The charter of the CISO has always been daunting, made even more so by the challenges brought forth by the COVID pandemic. From budget constraints to competing priorities, business and security leaders need to rethink their ideas around business continuity, expansion/contraction, work-from-home/work-from-office, all while managing exposure and risk. The CISO is entrusted to protect and defend the enterprise internally and externally from continuous threats in a constantly changing landscape, typically with limited resources and unrealistic deadlines, all with the expectation that there are zero vulnerabilities. Given such an impossible reality, “hope” can seem to be the best strategy. It is not. Please meet our panel of CISOs that will share their experiences in how they navigate these challenges, and plan for success rather than hope for it! You will learn from them:

• The unique COVID-related cybersecurity challenges presented in 2020;
• The balance between playing “offense vs. defense” in today’s environment;
• The benefits and difficulties with outsourcing vs. insourcing cybersecurity solutions;
• Emerging threats.

« show less

Abstract: Zero Trust is suddenly THE cyber strategy that everyone is talking about. From the recent Forrester Zero Trust Wave to every security vendor’s website, the words “Zero Trust” are popping up just about everywhere. Despite the attention, Zero Trust is still a strategy for most, with little reality to show for it. In this session, Illumio’s Chief Evangelist Nathanael Iversen will discuss Zero Trust and <maybe offer some directions/steps/something> to make it a reality.

• Real-world examples of effective Zero Trust strategies
• Best practices for successful implementation
• How to take an end-to-end approach to Zero Trust

« show less

Legacy software supply chain “exploits”, such as Struts incident at Equifax, prey on publicly disclosed open source vulnerabilities that are left unpatched in the wild. Conversely, next-generation software supply chain “attacks” are far more sinister because bad actors are no longer waiting for public vulnerability disclosures. Instead, they are actively injecting malicious code into open source projects that feed the global supply chain.

Join this session ith Ax Sharma, Senior Security Researcher, Sonatype to:

• Understand software supply chain attacks and their impact on the open-source ecosystem
• Deep dive into prominent real-world examples of dependency confusion, typosquatting and brandjacking malware
• Learn how your organization can proactively protect itself against software supply chain attacks

« show less

As cyber-attacks increase in complexity, frequency, and velocity, in our experience, many enterprise organizations are reliant on outdated IT governance. The organizational paradigm is limited by slow-moving bureaucracy and scarce resources. This situation is often the result of a limited understanding of the risks on the part of decision-makers, like board executives who rely on outdated corporate governance frameworks that were developed in response to accounting scandals – e.g., WorldCom, Enron, Tyco, etc. – not cyber risks.

Enterprise executives continue to propagate a compliance check-box mindset that values minimal security control investment to meet audit standards. The focus on audit/compliance misses the costs that may extend beyond regulatory penalties into financial losses that are not always small enough to recover from without significant repercussions.

In this session, we draw from consulting experience, candid conversations with security leaders, and empirical research to define the current issues plaguing enterprise cyber governance, while offering specific remedies for organizational leaders striving for an effective governance model that moves beyond audit compliance to iterative and measurable risk reduction.

« show less

« show less

Working with outsourced security partners can sometimes feel like paying for an expensive black box. What are they really achieving for you and how do they do it? Understanding how, or perhaps even if, your security partner contributes to the ROI on your overall security plan is paramount and can start to reveal where improvements could be made. In this panel discussion, we will hear from peers working within information security how they tackle this challenge and what a good outsourced security partner looks like to them.

Key takeaway bullets:

• An understanding of how your peers see value in their service providers
• A range of options in methodology for calculating security ROI
• An understanding of what good looks like in an outsourced security partner

« show less

Human-operated attacks, including nation-state espionage and targeted ransomware, are on the rise against large enterprises in every industry. These are highly-targeted strains designed to evade security controls, reach critical assets and either steal information or surgically extort large sums of money. Despite significant investments, It’s still difficult for any given enterprise to be certain that attackers can’t bypass their security tools, move inside the environment and manipulate or encrypt data. During this presentation, we will examine how to stop sophisticated attackers by choking off their ability to move laterally and encrypt thousands of devices at scale.

« show less