Over the past three years, Israel-based software developer NSO Group has been locked in a battle with the technology community and human rights NGOs over the use (and misuse) of Pegasus, NSO’s leading mobile device surveillance product. On one side are global technology companies that object to the potential for harm to their brand and offerings posed by the use of Pegasus by intelligence and law enforcement communities around the world. On the other side is NSO Group and its investors, who have been promoting the sale of Pegasus to those very same communities over the last decade, sometimes with disastrous results. In this presentation, infosec attorneys and privacy advisors will review the legal history of this battle and what the future might hold.

Cloud incident response can mean many things, so let's dig in and figure out what that really means as far as skills, resourcing and response. This session will walk through several incident response scenarios that involve various cloud implementations to show how response techniques may need to pivot from traditional security response processes. Attendees will gain insight and skills into ways that they can improve upon their cloud incident response process in their own organization.

Cryptography is critical infrastructure, essential to secure the shift to cloud, IoT devices, and zero-trust strategies. However, for many organizations, managing public key infrastructure (PKI) and machine identities, such as keys and digital certificates, is messy. Emerging certificate issuance use cases, shorter lifespans, skills shortages, and a constantly changing IT landscape add to PKI complexity and create serious challenges. Learn about:

• Trends in the machine identity and cryptography landscape
• Current practices in PKI, certificate management and code signing
• The importance of machine identity management in IAM strateg
• Real-world case studies
• How Keyfactor empowers organizations to manage cryptography as critical infrastructure

The landscape for job seekers is always evolving. If you asked a job seeker 20 years ago what their most powerful tip for getting a job would be, they would not have mentioned social media, online brand reputation nor online networking.

Why? Because none of these tools existed back then!

Since the advent of social media, many different platforms have come and gone. Most of the frequently used social media platforms change dramatically each year. It is very common for your first interaction with a recruiter or future employer to be through social media.

Therefore, how do you best present yourself online to ensure that you secure that next career opportunity?

We will cover several forms of online job search tools from social media, career portals and job boards to familiarize you with how to leverage your online presence to secure - not sabotage - your job search.

There are many steps in the job search process and succeeding at technical interviews is a vital step in the process.

But how do you prepare for this step?

What do you need to know about the job you are applying for and the team that you will be meeting?

Being successful at technical interviewing starts with the job description and your resume. This session will guide you through the important steps to succeed at technical interviews and provide vital information on how to use this same process for your annual performance reviews.

“Will our cyber insurance policy cover attacks from Russia?”

“Are we legally allowed to pay ransom?”

“What are our reporting requirements in the event of an attack?”

“Is ransomware considered a breach?”

The Russia-Ukraine war has precipitated these and many more legal questions. In this presentation, infosec attorneys and privacy advisors will review cybersecurity legal considerations and offer their insight into best practices in light of this conflict and potential ones in the near future.

As cybersecurity leaders, we have issues building our bench of players and we acquire most of our new team members via trade wire vs draft. This conversation will draw several analogies such as head coach changes (CISO) playing with the last coach's players and playbook; the need for a real draft class every year (entry level positions); and the drive for red team positions and fewer defense minded ones.

Attackers targeted healthcare more than any other industry in 2021, accounting for 34% of incidents—more than one third. What’s the remedy? This session analyzes root causes for the sharp rise in attacks by presenting accurate historical and current data, analysis and conclusions pertaining to international and domestic healthcare breaches from 2009 to present day. We'll scrutinizes the subculture within healthcare IT over time and current emerging trends, including rapid cybersecurity prioritization following the onset of the COVID-19 pandemic and lingering resource gaps. The session provides a summary of counted and uncounted cost of breaches using real-world cases. Attendees will take away achievable recommendations to help cure the culture and cost woes and continue to mature their healthcare IT security programs.

One of the key tools in a job search is the resume. How it is crafted and what purpose it serves differs between the government and military community versus the private sector. There are plenty of military terminology translators available online. However, these will not assist you in understanding the key differences of how to write your resume to convey your technical and leadership skills to a private sector employer.

Writing a resume is a difficult task and most professionals look at their job descriptions and paste their current job duties into a resume. FITREPs and notable accomplishments do not carry the same weight in the civilian communities as they do in the military communities. Learn how to distill, not dilute, your many accomplishments into a powerful tool to secure your post-military opportunity.

The bad guys are once again held at bay, everything is locked down, the incident is wrapped and your work here is done. Or is it? More and more of today's cyber incidents are leading to civil litigation where your best defense strategy starts with the first steps of incident response. Litigation preparedness needs to be a key aspect of your incident response plan; if it's not, you are likely leaving your organization open to significant risk and future expense. Join us while we will cover the basics of litigation, the rules you need to prepare to follow and why actions you take during incident response can be deciding factors on how that future litigation unfolds.