Global Panel: Dissecting Cloud Security Standards

Working remotely has become the new normal. This, and many other changes organizations adopted last year in response to the pandemic are likely to stay for the long term. According to Gallup, about two-thirds of U.S. remote workers want to continue to work remotely. So, how can organizations continue to support their growing distributed workforce at a time where reports of security threats have increased by 400% compared to pre-pandemic levels? 

Here is where the zero-trust approach to security comes into play. 

Join this month's episode of The (Security) Balancing Act with Diana Kelley and guests as they discuss the emergence of zero trust (“Trust Nothing, Verify Everything”) and what it helps achieve for enterprises in the age of cloud and remote work.

Viewers will learn about:
- The evolution of the security perimeter and the shift to zero trust
- Why zero trust is an approach and not a product
- Zero Trust Network Access (ZTA) vs. corporate VPN
- Real-world stories and practical hands-on guidance from people who have deployed a ZTA

Speakers:
- Mari Galloway, CEO, Women's Society of Cyberjutsu
- Jonathan Nguyen Duy, Vice President, Global Field CISO Team, Fortinet
- Bob Rudis, Chief Data Scientist, Rapid7

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Tackling IT security compliance can be a headache -- but when you add the cloud into the mix, there is an entirely new set of challenges at hand. Cloud compliance is an issue that many organizations are concerned with, so much so that almost nine in ten (86 percent) believe that compliance will be an issue for them when moving systems, applications and infrastructures to the cloud, according to recently released research from Telos Corporation. Additionally, a staggering 94 percent of respondents report that they face challenges with IT security compliance and/or privacy regulations in the cloud. With the sheer amount of companies making the transition to remote work, cloud versus on-premises or legacy infrastructure is rapidly becoming the norm. So how can organizations embrace cloud and overcome compliance concerns?

This session will explore:

- The costs of compliance and noncompliance in the cloud
- The very real implications of audit fatigue and how the cloud exacerbates compliance concerns
- Potential solutions to ease compliance challenges, especially in the cloud

Endpoint security remains a major challenge for organizations, and in November 2020, Cybersecurity Ventures predicted that global cybercrime costs will reach $10.5 trillion USD a year by 2025. That’s more than triple the amount that it was in 2015. With remote working still very much the norm, and hybrid workforces emerging, it is becoming increasingly difficult to keep track of multiple endpoints and the risk they carry.

With the threatscape continuing to evolve and cyber attacks becoming even more sophisticated, experts are here to share how security leaders can take the complication out of endpoint security.

Join us to learn:
- Common endpoint threats from the first half of 2021
- Emerging endpoint threats and what to prepare for going forward
- Leading endpoint protection strategies and how they can be integrated into your existing security solutions
- And more

Moderated by: Michelle Drolet, CEO Towerwall
Panelists:
Robert B. Razavi, Sr. Security Advisor, CISO Office, Bombardier
John Bambenek, President, Bambenek Consulting and Security Advisor, Netenrich
Chase Cunningham, Chief Strategy Officer, Zero Trust Edge

Considering how much—and frequently—security shifts in the customer landscape, we believe Identity Management is at the epicenter of digital transformation and the next generation of enterprise IT. The changes in identity systems and services over the next five years are expected to be as disruptive as the new business models, applications and ecosystems they are supporting.

In our presentation we will look ahead to the future of identity & access management, talk about specific projections as to where we believe Identity Management will be going over the next five years and describe a model for identity abstraction that provides an extensible services oriented architecture. We include newer disruptive models such as DevOps/microservices in identity systems, cloud-based IAM, self-sovereign identity leveraging blockchain, IoT support, evolving privacy regulations, and new governance and provisioning models.

So you want to showcase your skills and speak at a technical conference? Great. Your voice matters. Conference organizers highly value new voices, and they are always on the lookout for ways to bring more talent to the stage. The good news is that there are opportunities abound and by submitting to conferences, you're honing in on your expertise, experience and knowledge, creating the most stellar of proposals. Join us for an honest discussion of cybersecurity industry influencers who weren't always used to being accepted when they initially submitted for speaking opportunities. They will share their stories of how they transformed every "no" into a "YES"!

A security operations center (SOC) is a dedicated site where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended by a team of information security professionals.

This session will give you insight of a SOC from a woman's perspective. You will be taken through some of the challenges faced by many of us today while working in a male dominated field. By the end of this webinar, you will have learned about the day-to-day activities in a SOC, how to manage your work-life balance, and how to acquire the skills that will help you grow in this field.

SolarWinds Cyberattack came as a wake-up call to many. An attack that most cyber-aware /savvy organizations could not detect for many months. It is a reminder of how an interconnected world can impact us all in a short time.
Join Sunil Sharma, Director of Cyber Defense for Middle East’s leading provider of strategic consultancy and tailored information security solutions and services company, Help AG, the cybersecurity arm of Etisalat, to discuss supply chain attacks, techniques, and tactics used by advisories to execute such attacks and strategies to detect and respond to supply chain attacks.

As users cost organizations billions of dollars due to simple errors or malicious actions, organizations believe that they have to improve their awareness efforts to make more secure users. The reality is that it takes a multilayered approach that acknowledges that users will inevitably make mistakes or have malicious intent, and the failure is in not planning for that.

Using lessons from tested and proven disciplines like military kill-chain analysis, counterterrorism analysis, industrial safety programs, and more, join Sushila Nair with author Ira Winkler on how to determine the appropriate countermeasures to implement and prevent cybersecurity breaches and other user-initiated losses. Join now and learn how to:

-Minimize business losses associated with user failings
-Proactively plan to prevent and mitigate data breaches
-Optimize your security spending
-Cost justify your security and loss reduction efforts
-Improve your organization’s culture

Business technology and security professionals will benefit from the information provided by these two well-known and influential cybersecurity speakers and experts.


This episode is part of Cyber Authors, a new series with Sushila Nair. We welcome viewer participation and questions during this interactive interview.

VERIS, the Vocabulary for Event Recording and Incident Sharing, is a set of metrics designed to provide a common language for describing cybersecurity incidents (and data breaches) in a structured and repeatable manner. VERIS provides cyber defenders and intelligence practitioners with the ability to collect and share useful incident-related information - anonymously and responsibly – with others.

VERIS underpins the annual Data Breach Investigations Report. VERIS and its A4 Threat Model – Actors, Actions, Assets, Attributes – help codify incident-related information for threat modeling, intelligence analysis, breach mitigation, and detection / response improvement.

Key takeaways for this session include:
• Understanding cybersecurity incidents through the VERIS lens
• Recognizing the VERIS A4 Threat Model: Actors, Actions, Assets, Attributes
• Getting started in Threat Modeling with VERIS

Phishing and ransomware attacks continue to rise, according to Proofpoint’s State of the Phish report for 2020. Organizations in the U.S. are at risk, the increase in remote work due to the pandemic has fueled a spike in attacks, and phishing attempts are up by 14 percent compared to the previous year.

Email continues to be the number 1 delivery vehicle, but other social engineering schemes that rely on social media, voicemail (“vishing"), SMS phishing (“smishing”), and malicious USB drops are also of concern for organizations. Ransom demands are also on the rise, but according to the report, paying the ransom is not guaranteed to work as many companies that paid the ransom failed to receive a decryption key.

Join this month's episode of The (Security) Balancing Act as Diana Kelley and guests discuss why ransomware is surging again, which sectors are most at risk, the threat to enterprises and how it is being used for more than just ransom (ex: distractionware, destructionware, etc).
- The rise in ransomware under the cloak of the pandemic
- Why email continues to be the channel of choice
- The difference between fully automated and human-operated campaigns
- How to decide whether or not to pay or not to pay the ransom
- Why your backups may not be immune to ransomware
- Addressing the threat with best practices

Speakers
- Nicole Hoffman, Intelligence Analyst, GroupSense
- Courtney Radke, CISO for National Retail, Fortinet
- Patrick Lee, Senior Incident Response Consultant, Rapid7

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Breach detection efficiency is all about consistent monitoring, organization and communication, experience (and expertise), training and proper tooling.

So is mountain rescue.

If you fall in a crevasse, get caught in an avalanche or come off a ridge, your survival depends only on time.

And in a mountaineer's career you know this will happen, as you should know, working in IT Security, that you will be breached.

So let’s be prepared, and learn from 200 years of mountain exploration how to quickly and efficiently get out of a worst case scenarios.

Smart buildings are the hottest topic of 2021. But the thought of system integrations to make this a reality is enough to give most network security teams heartburn. The planning, design, and implementation of IOT based “smart” buildings can be eased in its complexity, to realize ROI quicker, while ensuring that devices on the network are prevented from endangering the network or each other.

Through exploring lessons learned from successful projects, this session demonstrates how to start in your approach to a practical implementation of Securing a Smart Building, applying an interpretation of Zero Trust. It will cover methods used when security is of the utmost importance, and universal segmentation of threats is a requirement.

Protecting your organization requires vigilance and skills combined with effective controls and detections, just having a SOC is not enough.

SOCs vary in size, scope and staffing across various industries, outsourced and in-house, they exist to monitor, detect, and respond to evolving threats.

Guarding against failures in the security architecture is not just about selecting the right tools and suppliers, it requires constant validation of your people processes and technology.

Attend this session to learn:
· Why SOC validation is crucial in confronting threat evolutions.
· The elements of a continuous SOC validation and improvement program.
· How continuous and automated red teaming and BAS make SOC validation achievable with existing resources.

Over 37 billion records were exposed in breach events in 2020 - by far the most records exposed in a single year, according to a recent report by Risk Based Security. How has remote working impacted your organization's security posture? What lessons can security professionals learn from the recent wave of breaches and what steps can enterprises take to strengthen security in 2021?

This keynote panel of security experts and industry leaders will explore the best practices for breach prevention, as well as share real-life lessons from the frontlines on what works and doesn't work.

Viewers will learn more about:
- The reality of data breaches
- Why data breach severity is rising
- Ransomware attacks on the rise (doubling from 2019 to 2020) and the threat to businesses
- Technologies that help with breach prevention, detection and response
- Why security awareness matters and best practices for educating employees to be cyber secure

Moderated by:
Michelle Drolet, CEO, Towerwall
Nico Fischbach, Global CTO, Forcepoint
Micheal Meyer, Chief Risk and Innovation Officer, MRSBPO
Andy Thompson, Research Evangelist, CyberArk
Satya Gupta, CTO & Founder, Virsec

Smart buildings are the hottest topic of 2021. But the thought of system integrations to make this a reality is enough to give most network security teams heartburn. The planning, design, and implementation of IOT based “smart” buildings can be eased in its complexity, to realize ROI quicker, while ensuring that devices on the network are prevented from endangering the network or each other.

Through exploring lessons learned from successful projects, this session demonstrates how to start in your approach to a practical implementation of Securing a Smart Building, applying an interpretation of Zero Trust. It will cover methods used when security is of the utmost importance, and universal segmentation of threats is a requirement.

This talk introduces the main security pitfalls that every developer needs to know about before writing and shipping code.

A recent non-official proposal of OWASP top 10 helps us better understand what weaknesses our contemporary systems face and how we can manage our daily job to avoid them. The new candidate, SSRF (Server-side Request Forgery), will also be highlighted in more detail.

What you will learn:

- What are the biggest mistakes we make while writing and shipping code?
- Why is OWASP top 10 relevant for our daily jobs?
- How can we avoid the most critical vulnerabilities?

We are living in Data Age. Most organizations these days, in one form or other, rely on data to drive decisions & run their business. Thus, any data loss would mean considerable business impact to such organizations. Additionally, organizations’ collect certain data from users of their products, which is used for variety of purposes. If this data is lost / stolen, it may pose serious risks for the affected individuals and likely, tarnish the organization’s reputation.

In recent past, we have seen many data breaches across the globe, which have affected organizations of all shapes & sizes. So, it is imperative that organizations take steps to safeguard themselves against data breaches.

In this presentation, we will discuss:

- Recent data breaches & their impact
- Attack approaches used by Cyber Attackers
- Prevention steps to safeguard data

WiCyS brings together women and supporters from around the world to develop cybersecurity skills with the aim of advancing women in, building equity in and developing minority talent in the field. One of WiCyS’s focuses is bridging the cybersecurity skills gap for female veterans, which is what helped launch the Veterans’ Program. Military career experience aligns well with a job in cybersecurity.

The WiCyS Veterans’ Apprenticeship Program includes paid training and apprenticeship, secure long-term employment, and a litany of possible resources including access to technology and mentoring. This innovative apprenticeship model is DOL-certified and a top-notch gateway to get the support needed to enter into thriving cybersecurity careers. Join this webinar to learn more about the WiCyS Veterans' Apprenticeship Program and see if it's the right fit for YOU! And, as always... we thank you for your service.