Hi [[ session.user.profile.firstName ]]

The Evolution of the Threat Management Lifecycle

Becky Pinkard has had the pleasure of working in information technology since 1996 and has been in her current role with Barclays since June 2008. Becky was recruited by Barclays to develop the global monitoring programme with the goal of supplying real-time alerting of critical security and data leakage events to the Bank’s remediation programme and in turn, providing risk information for the Threat and Vulnerability Management Lifecycle decision-making process.

She is a SANS Institute Certified Instructor and began teaching for SANS in 2001. Becky has participated as a GIAC Certified Intrusion Analyst advisory board member and on the Strategic Advisory Council for the Center for Internet Security.

Becky is also a co-author of the Syngress books, ‘Nmap in the Enterprise’ and ‘Intrusion Prevention and Active Response, Deploying Network and Host IPS’. Throughout her career to date, Becky has managed global intrusion detection and data leakage monitoring deployments, designed risk assessment and firewall strategies, performed security audits and assessments, worked forensics cases, and developed security awareness training in small and large environments.
Recorded Sep 9 2009 45 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Becky Pinkard, Barclays Bank, Head of Attack and Data Monitoring
Presentation preview: The Evolution of the Threat Management Lifecycle

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • COVID-19 - What Will Attackers Do? Mar 31 2020 7:00 pm UTC 60 mins
    Chris Roberts, Rod Soto, Nir Gaist, Ira Winkler
    The COVID-19 Coronavirus pandemic provides cyberattackers with opportunities to wreak havoc. The key to thwarting their attacks is knowing how they are leveraging the crisis for their nefarious purposes. And whom better to ask than experts who know how threat actors think and operate?

    Join us for a community webinar with three renowned whitehats who will predict the attack vectors and tactics blackhats will use to take advantage of the fact employees are struggling with fear, uncertainty and isolation while working from home. You will gain invaluable insight into the attacker’s mindset and learn how to harden your organization’s defenses.

    Chris Roberts is one of the world's foremost experts on counter threat intelligence and vulnerability research within the information security industry. Robert was part of Attivo Networks, LARES, Acalvio Technologies, among others.

    Rod Soto is a Security Researcher and co-founder of HackMiami and Pacific Hackers conferences. Rod spent over 15 years in IT and security in organizations like Akamai, Splunk and JASK. He is a frequent speaker at cybersecurity conferences.

    Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.

    Ira Winkler is the Lead Security Principal for Trustwave. He has designed and implemented security awareness programs at organizations around the world. Ira began his career at the National Security Agency as an Intelligence and Computer Systems Analyst.
  • [Earn CPE] How to Get More Visibility into Your Digital Ecosystem Recorded: Mar 26 2020 70 mins
    Kelley Vick, Host. With Chris Poulin, Principal Consulting Engineer at BitSight.
    In today's cybersecurity landscape, having continued visibility into your organization’s attack surface is essential to staying ahead of new and evolving threats. But as your digital ecosystem continues to expand, monitoring and mitigating cyber risk become increasingly difficult.

    During this CPE webinar, BitSight’s Chris Poulin, a risk reduction and cybersecurity expert, will take a deep dive into how you can evaluate your current digital risk management efforts, identify gaps, and prioritize improvements.

    Join us on Thursday, March 26, to learn how to:
    ●Validate and manage your digital footprint across various ecosystems
    ●Monitor for indicators of attack, compromise, and abuse
    ●Leverage business context to prioritize remediation efforts and allocate resources
    ●Initiate response plans to mitigate risks
    ●Track and communicate progress with objective data across environments
    ●Use risk intelligence to improve your security posture
  • Deepfakes, Social & Impact on Elections Recorded: Mar 26 2020 61 mins
    David Morris | John Bambenek | Lance James | Dean Nicolls
    AI-generated fake videos, or deepfakes, are becoming more common, more convincing and easier to create. In the era of social, technically manipulated videos can spread like wildfire.

    This is a particularly sensitive issue in today's politically charged environment. With the 2020 U.S. presidential election on the horizon, foreign interference in elections is a real problem and social media the perfect gateway for sowing misinformation, discord and mistrust.

    Can deepfakes impact the outcome of elections? How easy are they to spot, and do you need a tool for that?

    Join this episode of the Election Hacking series to learn more about the emergence of deepfakes and what can be done to mitigate its impact on elections.
    - The current state of deepfakes
    - How deepfakes can be used in misinformation campaigns
    - Use of deepfakes in cyber crime
    - Social media and the spread of fake videos
    - How tech companies are addressing the scourge of deepfakes (Facebook, Twitter, YouTube)

    - Lance James, CEO of Unit 221B
    - John Bambenek, VP for Security Research and Intelligence at ThreatSTOP
    - Dean Nicolls, VP of Global Marketing, Jumio

    Moderator: David Morris, Executive Director at Digital Risk Management Institute

    This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.
  • Dealing with PCI DSS Compliance During the COVID-19 Crisis Recorded: Mar 25 2020 61 mins
    Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
    The new normal during the current COVID-19 crisis is changing every aspect of the business world. It is also affecting how QSA’s deal with PCI assessment.

    A QSA for the most part has to be on-site for a PCI assessment, how are they do to that when they can’t get to the site?

    On this webinar, The PCI Dream Team will:
    - Provide an overview of the PCI DSS requirements to be on-site
    - Discuss strategies to perform PCI assessments when being on-site is now impossible
    - Answer any specific questions to deal with this predicament
    - Detail work at home issues and concerns
  • Balancing the Security Workforce Recorded: Mar 25 2020 56 mins
    Diana Kelley | Chris Calvert | Larry Whiteside, Jr. | Gary Hayslip
    The world needs more people in infosec. There are currently about 2.8 million cybersecurity professionals, but roughly 4 million more are needed to close the skills gap.

    So, how are organizations addressing this shortage? What are some of the things organizations are doing when it comes to attracting and retaining cybersecurity talent, but also balancing the workload for the security teams they already have.

    Join today's episode to learn more about the challenges and solutions when it comes to balancing the security workforce.
    - Security skills shortage: Myth vs. Reality
    - Top challenges for security teams
    - Addressing burnout and analyst fatigue
    - How machine learning can help
    - Areas where people are better than AI
    - Building a security culture
    - Removing obstacles and attracting new talent

    This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.

    - Chris Calvert, Co-Founder & VP Strategy at Respond Software
    - Larry Whiteside, Jr., Veteran CISO & Cybersecurity Thought Leader; Co-Founder & Interim President - ICMCP
    - Gary Hayslip, CISO, Softbank
  • Preparing for COVID-19: An Infosec Perspective Recorded: Mar 25 2020 30 mins
    Jeff Schmidt, VP of Cyber at Columbus Collaboratory
    COVID-19 pandemic has not only changed our lives but immediately changed our corporate threat profiles by extending our cyber attack surface and increasing our exposure to all kinds of attacks from authentication to human error. Transitioning to a remote workforce directly and significantly impacts your defensive protections. Practical changes can reduce the risk exposure while also minimize unneeded disruptions and fire drills during this turbulent time. In this webinar, we will discuss important cyber threats to consider and provide actionable advice on how to reduce your risk.
  • Coronavirus Pandemic – Cyber Intelligence Fighting the Virus in Cyberspace Recorded: Mar 23 2020 61 mins
    Alex Holden
    In the midst of the Coronavirus pandemic, our society is struggling to adjust to the necessary and unexpected changes. In the information security space, we are prepared for many things, but dealing with a pandemic crisis leaves many unprepared.

    Cybercriminals operate on a different level and are ahead of the game taking advantage of the global crisis with many others joining their ranks. We will discuss critical issues facing information security during this crisis.

    We will also review what you need to know, what you need to be concerned about, and the steps to take today to get your organization more secure and prepared to minimize the potential impact the crisis.
  • Coronavirus Actions and Risks for Tech and Security Leaders Recorded: Mar 13 2020 62 mins
    Dan Lohrmann (Security Mentor, Inc.) | Scott Larsen (Inova Health System) | Earl Duby (Lear Corporation)
    How are state and local governments responding to COVID-19? What are private sector companies doing now? From public health actions to directives for staff, what emergency response steps and risks should be considered?

    Join this webinar for the latest coronavirus playbook roundup and recommendations on how to address the outbreak. Learn the scope of the unprecedented challenges organizations are currently facing. Hear from industry leaders on how they are addressing the COVID-19 outbreak.

    Topics will include:
    - Policy, technology and process steps to take today to protect your workforce and organization.
    - How are orgs dealing with more staff working from home (telework)?
    - What mistakes can be avoided –and how?

    We will close with a Q/A session with the audience.

    - Dan Lohrmann, Chief Security Officer & Chief Strategist at Security Mentor Inc.
    - Scott Larsen, CISO at Inova Health System
    - Earl Duby, CISO at Lear Corporation
  • What I Learned at RSAC 2020 Recorded: Mar 12 2020 61 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.

    Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.

    Join this webinar to learn more about what attendees found interesting at RSAC USA 2020:
    - Emerging Privacy Issues
    - The Human Factor
    - Advancements in Machine Learning
    - Security in App Development
    - Trends from the Innovation Sandbox
    - New Standards and Regulations
    - Security for The API Economy
  • [Earn CPE] Matching Threat Intelligence & Third-Party Risk for Cyber Security Recorded: Mar 12 2020 74 mins
    Panelists: John Chisum, RiskRecon; Jaymin Desai, OneTrust; Allan Liska, Recorded Future; and David Klein, ProcessUnity
    As organizations evolve and become more connected, their reliance on third-party ecosystems continues to grow. While these business relationships undoubtedly add value, they also introduce significant new risk and compliance challenges. The third-party risk management process is complex and involves more stakeholders and data sources than many people may think including: cyber risk information, supply chain, financial, IT, compliance, legal, and privacy risk data. But even with loads of available data, it’s extremely difficult for risk teams to know how to prioritize risk and focus remediation and response efforts without the proper context or processes.

    As a result risk management teams are turning to governance, risk, and compliance (GRC) solutions to help centralize all of this information in order to gain a more holistic view of their third-party ecosystem. Cyber third-party risk data is a critical piece of the puzzle to a holistic third-party risk program within a GRC solution. Having access to a threat-centric view of cyber risk provides risk management teams with real-time insights that enable them to make faster, more confident decisions and effectively manage third-party risk.

    On this CPE accredited webinar our panel of experts will address how to bring threat intelligence into the third-party risk management process and discuss:

    - The importance of holistic risk management and sustainable ongoing monitoring,
    - How to incorporate external content sources and create a centralized data repository for a more holistic view of your vendors,
    - Ways to advance your third-party risk maturity with threat intelligence.
  • Hey You, Get Off Of My Cloud Recorded: Mar 12 2020 51 mins
    Kelly Robertson, CEO, SEC Consult America
    A little discipline goes a long way when moving to the public cloud.

    Attend this talk by SEC Consult America's CEO Kelly Robertson as he discusses what applications are appropriate to move to a public cloud infrastructure and what questions do you need to ask.

    Six considerations of this session:

    - Security
    - Compliance
    - Data Protection
    - Choosing a Cloud Provider
    - Workload Analysis
    - Incident Response

    About Kelly Robertson:

    I'm a senior executive with 30 years of professional Information Security Experience in the Silicon Valley. I worked mainly for large enterprises for the first 15 years, then started Zisher InfoSec, a security consulting firm. In 2017, Zisher InfoSec became part of the SEC Consult organization and I am presently responsible for the SEC Consult organization in the Americas.

    Information Security spans all aspects of the technologies that mankind relies upon and also has a huge impact on digital citizens. I have been fortunate to have worked in 30 countries in the past 20 years across many disciplines, technical vectors and market segments. I believe that the work that we do in this career field is essential to the human race and I hope that my contributions have made a positive difference. A great deal of my focus is in mentoring information security professionals, as individuals and groups through education programs, presentations and publications.
  • Cyber Risk THIS! 6 Practices to Beat Hackers and Satisfy Regulators Recorded: Mar 12 2020 47 mins
    Tony Pietrocola, President, Agile1
    Securing Cloud and SaaS

    Cyber attacks are growing daily, broadening in scope and the costs of a breach are skyrocketing. And here is the kicker, every industry from financial service to healthcare, to government to manufacturing are in the cross hairs. Even the great Warren Buffet recently said that every company is at risk.

    Yes, The Oracle of Omaha is talking tech!

    Cyber criminals have expanded every company’s attack surface by attacking networks, cloud, chips, IoT, mobile devices, applications and API’s. They are relentless. And now the regulators are beginning to pass state level regulations that will eventually hold all of our feet to the fire. Add all of this up and the future points to reality that every single company, regardless of size or industry, will need to do much more to protect themselves and their customers.

    This presentation will cover:
    - Cyber Risk Management
    - How to mitigate risk
    - Show real life case studies
    - Six best practices to explore for your business

    About the speaker:
    Tony Pietrocola is President of Agile1. Agile1 is an intelligence-driven CyberSOC protecting critical network infrastructures from cyber threats. Agile1’s CyberSOC technology is built on a proprietary Machine Learning engine, which analyzes end-point security data in real time allowing us to detect and respond to threats 24X7, before a breach proliferates.

    Tony serves on the board of EBO Group, Inc (acquired by Timken) and Metisentry and is a Board Member of Northern Ohio InfraGard Members Alliance. He holds a Bachelor of Science in Finance from the University of Toledo.
  • Creating Data Leadership through Cybersecurity choices Recorded: Mar 12 2020 27 mins
    Dr. Alea Fairchild, Ecosysm and The Constantia Institute | David Spencer, IBM GTS
    Cybersecurity monitoring is designed to complement, mirror and support your business operations. To create a data leadership position and innovation for your customers, the appropriate cybersecurity policies and solutions need to be in place that fit your specific business model. You need to be thoughtful about assembling a cybersecurity team configured to serve your specific company needs.

    We will discuss how companies are designing their data leadership strategies based on cybersecurity requirements, looking at their internal staffing, technology sourcing and selection of 3rd party providers. Infrastructure expert, Dr. Alea Fairchild will be sharing industry trends based on Ecosystm research findings on cybersecurity solution selection.

    Join this webinar to hear Alea, joined by David Spencer from IBM Security, discuss how to profile your company’s cybersecurity requirements to seek out the best advisors, skill sets and MSSP solution providers to work with your own business model in a cyber secure manner.

    They will explore how organizations can develop a fit for purpose cybersecurity strategy that grows with them in resilience while meeting the challenge of maturing security programs to scale with their business.

    Key Takeaways:

    1. Guidelines to grow a data leadership strategy in a non-highly regulated business.
    2. Five essential questions to ask as you screen potential cybersecurity solution providers.
    3. Why cyber resiliency is a more logical goal than being cyber secure.

    Dr. Alea Fairchild, Principle Advisor, Infrastructure & Cloud Enablement at Ecosystm and Director at The Constantia Institute sprl
    David Spencer, Associate Partner, Cloud Resilience and Availability, IBM GTS
  • Cyber Risk Management - How Effective is Your Program? Recorded: Mar 12 2020 54 mins
    Kojo Degraft Donkor CISSP, Cisco Systems – CX Americas
    Black hat actors continue to escalate the attack surfaces brought on by opportunities in emerging and matured technologies in Cloud, Internet of Things, Machine Learning, Artificial Intelligence. Several frameworks exist for managing Cyber Risks.

    This presentation will answer these questions:

    - How does your organization frame responses to these threats?
    - What approach works best for your organization?
    - What key elements make up an effective Cyber Risk Program?
    - Which of these elements should be top priority?
    - How dynamic is your Cyber Risk Management approach?
  • An ever-expanding IoT attack surface and what to do about it Recorded: Mar 11 2020 49 mins
    Misha Nossik, Co-founder and CEO, Haystack Magic
    Common understanding of Internet of Things (IoT) includes smart devices, such as mobile phones, smart appliances, CPE networking devices and industrial sensors. However, the time is coming when dumb devices, such as tools, lab supplies, assembly parts, household items will join the IoT. If you are worried about IoT security now, imagine the scale and the magnitude of implications when the entire physical world gets included into the attack surface.

    In this presentation we will describe a practical use-case, illustrate the limitations of current methods and discuss the ways to address them.

    About the speaker:

    Misha Nossik is a serial entrepreneur and technology executive with over 25 years of experience in new product development for the Cloud, Cybersecurity and IoT sectors. He is a co-founder and CEO of Haystack Magic, an IoT SaaS for enterprise physical asset tracking.

    Previously, he was a co-founder, CTO and VP R&D of CloudLink, a cybersecurity startup acquired by EMC in 2015. Before that he was a founder and CEO of Thintropy, an early VDI vendor, which was acquired by SIMtone (f.k.a. XDS). He co-founded Solidum Systems, a network processor pioneer, acquired by IDT Inc. In 2001 he co-founded and chaired the Network Processing Forum. Misha has earned his MSc in Applied Mathematics at MIIT in Moscow. Misha is an avid skier and an active instrument-rated pilot.
  • Email Security and Cyber Resilience Strategy Recorded: Mar 11 2020 50 mins
    Chris Hazelton, Lookout | JP Bourget, Syncurity | Ondrej Krehel, LIFARS | Jonathan Lee, Menlo Security
    The email threat landscape is constantly evolving. How are organizations staying up to date on all the email-based cyber threats?

    Join this panel of security experts and industry leaders as they discuss the latest trends in email security and how to prevent becoming the next news headline. Learn how to protect your organization from spam, malware, and phishing attacks.

    - Emerging trends in email attacks
    - Why email security is a key CISO priority in 2020
    - The human element of security
    - Solutions and best practices for protecting your organization

    Chris Hazelton, Director of Security Solutions, Lookout

    JP Bourget, Founder, Director, Chief Security Officer, Syncurity
    Jonathan Lee, Senior Product Manager, Menlo Security
    Ondrej Krehel, Digital Forensics Lead, CEO and Founder, LIFARS
  • Mitigate Risk When Transitioning to the Cloud Recorded: Mar 10 2020 56 mins
    Dr. Maxine Henry, President and Founder, Cyvient
    Companies are at risk when transitioning from traditional on-premise applications and infrastructure to cloud computing solutions.

    It is critical that security and compliance be addressed in the cloud environment. Failure to ensure appropriate security and address compliance requirements may ultimately result in higher risks, costs and potential loss of business. Highly regulated companies should take a comprehensive approach to data privacy, security and compliance before moving systems to the cloud. This includes:

    - Understanding the challenges of compliance on premise versus the cloud
    - What security standards should be adopted in the cloud
    - Demonstrating compliance: how to establish and maintain data privacy, security, and compliance in a cloud environment
  • Continuous Compliance for Cloud and Hybrid Cloud -- Real Time Security Recorded: Mar 10 2020 47 mins
    Darrin Nowakowski, Director Client Services, Cyber Security, CGI
    Hybrid Cloud is the new normal for the modern Enterprise. Information Security departments have accepted that the perimeter is no longer defined by the network and that data protection is central to this new paradigm.

    Are software-defined data controls across clouds and data centers weaker than traditional perimeter defenses? Not necessarily. In some cases they are actually stronger.

    This talk is about the opportunities presented by today’s tools and how these apply to compliance. In particular how continuous compliance is now possible. We will also outline how this changes GRC processes and the role of security compliance in DevOps aka DevSecOps.

    Topics covered include:

    • What is Compliance and what should be included?
    • Compliance Frameworks and Standards.
    • What can we measure and test?
    • How to tie together hybrid cloud compliance
    • Access Controls, Infrastructure, Data and Policies
    • DevSecOps
    • Continuous Compliance

    About the speaker:
    Darrin Nowakowski has 25 years experience working in Cyber Security in Canada and internationally. He has extensive experience as both a practitioner and strategist with a focus on providing Security Architecture, Penetration Testing, Cloud, Web and Mobile Security as well as Executive Consultation, Security Program Development, Strategies and Roadmaps, Risk management and demonstrated leadership.
    As a founder and senior leader, President and CISO, for Star Circle Security, Darrin managed a consulting practice through strong client relationships in the Financial, Public, Telecommunications and Retail Sectors. Mr. Nowakowski is currently working as the Director for Client Services of the Greater Toronto Area Cyber Security Practice for CGI.
  • Cloud compliance in different countries, regions, languages — what is needed? Recorded: Mar 10 2020 41 mins
    Juan Carlos Carrillo, Security Specialist, IBM
    Cloud compliance could be difficult if you are a multinational or in some cases if you have clients in different states, how can you address all the compliance requirements without losing your time redoing work, in this webinar we will describe the basic points you need to develop in order to be ready to comply with different regulations, audits or annual reviews.

    About the speaker:

    Juan Carlos Carrillo is a Security & Privacy professional with IT Management experience of more than 20 years in high tech industry. He has large expertise doing business with technology solutions to financial companies. Throughout Juan Carlos' career, he has developed extensive knowledge with software, hardware, consulting and professional services.

    Juan Carlos has a Masters in Finance graduated from ITESM in Mexico, a B.S. in Computer Systems Engineer from UVM in Mexico, He is certified as an Information Privacy Professional (CIPT), Certified as an Identity and Access Administrator (CIAM) and Certified in Cloud Security (CCSK).
  • CCPA Compliance Beyond Deadline Day Recorded: Mar 10 2020 58 mins
    Guy Cohen | Lisa Hawke | Joanne Furtsch | Laura Koulet
    The California Consumer Privacy Act (CCPA) went into effect on January 1st 2020, yet there is still confusion and uncertainty regarding this data regulation, especially for businesses operating in a post-GDPR world.

    Are you familiar with the CCPA's privacy requirements? Is your organization ready for the most far-reaching data privacy regulation in the U.S. to date? 

    Join this panel of privacy experts for an interactive Q&A session to learn more about how CCPA will impact your organization, as well as dive into the main differences between CCPA and GDPR.
    - The CCPA privacy requirements- CCPA checklist beyond deadline day
    - Data mapping: how and why it is important for CCPA and GDPR
    - Data Subject Access Requests 
    - Other key similarities and differences between GDPR vs. CCPA
    - The future of privacy and compliance in 2020 and beyond

    - Guy Cohen, Strategy and Policy Lead, Privitar
    - Lisa Hawke, VP Security and Compliance, Everlaw
    - Joanne Furtsch, Director, Privacy Intelligence Development, TrustArc
    - Laura Koulet, Vice President, Head of Legal & Privacy, Tapad
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Evolution of the Threat Management Lifecycle
  • Live at: Sep 9 2009 1:00 pm
  • Presented by: Becky Pinkard, Barclays Bank, Head of Attack and Data Monitoring
  • From:
Your email has been sent.
or close