Find out what's inside the March 2021 edition of the Journal & download a free copy of this month's featured article
- This event has passed so registration is closed.
February 2021 Virtual Cyber Executive Forum Speaker Lineup
Candy Alexander
Candy Alexander has been working in cyber security for 30 years, growing up within the profession. She has held several positions as CISO for which…
Read moreDon Davidson
Don Davidson is Director, Cyber-SCRM Programs at Synopsys, where he is assisting in the stand-up of a new Chief Security Office (CSO) in the Office…
Read moreDeidre Diamond
Talent and technology veteran, Deidre Diamond, Founder, and CEO of CyberSN and Secure Diversity, has created the largest cybersecurity talent acquisition service and technology firm…
Read moreJake Williams
Jake Williams is an accomplished infosec professional with almost two decades of industry experience. After spending more than a decade in the US Intelligence Community…
Read moreDennis Miller
Dennis Miller is the founder, president, and Security Architect of Talent Cyber Security (TCS) located in Albany Oregon. TCS focuses on supporting and empowering local…
Read moreRandy Marchany
Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory and has 25 years experience as…
Read moreBrandon Hoffman
Brandon is an admired CTO and security executive well-known for driving sales growth and IT transformation. He is responsible for Netenrich’s technical sales and security…
Read moreRobert Morgus
Robert Morgus is a Senior Director for the US Cyberspace Solarium Commission, where he directs research and analysis for Task Force Two. At the Commission,…
Read moreTommy Todd
20 Years in Cyber Security. Data Privacy/Data Protection Focused. Data Privacy Rights Public Speaker. CISSP Certified
Read moreReady to Explore Registration Options?
Guest registration is available to new and returning guests
February 2021 Virtual Cyber Executive Forum Agenda
Please note that the table is scrollable (left and right swipe) on mobile devices.
Time | Session | Speaker |
---|---|---|
9:50 AM to 10:00 AM | Welcome by Candy Alexander. President of ISSA International |
|
10:00 AM to 10:15 AM | Coffee Talk Hosted by Netenrich -Threat and Attack Surface IntelligenceThere’s no lack of threat intelligence about what adversaries do “out there,” but it doesn’t tell you how they view your company network. To manage external risk you need attack surface intel to show your most likely attack vectors—and which to fix first. Integrating threat and attack surface intelligence delivers the context needed to prioritize and remediate risk. The combination gives you a major advantage in reducing risk from external assets (domains, email addresses, certificates, shadow IT) and improving SecOps. |
|
10:15 AM to 11:00 AM | The State of the Cybersecurity: How to Hire and Retain in a Zero Percent Unemployment MarketThe unemployment rate for cybersecurity professionals—the people protecting us from cyber-attacks—is zero (some studies say it could be even higher), and the majority of these professionals (59%) are open to leaving their current jobs. This recruiting and retention challenge is a very serious national security issue. It’s no wonder the question I am most frequently asked is: “What are the ‘best ways’ to attract, hire and retain talent?” In this talk, Deidre will discuss what she sees every day as the Founder and CEO of CyberSN, the largest solely focused cybersecurity talent acquisition firm in the US. With the right strategies, leadership can create teams that are more successful, and with greater retention rates. |
|
11:15 AM to 12:00 PM | Compliance is not securityPCI, HIPPA, and other compliance rules do not ensure an organization is secure. Compliance is merely a snapshot of the way things are at a moment in time. An organization can be certified compliant today but someone opening a phishing email tomorrow could leave the organization vulnerable. (see Target and Home Depot for examples of this). Compliance is not a goal or a project, but the result of implementing security into business processes. Unfortunately, there are a lot of mixed messages from industry and the security community about methods and practices. There are countless vendors who claim their products and services guarantee compliance. However, the reality is that a silver bullet does not exist and probably never will. Being certified compliant also lures management into complacency. One of the ways to combat this is to eliminate the term “Best Practices” from the security nomenclature. Best Practices usually wind up as a set of checklists to complete and a manager to sign, thus giving a false sense that the business is secure. Compliance is a process that evolves as an organization, technology, and threats also evolve |
|
12:00 PM to 12:15 PM | Break-Network /Visit Virtual Exhibits |
|
12:15 PM to 12:35 PM | Lunch and Learn – Establishing a Risk Aware Culture in the EnterpriseEstablishing a Risk Aware Culture in the Enterprise With data exposure events on the rise in 2021, CISOs everywhere are faced with the increasing challenges of instituting a successful insider risk strategy. Security needs to be moving at the speed of business where time to market and speed of innovation are critical outcomes. By attending this session, executive teams will learn how establishing a risk aware culture in the Enterprise can reduce the complexities of data security while promoting healthy collaboration.” |
|
12:45 PM to 1:45 PM | Executive Roundtables : Risk Management: It's All About TimeWe grant attackers far too much time to operate unchecked in our networks. Most “detections” actually occur by accident or by luck |
|
12:45 PM to 1:45 PM | Executive Roundtables : SolarWinds: supply chain fiasco or another day different defect?The ‘winds’ are telling us that the majority of businesses using SolarWinds products could never have seriously done anything about it. |
|
1:45 PM to 2:30 PM | Software supply chain attacks, what they are, and how to threat model, and how to prepare for the inevitable next oneThe news that SolarWinds was breached and used to distribute malicious code rocked the security world in December. In this session, Jake Williams founder and chair of the inaugural SANS Supply Chain Security Summit, will discuss software supply chain attacks, what they are, and how to threat model, and how to prepare for the inevitable next one. |
|
2:30 PM to 2:45 PM | Break-Network /Visit Virtual Exhibits |
|
2:45 PM to 3:30 PM | Building a Trusted ICT Supply ChainUS Cyberspace Solarium Commission’s October 2020 Report on “Building a Trusted ICT Supply Chain” specifies five key and eight supporting recommendations to build trusted supply chains for critical ICT technologies. The paper supports reinvigorating American high-tech manufacturing and innovation with partner nations to ensure continual availability of these goods and materials. In addition, the white paper recommends an approach to ensure that American and partner companies are able to compete in global markets through the use of strategic government investment and instruments of the development community. |
|
3:30 PM to 4:30 PM | Executive Roundtables : Biggest Cyber Surprises of 2020 what did you discover in 2020 that was unexpected? Shortfalls in delivery?What did you discover in 2020 that was unexpected? Shortfalls in delivery? Expected problems which were not? |
|
3:30 PM to 4:30 PM | Executive Roundtables : Trends in Third-Party Risk: What’s New in 2021?As the world changes, the way you manage your third-party relationships should change too. What trends can we expect in 2021? What challenges will we face and what proactive measures can you take to stay ahead of the curve? Hear from your peers as we discuss how to adapt to current and future trends and future-proof your third-party risk management program to the best of your ability. |
|
4:30 PM to 4:45 PM | Break-Network /Visit Virtual Exhibits |
|
4:45 PM to 5:30 PM | Failures in the IoT/ICS CIAFailures in the IoT/ICS CIA model can have dire effects on privacy and personal Safety. Security architectures need to blend information technology (IT) and operational technology (OT) goals. Work From Home (WFH) has destroyed the traditional border defense architecture. Blue Team architects now have to consider the following new areas: the home network, ISP interactions, balancing Information Technology (IT) security vs. Operational Technology (OT). Data and Identity are the new borders. This talk discusses the differences between IT/OT security requirements and suggestions on designing a defensive architecture for this new environment. |
|
5:30 PM to 5:45 PM | Closing Remarks |
|
Register Now for the February 2021 Virtual Cyber Executive Forum Agenda
ISSA Cyber Executive
Current Cyber Executive Members
Existing ISSA Cyber Executive Members attend for free
ISSA Cyber Executive
Returning Guests
Complimentary meeting registration (attendance is subject to approval)
ISSA Cyber Executive
First-Time Guests
Complimentary meeting registration (attendance is subject to approval)
Not a Member of ISSA's Cyber Executive Yet?
Join today and get free access to the Cyber Executive Forum as well as other exclusive benefits.