartner].
    With a whopping 75% of cloud security expected to result from inadequate management of identities, access, and privileges by 2023 [Gartner], how do you protect your multi cloud infrastructure -- and organization -- from inappropriate access and privileges risk? The challenge is compounded by different approaches to managing permissions and privileges from one public cloud to the next.
    Join Ermetic’s Or Priel, VP Product Management, for insight into how AWS and Azure handle identities, permissions and resources and how to manage identities and privileges risk in both environments. We will cover:
    - Azure’s RBAC vs AWS’s IAM roles and policies
    - Strategies for enforcing least privilege
    - Governing access and protecting sensitive resources
    - Using automation and analytics to mitigate risks across clouds
  • Secure Multi-Party Computations Recorded: May 18 2021 61 mins
    Dan Bogdanov
    Secure multi-party computation is a cryptographic technology for running a computation on the confidential inputs of two or more parties so that nobody learns the inputs of others. To simplify, it is a kind of a distributed computer that can process data without seeing it. This has applications in protecting sensitive data such as cryptographic keys, personal data or business secrets. The benefit of the technology is greatest when multiple organisation wish to collaborate, but find themselves unable to share the data.

    MPC Alliance (https://www.mpcalliance.org) is an industry union of companies building key management solutions, virtual HSMs, privacy-preserving statistics, ML and AI systems for finance, healthcare and public sector. In the talk, we'll talk of the technology, its applications in security and privacy, with example use cases.
  • How to Get Your People, Processes and Technology Ready for CMMC Certification Recorded: May 13 2021 62 mins
    Rick Lemieux and Steve Torino
    The Cybersecurity Maturity Model Certification (CMMC) is a new DoD requirement for implementing cybersecurity risk management across the many supply chain companies that make up the defense industrial base (DIB). Eligibility for future DoD contract awards will require the CMMC certification. Supply chain company chief legal officers, compliance officers, and senior leadership are responsible for understanding and enforcing the new DoD security regulatory requirements and compliance standards within their respective organizations and ensuring these current and future business risks are mitigated to improve cybersecurity in the DoD supply chain.

    Why Attend?
    Small, medium, and even some large defense contractors, suppliers, universities, and research labs, which make up most of the DIB supply chain, are among the nation’s most vulnerable and face the highest risk of data exfiltration. Many organizations have not made the required information protection investments, do not have the necessary cybersecurity skills or maturity, and do not perceive themselves as likely targets. The old honor system relying on self-accreditation for supply chain risk management simply wasn’t working. In this interactive session and demonstration, you can meet the industry experts and ask questions to help you get started preparing for CMMC certifications.

    * Special Offer:
    For each person who registers AND attends the webinar, they will receive a FREE itSM Solutions NCSP Awareness Training Voucher worth $99
  • Security Shouldn't be a Secret. Why Transparency Matters Recorded: May 12 2021 57 mins
    Wayne Haber, director of engineering at GitLab
    Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security.

    In this webinar, we will be talking about how transparency practices can lead to improved security. With transparency being one of our core values at GitLab, we will talk about the processes we have implemented to maintain our security stance while operating with the highest possible public transparency and how you can apply them to your enterprise to achieve increased security and transparency.
  • Life of a CISO Recorded: May 11 2021 49 mins
    Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
    In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress..

    The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
  • Cybersecurity Compliance in 2021 Recorded: May 6 2021 61 mins
    Martha V. Daniel. Founder, President and CEO Information Management Resources
    Managing Cyber threats requires complete visibility to effectively make intelligent decisions about cyber threats. Cybersecurity compliance requirements are forcing Corporate Risk Managers to become more engaged with determining corporate cyber posture. With the most recent rollout of the mandatory Cybersecurity Maturity Model Certification (CMMC) for all Department of Defense (DOD) suppliers, it won’t be long before the commercial marketplace adopts a similar requirement. Increasing cyberattacks, lack of cybersecurity professionals, and mandatory cyber certifications are coming soon. These new regulatory requirements will force adoption of the NIST, ISO and GDPR frameworks. With more MSSPs and SOCs surfacing around the nations, CISOs will be re-evaluating inhouse vs outsourcing of cyber security services. Join in the discussion to learn more about these new compliance regulations and trends.
  • The Cost of Cloud Compromise and Shadow IT Recorded: May 5 2021 61 mins
    Larry Ponemon, Ponemon Institute and Itir Clarke, Proofpoint
    With the increased use of SaaS applications, cloud account takeover and Shadow IT present an increasing security risk to organizations. As the network perimeter is replaced by a user-defined security perimeter, it becomes critical to evaluate access controls, threat detection and data security in the cloud. So how can you better protect your company?

    Join us for this special webinar with experts from Proofpoint and Ponemon Institute. They will discuss the findings of the newly conducted research among IT and security professionals to determine the risk and cost of cloud account takeovers and Shadow IT.
    In this session, we’ll cover:
    • The state of cloud usage in organizations
    • Security risks and practices to secure the cloud
    • Cloud compromises and the end user risk
    • The cost of compromised cloud accounts
  • Standardize and Automate Security Compliance in Public Sector Agencies Recorded: Apr 21 2021 60 mins
    Sameer Kamani. Senior DevOps Solutions Architect, Public Sector
    Federal agencies are improving their cybersecurity posture to some degree, particularly as they develop better basic cyber hygiene and modernize their legacy systems. At the same time, hackers are getting better at finding new ways to attack and access federal IT. Yet certain pain points remain, particularly around managing compliance and achieving Authority to Operate (ATO) while implementing the Risk Management Framework (RMF) principles.
    This session will discuss current challenges faced in dealing with emerging threats, securing a more remote workforce and sharing strategies for staying ahead of adversaries.
    • Building efficiencies in your existing Risk Management Framework

    • Automating the implementation of security control to achieve a continuous Authority to Operate process
    • Hearing how your peers are implementing new ways to expedite compliance and audit lifecycles
  • Taking Responsibility for Someone Else's Code Recorded: Apr 20 2021 59 mins
    Serge Egelman
    Taking Responsibility for Someone Else's Code: Studying the Privacy Behaviors of Mobile Apps at Scale

    Modern software development has embraced the concept of "code reuse," which is the practice of relying on third-party code to avoid "reinventing the wheel" (and rightly so). While this practice saves developers time and effort, it also creates liabilities: the resulting app may behave in ways that the app developer does not anticipate. This can cause very serious issues for privacy compliance: while an app developer did not write all of the code in their app, they are nonetheless responsible for it. In this talk, I will present research that my group has conducted to automatically examine the privacy behaviors of mobile apps vis-à-vis their compliance with privacy regulations. Using analysis tools that we developed and commercialized (as AppCensus, Inc.), we have performed dynamic analysis on hundreds of thousands of the most popular Android apps to examine what data they access, with whom they share it, and how these practices comport with various privacy regulations, app privacy policies, and platform policies. We find that while potential violations abound, many of the issues appear to be due to the (mis)use of third-party SDKs. I will provide an account of the most common types of violations that we observe and how app developers can better identify these issues prior to releasing their apps.
  • How to build in flexibility to create a more effective security strategy Recorded: Apr 14 2021 59 mins
    Ray Espinoza
    If the past year has taught us anything, it's that what we put on paper doesn't always pan out. Cybersecurity professionals know that a security strategy can quickly turn into projects with many twists, turns, roadblocks and surprises. We’ve invited two seasoned CISOs to get their take on how to navigate the challenges of making things happen in the day-to-day of this fast-paced industry, and how to build in flexibility for the unknown surprises along the way. Expect answers to questions like:

    - Can you plan an effective security strategy for the unknown?
    - What parts of planning do you have to get right to reduce issues during execution?
    - What tips have served you well in your career to stay on top of disruptions?
    - How do you keep your team motivated when blockers just keep coming?
Developing and Connecting Cybersecurity Leaders Globally
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Life and Times of the Cybersecurity Professional 2021
  • Live at: Jun 24 2021 5:00 pm
  • Presented by: Candy Alexander, ISSA International President and Jon Oltsik, Senior Principal Analyst and ESG Fellow
  • From:
Your email has been sent.
or close