Name: Shrink the Attack Surface
Start: 2022-11-02T17:00:00Z
End: 2022-11-02T17:59:09.000Z
Location: BrightTALK
Rating: 4.2

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

AppSec programs have long relied on a traditional approach, using gates, reviews, and scanning tools to achieve security and compliance. But a new era is here that calls for securing modern cloud apps, SaaS, DevOps infrastructure, and the rapidly changing environments that surround them. Many organizations struggle to shed the traditional model, delaying the reframing of AppSec that is required to both ensure modern application security and integrity and keep up with the ever-increasing velocity the business demands.
 
What does it take to adopt a modern AppSec approach within today’s budget realities? It starts with gaining visibility and business context within rapidly changing development environments and ensuring limited resources are applied to the highest risk issues. Seeing the whole picture allows for effective security prioritization and remediation, partnerships with security champions, drives accountability and allows teams to do more with the same budget.
 
Join us to hear from Jason Chan, ex-CISO of Netflix, and Legit Security CTO Liav Caspi, to learn:
• How to obtain real-time visibility and security posture awareness over rapidly changing applications and development environments.
• How to gain valuable security context to cut through the noise and prioritize efficiently.
• Methods to identify security tool redundancies and leverage existing scanners to save cost and maximize value
• How developer engagement techniques such as security champion programs, paved roads, and security metrics can improve security and AppSec productivity.

Reframing Application Security for Modern Apps and Tighter Budgets

The last two decades have seen massive change in the IT landscape: We’ve seen workloads shift from the datacenter to the cloud, applications move from the desktop to mobile devices, and an increase in the frequency and sophistication of attacks to the point where it's not if you’ll get breached but when. Yet, the process we use for locking down access to our most sensitive systems — privileged access management (PAM) — has not fundamentally changed. 
Is there a better way to approach PAM? Join this session to learn how you can: 
• Leverage just in time orchestration to remove attack surfaces 
• Dynamically delegate just-enough access according to use case. 
• Enable administrators to do their jobs without jumping through hoops. 
• Limit the spread of malware.

PAM: We’ve Been Doing It All Wrong

The session will focus on the recent trends emerging from the data protection ecosystem in Africa. It will look at the laws, the regulators, the progress that has been made in the last decade, the challenges, and recommendations.

Emerging trends in data protection in Africa

Data Security Posture Management (DSPM) is the first step towards closing the data security execution gap. Born in the cloud companies like WalkMe can especially benefit from DSPM. Hear from Dror Zilberman, Senior Security Engineer at WalkMe, about why they invested in DSPM, their experience implementing Laminar and the outcomes they’ve achieved. Andy Smith, CMO of Laminar, will talk about how DSPM helps companies leverage data democratization for innovation without adding undue data security risk. 
What you will learn:
• What is DSPM and why it’s needed now
• Why WalkMe invested in DSPM and Laminar
• What benefits has WalkMe achieved by implementing DSPM

How WalkMe Keeps Data Secure with Data Security Posture Management

A cybersecurity intern program is a 12 week series, that requires the cybersecurity interns to be higher education students currently taking courses in Virginia.  The Commonwealth Cyber Initiative (CCI) awarded Brian Ngac and his research colleague, Nirup Menon, a $100K Grant for a Cyber Security Experiential Learning effort. This grant was based on Brian's past performance and experience in conducting Experiential Learning activities in the areas of Cyber Security and Business Process Improvement with high-performing students, Industry Participants, and Real Projects since the Spring 2018 semester at George Mason University. In this talk, Brian will introduce the Experiential Learning Program and its needs including two 12-student cohorts, multiple industry participants, and 8 project solicitations. Brian will also inform the audience of his Cyber and Business Process Improvement Experiential Learning course and how industry can participate in the following semesters.

Cyber Experiential Learning: Projects with Students & Industry Partners

Data is moving faster and at higher volumes than ever before. With so much being communicated, the need for tighter cybersecurity is at an all-time high. Encryption is one of the top tools cyber experts use to secure their systems, with crypto agile encryption helping to enhance data protection as it’s on the move. 

Together with quantum computing, crypto agile encryption’s automation capabilities are game changers in the movement toward enhanced data protection. To help leaders better understand how these work together, quantum and data security experts QuintessenceLabs' Vice President of EMEA Gilles Trachsel and PKWARE’s APAC Regional Sales Director Matt Mackender will co-host a joint webinar on February 23, 2023. 

They will explore the following:
- What is crypto agility?
- How can you adopt crypto agility into your cybersecurity strategy? 
- How can you better protect data on the move? 

Don’t miss your chance to ask questions and learn from the best as they pave the way for a post-quantum world. Sign up today!

Crypto Agile Encryption, Wherever Your Data Moves

With the Sephora decision in 2022, the California Attorney General threw down the gauntlet and let companies know that ignoring clear consumer signals will not be tolerated. While Do Not Track/Do Not Target (DNT) failed, the Global Privacy Control (GPC) will have the force of law. This session will discuss the history of consumer preference signals, the technology behind the new GPC, and the regulations driving adoption. As new state privacy laws are enacted in the US, understanding GPC will become critical to your company's success.

Listen to me! Global Privacy Control (GPC) and Consumer Preference

RapidAscents cybersecurity training program is at no out of pocket cost to learners. The 15-week DoL Registered Apprenticeship training program is in-depth and role-based from basics to job role simulated exercises, developed by leading practitioners in the space who have decades of experience in industry. Our training is supported by multiple grants one of which is the Department of Commerce to train entry level cybersecurity professionals. The RapidAscent team was selected for these grants due to our extensive background in cybersecurity.  Our team has a combined experience of 25 years in corporate related cybersecurity skills. Our extensive experiences allows us to understand the needs of the learner as well as the company.

In this presentation, our team will introduce the DoL Registered Apprenticeship approach as well as share how ISSA-COS and RapidAsecent are working with the Colorado Springs Community both to increase mentoring and support the development of entry level cybersecurity professionals respectively.

We will walk through how we effectively partner with universities, industries, and other organizations related to ISSA to create a high quality turnkey apprenticeship programs.  Will discuss different models for partnering that may benefit different ISSA Chapters and the greater community.

Developing Successful Mentoring and Apprenticeship Programs

The 360 degree leader methodology has been used in businesses to determine the influence of  an leadership in organizations from various roles. In this talk, Tanisha discusses how a 360 degree model can be applied to cyber security leadership and business practices to improve workflow and efficiency. She will provide examples of how to implement strategies that are beneficial and will improve productivity.

360 Degree Cyber Security Leadership

In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress..  The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.

Life of a CISO

President Biden’s Executive Order on U.S. Signals Intelligence Activities for EU-U.S. Data Transfers: Is it Adequate for the EU? 

Since the EU-U.S. Privacy Shield data privacy/protection compliance framework for EU-U.S. personal data transfers/access/data flows was declared invalid by the Court of Justice of the European Union (CJEU) in its Schrems II decision in July 2020, GDPR compliance has been in turmoil and much more difficult for U.S. companies, especially small and medium sized companies.  But a few weeks ago in October 2022, and over 2 years after the Schrems II ruling, President Biden’s new Executive Order (EO) creating the EU-U.S. Data Privacy Framework has given over 6,000 previously U.S. Privacy Shield certified companies hope that their EU-U.S. Personal Data Flows compliance may finally be streamlined once again and achieve legal adequacy under the EU/EEA/Swiss/UK General Data Protection Regulation(s)(GDPR).  
 
The Biden EO is designed to resolve European legal concerns regarding use of U.S. based service providers resulting from U.S. intelligence agencies’ potential access to EU-U.S. transfers of EU personal data following the Schrems II decision.  In response to Schrems II there has been a non-stop parade of European legal determinations ranging from recommended supplemental security measures to prevent U.S. law enforcement access to European personal data to declaring complete illegality of using certain U.S. service providers, to findings that use of U.S. service providers does not inherently violate the GDPR. The whiplash of European legal developments has resulted in much frustration and fear that EU-U.S. data flows will be stifled impairing bilateral EU-U.S. trade in services which amounted to over 500 billion Euros in 2021.

President Biden’s Executive Order on U.S. Signals Intelligence Activities

In science we observe, listen and record the activities of the environment and beyond. There is intense curiosity to understand how things work, how they behave and how each interaction can affect every player in that interaction. Some of the great accomplishments out of this curiosity is ensuring a longer, healthier life for humans, monitoring health conditions, predicting the weather, monitoring climate  change, providing medicine to cure diseases, alleviating aches and pains, and providing clean water 
for our basic needs. Science informs public policy and personal decisions on energy, conservation, agriculture,  health, transportation, communication, defence, economics, leisure, and exploration. Why 
not privacy? In this webinar, Roy Biakpara will be juxtaposing privacy with how science works,  - particularly from the perspective of observation, investigation and recording - testing logic and findings with evidence.

The Science of Privacy

Digital resilience against modern malware, ransomware and DDoS attacks has become a big concern for organizations of every size. Zero Trust strategies leveraging traffic visibility and DDoS protection can help prevent or eliminate the business impact of these types. 

Most internet traffic is encrypted today, threat actors are using encryption to hide their attacks. Organizations must rely on TLS/SSL decryption to create a secure decrypt zone as a foundation for a strong Zero Trust strategy to thwart malware incubation as a start. Secondly, other solutions can protect against the effect of external malware powered botnets with effective DDoS mitigation and threat intelligence defenses.  Paul Nicholson, senior director of product marketing at A10 Networks will explore this research backed webinar.

You will learn:
• The threat landscape trends for malware, botnet, and DDoS attacks and the motives behind them
• Techniques to stop encrypted traffic, application, and DDoS attacks in a hybrid cloud setting
• The role of artificial intelligence and automation in a proactive defense strategy

Mitigating Malware and DDoS with Zero Trust Technologies

Early talent or someone looking for a career in Cybersecurity needs to know where to start and how to prepare themselves to get their initial breakthrough. On the contrary, we also need enterprise organizations to have an open mindset to take risks or even allocate time to hire someone without any job experience and make time to provide the expertise on the job to get diverse ideas and talent into their teams.

In this session we will discuss how NextGen provides a platform for candidates to be trained and help identify opportunities for internship, apprenticeship or full time job opportunities with the enterprise organization.

NextGen Program and Opportunities for career in Cyber Security

This session will start with an introduction about what Cyber Resilience is and it is an essential capability to have in your organization. Our speakers will focus on one of the found goals of a cyber resilient enterprise: recover. They will cover what it’s like when your first gate of protection has already been broken through and you are trying to survive. The intruders are already in your network and have even compromised your Active Directory forest. The use case -from real life events- will touch base as well on other Cyber Resilience goals like the ability to withstand the attack and then evolve your organization with the right layers of resilience at hand.
The session is brought to you by ISSA Cyber Resilience SIG and the sponsor is Semperis.

Cyber Resilience Lessons – Reconstituting Active Directory From Ground Up

LinkedIn is a tool just like any other in the cyber professional’s toolbelt, however, for many, it’s only seen as a platform for OSINT or a place to regurgitate your resume in times of unemployment. Yet it can be so much more. My talk will focus on using skills cybersecurity professionals use every day to not only improve your personal profile page but to also thoughtfully craft and grow your professional network on LinkedIn in a strategic way. Together, these tools can better set the stage for future professional opportunities

Hacking LinkedIn Networking (The people skill, not the tech skill)

Let’s Talk Wicked Privacy. Integrating Privacy by Design and Privacy Engineering.

Cybersecurity and Privacy are becoming more intertwined and as a result how we approach the management of data whether from a privacy or IT perspective has to change.  Privacy Engineering  helps us to define each of our roles and responsibilities in this new privacy/ security paradigm by teaming with IT and operations to put in process gates or assessments to ensure privacy-related areas are considered in product development or project implementations.

This session focuses on a better approach to thinking about and managing privacy from an engineering privacy perspective.

Integrating Privacy by Design and Privacy Engineering

Discovering all of your assets — devices, cloud services, software and users — is essential to secure your organization's environment. But it can be a struggle to identify, manage, and control the complexity that comes with these environments. Without understanding what's happening and knowing what you assets you have, there's the potential risks with external threats, vulnerabilities, shadow IT, and cloud misconfigurations. 

So how can you can practice Attack Surface Management, while you stay proactive? Join this session for a new perspective on:
• How your existing technology can work together to discover all of your digital assets
• What techniques you can use for identifying, categorizing, and normalizing digital assets
• How you can use an asset inventory to identify external threats, misconfigurations, shadow IT, and policy violations
• Where to use automation to continuously assess your assets for threats

Shrink the Attack Surface

cybersecurity

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Shrink the Attack Surface

Presented by

About this talk

More from this channel