Hi [[ session.user.profile.firstName ]]

Streamlining Security: Strategies for Improving Effectiveness and Efficiency

For many of us, current information security operations are largely manual and therefore inefficient. This increases costs and results in lower effectiveness of our hard won efforts. In this interactive session, we will explore opportunities to streamline processes and make effective use of the technologies available to us, and establish ourselves as worthy custodians of our limited resources bestowed upon us. Join us at 1:00PM Eastern on February 19, 2015, with our event sponsor, Bromium, for this spirited panel discussion.
Recorded Feb 19 2015 58 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Simon Crosby, CTO, Bromium; JJ Thompson, Rook Security, Chuck Gaughf, (ISC)2; Brandon Dunlap, Brightfly (Moderator)
Presentation preview: Streamlining Security: Strategies for Improving Effectiveness and Efficiency

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Future of Authentication in a Hyper Connected World Jan 18 2018 5:00 pm UTC 75 mins
    Angel Grant, Dir, Identity, Fraud & Risk Mgmt., RSA; Clare Nelson; Brandon Dunlap (moderator)
    With the ever increasing number of devices and applications that individuals use and access on a daily basis, the authentication of individuals has become paramount for organizations. It needs to be done faster, seamlessly and have less impact on the user. What can organizations do to meet this challenge? Are behavioral analytics an answer? What role does identity assurance play? What about multi-factor authentication? Biometrics? Join RSA and (ISC)2 on January 18, 2018 at 1:00PM Eastern for a discussion on where ID/Access management and authentication is going and how these future advancements can impact your organization.
  • The Hot Potato – Who’s Responsible for Vulnerability Management in the Cloud? Dec 19 2017 6:00 pm UTC 75 mins
    Michelle Cobb, CMO, Skybox; Joel Scambray, NCC Group; Derrick Butts, CIO, The Truth Initiative;Brandon Dunlap (Moderator)
    Organizations continue to rapidly move their workloads to the cloud as they benefit from the flexibility and agility this can provide. However, many security processes become increasingly difficult to manage in a Shared Responsibility model. Top among these is vulnerability management which is the key to visibility into virtual and multi-cloud networks. Join Skybox and (ISC)2 on December 19, 2017 at 1:00PM Eastern for our final ThinkTank of the year where we will discuss how to better prioritize and manage vulnerabilities and the best way to provide visibility (and thus, context) into the physical, virtual and multi-cloud environments all organizations find themselves dealing with now.
  • Rideshare to the Cloud: Cloud Security & the Shared Responsibility Model Recorded: Dec 14 2017 61 mins
    Ananda Rajagopal, VP, Products, Gigamon, Dan Watson, Managing Consultant CyberSecurity, IBM, Glenn Hernandez, Frm USCG CISO
    Public clouds provided by services like AWS and Azure continue to surge in popularity with organizations small and large. However, the security of these services and how the responsibility for it is shared can be murky. Organizations want to assure that the public cloud is being used properly by everyone in the enterprise and to run mission-critical applications while meeting compliance and security controls. Join Gigamon and (ISC)2 on Thursday, December 14, 2017 at 1:00PM Eastern for a roundtable discussion on public clouds and the shared responsibility model and how that can help to secure and protect your organization.
  • Cutting Through the FUD Factor – The Reality of Machine Learning Recorded: Nov 30 2017 59 mins
    Seth Geftic, Dir Product Mgmt, Sophos; Dr. Paulo Shakarian, ASU; Rob Ayoub, IDC; Brandon Dunlap, Moderator
    Machine learning (aka Artificial Intelligence) can be found in the marketing literature of a number of new solutions and offerings in the marketplace. But what exactly is it? FUD? Magic Dust? The “Next Big Thing”? There’s a lot of confusion and a lot of questions around this topic. What’s the false positive detection rate? How often does it need to be updated? Does it scale well? Join Sophos and (ISC)2 to explore these questions and more on November 30, 2017 at 1:00PM Eastern in our next ThinkTank webcast.
  • Exchanging Cyber Threat Intelligence: There has to be a better way Recorded: Nov 16 2017 62 mins
    Dr. Larry Ponemon, Founder, Ponemon Institute; Krupa Srivatsan, Infoblox; Tom Gorup, Rook Security; B. Dunlap (Moderator)
    Today’s increasingly complex and stealthy threats are causing organizations difficultly in defending against them on their own. More and more companies are using multiple threat intelligence sources and reaching out to their peers for threat intelligence data. In fact, 66% of respondents in the recent 2017 Ponemon survey, “The Third Annual Study on Exchanging Cyber Threat Intelligence: There Has to Be a Better Way”, report that threat intelligence could have prevented or minimized the consequences of a cyber attack or data breach. Join Infoblox and (ISC)2 on November 16, 2017 at 12:00pm (Noon) Eastern where our panel will discuss top trends that describe the current state of threat intelligence sharing, how threat intelligence sharing and usage has changed from previous years and best practices to using threat intelligence effectively to counter attacks.
  • Using Managed Security Services? You Need Identity Management! Recorded: Nov 9 2017 56 mins
    Naresh Persaud, Sr. Dir. Security, Prod. Mgmt. CA; Greg Shanton, VP Cyber Security, Neovera; B. Dunlap
    Set to double in the next two years, the managed security services market is being driven by the rising cost of security. One MSP found the formula for success by using Identity Management not only to streamline internal security controls but to also help customers reduce risk. If you are using or planning to use managed security services, join CA and (ISC)2 on November 9, 2017 at 1:00PM Eastern to discover the security requirements that require identity and access. We'll discuss use cases managed security companies are addressing and provide insight on how best of breed companies are adapting.
  • Reducing the Attack Surface via Internet Reconnaissance, Automation & Mitigation Recorded: Oct 26 2017 59 mins
    Benjamin Powell, Technical Marketing Manager; John Carnes, Anthem; Dustin Sachs, Navigant; Brandon Dunlap (Moderator)
    Business digital transformation has outpaced conventional cyber defenses. Adversaries no longer attack Firewalls or maneuver laterally between systems to wreak havoc on operations, customers and brands. External threats are the root cause for the majority of today’s incidents and breaches. A recent IDG survey revealed that 70% of enterprises have zero to modest confidence in the ability to reduce their digital attack surface. VA scanners, pen testing and systems tools all provide visibility and control of internal assets, but they fail on the vast number of dynamic web systems, web apps and other components connected to a business and are blind to subsidiaries, ecosystem, global and hosted sites, and service providers - all with possible susceptibility. How can SOC and GRC teams gain the active discovery and direct insight needed to respond to exposed external facing exposed assets - even those not under control of IT? Join RiskIQ and (ISC)2 on October 26, 2017 at 1:00PM Eastern as we explore how to leverage advanced internet reconnaissance, automation, and mitigation to address mounting digital attack surface gaps.
  • A NIST Guide on How Identity Management is Reshaping Cyber Security Recorded: Oct 12 2017 60 mins
    Bill Newhouse, Deputy Director, NICE; Naresh Persaud, Sr. Dir. Security; Prod Mktg, CA; Spencer Wilcox; Brandon Dunlap
    Did you know that 80% of data breaches implicate lost, stolen and weak credentials, as well as excessive access as culprits? NIST’s National Cybersecurity Center of Excellence (NCCoE) is helping companies better understand how to apply standards-based, commercially available technologies to improve their cybersecurity posture. The NCCoE’s security control mappings, reference designs, and lab implementations can be used as roadmaps or checklists for organizations looking to bolster their cybersecurity programs. Join CA and (ISC)2 on October 12, 2017 at 1:00PM Eastern for our ThinkTank where our expert panel will take an in depth look at how Identity Management is shaping the recommendations and requirements for the next generation of cyber security controls.
  • Shoring up Your Defenses by Leveraging Analytics and Machine Learning Recorded: Aug 24 2017 65 mins
    Mark McGovern, VP, Product Mgmt., CA; John Carnes, Infosecurity Senior Adviser, Anthem; Erik Von Geldern, FXCM
    Attackers are getting quicker and more sophisticated. Today's enterprise defenders aren’t able to withstand the pace and complexities of the threats they face. Automated tools and intelligence are being deployed to breach your IT infrastructure and access your priceless data by targeting privileged accounts. In playing defense, security teams must become proactive, not reactive and use data and analytics in a meaningful way, being more effective and agile in detecting attackers and quickly thwarting them. Join CA Technologies and (ISC)2 on August 24, 2017 at 1:00PM Eastern for a discussion on emergence of machine learning and security analytics as tools that organizations can leverage to defend their data and some practical ways it can be used to protect key assets such as privileged accounts.
  • Scaling Up Network Security: Shifting Control Back to the Defenders Recorded: Aug 10 2017 60 mins
    Shehzad Merchant, CTO, Gigamon; Mat Gangwer, CTO, Rook Security; Paulo Shakarian, ASU; Brandon Dunlap (Moderator)
    Network threats and data breaches continue to grow in number, sophistication and speed, overwhelming current defensive capabilities. Security teams, limited in staff, resources and time, suffer from diminished effectiveness and enterprise protection. To stay ahead, organizations must create an adaptive ecosystem of network defenses; much like the body leverages its immune system. A Defense Lifecycle Model speeds threat identification and mitigation by incorporating machine learning and artificial intelligence into these security processes. Join Gigamon and (ISC)2 on August 10, 2017 at 1:00PM Eastern for a discussion on automated prevention, detection, prediction and containment and how it can help to fortify your defense.
  • Security Practices for a More Secure Cloud Recorded: Jun 22 2017 60 mins
    Kurt Hagerman, CISO, Armor; Raj Goel, CTO, Brainlink; Keith Young, Security Official, Montgomery Cty Govt. Brandon Dunlap
    The cloud is full of potential – but also unwanted risks and guests. Threat actors of all skill levels and intentions seek to disrupt, destroy and derail your utilization of cloud hosting for your critical data workloads. How do you defend against this menace? Join Armor and (ISC)2 on June 22, 2017 at 1:00PM Eastern for a discussion on securing and maximizing your cloud investment. We’ll examine the expertise needed, the need to share responsibilities, leveraging proven and emerging technologies and the role integration and automation plays.
  • The Human Target – The Tip of Spear is Aimed at You Recorded: Jun 8 2017 58 mins
    Ira Winkler, Secure Mentem, Sylvester Gray, Sophos; Johnny Deutsch, E&Y; Brandon Dunlap, Moderator
    While Phishing schemes continue to bedevil organizations and security teams, cyber criminals have become more selective and refined about their targets and methods of trying to reel them in. Senior executives have become the “Whales” of the phishing industry, as scammers develop specific, targeted campaigns aimed at value rich individuals like CEOs, CFOs and others with organizational power and access to secured information and financial/personal data. How can security teams educate their upper management on these schemes and keep them from “leaking” details on social platforms criminals can use to bait these well designed traps? Join Sophos and (ISC)2 on June 8, 2017 at 1:00PM for an examination of Spear Phishing and how to secure and educate your executive team from becoming a victim.
  • Unifying Data Protection both To and In the Cloud Recorded: May 25 2017 60 mins
    Dave Bull, Dir, Data Protection Srvs, McAfee, Raj Goel; Keith Young, Brandon Dunlap
    Organizations continue to adopt cloud strategies and technologies at a dizzying pace. Many organizations now look at new IT projects with cloud optics. With the volume of data being transmitted to, from and existing in the cloud ever increasing, protecting that data can be challenging. How can this data, which is always on the move and in myriad locations, have a coordinated security strategy? Join McAfee and (ISC)2 on May 25, 2017 at 1:00PM Eastern for a discussion on how to unify data security across applications, clouds and various locations.
  • Machine Learning and Malware: What You Need to Know Recorded: Apr 27 2017 59 mins
    Robert Leong, Dir, Prod Mgmt., McAfee Labs; Raf Los, Optiv; Dr. Paulo Shakarian; Brandon Dunlap (Moderator)
    The seismic jolt in the Threat Landscape caused by the success of threats like ransomware combined with the geometric rise of so-called zero-day malware (i.e. malware for which no AV signature defenses exist) has given rise to all manner of innovation in the Cybersecurity industry. But a lot of what is being said and presented in the market is really confusing and that’s a problem for practitioners. One of the most-frequently-used phrases in security today is “Machine Learning” or “Math-Based” and “Artificial Intelligence” or “AI”. These phrases are entering the security conversation to describe capabilities, approaches, and strategies, but in reality, they are confusing a great many people. Which begs the question: “What on Earth does it mean?” and “How can Machine Learning be used in Enterprise Security?” Join McAfee and (ISC)2 on April 27, 2017 at 1:00PM Eastern as we clear the confusion, explore the answers to these questions and discuss what this means for dealing with threats.
  • Building a Blueprint for an Insider Threat Program Recorded: Mar 16 2017 58 mins
    Jadee Hanson, Dir of Security, Code 42; Joji Montelibano, Rockwell; Chris Walcutt, Black & Veatch; Brandon Dunlap (Moderator)
    While infosecurity teams are playing defense against external threats, they cannot lose sight of the threat that insiders at their organization pose. Employees, contractors and business associates can all have accounts which provide them legitimate access to systems within the enterprise, but that access can carry significant risk. Detecting, monitoring and preventing such unauthorized access and exflitration is critical. Building an Insider threat program to manage such functions can help an organization get visibility into the problem and streamline these efforts. But where does an organization start when building such a program? What underpinnings need to be in place in order to have success with a program? Get an inside scoop on what it is really like to build and run these types of programs; what are insiders really doing and what are they stealing. Join Code42 and (ISC)2 on March 16, 2017 at 1:00PM Eastern for a discussion on how to construct an effective insider threat program.
  • Information Overload - Making Sense of Threat Intelligence Sources Recorded: Mar 2 2017 62 mins
    John Carnes, Anthem; Mat Gangwer, CTO, Rook Security; Erik Von Geldern, FXCM; Brandon Dunlap (Moderator)
    There's an overwhelming amount of information that comes from the connected world. Information sources are endless, but their credibility can be questionable. Cyber security teams can often relate with an overload of threat data from a variety of sources. Building an effective threat intelligence capability requires drilling down through all of information to find the data that is most relevant to you. So where do you start? To avoid information overload, an organization needs to be selective about the sources that they need to stay ahead of the threats and exploits that can compromise them. Join (ISC)2 and our sponsor Recorded Future for a From the Trenches webcast on March 2, 2017 at 1:00 PM ET for a discussion on threat intelligence sources, what's available out there, and how to separate the signal from the noise so you can spend less time on data collection and more time on analysis.
  • Cross Talk: How Network & Security Tools Can Communicate For Better Security Recorded: Feb 23 2017 59 mins
    Craig Sanderson, Sr. Dir. Prod Mktg, Infoblox; Dan York, Internet Society; Raghu Gadam, Security Analyst (ISC)2; B. Dunlap
    Working in silos, while never a good idea, is a reality in many organizations today. Security and network operations teams have different priorities, processes and systems. Security teams use various controls and tools to mitigate different kinds of threats which provides them with thousands of alerts on a daily basis. They often find it difficult to prioritize the threats to address first. What they may not know is that there is a whole piece of the puzzle they could be missing - core network services like DNS, DHCP and IPAM. These can provide a wealth of information and context on threats, which can help prioritize response based on actual risk and ease compliance. Join Infoblox and (ISC)2 on February 23, 2017 at 1:00PM Eastern for a roundtable discussion on how to use ecosystem integrations between network and security tools for better security and compliance.
  • Be Vewy, Vewy Quiet... I'm Hunting Threats! Finding & Dealing with Threats Recorded: Jan 26 2017 60 mins
    Lance Cottrell; Dominique Kilman; Aamir Lakhani; Brandon Dunlap
    Threats. They are everywhere and one of those things that keep security practitioners awake at night. However, the exposure to and damage from the myriad threats out there can be mitigated via a number of steps. These include threat hunting and detection, investigation and timely and effective response. If your security is synchronized it can help to reduce the response times and the resources that are used. Join (ISC)2 and our sponsor Sophos for our first From the Trenches webcast of 2017 on January 26, 2017 at 1:00PM Eastern for a discussion about threats and how to cut the time in detecting and responding to them.
  • Pragmatic Cyber Risk Quantification Recorded: Jan 25 2017 60 mins
    Jack Jones, Risk Lens; Cody Whelan, Risk Lens; Brandon Dunlap - Moderator
    Quantitative risk analysis is achievable, can be pragmatic, and can actually out-perform qualitative risk analysis in the face of complex issues like intelligent adversaries. Join Jack Jones, the original author of the Factor Analysis of Information Risk (FAIR) framework and (ISC)2 to learn more about FAIR. Jack will highlight both the quantitative use-cases as well as the ways in which FAIR can be leveraged to improve qualitative risk analysis. This will be followed by a demonstration on how to quantify cyber risk with the RiskLens Cyber Risk Quantification software platform.
  • Visibility and Security - Two Sides of the Same Coin Recorded: Jan 19 2017 60 mins
    Cricket Liu, Exec VP, Infoblox; Dan York, CISSP, DNS Sec Prog Mgr, Internet Society;
    You can't secure what you can't see and not knowing what's on your network can be damaging. While security is about proactively detecting and mitigating threats before they cause damage, it is also about gaining deep visibility into today's complex networks which may include diverse platforms and architectures. A truly enterprise grade DNS, DHCP and IPAM (DDI) platform can provide that visibility because of where it sits in networks. On the downside, DNS is a top threat vector but it can be used as strategic control points to block malicious activity and data exfiltration. Join Infoblox and (ISC)2 on January 19, 2017 at 1:00PM Eastern for a round table discussion featuring Cricket Liu, a well known authority on the Domain Name System and the co- author of all of O'Reilly & Associates' Nutshell Handbooks on DNS, as we examine how strategic DNS can be used for visibility and security.
Regular roundtable discussions on a variety of infosecurity topics.
(ISC)2 hosts regular panel discussions on hot button infosecurity topics featuring thought leaders and visionaries from the industry who answer questions from the audience.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Streamlining Security: Strategies for Improving Effectiveness and Efficiency
  • Live at: Feb 19 2015 6:00 pm
  • Presented by: Simon Crosby, CTO, Bromium; JJ Thompson, Rook Security, Chuck Gaughf, (ISC)2; Brandon Dunlap, Brightfly (Moderator)
  • From:
Your email has been sent.
or close