The Impact of Cloud on the Future of Web Application Security

Join this expert panel as they discuss their thoughts and predictions for the remainder of 2018 and beyond about how the cybersecurity arena is impacting, and is impacted by, human and workforce behavior, machine learning, threats and procedures, software assurance, supply chain risk, and more.

The panel will consist of the Board of Directors of the Northern Virginia Chartering Chapter of (ISC)2, including:
* Dan Waddell, President, NoVA (ISC)2 and Senior VP at Zeneth Technology Partners
* Ed Covert, Lead Enterprise Security Architect, Deutsche Bank
* Joe Jarzonbek, Director for Government, Aerospace & Defense Programs at Synopsys, Inc.
* David Rubal, Sr. Account Executive, DoD Modern Infrastructure, Dell Technologies

The General Data Protection Regulation (GDPR) is a key legislation going into effect in May that it will affect all organizations that handle, store or pass through data of EU citizens.

Join this panel of Governance, Risk, Compliance and Security experts for an interactive Q&A as they discuss the importance of being GDPR-compliant:
- What GDPR means for cyber security
- GDPR requirements around data collection and governance, exposure and breach disclosure
- Evaluating your cyber risk
- Recommendations for achieving compliance post-deadline day
- Other regulation on the horizon

Speakers:
- Julian Saunders, CEO, PORT.im
- Bob Honour, EMEA Marketing Director, SonicWALL
- Raef Meeuwisse, CISM, CISA, ISACA Governance Expert & Author “Cybersecurity for Beginners”

The Nation has an ever-growing need for cybersecurity professionals who can protect our networks and infrastructure from increasing cyber threats and attacks. According to a study by the Center for Cyber Safety and Education, there will be a shortage of 1.8 million information security workers by 2022. Building a skilled and agile cybersecurity workforce to fill these positions is a national challenge.

To address the shortage of skilled workers, it is critical for all communities to work together to coordinate cybersecurity awareness, education, training, and workforce development efforts. Current initiatives across the Federal Government help advance the cybersecurity workforce, particularly through training and professional development. The Department of Homeland Security (DHS) is leading such efforts through its Cybersecurity Education and Awareness (CE&A) Branch.

We will also share information about our Stop. Think. Connect.™ campaign to help promote safe online behavior. Stop. Think. Connect.™ resources provide partnership opportunities to academic institutions, government agencies/departments, as well as non-profit organizations.

Join this webinar to learn:
1. How to find CE&A awareness, education, and workforce development resources
2. How to use National Cybersecurity Workforce Framework (NCWF) tools
3. How to partner with our Stop. Think. Connect.™ Campaign

This webinar is part of ISSA's Security Education and Awareness Special Interest Group Webinar Series.

Speakers:
- Nancy Limauro, DHS, Deputy Branch Chief, Cybersecurity Education & Awareness Branch
- Noel Kyle, DHS, Program Lead, Cybersecurity Education & Awareness Branch

This webinar qualifies for CPE credits. Please fill out the survey via the attached link to claim your credit.

The United States spent around $3.5 trillion or 18% of GDP on healthcare. According to FBI, the amount of this spending lost due to fraud, waste, and abuse (FWA) ranged between $90 billion and $330 billion!

This talk will offer practical advice on how to effectively organize and join various healthcare data sources such as claim and clinical data, how to set-up the problem, and how to design an effective machine learning solution to identify FWA leads and expedite investigator review using intuitive visualization to understand the risk factors contributing to those leads.

Payment fraud prevention tools have existed since the end of the 90s and have improved continuously since. In the last 2 to 3 years we have seen a new paradigm come into the space - machine learning.

This new technology is perfectly fitted for identifying fraud and is slowly being adopted by the market. Moving forward, using tools like this will no longer be a choice but rather an obligation for merchants. An obligation, as it will be at the origin of a competitive advantage which goes way beyond fraud prevention and will bleed into business intelligence fields.

In this session, Rodrigo Camacho, CCO at Nethone will walk you through the evolution fraud prevention touching on the following key points;

How the problem is solved by a large part of the industry today
The revolution that is happening in the space today
The halo effect that this revolution is going to have on the rest of business processes

Open Data is somewhat of a misnomer. For data sharing to take place, privacy must come first. As such, GDPR represents the essential rules of engagement without which the game of PSD2 cannot take place.

Rather than signalling an era of 'free love' between service providers and platforms, PSD2 and the API revolution mean that businesses and service providers must now be more secure than ever when it comes to user data.

In this session, Soldo's founder, Carlo Gualandri, explains how Soldo has responded to the regulatory environment by building a proprietary in-house GDPR-compliant machine to ensure privacy by design.

Tune in for an interactive discussion with cloud and security experts on the key trends shaping enterprise cloud strategy, explore the latest technological advancements, and discover how to better secure your critical data and workflows in the cloud.

Join top cloud and security experts for this interactive Q&A discussion on:
- The top cloud trends in 2018
- Advanced security reporting & analysis
- Minimizing your risk and reducing your attack surface
- Recommendations for improved security
- The future of cloud

Speakers:
- Amar Singh, CEO & Founder, Wisdom of Crowds, Cyber Management Alliance
- Raef Meeuwisse, CISM, CISA, Author of "Cybersecurity for Beginners"
- Paul Dignan, Application Delivery, Networking and Security Expert, F5 Networks
- Chris Munday, Senior Systems Engineer and cloud expert, Palo Alto Networks

The session will be broadcast LIVE from the AWS Summit in London.

In the last six months, crypto-mining malware and crypto-jacking have taken center stage in cybercrime news. We’ll discuss the most recent events and see how this links to ransomware, which dominated the cybercrime news last year, where one outbreak cost seven companies over one billion dollars.

Both crypto-mining malware and ransomware, aside from gathering headlines, demonstrate that cybercriminals and nation state actors are building capabilities for worming malware that could have the ability to do far greater damage than has yet been seen.

Come to this talk, learn what’s been going on, where it’s likely going, and how to avoid being a victim of a headline-generating event.

About the Speaker:
Jay Beale created two tools used by hundreds of thousands of individuals, companies and governments, Bastille Linux and the Center for Internet Security’s first Linux/UNIX scoring tool. He has led training classes on Linux security at the Black Hat, CanSecWest, RSA, and IDG conferences, as well as in private corporate training, since 2000. As an author, series editor and speaker, Jay has contributed to nine books and two columns and given more than one hundred public talks. He led the development of the Linux security standard for the Center for Internet Security, served on the board of Mitre’s OVAL project, and serves as a member on the O’Reilly Security Conference’s program committee.

He is a co-founder, COO and CTO of the information security consulting company InGuardians, a leading information security consultancy with offices in Seattle, Boston, Chicago, Dallas, Atlanta and Washington, DC.

Recently the Center for Internet Security (CIS) published the CIS Azure Foundations Benchmark, the first ever set of security configuration best practices for Microsoft Azure.

These industry-accepted best practices go beyond the high-level security guidance already available by providing Microsoft Azure customers with clear, step-by-step implementation and assessment procedures.

In this webcast, attendees will learn:
· Who is CIS? How the CIS Benchmarks remove guesswork for security professionals?
· What is CIS Azure Foundations Benchmark? Why Azure decided to use CIS Foundations Benchmark?
· How audit teams can consistently evaluate the security of Azure Subscriptions, reducing complexity in managing risk when using Azure for critical, regulated systems
· How these security checks can be seamlessly integrated into an organization’s security and audit ecosystem with an array of security tools and solutions.

CIS Benchmarks have been the de facto standard for prescriptive, industry-accepted best practices for securely configuring traditional IT components. The release of the CIS Azure Foundations Benchmark into this existing ecosystem marks one of many milestones for the maturation of the cloud and its suitability for sensitive and regulated workloads.

Panelists:
· Jordan Rakoske, Senior Technical Product Manager, Center for Internet Security (CIS)
· Jonathan Trull, Senior Director for Cybersecurity, Microsoft
· Gururaj Pandurangi, CEO and Founder, Cloudneeti and Avyan Corp

Endpoint security represents the frontline in your fight against cybercriminals. Despite the relative maturity of the endpoint security market, new threats and evolving attacker capabilities have proven traditional approaches inadequate - and left organizations exposed.

Guest speaker Forrester Senior Analyst Chris Sherman and Nyotron's Senior Director of Product Management Rene Kolga will discuss the current state of endpoint security while highlighting a path forward for organizations looking to re-focus their strategies to combat current threats.

Attendees will learn:

• Which threats are causing the most difficulties for traditional
endpoint security approaches
• Why organizations need to balance positive and negative security
approaches
•How to layer multiple tools for maximum protection

Cyber has become a strategic issue and for many companies is now a business enabler and increasingly a form of competitive advantage. However it is clear that it remains difficult for Board's to get the “right” management information to support their cyber risk discussions and decision making.

So how can Board's ensure that they are asking the right questions when it comes to an organisation’s cyber posture and how can CISOs maintain and improve the Board’s attention in this fast-moving space? This webinar will look at the challenges faced by CISOs and Board members and offer insights into how to successfully approach cyber security at Board level.

About the presenter:
Steve Durbin is Managing Director at the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.

How to make your staff your first and last line of defence.

Learn how to:
•Identify your enemy and their tactics
•Discover why technological defences will lose to hackers
•Learn how to make staff genuinely care about security

About Rob Shapland BSc (Hons) OSCP OSWP CRT Principal Cyber Security Consultant, First Base Technologies

Rob Shapland is an ethical hacker with 9 years’ experience conducting penetration tests for hundreds of organisations, from small businesses to major international organisations.
He specialises in simulating advanced cyber attacks against corporate networks, combining technical attacks with his other hobby of dressing up and tricking his way into company headquarters using social engineering techniques.
He is also a regular speaker at events and conferences around Europe, and has appeared on both BBC and ITV as a cyber security adviser. He holds qualifications from SANS, Offensive Security and CREST, and has been trained in social engineering techniques by Chris Hadnagy, one of the world's leading practitioners and researchers.

This webinar will provide an in-depth review of how software-defined wide-area network or SD-WAN can be used to:
- Improve your cyber security posture and reduce the chances of a breach
- Decrease your detection time to reduce the hackers time in your network and reduce response costs
- Use dynamic segmentation to prevent the spread of a breach, thus reducing financial impact

About the Presenters

Jack Miller, CISO, Open Systems

Jack Miller is a well know cybersecurity veteran with over 16 years of CISO experience at 4 multi-billion dollar organizations. He currently serves as the Chief Information Security Officer for Open Systems, Switzerland’s largest Secure SDWAN and Cloud delivered Security-As-A-Service solution provider.

Martin Bosshardt, CEO, Open Systems

Martin Bosshardt has been CEO of Open Systems AG since 2002. Martin Bosshardt studied at the ETH in Zurich and Todai University in Tokyo. He has a master's degree in electrical engineering from the Swiss Federal Institute of Technology (ETH). In 2011, Martin Bosshardt was awarded with the SVC Entrepreneurs Award. Since 2013, he has been a member of the Advisory Board of PwC Switzerland.

Small businesses are the low-hanging fruit of the cybercrime world. Operating a small business is tough work and requires the small business owner to be skilled in many areas of business, finance, tech, customer service, sales, fulfillment, and so on. Cybersecurity is only a part of what SMB owners needs to know about in order to successfully run their business. However, the cybersecurity portion is often overlooked. As hackers and attackers are looking for people to scam and steal from, they look for the easiest targets first.

In this webinar, audiences will learn more about:
- The risks and real costs of ignoring your data security
- How it can cause you to go out of business
- Simple steps to take immediately to help improve your security

Be sure that you have a good grip on understanding what you need to do when it comes to protecting your small business from these threats.

And as an added bonus, you'll receive some valuable resources that you'll be able to use in the future as you discover, plan, and implement new security strategies in your own small business. Be #SmallBizCyber smart about your small business!

You probably spend enough on cyber security. Leadership and analysis can achieve more than additional spending.

Technology and services will continue to improve and evolve, but the total spend by companies does not need to grow to counter new threats. Damrod provides an analytical toolkit based on military principles to understand, assess, and defend against cyber-attack.

This presentation focuses on treating cyber as conflict and countering an attacker through better tactics to achieve a better defense.

About the Speaker:
Griff is trained as a Canadian Infantry Officer and is a holds a Master’s Degree from the LSE. Unable to find “real” work, he got into software development as a Scrum Master, leading the development of a web based application. This experience fostered an interest in cybersecurity, and Griff went on to a boutique start-up providing application security to Fortune 500 companies. Frustrated by the disconnect between technologies and poor analysis within cyber security, Griff founded cyber defense firm Damrod Analysis in 2017.

With data breaches on the rise, enterprises worldwide are looking to implement better technologies and processes for faster breach detection and response, as well as train all employees to be cyber aware.

Join this interactive Q&A panel to learn more about:
- Key factors for building a successful CISO strategy
- Why breach prevention matters
- True costs of breaches
- Technological solutions to consider for a more cyber resilient enterprise
- How AI/machine learning and human talent can work together
- Top threats to look out for in 2018

Speakers:
- Amar Singh, CEO & Founder, Wisdom of Crowds, Cyber Management Alliance
- Simon Moor, VP for Northern Europe, FireEye
- Bob Honour, EMEA Marketing Director, SonicWall