Focus on Security - October 7, 2022
No-Cost Cybersecurity Resources for All: Assessments, Trainings, Tabletop Exercises & More
Arielle Baine, CISSP, CCSP, GCWN, CEH
The world is becoming progressively digital and interconnected, contributing to a nation that is increasingly vulnerable to cyberattacks and cyber disruptions. This presentation will discuss the changing cyber threat landscape, threats, and predictions. Additionally, it will discuss the actionable next steps to combat the current and future cyber threats within your organization.
More specifically, the Cybersecurity and Infrastructure Security Agency (CISA) offers a range of cybersecurity assessments that are no-cost and voluntary to evaluate your organization’s operational resilience, cybersecurity practices, and other key elements of a resilient cyber framework. This presentation will spotlight those assessments available to our partners and stakeholders.
Kevin Hyde, President
You've either had issues with cybersecurity or you just read the latest headlines about ransomware, the inability to get cyber insurance or your clients are telling you to get HIPAA or GDPR compliant and you don't know which direction to turn.
Join us for an executive level cyber briefing to hear about those topics and more from the experts at Layer 8 Security, a national cybersecurity company founded by and run by veterans from the NSA and Cyber Command in Greater Philadelphia.
Bob Gibson Senior Solution Engineer , Virtual Cloud Network
The focus of the talk will be on the Infrastructure side/component to zero trust (since zero trust requires multiple items working together from end user authentication and controls to the infra systems/ workloads).
Financial Cybersecurity: Your Retirement Investments Aren't As Secure As You Thought
Knowing is Half the Problem : Asset Management, Vulnerability Management, and Threat Intelligence
Information security doesn’t start when an incident or compromise occurs. Information security starts with knowing what hardware and software assets are used by your organization, knowing what vulnerabilities need to be remediated, and knowing a good source of threat intelligence to help stay ahead of the bad actors. According to a recent Palo Alto Unit 42 report, bad actors are scanning for vulnerable systems within 15 minutes of a vulnerability being announced. Knowing what assets need immediate attention when trying to defend against attackers is the foundation of a solid information security program.
Cindy Casey, PhD
With an increase in cyberattacks and a shortage of cybersecurity professionals, organizations and security providers are increasingly utilizing artificial intelligence (AI) to predict, prioritize and prevent cyberattacks. With machine learning (ML), a subfield of artificial intelligence, machines are given access to massive amounts of data in order to learn how to identify ransomware, zero-day exploits, malware, and other sophisticated attacks. Without being explicitly programmed, the machine or software application will become increasingly accurate at predicting threats and abnormalities. However, what happens if the training data is compromised? After a brief introduction to artificial intelligence and machine learning, this presentation will discuss AI poisoning, back-box algorithms, and other AI and ML vulnerabilities security practitioners should be aware of.
Mike Cavanaugh, Chief Insurance Officer
I plan on addressing the basics of Cyber Insurance including the application process, policies, what insurance companies want to see, and how people can make it easier to get coverage. There are a lot of misconceptions about the coverage and right now premiums are shooting through the roof for some people so I will try and help shed some light on the processes, reasons, and strategies in the current marketplace.
This presentation focuses on the top 10 skills everyone needs to have to survive in a digital world. This is a non-technical (well, ok it's a little technical) presentation for the non-IT professional.
Scott N. Schober, President/CEO
Scott Schober will discuss the latest methods cyber criminals use to stalk individuals, property, cars. He will review the various methods used with GPS Trackers vs AirTag stalking. He will share some of the technical hurdles that law enforcement is up against and how they are utilizing technology to combat this growing cyber threat.
Special Agent Cerena Coughlin will discuss the importance of partnerships and proactive engagement between the private sector and the FBI. The presentation will focus on cyber concerns and threats, and the critical need for information sharing with the Bureau.
Your Things Are Dangerous – Safety and Security Concerns with Internet of Things (IoT) Devices
Joseph Walsh & Brian White
The Internet of Things or IoT, involves connecting objects in our world to the internet. These devices – refrigerators, thermostats, ovens, AirTags, and even our cars – can be monitored or controlled from miles away or from across the world. This presentation will address some privacy and security concerns with connecting everything to the internet. We will show you why you should be concerned and provide some suggestions on how to protect yourself.
Rob will discuss modern cyber threats and how adversaries are able to defeat an organization's defenses. Rob will then discuss how to discover adversaries that are actively in an organization's environment using free and open source tools.
Duane Shugars (Foresite CTO), e-plus
Today cyber security products and the market’s solutions are many and fragmented which makes it very difficult and confusing for counties, municipalities, and states to make sense of these offerings. This means organizations must assess many vendor options to determine value, possible overlap, and cost of ownership for these products and solutions. This process is time-consuming, confusing, many times expensive and often leave organizations with a less-than-ideal approach.
A modern approach needs to:
- Simplify options
- Simplify solutions
- Simplify understanding of risk
- Simplify and implement maturity as part of the organization’s core value chain
- Simplify and quantify compliance
Critical, is the ability to easily map these to the profile of the organization to minimize over or under engineering your approach.
Myopic vs. Holistic Approach
Modern Diaster Recovery with Rubrik
C.C. Witt/ Dan Lezoche
Learn how Rubrik’s Zero Trust Data Security can improve not just your backup, but also your cyber security protection as well!
This presentation will discuss the collection, acquisition, and analysis of artifacts from host machines related to a cybersecurity incident. Some best practices for documenting and saving data from incident response investigations in order to preserve and authenticate evidence for legal action/courtroom testimony will also be discussed.