Privacy vs. Security: Balancing Vulnerability Awareness & Incident Prevention

Have you ever wanted to know what is involved in a particular Cybersecurity role? If yes then join us at the WSC for a conversation with a Cybersecurity SOC analyst


Host: Connie Blaney

Guest: Afton Bell


The Unconventional Approach Afton Bell is a Cybersecurity Analyst located in Austin, TX. Her path to cybersecurity was a bit unconventional but she’s always had a passion for security. Afton was born and raised in East Orange, NJ. She started flying single-engine aircraft at the age of 12, only a few months before the tragic events of 9/11. She saw the change of the aviation world as they started to enhance security measures across the country’s airports. In 2011, she earned 2 undergraduate degrees in Aviation Technology from Purdue University in West Lafayette, IN. After graduation, Afton followed her drive for security with a focus in IT and earned a Master of Professional Studies in Homeland Security from Penn State University in 2014. In 2017, Afton decided to shift from working in physical security management and earned multiple CompTIA certs to pursue her dream career of cybersecurity. She began working as a Configuration Lab Technician in Chicago to gain valuable experience before moving to Austin, TX for an analyst position. She recently started working as a Cybersecurity Security Operations Center Analyst for a large government entity with a focus in SIEM as of February 2020. Afton often volunteers to mentor young women interested in STEM during events in Austin and is very eager to continue to grow and evolve in such an exciting industry.

One of the most important aspects of security is how to protect the data that is just “sitting there.” How easy is it to get to? Who can get to it? If someone does get access to the data, can they read it? These are just a few of the questions that we try to answer when we go through the process of securing data.

Contrary to popular belief, however, securing “data at rest” is not simply encrypting the data. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are equally as important – if not more so.

For this webcast, we’re going to talk about those other factors (Encryption is deserving of its own, specific webcast). We will present the end-to-end process to securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated, discussing:

• How requirements for “data at rest” differ from “data in flight”
• Understanding the costs of ransomware
• How to protect cryptographic keys from malicious actors
• Using key managers to properly manage cryptographic keys
• Strengths and weaknesses of relying on government security recommendations
• The importance of validating data backups... how stable is your media?

With the 2020 U.S. presidential election on the horizon, what are the biggest cybersecurity threats our democracy is facing? How well is the election infrastructure prepared when it comes to cybersecurity, and what are some steps to take today to strengthen the security posture?

Join this panel to learn more about:
- The current government threat landscape
- Which threats can we expect to see in the next few months?
- Why visibility into the security posture of election infrastructure is key
- What's needed to ramp up security quickly?
- Recommendations for enhancing election security

Speakers:
- Mick Baccio, Security Advisor, Splunk
- Dave Klein, Sr. Director of Engineering and Architecture, Guardicore

Moderator: David Morris, Executive Director at Digital Risk Management Institute

This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.

Companies work with third-party vendors to help them become leaner, more agile, flexible, and efficient, so they can go to market faster and beat the competition. However, onboarding remains the most time consuming and pressurized part of the process, as security leaders try to balance meeting the demands with the business with the fundamentals of good security. According to Gartner it now takes an average of 90 days to onboard a new vendor, 20 days longer than four years ago.

Furthermore, the recent large scale shift to work from home in response to COVID-19 has accelerated the adoption of new vendors as companies try to enable a newly remote workforce, adding even more pressure on third-party risk managers to onboard and operationalize third-parties faster than ever. Join BitSight’s Evan Tegethoff, Will Ricciardi, and Andrew Calo to learn how third-party risk managers can create faster, less costly and more scalable onboarding processes that enable the business to grow faster and become adaptive to a changing environment, including how to:

- Reduce time and cost to onboard new vendors
- Scale your program more efficiently
- Use tiering to prioritize your assessment process
- Use an adaptive process to monitor your vendors

Digital transformation - we hear about it all the time, but what does it really mean for security? As organizations transition users, applications, workloads, and data from on-premise into the cloud to improve agility and competitiveness - how does that change their security landscape and threat model? And how can organizations address the challenge of protecting both legacy on-premise systems, while at the same time, also having to secure dynamic multi-cloud-based environment?

Join today's episode to learn about the reality many organizations are facing when it comes to juggling on prem and multi-cloud security, what the key differences are and how to address them for your organization. The panel will also discuss the following topics:

- What are the differences between Cloud Security vs On-Premise Security and why do they matter for organizations in 2020?
- Can we normalize our security posture across the legacy and hybrid/multi-cloud environments?
- Is it possible to improve security as part of a digital transformation program?
- What kind of cyber hygiene do we need to practice? What should be added and what can be taken off security teams' plates?
- Where does DevOps (or DevSecOps) fit into all of this?
- Are cloud security failures the customer's fault?
- What is SASE and how will it impact your organization?

This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.

This is a Special Edition episode in the Election Hacking series on BrightTALK.

The outbreak of the Coronavirus (or COVID19), has redefined every aspect of our lives from the way we work, play, and receive emergency services.

Remote interactions may be the new normal. How will this "new normal" affect our election process and what are the ramifications from a cybersecurity point of view?

Will we be voting remotely in an electronic fashion and if so, what are the threats, vulnerabilities, and weaknesses? What can be done to prepare for a secure voting process?

Panelists:
- Lance James, CEO of Unit 221B
- Steven Teppler, Partner at Mandelbaum Salsburg P.C.
- Michael Aisenberg, Principal Cyber Policy Counsel at the MITRE Corporation

Moderator: David Morris, Executive Director at Digital Risk Management Institute

Join this special episode of the Election Hacking Series as we discuss this timely and critical issue.

The rapid shift to a remote workforce has put an unprecedented amount of pressure on our IT resources; however, our security experts must remain hyper-vigilant in response to bad actors who look to exploit this shift. Micro-segmentation protects organizations’ networks against lateral movement of threats inside a cloud or data center environment to reduce the risk of a security breach. It uses software overlay or network virtualization technology instead of installing multiple physical firewalls. This capability to quickly and easily segment is a key control as our work environments become more and more agile and dispersed. Join our expert panel in this free webinar to ask your questions and learn about:

• What is micro-segmentation
• How, when and why you should use micro-segmentation as a key security control
• How zero trust segmentation can be rapidly extended from the data center and cloud to protect users and admins on remote desktops and laptops
• Common hurdles for implementing micro-segmentation
• How to manage change in a micro-segmented network

Will AI (whatever the “A” stands for?) ever replace humans for Automation and Threat Detection?

The advances in technology especially with AI (Artificial Intelligence) is being both embraced and feared. Automation is the key to organizations being scalable and assisting with the skilled resource shortage in the cybersecurity industry though will AI ever fully replace humans, and will it eventually be GOOD AI versus BAD AI when it comes to cyberattacks. Could humans simply become a spectator when it comes to the future cyberattacks? This webinar will look into all those questions and possible outcomes.

Join Joseph Carson from Thycotic to take a journey from the present and into the future of AI & Humans, can we coexist together?

Key Takeaways:
What are the current capabilities of AI today in Threat Intelligence?
Can AI prevent cyberattacks?
Will AI replace humans for Cyber Defense or Offensive capabilities?
Future of AI & Humans, can we coexist together?

As organizations adopt modern development technologies including Microservices, APIs and adopt DevOps & CI/CD practices the old ways to implementing QA and application security no longer work.

In this session, we will introduce new methodologies and solutions that enable companies to assure the quality and implement application security into their DevOps practices and insure high quality solutions with DevSecOps by design.

Speakers:
- Gadi Bashvitz, President & CCO, Neuralegion
- Aseem Bakshi, CEO, Webomates
- Ulf Mattsson, Head of Innovation, TokenEx

As an information security professional knowledge of the trends, tactics and techniques facilitate a powerful tool against malicious actors. Data breaches threaten organizational financials and reputations.

Strengthen your security through the use of actionable intelligence. During this attendees will hear about:

- Incident Response Trends
- Cyber Attack Tactics & Techniques
- Tips to Protect Your Organization

The world is changing, and the cybersecurity world is too. The cybersecurity strategy we had 18 months ago is no longer good enough.

In this talk, we will propose 3 things that need to change to create a strategy for the current and future environment.

*El mundo está cambiando y el mundo de la ciberseguridad también. La estrategia de ciberseguridad que teníamos hace 18 meses ya no es lo suficientemente buena.

En esta charla, propondremos 3 cosas que deben cambiar para crear una estrategia para el entorno actual y futuro.*

Technical detection is now just the starting point for a series of exercises which will see the entire business work together to identify what happened and to mitigate the results.

In this session, you will learn:

- How EDR and MDR are morphing into BDR
- Why BDR is a challenge for the whole business
- How technology can help, and how it doesn’t

In this 30 minute webinar Ade will discuss how the world of cyber-security detection and response is changing, fast. From IT and technical analysts to the CEO via HR, this is a problem for the whole business to solve together.

While cyber attacks come from all directions, the majority of them originate on endpoints. In this webinar UJ Desai, Director of Product Management at Bitdefender will discuss why organizations are still struggling with endpoint security, and will explore the five critical elements of endpoint security that will allow organizations to effectively defend endpoints from both common and advanced cyber attacks.

Incredibly, 90% of all Security Breaches originate with a Phishing Email and most all breaches trace back to human error. In spite of this reality, businesses spend relatively little time and money on training and testing employees' ability to recognize and prevent the most common Cyber Criminal points of entry.

In a survey conducted by Mimecast, only 45% of organizations provide mandatory Security Awareness Training and of that, only 6% do it monthly. With all we know about learning behavior and corporate culture, how do we get better at raising awareness levels, lower risk, and delivering training in a manner that works?

In this talk, Craig Sandman of Symbol Security, and Security Awareness Practitioner Jonathan Osmolski will walk you through the current realities of Security Awareness, both the Cyber Criminal environment, and what a CISO and Security team has to navigate through in order to execute a program. They also touch on some Security Awareness Specifics, like how to successfully execute meaningful Security Awareness Training and how often should you be training your employees. Join us and find out how you can ensure success in your organization!

According to The Cost of Insecure Endpoints report from Ponemon Institute, ineffective endpoint security strategies are costing these organizations $6 million annually in detection, response, and wasted time

Endpoints are the new network perimeter. Attackers know this. Endpoint threats pose a significant risk to organizations large and small. A report by IDC shares that that 70 percent of cyberthreats actually originate from endpoints. As the bad actors become more sophisticated so should your end point strategy.

Redefine the concept of “endpoint”
Learn why the Global endpoint market is due to double by 2026
Understand effective security measures needed to protect endpoints
Get tips for a unified endpoint security strategy that can help you stay ahead of bad actors.

Moderated by: Jo Peterson, Vice President, Cloud and Security Services, Clarify360
Panelists:
Tom Gorup, VP, Security & Support Operations, Alert Logic
Wade Woolwine, Principal Security Researcher, Rapid7
Juergen Bayer, Product Consultant - Security, HP

What do oBike, a bicycle rental company, Instagram, and the IRS have in common? Answer -- hackers used APIs to access their customers sensitive information forcing these organizations to announce breaches. Although these API attacks were exposed, most API-based attacks go undetected these days – particularly attacks that used compromised credentials.

This webinar will discuss API cyberattack examples and the techniques used by hackers to breach APIs. It will also review how AI-based security ​solutions can effectively stop these attacks and provide deep visibility into your API sessions for forensic and compliance reporting. Topics covered in this webinar include:
- API cyberattack trends
- Review of recent API attacks
- How to monitor and protect your API activity
- How to detect and block API attacks on your data/apps (live demo)
- How to deliver reports with detailed traffic insight for any API
- Best practices for securing APIs

Cyber security is a hot topic as the world has witnessed a rapid increase in cyber-attacks, data breaches, data leaks and espionage. Governments are taking cyber security seriously, increasing investment in both defensive and offensive capabilities, and introducing regulations to support legal frameworks.

Unfortunately, cyber-attackers don't sleep or take vacations and this means you must be prepared and ready at any time during the day or night.

Join this webinar to learn about the following:
- Which cyberattack is most likely the one that will hit you?
- What are the top threats in 2020?
- What are the latest threats?

We are seeing and a experiencing a massive drive from Industry 4.0 towards ubiquitous connectivity and digitalization. This “Interconnected Era” has seen unprecedented adoption of interconnected devices in both our personal and work lives.

The benefits to both a business and consumers are massive and are set to transform all our lives. However, with this “connected everywhere era” comes inherent security and privacy issues. Join us for an interactive webinar and discussion around security best practice, as we navigate thought this new era.

The Coronavirus pandemic has changed the world. Most organizations are scaling their “Work from Home” employee base from zero to 100%. And many organizations are in the midst of rolling out technology required to support their employees, clients, partners, and constituents.

Join Zoom, Microsoft and NTT DATA in this panel discussion as we explore how to collaborate, communicate and conduct business more securely and efficiently during this new paradigm of “distance working.”

Speakers:
Sushila Nair, Security Offer Leader, NTT DATA
Steve Ross, Partner & Technology Strategist, Microsoft
Gary Sorrentino, CTO, CISO, Zoom
Shamlan Siddiqi, CTO, NTT DATA