With exponential growth in Cloud technology adoption, there are emerging security and privacy threats that need to be managed. The law is almost always playing catch up with technology advancements and regulators across the globe are starting to drive changes to bring more accountability and transparency in Cloud Privacy. It started with the GDPR and there is a lot more regulation to come.
This session looks at some of the emerging international compliance regulation and considers the impact on Cloud Privacy. It factors costs and benefits and seeks to determine if it is the regulators or consumers of Cloud services that are the driving force behind the demands for more accountability and transparency. We discuss buyer, supplier and organisational behaviour and ask the question, will the drive for Cloud Privacy ultimately lead organisations to profitability or is Privacy just another cost of doing business in the modern world?
About the speaker:
Paul, is often described as the missing link between legal, business and technology as he is one of the few people to bridge the gap in compliance, translating complex legislative requirements into privacy and security deliverables as well as delivering successful privacy and training programs.
Paul specialises in cloud privacy and has many years of international experience working in regulated and non-regulated industries, working on compliance projects and programs. He is a Certified Information Privacy Professional (CIPP/E), a certified international DPO (University of Maastricht) a Certified Cloud Auditor and is also certified in Cloud Security (CCSK).
As the number and frequency of malware attacks continue to increase, we look at the threats, vulnerabilities and risks factors associated with malware attacks and how to keep your organizations secure.
Join this keynote panel with security experts as they discuss malware trends, strategies and tools for better security in 2020:
• The most prevalent threats in 2020
• Identifying the latest malware delivery tools and techniques
• Developing a modern defence strategy and empowering your users
• Malware strategy best practices
Have you ever wanted to know what is involved in a particular Cybersecurity role? If yes then join us at the WSC for a conversation with a Cybersecurity SOC analyst
Host: Connie Blaney
Guest: Afton Bell
The Unconventional Approach Afton Bell is a Cybersecurity Analyst located in Austin, TX. Her path to cybersecurity was a bit unconventional but she’s always had a passion for security. Afton was born and raised in East Orange, NJ. She started flying single-engine aircraft at the age of 12, only a few months before the tragic events of 9/11. She saw the change of the aviation world as they started to enhance security measures across the country’s airports. In 2011, she earned 2 undergraduate degrees in Aviation Technology from Purdue University in West Lafayette, IN. After graduation, Afton followed her drive for security with a focus in IT and earned a Master of Professional Studies in Homeland Security from Penn State University in 2014. In 2017, Afton decided to shift from working in physical security management and earned multiple CompTIA certs to pursue her dream career of cybersecurity. She began working as a Configuration Lab Technician in Chicago to gain valuable experience before moving to Austin, TX for an analyst position. She recently started working as a Cybersecurity Security Operations Center Analyst for a large government entity with a focus in SIEM as of February 2020. Afton often volunteers to mentor young women interested in STEM during events in Austin and is very eager to continue to grow and evolve in such an exciting industry.
Pierre Mouallem, Lenovo; Ahmad Atamhl, Mellanox; Steve Vanderlinden, Lenovo
One of the most important aspects of security is how to protect the data that is just “sitting there.” How easy is it to get to? Who can get to it? If someone does get access to the data, can they read it? These are just a few of the questions that we try to answer when we go through the process of securing data.
Contrary to popular belief, however, securing “data at rest” is not simply encrypting the data. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are equally as important – if not more so.
For this webcast, we’re going to talk about those other factors (Encryption is deserving of its own, specific webcast). We will present the end-to-end process to securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated, discussing:
• How requirements for “data at rest” differ from “data in flight”
• Understanding the costs of ransomware
• How to protect cryptographic keys from malicious actors
• Using key managers to properly manage cryptographic keys
• Strengths and weaknesses of relying on government security recommendations
• The importance of validating data backups... how stable is your media?
With the 2020 U.S. presidential election on the horizon, what are the biggest cybersecurity threats our democracy is facing? How well is the election infrastructure prepared when it comes to cybersecurity, and what are some steps to take today to strengthen the security posture?
Join this panel to learn more about:
- The current government threat landscape
- Which threats can we expect to see in the next few months?
- Why visibility into the security posture of election infrastructure is key
- What's needed to ramp up security quickly?
- Recommendations for enhancing election security
- Mick Baccio, Security Advisor, Splunk
- Dave Klein, Sr. Director of Engineering and Architecture, Guardicore
Moderator: David Morris, Executive Director at Digital Risk Management Institute
This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
Speakers: Evan Tegethoff, Will Ricciardi, and Andrew Calo of BitSight Technologies
Companies work with third-party vendors to help them become leaner, more agile, flexible, and efficient, so they can go to market faster and beat the competition. However, onboarding remains the most time consuming and pressurized part of the process, as security leaders try to balance meeting the demands with the business with the fundamentals of good security. According to Gartner it now takes an average of 90 days to onboard a new vendor, 20 days longer than four years ago.
Furthermore, the recent large scale shift to work from home in response to COVID-19 has accelerated the adoption of new vendors as companies try to enable a newly remote workforce, adding even more pressure on third-party risk managers to onboard and operationalize third-parties faster than ever. Join BitSight’s Evan Tegethoff, Will Ricciardi, and Andrew Calo to learn how third-party risk managers can create faster, less costly and more scalable onboarding processes that enable the business to grow faster and become adaptive to a changing environment, including how to:
- Reduce time and cost to onboard new vendors
- Scale your program more efficiently
- Use tiering to prioritize your assessment process
- Use an adaptive process to monitor your vendors
Diana Kelley | Dominique West | Jon Garside | Dan Harding
Digital transformation - we hear about it all the time, but what does it really mean for security? As organizations transition users, applications, workloads, and data from on-premise into the cloud to improve agility and competitiveness - how does that change their security landscape and threat model? And how can organizations address the challenge of protecting both legacy on-premise systems, while at the same time, also having to secure dynamic multi-cloud-based environment?
Join today's episode to learn about the reality many organizations are facing when it comes to juggling on prem and multi-cloud security, what the key differences are and how to address them for your organization. The panel will also discuss the following topics:
- What are the differences between Cloud Security vs On-Premise Security and why do they matter for organizations in 2020?
- Can we normalize our security posture across the legacy and hybrid/multi-cloud environments?
- Is it possible to improve security as part of a digital transformation program?
- What kind of cyber hygiene do we need to practice? What should be added and what can be taken off security teams' plates?
- Where does DevOps (or DevSecOps) fit into all of this?
- Are cloud security failures the customer's fault?
- What is SASE and how will it impact your organization?
This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.
David Morris | Michael A. Aisenberg | Steven Teppler | Lance James
This is a Special Edition episode in the Election Hacking series on BrightTALK.
The outbreak of the Coronavirus (or COVID19), has redefined every aspect of our lives from the way we work, play, and receive emergency services.
Remote interactions may be the new normal. How will this "new normal" affect our election process and what are the ramifications from a cybersecurity point of view?
Will we be voting remotely in an electronic fashion and if so, what are the threats, vulnerabilities, and weaknesses? What can be done to prepare for a secure voting process?
- Lance James, CEO of Unit 221B
- Steven Teppler, Partner at Mandelbaum Salsburg P.C.
- Michael A. Aisenberg, Principal Cyber Security Counsel in the Defense and Intelligence FFRDC of the MITRE Corporation
Moderator: David Morris, Executive Director at Digital Risk Management Institute
Join this special episode of the Election Hacking Series as we discuss this timely and critical issue.
Sushila Nair, NTT Data | Juanita Koilpillai, Waverley Labs | Peter Smith, Edgewise
The rapid shift to a remote workforce has put an unprecedented amount of pressure on our IT resources; however, our security experts must remain hyper-vigilant in response to bad actors who look to exploit this shift. Micro-segmentation protects organizations’ networks against lateral movement of threats inside a cloud or data center environment to reduce the risk of a security breach. It uses software overlay or network virtualization technology instead of installing multiple physical firewalls. This capability to quickly and easily segment is a key control as our work environments become more and more agile and dispersed. Join our expert panel in this free webinar to ask your questions and learn about:
• What is micro-segmentation
• How, when and why you should use micro-segmentation as a key security control
• How zero trust segmentation can be rapidly extended from the data center and cloud to protect users and admins on remote desktops and laptops
• Common hurdles for implementing micro-segmentation
• How to manage change in a micro-segmented network
Joseph Carson, CISSP, Chief Security Scientist & Advisory CISO, Thycotic
Will AI (whatever the “A” stands for?) ever replace humans for Automation and Threat Detection?
The advances in technology especially with AI (Artificial Intelligence) is being both embraced and feared. Automation is the key to organizations being scalable and assisting with the skilled resource shortage in the cybersecurity industry though will AI ever fully replace humans, and will it eventually be GOOD AI versus BAD AI when it comes to cyberattacks. Could humans simply become a spectator when it comes to the future cyberattacks? This webinar will look into all those questions and possible outcomes.
Join Joseph Carson from Thycotic to take a journey from the present and into the future of AI & Humans, can we coexist together?
What are the current capabilities of AI today in Threat Intelligence?
Can AI prevent cyberattacks?
Will AI replace humans for Cyber Defense or Offensive capabilities?
Future of AI & Humans, can we coexist together?
As organizations adopt modern development technologies including Microservices, APIs and adopt DevOps & CI/CD practices the old ways to implementing QA and application security no longer work.
In this session, we will introduce new methodologies and solutions that enable companies to assure the quality and implement application security into their DevOps practices and insure high quality solutions with DevSecOps by design.
- Gadi Bashvitz, President & CCO, Neuralegion
- Aseem Bakshi, CEO, Webomates
- Ulf Mattsson, Head of Innovation, TokenEx
For decades, security teams have been training employees on the risks of falling for phishes. Despite this, phishing still continues to be a top risk for many organizations and continues to grow in the age of Covid-19. Now more than ever security teams and numerous security awareness studies have seen the limitations of using training to change behaviors in our employees. This talk will focus on how to leverage learnings from behavioral science and psychology to motivate employees to be the best defenders they can. We will walk through examples of how principles like social proof, rewards, gamification, and case studies have been successfully used to improve phishing resiliency. We will then walk through how organizations can implement these approaches to change behaviors like reducing clickthrough, increasing reporting, and driving adoption of MFA.
Eric A. Nielsen, CISSP, C|CISO, CCSP, HCISPP, CAP, CRISC, Chief Executive Officer, Defense in Depth Cyber Security
As an information security professional knowledge of the trends, tactics and techniques facilitate a powerful tool against malicious actors. Data breaches threaten organizational financials and reputations.
Strengthen your security through the use of actionable intelligence. During this attendees will hear about:
- Incident Response Trends
- Cyber Attack Tactics & Techniques
- Tips to Protect Your Organization
Technical detection is now just the starting point for a series of exercises which will see the entire business work together to identify what happened and to mitigate the results.
In this session, you will learn:
- How EDR and MDR are morphing into BDR
- Why BDR is a challenge for the whole business
- How technology can help, and how it doesn’t
In this 30 minute webinar Ade will discuss how the world of cyber-security detection and response is changing, fast. From IT and technical analysts to the CEO via HR, this is a problem for the whole business to solve together.
UJ Desai, Director of Product Management, Bitdefender
While cyber attacks come from all directions, the majority of them originate on endpoints. In this webinar UJ Desai, Director of Product Management at Bitdefender will discuss why organizations are still struggling with endpoint security, and will explore the five critical elements of endpoint security that will allow organizations to effectively defend endpoints from both common and advanced cyber attacks.
Craig Sandman, President and Co-Founder, Symbol Security and Jonathan Osmolski, Security Awareness Practitioner
Incredibly, 90% of all Security Breaches originate with a Phishing Email and most all breaches trace back to human error. In spite of this reality, businesses spend relatively little time and money on training and testing employees' ability to recognize and prevent the most common Cyber Criminal points of entry.
In a survey conducted by Mimecast, only 45% of organizations provide mandatory Security Awareness Training and of that, only 6% do it monthly. With all we know about learning behavior and corporate culture, how do we get better at raising awareness levels, lower risk, and delivering training in a manner that works?
In this talk, Craig Sandman of Symbol Security, and Security Awareness Practitioner Jonathan Osmolski will walk you through the current realities of Security Awareness, both the Cyber Criminal environment, and what a CISO and Security team has to navigate through in order to execute a program. They also touch on some Security Awareness Specifics, like how to successfully execute meaningful Security Awareness Training and how often should you be training your employees. Join us and find out how you can ensure success in your organization!
According to The Cost of Insecure Endpoints report from Ponemon Institute, ineffective endpoint security strategies are costing these organizations $6 million annually in detection, response, and wasted time
Endpoints are the new network perimeter. Attackers know this. Endpoint threats pose a significant risk to organizations large and small. A report by IDC shares that that 70 percent of cyberthreats actually originate from endpoints. As the bad actors become more sophisticated so should your end point strategy.
Redefine the concept of “endpoint”
Learn why the Global endpoint market is due to double by 2026
Understand effective security measures needed to protect endpoints
Get tips for a unified endpoint security strategy that can help you stay ahead of bad actors.
Moderated by: Jo Peterson, Vice President, Cloud and Security Services, Clarify360
Tom Gorup, VP, Security & Support Operations, Alert Logic
Wade Woolwine, Principal Security Researcher, Rapid7
Juergen Bayer, Product Consultant - Security, HP
What do oBike, a bicycle rental company, Instagram, and the IRS have in common? Answer -- hackers used APIs to access their customers sensitive information forcing these organizations to announce breaches. Although these API attacks were exposed, most API-based attacks go undetected these days – particularly attacks that used compromised credentials.
This webinar will discuss API cyberattack examples and the techniques used by hackers to breach APIs. It will also review how AI-based security solutions can effectively stop these attacks and provide deep visibility into your API sessions for forensic and compliance reporting. Topics covered in this webinar include:
- API cyberattack trends
- Review of recent API attacks
- How to monitor and protect your API activity
- How to detect and block API attacks on your data/apps (live demo)
- How to deliver reports with detailed traffic insight for any API
- Best practices for securing APIs
Cyber security is a hot topic as the world has witnessed a rapid increase in cyber-attacks, data breaches, data leaks and espionage. Governments are taking cyber security seriously, increasing investment in both defensive and offensive capabilities, and introducing regulations to support legal frameworks.
Unfortunately, cyber-attackers don't sleep or take vacations and this means you must be prepared and ready at any time during the day or night.
Join this webinar to learn about the following:
- Which cyberattack is most likely the one that will hit you?
- What are the top threats in 2020?
- What are the latest threats?
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.