Name: Ed TALKS: Are We There, Yet? Measuring Effectiveness of InfoSec Programs
Start: 2021-03-25T16:00:00Z
End: 2021-03-25T16:00:59.000Z
Location: BrightTALK
Rating: 5

Bureau Veritas Cybersecurity is your expert partner in cybersecurity. We help organizations identify risks, strengthen defenses and comply with cybersecurity standards and regulations. Our services cover people, processes and technology, ranging from awareness training and social engineering to security advice, compliance and penetration testing.  We operate across IT, OT and IoT environments, supporting both digital systems and connected products. With over 300 cybersecurity professionals worldwide, we combine deep technical expertise with a global presence.  Bureau Veritas Cybersecurity is part of the Bureau Veritas Group, a global leader in testing, inspection and certification.  

Healthcare Cybersecurity: Protecting Patients, Systems & Data
Cyber threats in healthcare are growing more severe, with real-world impacts on patient safety, operational continuity, and data integrity. This session examines today’s most urgent risks—and offers practical, expert-backed solutions.

Featured Experts
Esmond Kane is CISO at Advarra and a veteran cybersecurity executive with over 20 years of experience in healthcare, research, and education. He has led security programs at Harvard, Mass General Brigham, and Steward Health Care, and serves on advisory boards helping organizations manage cyber risk.

Joseph Davis, Customer Security Officer at Microsoft, brings 30+ years of experience spanning medicine, entrepreneurship, and cybersecurity leadership. He advises healthcare leaders on secure cloud adoption, AI governance, and compliance, drawing from past CISO roles at Covidien and Sensata.

Frank Sinatra, CISO and VP of IT at University Hospital, has 25+ years of experience in healthcare, insurance, and professional services. He leads cybersecurity strategy and compliance efforts and is a Certified Information Security Manager with deep expertise in security architecture and cloud governance.

Topics We’ll Cover
- Ransomware: How attacks disrupt care, delay treatment, and expose patient data
- IoMT Vulnerabilities: Securing connected devices lacking modern protections
- Compliance vs. Security: Bridging the gap between evolving threats and outdated frameworks like HIPAA
- Supply Chain Risks: Preventing cascade failures from third-party breaches
- OT Threats: Addressing cyber risks that affect physical systems and patient safety
- Join us for a critical discussion on strengthening healthcare’s cyber resilience—and protecting those who rely on it most.

EdTalks - Securing Healthcare - The Cyber Threats Putting Patient Safety at Risk

Most organizations only start thinking about the security of their Industrial Control Systems (ICS) after a compromise or government mandate, but this reactive approach often leads to costly operational disruptions and potential equipment damage, even injuries or fatalities. This webinar will explore the critical need for proactive security measures to protect ICS environments. Securing ICS environments is particularly challenging as these systems are critical to round-the-clock operations and cannot be easily taken offline for patching, updating, or upgrading. This webinar is designed for security professionals and industrial controls experts who want to learn how to effectively threat model and secure their ICS environments, rather than waiting until a compromise occurs.

Attendees will learn the following:
- Overview of a simple ICS network architecture
- Threat modeling an ICS environment
- Teams involved in ICS environment operations and security
- Implementing security measures to mitigate and capture ICS environment intrusions
- Aligning security controls with the IEC 62443 industrial cybersecurity standards

Meet the Speaker
Josue Alvarez-DeGolia is a Security Engineer at Bureau Veritas Cybersecurity (formerly Security Innovation), where he conducts application security assessments, secure code reviews, and network vulnerability simulations. A U.S. Navy veteran and former submarine nuclear operator, Josue brings a systems-thinking mindset shaped by experience in military operations, power generation, investment banking, and business consulting. His cybersecurity work spans AWS security, ICS/SCADA penetration testing, and hardware threat modeling. He was part of the winning team at the DEF CON 32 ICS CTF, and combines technical depth with business acumen to help clients protect complex, high-risk systems.

Threat Modeling Essentials: A Strategic Approach to Mitigating ICS Cyber Risks

Most organizations only start thinking about the security of their large language models (LLMs) once the model is already developed and deployed. However, this reactive approach often leads to costly retrofitting, unexpected vulnerabilities, and missed opportunities to build security in from the ground up.

This webinar takes a different approach, guiding security professionals and LLM developers on how to address security concerns at every stage of the LLM development lifecycle. Rather than waiting until the end, we will explore the security implications and best practices for securing LLMs during the critical phases of project inception, data curation, model architecture, training at scale, evaluation, post-improvements, and API integration.

By adopting a proactive security mindset, attendees will learn how to:
• Align security assessments with the intended use cases and model requirements during the scoping phase
• Mitigate risks like data poisoning, backdooring, and adversarial prompting throughout the development process
• Ensure training stability and model integrity through techniques like checkpointing, weight decay, and gradient clipping
• Evaluate LLM performance while preventing manipulation of benchmark datasets and evaluators
• Implement access controls, data leakage prevention, and other security measures during fine-tuning and API integration

Attendees will leave this webinar with a comprehensive understanding of how to weave security into every step of the LLM lifecycle, empowering them to build more secure and trustworthy AI systems from the start. This proactive approach is crucial for organizations looking to stay ahead of evolving security threats and deliver LLM-powered solutions with confidence.

Securing the LLM Development Lifecycle: A Proactive Approach

"We run annual e-learnings and phishing simulations twice a year, yet employees still click...” Or: “We had 15% fewer clicks this year—proof that our awareness materials work... right?”

Security awareness alone isn’t enough. If you truly want to reduce human risk, you need to go deeper—into human behavior, decision-making, and psychology.
Join us for an eye-opening session on how to design security awareness, behavior, and culture programs that actually change behavior—not just check the box. We’ll explore how psychological principles can help move from passive awareness to active prevention.

In this webinar, you’ll learn:
- Why many well-intentioned phishing simulations fall short—and what to do differently?
- How psychological resistance keeps employees from preventing physical unauthorized access—and how to create engagement?

Whether you're a security leader, awareness program manager, or behavior change enthusiast, this session will give you fresh tools to rethink how you drive secure behavior in your organization.

About The Speaker

After researching the psychological impact of ransomware attacks, Lucas developed a strong focus on behavior change within information and cybersecurity. He has designed and implemented security awareness, behavior, and culture programs across various sectors.

Lucas takes a behavioral approach to human risk—recognizing that effective security interventions are never one-size-fits-all. His work ranges from custom target group programs to launching multimedia campaigns using behavior change techniques and providing live training sessions. In addition, Lucas has extensive hands-on experience with social engineering—ranging from email and voice phishing to a strong focus on physical social engineering. He believes human risk management is still in its early stages and strongly advocates for tailored, user-centered strategies.

Human Risk Management: From Fatigue to Engagement

Join us for the upcoming webinar, "Golden Rules for Industrial Cybersecurity: Assessment & Asset Protection," featuring cybersecurity expert Anna Prudnikova. This session will cover key principles of industrial cybersecurity, including frameworks such as IEC 62443 and NIST CSF, as well as the importance of asset visibility and risk-based assessments. The discussion will address common challenges, such as bridging the gap between compliance and actual security and overcoming implementation hurdles in industrial environments. Attendees will gain insights into best practices for risk assessment, mitigation strategies, and a structured approach to cybersecurity compliance.

In addition, we will examine real-world OT cyber-physical incidents in the U.S., such as 2021 Colonial Pipeline attack, which highlighted vulnerabilities in industrial control systems and the impact of ransomware on critical infrastructure. The session will conclude with an interactive Q&A and case studies showcasing successful security strategies.

This webinar is ideal for industrial cybersecurity professionals, compliance officers, and asset managers looking to strengthen their cybersecurity posture and learn from real-world incidents.

Golden Rules for Industrial Cybersecurity

Join us for this EdTALKS, where industry leaders will dissect the security challenges of IIoT, share real-world insights, and explore strategies to balance innovation with risk management.

What You’ll Learn:
• Key vulnerabilities in industrial supply chains and IIoT ecosystems
• Best practices for securing digital energy technologies
• The role of SBOMs (Software Bill of Materials) in mitigating cyber threats
• Strategies for improving resilience across critical infrastructure

Panelists:

Cassie Crossley
VP Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.” She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, and data privacy.

Emma Stewart
Director, Center for Securing Digital Energy Technology, Idaho National Laboratory
With over 15 years in power systems and cybersecurity for critical infrastructure, Emma leads efforts in cyber-physical resilience for emerging energy technologies, ensuring responsible cloud usage and digital transformation.

Josh Corman
An Executive in Residence for Public Safety & Resilience at the Institute for Security and Technology (IST), where he leads a new initiative on the resilience of lifeline basic human needs: water and wastewater, emergency medical care and hospital services, food supply chains, and power. Josh founded I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, director of the Atlantic Council’s Cyber Statecraft Initiative, and in leadership roles at PTC, Sonatype, Akamai, IBM, and the 451 Group.

EdTALKS - Cybersecurity in Industrial IoT (IIoT) – Navigating the  Modernization Paradox

As organizations accelerate cloud adoption, cyber threats targeting cloud environments are evolving at an alarming pace. In Cloud Security Threats 2025, Security Innovation’s Cloud Center of Excellence Lead, Rohitanshu Singh, provides a deep dive into the latest threats, vulnerabilities, and defensive strategies that will define cloud security in the coming year.
This session begins by analyzing key cloud adoption trends, focusing on the shift toward multi-cloud and hybrid environments. We’ll examine real-world breaches—such as the Snowflake attack—to uncover how adversaries exploit misconfigurations, weak identity controls, and emerging attack techniques to compromise cloud assets.

Attendees will gain insights into the top cloud security threats of 2025, including:
- API security risks and supply chain vulnerabilities
- IAM misconfigurations and privilege escalation tactics
- Ransomware-as-a-Service and AI-driven attack methodologies
- Insider threats and mismanaged cloud workloads

Through interactive discussions and security simulations, participants will learn how to mitigate these threats using Zero Trust security models, AI-powered threat detection, and best practices for securing cloud workloads.
The webinar concludes with expert predictions on the future of cloud security, regulatory shifts, and a strategic roadmap to enhance cloud resilience.

Rohitanshu has been working in information security for over a decade, accumulating deep expertise in securing
multi-cloud environments across a plethora of industries and technology stacks. He leads our Cloud Center of
Excellence, which conducts ongoing research on emerging cloud threats, attacks, and deployment strategies.

Join us to stay ahead of emerging cloud threats and fortify your organization’s cloud security posture for 2025 and beyond.
Register now to secure your spot!

Cloud Security Threats 2025

The rapid rise of IoT devices has transformed industries but also exposed critical security vulnerabilities. To address these risks, the U.S. government introduced the US Trust Mark, a voluntary certification aimed at enhancing IoT security and building consumer trust.

Join this webinar to explore:
• The key security requirements of the US Trust Mark
• How certification helps IoT manufacturers stand out and gain consumer confidence
• The challenges and opportunities in implementing the Trust Mark

Meet the Experts:
Grace Burkard, Director of Operations, ioXt Alliance
Grace leads ioXt’s global efforts in establishing standardized security requirements for IoT devices. She collaborates with key stakeholders, regulatory bodies, and industry leaders to drive adoption of best security practices. With a passion for privacy and compliance, she plays a pivotal role in improving transparency and trust in the connected device ecosystem.

Michael Beine, Business Unit Manager, Bureau Veritas
With over 20 years in the Testing, Inspection, and Certification (TIC) industry, Michael specializes in cybersecurity for IoT and industrial automation. He has developed testing frameworks for connected devices and serves as a cybersecurity auditor under the IEC 62443 standard. His expertise spans wireless technologies, networked systems, and regulatory compliance in global markets. 

Geoffrey Vaughan, Director, Security Engineering, Security Innovation
Geoff leads Security Innovation’s IoT Center of Excellence, researching emerging threats in connected systems. His team develops tools and methodologies to assess vulnerabilities in embedded devices, web and mobile applications, and communication protocols. A frequent speaker at global conferences, he translates complex security risks into actionable strategies for businesses and developers.

The US Trust Mark: Using Cybersecurity to Differentiate your IoT products

In the wake of high-profile cyberattacks in 2024, such as those targeting the NHS, CrowdStrike, and 23andMe, organizations are reevaluating their preparedness for full-scale cyber crises. A recent survey revealed that 74% of CISOs plan to increase budgets for crisis simulation exercises in 2025, highlighting the critical need for realistic, hands-on crisis management training.

Our upcoming webinar, "Where Cybersecurity Crisis Management Meets Incident Response," addresses this pressing concern by offering insights into integrating technical responses with strategic crisis frameworks. You'll gain practical knowledge to enhance your organization's resilience against sophisticated cyber threats.

Meet the Speaker: Luke Fletcher
Principal Consultant & Team Lead, International Crisis Management & Incident Response
With over 15 years of global experience in crisis management, operational resilience, and business continuity, Luke has dedicated much of his career to leading crisis management at Direct Line Group, a major financial services firm. He also has deep expertise in the industrial sector, helping organizations design and implement crisis management procedures and cybersecurity crisis exercises.

Luke specializes in building internal crisis response capabilities, facilitating scenario-based training, and ensuring organizations are prepared for high-profile cybersecurity incidents. His insights will equip you with actionable strategies to enhance your crisis readiness.

What You’ll Learn:
✔ How to transition from reactive cyber incident response to proactive crisis management
✔ Best practices for aligning cybersecurity teams with leadership for coordinated decision-making
✔ How to integrate proven crisis management frameworks into your cyber response strategy
✔ Real-world case studies showcasing effective (and ineffective) crisis responses
✔ Practical steps to strengthen resilience, minimize impact, and maintain business continuity

Where Cybersecurity Crisis Management Meets Incident Response

In this webinar on AI Cyber Risks, Ralph Moonen, a principal security consultant at Secure, provides a comprehensive overview of the cybersecurity risks associated with artificial intelligence (AI). The presentation begins by defining AI and explaining its underlying technologies, such as neural networks, before delving into the specific risks AI poses, including data leakage, reputational damage, and the potential for AI to generate harmful or misleading outputs. Monaghan also discusses how threat actors are leveraging AI for malicious purposes, such as social engineering and developing exploits. The talk covers best practices for mitigating these risks, including threat modeling, testing AI models, and implementing AI usage policies. Additionally, Monaghan highlights the importance of understanding prompt injections and how AI systems can be manipulated. The webinar concludes with a discussion on global regulations and ethical guidelines for AI, emphasizing the need for robust security measures as AI continues to evolve.

AI Cyber Risks

In a rapidly evolving digital landscape, cybersecurity has emerged as a critical domain, demanding skilled professionals to safeguard sensitive information and combat cyber threats. Recently, we had the privilege of delving into the insightful review of Ed Adams’ book, ‘See Yourself in Cyber: Security Careers Beyond Hacking.’

This engaging discussion not only explored the challenges and opportunities within the cybersecurity industry but also provided valuable insights into the evolving nature of cybersecurity careers and strategies for success. Join us as we recap the highlights, from breaking misconceptions to promoting diversity and inclusion, and discover how individuals can thrive in this dynamic and ever-changing field.

Inside the Pages of "See Yourself in Cyber": An Author Q&A with Ed Adams

Software continues to run the modern enterprise, and while it has the potential to drive innovation it can also introduce vulnerability. Rapid release cycles often prioritize features over security and hackers are adapting their tactics to target distributed software applications that are increasingly accessible.

Security teams can’t single-handedly address this dynamic threatscape, so organizations must rethink how to strengthen security resiliency. Software teams are on the front lines in preventing vulnerabilities, but to build resilient applications they need to be equipped with security awareness and intimate knowledge of architecture, integration points, and deployment environments.

Topics covered include:

- Root causes of prominent software-borne breaches
- Taking inventory of teams (and going beyond developers)
- Building essential awareness - security principles, attack vectors, and threats
- Being early to the (3rd) party – mitigating API, open-source, and cloud risk

Building Security from Within: Empowering Software Teams for Cyber Resilience

Baking security into applications earlier in the software development lifecycle has become the mantra of the enterprise today, with software development and security teams working closely together to ensure more secure coding throughout the development process to ensure safer and more secure applications. But what about mobile apps?

In this webinar, experts will discuss strategies to integrate security tasks across all phases of the mobile app development lifecycle: design, development, and regular testing, with the goal of finding and fixing vulnerabilities or issues efficiently in the dev process. You will also get advice on how to employ tools and practices to support your dev and security teams in this new generation of collaboration for more secure software development for your organization's mobile apps.

- Explore what a “shift left” requires of both development and security teams
- Get advice on how to put security first without stifling software innovation
- Find out about the emerging role of AI in DevSecOps

Presented live by featured speakers Dr. Jason Clark and Dinesh Shetty, Moderated by Becky Bracken.

DevSecOps for Mobile App Development

Modern software development demands a balance between speed, efficiency, and security. DevOps, the fusion of development and operations, aims to achieve this balance by optimizing the software development process for rapid delivery. While the successful integration of security practices empowers organizations to ensure systems remain resilient, many companies have been reluctant to move to DevSecOps, fearing it will be complex and time-consuming.

In this webinar, we explore best practices for seamlessly integrating security into DevOps to ensure that software development doesn't compromise security in its quest for speed.

Join us as we discuss:
- Driving collaboration between Development and Operations
- Customized Policies & Governance for awareness and adherence
- Managing Third-party risk
- Eliminating Bottlenecks
- Upleveling Skills to Empower Teams
- Leveraging risk-based assessments and threat modeling to guide the DevSecOps process

Still Developing Software the Old Way? Best Practices for Migrating to DevSecOps

When it comes to keeping technical audiences apprised of security challenges, success is all about relevance and interest. Simulation training and tying training to a learner’s job function are emerging as some of the most effective ways to help learners retain knowledge. By utilizing hands-on training methods that immerse users into the technical environment they encounter daily, one can enumerate security risks in a context that is both familiar and engaging. This talk discusses methods to create engagement, lasting behavior change, and, dare we say, enjoyment for your technical workers.

Join us for a webinar with The Training Industry, where your host, Ed Adams, author and CEO of Security Innovation, and Michael Hendrickson, former vice president of technology and development products at Skillsoft, will discuss what thought leaders are saying about growing threats and the importance of good cybersecurity hygiene, as well as the most effective training methods for technical audiences in 2024. Skip the guesswork and get ahead with up-to-date methods and insights — you’ll be glad you did.

Our interactive webinar will provide you with valuable insights on:

- The Power of Relevance in Security Training: Discover why tailoring cybersecurity training to an individual’s job function leads to better knowledge retention.
- Engagement Through Simulation Training: Learn about the effectiveness of immersive, hands-on simulation training for technical audiences.
- Creating Lasting Behavior Change: Explore methods to engage technical teams in cybersecurity hygiene, resulting in lasting behavior change and enhanced security.
- Industry Insights and Trends for 2024: Gain knowledge on growing security threats and the most effective and up-to-date training methodologies for 2024.

Training Techies on Security: It’s Not Rocket Science!

DevOps is often characterized as a mindset shift, but that undermines the critical cogs that actually make it work - the people, technology, and processes.

Ed TALKS: Movers & Shakers in DevSecOps

On top of the usual threats inherent to IT networks, applications, and cloud services, the complexity of medical devices creates a massive and distributed attack surface. Compounding the challenge are long-life expectancy and third-party dependency.

Attend this panel to hear healthcare security experts discuss the anatomy of medical devices, how to design them with human safety in mind, and how to make a shared security responsibility model a reality.

Specific topics include:

• The Prescription - security measures the FDA and others are demanding
• The Skeleton - the rickety infrastructure healthcare runs on
• The Brains - is SaMD (Software as a Medical Device) the new world norm?
• The DNA - what Software Bill of Materials (SBOMs) tell us about risk
• The Immune System - why traditional IT defenses struggle to protect patients
• The X-Rays - the need for new surveillance techniques

Ed TALKS Modernizing Medical Device Security: A New Perspective on Old Practices

While traditional assessment techniques like pen testing and scanning are effective at catching issues before software is deployed, they are simply not scalable given today’s accelerated releases. To release software with confidence, organizations need to address their core issue – people & process gaps.   

This webcast will demonstrate how implementing core security activities into your SDLC and augmenting with role-specific training will yield more self-defending software. Topics include:

- Today’s software security landscape and challenges
- Breaking the Find & Fix hamster wheel
- Fusing activities (the what) and skills (the how) to amplify risk reduction

People & Processes: The Yin and the Yang of Software Security

Ed TALKS: The Cyber Elephant in the Boardroom

Ed TALKS: Keep Your Head in the Cloud | The Uncensored Security Forecast

Ed TALKS: Cybersecurity M&A – True Tales From All Sides

Ed TALKS: Scaling AppSec – Getting Tools to Perform

Ed TALKS: How to Train IT Teams for Security

Ed TALKS: Keeping Secrets – The Future Threats to Data are Here

Ed TALKS: Diversity & Inclusion in Cybersecurity – Reaping the Rewards

Security’s Three-Ring Circus: Cloud, Supply Chain, and Staff

Ed TALKS: Securing Microservices in Today’s Fast, Feature-Driven SDLC

Ed TALKS: Security Upskilling Software Teams

Are IoT & BYOD dead? Why today we live with the Enterprise of Things

Steal the Attackers Playbook with Purple Teams

Ed TALKS: Privacy in a Gossipy, Digital World

Ed TALKS: SolariGate – Avoiding Supply Chain Burns

Ed TALKS: Fast-Tracking Software Assurance, Making Security Part of Software Dev

Ed TALKS: Paying it Forward – Securing Technology in the Payment Ecosystem

Ed TALKS: Cloudy at the Breach – Your Software, Your Data, Your Loss

Ed TALKS: It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb

Ed TALKS: Back to Basics: The Imp. of Security Principles in Technical Roles

Ed TALKS

High-performing InfoSec programs are critical to protecting sensitive data, securing systems, and maintaining compliance. However, organizations continuously struggle with the “how are we doing?” question.

Attend our next Ed Talk to learn how to identify key metrics and implement measurement vehicles to understand your real security posture.

* Benchmarking: What do you measure? And against what?

* Analysis Paralysis: What to do with the results and avoiding misleading and distracting data

* Metric Traps: Red flags versus red herrings

Ed TALKS: Are We There, Yet? Measuring Effectiveness of InfoSec Programs

Information Security

Cyber Defence

Application Security

Security Awareness

Secure Cloud

InfoSec

AppSec

Software Security

Cyber Security

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Ed TALKS: Are We There, Yet? Measuring Effectiveness of InfoSec Programs

Presented by

About this talk

More from this channel