October Virtual Cyber Executive Forum 2020

Welcome

National 9-1-1: Becoming Public’s Safety Achilles Heel

When we think about cybersecurity it usually through the lens of data networks and systems. Our 9-1-1 emergency systems leave us vulnerable as citizens, organizations, and as a country. Recent attacks on the system originating in the Middle East are proof that we need to address these vulnerabilities. Chuck will walk you through the national 9-1-1 voice infrastructure, pointing out these vulnerabilities, and providing insight on how to mitigate these to attacks.

Security Leaders Must Be Part of the Sales Team

The best security leaders will contribute greatly to business success, directly and indirectly for their company and customers. They ensure that other leaders in their company have the necessary information to make the best decisions for the business. Their experience and intent are valuable assets for marketers and salespeople to use to their advantage with prospects and customers. All security leaders must contribute to increasing or enhancing revenue and reducing risk. These two value-adds are fundamental to the role of every security leader.

Lunch & Learn

Executive Roundtables – Achieving Security Visibility in the Era of Cloud Shift

While organizations undertake digital transformation and shift to the cloud, security teams are handcuffed by limited visibility. 69% of survey respondents of the Devo SOC Performance report cite limited visibility into the attack surface as the primary cause of team ineffectiveness. Join us to discuss the trends that are causing security visibility gaps while increasing the likelihood of data breaches. Discuss potential solutions and what you have been implementing to increase cybersecurity effectiveness.

Executive Roundtables – Flexing Your Risk Management Muscles

Sure, cybersecurity is often our forte, but don’t be surprised if your renowned risk management skills are requested and put to the test to deal with the growing litany of issues confronting organizations of all types this year and throughout 2021.  In this roundtable we’ll pick some topics, but you’ll drive the discussion.  We’ll select issues that are sure to confront and confound businesses and organizations, and we’re asking you to help layout the groundwork for determining how you dispassionately assess the risks.  In this roundtable we’ll set politics aside to deal with some of the biggest questions that are inevitably forthcoming: 

• (Assuming) once a Covid-19 vaccine is available, will we allow employees, students, and visitors back into our offices and classrooms under ‘normal’ circumstances, or do the current mitigations stay in place?  Will we require a vaccination to return?  What is a company to do?
• Online content hosts have long separated themselves from the idea or suggestion that they should police content, but others disagree, and the arguments for both sides are starting to get more introspective and complex.  Nearly all organizations host discussion content today, either for internal or external consumption… so how will your organization respond to controversial content when it shows up on your platform?
• Businesses – usually – try to stay out of the fray of political and social issues and focus on the products and services at hand.  But as the ‘social contract’ between businesses, employees, and consumers has been reassessed, some CEOs have decided to dive into the middle of these issues and adopt new obligations of corporate responsibility.  What are the risks of this move, and how does a company respond, knowing that – in many cases – there will always be a dissatisfied party?

Executive Roundtables – Productivity and Morale During a Pandemic

When we first started the Covid-19 Pandemic companies so little impact to productivity and in some cases claimed productivity had in cases increased.  We are not hearing that leaders are seeing the productivity declining and they are finding it challenging to keep their teams motivated and engaged. Join this roundtable to discuss tactics to ensure your teams can remain productive and what you as the leader have a responsibility that you may have not had to previously be thinking about.

Molding Your Cyber Workforce: Don’t Rely on the Punditry

In this engaging presentation, John McCumber will review the recent literature and media portrayals of the challenges hiring and retaining top cybersecurity talent. He will explain why you cannot trust most of what you have been reading and explain how you can better filter this data to extract what is important for you and your organization. Come and learn the concrete steps you can immediately use to better acquire, train, and grow your cybersecurity workforce. Don’t listen to the pundits. Most are wrong! Learn why.

Executive Roundtables – What certifications do you actually need – and why are they important?

With the deluge of certification requirements for both your company and its supply chain, what is important? Consider the following – in the last week you may have been asked if your company was ISO 27001, ISO 15408, FEDramp, STIGs, CMMC, SP800-17mumble.. and the list goes on and on. Given that you can consume 100% of your time and 1000% of your money and time on certifications, the real question ‘What is really important

Executive Roundtables – Post Pandemic Clean up and Lessons Learned

During the Covid-19 pandemic, what processes were implemented at your organization to support everyone working remotely which you now need to review?  Are there areas where you now need to be looking at tightening security?  What changes did you make that are going to be “permanent?”  Lastly, what lessons were learned that you wish you’d know prior to 2020?  Joined this discussion to share take-aways for you and your teams.

Executive Roundtables – Driving Behavior Change with your Security Awareness Training

Studies show that 80% of organizations allocate only two hours or less per year for security awareness.  Given this, how are you making sure you can maximize your time with users to ensure behavior change?

Join this roundtable to share proven strategies around where to focus your efforts, keeping users engaged, benchmarking, making it fun! and more.

“Deliver Uncompromised:” DoD CMMC, NIST SP 800-171 and the new FASC

The recently released DoDD 5000.01 (“The Defense Acquisition System”) recognizes that Security, cybersecurity, and protection of critical technologies at all phases of acquisition are the foundation for uncompromised delivery and sustainment of warfighting capability.” This was the core thesis of the August 2018 MITRE “Deliver Uncompromised” Report. The speakers will review what has been accomplished, what is underway and what lies ahead in DoD efforts to act on the “DU Report recommendations. CMMC is a key starting point. If adversaries can penetrate contractor networks and steal sensitive unclassified information from the DIB, defense systems can be compromised even before delivery or at any time in their lifecycle. On the horizon for CMMC are other objectives. The new Federal Acquisition Security Council (FASC) Interim Final Rule points to coordinated activity by DoD and other federal agencies to address foreign source threats and take on the challenge of supply chain security, including hardware and software assurance.

Things to Consider Before Adopting Zero Trust

Ronald Reagan was known to utter the famous phrase “Trust but Verify” when dealing with the Soviet Union in the 1980s. That phrase has also entered into conversations within information security departments when discussing how to protect sensitive data. Today, with a threat landscape that changes daily if not hourly, the concept of “Never Trust, Always Verify” has become increasingly important to embrace. A Zero Trust Framework can support this concept if deployed effectively. This talk will cover some things to consider before adopting zero trust such as culture, technology, people and processes to help ensure a holistic approach.

Closing Remarks