Name: #IMOS18 -The Future of Penetration Testing....
Start: 2018-09-12T14:45:00Z
End: 2018-09-12T14:45:59.000Z
Location: BrightTALK
Rating: 4.1

Dedicated to serving the information security community, in person, in print and online.

With 63% of breached organizations lacking AI policies and one in four CISOs reporting AI-generated attacks, the need for AI security expertise has never been more critical.  
Enter ISACA's new Advanced in AI Security Management (AAISM) certification, the industry's answer to the AI security governance problem. Designed exclusively for CISM and CISSP holders, AAISM validates your ability to govern, assess and secure AI implementations at the enterprise level.  
In this 30-minute session, ISACA's Kirsten Lora and Infosec Institute's Keatron Evans will unpack the new AAISM certification and share insights into mastering AI security. 
Join this 30-minute session to learn: 
• Why ISACA created the AAISM certification 
• If the AAISM is right for you and your team 
• Current AI governance and security challenges 
• Practical advice for implement AI governance frameworks

Mastering AI Security With ISACA’s New AAISM Certification

This year has seen numerous well-known brands suffer cyber-incidents as a result of attacks emanating from compromised third-party vendors. The litany of victims include airlines, retail giants, fashion brands, tech companies and manufacturers. 

In many cases, attackers have targeted third-party suppliers with social engineering techniques which have been successful in enabling them access to high-value credentials. 

The spate of recent attacks has seen significant operational disruption and loss of revenue for victims. 

During this discussion, a panel of experts will analyze the lessons that can be taken from recent incidents and how third-party risk management strategies must evolve to keep pace with attackers' tactics.

Join this session to learn:

• How social engineering has been leveraged to steal credentials from third-party IT providers in 2025
• Why current third-party risk management strategies have fallen short in preventing these incidents
• How third-party strategies need to evolve to protect organizations from tactics deployed by groups like Scattered Spider

How to Stop the Third-Party Breach Epidemic Before It Hits You

The race to integrate generative AI has created a dangerous blind spot, expanding the digital attack surface with entirely new vulnerabilities. This new frontier demands we understand the difference between AI Security (protecting the system) vs AI Safety (ensuring responsible behavior).

Join our panel of industry experts, including veteran pentester Gisela Hinojosa, research lead at Cobalt. Gisela will share firsthand accounts from the front lines of AI pentesting, including tactics attackers use and the defensive strategies you can deploy.

Join this session to learn:

• The critical differences between AI Security and AI Safety, and why you should address both
• Real-world examples of how attackers exploit LLMs, including prompt injection and sensitive data disclosure
• Actionable advice for building a proactive security program

Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

In an era of rapidly expanding regulations and a dynamic, complex risk environment, traditional approaches to IT audit and Governance, Risk, and Compliance (GRC) are proving insufficient. 
Many organisations grapple with outdated technologies and reactive, ad-hoc processes, leaving them vulnerable to data breaches, privacy violations, and non-compliance. 
This session will explore the transformative potential of emerging technologies, including Artificial Intelligence (AI), automated workflows, and advanced data analytics. 
We will delve into practical strategies for integrating these tools to build more effective, efficient, and forward-thinking IT audit and GRC programs, enabling teams to proactively address new challenges and safeguard their organisations.
• Understand the Modern IT Audit and GRC Imperative: Review the foundational principles of IT audit and GRC, and discuss why evolving risk landscapes and regulatory demands necessitate a shift from legacy practices.
• Demystify Key Emerging Technologies: Define and differentiate core concepts of AI, RPA, and data analytics, and identify their specific applications and benefits within audit and GRC contexts.
• Create Technology Integration Plans: Discuss best practices for identifying organizational needs and effectively integrating data analytics and other emerging technologies to enhance assessment, testing, and continuous monitoring processes.
• Address Implementation Challenges: Identify common pain points, bottlenecks, and risks (e.g., data leakage, IP concerns) associated with adopting new technologies and explore strategies to mitigate them.

Audit and Compliance in the Era of AI and Emerging Technology

The pressure is on for CISOs to present a clear, compelling case for cybersecurity to senior leadership, the c-suite and board of directors.

CISOs must assess their company's risk appetite (e.g. what level of risk is the organization willing to accept to achieve its objectives?) and tailor their communication to demonstrate how cybersecurity initiatives fall within that appetite.

During this discussion, a panel of experts will cover what metrics matter most to the board, how to frame security investments in terms of business value and best practices for demonstrating the ROI of your security program.


By joining this session, you will leave with a clear understanding of how to build trust and credibility with key stakeholders.

Join this session to learn:

 • Strategies to assess your organization’s risk appetite and align to your risk and threat profile (critical asset, sensitive data, attack surface, threat intelligence reports…)
 • How to prepare and deliver effective briefings that resonate with non-technical audiences
 • How to translate this risk profile into business terms and actionable insights 
 • Best practices for calculating and communicating the ROI of your security investments

Briefing the Board: Communicating Cyber Risk to Executives and Stakeholders

Discover why mid-market businesses are now prime cyber targets and how you can turn this risk into a strategic advantage. 

During this webinar, our panel of experts will discuss how to unlock the full value of your existing Microsoft Security stack, harness AI for both defense and efficiency, and build a culture of resilience through people and process. 

Take away practical steps to maximize your security investments, leverage AI and empower your team to transform cybersecurity from a cost centre into a true business enabler.

Join this session to:
Understand how you can maximise what you already own
 • Most mid-market firms have access to enterprise-grade Microsoft security tools. The challenge is activation, configuration, and ongoing optimisation, not buying more tech
 • Action: Audit your current Microsoft security stack and engage expert partners to unlock its full potential
Harness the power of AI with Microsoft Security
 • Cybercriminals are weaponizing AI, but Microsoft’s AI-powered security tools (like Security Copilot) can help you detect and respond to threats faster and smarter
 • Action: Invest in AI-driven security solutions and ensure your team is trained to use them effectively
Leverage your first line of defence: people & process
 • Technology alone isn’t enough. Regular employee training, a Zero Trust approach, and managed detection & response are critical for resilience
Action: Build a culture of security awareness and consider partnering with a specialist MSP for 24/7 protection

How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

IT compliance and cybersecurity teams have long struggled to effectively communicate the impact of threats and vulnerabilities to executives. 

When done right, cyber risk quantification allows IT professionals to speak the language of the business: financial impact. 

While the importance of cyber risk quantification is apparent, many organizations struggle to get these projects funded. 

During this webinar we will explain how cyber risk quantification can mature your overall risk management program. Our panel of experts will also help you recognize the limitations of solely relying on compliance frameworks and adopt a proactive, business-aligned approach to IT security and assurance.

Communication is key and cybersecurity leaders must develop the skills to articulate the financial impact of cyber risks effectively, enabling IT compliance teams to align with business objectives and secure buy-in for key initiatives.

Join our experts to explore: 

● The basics of risk quantification and how to get started without trying to boil the ocean
● The importance of moving beyond framework-driven security and assurance
● Best practices for communicating the impact of IT security and supporting business growth
● How to drive risk-informed decision-making within your organization

Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

Operational technology (OT) security continues to evolve and is an increasingly complex environment to manage. 

Security teams require more details, context and evidence to proactively tackle growing threats and meet internal and external documentation requirements, including to the boardroom and regulators.

In this environment, OT entities must establish a thorough, contextual view of the environment as well as automate and update its data in near real time.

In this 30-minute session, Rockwell Automation’s John Speakman will set out how to build a multi-dimensional view of the OT environment, going far beyond a simple inventory.

The presentation will also highlight how these insights can be leveraged for proactive risk identification and reduction across multiple industries.

Join this webinar to learn:

• The significant data collection and context challenges in OT security
• How to build a multi-dimensional view of the OT environment
• Gaining contextual risk calculation and resulting automated analysis
• Case studies from successful OT practitioners

OT Security Ecosystem for Targeted Risk Reduction and Reporting

The browser has become the central hub for modern work, yet it remains a significant blind spot in many organizations' security strategies. 
This 30-minute talking tactics webinar will explore the evolving landscape of browser-based attacks, drawing insights from real-world incidents and threat intelligence. This session will feature Mandiant and Chrome Enterprise experts who will provide frontline insights and practical guidance.
Join this session to:
• Uncover the hidden risks: Gain insights into real-world attack scenarios that exploit browser vulnerabilities, including phishing, data breaches and malicious extensions, highlighting the limitations of traditional security measures
• Gain practical strategies: Get actionable strategies for enhancing browser security
• Hear expert perspectives: Benefit from frontline insights from Mandiant and Chrome Enterprise experts, gain a deeper understanding of the threat landscape and learn effective defense techniques

The Invisible Frontline: Proactive Approaches to Browser Defense

Deploying and maintaining identity and access management in the cloud presents unique challenges, especially when considering non-human identities and service accounts.
These are vulnerable to issues such as account hijacking, lack of visibility, improper provisioning and inadequate access controls that can lead to data breaches and compliance failures.
This session covers why these accounts are prime targets for attackers, the risks inherent in their misuse and how they differ from regular user accounts.
Join the session to:
 ○ Identify the pitfalls of current practices in managing these identities
 ○ Understand principles of least privilege and comprehensive permission auditing tailored for service accounts
 ○ Learn how to implement robust, automated and comprehensive security measures to mitigate potential risks

Mastering Identity and Access for Non-Human Cloud Entities

In today’s complex, data-driven cloud environments, the greatest risk isn’t just a data breach—it’s a breach of trust. As organisations shift more applications and sensitive data to the cloud, identity has emerged as the new control plane for securing access. 

Yet many still face challenges: siloed identity systems, inconsistent access policies, and a growing landscape of threats—from misconfigurations to AI-driven fraud.

Join Rob Otto, EMEA CTO at Ping Identity, to learn how global enterprises are using identity-first security strategies to re-establish control, simplify cloud access, and protect critical data—without compromising user experience. This session will explore how adaptive identity can underpin a resilient cloud posture, empower zero trust initiatives, and build confidence in every digital interaction.

Key learnings:
 • Why identity is critical to securing multi-cloud and hybrid environments—and how to get it right.
 • How to use AI-driven identity threat protection to counter deep fakes, account takeover and API-based attacks.
 • Practical ways to unify identity across users, apps and ecosystems to reduce risk and improve agility.

From Chaos to Confidence: Establishing Trust in Every Cloud Interaction

In today's cloud-first world, Software-as-a-Service (SaaS) applications have become indispensable for organizations, driving efficiency and collaboration.
However, the rapid adoption of SaaS can introduce significant cybersecurity challenges that can leave your organization vulnerable if not managed proactively.
Just this year, JPMorganChase’s CISO sounded the alarm that the current SaaS delivery model is “quietly enabling cyber attackers.”
Cybersecurity threats specifically target SaaS environments through sophisticated phishing campaigns, account takeovers and supply chain vulnerabilities.
Join this session to:
 ○ Understand the concentration risk and the impact of vendors’ competitive pressures on your security posture
 ○ Examine how the growth of AI services and agents in SaaS amplifies and rapidly distributes these risks
 ○ Learn how to work beyond traditional security measures to deploy sophisticated authorization methods, advanced detection capabilities and proactive cybersecurity measures

Managing Software-as-a-Service Applications Securely in the Cloud Age

In this fireside chat, Jukka Seppänen, CIO and CISO at UpCloud, shares insights from over 25 years in tech leadership, guiding secure growth in cloud-native environments. We’ll explore how cloud service providers approach vulnerability management, including the strategic use of bug bounty programs. Jukka will also unpack how evolving regulations like the Cyber Resilience Act and DORA are reshaping expectations around transparency and end-user protection.

If you're a cybersecurity professional navigating cloud environments, this session offers an insight into how a cloud service provider (CSP) actually thinks about security, from the inside out.

Cloud Security from the Inside

Over 78% of organizations use two or more cloud providers, according to Fortinet’s 2025 State of Cloud Security Report. Many others are adopting hybrid cloud models by combining on-premises and public cloud infrastructure.
This approach to cloud technology offers flexibility. However, these complex setups expand the potential attack surface and make maintaining consistent security policies and managing identities and access across diverse platforms difficult.
Despite this, they also present an opportunity for organizations to build more resilient and adaptable security frameworks.
Join this session to understand how to:
 
 ○ Collaborate with engineering teams to enforce safety guardrails at the implementation state
 ○ Develop a consistent security policy across multi-cloud environments
 ○ Adopt a zero-trust security model to enhance access control
 ○ Centralize visibility and management tools to give your security team a clear view of security across your environment

Turning Multi-Cloud Environments from a Security Risk to an Advantage

Artificial intelligence is not coming, it's already here, and it's radically reshaping the cyber threat landscape. From deepfake-driven social engineering to automated vulnerability discovery and large-scale misinformation campaigns, AI is giving adversaries new tools to attack at unprecedented speed, scale, and sophistication. But AI is also the most powerful ally security leaders have ever had - if they can harness it effectively.
 
In this webinar, we’ll explore how AI is being weaponized across the cyber battlefield, not in the distant future, but now. 

Drawing from real-world trends, emerging attack patterns, and strategic defense shifts, this session will challenge security leaders to rethink traditional controls, anticipate what’s next, and prepare their teams to defend in a world where machines are both threat actors and defenders.
 
By joining this session you will learn: 
 · How AI is transforming the offensive threat landscape - from automation to deception
 · Why legacy defense models are breaking under machine-speed attacks
 · Strategic opportunities to deploy AI in defense without introducing new risks
 · What CISOs must do now to stay ahead of the AI curve - across people, process and technology

Cyber Defense in the Age of AI: Stay Ahead of Threats Without Compromising Safety

In today’s multicloud world, where the number of applications is forecast to grow by over 150 million by 2029, application delivery is becoming increasingly complex. Rising user expectations, fragmented infrastructures, hybrid app constructs, and limited visibility are pushing you and your operations teams to the limit.

Join us to: 

Explore how F5 is actively transforming application delivery for the next era of apps and IT operations.
Learn from real-world examples, this session will empower you to continue delivering exceptional application experiences while streamlining your day-to-day operations.

Modernise Application Delivery for the New Era

How will Pen Testing Hold Up Against Red Teaming, Bug Bounties and Increased Automation....

Penetration testing has competition. The discipline is, in some areas, being supplemented with – or even replaced by – red teaming, bug bounty programs and increased automation. This session examines the future of penetration testing in light of the alternative disciplines and asks questions about which approach to choose in which scenario.

#IMOS18 -The Future of Penetration Testing....

Information Security

Cyber Security

Penetration Testing

Red Hat

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

#IMOS18 -The Future of Penetration Testing....

Presented by

About this talk

Infosecurity Magazine