Hi [[ session.user.profile.firstName ]]

2016 (ISC)2 Security Congress – Member Town Hall – Part 1

Meet the newest members of your association membership management team as David Shearer, (ISC)2 CEO interviews Patrick Craven the new Director for the Center for Cyber Safety and Education (formally (ISC)2 Foundation and Dan Waddell the newest (ISC)2 Managing Director for the North America region. This was originally held on September 11, 2016. (NOTE: Due to length of presentation, this video DOES NOT qualify for a CPE)
Recorded Oct 13 2016 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
David Shearer CISSP, (ISC)2 CEO; Patrick Craven, Director, Center for Cyber Safety& Education; Dan Waddell, CISSP,
Presentation preview: 2016 (ISC)2 Security Congress – Member Town Hall – Part 1

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • One CyberSecurity Standard to Rule Them All?! Recorded: Jan 10 2019 51 mins
    James McQuiggan, CISSP Product & Solution Security Officer Siemens Gamesa Renewable Energy
    Companies today are increasingly discovering that it is difficult to determine which standard they should implement to secure their company's data, assets and people. Within the manufacturing, oil and gas, and electricity industries, they have a responsibility to themselves but also to customer's demands to be secure and compliant. Which one should they use? NIST, ISO, UL, NERC CIP, IEC 62443? This alphabet soup of standards certainly gets confusing. Is there a right one to use? Should more than one be used? From the purchaser standpoint in regards to a long-term model for industry control systems and how commodity hardware and software are demanding a change in paradigm, but rate cases do not allow for it.
  • Implementing a Successful Privileged Access Management Program - Lessons Learned Recorded: Jan 10 2019 53 mins
    Tariq Shaikh, CISSP, PMP, ITIL IT Program Manager, IAM Aetna
    Exploitation of privileged access is the #1 root cause of most large scale breaches in the recent past. Organizations are at risk of exploitation as there are typically limited controls (tools, processes) to manage privileged access and little to no comprehensive view of these controls A well-run Privileged Access management program can considerably mitigate the intentional/unintentional misuse of privileged access at all levels in the IT Stack (Host, Database, Network, Applications). This session will provide pointers on how to run a successful multi-year Privileged Access Management Program.
  • In-House Digital Forensics Team: Modern Information Security Program 'Must Have" Recorded: Jan 9 2019 55 mins
    Gregory Braunton National Director, Threat Management, Incident Response & Forensics Catholic Health Intiatives
    Litigation happens. Is your preservation, collection, presentation and reporting function legally defensible? Likewise, do you have events within your enterprise that require a methodical investigation using digital forensics--a cyber incident, employee abuse, HR investigations, employment or organizational lawsuits? Need legally sound email preservation and collection, or investigate TOR/BitTorrent client, illicit use, fraudulent activities, or AUP violations? Learn the trained staff, tools, processes, workflows and synergistic relationships with privacy, legal, HR and risk teams required to run successful, value-added and indispensable digital forensics and eDiscovery functions companywide. Digital forensics is a necessary core competency and capability for the modern information security function in enterprises small and large.
  • Performing AWS Cloud Security Audits Recorded: Jan 8 2019 46 mins
    Tim Sills, MBA, CISSP, CISM, CISA
    The migration to cloud services provides companies with enormous opportunities to deliver their brand worldwide. The ease by which the cloud providers enable their complex services offers convenience. Yet, the providers do not always take into consideration security requirements needed to safeguard sensitive data, maintain compliance and protect against data breaches.

    We will answer the question of how do you perform an audit against an environment that consists of hundreds of resources that are all located world-wide? How do you validate that the deployment aligns with corporate policies? We will introduce open source tools to show how data can be collected across AWS deployments, and we’ll discuss how to interpret the results in that green is good and red is bad may not always apply.
  • In-House Digital Forensics Team: Modern Information Security Program 'Must Have" Recorded: Jan 7 2019 55 mins
    Gregory Braunton National Director, Threat Management, Incident Response & Forensics Catholic Health Intiatives
    Litigation happens. Is your preservation, collection, presentation and reporting function legally defensible? Likewise, do you have events within your enterprise that require a methodical investigation using digital forensics--a cyber incident, employee abuse, HR investigations, employment or organizational lawsuits? Need legally sound email preservation and collection, or investigate TOR/BitTorrent client, illicit use, fraudulent activities, or AUP violations? Learn the trained staff, tools, processes, workflows and synergistic relationships with privacy, legal, HR and risk teams required to run successful, value-added and indispensable digital forensics and eDiscovery functions companywide. Digital forensics is a necessary core competency and capability for the modern information security function in enterprises small and large.
  • Exploring Smartphone Ransomware Recorded: Jan 3 2019 48 mins
    Kevin McNamee, CISSP, Director, Threat Intelligence, Nokia
    If the new generation of smartphone ransomware is combined with worm-like spreading capability akin to something like Wannacry, the result could be catastrophic. We will look at several examples of smartphone ransomware with demonstrations showing how the phone is infected, how the device is locked, what data is encrypted, how the ransom is paid and what can be done about it. The presentation will conclude with a discussion on the evolution of smartphone ransomware and how the technology could be leveraged to launch a major attack against the mobile network services by disabling a significant number of handsets.
  • Rise of the Machines Recorded: Jan 2 2019 34 mins
    Aamir Lakhani, Lead Researcher, Fortinet
    Many of the top security vendors, information security specialists and cybersecurity professionals are claiming how artificial intelligence and machine learning are changing the face of defending against the most advanced attacks. Most vendors fail to be transparent on how these technologies work. We are bombarded with buzzwords, yet we don't understand what they mean, what the technology does, and how we should keep vendors accountable. When we look for the details on the specifics of what makes these products effective, we are usually given vague answers or told it is a proprietary technology. The truth is there is no magic behind machine learning.

    This talk will examine the details behind the mechanics on artificial intelligence and machine learning. We'll discuss how different techniques are being used to detect malware, malicious domains, phishing emails and other threats. We will examine how these systems need to be set up and trained, and the inherent weaknesses built into them.

    We will examine why these technologies fail and how attackers routinely bypass these methods for detection to infiltrate systems. Attendees will learn about advance attacker techniques and how hackers are using machine learning against organizations that use them.

    Learn to look past the marketing hype and understand the true value and limitation of cybersecurity AI. You will understand what the technology actually has the capability of achieving and how to hold vendors who claim they utilize the technology accountable.
  • Risk Management and the Cyber Threat Landscape Recorded: Jan 2 2019 56 mins
    M. K. Palmore, MBA, CISM, CISSP Assistant Special Agent in Charge - Cyber Branch Federal Bureau of Investigation
    A strong understanding of risk management principals has been the new call to action for information security professionals. This is surely a necessary component of developing a strong information security posture, but maintaining a firm grasp and understanding of the cyber threat landscape remains foundational in establishing world-class security. This session examines the threat landscape and places emphasis on basic risk management principals needed to convey the need for resources to the C-suite and boards of directors.
  • Your Table Tops Are...ZZZZZZZZ Recorded: Jan 2 2019 58 mins
    Kristy Westphal, CISSP, CISA, CRISC, CISM, CIPP/US CSIRT, Vice President MUFG Union Bank
    Table top exercises are key in properly preparing for incident response. Ever wonder why you hear the sound of snoring during them? This talk will bring together ideas, examples and methods that you can try in your table top exercises to not only make them meaningful, but truly uncover gaps in your incident response playbooks and help drive valuable post-mortem action plans. We will also touch on how to derive meaningful metrics from your exercises to report back to your management to show that it was time well spent and that there needs to be more time spent on them!
  • Automating Security Controls Using Models and Security Orchestration Recorded: Jan 2 2019 28 mins
    Kurt Lieber VP, CISO IT Infrastructure Aetna
    Many organizations have adopted machine learning and data analytics to help them identify security anomalies. However, mere identification isn’t good enough in a world where Petya and other modern attacks can take down 15,000 servers in a single organization in under two minutes. To combat these new types of malware, organizations need to be looking at Model-Driven Security Orchestration, where the security responses to emerging threats and attacks are automated and driven at machine speed. In this presentation, Aetna will provide an overview of our security orchestration program, including what worked, what didn’t and lessons learned.
  • Making Cybersecurity Personal Recorded: Jan 2 2019 34 mins
    Patrick Craven, Ciera Lovitt
    Bring the human aspect of cyber safety to your business, local schools and community with the latest Garfield program and other new, engaging educational opportunities from the Center for Cyber Safety and Education. As cybersecurity experts, you know the dangers our current and future generations are facing online. This is your chance to feel good and make an impact in your community. Join the conversation and get involved.
  • Tips, Tools & Techniques Every CISSP Needs in Their Security Toolkit Recorded: Dec 3 2018 55 mins
    Ron Woerner, MS MIS, CISSP, CISM, PCI QSA – President & Chief Cybersecurity Consultant, RWX Security Solutions
    Every cybersecurity professional needs to keep a toolkit of programs, apps and resources for troubleshooting and securing systems. In this session (updated from 2017), you will see and learn about common tools used in cybersecurity assessments, investigations and administration. The presenter will demonstrate ways to use these tools in both home and work. Tools to be demonstrated include virtual environments, Kali Linux, OWASP ZAP, Bash scripting, Windows PowerShell, Windows SysInternals Suite, Wireshark, nmap and many more. This was one of the most popular sessions of the 2017 Security Congress. In the discussion of these tools, you will understand techniques to optimize their use based on the need and circumstance.
  • How to adapt the SDLC for DevSecOps Recorded: Nov 28 2018 59 mins
    Zane Lackey, Chief Security Officer, Signal Sciences
    The standard approach for web application security over the last decade and beyond has focused heavily on slow gatekeeping controls like static analysis and dynamic scanning. However, these controls was originally designed in a world of Waterfall development and their heavy weight nature often cause more problems than they solve in today's world of agile, DevOps, and CI/CD. This session will share practical lessons learned at Etsy on the most effective application security techniques in today's increasingly rapid world of application creation and delivery.
  • The Workforce Gap Widens: The Need to Focus on Skills Development Recorded: Nov 20 2018 59 mins
    John McCumber, Director of Cybersecurity Advocacy, North America, (ISC)2
    The 2018 (ISC)² Cybersecurity Workforce Study finds the cybersecurity skills shortage continues to grow. But the news isn’t all doom and gloom. Our latest deep dive into the issues and challenges facing cybersecurity professionals adopts a new approach to more broadly define the cybersecurity workforce. The study reveals a relatively satisfied, younger and more diverse field of practitioners focused on developing their skills and advancing their careers. Join (ISC)² Director of Cybersecurity Advocacy, North America, John McCumber On November 20, 2018 at 1:00PM Eastern as we examine how practitioners are dealing with the workforce gap while balancing skills development, hiring priorities and everyday threats they face.
  • 2018 Security Congress Preview - Professional Development Recorded: Aug 21 2018 55 mins
    Sharon Smith, Founder & Princ Consultant, C-Suite Results; Rob Ayoub, Program Dir, IDC; Derrick Butts, Truth Initiative
    (ISC)2 will hold its Security Congress 2018 in New Orleans, Oct. 8 – 10. This conference will bring together 2000+ attendees and more than 100 educational sessions. One of the 13 tracks at the conference will focus on Professional Development and the challenges practitioners face advancing their careers, and staying ahead of the latest best practices and strategies with ongoing education. On Aug. 21, 2018 at 1 p.m. Eastern, join (ISC)2 and several speakers who’ll be presenting in the Professional Development track at Security Congress as we preview their sessions and discuss why professional development is so critical to advancing a career and knowledge.
  • 2018 Security Congress Preview – Cloud Security Recorded: Jul 24 2018 56 mins
    Mike Brannon, Dir, Infrastructure & Security, National Gypsum; Tim Sills,Accudata; Tyler Smith, IT Analyst, John Deere
    (ISC)2 will hold its Security Congress 2018 in New Orleans, LA, October 8th – 10th. This conference will bring together 2000+ attendees and over 100 educational sessions. One of the 13 tracks that are being offered with focus on Cloud Security and challenges practitioners face when dealing with all things cloud. On July 24, 2018 at 1:00PM Eastern, join (ISC)2 and several of the speakers who’ll be presenting in the Cloud track as we preview their sessions, get an idea of what will be discussed and discuss the state of cloud security today.
  • (ISC)² Town Hall - 2017 Security Congress Recorded: Apr 16 2018 86 mins
    David Shearer, CISSP | CEO (ISC)²
    The panel will consist of members from (ISC)² Management and (ISC)² Board of Directors who will be ready to answer any questions that you may have regarding membership, certifications, information security, etc. The meeting is open to member and non-members.
  • DNSSEC, DANE, DPRIVE...Oh My! A Primer on the Critical State of DNS Security Recorded: Mar 22 2018 49 mins
    Dan York, CISSP | DNS Security Program Manager Internet Society
    When was the last time you thought about your Domain Name System (DNS) server? Do you realize DNS is insecure by default? Are you prepared for attacks against your DNS infrastructure? Often a DNS server is set up and then forgotten. You will learn about why you need to be paying attention to this critical core network service. How can DNS Security Extensions (DNSSEC) ensure the integrity of DNS info? How can the DANE protocol add a layer of trust to applications and services using TLS? What is happening with the DPRIVE work to use DNS over TLS? And why should enterprises be concerned?

    This session will explore why you need to pay attention to DNS security for a more trusted and secure internet.

    Learning Objectives:

    • Describe the threats to the security and privacy of DNS servers.
    • Understand and describe the mechanisms to protect DNS, such as DNSSEC, DANE and DPRIVE.
    • List actions to protect attendees' home networks.
  • Hacking the Leadership Code: Surviving and Thriving as a Security Leader Recorded: Mar 21 2018 52 mins
    Sean Cordero, CISSP,CISA,CRISC,CISM | Senior Executive Director, Optiv
    When security experts are promoted to top leadership positions within their organizations, there often is inadequate time to analyze and jettison the mindsets that worked well as individual contributors but now threaten to undermine their new roles. Often, this drowns out positive changes these leaders hope to see and leaves the security leader gasping to be heard, even though they may be yelling. More of the same will not work. A shift in approach is required.

    This session will provide a firsthand view into what has made some security leaders successful. It will also provide actionable insights for those aspiring to security leadership roles on how to craft a message and an approach that is heard, respected and incites action across the organization.

    Learning Objectives:

    • Identify self-defeating security leadership behaviors which undermine the credibility, resonance and trust needed to drive organizational-wide change; then identify the actions they can take towards addressing their professional gaps.
    • Articulate the differences between a successful security leader and a security expert: How to survive the transition from a security subject matter expert into a person who is now responsible for the success of other professionals, the program and the business
    • Develop a plan of action to improve leadership skills and develop momentum for attendees' security programs in which they become an impactful agent for positive change.
  • 10 Reasons Why Micro-Segmentation and Clouds are Not Secure Recorded: Mar 21 2018 29 mins
    Predrag "Pez" Zivic, CISSP
    Micro-segmentation and cloud architectures decrease threat landscape by design. However, this smaller threat surface creates a false sense of good security. This presentation will clearly demonstrate 10 security controls that are missing in such architectures. Standard private (OpenStack and NSX) and public cloud architectures (AWS and Azure) with micro-segmentation will be presented and analyzed for 10 security controls that are missing. They include identification, authentication, authorization, vulnerability, anti-virus, advance persistence threat detection, denial of service and data protection, visibility with analytics and security system automation.

    Attendees will learn how to add these 10 controls to micro-segmentation to architect strong security. We'll show how the implementation of most of these controls may be used to set a foundation for zero-trust model implementation.

    Learning Objectives:
    • Learn what security controls are missing in micro-segmentation in private and public cloud implementations
    • Learn how to go about implementing 10 security controls presented
    • Learn how to use these 10 security controls to set a foundation for zero-trust implementation
(ISC)2 Security Congress sessions, locations and sponsors.
(ISC)2 Security Congress channel contains digital content of activities at (ISC)2's Flagship conference event. You'll find keynotes, sessions and related items.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: 2016 (ISC)2 Security Congress – Member Town Hall – Part 1
  • Live at: Oct 13 2016 2:25 pm
  • Presented by: David Shearer CISSP, (ISC)2 CEO; Patrick Craven, Director, Center for Cyber Safety& Education; Dan Waddell, CISSP,
  • From:
Your email has been sent.
or close