As we realize the transformative power of the cloud, AI and machine learning, has our culture of responsibility and ethics kept pace? How do we harness our new technological capabilities to the understanding of how to use them well?

No one is a stranger to the complexity of cyber. And with confusion, comes misconception.

In this special episode of The (Security) Balancing Act, Diana Kelley and cyber experts will sit down, and deep dive into the common cyber myths.

Does compliance equal security? Is data safer on-prem than in the cloud? Will AI take our jobs? What misconceptions drive you crazy? Bring your best myths and join Diana Kelley and guests as we decipher common cyber myths in a bid to clear up the confusion.

Cyber Myth Busting: Blasting Common Misconceptions

API and App Security is no joke. As the volume of API use increases, so does the likelihood of an attack. APIs are powerful tools for developers but when they are left vulnerable, easy targets for cybercriminals they are essentially passageways to business-critical data, and this year, bad bots are becoming a bigger threat for APIs than ever before.

In this month’s episode of The (Security) Balancing Act, we’ll be deep diving into API risk, and how to navigate this growing threat. Join us as we discuss:

-  Defending against DDoS attacks
-  Why it’s crucial to manage your app & API security in one place
- Why API keys must be protected
- Top API security vulnerabilities
-  Understanding how to manage and mitigate risk in a changing climate
-  Future API Security trends
-  And much more!

Secure Your APIs, Secure Your Business

ChatGPT has been all over the news over the past few months. It is a great example of generative AI, and uses “deep learning techniques to generate human-like responses to text inputs in a conversational manner”. ChatGPT offers a range of benefits to users from all industries - but does it pose any risk? And what of the other AI chat tools being released like Google Bard?

According to Blackberry, though business leaders recognise its innate value, 51% of IT leaders believe there will be a successful cyber attack credited to ChatGPT within the year.

So where does this leave us? How can we leverage OpenAI tools while also remaining secure?

Join us in this month’s episode of The (Security) Balancing Act as we discuss:
-  AI tools, what’s on offer and how to stay secure
-  Risks of chatbot "overconfidence" even when wrong
-  How to leverage Generative tools safely 
-  Investments from MSFT, and what this tells us about ChatGPT
-  The future of AI, machine learning and natural language processing
-  And much more!

Understanding ChatGPT Risk: Do You Need to Worry?

In an age of the digital footprint, where data is being produced at such a rapid pace that we almost can’t keep up, decentralised identity offers an escape from data surveillance. 

Decentralised identity gives back control to the consumer by putting them back in control of their data credentials in an environment of greater identity trust. Not only that, but we know that identity data is often exposed when it comes to security breaches. These kinds of breaches can have knock on effects, from financial stability, to trust, to brand reputation. 

Join us in this session as we break down decentralised identity and discuss: 
-  Why decentralised identity is so key today 
-  The role of DIDs (Decentralised Identifiers) 
-  How to create and sustain trust 
-  Getting started with decentralised identity
-  And much more!

Decentralised Identity: Giving Control Back to the Consumer

The BISO (Business Information Security Officer) role originated in the financial services space but has now grown to be a part of many large organizations. BISOs are charged with connecting security to larger business interests. It is a relatively new senior role and represents a need for greater integration of security into business operations.

Because the role is new to many companies, it can be hard to know if you need a BISO. How do BISOs collaborate with the CISO? And are they truly necessary?

Join Diana Kelley and guests as we discuss:
-  How the BISO came to be - was there a gap in the workforce?
-  The role of the BISO
-  How to determine if your organisation needs a BISO
-  What is the correct scope and organizational model for BISO teams?
-  What makes for a stellar BISO?
-  And much more!

Introducing the BISO: Who Are They, and Do You Need One?

With a new year comes new challenges, new trends, and new solutions. There’s no better time to consider these trends and predictions, and how they will impact your business and key security decision-making.

In the first episode of the year, we’ll be thinking about lessons from 2022 and how to apply them to the year ahead. We’ll discuss key trends in all areas of cyber security, from the boom of Internet of Things, to protecting against international state-sponsored attackers to the increased role of AI. 

Join us as we discuss: 
-  The evolution of the C-Suite in 2023
-  Creating a year-long plan, and what you should consider when doing so 
-  Building cyber awareness within your organisation 
-  How the threatscape is shifting, and what to be on the lookout for
-  And much more!

Hello 2023! Key Cyber Security Trends

In 2022, we’ve seen all sorts of shifts in the cybersecurity world. Nation state attacks, phishing and the growth of AI are only three out of the myriad of trends. In many ways, it’s been an unpredictable year, and security leaders have had to think on their feet to keep up with the wave of change. 

As the year comes to an end, it’s beneficial to evaluate the key trends we’ve experienced in the past 12 months, to truly consider and begin to understand what’s in store for us in the year ahead, and to plan for the unexpected. 

Join us in the final panel of 2022 as we discuss: 
-  Top security predictions for 2023
-  Balancing security and privacy
-  The evolution of the C-Suite 
-  And much more

Top Cybersecurity Predictions for 2023

There is no way to sugar coat it. We are living through a time of worker change: some call it the Great Resignation, others view it as a Reshuffle. According to a recent survey by Microsoft, globally, 41% of workers are considering leaving their jobs. In the cybersecurity industry alone, more than half of professionals are contemplating leaving (Cobalt).

How does this impact the cyber world? Does it leave businesses open to attack? What can leaders in the industry do to ensure that employees remain content and satisfied?

Join us in this discussion as we consider:
-  The impact of the Great Resignation/Reshuffle on the cybersecurity industry
-  Whether the Great Resignation/Reshuffle is broadening the attack surface
-  What's lost when employees turn over?
-  How to retain talent during turbulent times
-  Is this shift due to the pandemic, or was it always coming?
-  And more!

Cyber Talent and the Great Resignation

When it comes to operational security, a forward-facing approach is essential. Having a high-level yet comprehensive cybersecurity strategy is a great way to understand your attack surface and navigate risk. But how can you plan long-term when incidents are taking attention every day and technology and attacks continue to evolve?

Being forward facing means moving away from a reactive cybersecurity strategy towards a proactive plan. However, creating a 3-year plan is no easy feat. It takes continuous monitoring, agility, and the ability to plan for the unexpected.

In this episode of The (Security) Balancing Act, Diana Kelley and guests will discuss:
-  The benefits of a long-term cybersecurity strategy
-  Key considerations when building out a program or strategy
-  Balancing immediate and urgent tasks with long-term planning
-  Getting Board by-in for strategic goals
-  How to monitor your strategy to ensure it remains effective
-  The first step to building your 3-year plan
-  And much more!

How To Build a 3 Year Cybersecurity Program

According to research by Capgemini, two thirds of businesses now understand that AI is a necessary component in the race to secure your organisation. The attack surface in 2022 is larger and more sophisticated than ever before, with ransomware and breaches at an all time high. The ability to detect cyber threats quickly, to have proactive security measures and to detect new, malicious threats, is more critical than ever. 

In this month’s episode of The (Security) Balancing Act, we’ll ask, ‘is AI the answer to the evolution of the threatscape?’ 

Join us in this session as we discuss: 

-  Use cases for AI in cyber - where does it fit and where it doesn’t
-  Can AI replace cyber analysts?
-  The importance of resilient AI
-  What we mean by predictive intelligence, and why it’s important 
-  How to implement AI into your security 
-  The technology AI can leverage to improve your security posture 
-  The future of AI in the cybersecurity space

Cybersecurity and AI: Managing the Evolution of the Threatscape

The development and evolution of IoT has shifted the world of technology forever, creating new ways for technology to deliver value. Businesses, governments, and healthcare and financial institutions have begun to leverage the benefits of IoT. However, it has also opened up opportunities for data to be lost, stolen and manipulated. In fact, according to Gartner, over 25% of enterprise attacks involve IoT.

Balancing the rate of innovation and risk assessment is key. But where do we start? Do we begin securing the device, or the network? How can we secure IoT in a proactive, holistic way? 

Join us in this episode as we discuss: 

-  Understanding the scope of IoT
-  Considerations when IoT and IIoT meet
-  Where to start when securing enterprise IoT 
-  In a WFA world is securing consumer IoT a requirement
-  Emerging technologies available to enable IoT protection
-  The future of IoT in the security landscape

Securing the IoT Landscape

Gartner predicts that 60% of large enterprises will implement passwordless methods by the end of the year. Going passwordless reduces the risk of password-based threats, improves usability and reduces operational cost. 

When weak and stolen passwords are responsible for 61% of all data breaches (Verizon), is it time to ask ourselves whether going passwordless is the future, and in 2022, are we ready to remove passwords altogether? 

Join us in this episode as we discuss: 

-  Hype-free explanation of what passwordless really means
-  Why going passwordless and effective password management go hand in hand 
-  Passwordless authentication and SSO
-  Challenges to adoption
-  Building your passwordless implementation roadmap
-  The industries embracing going password free 
-  Is passwordless the future?

Can We Go Passwordless in 2022?

In 2022, your attack surface will be larger than ever before. From the onset of the hybrid workforce to huge waves of data being produced, security teams around the world are working hard to reduce their attack surface and improve operational security. But to do this, effective vulnerability management is a must-have. 

A successful vulnerability management program must have visibility over the entire organisation and the right tools. This year, unpatched vulnerability endpoints will continue to be exploited, and building up your vulnerability management is key to avoiding a breach. 

Join us in this session as we discuss: 

-  The importance of patching 
-  Taking a risk-based approach to vulnerability management
-  AI and fraud prevention 
-  How security teams are “cleaning up” vulnerabilities left behind by Covid
-  Attack surface reduction and management

Vulnerability Management in 2022: Reduce Your Attack Surface

It has been said time and time again that humans are the weakest link when it comes to organisational security. When it comes to social engineering, this is most certainly true. Social engineering relies on human error to gain access to confidential information. When social engineering is at an all time high - 98% of cyber attacks rely on social engineering (Purplesec) - making sure your employees are educated and informed should be your first line of defence. 

Join us in this session as we discuss: 

-  How to educate your employees about cyber security
-  Why social engineering is so prominent today 
-  The most common types of social engineering, and how to avoid them
-  What to expect from cyber criminals in the next year

The Social Engineering Threat

Last year we took a look at the role of the CISO, and more broadly the evolution of the role, from job satisfaction to engaging with cyber employees and everything in between. In this month’s episode of The (Security) Balancing Act we’ll examine the last year and reflect on how the role of the CISO has changed, and what to expect next. 

Join us as we discuss: 

-  How to succeed as a CISO in 2022 
-  What is expected of CISOs in 2022 
-  How the role of the CISO has changed in the past year

Succeeding as a CISO in 2022: A Year in Review

In the pursuit of greater agility and communication with customers and prospects, companies are rapidly producing applications across a number of environments. However, the dynamic nature of cloud-native architectures and the increasing use of open source components, serveless, low code/no code, and containers has left security struggling to keep up. Traditional on-prem monitoring and prevention measures are unable to identify, manage and prevent growing multi-cloud application threats.

According to Verizon, hackers are targeting applications more today than ever before. Last year 17% of all cyberattacks were categorized as Application Security threats. These attacks represented 26% of all breaches, with web application attacks ranked as  #2 for both incident and breach sources.

In this episode of The (Security) Balancing Act, we’ll examine how to ensure your applications are developed and managed securely, and the next generation of solutions.

Join us as we evaluate:
- Why automation and security testing tools are key components in the implementation of a secure AppSec cycle
- How to align AppSec with your other security solutions, to maximize value and efficiency
- Where and how the ShiftLeft/DevSecOps mindsets fit i
- A discussion around SAST and DAST (Static and Dynamic Analysis), and their role in a comprehensive Application Security
- The role of SBOMs (software bill of materials) and how a robust SCA (software composition analysis) program can help
- The considerations you must take when using third-party applications and evaluating if they meet app sec requirements
- The future of application security and the threats you need to guard against

Application Security for the Modern Enterprise

In 2022, the end-user won’t tolerate a poor experience; when it comes to accessing resources and services remotely, both your workforce and customers have grown accustomed to convenience. And now that we can connect from anywhere on any smart device, secure remote access is more important than ever.

For many, Identity Access Management (IAM) is the key to striking the balance between experience and security. IAM places identity at the center of security and enables the right individuals to access the right resources at the right times. And we’re extending our use of IAM with CIAM (customer), PIAM (partner) and identity providers that allow everyone to BYOI (bring your own identity). Gartner estimates that the Identity Access Management market is expected to reach $19 billion in 2024.

Join us in this episode of The (Security) Balancing Act as security experts discuss:

-  Key considerations when developing a strategy for an IAM framework, particularly how to integrate the next-generation solutions and technology into existing infrastructures
-  What constitutes a strong and effective IAM program, and how to balance experience with security
Implications of CIAM, PIAM, and BYOI adoption
The importance of that “first step” - identity verification in a distributed world
-  How does IAM align with zero-trust security?
-  The differences between authentication and authorization
-  What are the challenges that can hinder a successful IAM implementation?

Mastering Identity Access Management

Security is fast-changing, and keeping up to date with new trends and predictions is key to staying ahead of the race to secure your business. This is why we’re kicking off 2022 with an episode focused on the year ahead. 

How will the role of a CISO change in 2022? Do we need a BISO? How can I prepare for what’s to come? What tools and processes are available to me today? In this session we’ll be answering these questions and much more. 

Join Diana Kelley and expert thought leaders as they discuss: 
-  The top 5 security trends and predictions for 2022
-  Why 2022 is the year for user awareness
-  AI and ML in IT Security 
-  What the threatscape looks like in 2022
-  And much more!

Keep Ahead of the Trends: Security in 2022

2021 Readiness: Balancing Security in a Post-COVID World

Deceiving the Attacker

Securing Identity - 1 Year Check-In

Life on the Front Lines - Staying Sane in the SOC

Supply Chain Security

Protecting Your Business from Nation State Attacks

Securing the Remote Workforce

Cybersecurity Strategy and Leadership for the SMB

Balancing Security on Premise and In The Cloud

Balancing the Security Workforce

Social Engineering Threats to Enterprise Security

How To Prevent Bias in Machine Learning

When NOT To Release and Hold Out for Better Security

Balancing Security and Privacy

ORIGINALS: The (Security) Balancing Act

According to Verizon’s 2019 Data Breach Investigation Report, 80% of hacking-related breaches exploited either stolen or weak user passwords - and 29% of all breaches used stolen credentials regardless of attack type. Why are attackers focused on authentication systems, and what risk does this pose as our businesses move more sensitive data and applications into the cloud?

Join us as we explore what today’s attacker knows and how to balance defending your data with continuing to offer users and customers the agility they have come to expect.

Why Today’s Attacker is Focused on Identities

Presented by

About this talk

More from this channel