Hi [[ session.user.profile.firstName ]]

CISO Mind Map: Today's Key Cybersecurity Focus Areas

The CISO position is now a multifaceted role that encompasses technical capabilities, legal/GRC requirements, and personnel and project management - all while not losing sight of the main objective: business enablement. This webinar will discuss what is important today for both new CISOs who are building their nascent security programs and seasoned CISOs who are maturing their established security programs.

Topics covered will include:

- Strategic initiatives that are top of mind for security leaders
- Optimal combinations of in-house and outsourced talent
- Technology essentials and non-essentials
- Communicating reports, metrics, and other pertinent information to stakeholders
Recorded Nov 14 2019 44 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Roselle Safran, President, Rosint Labs
Presentation preview: CISO Mind Map: Today's Key Cybersecurity Focus Areas

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Achieving Data Agility in a DevSecOps World Dec 11 2019 11:00 am UTC 35 mins
    Sanjeev Sharma, VP and Global Practice Director for Data Modernization, Delphix
    As organizations mature on their DevOps adoption journey, adopting Continuous Integration and Continuous Delivery (CI/CD) automation, and breaking down organizational silos, application delivery and infrastructure provisioning speed is being accelerated. The next challenge now being exposed is the lack of agility in delivering Data into non-production environments.

    Development and Testing require the availability of relevant data in the production-like Dev and Test environments on demand, to ensure rapid testing and validation of each Build. Data is however difficult to provision and deliver on demand. This results in Data Friction being the impediment to true ‘flow’ through application delivery pipelines. Other than the inherent cost and time it takes to provision and store data instances, there is also the risk that exponentially increases as more and more instances of Data are provisioned in multiple non-production environments.

    As Dev-Test teams deliver faster and leverage more environments across parallel development streams, the number of non-production Data instances is typically several orders of magnitude higher than Production instances, increasing the exposed surface area. The ask hence is to be able to provision and deliver production-like Data instances, on-demand, as, when and where Dev-test practitioners need them in non-prod environments, while securing the Data at the same time.

    In this session Sanjeev Sharma, VP and Global Practice Director for Data Modernization will discuss practices large enterprises need to adopt, across Process, Technology and People in order to be able to Provision, Deploy, Manage, Govern, and Secure Data in Application Delivery Pipelines, addressing Data Friction and Data Security challenges that may be impeding DevSecOps adoption.
  • Securing the Future: Preparing for the Cyber Threats of 2020 Dec 11 2019 9:00 am UTC 45 mins
    Jon Abbott, CEO, ThreatAware
    Carbon Black recently found that 84% of UK organisations had suffered one or more data breaches in the past year. Effectively cybersecurity is critical for ensuring the success of your business in the digital age.

    In this webinar, ThreatAware CEO Jon Abbott explores the problems that cybersecurity professionals have faced over the past year and how these are likely to evolve in 2020. He draws on his twenty years of experience, including as founder of MSP Priority One, to examine how cyber threats develop and how business cybersecurity needs to grow to meet new challenges.

    From comprehensive asset management to compliance with international standards, proficient cybersecurity requires you to juggle a vast number of tools and processes. Jon’s presentation will look at the way in which innovative technology can increase visibility and reduce complexity when it comes to cybersecurity management, to allow your business to embrace positive risk in 2020.

    Key takeaways
    - The biggest risks cybersecurity professionals faced in 2019
    - How these risks are likely to evolve moving forward into 2020
    - What tools allow businesses to embrace new technologies securely
  • What Can You Gain from Machine Learning in Cybersecurity? Dec 10 2019 6:00 pm UTC 60 mins
    Marcaѐ Bryant-Omosor, Software Developer, Cyber Operations Doctoral Student, Dakota State University
    Current schemes are insufficient in addressing the growing security risks and cybersecurity concerns that disrupt companies from all walks of life.

    In this session we will explain some machine learning (M/L) and data mining (DM) techniques in cybersecurity and vulnerability analysis and discovery. We will explore trends, perspectives, and prospects in the field of machine learning to cultivate an understanding of how ML/DM help to advance the cybersecurity footprint. Data is a coveted commodity for businesses, and everyone needs to understand what steps can be done to automate and innovate the hardening on their data and infrastructure. We will discuss key significant advancements that have been accomplished in machine learning in addition to challenges that exist and future areas for improvement and study. Lastly, we will discuss the three types of cyber analytics and how to combat false alarms and mitigate against cybersecurity intrusion detection problems. We will discuss some cybersecurity intrusion case studies, limitations and challenges that lie ahead.

    Key Takeaways:

    - Machine learning can help modernize and advance businesses to run more efficiently and promptly mitigate cybersecurity attacks; which, add-value for businesses on all fronts to protect their company propriety information and customer personal data.

    - Gain insight to machine learning and how it applies to cybersecurity field.

    - Understand how behavior analysis approach can help understand client behavior.

    - Build a better understanding of ML/DM strategies including limitations and advancements.

    - Challenges businesses face with current objectives and how machine learning can innovate previous strategies.
  • [PANEL] New in AI & ML Dec 10 2019 4:00 pm UTC 60 mins
    Michelle Ruyle, Optimized Channel | Jennifer Galvin, Okta | Roselle Safran, Rosint Labs | Ian Hassard, Arctic Wolf
    Join this panel of security experts as they discuss the newest security solutions and strategies utilizing Artificial Intelligence and Machine Learning:

    -Best practices for improving security
    -Why your organization needs to be using AI and ML
    -How to take security to the next level

    Moderator:
    Michelle Ruyle, CEO & Founder, Optimized Channel
    Panelists:
    Jennifer Galvin, Field Alliances Enablement, Okta
    Roselle Safran, President, Rosint Labs
    Ian Hassard, Director of Product Management, Arctic Wolf Networks
  • Cooperative Compliance, Enhancing Cybersecurity Foundational Minimums Dec 9 2019 7:00 pm UTC 45 mins
    Nat Bongiovanni, Chief Technology Officer, NTT DATA Federal Services, Inc.
    Cybersecurity policies meant to protect sensitive information are often misunderstood, avoided, or circumvented by employees. Employees don’t like to be inconvenienced by the extra steps necessary for protection that to them seem unnecessary. This can be compounded by a complex cybersecurity environment with multiple competing standards that seem similar but have unique approaches, naming conventions, and acronyms.

    This session will discuss how to solve these challenges by creating cooperative compliance. Cooperative compliance starts by understanding the entire risk environment based on the NIST SP 800-171 Framework, a foundational minimum for confidentiality and integrity. Using the NIST framework and straightforward messaging for employees, cooperative compliance communicates the reasons for cybersecurity inconveniences and protection.

    Key takeaways:
    •Define cooperative compliance
    •Define and describe the cybersecurity foundational minimum
    •Describe communication strategies
    •Provide practical approaches based on the foundational minimum
    •Comment on useful tools, techniques, and approaches

    About the speaker:
    NTT DATA Federal Services, Chief Technology Officer, Nat Bongiovanni is a US Navy veteran with over 35 years’ experience. Mr. Bongiovanni’s broad IT background allows him to view IT challenges through multiple lenses-- analyst, architect, manager, software developer and cybersecurity expert.

    Nat has spoken extensively on cybersecurity, software and policy development. He recently spearheaded a team of cyber experts to develop a cybersecurity solution to protect network assets and data from internal vulnerabilities.

    Nat’s experience comes from practical application and valuable lessons learned across a diverse set of clients including, the Office of the Secretary of Defense, Defense Intelligence Agency, the Department of the Interior CIO, the U.S. Securities and Exchange Commission, Blue Cross Blue Shield, and Enterprise Rent-A-Car.
  • An International Alliance for Cyber Security Dec 9 2019 6:00 pm UTC 45 mins
    Dr. Lynette Nusbacher | Owner, Coach & Devil's Advocate, Nusbacher Associates
    Alliance is a strong word for a strong relationship. An alliance that sought to achieve collective security in the cyber domain would need to include states with closely aligned interests, would need to agree formal terms of alliance, and would need carefully-defined conditions governing mutual support. Whether or not the United States were formally a member of this alliance, American participation (or non-participation) would critically shape the alliance. Participants close to US security structures, senior figures (active and retired in the Five Eyes Community) and senior cyber security professionals would contribute both the political and technical realities that would determine the paper’s message.

    Cyberspace, like the high seas of classical security strategy, is a space that is partly governable, but inherently chaotic. In order for states’ economies to function in cyberspace, states need to exercise optimal governance over this hard-to-govern space. To do so in an arrangement for collective defence could optimise trading advantages for all.

    About the Speaker:
    Dr. Lynette Nusbacher | Owner, Coach & Devil's Advocate, Nusbacher Associates

    Lynette Nusbacher is an expert on horizon scanning and strategy. She was part of the team that created two of the UK’s National Security Strategies and set up Britain’s National Security Council. She has been Senior Lecturer in War Studies, Royal Military Academy Sandhurst, Head of the Strategic Horizons Unit in the UK Cabinet Office and the Devil’s Advocate in Britain’s Joint Intelligence Organisation. She has a background in red teaming, devil’s advocacy and structured methods of analysis.
  • We are not ready for Next-Generation Cybersecurity Dec 9 2019 11:00 am UTC 60 mins
    David Froud, Director, Core Concept Security
    The temptation to buy a technology to fix a security hole is almost overwhelming. Most vendors know this, and will happily exploit it if you let them. The fact is that very few organisations are even doing the basics yet, without which new technology will be no more effective that the Last-Generation.

    Technology cannot fix a broken process, it can only make a good process better.

    About the speaker:
    David has almost 20 years experience in areas of Information / Cybersecurity, including Regulatory Compliance, Secure Architecture Design, Governance Frameworks, Data Privacy & Protection, FinTech and Sustainable Innovation.

    As Project Lead for several Fortune / FTSE ‘Enterprise Class’ clients, David has performed hundreds of on-site security and compliance assessments for merchants and service providers globally.

    Currently focused on helping organisation unify their security programs with EU regulatory compliance regimes, including GDPR & PSD2.
  • Be Embedded – Lesson Learned from Teamwork & Embedded Cybersecurity Dec 6 2019 7:00 pm UTC 60 mins
    Dawn Beyer, Senior Fellow, Lockheed Martin Space
    Attracting, developing, and retaining women in cyber top talent fields (continuation on the March WiCyS Conference Keynote).

    Dr. Dawn Beyer is a Lockheed Martin Senior Fellow. She has over 30 years of experience covering information security, information assurance, security engineering, cybersecurity, systems engineering, military intelligence and operations, risk assessments, strategy, and policy development and execution. She provides consultation to research and development, proposal, program, and operations and maintenance teams. She also provides guidance, direction, leadership, training, and mentoring to Engineers.

    Dr. Beyer provides leadership with visibility into cyber strategy, workforce talent, technology, capabilities, risks, policy, and opportunities. At Lockheed Martin, Dr. Beyer is the Cyber Fellows Action Team Chair. She also engages in industry exchanges and Co-chairs the National Defense Industrial Association Cybersecurity Division and is a member of the INCOSE Systems Security Engineering Working Group. She is also a board member with the Women in CyberSecurity (WiCyS) Board of Governors.

    Dr. Beyer is a retired Air Force Intelligence Officer with 24 years of service and has performed additional responsibilities as an Information Systems Security Manager, Computer Systems Security Officer, Communications Security Manager, Operations Security Manager, and Emissions Security Manager.

    Dr. Beyer earned her Ph.D., M.S., and B.S. in Information Systems. She maintains the following certifications: Project Management Institute’s Program Management Professional (PMP)®, (ISC)2’s Certified Information Systems Security Professional (CISSP)® and Certified Secure Software Lifecycle Professional (CSSLP)®, and ISACA’s Certified Information Security Manager (CISM)®.
  • Blackstone CISO Fireside Chat: The Importance of Automating Security Validation Dec 5 2019 4:00 pm UTC 25 mins
    Amiati Razton, CEO of Pcysys & Adam Fletcher, CISO of Blackstone
    Pcysys CEO Amitai Ratzon, sits down with Blackstone CISO, Adam Fletcher, to discuss the increasing need to automate security validation and this activity’s place in the enterprise security program.

    In this discussion, Adam will share the reasons for backing the automated penetration testing platform, PenTera with funding, after running it on their network and how it differs from breach and attack simulation products.
  • Live Video Panel - Data Protection Done Right Dec 2 2019 2:00 pm UTC 45 mins
    Allan Boardman, ISACA | Richard Agnew, Code42 | Steve Wright, Privacy Culture Ltd | Bill Mew, Mew Era Consulting
    As the number of data privacy laws and regulations increases globally, organizations need to take a proactive approach to data privacy and security, rather than reactive.

    Join this interactive panel of industry experts to learn more about:

    - How to bake privacy and security into your processes
    - Best Practices for achieving regulation compliance
    - How to mitigate risk with data loss protection technologies and solutions
    - Are we closer to a Privacy-and-Security-by-Design reality
    - How to protect your organization from insider threats
    - Recommendations for Improving Data Management and ensuring Data Protection

    Panellists
    Richard Agnew - VP EMEA - Code42
    Steve Wright, CEO and Partner, Privacy Culture Limited
    Bill Mew, Founder and Owner, Mew Era Consulting

    Moderated by Allan Boardman, CGEIT Certification Committee Member, ISACA


    Data Protection, Data Breach, Regulations, Compliance, Proactive Security, Data Privacy Security Strategy, GDPR, Data Governance, IT Security, Breach Prevention, Risk Management
  • Live Video Panel - Creating a Winning Security Strategy for 2020 Dec 2 2019 11:30 am UTC 45 mins
    Richard Agnew, Code42 | Ray Ford, GDPR Associates | Rita Bhowan, The Law Society
    Join security experts as they review the past 12 months and discuss security strategies, solutions and tools for success in 2020 and beyond.

    Discussion topics will include:

    - The key factors CISOs should consider for their cybersecurity strategy
    - The current and future threatscape
    - Platform Security for 2020
    - Technological solutions that make CISOs' lives easier
    - How organizations are coping with the shortage of qualified security workforce
    - How CISOs can better communicate their strategy to the board

    Panellists
    Richard Agnew - VP EMEA - Code42
    Ray Ford, Founding DPO, GDPR Associates
    Rita Bhowan, IT Security Manager, The Law Society

    Moderator to be Mark Chaplin, Principal, ISF

    Security Strategy, CISO, Cyber Security, IT Security, Best Practices, Skills shortage, Network Security, Cyber Defence, Breach Prevention, Data Security, Email Security, Vulnerabilities, Cloud Security
  • Ask the Expert - Interview with Richard Agnew - VP EMEA - Code42 Dec 2 2019 9:30 am UTC 30 mins
    Paige Azevedo & Richard Agnew, VP EMEA, Code42
    Join this interactive interview with Richard Agnew - VP EMEA - Code42

    Code42 is the leader in data loss protection. Native to the cloud, the Code42 Next-Gen Data Loss Protection solution rapidly detects insider threats, helps satisfy regulatory compliance requirements and speeds incident response – all without lengthy deployments, complex policy management or blocking user productivity. Because the solution collects and indexes every version of every file, it offers total visibility and recovery of data – wherever it lives and moves. Security, IT and compliance professionals can protect endpoint and cloud data from loss, leak and theft while maintaining an open and collaborative culture for employees.

    Richard brings a broad base of sales and management experience to Code42, gained through years leading regional teams within internationally recognised brands such as Veeam, NetApp, and Dell. Outside of work, Richard is an avid cyclist who competes in a number of local organised cycling events.
  • The Day When Role Based Access Control Disappears Nov 25 2019 5:00 pm UTC 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    We will discuss the Good, the Bad and the Ugly of Role Based Access Control. We will review access control in systems where multiple roles are fulfilled and compare MAC, DAC and RBAC.

    We will present the "next generation" authorization model that provides dynamic, context-aware and risk-intelligent access control. We will discuss Identity Management, Data Discovery, AI, policy-based access control (PBAC), claims-based access control (CBAC) and key standards, including XACML and ALFA.
  • Emerging PCI DSS v4 Data Security and Privacy for Hybrid Cloud Recorded: Nov 20 2019 61 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    The upcoming PCI DSS version 4.0 will include many new or revised requirements and compensating controls will be removed It will include support for a range of evolving payment environments, technologies, and methodologies for achieving security. PCI DSS v4.0 further supports the use of different new technologies. The new validation option gives organizations the flexibility to take a customized approach to demonstrate how they are meeting the security intent of each PCI DSS requirement. This customized approach supports organizations using security approaches that may be different than traditional PCI DSS requirements.

    Through customized validation, entities can show how their specific implementation meets the intent and addresses the risk. Unlike compensating controls, customized validation will not require a business or technical justification for meeting the requirements using alternative methods, as the requirements will now be outcome-based.

    We will discuss how PCI DSS v4 may impact:

    - Implementation of the new “Customized Controls”
    - Cloud implementations
    - Compliance cost
    - Changes in liability
    - Relation to the 49 new US State Laws
    - PII and PI privacy
    - Measure data re-identifiability for pseudonymization.
    - Apply data protection to discovered sensitive data
  • Cyber Security is Not a Department: Building an Information Security Culture Recorded: Nov 15 2019 38 mins
    Amy McLaughlin, CISM, CHPS Director of Information Services, Student Health, Oregon State University
    All organizations face ongoing threats from phishing attacks, insider threats, and other trajectories. It is evident that no organization will be able to hire or afford enough cyber security to mitigate or intercept every risk. Security strategy has to start with building a culture in which every employee is responsible for information security. A culture that imbues employee with the training and situational awareness to identify and respond (or not respond, as the case may be) to incoming threats. This webinar explores ways to move beyond everyday security awareness to an integrated security culture.
  • Benefits of Soft Skills in Security Recorded: Nov 14 2019 50 mins
    Rosielle Vengua, Sr. Security Engineer, Nordstrom
    The insider threat continues to top all IT security threats. Conventional threat prevention measures primarily consist of annual security training and inserting security early into a project/product lifecycle to ensure incorporation throughout the design. However, these methods have stagnated in mitigating the largest category of insider threat: unintentional/non-malicious.
     
    This presentation provides anecdotal and empirical evidence via a real-life use case,metrics, and testimonials of soft skills as essential characteristics for a modern organization’s security evolution.  Specifically, it addresses the universal reality of internal-organization perceptions of security. New soft skill methods are then offered to overcome communication barriers with internal and external business/technology partners while also promoting a continual working relationship. The result of these improved relationships is project teams viewing security as an essential team member during all phases of an application/product lifecycle, plus the increased security of applications/products released. Secondary gains include maximizing cooperation and collaboration, creating opportunities to teach security concepts and proactively build security into the team’s processes and procedures, and fostering a team’s willingness to self-report security findings and vulnerabilities. As a whole, these behaviors exemplify a security culture that prevents and mitigates the unintentional/non-malicious insider threat.
  • CISO Mind Map: Today's Key Cybersecurity Focus Areas Recorded: Nov 14 2019 44 mins
    Roselle Safran, President, Rosint Labs
    The CISO position is now a multifaceted role that encompasses technical capabilities, legal/GRC requirements, and personnel and project management - all while not losing sight of the main objective: business enablement. This webinar will discuss what is important today for both new CISOs who are building their nascent security programs and seasoned CISOs who are maturing their established security programs.

    Topics covered will include:

    - Strategic initiatives that are top of mind for security leaders
    - Optimal combinations of in-house and outsourced talent
    - Technology essentials and non-essentials
    - Communicating reports, metrics, and other pertinent information to stakeholders
  • CISO as Commander: The Path from Strategy to Action. Recorded: Nov 14 2019 46 mins
    Griff James, Director, Damrod Analysis Ltd.
    In cyber security the strategic goals are often clear, while the methods to achieve those goals is anything but. This webinar introduces Damrod’s Cyber Strategic Framework that applies military analysis to cyber security challenges. Aimed at security teams trying to implement high level goals in the real world, this talk focuses on effects based planning that integrates disparate elements of IT and security into a cohesive package. Defending the network is about more than technology. Analysis and leadership are critical elements of an effective cyber defense. You will leave this webinar better equipped to develop the tactics that make strategy a reality.
  • Advanced PII/PI Data Discovery Recorded: Nov 13 2019 63 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    Join this interactive webinar as we discuss using advanced PII/PI discovery to find & inventory all personal data at an enterprise scale.

    Learn about new machine learning & identity intelligence technology, including:
    - Identify all PII across structured, unstructured, cloud & Big Data.
    - Inventory PII by data subject & residency for GDPR.
    - Measure data re-identifiability for pseudonymization.
    - Uncover dark or uncatalogued data.
    - Fix data quality, visualize PII data relationships
    - Automatically apply data protection to discovered sensitive data.
  • Q4 2019 Community Update: IT Security Recorded: Nov 13 2019 59 mins
    John McCumber, (ISC)² | Dan Lohrmann, Security Mentor, Inc | Marija Atanasova, BrightTALK
    Find out what's trending in BrightTALK's IT Security community and the challenges keeping security professionals up at night.

    Join John McCumber, Director of Cybersecurity Advocacy at (ISC)², Dan Lohrmann, Chief Strategist & Chief Security Officer at Security Mentor, Inc., and Marija Atanasova, Content Strategist from BrightTALK for an interactive Q&A session to learn more about:

    - Key challenges for security professionals
    - Insights from the (ISC)² 2019 Cybersecurity Workforce Study
    - What to expect in 2020 and beyond
    - Events in the community
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: CISO Mind Map: Today's Key Cybersecurity Focus Areas
  • Live at: Nov 14 2019 4:00 pm
  • Presented by: Roselle Safran, President, Rosint Labs
  • From:
Your email has been sent.
or close