|
KeynotesKeynotes Careers AI Frameworks Operations Case Studies
In an increasingly complex cybersecurity landscape, where threats evolve at machine speed, the key to success lies not just in technology and response time, but in building a community of practice based on trust and effective expectation management. This talk will explore how trust and expectation management form the foundation of strong collaborative relationships and how they can drive success in cybersecurity, particularly in large-scale, multi-stakeholder environments. We will examine a pivotal case from 2012, during the early days of U.S. cyber operations, when the U.S. Government and the Department of Defense recognized the urgent need to enhance their cybersecurity capabilities. The establishment of U.S. Cyber Command (USCYBERCOM) in 2010 and U.S. Army Cyber Command (ARCYBER) in 2012 marked a significant milestone. General Keith Alexander and Lieutenant General Rhett Hernandez, commanders of these new organizations, identified a critical gap: the need to "fix cyber" to prevent strategic surprises in cyberspace. Their recommendation to the Chief of Staff of the Army, General Raymond Odierno, led to the creation of the Army Cyber Institute at West Point, a testament to the power of proactive trust-building and clear expectation management. This use case highlights the essential role that trust-building and expectation management play in cybersecurity. Just as USCYBERCOM and ARCYBER forged a path for the future of U.S. cyber operations through clear communication, mutual trust, and aligned expectations, today's cybersecurity professionals must do the same within their own organizations. Through practical strategies and real-world examples, this session will empower attendees to build stronger, more resilient collaborative relationships under the pressures of today's cyber threats. By fostering trust and effectively managing expectations, we can collectively strengthen our defenses and protect critical infrastructure in an interconnected digital world. SessionsTopic: Career AdvancementKeynotes Careers AI Frameworks Operations Case Studies
This career talk is designed for IT professionals (sys admin, developers, network engineer etc.) who are looking to transition into the dynamic and rapidly growing field of cybersecurity. With the increasing demand for skilled cybersecurity experts, this session will provide a comprehensive guide to making a successful and swift career shift from IT development roles to cybersecurity positions. By the end of this talk, attendees will have a clear understanding of how to leverage their existing IT skills to avoid starting from scratch in the cybersecurity field, the steps needed to gain the necessary knowledge and experience, and practical tips for landing a cybersecurity role. The session aims to empower IT professionals to confidently pursue a rewarding career in cybersecurity.
As artificial intelligence (AI) continues to revolutionize the cybersecurity landscape, the nature of entry-level roles in the field is rapidly evolving. This session will explore how AI is reshaping the demand for cybersecurity professionals, with a particular focus on the skills and competencies required for future entry-level positions. We will discuss the automation of routine tasks, the need for specialized knowledge in AI-driven tools, and the growing importance of strategic thinking and problem-solving abilities. Attendees will gain insights into how aspiring cybersecurity professionals can prepare for these changes, ensuring they are equipped to navigate the challenges and opportunities presented by AI. The session will also consider the implications for training and education programs, emphasizing the need for curricula that align with the future demands of the cybersecurity industry.
The presentation explores practical pathways for building a successful cybersecurity career without a college degree. It will cover essential steps such as developing foundational IT skills, obtaining key certifications, and gaining hands-on experience through challenges and internships. The presentation will also emphasize the importance of continuous learning, staying current with industry trends, and the value of mentorship within the cybersecurity community. Attendees will gain insights into navigating the job market, identifying entry-level opportunities, and planning for long-term career growth in cybersecurity, all without relying on a traditional educational background. Key Takeaways:
In the last 25 years, attacks and security protection have advanced rapidly. Looking back, it is easy to identify the different generations of attacks and security products that protect against them. However, today the velocity of attack evolution is far outpacing the level of security that businesses have deployed. This is a problem. The level of security deployed by businesses cannot be behind the level of attacks coming at them. But there's another issue that's surfaced: talent. The New York Times recently published an article estimating that over 3.5 million cybersecurity jobs are available globally, with nearly a million in the United States alone. The cybersecurity skills shortage is getting worse. Given the dangerous threat landscape, this means the skills shortage represents an existential threat to our nation, a nation that relies on technology as the backbone of our economy, critical infrastructure, and society at large. In this session we'll discuss the evolution of cyberthreats and how the educational institutions of the world can help address the growing cyber talent gap. Key Takeaways:
Topic: Artificial IntelligenceKeynotes Careers AI Frameworks Operations Case Studies
This is a panel about AI and Cybersecurity. While all the panelists have thought about and have something to say about AI, they are not AI experts. Rather they are security experts, your peers who share your Interests and concerns. They have been asked to talk to you about the short term opportunities and risks of AI and to give you their thoughts about the long term and how we should prepare for it. While much of what we will say will be, of necessity, speculative, we promise to be both entertaining and provocative.
Artificial intelligence (AI) systems are becoming ubiquitous in our daily lives, but how secure are they? In this presentation, I will introduce the audience to some of the techniques used by hackers and researchers to attack AI systems, such as data poisoning, model stealing, and prompt injection. I will also demonstrate some of these attacks live. The presentation will be interactive and engaging, with a few light challenges for those audience members who want to try their hands at breaking AI (from the comfort of your mobile phone). I will also highlight some real-world case studies of successful attacks. Whether you are an AI enthusiast, a security professional, or just curious about how AI fails, this presentation will give you a practical and fun introduction to the fascinating world of adversary AI techniques, along with ample resources to get you started with practicing these techniques legally. Key Takeaways:
AI-powered misinformation is now deemed the biggest short-term threat to the global economy, according to a recent World Economic Forum report. Detecting online threats like misinformation, disinformation, deepfakes, and bots can be daunting. Even the rumor of a breach can erode trust in a brand's security, impacting every facet of the organization. As narrative-based threats grow more sophisticated, organizations must enhance their detection and defense capabilities. Join Nick Loui, for an enlightening session on how security teams can uncover and address emerging online threats before they impact your organization. Nick will share key strategies and insights to protect your brand from digital deception. Key Takeaways:
Building a robust Secure AI Governance Framework is essential for managing the ethical, legal, and operational aspects of artificial intelligence systems. The session will cover a structured approach to creating a comprehensive framework to secure or design Secure AI framework. The session will cover key components to be addressed while designing and implementing Secure AI governance program. Key Takeaways:
AI/Deep Fakes and Quantum Computing introduce new risk to organizations. We'll discuss new threats and effective approaches to this new frontier upon us. Data has become the intellectual property for organizations, their competitive differentiator, and critical to their success and livelihood. The new technologies are fundamentally used in analyzing, modeling and forecasting massive amounts of critical information quickly. Data has become consolidated treasure the bad actors want. These new technologies leverage an organization's most critical and sensitive information and must be kept safe and secure. Key Takeaways:
Topic: FrameworksKeynotes Careers AI Frameworks Operations Case Studies
An overview of the CMMC 2.0 Program and cybersecurity framework based on NIST SP 800-171 and 172 to improve the overall cybersecurity hygiene of the Defense Industrial Base in the protection of Confidential Unclassified Information (CUI). This program is serving as an entry point for improving the overall cybersecurity culture of not only the DoD, but for the entire federal government agencies. Key Takeaways:
In today's rapidly evolving cyber threat landscape, businesses of all sizes face increasing challenges in safeguarding their critical assets and maintaining compliance with regulatory requirements. The Center for Internet Security (CIS) Version 8 Controls provide a comprehensive framework designed to enhance an organization's cybersecurity posture. This presentation aims to offer businesses practical guidance and real-world insights into implementing CIS V8 Controls, leveraging the expertise of a seasoned enterprise consultant. Attendees will gain an understanding of the foundational principles of CIS V8 Controls, including how to prioritize and implement these controls effectively within their organizations. The presentation will cover key topics such as risk assessment, asset management, access control, and incident response. Real-world case studies will be shared to illustrate common challenges and successful strategies for overcoming them. By the end of this session, business leaders and IT professionals will be equipped with actionable steps to enhance their cybersecurity defenses, mitigate risks, and ensure compliance. This presentation is ideal for organizations seeking to strengthen their security framework with proven methods and expert guidance. Join us to learn how to navigate the complexities of cybersecurity with confidence and protect your business from emerging threats using the CIS V8 Controls. Key Takeaways:
Topic: OperationsKeynotes Careers AI Frameworks Operations Case Studies
Insider threats are a major drain on the global economy, responsible for 82% of cyber losses. But most reports focus on accidental mistakes (56%) rather than deliberate theft (26%), which leads to underestimating the true damage. This article dives into the malicious or deliberate insider threat, where employees steal or misuse company assets without outside help. These insiders have unique advantages: access to valuable data, knowledge of its worth, and connections to potential buyers (like competitors). Think of a departing employee taking customer lists to help a rival gain market share. External attackers often target generic privacy data like social security numbers or credit cards, creating legal trouble and leverage for themselves. But malicious insiders know where the real jewels are, causing much bigger losses. Mature cybersecurity programs recognize the non-technical dimensions of risk mitigation, including governance, policies, and personnel training. Embedding IP and insider threats within risk frameworks empowers leadership to delegate responsibility and encourage corporate adoption of protective measures. By implementing a transparent system of incentives and consequences ("carrots and sticks"), organizations can foster alignment between individual contributions, employee performance, and an overall culture of innovation. This approach motivates employees to identify, protect, and contribute to valuable IP, ultimately strengthening the organization's competitive advantage.
In the world of cybersecurity, the dynamic between the red team and the blue team is crucial. The blue team's primary focus lies in fortifying digital systems through defensive measures, employing technologies such as intrusion detection systems and firewalls. They adeptly wield coding languages like PowerShell and Python to bolster defenses and proactively monitor for signs of intrusion. Conversely, the red team assumes an offensive stance, utilizing their coding expertise to simulate attacks and identify system vulnerabilities. Their mission is to expose weaknesses that may evade detection by the blue team, fostering a culture of continuous improvement in cybersecurity strategies. Through collaborative efforts and innovative approaches, these teams synergize to erect robust defenses against evolving cyber threats, underscoring the significance of teamwork and skill diversity in safeguarding digital assets. Attendees will gain insight into the dynamic interplay between the red and blue teams within cybersecurity. By grasping the distinct roles and methodologies employed by each team, participants will appreciate the value of collaboration and skill diversity in fortifying digital defenses. The keynote emphasizes the importance of fostering a culture of continuous improvement and innovation to stay ahead of emerging cyber threats, showcasing the critical role played by both the red and blue teams in defending against evolving cybersecurity challenges. Key Takeaways:
Cyber maturity Programs are failing. We need to shift to measuring Cyber Program Effectiveness. The cyber criminal has moved from just stealing information to business disruption like UHG etc. However, our cyber programs were designed for cyber breach, not cyber attacks on business operations. This requires a shift to a business centric cyber security strategy and Planning. The session will share case study from recent client. Key Takeaways:
Application security has always been a challenge, but the transition to distributed architectures has introduced new and complex vulnerabilities. This talk will explore how modern applications and their intricate chains of trust create unprecedented attack vectors, often outpacing traditional security measures. We'll examine the complications introduced by the shared responsibility model, including the risks of undisclosed updates and changes. Attendees will gain insights into the evolving security landscape and practical strategies for navigating these emerging challenges. Key Takeaways:
Reliable data is inherently critical for application threat models. As threat modeling continues to proliferate across security programs, bad habits in feeding threat models with relevant data is becoming prevalent. This session will explore top 3 mistakes of "data starvation/gluttony" with respect to application threat models and how to achieve a contextualized, balanced data diet.
As organizations increasingly migrate to the cloud, the security landscape becomes more complex and challenging. This talk aims to equip experienced cybersecurity professionals, IT managers, and cloud practitioners with a deep understanding of the unique security concerns in cloud environments and advanced strategies to address them. Attendees will gain insights into the major risks associated with cloud security and learn how to apply cutting-edge techniques and industry best practices to mitigate these risks effectively. Key Takeaways:
Topic: Case StudiesKeynotes Careers AI Frameworks Operations Case Studies
In the relentless battle against cyber adversaries, the ability to respond with precision and effectiveness is not just a necessity-it is a mandate. This masterclass unites some of the most formidable minds in cybersecurity to share their hard-won insights and proven tactics for managing and mitigating cyber incidents. As we dissect real-world scenarios, you'll gain an unfiltered view of what it takes to safeguard your organization in the face of relentless threats. Whether you're a veteran in the cybersecurity trenches or an emerging leader, this panel will arm you with the strategies needed to fortify your defenses and respond with authority. Key Takeaways:
This presentation will analyze previous incidents, breaches, and ransomware attacks to understand how we can learn from these situations and prevent them from happening again. The presenter will discuss the attack techniques, vulnerabilities, new trends observed, what could have been done to avoid these attacks, and how organizations should respond in such cases. Attending this presentation will give you insights into improving your organization's prevention, detection, and response procedures to identify and stop modern attacks more effectively. Key Takeaways:
This presentation dives into a real-world success story of establishing robust cybersecurity governance in a geographically dispersed group of companies, even with limited resources. Drawing on my experience as a global CISO, I'll detail a step-by-step approach to achieving cross-company alignment on security standards, navigating varying levels of expertise, and overcoming resistance to change. Discover how we leveraged tools like cyberinsurance, an enhanced NIST Cybersecurity Framework, and strategic risk alignment to achieve a unified security posture despite resource constraints. Join me to learn practical strategies for fostering collaboration and building effective cybersecurity governance across complex organizational structures. Key Takeaways:
[ Home ] |