Name: CISO Security Tips to Manage the “End” of COVID-19
Start: 2022-11-03T15:00:00Z
End: 2022-11-03T15:01:01.000Z
Location: BrightTALK
Rating: 4.6

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Identity governance and administration (IGA) programs are critical for managing enterprise security and compliance, yet many organizations face persistent challenges. Operational inefficiencies, reliance on manual processes, and the growing complexity of managing diverse applications and identities often hinder success. As the digital landscape evolves, the stakes are higher than ever for enterprises to modernize their IGA strategies.

This session explores the latest research from Omdia, revealing how leading organizations are addressing these challenges. From leveraging AI agents to automating workflows, discover actionable insights that can transform your IGA program into a driver of business value. Whether you’re refining an existing initiative or planning a new one, this session will equip you with the tools and strategies to stay ahead in 2026.

Join Todd Thiemann, Principal Analyst at Omdia, to uncover what’s working, what’s not, and where the future of IGA is headed.

Takeaways:
- Strategies for integrating more applications while controlling costs.
- Insights into rationalizing workforce identity security tool portfolios.
- The role of AI agents in combating deepfakes and enhancing automation.
- Best practices for governing non-human identities (NHIs) and AI agents.
- Key trends shaping the future of enterprise IGA programs.

Elevating Enterprise IGA Programs for the Future

The rapid growth of digital identities, evolving compliance demands and advanced cyber threats have made identity governance and administration (IGA) a critical priority for modern enterprises. Without a structured governance framework, organizations risk operational inefficiencies, data breaches and reputational harm. Issues like access sprawl and privilege misuse are no longer just IT concerns—they are pressing business challenges.

This session will explore how businesses can implement effective IGA strategies to manage identities, ensure compliance and mitigate risks. Learn how to align tools, policies and processes into a cohesive framework that supports enterprise-wide governance. Discover actionable steps to build a compelling business case, standardize global implementation and achieve quick wins that drive executive buy-in.

Join Vincent Amanyi, Founder of Boleaum Inc. to gain practical insights and proven strategies for enabling IGA success at scale.

Key Takeaways:
- Build a persuasive business case to secure board-level approval for IGA initiatives.
- Define a scalable implementation model for geographically dispersed organizations.
- Benchmark and strengthen your organization’s IGA foundation.
- Discover quick-win strategies to accelerate IGA adoption and demonstrate ROI.

Mastering Identity Governance: Strategies for Enterprise Success in 2026

Identity and access management is at a crossroads. Reliant on passwords and centralized directories, traditional IAM can’t meet the demands of today’s distributed infrastructures and increasingly sophisticated cyber threats. As businesses expand their digital presence, they need adaptable, privacy-preserving solutions to safeguard their assets and ensure seamless operations across ecosystems. But implementing these approaches isn’t without its challenges. 

Modern IAM offers transformative opportunities through decentralized identity models and blockchain-enabled verifiable credentials. These replace static identifiers with cryptographically signed proofs, allowing organizations to achieve tamper-proof identity verification, transparent lifecycle management and enhanced privacy. These new solutions align with zero trust principles, paving the way for trust-minimized environments that prioritize security and user control.

Join Yeghisabet Alaverdyan, Senior Researcher and Associate Professor at IIAP MESCSA RA, to share her insights on how the latest IAM strategies are redefining identity management for the modern age.

Takeaways:
- Discover why traditional IAM systems are not suited to modern infrastructures.
- Learn how decentralized identity models enhance security, privacy and user autonomy.
- Understand the role of blockchain in verifiable credentials and tamper-proof identity management.
- Explore how emerging IAM protocols align with zero trust principles. Gain actionable insights to future-proof your organization’s identity strategy.

Modern IAM: Decentralized Solutions for Evolving Threats

Organizations excel at documenting incidents but fail catastrophically at remembering them. Between audits, hard-won lessons evaporate, cultural knowledge resets to zero and enterprises find themselves vulnerable to the same predictable risks that should have been eliminated months ago.

This session reframes security culture as a living control system where organizational memory becomes your strongest defense. Discover how to transform retrospectives into measurable feedback loops, quantify learning as risk reduction and embed institutional knowledge into governance frameworks that create compounding resilience rather than cyclical vulnerability.

Join Oksana Denesiuk, Senior Product Manager at Kaiser Permanente and ISSA Advisory Board Member, to explore proven methodologies for building unbreakable organizational memory.

Key Takeaways: 
- Track how lessons learned translate into behavioral change and improved security posture. 
- Build lasting organizational memory through structured post-incident processes that strengthen defenses over time.
- Measure how well your organization learns from incidents and translate that into reduced security risks.
- Transform retrospectives into measurable feedback loops that prevent incident recurrence. 
- Embed organizational knowledge into leadership and accountability models for sustained cultural transformation.

Transform Security Culture into Measurable Organizational Memory

As organizations embrace AI systems and hybrid workforces, traditional security cultures focused only on human awareness can no longer address today’s complex risks. AI operates at machine speed, influencing decisions and actions in ways that demand a more integrated approach to managing security. Without a culture that accounts for both human and AI behaviors, organizations risk blind spots that could undermine trust, governance, and resilience.

Security culture needs to become a shared model where leadership, governance and incentives guide both human decisions and the design, training and accountability of AI systems. By viewing AI actions as part of the risk landscape and aligning human and machine behaviors with business goals, security leaders can transform culture into a measurable control and a strategic advantage in an AI-driven world.

Join Sandra Estok, CEO & Founder of Way2Protect, to uncover practical strategies for managing security behaviors, bridging human and AI risks, and effectively communicating with executives and boards.

Key Takeaways
- Understand how security culture must evolve to address both human and AI-driven behaviors.
- Learn to treat AI actions as part of the organization’s risk surface.
- Explore practical methods to measure security behaviors in hybrid work environments.
- Discover how leadership decisions shape human conduct and AI system outcomes.
- Gain techniques to communicate human and AI risks to boards in clear business terms.

Evolving Security Culture: Aligning Human and AI Risks for Business Resilience

Since technology cannot keep us completely protected, organizations must embrace a culture of cybersecurity to build true resilience. This cultural transformation is essential to safeguard against risks and ensure readiness to respond effectively when incidents occur.

This session explores how leading organizations are embedding cybersecurity into their values, attitudes, and practices. By fostering a culture of resilience, businesses can strengthen their ability to anticipate, adapt to, and recover from cyber threats. Learn why every manager has a pivotal role in shaping this culture and how to implement strategies that drive lasting change.

Join Dr. Keri Pearlson, Principal Research Scientist at MIT Sloan School of Management, to explore actionable steps for building a culture of cybersecurity that protects your organization and empowers your workforce.

Takeaways:
- Understand cyber resilience thinking and how it differs from traditional protection strategies.
- Discover key mechanisms for fostering an effective cybersecurity culture.
- Gain actionable insights for managers to enhance resilience at work and home.
- Learn from real-world examples of organizations successfully embedding cybersecurity into their culture.

Building Cyber Resilience Through Culture in 2026

Mergers and acquisitions create exponential cyber risk exposure, yet many organizations lack quantified risk frameworks to guide critical business decisions. As cyber threats evolve and regulatory scrutiny intensifies, executives need concrete data to balance growth opportunities against security investments.

Traditional risk assessments fail during rapid organizational change. This session reveals proven methodologies for translating cyber vulnerabilities into financial impact metrics that drive boardroom decisions. Learn to build communication frameworks that align security investments with business objectives while maintaining stakeholder confidence throughout complex organizational transitions.

Join Vincent Amanyi, Founder of Boleaum Inc, to explore actionable strategies for enterprise cyber risk quantification and communication.

Key Takeaways: 
- Develop risk appetite frameworks that identify, prioritize, and absorb organizational risks with minimal business disruption. 
- Master cyber risk quantification techniques that assign tangible dollar values to security threats across all business levels.
- Build structured communication models to effectively convey cyber risk criticality to diverse stakeholder groups. 
- Implement scalable cybersecurity benchmarking practices for growing organizations. 
- Create boardroom-ready risk reports that support strategic decision-making during M&A activities.

Quantify Cyber Risk Impact for Strategic M&A Growth

Breaches have become a daily reality. Dark web activities and emerging threat vectors outpace traditional defenses, creating blind spots that adversaries readily exploit. Without early warning systems, businesses remain vulnerable to sophisticated attacks that could have been prevented.

Effective Cyber Threat Intelligence (CTI) transforms raw intelligence into actionable insights that enable proactive defense strategies. This session demonstrates how to operationalize intelligence, map adversary tactics to business risks, and implement early warning systems that prevent breaches before they occur. Learn to distinguish signal from noise and convert threat intelligence into measurable risk reduction metrics that resonate with executive leadership.

Leverage Cyber Threat Intelligence for Proactive Risk Mitigation

Open-source software drives enterprise innovation, but unmanaged vulnerabilities create operational risks and regulatory exposure. As cyber threats evolve and compliance frameworks tighten, executives face mounting pressure to balance innovation speed with robust security governance.

Traditional approaches to OSS security often create friction between development teams and security requirements, leading to shadow IT practices and increased exposure. This session presents proven frameworks for integrating security into OSS workflows while maintaining developer productivity and meeting emerging regulatory demands like the EU Cyber Resilience Act.

Join Yesenia Yser, Security Engineer and Open-Source Advocate, to explore enterprise-grade strategies for OSS risk management.



Key Takeaways: 

Implement governance frameworks that protect OSS dependencies without slowing development
Create shared accountability between security, procurement, and engineering teams
Apply SLSA, SBOM, and OpenSSF standards to build enterprise-wide security trust
Balance regulatory requirements with collaborative open source community practices 
Turn OSS security management into a strategic business differentiator

Securing Open-Source Dependencies at Enterprise Scale

The current data security and privacy protection landscape is awash with tools, acronyms, buzzwords that promise to make data breaches and privacy incidents a thing of the past. Yet hotel chains, healthcare providers, banks, department stores and even governments constantly fall victim to data breaches, ransomware or nation-state attacks. 

The plain truth is that tools are only as good as the people that use them and the processes that go with it. Two thousand years ago, the Roman empire had better military tools than the nations they conquered. Yet through time, the Romans fell to the barbarians and are merely remembered through their ruins. Likewise, companies with the latest and most buzzworthy technology implemented still manage to fall victim to attacks. 

In this presentation, industry thought leader Ralph Villanueva will tap into over 15 years’ experience of data security and privacy protection to show why ultimately, the people behind the tools and the processes they use matter more in securing your organization’s data. 

Key Takeaways:
 - How to best deploy tools in the most cost-effective way to optimize benefits.
 - How to best deploy tools to mitigate data security risks from internal and external threats. 
 - The importance of a balanced and holistic approach to data security that equally considers people, processes and technology.

Tools are Nothing: Why People and Process Matter More in Data Security and Privacy

Data security has entered a new era, one defined by AI-powered threats, expanding cloud ecosystems, and evolving global privacy regulations. 

This session presented by TD Bank's Pankul Chitrav explores the critical shifts reshaping how organisations must protect sensitive information in a boundaryless digital world. We will break down the top risks, the essential capabilities of modern security architectures, and the must-have tools for protecting data across endpoints, cloud platforms, and AI workflows. From zero trust to automated posture management and advanced data discovery, you’ll learn what’s required to stay ahead of adversaries and maintain compliance. Whether you’re modernising your security program or building one from the ground up, this talk equips you with the insights needed to create a future-ready data protection strategy for 2025 and beyond.

Future-Ready Data Protection: Securing Modern Data Ecosystems in an AI-Driven World

Cyberattacks are continuing at pace and we're regularly hearing of new data breaches. But who is responsible for ensuring the security of personal data? 

Traditional data protection approaches are failing against modern attack vectors. Organizations need future-ready strategies that go beyond compliance checkboxes to create resilient security frameworks. In this session, we'll explore the current risks to personal data & privacy and delve into the range of models that can be used to protect your organizations critical assets.

This webinar will take you through examples of recent data breaches, identifying the challenges being experienced, learning from what went wrong and how best organizations can plan for the future. Such planning will investigate current good practice, adding some “steroids” to them such that organizations can hopefully stay in front of the next “breach”!

Steve Yates – Chairman of the Resilience Association, will share frontline experience about critical data assets security and protection of user privacy.  

Key Takeaways:

- Be aware of the challenges being experienced in the protection of data security & privacy;
- Understand how best to plan your data resources and capacity to meet tomorrow’s defense;
- Discover the core organizational elements needed for the establishment of a strategic, tactical and operational solution

Strengthen Data Security Strategy for Tomorrow's Resilience Defense

AWS infrastructure offers robust native security mechanisms, but the shared responsibility model places critical configuration burdens on app owners. This creates gaps that attackers can actively exploit through misconfigurations, privilege escalation, and cross-service vulnerabilities which can compromise entire cloud deployments.

Security automation emerges as an essential defense strategy for threat modeling, enabling businesses to enforce security best practices from deployment through ongoing operations. Automated security controls provide continuous monitoring, real-time threat detection, and optimized remediation across AWS services. This ensures a consistent security posture while reducing human error and response times.

Join Ernesto Marquez, Founder and Project Director at Concurrency Labs, to explore proven AWS security automation strategies for threat mitigation.

Key Takeaways: 

- Implement automated security controls that enforce best practices across AWS services 
- Deploy continuous monitoring and real-time threat detection for multicloud environments 
- Configure automated remediation workflows for common security vulnerabilities 
- Integrate AWS security automation tools into comprehensive threat modeling frameworks 
- Establish governance policies that maintain security consistency across cloud deployments

Deploy Automated AWS Defenses for Threat Prevention

As cloud supply chain attacks escalate in sophistication, traditional SBOMs alone prove insufficient for comprehensive security. While SBOMs provide valuable component inventories, they lack runtime verification capabilities—creating a critical blind spot that malicious actors increasingly exploit. This gap between static analysis and runtime behavior represents one of the most significant vulnerabilities in modern cloud environments.

The "Bill of Behavior" (BoB) approach addresses this challenge by providing vendor-supplied profiles of expected runtime behaviors. Generated using eBPF technology, BoBs codify legitimate syscalls, file access patterns and network communications. This enables immediate anomaly detection without custom rule creation, allowing organizations to verify software integrity throughout the supply chain and during execution, dramatically reducing the attack surface while simplifying security operations.

Join Dr. Constanze Roedig, Key Researcher at SBA-Research and Founder of Fusioncore.ai, to discover how this emerging standard complements existing SBOM frameworks to create verifiable trust in your cloud ecosystem.

Key Takeaways:
- Understand how Software Bills of Behavior (SBoBs) create verifiable trust between vendors and clients
- Learn practical implementation strategies using existing OCI distribution standards
- Discover how BoBs significantly reduce attack surfaces across both runtime and supply chain vectors
- Explore immediate benefits of receiving vendor-supplied behavior profiles with software packages
- Discover how CNCF Kubescape allows anomaly detection out of the box

Beyond SBOMs: Runtime Verification for Bulletproof Cloud Supply Chains

Organizations are rapidly adopting AI technologies without fully understanding the security implications. This is creating unprecedented vulnerabilities in cloud environments. In turn, with AI accessible to all stakeholders, the human factor has become the weakest link in cybersecurity defense strategies.

This session addresses critical considerations for IT and cybersecurity leaders to balance business innovation with risk management. Learn how to establish ethical AI frameworks, implement proper access controls, and build awareness programs that protect your organization while enabling AI adoption.

Join Kathleen Mullin, vCISO and Consultant, to explore practical strategies for securing AI in cloud environments while maintaining business agility.

Key takeaways:

• Define clear RACI matrices for AI business risk ownership and accountability 
• Assess whether AI solutions truly meet business requirements vs. alternative approaches
• Establish data governance and access controls specifically for cloud-based AI systems 
• Develop comprehensive AI awareness programs for organizational stakeholders 
• Evaluate current and future cloud AI risks within your security framework

Considerations: Securing the Cloud And In Specific AI

As organizations accelerate cloud adoption, sophisticated security technologies often create a false sense of protection while the most significant threats emerge from within. Human behaviour continues to be the weakest link in cloud security, not due to malicious intent, but through everyday mistakes that inadvertently expose critical systems.

When they create friction, security measures designed to protect can inadvertently increase risk as users will find shortcuts to achieve their legitimate objectives. This session explores the psychology behind user decision-making and reveals how threat actors exploit human nature to bypass cloud defenses, turning legitimate business processes into attack vectors.

Join Simon Ratcliffe, independent management & technology consultant, to discover practical strategies for human-centered cloud security.

Key Takeaways:

- Identify psychological triggers that make users vulnerable to cloud-based attacks 
- Recognize how security friction drives risky user behaviors and workarounds
- Design user-centric security that reduces human error without compromising protection 
- Develop indicators to detect insider threats before they escalate 
- Build security awareness programs that create lasting behavioral change

Securing the Human Element: Why People Remain Cloud Security's Top Vulnerability in 2025

Insider threats are one of the most challenging security risks in multicloud environments, where authorized users can exploit fragmented access controls and limited visibility across platforms. When organizations lack comprehensive oversight of user activities, data flows and privilege escalation paths, the risk posed by human error and malicious insiders is much greater.



Multicloud architectures amplify insider threat risks through inconsistent identity management, scattered audit trails, and complex permission structures that create blind spots for security teams. Strategic threat modeling designed around insider risks enables organizations to map user access patterns, identify privilege abuse scenarios, and implement behavioral monitoring across all cloud platforms before incidents occur.



Join Sandeep Tripathi, IT Solutions Designer at Daimler Truck AG, to discover systematic approaches for detecting and preventing insider threats in complex multicloud environments.



Key Takeaways: 

- Identify insider risk scenarios across cloud platforms using threat modelling frameworks
- Implement comprehensive user behavior analytics and cross-cloud activity monitoring
- Limit insider threat impact and lateral movement using zero-trust access controls.
- Develop incident response protocols for insider-driven security breaches
- Create governance frameworks for managing privileged access in multicloud environments

Mitigate Insider Threats in Multicloud Through Strategic Modeling

Every minute your cloud infrastructure grows, it creates new entry points for potential attacks. As organizations rush to embrace cloud innovations, they're unknowingly building digital labyrinths where traditional security measures fall short.

Cloud security threats are often perceived as purely technical challenges, but the human factor remains one of the most significant and underestimated risks. Misconfigurations, weak passwords, phishing attacks, and inadequate training open doors to breaches even in sophisticated environments. Employees inadvertently expose sensitive data through social engineering, while administrators overlook crucial updates. Insider threats pose significant risks when cloud systems are accessible from anywhere.

Join Jyotirmayee Pradeep Kumar, Vice President of Cloud DevOps at a leading global bank, to explore human factors in cloud security threats.

Key Takeaways: 
- Human error as the leading cause of cloud security breaches 
- Phishing attacks and social engineering threat vectors 
- Managing insider threats in distributed cloud environments 
- Essential security awareness training and culture development 
- Zero Trust architecture implementation strategies

Managing Human Risk in Cloud Security Operations

Cyber attacks are becoming more sophisticated with each passing day. It is crucial for companies to build a strong cybersecurity leadership team to address both present and evolving cyber threats. 

This talk from University of Washington's Deveeeshree Nayak will focus on the key strategies to build a leadership pipeline in cybersecurity to address common cyberthreats organizations will face. 

Key Takeaways:
- Best practices to build a strong cybersecurity leadership team.
- Key strategies to collaborate with a non-technical team.
- Tips to create a diverse and inclusive leaderships team.

How to Build a Successful Cybersecurity Team

Tune into this session and hear a walk-through scope on how to design a responsive playbook that will account for current threats and establish active continuum for security operations center (SOC) team. 

Key takeaways:
- Define the fundamentals and sync with best practice;
- Simplify your messaging and facilitate with actors;
- Align your business environment with postmortems.

Designing a Responsive Playbook

In today’s world, when it comes to ransomware attacks, it’s not a matter of if but when your company will be affected.

To avoid the painful outcomes ransomware ensures including, the prolonged shutdown of operations, lowered employee productivity, increased support cost, and reputational damages, it’s essential that organizations focus on creating a playbook for remediation and recovery that combine technology and process to get your operations back to normal quickly.

Speakers:
Alan Sanderson, VP of North American Sales at Absolute
Jeff Laskowski, VP of Global Professional Services at Absolute
Brian McGowan, VP of Global Security & Privacy at SharkNinja

The Reality of Ransomware Attacks

Perimeterless hybrid environments reliant on cloud infrastructure are a boon for threats. Sophisticated threat actors and insider threats are taking advantage of security gaps presented by this expanded attack surface.
 
Attend this webinar to learn the trends, required data, and detection summaries for key threats. You’ll hear about threats observed in real-life scenarios and how to improve your security posture and stop attacks early in the ransomware kill chain.  

Stay in front of emerging and unknown threats by ensuring you know about best practices in cloud infrastructure, preemptive ransomware and securing IoT and OT.

Speakers:  
Augusto Barros, VP, Cyber Security Evangelist, Securonix
Sina Chehreghani, Manager Incident Response, Securonix Threat Labs
Kayzad Vanskuiwalla, Director Threat Hunting & Intelligence, Securonix Threat Labs

The State of CyberSecurity 2022

As network environments get more complex (e.g., work from home users, BYOD and IoT devices, workloads migrated to public clouds), relying solely upon SIEM and End Point Detection and Response (EDR) solutions is not enough for effective cybersecurity.

This session will explore challenges these solutions face and the advantages you gain with advanced Network Detection and Response (NDR):
 
• Gain packet level visibility across your entire network environment (including public cloud)

• Fill the gaps in visibility left by EDR solutions

• Easily integrate into and complement an existing cybersecurity stack, improving an organization’s overall cybersecurity posture

We will introduce NETSCOUT’s advanced NDR solution, Omnis Cyber Intelligence, and demonstrate how it can improve incident response.

Overcome the Challenges of EDR with Advanced NDR

This session provides practical advice to establish cybersecurity metrics, Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). We begin with an explanation of the differences between them and why each are needed. Examples of how to design metrics, KPIs and KRIs are provided. Areas of focus include cybersecurity measurements for all organizations, for processes & functions and in alignment with a control framework. The end game is to measure if processes and controls are functioning as designed.

We also walk through tips for communicating new metrics and go-to-green updates for metrics in red or yellow status. The session includes 22 metrics and seven resources for many more. All of this saves time and can assist with enhancing your program.

About the speaker:
Gideon Rasmussen is a Cybersecurity Management Consultant with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse cybersecurity industry experience within banking, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management. Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences). He is certified in many programs including CISSP, CRISC, CISA, CISM, CIPP, ITILv3, and NSA-IAM.

Cybersecurity Metrics, KPIs and KRIs

IT and security teams across industries are supporting increasingly distributed workforces and a growing number of device options. Meanwhile, identity-based attacks are the top threat to organizations today, with a Verizon report from 2021 finding that 45% of organizations have suffered a breach due to identity-related threats. Staying ahead of these risks is critical, but since traditional approaches to identity security are often fragmented, complex, and lack agility, this is no easy feat.

By adopting an identity-first approach to security, organizations can elevate their security posture and reduce friction as they adopt hybrid and fully remote working models.

In this 45 minute discussion, ESG Senior Analyst Jack Poller is joined by Ryan Terry, Senior Solutions Product Marketing Manager at Okta, to discuss the role of identity in the modern security stack and explore tips and best practices for teams looking to bolster security and drive productivity across a distributed workforce. 

Topics for discussion include: 
- How to think about adopting an identity-first approach to security
- Balancing security with usability: How an identity-first mindset can mitigate risk while empowering distributed workforces
- Understanding Zero Trust: Why organizations are adopting the approach and how to decide if it’s right for your organization
- And more...

Bolstering Security in the Era of Remote Work

Over the past two years, virtual work has exploded and become the new normal for organizations, schools, and government. But with this new normal has come new dangers for staying safe and secure. 

CyberVista's George Monsalvatge wants to ensure users stay safe when connecting to networks from a variety of locations. In this presentation, he'll cover:
- Checking network connections.
- Signs of compromise.
- How to stop breaches.

How to Stay Safe While Working Virtually

Traditional threat intel is broken. We’re trained to conduct threat intel analysis based on what the industry has given us: wordy threat intel reports, long lists of indicators of compromise with little context, and TTPs that are difficult to take action on. 

Cyber deception, however, gives contextualized rich intelligence on attacker activity. Advanced deception environments, tailored to your attack surface, offer the next generation of threat intelligence collection and analysis. Deception environments are exceptionally effective because they generate known “bad” data. No one should be messing with them. The data they collect is clear and unequivocal. See how they offer clear signals in all the noise.

Start Gathering Your Own Threat Intelligence

Access to independent, current, globally sourced cyber threat intelligence at no charge.
 
We anticipate that the current conflict will lead to a growing number of cyberthreats. Threat actors will be trying to exploit the ongoing crisis for their own ends. To confront this potential wave of cyberattacks, businesses worldwide need to have access to trusted and timely threat intelligence.
 
Kaspersky are industry leaders in Cyber Threat Intelligence. At Kaspersky, we are pleased to announce, we are offering you access to some of our very latest threat intelligence at no cost.
 
Join our webinar to understand more about the features, and see a demonstration.
 
In this webinar Lee Rendell, Senior Presales Manager at Kaspersky UK, will talk you through what Kaspersky Threat intelligence service provides and why we are providing you access to the portal, the intelligence, and at no charge. We will run you through a demo of the Threat Intelligence Portal, to help you understand how this solution can benefit you and your organisation.

Threat Intelligence in action

Email remains the #1 attack vector, yet many businesses remain dismally unprepared for a successful attack. In this webinar, Michael Posey, Channel Presales Engineer at Vade, will examine the latest techniques hackers are using to bypass email filters and the tools and solutions for detecting and responding with precision.

The Email Menace: Understanding and Responding to the #1 Threat to Your Business

While the threat landscape continues to evolve at a rapid pace, organizations typically overlook (or poorly perform) the most foundational aspect of building a strong defensive posture -- the human element. Whether it is misconfiguring a system, clicking on a malicious link, or failing to detect or respond to an anomalous event, most breaches are successful because of human error or inattention. 

Tune into this webinar to learn:
- The key areas where humans create weaknesses.
- Review some common tricks that allow attackers in.
- Changing the mindset of your organization to be more security aware.
- Where to begin along with several takeaways.

It's Not the Silicon, it's the Carbon -- Those Darn Humans

Security vulnerabilities discovered in applications are almost always rooted in security flaws in source code. Here, weaknesses may be logical errors, missing validation, insufficient logging, poor secrets management, missing user permissions checks, unsafe string concatenation, misconfigurations, and much more. 

In this session, you'll learn the importance of incorporating secure code review in the software development lifecycle. While automated scans are helpful and powerful tools, they're no replacement for code review by human experts.

Secure Code Review: Catching Vulnerabilities at the Source

Heraclitus, a Greek philosopher, is quoted as saying "change is the only constant in life." It is no surprise this also applies to the information security world we are a part of. 

The threat landscape is constantly evolving as are the industry and regulatory requirements organizations must adhere to. How then are we to maintain a security strategy that accounts for these ever-changing factors? 

In this live session, we will discuss the key components of a sound security strategy and how to identify and address the changing threats, requirements, and other factors impacting your strategy.

Building Your Security Strategy To Manage Change

What you’ll learn:
Outlining the various solutions in the cybersecurity market
Today’s top security challenges
The differences between Product (XDR) and Service (MDR)
How to select the right solution for your organization
An overview of Secureworks ManagedXDR
Answers to questions that our speakers received during the live webinar

EDR. XDR. MDR. If you’re looking at the cybersecurity market today, there are a lot of acronyms floating around – leading to a lot of confusion.

How do you filter through the alphabet soup and find the solution that solves your unique security challenges? Please join Secureworks® and Frost & Sullivan for a discussion that will clear the confusion in the market and help CISOs understand what to consider in discovering the right solution based on their organization’s needs!

EDR, XDR, MDR: Filtering Out the Alphabet Soup of Cybersecurity

Effective cyber defense requires time-consuming analysis and a level of data aggregation and correlation that is at best an art, and at worst cost prohibitive. Meanwhile, attackers remain agile and inventive, rapidly changing their methods with minimal costs (to them).  Automation brings with it the promise of leveling the playing field, giving more time back to defenders and keeping us equally agile. Unfortunately, it is far more common that automation in cybersecurity expands already monolithic tool sets, extends vendor lock-in, and increases our support costs.  

This talk will outline a pragmatic approach to automation in cyber defense that increases efficiency without breaking your budget. Attendees will learn how to identify candidate tasks and workflows ripe for automation, apply a repeatable approach to introducing automation, and avoid common pitfalls in building a more automated cyber defense.

A Pragmatic Approach to Automating Your Defenses

Are you confident that your Data Protection strategy is effective? With cloud apps, mobility, and state-sponsored threats on the rise, your data is now in danger more than ever. Securing distributed data has become a top challenge in today's organizations, and most security approaches fail to approach the problem holistically. Therefore it’s time to take a step back and re-evaluate your security model.

5 Critical Steps to Secure Cloud Apps and Data

How to defend against inevitable security breaches

Fallen victim to a data breach yet? If not, your organisation is one of the lucky ones - for now. Cyber attackers are using ever more sophisticated attempts to execute attacks on a daily basis. Realistically, it's unlikely that an organisation can swerve an attack without robust cyber security measures already in place to prevent, detect and mitigate cyber threats. 

Hear from Akamai's Director of Security Technology and Strategy, Richard Meeus and:
- Understand the common attacks in the cyber threat landscape - from DDoS, to phishing, MFA and microsegmentation.
- Discover cyber security models and strategies to protect your organisation should it fall victim to an attack.
- Learn how you can provide your users with risk-free access to applications and services.

Have You Been Breached Yet? Are You Sure?

In today’s rapidly changing world, it’s very easy to lurch from issue to issue without stopping to pause and think strategically about where the issues are coming from and how you can prevent the next one from being a career-defining incident. 

In this talk, Quentyn will take a light-hearted view of eight issues he sees frequently today; how they have developed, and how to avoid them keeping you up at night.

8 Things That Keep CISOs Up At Night (You Won't Believe Number 4!)

“Those that fail to learn from history are doomed to repeat it” —Winston Churchill. 

If the age of Covid has taught us anything, it’s that we need to be nimble and embrace change. But what breach lessons can we learn to help us navigate the future? 

Join BCyber’s Co-Founder & CEO Karen Stephens as she unpacks key breach themes and the lessons we can learn to help us prepare for the future. This is the chance to learn from the experiences of others rather than having to learn from your own breach!

Staying Ahead of the Breach

As engineering teams move faster and faster, we’ve seen application security “shift left” - with testing done earlier and earlier in the development lifecycle.  But the way teams test hasn’t changed - we’re still in a land of false positives, vetting applications against known vulnerabilities, and bracing ourselves for emergency patching when the next zero day hits.

By thinking like a hacker when testing applications - you can automatically find exploitable vulnerabilities and fix them while your code is still in development -- giving you stronger security while also increasing velocity

In this talk, we’ll discuss: 
The benefits (and limitations) of current approaches to application security
Balancing security and development velocity - how to build win/win scenarios
Setting realistic targets for application security programs based on known risks
Adopting a hacking mindset to help developers increase velocity and security both 
Using techniques like fuzzing and symbolic execution to ‘hack’ your applications in your own development pipeline

Think like a Hacker: How to Get ahead of Zero Days.

Recent cybersecurity incidents continue to show that public sector entities from local school districts to federal agencies are not immune to cyber threats. These range from ransomware attacks to data breaches involving sensitive student and staff data. 

Tune into this webinar that will examine trends, highlight examples, and share best practices for steps to take before, during, and after a cyber incident with a focus on public agencies and officials.

Public Sector Entities: Vulnerable and Less Prepared Cyber Targets

The evidence is in the news: threat actors are constantly on the hunt for weakly secured applications to exploit. Does your business have a target on its back? What can you do now to avoid becoming tomorrow’s data breach headline?

This webinar examines how cybercriminals are hacking applications and the need for effective application security. Inside, learn:

• How threat actors are exploiting unsecured software
• How we make exploitation too easy for the adversaries
• How a Protection Blueprint can change the tide
• And more

How threat actors hack your applications

Cyber attacks are not random acts that affect only a few. They are calculated ambushes that will impact you at some point -- whether you're prepared or not. Join this session as Jim Goldman discusses the state of cybersecurity, the implications of an attack, and what you can do to best mitigate your risk to protect yourself and your business. 

About the speaker:
Jim Goldman is the co-founder and CEO of Trava, a company created to protect small and medium-sized businesses from the potential damage of cyber threats through risk assessment, security strategy, and cyber insurance. He is a nationally published author and frequently requested speaker and subject matter expert on technical topics and security topics. Prior to founding Trava, he was a faculty scholar at Purdue University where he served as a professor and associate department head. He started a research lab serving the FBI and trust organizations for cloud computing companies that included Salesforce. And while at Salesforce he was responsible for enterprise-wide security governance, risk management, and compliance and built the company's first Security GRC organization.

It's Not Cyber Crime, It's Cyber Warfare

Geopolitical instability and cybersecurity are unavoidably intertwined. Organizations of all types can be at higher risk even if they’re not connected to a conflict. Cyberattacks are a weapon sometimes wielded even against nation-states not directly involved in a conflict. Going into 2023 Russia’s war in Ukraine will bring it with cyberthreats. Other nations too, including North Korea, Russia, China and Iran, are likely to raise organizational leaders’ concerns about security.

This panel will look at the current and near-future prospects for geopolitical conflict, including
• The role of cybercriminals in conflicts between nations, such as the Conti and Stormous ransomware groups’ support for Russia in the current Ukrainian conflict; 
• How nation-states weaponize cyber-attack skills to increase their power in the world;
• Where CISOs, CEOs, and other organizational leaders should focus security investments to respond to threats issuing from global conflict.
• What tools exist for companies to keep themselves from becoming “casualities” in an international conflict.

Moderated by: Rob Wright, News Director at TechTarget 

Panelists:
Kevin Kirkwood, Deputy CISO | LogRhythm Inc.
Ron Meyran, Senior Director | Radware
Deveeshree Nayak, Assistant Teaching Professor | University of Washington School of Engineering and Technology

Geopolitical Instability and Its Impact on Cybersecurity

Could your organisation truly survive a data breach and emerge unscathed? 

If the answer is no, or maybe, your cyber security strategy needs a rethink. The importance of preventing and protecting your organisation against a cyber attack is now a fundamental ‘must’, not simply an option. If your organisation was attacked, how would the attacker be detected and moreover, what response plan is currently in place and how could impacts be minimised?

In this fireside discussion, ESG Analyst John Grady is joined by Richard Meeus, Akamai’s EMEA Director of Security Technology and Strategy to explore how to bullet-proof your data for 2023. 

Join them to discuss: 
-  Why active prevention is now a security 'must-have' instead of a 'nice-to-have'
-  The risk organisations will face in 2023
-  How to minimise the impact of a breach
-  The state of ransomware in 2023 
-  And much more!

Get Ahead of the Game: Preparing for 2023’s Inevitable Cyber Security Breach

What if you could predict, and thus prevent, most security incidents in your organization? While we know 82% of attacks originate from human fallibility, effective risk management requires pinpointing the riskiest users. Fortunately, recent research has revealed the 7% of the workforce responsible for the majority of incidents. 

This presentation offers security professionals a new way to think about measuring user risk. Attendees will come away with:
• An understanding of how user risk can be quantified with data from security tools;
• Examples from leading security teams who’ve improved their organization’s cyber defense;
• An approach to the different stages of user-risk management, from feedback to tailored controls;
• Methods to mitigate workforce risk by applying risk-appropriate interventions; 
• Ways to use feedback to build trust and transparency and risk-based controls to enhance security protection;
• and more!

Master Security Kryptonite: How To Proactively Pinpoint and Mitigate User Risk

In today’s cybersecurity landscape, you can never let your guard down. Imagine you come into work to find your servers have been infected with ransomware.  Where do you go from here?   

By leveraging machine learning and true artificial intelligence, you can gain peace of mind knowing you have around-the-clock coverage to prevent cyberthreats and stop bad actors in their tracks. 

Join Jonathan Jackson – Director Sales Engineering, from the BlackBerry Cybersecurity team in APAC to learn: 

- The basic steps you can adopt now to prevent being exposed by threat actors. 
- How you can protect your organisation from threats lurking in the shadows 24x7x365. 
- It’s time to outsmart and outlast modern cyber threats.

Threat Actors Never Sleep ....Neither Can Your Security

In twelve short months, Zero Trust has gone from buzzword to the default security paradigm. The percentage of Asia Pacific companies with a defined Zero Trust initiative underway has increased dramatically, up almost 20% in 12 months. 83% of businesses now say Identity is important to their Zero Trust security strategy, and we’re seeing an interesting shift in the prioritisation of security over customer experience in the APAC region. 

According to Okta’s latest State of Zero Trust report, almost all APAC companies surveyed will have a Zero Trust strategy in plan or in play by the end of 2022. Many of these organisations have moved beyond the preliminary phases of implementation such as MFA, SSO and connected used directories. 

Join us as we invite guest security experts [name] from AWS and [name] from Crowdstrike to unpack the findings from this year’s report, and reveal what this means for the future Zero Trust adoption in APAC. 

What’s driving the rapid adoption of Zero Trust?
Why is the balance tipping in favour of Security over CX? 
Why should you prioritise Identity as the foundation of your Zero Trust strategy?   
How to accelerate your Zero Trust journey past the traditional and emerging phases?

Zero Trust - Revelations and evolutions of today’s default security paradigm

APIs are ripe and juicy targets for cybercriminals, and loaded with attack traffic that is invisible unless you have effective API security. APIs now consume as much as 60% of all internet bandwidth, but many of them have weak security architecture, which opens the door to data breaches, ransomware, malware, DDoS attacks, and other cyber threats.

Enterprises commonly don’t know how many APIs they have or which ones are dormant. Their APIs are like black boxes, leaving enterprises with a problem: they can’t protect what they can’t see.

Join this webinar to learn how cybercriminals are exploiting APIs, why the lack of visibility into API traffic is a serious problem for enterprises, and what you and your team should do now to mitigate risk. Presented by industry researcher and analyst Richard Stiennon, and API security expert Rob Dickenson, founder of Resurface Labs.

The Latest Trends in API Security: Learn How to Stay Ahead of Attackers

Quantum risk is the threat of capable quantum computers upending cryptographic methods, such as RSA or elliptical curve algorithms, widely used today for securing information flows through communication networks. A sufficiently capable quantum adversary would be able to decrypt sensitive data in short order disrupting the trust in the digital systems that increasingly undergird our society.

Join us to learn: 
What is quantum risk and when will it impact my organization?
How does encrypted data provide a false sense of security?
How to protect against a “Harvest Now, Decrypt Later (HNDL) attack 
How threat actors can use quantum computer to decrypt your data
 
Buckle up as we start your journey into quantum risk and understanding the coming storm.

Quantum Risk Is Here Now. Are You Ready?

2023 is shaping up to be another challenging year for CISOs. A possible recession, CISO liability for breaches, cyber Insurance and ransomware trends are just a slice of issues CISOs will have to contend with in the near future. 

This presentation will provide a look ahead into what is on the horizon and how we can best prepare our cyber defenses to protect our people, customers, and assets.   

About the speaker:
Mr. Zalewski, through his company S3 Consulting, provides the following security advisory services:

• Executive advisor for early-stage security companies
• CISO advisor to venture capital firms internationally
• CISO for companies requiring a temporary or part-time CISO
• International cybersecurity training and facilitation

He is the former CISO at Levi Strauss & Co and has held senior security positions at Pacific Gas & Electric and Kaiser Permanente.  Other positions Steve has held include senior engineering mgmt. roles in storage networks, data protection and enterprise operating systems.

His credentials include multiple patents in data protection and multi-processor operating system design and CISSP, CISM and CRISC security certifications.

Steve also co-hosts the CISOSeries Defense-in-Depth Podcasts and is a frequent speaker and panel moderator for webinars and industry events.

Top CISO Concerns for 2023 and How to Prepare For Them

Backed by decades of security experience, Towerwall learned that there is no single piece of technology or system that will keep your organization secure. 

That’s why Towerwall security experts developed a unique security approach that is not only consistent, repeatable and measurable, but also flexible enough to adapt to the changing threat landscape.

In this discussion, Towerwall Founder & CEO, Michelle Drolet outlines how your organization can deploy the 7 Dimensions and stay secure.

About the speaker:
Michelle Drolet, founded and CEO of TowerWall, is a member of the Forbes Technology Council. The Software Report recently named Drolet one of the Top 25 Women in Cybersecurity in 2021; she's also been named one of the Top CEOs to Watch in 2020 by CIO Views and The 10 Most Powerful Women in the Channel by VARBusiness Magazine. She sits on the Framingham Foundation Board Events Committee and the MassBay Cyber Security Advisory Board and is past chair of the Mass Bay Foundation Board, MetroWest Chamber of Commerce, and Framingham ESL. She is the founder of the Information Security Summit at Mass Bay Community College, New England’s premier event that gathers top security and risk management professionals for open dialogue on the latest threats, developments and trends occurring in information security.

7 Dimensions of Cybersecurity

Technology plays an important role in our day-to-day life. Whether it is working from home, managing our work schedules, or tracking personal routines and daily activities, we are majorly dependent on technology. With this reliance comes the biggest challenge of securing our information and preventing the risk of opening the doors to intrepid hackers. 

Tune into this presentation to hear TD Bank's Pankul Chitrav discuss some of the cyber security and risk mitigating techniques to achieve a risk-free cyber zone.

Entering a Risk-Free Cyber Zone

Ransomware continues to be a top security concern for cybersecurity teams, with no signs of abating in 2023. Instead, businesses must learn to live with the reality of expecting to be attacked and taking the right measures to react quickly when it happens. In this keynote presentation, ESG will present its latest findings on the prevalence of ransomware and provide best practices to help organizations make strides toward readiness, develop a plan for response, and recover quickly.

Ransomware Preparedness: Cyber Resiliency for 2023

The 2023 Threatscape

With the post-pandemic work environment taking shape, CISOs must now come to terms with permanently remote and hybrid workforces, the decline of VPNs and perimeter-based security technologies and other inalterable changes. At this “point of no return,” security leaders require an updated roadmap to effectively manage new and improved cyber threats and a user base stretched out across locations doing work with third party and non-sanctioned applications. Attackers are growing sneakier and more sophisticated in penetrating the less defined barriers of the new workforce. CISOs should rethink old strategy and risk models in order to secure their companies in this destabilized post-pandemic world.

Tune into this panel discussion including top experts in the cybersecurity sphere and discover how CISOs and other security leaders can guide their companies into a safer future. Some of the key discussion points will include:

- Top threats predicted to strike in 2023 and how security leaders can prepare.
- How to phase out legacy security technologies that may no longer be effective in this post-pandemic work world.
- The biggest challenges brought forth by hybrid and remote workforces and how to address them. 
- Rethinking and re-organizing your organization’s risk model.

CISO Security Tips to Manage the “End” of COVID-19

Covid-19

CISO

Cyber Security

Cyber Attacks

Enterprise Security

Remote Office

hybrid workforce

Cyber Threats

future of security

risk model

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

CISO Security Tips to Manage the “End” of COVID-19

Presented by

About this talk

Information Security