Hi [[ session.user.profile.firstName ]]

Preparing for Cyber War: Learnings from Responding to Disruptive Breaches

Some threat actors are motivated by money, some want fame and glory, some want to influence our decisions, and some just want to see the world burn. Threat actors will go to extreme measures to achieve their objectives. The rules of engagement have changed. Over the past two years, we have observed a significant rise in aggressive attacks—extortion, public shaming, destruction, intentional business disruption and even threats to human safety. This talk will walk through several attacks observed on the front lines by the presenters.

We'll include:

• an overview of the threat actors and their motivations.
• a discussion of the TTPs employed by aggressive threat actors.
• several case studies
• suggestions for preparing for and responding to aggressive threat actors

Learning Objectives:

•Educate the audience on aggressive intrusions by walking through several case studies. Explain motivations by threat actors.

•Provide guidance on dealing with extortion, public shaming and destructive attacks.

•Determine how to spot scammers that attempt to extort businesses.
Recorded Oct 29 2019 66 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Charles Carmakal;. VP, Strategic Services CTO, Mandiant; Jeremy Koppen; Manager, Mandiant
Presentation preview: Preparing for Cyber War: Learnings from Responding to Disruptive Breaches

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Improving Threat Detection With a Detection Development Life Cycle Recorded: Jul 14 2021 69 mins
    Augusto Barros, VP of Solutions, Securonix
    Organizations deploy multiple security monitoring tools to detect threats, but they often overlook the most important part of the threat detection process: Content. This session describes what is the role of detection content in security monitoring and exposes the need for structured processes to identify, develop and maintain this content. Attendees will learn the characteristics of the Detection Development Life Cycle and understand how to use it to optimize their threat detection practices.
  • Securing a Cloud-Native Company Recorded: Jul 14 2021 68 mins
    Eric Gauthier, VP of Technical Operations, Burning Glass
    What if your team works remotely, your applications are all third-party cloud services, and you have no firewalls, servers or office networks? This talk will explore the unique challenges of securing a cloud-native company when most standard approaches require something “on premise.” We will discuss how any company can use these practices to reduce compliance efforts and improve security by flipping your perspective on internal versus external, office versus coffee shop, and managed versus third-party cloud applications. The talk will cover topics including the shared security model, IAM, CASBs, device management, segmentation, DLP and vendor management.

    Learning objectives:
    1. Improve security and easy compliance by viewing employees as remote workers and services as third-party cloud application, even when they are not.
    2. Securely scale remote work without the complexity and capacity issues required when relying on VPN services.
    3. See how zero-trust networking and perimeter-less security can improve your security and enable your workforce.
  • Dangerous Security and Legal Risks Created by the Imperative to Work-From-Home Recorded: May 27 2021 76 mins
    Dr Adriana Sanford, Acting-Director of Executive Education & Senior Fellow at OU CINS, University of Oklahoma
    Amid the coronavirus uncertainty, companies worldwide have been forced to move more of their professional routines online. As employees adapt to working from home using their private devices, sophisticated cyber attackers have ample opportunities to avoid employers' detection tools and exploit the "new normal." Also, among the pandemic-related legal issues is the mitigation of the Force Majeure contract clauses within the global supply chains, as the restrictions on the mobility of people and products continue to mount. Despite privacy restrictions set forth by the EU's General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), the effects of the current pandemic cause corporate boards to reconsider their views on data privacy and senior management to conduct workforce health checks to prevent the

    further spread of COVID-19. This presentation will outline the dangers and legal risks that have arisen since the coronavirus first forced everyone to pivot to a more virtual workforce. –

    Learning objectives:

    1. Understand why confusion from the COVID-19 pandemic created long-term security, legal and privacy risks for businesses.

    2. Learn top tips for ensuring data protection compliance in the age of the COVID-19 pandemic.

    3. Learn what personal information employers may need to collect from employees in order to enforce coronavirus protocols and to best limit their risk of exposure during a health crisis.
  • Digging Into the 2020 (ISC)² Cybersecurity Workforce Study Recorded: May 27 2021 67 mins
    Marinda Hamann, (ISC)²; Sanjana Mehta, (ISC)² EMEA; Chris Green, (ISC)² EMEA; Brian Alberti, (ISC)²
    The (ISC)² Cybersecurity Workforce Study is one of the most highly-anticipated annual research reports each year. Not only has it come to be considered the industry standard for measurement of the global “skills gap” in cybersecurity, but it offers nuanced insights into subjects like job satisfaction rates, salaries, role alignment, the profile of the cybersecurity professional, diversity and how to strengthen teams and improve hiring practices. The 2020 edition of the study was released in early November and also includes data on the cybersecurity community’s response to COVID-19 and the transition to remote work environments. This panel discussion brings together several of the (ISC)² architects behind the research to provide a deeper look beyond the numbers and explore some of the key themes of this year’s findings.

    Learning Objectives:

    - Learn about the cybersecurity community’s response to the COVID-19 pandemic and the shift to remote work

    - Understand the landscape of the current cybersecurity workforce and the shortage that exists today

    - Gain insights on how organizations can find, recruit and train new talent to better protect organizations from security threats
  • Implementing SDL and Surviving Recorded: May 25 2021 74 mins
    Michael F. Angelo, Chief Security Architect, Micro Focus Corporation
    While a secure development lifecycle (SDLC) is centered around education, it goes much beyond the simple ‘how to program securely’ to include:

    -Training, including an overview of the process
    -Threat modeling, including both deployment and functionality
    -Secure coding standards and reviews
    -Testing / analysis such as static, dynamic, fuzz and penetration testing
    -Supply chain security / monitoring that incorporates component tracking and build/development environment security
    -Incident response to improve reaction times

    This session will conclude with a discussion on how to measure your SDLC capability and maturity. As we delve into each of these areas, the attendee will gain insights into what is now required to be successful with an SDLC.

    Learning objectives:
    1. Discover the elements and definitions of the currently evolved secure development lifecycle (SDLC) you need to succeed.
    2. Understand how to track the evolving SDLC, since a static one often spells doom.
    3. Be introduced to usage and deployment models to determine threats and mitigate them appropriately during the development process.
  • IoT Use Cases - Security Solution Based on Passive Monitoring Technologies Recorded: May 25 2021 62 mins
    Koji Nakao – Distinguished Researcher, National Institute of Information and Communications Technology (NICT)
    Recently, observed cyber-attacks have been often triggered by “malwares” and have been maliciously evolving and sometimes hidden from our monitoring countermeasures (FW, IDS/IPS). For achieving advanced security solution, utilizing passive monitoring technologies should be considered. In this presentation, passive monitoring technologies such as darknet and honeypot/sandbox are explained with practical use-cases to accurately observe and monitor ongoing threats (cyber-attacks). The use-cases may include detection of malware-infected IoT devices by means of darknet and honeypot monitoring. Furthermore, detection of cyber-attacks by passive monitoring can be utilized for cyber security proactive response as practical solutions.
  • The Hack and the Hacker Recorded: May 25 2021 78 mins
    Catherine Chapman, Security Journalist and Saskia Coplans, Digital Interruption
    Anyone working in information security understands that communication is a crucial part to an incident response plan. But this conversation is missing collaboration from a key player: the media.

    The mainstream media's role to inform audiences and sway public opinion has yet to be leveraged by the information security community to produce consistent and informed articles on topics of security. Infosec remains in a bubble, with the public stuck in an information loop of data breaches and outdated security patches. As the industry grows, how should these channels of communication develop?

    This talk will explore the relationship between press and information security, presenting case studies of how technical topics are represented in the media. An analysis of "security" representations in both print and online media will be also included.

    Learning objectives:
    1. Understand the channels in which consumers learn about security.
    2. Understand how security gets misconstrued in the media.
    3. Get your research picked up, or covered, by a journalist.
  • The DevSecOps Sandwich: How to Ensure the 'Sec' Element Has Real Bite! Recorded: May 25 2021 76 mins
    Andrew Boyle, Director and Distinguished Cyber Technologist, Booz Allen Hamilton
    We've migrated from Waterfall to Agile to DevOps and now, DevSecOps. Now that security is equality represented with development and operations, is everything good? Not at all! Broadly speaking, the Sec element has not (yet!) been fully embraced and is not on par with Dev and Ops. In fact, in many cases the Sec element amounts to a check in the security box.

    Testing went through a similar struggle but emerged victorious with test-driven design and embedded testers. The inclusion of the Sec element in DevSecOps gives all cybersecurity practitioners an opportunity to elevate the impact and relevance to equal the Dev and Ops elements. We, as leaders in the cybersecurity industry, must understand how Sec engagement in DevSecOps works and what indicators predict failures.

    Learning objectives:
    1. Describe the critical role that security plays during DevSecOps and understand the critical nature of security to successful DevSecOps environments.
    2. Conduct assessments of past/current/future DevSecOps environments to ensure that the 'Sec' element is of equal influence and impact.
    3. Quantify and prioritize the attributes of the 'Sec' element of DevSecOps that are applicable to their organization, and recognize the Sec-specific signals related to successful and unsuccessful DevSecOps environments.
  • Ten Things I Wish Every Developer Knew About Security Recorded: May 25 2021 83 mins
    Christopher Romeo, CEO, Security Journey
    Do your developers understand enough about security to secure your applications properly? How do they fare against the OWASP Top 10? A large number of security problems bury developers. Do you know best how to help them?

    Developers must gain security knowledge about how to secure everything they work on. Explore the ten things every developer must know about security and learn how to properly expose them to your developers, including the realms of security culture, hacking, OWASP, third-party software, GitHub, DevSecOps and Docker/Kubernetes.

    Gain a perspective on security from the eyes of your developers. Realize a greater awareness of your application security risk, knowledge of the ten things, and perspective on how to asses and build application security culture in a programmatic fashion.

    Learning objectives:
    1. Gain a perspective on security from the eyes of your developers.
    2. Realize a greater awareness of the application security risk you face.
    3. Assess and build application security culture.
  • Lights Out: Inside the Mind of a Utility Hacker Recorded: May 25 2021 77 mins
    Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic
    Imagine a nationwide blackout. The reality hit Ukrainian residents when their energy sector was hit by a massive cyber attack that caused a power outage for more than 86,000 homes. This session dives into the real-world hack of a power station that explains the planning, perimeter security, engines and SCADA controls behind the attack.

    Learning objectives:
    1. Gain a full understanding of the anatomy of a privileged account hack.
    2. Learn the challenges of reporting to the board and lessons learned.
    3. Develop a strategy to reduce your risk and prevent abuse of your critical information assets.
  • From the Front Lines – Incident Response at Scale Recorded: May 25 2021 79 mins
    James Perry, Senior Director and Head of Incident Response, CrowdStrike Services
    Stories of CrowdStrike incident response engagements and how we have changed the model for how companies respond to a breach. Learn the methods CrowdStrike uses to disrupt and ultimately remove bad actors from networks.
  • Agile Data Protection in a GDPR Mandated World Recorded: May 25 2021 66 mins
    Daniel Kim, CISSP, CCSP, Chief Privacy Officer and Scott Hollar, CISO, Extended Stay America
    A company can find it hard survive if they lose the faith of their loyal guests or business partners that drive new customers. This Billion-dollar hospitality company could see that the new Data Privacy regulations were beginning to create obstacles to business-as-usual and they needed to prepare accordingly. Their strategic mindset compelled them to assume that CCPA and GDPR were only just the beginning, with more regulations to follow. They wanted to implement a strategy of excellence that would focus on proactive data privacy and prevent the high cost of chasing each successive regulation.

    Their CISO joins us to talk about their journey and discuss:
    • The building blocks for successful automation
    • Integrations for enterprise support and successful business integration
    • GDPR and CCPA drivers for rapid response and resolution
    • What success looks like going forward Learning Objectives:
    • Gain an understanding how success is highly influenced by the time spent planning.
    • Learn alternative approaches to meet compliance and gain business buy in.
    • Define success and strategies to ensure a sustainable program.
  • Burning the Candle with a Blowtorch - Helping Keep Burnout at Bay Recorded: May 24 2021 75 mins
    Rob Ayoub, FireEye; Sharon Smith, Verizon; John Esparza, Schneider-Electric; Deidre Diamond, CyberSN & Erik Von Geldern, FXCM
    It is well known that malware outbreaks, security breaches and other security-related incidents can cause times of extreme anxiety and pressure. Anecdotal evidence indicates that stress and mental health issues within information security profession are not limited to incident responders. Join panelists from a wide variety of security career areas of focus as they discuss burnout in general and how it has affected them as individuals. These professionals will offer insights and perspective on how they perceived burnout in their career and among coworkers. They'll also talk about how to recognize the signs and maintain mental health in a challenging career field. Learning objectives: 1. Recognize potential stressors and mental health triggers in the course of Information security work. 2. Gain insights into managing stressful situations, work environments and careers. 3. Reflect on the need for changes in schedule, balance, hobbies or other activities to manage stress throughout the course of an information security career.
  • What Attorneys Can Do For Your InfoSec Team Recorded: May 24 2021 75 mins
    Scott M. Giordano, Spirion; John G. Bates, DocuSign; John Bandler, Bandler Law Firm PLLC
    What qualifies as a breach vs. an incident? When does an investigation need attorney-client privilege? Do I need to make a bitstream copy, or is an image enough? If these questions have ever come up in your department, you likely had to call someone in Legal, or even outside counsel. Over the past five years, the need for legal insight in information security has gone from a nice-to-have to a must-have. Just some of the areas where attorneys can assist you include incident response/breach notification, contract negotiations, policy writing and review, and working with insurance carriers. In this presentation, information security legal veterans will explain what attorneys can do for your team and how they can advance your department’s mission.

    Learning objectives:
    1. Discern which information security and privacy problems require legal involvement.
    2. Learn the latest trends in information security that have legal implications.
    3. Understand how to work with counsel to achieve the best results.
  • You Say 'Eether' and I Say 'Eyether': Privacy Regulations from 2 Points of View Recorded: May 24 2021 69 mins
    Andrew Neal, VP - Research, Gartner and Jenifer Sosa, Director, Information Security & Compliance Services, TransPerfect
    The business world is full of data privacy regulations and obligations. The legal community is full of lawyers with lots of advice about compliance. The information security world is full of techies who must operationalize data privacy regulations. What lies at the intersection of these three things? Is it chaos? Or could it be that success in the ever-changing world of data privacy regulations is best achieved by combining the viewpoints of the legal and technical experts? This presentation will explore the contrasting, but not necessarily conflicting, viewpoints of two experienced data privacy and governance professionals from very different backgrounds. An attorney and a technology professional, each with decades of experience, will present attendees the differing viewpoints necessary for a successful data privacy and governance program. Learning objectives: 1. Describe the perspectives of the various stakeholders in the data privacy and governance process. 2. Compare and contrast the focus and emphasis of legal and IT when addressing data privacy concerns. 3. Discuss the necessary cooperation between legal and IT, and the benefits that such a team confers on compliance efforts.
  • Aligning the Modern Cybersecurity Strategy with the Business Priorities Recorded: May 24 2021 72 mins
    Shawn A. Harris, Director, Starbucks Coffee Company; Jim Turchek, Manager, Progressive Casualty Insurance
    Aligning the Modern Cybersecurity Strategy with the Business Priorities
    Description
    We're currently living through a time of great change that requires security teams to adapt to an ever-shifting landscape of business prioritization. This talk will focus on the migration of our respective teams to align our goals with business priorities to create greater engagement that helps fulfill larger organizational goals. Security traditionally has a mandate to limit risk; however, we must transform to enabling business agility. Both speakers have a history of making such security transformations within their teams. Financial services and retail have different regulatory requirements and business models, and their juxtaposition here will illustrate that each organization's approach could work in other industries too. Learning objectives: 1. Use the business alignment methods to invoke real-world change and migrate their teams to an enablers of business agility. 2. Understand a new people-centric approach to risk mitigation using business consultation techniques. 3. Take real-world architectural foundations back to their own organizations and align cybersecurity strategy with business goals and vision.
  • Town Hall Recorded: May 24 2021 90 mins
    Dr. Kevin Charest, CISSP; Zachary Tudor, CISSP; Clar Rosso, (ISC)²; Dr. Casey Marks, (ISC)²; Wes Simpson, (ISC)²
    The panel will consist of members from (ISC)² Management and (ISC)² Board of Directors who will be ready to answer any questions that you may have regarding membership, certifications, information security, etc. This meeting is open to both members and non-members. Dr. Kevin Charest, CISSP - Board of Directors Chairperson Zachary Tudor, CISSP - Board of Directors Vice Chairperson Clar Rosso - CEO, (ISC)² Dr. Casey Marks - Chief Products Office and Vice President, (ISC)² Moderated by Wes Simpson - COO, (ISC)²
  • How I Am Surviving the Apocalypse - Information Security In The Time of a Virus Recorded: May 24 2021 74 mins
    Michael D. Weisberg, Caroline E. Saxon, James Packer, Brandon Dunlap
    As the COVID 19 pandemic continues its hold on societies around the world, will business as we know it ever return? Should it? Which of our new ways of working will stick? Let’s get together, 6 feet (2m) apart, wear a mask, and discuss how the pandemic has not only changed our relationship to work and how we get things done; how it has affected the demands on information security? What strategies did you and your organizations use to function through the Covid-19 crisis? We will discuss what went well, badly, and sideways as we tried to maintain security and normalcy in challenging times. Will security return to the old way of doing things or have employers and employees expectations changed forever?
  • Hiring and Being Hired: How To Be And Get the Right People in Infosec Recorded: May 21 2021 75 mins
    Brandon Dunlap, Managing Director, Brightfly, Inc and John Carnes, Executive Adviser, Anthem, Inc
    In this discussion we will be talking about how do we, as professionals, both give and get interviews that focus on getting the right mindset of people in information security. Are we focusing on the right factors? Are we looking toward the right level of skills? We will discuss what questions work, what are a waste of time, and what we are potentially doing wrong as an industry. If you're looking to be interviewed, we'll talk about what skills you need to focus on and what skills you should be both working on and showing.

    Learning objectives:
    1. Learn what questions work for interviews and what questions are potentially going to mislead you into hiring the wrong people.
    2. Learn the factors of thinking that make for a successful information security professional.
    3. Learn how to grow at a personal level to be the best professional you can be.
  • Anatomy Of A Targeted Industrial Ransomware Attack Recorded: May 21 2021 66 mins
    Elad Ben-Meir, BA, CEO, SCADAfence
    In this presentation, we review malicious activity that involved SCADAfence's incident response team, which assists companies during industrial cybersecurity emergencies. Attendees will learn how ransomware infected the victim organization's network and how the incident response team gathered evidence, including where to look first. Then, we'll explain how the evidence was analyzed; what the initial findings were; and how the attackers were caught. Finally, we'll discuss additional attack methods used by the cyber criminals so everyone can take appropriate steps to prevent such attacks within their organizations.

    Learning objectives:
    1. Learn how industrial networks get infected with targeted ransomware.
    2. Discover where to look for evidence; how to analyze it; and how to find attackers hiding in the network.
    3. Understand additional types of attack methods used by cyber criminals in industrial networks, as well as best practices to protect those and all other networks.
(ISC)² Security Congress sessions, locations and sponsors.
(ISC)² Security Congress channel contains digital content of activities at (ISC)2's Flagship conference event. You'll find keynotes, sessions and related items.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Preparing for Cyber War: Learnings from Responding to Disruptive Breaches
  • Live at: Oct 29 2019 7:45 pm
  • Presented by: Charles Carmakal;. VP, Strategic Services CTO, Mandiant; Jeremy Koppen; Manager, Mandiant
  • From:
Your email has been sent.
or close