You are Jane, the new security director of a company that has 1,000+ servers. You have just been handed an Excel spreadsheet of a report showing you have 15,692 vulnerabilities across your environment.

We will discuss the impossible task of managing vulnerabilities. We will walk through the antiquated vulnerability management process that Jane and so many of us have to deal with: spreadsheets, outdated inventory, and no context to the vulnerabilities, assets or underlying business processes. We will explore key questions that challenge everything we know today about prioritization, centralization and automation with the hope of bringing sanity back to information security in our organizations.

One of the largest issues with securing data is the exposure of insiders who work for organizations that pose a threat to the data that organizations need to protect. Organizations are becoming more desperate to find ways of stemming the damage. This talk expects to answer one question for the audience: What security control best practices are available to prevent insider cyberattacks, as perceived by cybersecurity experts?

The session will present the findings from the multiple rounds of interviews and questionnaires used to gather the data and to develop an understanding of the controls used to address insider threats. There were 32 participants who were active cybersecurity practitioners responsible for securing the data of their organizations while working to prevent insider threats.

The genesis of many cybersecurity exercises begins with a simple request: An executive approaches a manager and says, “We need a tabletop. Get it done.” This request may stir up angst as some planning is required and, to some, may be a new experience.

But what do you do when you simply don’t have the luxury of ample time to plan for a cybersecurity exercise? How do you conduct a cybersecurity exercise that is simple yet effective and worth the participants’ valuable time?

This presentation will present three simple cybersecurity exercise ideas that may be conducted with minimal planning, are applicable to most organizations and will deliver value by identifying potential deficiencies or confirming the efficacy of existing processes.

As founder of the UK’s National Cyber Security Centre, Ciaran Martin managed more than 2,000 significant cyber-attacks including the so-called Wannacry attack in 2017. Martin will provide a robust analysis of the world’s digital insecurities and provide his perspective on mitigation strategies. What are the biggest cyber vulnerabilities globally and who are the nefarious actors? How can we, as companies, countries and individuals fight back and how do we build partnerships to identify risk, build defenses and improve technology resilience.

Have you ever wondered about presenting at a conference, but thought you didn’t know how to do it? If so, this session is for you. We will look at how you evaluate conference speaking opportunities by searching for conference call for proposals (CFP) and understand the key components of submitting a proposal to speak.

More importantly, why would you want to submit a proposal? It may be that you want to develop your writing and speaking skills, Also, as you progress through your career, you will be challenged to present key ideas to management or other audiences.

Rarely do we have an opportunity to ‘try out’ the presentation of ideas. The lessons gained by submitting a proposal to speak and presenting to an audience will further your leadership and interpersonal skills, which can be directly applied to your career today.

Diversity, equity and inclusion are on all corporate radars. It is well known that diverse teams deliver better solutions, and cybersecurity is no exception. This presentation identifies real-world examples of how companies are winning at diversifying their cybersecurity teams, based on data and experience from Blacks United in Leading Technology International.

"One, never underestimate your opponent. Expect the unexpected. Two, take it outside. Never start anything inside the bar unless it's absolutely necessary. And three, be nice."

Use the "Three Simple Rules" from Road House as a guide to navigating compliance.

Our opponents are varied, active and can be internal as well as external. While security professionals are always vigilant, we need to learn how to make advocates out of our "internal" opponents to help us discover the unexpected and stay prepared. Infighting doesn't help anyone. Learn how to gain perspective, give perspective and solve the fights outside of the meeting room. Realizing this is just a job, and not a personal attack, goes a long way to establishing and keeping the peace in tenuous situations.

Maintaining a healthy security culture in a company is no easy feat. However, establishing such a culture can be even more challenging. In this session, Esther Pinto, CISO & DPO at anecdotes, will share her experience and present a roadmap for establishing a successful security strategy from scratch. Participants will learn where they should start, what to prioritize and who their key allies should be. Furthermore, the presentation will dive into how to approach balancing business and security needs at a young company looking to grow, and how to assess and define the company’s risk appetite.

Join (ISC)² CEO Clar Rosso and Dr. David Mussington, Executive Director for Infrastructure at CISA for an in-depth discussion on the most significant cybersecurity risks we face today and tomorrow. Hear his perspective on a variety of timely topics including collective defense, exploitation of cyber or physical infrastructure, workforce shortages and the effectiveness of communicating cyber risks to the general public . Learn more about CISA’s mission and the resources they provide and seize the opportunity to get your most pressing questions answered.

In many cloud-first strategies, shadow data is quickly replacing shadow IT and becoming an issue that causes anxiety in many CISOs as it leaves undue risk and potential breaches in its wake. CISOs fear the unknown as data security teams have lost visibility to where their sensitive data is in the cloud.

In this session you will learn...

• What is shadow data and how does it occur?
• Best practices to shine a light in the shadows to expose where YOUR data is hiding.