Name: Audits & Auditors: The Good, The Bad & The Need to Know
Start: 2023-09-19T15:00:00Z
End: 2023-09-19T15:00:50.000Z
Location: BrightTALK
Rating: 4.7

Today’s security leaders are busy managing the increasingly complicated relationship between security and privacy. As the CISO role evolves, they're not only security leaders but strategists and negotiators, often working to keep other employees safe while ensuring their cybersecurity plans align with business goals. In this series we’ll highlight security trends and share insights from industry thought leaders on cyber security strategies, best practices, and important compliance regulations. 

Modern conflict increasingly centers around technology and digital infrastructure. The battlefield is no longer solely a physical stretch of terrain between territories; war is waged behind enemy lines, within their networks and inside their security systems. Cyber attacks can be hugely debilitating when launched successfully, causing widespread damage and incapacitating many functions. How can entities protect their operations from opponents, particularly in this new landscape of warfare?

Following several years of international conflict and discord, this episode will look at what we have learned about cyber warfare and what we should take with us to greater protect our digital terrain. While we cannot always avoid the battle, there are steps that can be taken to reduce the harm inflicted.

Join Dan Lohrmann, Earl Duby and their expert guests in the final CISO Insights webinar of 2024, for a thoughtful conversation around the key takeaways of cyber warfare to date.

Cyber Warfare: What We’ve Learned From Past Conflict

With a new election around the corner and last election's voting dramas still in our minds, security concerns around digital voting booths are at an all time high. Not only does a democracy require a secure voting system to function at all, but the voting public must be able to feel confident that the election has been handled safely and honestly. Without this trust, our nation’s public institutions could find themselves vulnerable.

Despite concerns about criminal interference, a software-powered ballot box remains the most efficient and accessible form of voting that we have – and one that doesn’t look like it will go away any time soon. So how can we strengthen this system and foster confidence in the voting system? What does a truly secure ballot box look like? And is this something that should be modernized or improved upon for future elections?

Join hosts Dan Lohrmann and Earl Duby in this election-themed episode of CISO Insights, to hear them and their expert guests take a sharp look at defending the ballot box.

Defending the Ballot Box: What It Takes to Digitally Protect an Election

Concern for the environment and a move away from fossil fuels has supercharged the growth of the electric vehicle market. While in many ways this is a sign of progress, the explosion of electric transport has placed new demands on local infrastructure and created new security risks. The digitization of a previously analog process has opened the door to a new kind of cyber crime, which in turn has prompted a new kind of cyber security.

What does it look like to install and secure charging stations across the country? How can electric vehicles be safeguarded against cyber attacks, particularly ones that feature self-driving functionality? What does it mean to secure the future of mobility in this new electric landscape?

In this latest episode of CISO Insights, hosts Dan Lohrmann and Earl Duby will be joined by expert guests to review the security concerns of electric transport – and discuss what it will take to protect it.

Electric Vehicles, Charging Station Infrastructure & Securing Future Mobility

4.45 Million USD is the average cost of a cyberattack. However, organizations worldwide are still figuring out if they want to prevent an attack or react to it. But times are changing! 

The rising number of cyberattacks has led security professionals to look for alternatives to existing vulnerability management solutions. So, there’s a critical need to level up traditional vulnerability management.  
 
Hosted by Jagsir and Rob from SecPod, joining us is Earl Duby, CISO at Auxiom, an industry veteran bringing you new perspectives on exposure management. 

Earl advises CEOs, mentors, and coaches up-and-coming security leaders and develops security strategies for small and medium-sized businesses. He has also been the Vice President and CISO at Lear Corporation, as well as CISO at Affinia Group, a large manufacturer of aftermarket automotive parts.

Earl has a BA in Economics, a Masters in Accountancy, as well as a Masters in Information Assurance.  He holds the Certified Information Systems Auditor (CISA), the Certified Information Security Manager (CISM), the Certified Information Systems Security Professional (CISSP), and the Certified in Cloud Security Knowledge (CCSK) certificate from the CSA. 

Join our live webinar, where we learn about:  

- Why are more CISOs and Security teams looking for advanced Vulnerability Management solutions? 
- What is Continuous Vulnerability and Exposure Management? 
- Cutting the noise between technology jargon and simplifying vulnerability management

The Critical Need for Advanced Vulnerability Management Process

As local public infrastructures become increasingly digital and "smart", protecting these systems poses a new security challenge. Depending on whether these programs are run by local government or outsourced to corporate entities, there may be varying levels of existing security protocols – and varying amounts of investment available. But the stakes are higher than ever: Once a town or city digitizes its public environment, every resident is now an active participant in this smart landscape.

To address these new and growing security concerns, municipal services and cyber security providers must work together. Defending smart cities will be an evolving process, as new service features are introduced and new threats are detected. For security professionals, this could be an exciting, if high-stakes, challenge for both today and the future. But where should cities begin? And where are the biggest risks?

Join CISO Insights hosts Dan Lohrmann and Earl Duby in this latest webinar, as they take a closer look at what it really takes to defend smart cities with their expert guests.

Defending Smart Cities: How to Protect Local Infrastructure in a Digital World

Every organization is concerned about cyber crime and their security protocol, which can be a source of stress – but also a great source of opportunity for security professionals. The industry is full of new challenges and investment, yet not every company is approaching cyber security in the same way and with the same resources. As a security professional, there is clearly opportunity to thrive, but it’s not always clear where those opportunities lie. How can you know when to stay put and when to move onto the next role?

Cyber security jobs range from service providers and developers, to in-house teams and consultants. The nature of each position will also vary depending on the size of the organization, the amount of investment available and the organization’s approach to security. For professionals, this landscape might be overwhelming – or inspiring.

In this next installment of CISO Insights, hosts Dan Lohrmann and Earl Duby will be joined by cybersecurity experts to look into the cyber job market and assess what your next move should be.

The Cyber Job Market: When to Stay and When to Move

What will come next in our world of cybersecurity as we head into 2024? What will be hot, and what will not?
The best security predictions do much more than just make educated guesses at what might happen in the next year or two. They examine the vendors who study global security incident trends; analyze what’s working and what’s not; consider new cyber solution alternatives, and use science and data to gaze into the future and make forecasts.
Join series hosts Dan Lohrmann and Earl Duby and their guests for the annual security predictions episode. The expert panel will draw from the perspectives of top cybersecurity industry companies, thought leaders, tech executives and journalists to put together the ultimate predictions guide.
Come explore the future – from a cyber perspective.

The Top 24 Security Predictions for 2024

"If there has been a single dominant topic of discussion in 2023, it has to be the rapid rise of generative AI. New developments in the technology have drawn mass attention and it seems like everyone is trying to figure out how best to deploy generative AI in their own organizations. This presents a great opportunity to optimize existing machine learning efforts and automate operations even further – but it also opens the door to dangerous gaps in governance. Without the right protocols, companies can become vulnerable to a host of problems, from data loss and increased attack surface area to copyright issues and misinformation. 

The technology is so new that many organizations won’t yet have clear policies in place around the use of generative AI. And while there are licensed, regulated generative AI tools available, many people are currently using the vast array of free apps that have not been scrutinized from a compliance standpoint. How can teams take advantage of these new opportunities created by generative AI, while maintaining their standards of security and governance? How can teams protect themselves from the risks of shadow IT and create clear governance policies?

Tune into this latest episode of CISO Insights to hear Dan Lohrmann, Earl Duby and guest experts discuss how to govern data and balance the dual threat and opportunity of generative AI.

Threat & Opportunity: Governing Data in the Age of Generative AI

Cybersecurity is so often focused on securing enterprise infrastructures from external threats – for good reason. Cyber attacks are always evolving alongside security protocols, so organizations must stay vigilant. Yet when so many resources are devoted to protecting operations from the outside, it is easy to leave yourself at risk of another kind of attack: insider threats. In fact, a 2023 study from Cybersecurity Insiders found that 74% of organizations are at least moderately vulnerable to insider threats.

Insider threats require an entirely different security approach, especially as they bring up an entirely new problem: accidental or unintentional threats. Not all internal damage is done maliciously, with many incidences tied more to human error than criminal intent. The Ponemon’s Institute’s “2022 Cost of Insider Threats Global Report” found that over half of insider threats (56%) came from employee or contractor negligence. Creating an internally secure environment for your organization therefore requires a multi-pronged strategy that can protect against both intentional and unintentional attacks.

In this episode of CISO Insights, series hosts Dan Lohrmann and Earl Duby will be joined by security experts to break down what it takes to tackle insider threats.

From Inside the House: Tackling Intentional & Unintentional Insider Threats

Cybersecurity threats have been growing year on year, with 2022 seeing ransomware attacks increase by 87% against industrial organizations, according to a Dragos report. These breaches can come at a high cost if successful; ransomware extortion totalled $456.8 million in 2022, after a high of $765.6 million in 2021. But is cyber insurance the answer?

Unlike other forms of insurance, cyber insurance language is not standardized and this can lead to significant variations in policy coverage. Certain offenses, like cyber warfare, are often excluded from coverage, while individual insurers may disagree on what constitutes an approved “loss event.” Yet is it worse to be left without any protection at all?

In the latest installment of the BrightTALK Original series CISO Insights, industry experts will look at how to navigate the question of cyber insurance in 2023.

Tune in to hear more about:
— The real stakes of cyber security right now
— What comprises a robust cyber insurance policy 
— How the market has changed in 2023
— And much more

Episode speakers:
Dan Lohrmann, Presidio
Earl Duby, XFactor.io
Maria Thompson, AWS
Bridget Kravchenko, HNI Corp.

Risk & Reward: Navigating Cyber Insurance in 2023

There are few worse places to be in cybersecurity than reacting to a successful cyberattack. When a threat actor is in the network, they hold all the cards. With ransomware, phishing, and other attacks on the rise, an organization without a proactive plan is playing with fire. 

As we move into an ever more connected and online world, it is tantamount that CISOs and their teams craft and implement a strategic security plan. Cybersecurity teams that are prepared can save their organizations millions of dollars, and prevent hours, or even days, of downtime. 

Join us in this episode of CISO Insights as we explore how cybersecurity experts can build out a strategic security plan that works for their teams and their companies. 

Topics for Discussion Include:
- The evolution of threats CISOs face
- Why a strategic security plan is more important than ever
- How teams can use proven strategies to build a plan that fits their unique requirements
-And more

Staying on the Front Foot with Strategic Security Planning

As hybrid workplaces thrived in 2022, the security landscape has had to constantly evolve to accommodate a growing number of devices and workplaces. The expansion of endpoints and networks this entails will continue to challenge CISOs, but that’s not the only threat CISOs are expected to face in the new year. The Internet of Things grows day by day, and the estimated 43 billion devices that Gartner predicts will be connected to the internet need to be secured.  

Join us in our third annual forecasting webinar as we take a deep dive into 2023 security trends and discuss:

— Dan Lohrmann’s 2023 security predictions - visit the attachment section for the full article! 
— How the ‘New Normal’ of work and IOT are affecting the security posture of organizations
— The expansion of AI and its ramifications for CISOs and IT Departments 
— And more

Top Workspace Security Predictions for 2023

According to The Life and Times of Cybersecurity Professionals 2021 report by the Information Security Systems Association, the ongoing cybersecurity skills crisis has steadily continued for over five years. Organizations are consistently on the prowl for talented cybersecurity professionals to combat increasingly prevalent and sophisticated cyber attacks. However, is hiring the “best fit” the only option organizations have to address the ongoing cybersecurity skills shortage? 

After working alongside the constant cybersecurity skills shortage, CISOs understand that only looking to hire talent won’t cure the longstanding problem. So how are security executives addressing the growing need for cybersecurity skills? Join Hosts Dan and Earl with guests as they take a deeper look into the cybersecurity skills shortage and:

- Innovative new strategies organizations are utilizing to tackle the cybersecurity skill shortage from integrated security architectures to partnerships with third party services or vendors
- Investing in IT and security staff through cybersecurity training
- Embracing automation and analytics to streamline security processes

The Cybersecurity Skills Shortage: Why, How, and What To Do About It

Just as it takes a village to raise a child, it takes every employee to keep an organization safe. Whilst security teams draft up cloud security solutions and invest in threat detection technology, this won’t prevent employees from being coaxed into buying hundreds of dollars worth of gift cards that their boss requested from a supposed personal email. 

With Verizon's 2021 Data Breach Investigations Report finding that 96% of phishing attacks arrive by emails, employees need to be aware of basic cybersecurity best practices in daily life to help promote an active cybersecurity culture within the organization. Creating a cybersecurity culture in the workplace is an ongoing goal that improves not only the organization’s security posture but also employee communication and teamwork. 

Along with discussing how cybersecurity teams can collaborate with employees through user awareness training to establish and promote cybersecurity policies and guidelines, this episode of CISO Insights will cover:
- What it means to create a culture of cybersecurity in the workplace
- Best practices to keep in mind when creating and managing cybersecurity culture in the workplace
- Incorporating user awareness training and cyber hygiene in daily workday whilst overcoming employee reluctance against mandatory security training

Establishing Cybersecurity Culture in Today's Workplace

In 2021, businesses spent on average $1.85 million recovering from ransomware attacks, according to Sophos “State of Ransomware 2021”. Ransomware damages are costly, and now increasing attacks are forcing security leaders to re-evaluate their backup and recovery processes. However, there’s an even bigger disrupter to disaster recovery processes: cloud technology, which is changing the way data is protected and how people need to prepare for recovery.

Cloud-based business continuity and disaster recovery have long been hailed as a cost effective, accessible, and safe option for organisations looking to achieve operational resiliency. With increasing cyber attacks, supply chain difficulties, and natural disasters, organizations need to take a deeper look into how Cloud can impact their backup management and disaster recovery plan. 

In this episode, we’ll be looking at how organizations can effectively protect themselves in the age of Cloud. 

Join us to learn:
- How Cloud technology has evolved and impacted security leaders’ disaster recovery and business continuity plans over the past 18 months
- Differences between disaster recovery in cloud computing versus traditional disaster recovery
- Deciding between  on-premise data centers or a migration to cloud and how to incorporate Cloud into your disaster recovery plans 
- And more!

Disaster Recovery and Business Continuity in the Age of Cloud

As organizations are looking for ways to stay on top of an evolving threatscape, many are
looking towards AI to enhance their security strategies and fend off cyber attacks before they
happen. In the 2022 CIO and Technology Executive Survey by Gartner, 66% of respondents
reported that they expected to increase cyber and information security investments for the
next year. More than half of respondents reported that they planned to heavily invest in
business intelligence and data analytics.

However some security leaders are cautious about adding artificial intelligence into their
security arsenal. Despite rapid advancements in AI, these solutions can also come with their
own unique set of drawbacks. Some skeptics say that AI technology is still immature and
that there may be simpler, more cost-effective solutions. With all the interest surrounding AI
in cybersecurity, it’s important for organisations to establish realistic expectations.

Join this panel to learn more about:
- The current state of AI in security
- What CISOs and their teams should keep in mind about AI
- How AI impacts your workforce strategy
- And more!

Speakers:
- Dan Lohrmann, Field CISO at Presidio
- Earl Duby, CISO at Lear Corporation
- Aidan Walden, Director, Public Cloud Architecture & Engineering at Fortinet
- Warsamé Ahmed, Co-Founder & CEO at BR[AI|YT.ai

Using AI in Cyber Security: Boon or Bust?

Cyber security breaches are becoming increasingly more public and costly affairs, leading organizations to pay a closer look at their current and future security postures. With Gartner predicting worldwide IT spending to grow by 5.3% in 2022, it’s clear that organizations are looking for ways to optimize their resiliency roadmaps with new strategies and investments. As ever, it helps to hear from those who have been there, done that and who can share insights into overcoming cyber breaches. 
 
In this episode of CISO Insights, we’ll be doing just that, as well as delving into Dan Lohrmann’s newest book, ‘Cyber Mayday and the Day After’, and exploring how organizations can handle cybersecurity incidents before, during, and after they happen. 
 
Join us to hear:
- What leaders wish they'd known before a cyber attack and how they prepare for future situations now
- Where leaders see cyber security heading and what challenges lie ahead
- How to communicate and collaborate with vendors and partner to implement your crisis response
- How to maintain public trust in your firm, and the importance of executive-level media responses
- And more

Speakers:
- Dan Lohrmann Field CISO Public Sector at Presidio
- Earl Duby CISO at Lear Corporation 
- Richard Meeus, Director of Security Technology and Strategy EMEA at Akamai
- Sammy Migues, Product Management Sr. Director at Synopsys

How to Prepare, Manage, and Recover from Inevitable Business Disruptions

Bridging the Gap: New Considerations for Multi-Cloud IT Infrastructure

Is Public Cloud the Best Option?

Revisiting Cloud Security: Managing Spend and Risk

Developing a Digital Culture: Can a Business Change Its Culture?

Achieving Safe and Compliant Generative AI: Lessons from Model Risk Management

AI + Cloud: Show Me The Opportunity

20th Episode Special: Celebrating the Power of Digital Transformation

The Cloud-Powered Hybrid Workspace

Securing Digital Transformation

Reimagining Retail: Digital Transformation and the Customer Experience

Advancing Digital Transformation in Healthcare

Driving Digital Transformation in Financial Services

The Multi-Cloud Maze: Making the Right Cloud Choice

When Digital Transformation Projects Fail: What Next?

Collaboration in Digital Transformation: From Boardroom to Stakeholder Buy-In

Is Digital Transformation Changing the Role of the IT Department?

Is Digital Transformation Only for the Enterprise?

Does Digital Transformation Only Work in the Cloud?

Your Stories of Digital Transformation

Building Your Digital Transformation Team

Introducing your Organization to Digital Transformation

ORIGINALS: Digital Transformation in Action

Security audits can feel like necessary evils, especially for overburdened security teams. When done effectively, an audit can identify potential problems before they cause real damage, which saves money, protects privacy and keeps organization’s compliant. It’s not surprising that audits are recommended at least every six-twelve months. Yet they can feel like resource drains, especially when operations are running smoothly. Why devote hours of time and effort to verify what you already know?

The simple truth is that while each organization will benefit differently from a security audit, there is something to be gained by instituting a systematic review of company information systems. Each business will need to determine the frequency and criteria that work best for them, in order to maximize impact without compromising on speed or efficiency. Figuring out this balance will be the critical challenge, but one with substantial payoff.

In this episode of CISO insights, series hosts Dan Lohrmann and Earl Duby will be joined by industry experts to break down the good, the bad and the need to know about security audits.

Audits & Auditors: The Good, The Bad & The Need to Know

Secure Cloud

Security

Security Analysis

Security Awareness

Audit

Cyber Defence

Cyber Security

Cloud Security

Compliance

Compliance Testing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Audits & Auditors: The Good, The Bad & The Need to Know

Presented by

About this talk

More from this channel