Federal Identity Credentialing and Access Management
This session will describe the principal components of the Federal Identity Credentialing and Access Management (FICAM) Program, including the associated policy and operational infrastructure. FICAM includes the Federal Personal Identity Verification (PIV) Program and the Federal Public Key Infrastructure architecture. Implementation status within and external to the Federal Government will also be discussed.
RecordedMay 6 201048 mins
Your place is confirmed, we'll send you email reminders
David Israel Senior Manager, Enterprise Information Security - Protect, MOTOROLA SOLUTIONS
Breach protection and detection is a central challenge for security experts who are tasked with protecting an enterprise. In addition, the endless effort to protect business assets does not lead to certainty.
It is difficult to prove that defensive efforts are effective and ready for real life attacks.
In this presentation, you will learn how the collaboration between a Threat Intelligence Team and a Red Team led to a revolutionary change in security posture and provides an effective method to evaluate and improve the prevention and detection of compromises.
In this session you will explore
- A method to identify gaps in breach protection and detection
- The challenges around endpoint protection and DLP
- Enhancing logging and monitoring by adding context
- Building a trusted environment
Opportunity is the cause of cyber crime, take away the opportunity and take away the crime.
Threat actors collaborate, conspire and acquire targets with impunity - just below the surface of what we see on the internet every day. Often referred to as the Deep Web or Dark Web, these virtual meeting places hide cybercriminals, insiders, terrorists and activists from plain view. How do you become proactive and get visibility into the forums and communication channels where 'bad actors' hatch their plans? This session will dispel the mystery of the dark web, discuss how the virtual underground operates and provide guidance on how organisations can gain visibility into these environments to help inform and manage their business risk. Join BCyber as they host a discussion with intelligence expert, Brett Williams, Flashpoints Lead Solutions Architect, where we will provide an:
- Understanding and dispelling the myths of the deep and dark web
- Overview on how cybercrime works and how illicit actors operate
- Update on key trends being seen in first half of 2020, for example, COVID threats, extortionist ransomware and more
- Example from real-life, covering content from virtual illicit communities, like forums, marketplaces, chat services etc
- Actions that you can do to gain external visibility for your organisation to better manage business risk
Dan Dahlberg, Director of Data Research at BitSight
In response to the COVID-19 pandemic, more employees are working from home than ever before, introducing corporate devices to a variety of new and evolving vulnerabilities. We recently examined the data we routinely collect from Internet traffic to learn more about how this unprecedented shift to remote work changed the security landscape — and the results were alarming.
During this webinar, Dan Dahlberg, Director of Data Research at BitSight, will dive into our research and provide proven recommendations for mitigating cybersecurity risk across a remote workforce. Join us on Wednesday, July 15, for:
- Insights into the hidden dangers lurking in residential networks
- Tips on navigating the new security challenges
- Best practices for monitoring your expanding attack surface and ensuring all digital assets are secure
John Bambenek, VP Security Research and Intelligence at ThreatSTOP, Inc.
With the increase in mobile and smart devices, we've expanded the threat landscape not only against threats to steal information, but for threats that have real physical risks. For instance, recent research by Google Project Zero and Volexity showed sophisticated attacks against both Android and iPhone devices that were targeted at Uighur Muslims and Tibet. Victims of this malware are targeted for persecution by the government of the People's Republics of China.
This talk will cover not only these attacks in specific, but in how threats are emerging that use new technologies which are being used to create physical threats to its victims and what that means for enterprises, SMBs, and society at large.
- Technical discussion on mobile surveillance techniques and malware.
- Cover real-world instances where such cyber attacks have led to physical harms.
- Discuss practical techniques to begin to mitigate such threats.
Joseph Carson (Thycotic), Pedro Uria (Panda Security), Jack Mannino (nVisium), Stan Lowe (Zscaler) & John Aarsen (SonicWall)
As the number and frequency of malware attacks continue to increase, we look at the threats, vulnerabilities and risks factors associated with malware attacks and how to keep your organizations secure.
Join this keynote panel with security experts as they discuss malware trends, strategies and tools for better security in 2020:
• The most prevalent threats in 2020
• Identifying the latest malware delivery tools and techniques
• Developing a modern defence strategy and empowering your users
• Malware strategy best practices
Joseph Carson, Chief Security Scientist, Thycotic (Moderator)
Pedro Uria, Director of PandaLabs, Panda Security
Jack Mannino, CEO, nVisium
Stan Lowe, Global Chief Information Security Officer, Zscaler
John Aarsen, SE - Benelux and Nordics, SonicWall
Tony Lauro, Director of Technology & Security Strategy | Steve Winterfeld, Advisory CISO, Akamai Technologies
Every time there is a major crisis I feel like the cybercriminals should cut us a break and yet every time it seems like they double down. You may recall over the years when a major natural disaster, health crisis or social issue dominate the news there are a flood of crisis related phishing campaigns using the topic as a pre-text for launching an attack.
Using popular topics and references is a key way that attackers can increase the probability of getting someone to click on their phishing lure to launch something like a ransomware attack. In this talk will cover some of the ways we can prepare for the next calamity.
• Phishing detection and defense practices
• Techniques for ransomware prevention
• Training your employees to be resistant to Social Engineering techniques
Join us for a discussion on how to prepare both your people and security infrastructure for the next wave of attacks. The cybercriminals are phishing – let’s talk about how to stop your employees from clicking on the bait.
· Tony Lauro is Director of Technology & Security Strategy for Akamai Technologies. Over the past seven years Tony has worked with Akamai’s top global clients to provide application security guidance, architectural analysis, web application and adversarial resiliency expertise.
· Steve Winterfeld is our Advisory CISO. Before joining Akamai, he served as CISO for Nordstrom bank and Director of Incident Response and Threat Intelligence at Charles Schwab. Steve focuses on ensuring our partners are successful in defending their customers and determining where we should be focusing our capabilities.
Eric A. Nielsen, Chief Executive Officer, Defense In Depth Cyber Security
As an information security professional your knowledge of ransomware as well as the tactics & techniques to detect & respond effectively are critical to your organization. Data breaches threaten organizational financials and reputations. Strengthen your security through the use of actionable intelligence. Attendees will hear about:
- What is Ransomware?
- Leveraging Architecture Components to Detect & Respond to Ransomware
- Ransomware Scenarios & Solutions
- Tips to Protect Your Organization
An increased awareness about privacy issues among individuals. In many countries, databases containing personal, medical or financial information about individuals are classified as sensitive and the corresponding laws specify who can collect and process sensitive information about a person. The financial services industry has rich sources of confidential financial datasets which are vital for gaining significant insights.
However, the use of this data requires navigating a minefield of private client information as well as sharing data between independent financial institutions, to create a statistically significant dataset. A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion.
We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including k-anonymity and differential privacy. We will discuss multi-party computation where the data donors want to securely aggregate data without revealing their private inputs. We will also review industry standards, implementations, key management and case studies for hybrid cloud (Amazon AWS, MS Azure and Google Cloud) and on-premises.
We often don’t realize the full impact of cyber crime, which then relapses us into repeating the same mistakes. Even large companies do not completely understand how their data and services are being abused. I want to take you on a journey of observing credit card fraud and abuse from stealing a credit card to trafficking of stolen goods. Learning about these vectors of abuse will help you and your organization to mitigate a number of common attacks and abuses.
Michael Thoma | Arif Hameed, Equifax | Chris Wallace, CISO | Lior Kohavi, Cyren
With email security breaches constantly making headlines, it is crucial for organisations to be ahead of the curve. Join this interactive panel of industry experts as they discuss the latest trends in email security and how to prevent becoming the next international headline.
Join this Q&A panel to learn more about:
- Emerging trends in email attacks
- How to stay on top of the latest threats
- Best solutions to protect your organization
Moderator: Michael Thoma, Principal Consultant at the Crypsis Group
Panelists: Arif Hameed, Senior Director, Client Security at Equifax
Lior Kohavi, Chief Strategy Officer and EVP for Advanced Solutions, Cyren
Chris Wallace, Chief Information Security Officer
Pat McDonald, Senior Solutions Engineer, GreatHorn
Outsmarting Cybercriminals: 3 Actionable Steps to Minimize Successful Phishing Attacks
With 94% of breaches starting with attacks targeting people, and phishing as the top threat action in confirmed breaches (32%)1, every organization is trying to stay on top of email security to mitigate risks. Unfortunately there is no “magic” solution to prevent 100% of all phishing attacks. But what if there were a few actions you could take to minimize the success of phishing attacks?
Join us for this webinar as we discuss what you can do to minimize the success of phishing attacks against your organization. Walk away from this presentation with insight into:
- Tools to prevent BEC and Account Takeover attacks
- Actionable insights that allow users to make better decisions
- Tips to improve your mean time to detect (MTTD) and mean time to respond (MTTR)
To defend against phishing, your organization needs to understand the key trends and top threats. Cofense’s Intelligence Team spends every day analyzing phishing threats including credential theft, ransomware campaigns, and more. Learn about the top threats that define today’s phishing landscape and how to defend your organization against them.
- See what tactics are successfully evading secure email gateways and reaching enterprise end users.
- Learn what is trending when it comes to malware delivered via phishing, including ransomware.
- Receive tips for ensuring your phishing defense strategy is proactive and well-coordinated.
Join us for an interactive discussion on innovative methods used to deliver ransomware and new tactics attackers are using to gain a foothold and deliver their payloads. We will cover:
- New strategies and tactics cybercriminals are using
- Steps of a ransomware attack - what you may be missing
- Ransomware in 2020 and into the future - what you need to know now
Speaker bio - Steve Cobb, CISO at One Source
Steve Cobb is One Source’s Chief Information Security Officer (CISO) bringing more than 25 years of leadership consulting surrounding IT infrastructure, cybersecurity, incident response, and cyber threat intelligence. Since joining One Source in 1995, Steve has been responsible for providing strategic IT consulting, delivering an increased organization efficiency and security for our customers. Prior to One Source, he was a Senior Security Engineer with Verizon Managed Security and a Senior Escalation Engineer with Microsoft. Steve serves on several CISO boards and a frequent presenter at conferences such as InfoSecCon, ISSA, Cyber Defense Summit, and others.
Stephanie Olsen | Sailaja Kotra-Turner | John Frazier
As in-house security becomes increasingly complex and costly, organizations are in need of a reliable and safe security provider. Join industry experts as they discuss the latest trends in SEaaS, including:
-Why your organisation needs to move towards SEaaS
-The different models of security as a service
- SEaaS solutions and strategies
Stephanie Olsen, Customer Trust Manager, Product & Application Security, Netflix & WiCyS Silicon Valley Affiliate President
Sailaja Kotra-Turner, CISO
John Frazier, Chief Operating Officer, Synoptek
One panel slot to be confirmed
Are you interested in learning how YOU can build securely on AWS? Join us for the AWS Security Jam learning series - a hands-on, team-oriented, gamified learning experience which will enable you to leverage a wide range of AWS security services. If you get excited about securing workloads in the cloud, come and challenge your skills while learning new techniques. AWS will host three Security Jam sessions (beginners, intermediate, and advanced), so join us for all three or pick the session most relevant to you. We will have a number of AWS experts virtually available to discuss ideas, provide guidance, and help your team get through any challenges.
Jerry Caponera, VP of Products and Cyber Risk Management, Nehemiah Security
Choosing which cybersecurity projects to implement is more challenging than ever. Cyber risk changes daily and budgets are changing too as the COVID-19 pandemic continues to unfold. Register to see why leading companies are using a data-driven approach to make better decisions about which projects to prioritize, and learn how modeling risk helps optimize cyber spend.
Join us to learn:
+ What’s changed in how companies look at risk remediation and ROI pre- and post-COVID
+ Why the prioritization of cyber spend is more important than ever
+ How to take a data-driven approach and what data you need to get started
+ Why modeling is important and how you can do this easily (demo)
Troy Vennon, Director, Cybersecurity & Trustworthiness at Covail
Join us for an informative webinar on how IT managers and small security teams can prevent ransomware from infecting their company’s networks. Ransomware on the rise and no longer focused only on large enterprise (average-sized company impacted in 2019 around 650 employees). Organizations with small security teams or that leverage their IT teams to manage security need help to protect from the growing wave of cybercrime. Here’s what to expect from our webinar on ransomware:
- How to identify where you are exposed so you can fix your vulnerabilities
- Why and how to segment your network and identity management programs
- What kind of a response and recovery process you need in place
Chase Cunningham, Kurtis Minder, Rick Holland, Chris Camacho, Allan Liska, John Grim
Find out what happens…when intel analysts stop being polite…and start getting real.
Today’s typical enterprise security team subscribes to at least four, often more, intelligence feeds, which analysts must comb through to find relevant information for operationalization. As a result, most threat intel has become “yet another tool to manage.” It’s simply not practical to expect every security organization to be able to hire threat intelligence analysts to make sense out of the feeds. Vendors need to deliver “threat-analyst-in-a-box” capabilities, so intelligence can be operationalized with minimal intervention.
In this session, a blue-chip panel of cyber threat experts will discuss the state of current threat intel offerings, and dive into the future of this space to help you understand how it will evolve to meet the needs of enterprise security teams. They will discuss how the next generation of threat intelligence will conform to the conventions of government intelligence operations, where the right information goes to the right people and systems in the right form factor.
Attendees will learn:
Why general-purpose threat intelligence won’t cut it and how it needs to be customized to each organization’s risk profile.
What enterprises need to do to make the market mature in this evolving industry.
How to take the right approach to threat intelligence and big data.
Dan Lohrmann | Earl Duby | Vinod Brahmapuram | Scott Larsen
By popular demand, this CISO Insights webinar is a follow-up to the immensely successful sessions held in March and May. The webcasts (links in Attachments): "Coronavirus Actions and Risks for Tech and Security Leaders" & "Back to the Office – Or Not? Next Steps in Pandemic Technology Response" were viewed thousands of times, and numerous attendees asked for this update.
Join this roundtable discussion to learn more about:
- Back to the office timing, decisions, strategies and tactics on the ground
- Quick Sector updates for government, manufacturing and healthcare
- Unemployment fraud
- Noticeable spike in phishing in June (related to civil unrest/Anonymous?)
- Team chemistry through the lockdown (how has onboarding been)
- Revenue loss impact on teams (downsizing? How has off-boarding been accomplished?)
- Overall CISO mental health through the quarantine and civil unrest
- Dan Lohrmann, CSO & Chief Strategist, Security Mentor, Inc.
- Earl Duby, CISO, Lear Corporation
- Vinod Brahmapuram, CISO, State of Washington
- Scott Larsen, CISO, Large healthcare provider
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.