February Virtual Cyber Executive Forum 2021

Welcome by Candy Alexander. President of ISSA International

Coffee Talk Hosted by Netenrich -Threat and Attack Surface Intelligence

There’s no lack of threat intelligence about what adversaries do “out there,” but it doesn’t tell you how they view your company network. To manage external risk you need attack surface intel to show your most likely attack vectors—and which to fix first. Integrating threat and attack surface intelligence delivers the context needed to prioritize and remediate risk. The combination gives you a major advantage in reducing risk from external assets (domains, email addresses, certificates, shadow IT) and improving SecOps.

The State of the Cybersecurity: How to Hire and Retain in a Zero Percent Unemployment Market

The unemployment rate for cybersecurity professionals—the people protecting us from cyber-attacks—is zero (some studies say it could be even higher), and the majority of these professionals (59%) are open to leaving their current jobs. This recruiting and retention challenge is a very serious national security issue. It’s no wonder the question I am most frequently asked is: “What are the ‘best ways’ to attract, hire and retain talent?” In this talk, Deidre will discuss what she sees every day as the Founder and CEO of CyberSN, the largest solely focused cybersecurity talent acquisition firm in the US. With the right strategies, leadership can create teams that are more successful, and with greater retention rates.

Compliance is not security

PCI, HIPPA, and other compliance rules do not ensure an organization is secure. Compliance is merely a snapshot of the way things are at a moment in time. An organization can be certified compliant today but someone opening a phishing email tomorrow could leave the organization vulnerable. (see Target and Home Depot for examples of this). Compliance is not a goal or a project, but the result of implementing security into business processes.

Unfortunately, there are a lot of mixed messages from industry and the security community about methods and practices. There are countless vendors who claim their products and services guarantee compliance. However, the reality is that a silver bullet does not exist and probably never will. Being certified compliant also lures management into complacency.

One of the ways to combat this is to eliminate the term “Best Practices” from the security nomenclature. Best Practices usually wind up as a set of checklists to complete and a manager to sign, thus giving a false sense that the business is secure. Compliance is a process that evolves as an organization, technology, and threats also evolve

Break-Network /Visit Virtual Exhibits

Lunch and Learn – Establishing a Risk Aware Culture in the Enterprise

Establishing a Risk Aware Culture in the Enterprise

With data exposure events on the rise in 2021, CISOs everywhere are faced with the increasing challenges of instituting a successful insider risk strategy. Security needs to be moving at the speed of business where time to market and speed of innovation are critical outcomes. By attending this session, executive teams will learn how establishing a risk aware culture in the Enterprise can reduce the complexities of data security while promoting healthy collaboration.”
establishing a risk aware culture

Executive Roundtables : Risk Management: It's All About Time

We grant attackers far too much time to operate unchecked in our networks. Most “detections” actually occur by accident or by luck

Executive Roundtables : SolarWinds: supply chain fiasco or another day different defect?

The ‘winds’ are telling us that the majority of businesses using SolarWinds products could never have seriously done anything about it.

Software supply chain attacks, what they are, and how to threat model, and how to prepare for the inevitable next one

The news that SolarWinds was breached and used to distribute malicious code rocked the security world in December. In this session, Jake Williams founder and chair of the inaugural SANS Supply Chain Security Summit, will discuss software supply chain attacks, what they are, and how to threat model, and how to prepare for the inevitable next one.

Break-Network /Visit Virtual Exhibits

Building a Trusted ICT Supply Chain

US Cyberspace Solarium Commission’s October 2020 Report on “Building a Trusted ICT Supply Chain” specifies five key and eight supporting recommendations to build trusted supply chains for critical ICT technologies. The paper supports reinvigorating American high-tech manufacturing and innovation with partner nations to ensure continual availability of these goods and materials. In addition, the white paper recommends an approach to ensure that American and partner companies are able to compete in global markets through the use of strategic government investment and instruments of the development community.
• Identifying key technologies and equipment.
• Ensuring minimum viable (US / partner) manufacturing capacity.
• Protecting supply chains from compromise.
• Stimulating a domestic market through targeted infrastructure investment.
• Ensuring global competitiveness of trusted supply chains, including USA and partner companies.

Executive Roundtables : Biggest Cyber Surprises of 2020 what did you discover in 2020 that was unexpected? Shortfalls in delivery?

What did you discover in 2020 that was unexpected? Shortfalls in delivery? Expected problems which were not?

Executive Roundtables : Trends in Third-Party Risk: What’s New in 2021?

As the world changes, the way you manage your third-party relationships should change too. What trends can we expect in 2021? What challenges will we face and what proactive measures can you take to stay ahead of the curve? Hear from your peers as we discuss how to adapt to current and future trends and future-proof your third-party risk management program to the best of your ability.

Break-Network /Visit Virtual Exhibits

Failures in the IoT/ICS CIA

Failures in the IoT/ICS CIA model can have dire effects on privacy and personal Safety. Security architectures need to blend information technology (IT) and operational technology (OT) goals. Work From Home (WFH) has destroyed the traditional border defense architecture. Blue Team architects now have to consider the following new areas: the home network, ISP interactions, balancing Information Technology (IT) security vs. Operational Technology (OT). Data and Identity are the new borders. This talk discusses the differences between IT/OT security requirements and suggestions on designing a defensive architecture for this new environment.

Closing Remarks