KeynotesKeynotes GenAI Security Mgt Careers Case Studies Workforce Dev Supply Chain Threats Workshops
Let's be honest: people can frustrate us. They don't always do the things we'd like, and they often do some things we'd rather they didn't. New research from the National Cybersecurity Alliance reveals insights about the public's attitudes and beliefs about security. We'll explore the 2023 "Oh Behave! Cybersecurity Attitudes and Behaviors Report," and some of the findings may surprise you! We'll also give you practical, actionable advice on how you can better communicate to influence the behavior change you want to see.
Even the most diehard conference lover can be intimidated by networking. This presentation is a fun and funny discussion with practical ways to network effectively during this conference. Attendees leave energized and excited to connect with each other. Networking is a critical skill for anyone looking to advance their career, and conferences provide a unique opportunity to meet new people, learn about industry trends, and gain valuable insights into the challenges and opportunities in your field. This presentation will provide practical tips and strategies for networking during this conference, including how to introduce yourself, ask questions, and follow up with new contacts. Attendees will start this conference with the knowledge and skills they need to make the most of their experience and build strong connections with industry professionals that can help them advance their careers. SessionsTrack: Generative AIKeynotes GenAI Security Mgt Careers Case Studies Workforce Dev Supply Chain Threats Workshops
In the ever-evolving landscape of cybersecurity, risk management, and compliance, the convergence of generative AI presents a transformative paradigm with profound implications. As organizations embrace the potential of AI-powered innovation, they must simultaneously address the intricate security challenges it introduces. This presentation seeks to explore the dynamic interplay between generative AI, cybersecurity, and compliance, providing a comprehensive roadmap for safeguarding the digital landscape. Through a systematic exploration of key themes, attendees will gain valuable insights into:
This session will offer a very pragmatic take on how security teams can help their business build and manage an AI program, covering important AI program elements such as: AI principles; product policies; corporate acquisitions; AI procurement and sales; technical guidance; and AI incident response. Key Takeaways:
A global adoption of artificial intelligence (AI) and machine learning (ML) is creating a mix of opportunities and concerns. In this roundtable discussion, we will explore the legal, business, economic, political, and technical implications coming our way due to AI/ML adoption. This broad commercial use of AI tools will, of course, have extensive policy implications. AI has disrupted markets, is driving social and political change, and is transforming how we use the workforce. We will explore each of the impacted areas and solicit the strategic and tactical next steps needed to maximize AI/ML benefit while containing potential harm. Key Takeaways:
The state of AI today is reminiscent of when the company I was with in my youth achieved a major milestone for the world. Netscape brought the world a new world wide web interface to the internet and allowed the masses simplified access to the internet. The chatbots today are in the same way bringing the masses to AI. We'll review how many organizations are already exploring it's use for their enterprises, growing pains, barriers to entry, challenges spanning from trust and bias to accurate information, and new applications of AI in security. Early enterprise adoption of ChatGPT where organizations attempting to use it for competitive advantage are finding real challenges. They are realizing quickly they require additional foundation models as aspects only realized from enterprise grade AI. Key Takeaways:
AI has been personified by Corporate entities as capable of handling human decisions in certain areas of business and science. Discussion on how AI weighs against human accountability, and what is the role of Cybersecurity and specifically Forensic science, to monitor and balance the emerging technology. Aside from the extremes surrounding AI and the proposed capabilities, the way that security groups may be able to assist:
Track: Security ManagementKeynotes GenAI Security Mgt Careers Case Studies Workforce Dev Supply Chain Threats Workshops
Managing cyber risks has become essential for organizations in the digital age, where cyber threats are increasing in frequency, velocity, and sophistication. Cyber Risk Quantification (CRQ) provides a quantitative assessment of an organization's cyber risk posture, allowing them to make informed decisions about risk management. Adopting CRQ enables organizations to prioritize and measure their cyber risks, evaluate the effectiveness of their cybersecurity investments, and quantify the potential impact of cyberattacks. By presenting the impact of cyber risks in financial terms, CRQ helps align cyber risk management with overall business strategy and communicate the risks to the board and other stakeholders. This session will explore the advantages of shifting from qualitative to quantitative assessments in managing cyber risks and transforming Information Security (IS) cost-centers into profit-centers. Key Takeaways:
InfoSec is broken - in more ways than one. Here are the problems. What are the solutions? Let's find out. Key Takeaways:
This talk delves into the intricacies of the United States National Cybersecurity Strategy, discussing its impact on cybersecurity professionals' tasks, expectations, and roles. It begins with an exploration of the evolution of this strategy, highlighting policy changes and their reasons. We will examine the strategy's objectives, including protecting government networks and data, deterring cyber threats, and fostering international cooperation. The talk further scrutinizes how these objectives have influenced the cybersecurity landscape and, in turn, the responsibilities of cybersecurity professionals. Specifically, it probes into the amplified need for advanced skillsets, cross-sector collaboration, and adherence to ethical standards. Finally, the talk elucidates the prospective implications of anticipated changes in national strategy, equipping cybersecurity professionals with the knowledge to future-proof their careers. This comprehensive overview aims to facilitate a deeper understanding of the strategy, enabling cybersecurity professionals to navigate and respond to the evolving cybersecurity climate in the United States. Key Takeaways:
The Cyber Attack Chain is a well-known tenet of cybersecurity professionals. However, breaking the chain can be fraught with complexities and confusion between policies, tactics, controls and solutions. This talk will unravel some of the complexities of breaking the attack chain, specifically focusing on two areas: insider threats and information protection. Key Takeaways:
How privileged is your user account in M365 and Azure? Are your privileged users synchronized from Active Directory? Are they mail enabled? And when is the last time you audited your privileges to see what you use vs what you are assigned? In the 2022 Microsoft Digital Defense Report, weak identity controls were the number one factor for incident response engagements, with 84% of administrators in organizations not using proper privileged identity controls. Theat actors are turning their eyes towards the cloud; business email compromise, easy data exfiltration and tenants being ransomwared is a reality we now live with. For some organizations it's a matter of time or money or knowledge, or perhaps all three, to understand what privileged identity means in the world of M365 and Azure. In this conversation we'll discuss the key privileged identity controls every organization should employ for privileged users, whether you are using Azure, or M365, or both. We'll look at the Microsoft RAMP model for securing privilege, clarify commonly confusing topics around privileged security, and answer the questions as to why these controls are important, and how identity security requires layered complementary controls to ensure that we protect our privilege, and in turn protect our organization. Key Takeaways:
Track: Career AdvancementKeynotes GenAI Security Mgt Careers Case Studies Workforce Dev Supply Chain Threats Workshops
Organizations must examine risk with the lens of our dire talent retention issues. Organizations have control over retaining talent, and yet the statistics are horrifying. Cybersecurity professionals are not happy with their current employment and move jobs regularly. Talent retention controls seem greatly necessary being that organizations are not following best practices for retaining and or hiring cybersecurity professionals. This negligence puts an organization in a higher risk bracket, and therefore compliance control is greatly needed.
Are you interested in the state of cybersecurity jobs in our current economy? In this discussion, we will dive into the latest U.S job posting data across cybersecurity over the last year. With an average of 140,000 cybersecurity jobs posted each month, this comprehensive data set will provide valuable insights into the ever-evolving world of cybersecurity.
How can a company start on its journey to inclusivity? With over 500,000 open cybersecurity positions, companies need to do everything possible to hire their talent. Creating inclusive company cultures that attract diverse talent, offer inclusion and EQ skills, and provide training and opportunity is the way to get the attention of these highly sought-after professionals.
Explore strategies for employers seeking to build diverse cybersecurity teams. This discussion delves into effective hiring, retention, and team-building approaches. Gain insights into creating inclusive workplaces, fostering diversity, and retaining talent in the cybersecurity field.
- Part of the Career Advancement Track Track: Case StudiesKeynotes GenAI Security Mgt Careers Case Studies Workforce Dev Supply Chain Threats Workshops
Join us as we explore the intricate world of cybersecurity through the unique lens of a seasoned virtual Chief Information Security Officer (vCISO). In this captivating presentation, our vCISO will share their invaluable perspectives garnered from years of hands-on experience working with multiple clients. This presentation focuses on what it's like to be a CISO for several organizations concurrently, Our speaker, Jim Ambrosini, has over 25 years working as an information security and risk professional spanning the middle market to some of the largest companies in the world. He was recently presented with the highest honor by ISACA, the Wasserman Award, for his lifetime contributions to the security, risk, and governance profession. Jim will provide an inside look into what it truly means to be a vCISO for multiple organizations. He will share his approach, lessons learned, and the tools and tactics he has employed to effectively manage cybersecurity in this dynamic role. Key Takeaways:
Imagine hackers using your RMM to install Ransomware on all your clients simultaneously? It's the ultimate nightmare scenario every MSP fears the most. Progressive Computing was one such victims of the Kaseya VSA attack in 2021 and victoriously battled to win back their business after ransomware was installed across their entire client base. This is a personal story. A human story. An emotional story. Prepared to be frightened and inspired. Key Takeaways:
Track: Workforce DevelopmentKeynotes GenAI Security Mgt Careers Case Studies Workforce Dev Supply Chain Threats Workshops
A movement is underway in New York to develop a youth in cyber alternatives program. In this initiative, we are developing pathways for at-risk youth away from potentially criminal activity toward opportunities for success. This program seeks to build upon already existing projects like the UK's Cyber Choice's program and the Dutch Hack_Right program. In the development of this program, we seek to partner with key stakeholders including:
Key Takeaways:
Participants in this panel discussion will emerge with a comprehensive understanding of how to bridge the gap between academic education and industry needs in the realm of cybersecurity. They will be equipped with insights into skill alignment, collaboration models, and diversity initiatives that will guide their decisions as students, educators, and professionals in the dynamic field of cybersecurity. This dynamic panel aims to foster an insightful dialogue among four distinguished subject matter experts, each hailing from diverse sectors of academia and industry. With a spotlight on the alignment and potential misalignment between industry requirements for cybersecurity talent and the educational offerings provided by higher education institutions, this session will explore the multifaceted landscape of cybersecurity workforce development. The discussion will delve into various aspects of this critical topic, including:
A chance to discuss workforce development challenges for both new/incoming as well as experienced cybersecurity workers. We'll dive into how universities can and should be collaborating with credential bodies like ISACA and ISC2 in a win-win scenario for skills training and career advancement. Key Takeaways:
Track: Supply ChainKeynotes GenAI Security Mgt Careers Case Studies Workforce Dev Supply Chain Threats Workshops
Business depends on relationships, which require trust, but is is not transitive. How do you ""trust but verify"" second and tiers of relationships? In security, we are focused on how technology functions - or malfunctions, becomes dysfunctional, or gets misfunctioned. We need to start thinking about manufacturing and production, and not just function: where the tech comes from, who makes the tech, and how the tech is made. Both industry and government are focused on software supply chain security (i.e., SBOMs), and separately, supply chains of critical technologies, e.g., semiconductors, however, we need an integrated approach to thinking about all the aspects related to technology, and therefore security. This panel will bring together perspectives from government, industry, and academia to go beyond the XBOM (software, hardware, and firmware) and synthesize supply chain security issues related to supplier bases, geopolitical risk and national security, and technology ecosystems. Proposed panelists:
In light of the recent 3CX incident where Mandiant investigation came to the conclusion that 3CX was a case of a cascading software supply chain attack. My presentation will talk about the implications of cascading software supply chain attacks and what the possible best practices and countermeasures are. I will go through a similar cascading software supply chain attack discovered recently: https://www.reversinglabs.com/blog/vs-code-ide-hack-how-supply-chain-attacks-can-proliferate-between-developer-ecosystems VS Code hack shows how supply chain attacks can extend to other software development tools. The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to open source packages like npm. Key Takeaways:
Track: Threat LandscapeKeynotes GenAI Security Mgt Careers Case Studies Workforce Dev Supply Chain Threats Workshops
See what hackers use to attack your company, both technical and socially. Key Takeaways:
Human spies routinely facilitate cyber access. These acts are clandestine and designed not to be discovered. These spies are an insider threat, and have access to systems by the nature of their jobs. There are several ways humans can enable cyber attacks and facilitate these operations. These clandestine activities are designed not to be detected and a successful program can greatly inhibit the victim's ability to detect a breach. Key Takeaways:
The Internet of Things (IoT) and the rise of Operational Technology (OT) networks have significantly increased the number of connected devices in modern networks, creating new challenges in inventorying assets, identifying and mitigating vulnerabilities, and verifying security controls coverage. This presentation will explore the unique challenges that IoT and OT pose for network scanning and provide solutions for effectively addressing these challenges while ensuring the safety and availability of these systems. The presentation will cover topics such as identifying IoT and OT devices on a network, understanding the context of vulnerabilities associated with these devices, and implementing appropriate security controls to mitigate these risks while ensuring the safety and availability of these systems. Attendees will also learn about best practices and tools for IoT and OT network scanning, such as using automated asset inventory, performing regular vulnerability assessments, and testing the changes in a controlled environment before implementing them. This presentation aims to equip the audience with the knowledge and skills to protect their organizations' networks in the IoT and OT era while ensuring these systems' safety and availability. Key Takeaways:
WorkshopsKeynotes GenAI Security Mgt Careers Case Studies Workforce Dev Supply Chain Threats Workshops
This one-day course, covers The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA). 
[ Home ] |