Hi [[ session.user.profile.firstName ]]

MISAC MuniTech Academy Talking Cybersecurity with Senior Management

It is mission critical for IT Directors and CIOs to maintain quality communication with senior management and key stakeholders. Quality communication will help to build strong relationships and establish trust. Strong relationships and trust help to pave the way to gaining approval for cybersecurity initiatives and budgets. The factors that contribute to this situation vary from organization to organization. One obstacle to establishing quality communications with senior management is the fact that many local government IT departments don’t have access to senior management. Other issues include business alignment with cybersecurity, soft skills, and senior management. Governance of information and technology is key to help foster communication and engagement between IT and senior management.
Coverage
NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
IT, OT, IoT, Cloud, AI
Recorded Jun 11 2020 108 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Donald E Hester
Presentation preview: MISAC MuniTech Academy Talking Cybersecurity with Senior Management

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • MISAC MuniTech Academy IT Staffing & Career (Part 2) Recorded: Sep 11 2020 99 mins
    Donald E. Hester & Robert De Roeck
    People are IT's most important and expensive resource, but historically they have not been treated accordingly. Staffing for IT and cybersecurity can be difficult. How do you hire the right people? How do you grow your staff? How do you grow our career? In this session we will cover partnering with HR, investing in staff, education, certifications, soft skill development, work environment, flexible work options, professional networks, retention, justifying IT staff and teamwork. Improve your ability to grow, deploy, and manage your team.

    Coverage
    Career, Human Resources, Staffing, Education, Certification, Talent
  • MISAC MuniTech Academy IT Staffing & Career (Part 1) Recorded: Aug 27 2020 124 mins
    Donald E Hester
    People are IT's most important and expensive resource, but historically they have not been treated accordingly. Staffing for IT and cybersecurity can be difficult. How do you hire the right people? How do you grow your staff? How do you grow our career? In this session we will cover partnering with HR, investing in staff, education, certifications, soft skill development, work environment, flexible work options, professional networks, retention, justifying IT staff and teamwork. Improve your ability to grow, deploy, and manage your team.

    Coverage
    Career, Human Resources, Staffing, Education, Certification, Talent
  • MISAC MuniTech Academy Talking Cybersecurity with Senior Management Recorded: Jun 11 2020 108 mins
    Donald E Hester
    It is mission critical for IT Directors and CIOs to maintain quality communication with senior management and key stakeholders. Quality communication will help to build strong relationships and establish trust. Strong relationships and trust help to pave the way to gaining approval for cybersecurity initiatives and budgets. The factors that contribute to this situation vary from organization to organization. One obstacle to establishing quality communications with senior management is the fact that many local government IT departments don’t have access to senior management. Other issues include business alignment with cybersecurity, soft skills, and senior management. Governance of information and technology is key to help foster communication and engagement between IT and senior management.
    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Being Prepared for the Unforeseen by Having a Strategic Mindset Recorded: May 22 2020 66 mins
    Donald E. Hester, Ron Puccinelli, & Robert DeRoeck
    CIO CISO Table Talk. The COVID-19 pandemic has demonstrated the importance of technology in dealing with emergency situations. Some organizations were prepared for the transition to work from home and others struggled with the transition. How do we plan for the unknown?
    Having a strategic mindset is an important trait for CIOs and CISOs. This is much more difficult in technology because of the rapid change rate and dynamic nature of technology. How do you make decisions now to set yourself and your organization up for success in the future? Think strategic, act tactical, always keep your current projects focused on the long-term objectives. Join Don, Ron, and Rob for this talk on having a strategic mindset.
    Speakers:
    Donald E Hester, Maze & Associates
    Ron Puccinelli, City of Fairfield
    Robert DeRoeck, Indiana University
  • Cost-Effective Cybersecurity: CISOaaS & SOCaaS Recorded: May 19 2020 81 mins
    Donald E Hester, John Mallory, & Alex Sorokunov
    COVID-19 has forced many organizations to prioritize money, programs, projects. According to GFOA, local governments, on average, only spend 2% of their IT budgets on cybersecurity. The current threat landscape demonstrates that local governments continue to be a target of threat actors. Ransomware continues to plague local governments. Local governments have traditionally not invested in cybersecurity coupled with COVID-19 is decreasing revenue and the fact that cyber risk continues unabated places local governments at higher risk.
    Solution: local governments and organizations are increasingly looking to outsource cybersecurity operations. There are two different cybersecurity services local governments can take advantage. Two prime areas for outsourcing is the Security Operations Center (SOC) (SOC-as-a-Service) and Executive cybersecurity management (CISO-as-a-Service).
  • Getting the Most Out of Microsoft Teams Recorded: Apr 29 2020 124 mins
    Bryan Tuttle, Donald E. Hester, & Robert De Roeck
    The Covid-19 epidemic has prompted the widescale adoption of virtual meetings. Since Teams comes with Office 365, many organizations are adopting it for virtual meetings. Microsoft Teams is so much more than video conferencing or chat; there is a much more Teams can do for you and your organization. Learn the key features and basic navigation. We will have Bryan Tuttle, CEO of CodeRight a Microsoft Partner, Donald Hester IT Director for Maze and Robert De Roeck instructor from Indiana University.
  • MISAC MuniTech Academy ICS SCADA Cybersecurity Recorded: Apr 21 2020 121 mins
    Donald E Hester
    Many organizations struggle to protect their Industrial Control Systems (ICS) and SCADA systems. Other organizations struggle with knowing how much cyber risk their organization has. ICSs are often critical systems with low tolerance for interruption, making them very tempting targets for threat-actors especially nation-states. Thus far, incidents have been low but the emergence of proof-of-concept attack software suggests that this trend may not hold for long. Local Governments need to get ready now before they find themselves a victim. Unlike personal computers, which can be reformatted and restored from backup if required, PLCs and other components can be “bricked.” This means that malware could render them completely inoperable and requiring physical replacement. In this session we will cover some of the difficulties with cybersecurity and ICS, including Supply Chain, Vendor Management, Shared Responsibility and going beyond the standards.
    ICS-CERT
    Coverage
    NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Local Governments Leverage AI to Mitigate Cyber Risks Recorded: Mar 31 2020 55 mins
    Donald E Hester, Jeff Cornelius, & Nate Zieg
    Local governments have unique challenges and are a growing target for attackers. With limited resources, staff, and budget, IT staff continue to be asked to increase the services they provide and address a continuously evolving threat landscape. The controls necessary to mitigate the growing threat of ransomware stretch resources, staff and budget to the limit. There is no silver bullet for cybersecurity; however, there are technologies such as AI that are a game-changer balance the scales in favor of those defending these critical networks. Learn how some organizations are turning to Darktrace’s Immune System approach, powered by AI to combat these threats.
    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • MISAC Ransomware Prevention Recorded: Feb 12 2020 124 mins
    Donald E Hester
    MISAC MuniTech Academy presentation. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks. In order to help clients effectively combat the current growing cyber-threats, we have created a ransomware readiness checklist from the recent US Federal Government Interagency technical guideline, Cybersecurity and Infrastructure Security Agency (CISA) guidelines, National Cyber Security Centre (NCSC), UK and NIST guidelines. In this session we will cover the items in our checklist and the recommendations on preparation.
  • Ransomware Prevention Part 2 Recorded: Sep 18 2019 77 mins
    Donald E. Hester
    Second in a two-part series on ransomware. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks. In order to help clients effectively combat the current growing cyber-threats, we have created a ransomware readiness checklist from the recent US Federal Government Interagency technical guideline, Cybersecurity and Infrastructure Security Agency (CISA) guidelines, National Cyber Security Centre (NCSC), UK and NIST guidelines. In this session we will cover the items in our checklist and the recommendations on preparation.

    Coverage
    NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, Firmware
  • Ransomware Prevention Part 1 Recorded: Sep 17 2019 71 mins
    Donald E. Hester
    First in a two-part series on ransomware. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks. In this session we will cover what ransomware is, how it works, statistics and common features of the attack. We will also cover the costs of some recent incidents, and a discussion on whether to pay the ransom or not. We will look at the anatomy of a ransomware attack and the criminals behind them.

    NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, Firmware
  • Security+ Objective 1.5 Recorded: Aug 29 2019 51 mins
    Donald E Hester & Robert DeRoeck
    Our next session in our continuing series of webcast on CompTIA Security+. Objective 1.5. In this session we will explain vulnerability scanning concepts.
    Passively test security controls
    Identify vulnerability
    Identify lack of security controls
    Identify common misconfigurations
    Intrusive vs. non-intrusive
    Credentialed vs. non-credentialed
    False positive
  • Microsoft Azure 2 Virtual Machines Recorded: Aug 22 2019 89 mins
    Donald E Hester & Robert DeRoeck
    Our next session in our continuing series of webcast on Microsoft Azure. In this session we cover virtual machines and virtual machine management. Session will include demos.
    Virtual Machine Planning, Creating Virtual Machines, Virtual Machine Availability, Virtual Machine Extensions
  • Security+ Objective 1.4 Recorded: Aug 15 2019 69 mins
    Donald E Hester & Robert DeRoeck
    In this session we will explain penetration testing concepts.
    Find an exploitable vulnerability.
    Design an attack around it.
    Test the attack.
    Seize a line in use.
    Enter the attack.
    Exploit the entry for information recovery.
  • Security+ Objective 1.3 Recorded: Jul 25 2019 55 mins
    Donald E Hester & Robert DeRoeck
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.3: Explain threat actor types and attributes.
    Types of actors
    - Script kiddies
    - Hacktivist
    - Organized crime
    - Nation states/APT
    - Insiders
    - Competitors
    • Attributes of actors
    - Internal/external
    - Level of sophistication
    - Resources/funding
    - Intent/motivation
    • Use of open-source intelligence
  • Cloud-based Financial Applications Recorded: Jul 10 2019 61 mins
    Donald E Hester
    Good? Bad? Indifferent? I am often asked if it is safe to host financial in the cloud. It depends is almost always the answer. Join this session to learn about the pit-falls and consideration of a cloud-based ERP or financial applications. We will cover; how cloud services change the IT and Financial control environments, the risk of using the cloud, managing the risks, the benefits of using the cloud, and the concept of shared responsibility.
    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, COSO, CSA
    IT, Cloud
  • Current Cyber Scams & Need for Awareness Recorded: Jul 2 2019 76 mins
    Donald E Hester
    A repeat presentation given at Maze Live 2019. In this session we will cover some of the most popular scams we see for local governments and businesses. We will cover the potential impact of successful scams on organizations. We will also cover how to setup a cybersecurity awareness program and some tips and tricks for maturing your awareness efforts.
  • Administering Azure Recorded: Jun 28 2019 51 mins
    Donald E Hester & Robert DeRoeck
    Azure Administration Tools
    In this webinar, you’ll learn tools used by Azure Administrators to manage their Microsoft Cloud infrastructure
    Azure Portal, Cloud Shell, Azure PowerShell, CLI, Azure Mobile App, Resource Manager, and Resource Manager Templates
  • Security+ Objective 1.2 Recorded: Jun 25 2019 130 mins
    Donald E Hester & Robert DeRoeck
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.2: Compare and contrast types of attacks.

    Social Engineering attacks:
    - Phishing
    - Spear phishing
    - Whaling
    - Vishing
    - Tailgating
    - Impersonation
    - Dumpster diving
    - Shoulder surfing
    - Hoax
    - Watering hole attack

    Application/service attacks:
    - DoS
    - DDoS
    - Man-in-the-middle
    - Buffer overflow
    - Injection
    - Cross-site scripting
    - Cross-site request forgery
    - Privilege escalation
    - ARP poisoning
    - Amplification
    - DNS poisoning
    - Domain hijacking
    - Man-in-the-browser
    - Zero day
    - Replay
    - Pass the hash
    - Hijacking and related attacks
    - Clickjacking
    - Session hijacking
    - URL hijacking
    - Typo squatting
    - Driver manipulation
    - Shimming
    - Refactoring
    - MAC spoofing
    - IP spoofing

    Wireless attacks:
    - Replay
    - IV
    - Evil twin
    - Rogue AP
    - Jamming
    - WPS
    - Bluejacking
    - Bluesnarfing
    - RFID
    - NFC
    - Disassociation

    Cryptographic attacks:
    - Birthday
    - Known plain text/cipher text
    - Rainbow tables
    - Dictionary
    - Brute force
    - Online vs. offline
    - Collision
    - Downgrade
    - Replay
    - Weak implementations
  • Security+ Objective 1.1 Recorded: Jun 17 2019 59 mins
    Donald E Hester & Robert DeRoeck
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.1: Given a scenario, analyze indicators of compromise and determine the type of malware.
    Viruses, Crypto-malware, Ransomware, Worm, Trojan, Rootkit, Keylogger, Adware, Spyware, Bots, RATs, Logic Bombs, Backdoors, Cryptojacking, Formjacking, Doxware
Working together to make the world cyber safe.
Covering cybersecurity focused on the issues surrounding the challenges of small organizations and local governments. We will be covering issues related to compliance, PCI, NIST, audit findings, IT governance & management, disruptive technologies, current risks, common vulnerabilities, and suggested remediation.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: MISAC MuniTech Academy Talking Cybersecurity with Senior Management
  • Live at: Jun 11 2020 5:00 pm
  • Presented by: Donald E Hester
  • From:
Your email has been sent.
or close