How much time, energy and effort do you spend on your own personal information security brand? Most people think of branding as simply a corporate activity, largely within the purview of large multinationals: GE, AT&T..etc. However, in reality, we each create our own unique brand, intended or not in every interaction we have with our coworkers, management, vendors, contractors, the general public and even how we portray ourselves on social media. Our infosec brand can influence our organization, the local infosec community or even have a global impact. The presenters will discuss why It is critical that we as professionals carefully choose how this brand looks and how we build it—by writing articles, volunteering and how we treat others.

Mentalism, the art of manipulation, has been practiced by magicians, fraudsters and con artists throughout history. Cybercriminals and terrorists use it to hurt consumers. Mentalism elicits reactions to guarantee a cybercriminal's success and your downfall. This session will demonstrate mentalism, its effects and changes that security professionals must make.

There's been a push in our industry to "Shift Left" security in an effort to make security real-time, continuous and complete. As such, many tools have emerged including Cloud Security Posture Management (CSPM) solutions, Vulnerability and Code Scanners, etc. all in an effort to try and find issues before they occur. But...we're still doing Compliance in Word documents and Excel spreadsheets that are instantly out of date the moment they are created. With the rise of the API economy, cloud, and modern development tools, the time has come for compliance to be reimagined. Come to this session to learn about how you can bring the principles of DevOps to Compliance in a new discipline called Regulatory Operations (RegOps).

Board level interactions can be scary right ? knowing what to say, and what not to say … how do you have a conversation that both sides understand and buy into ?

In this session we will explore some of the dimensions of board interaction, both formal and ad hoc, what are the motivations of the various players and what are some of the dimensions that could be common ground between the wider board and cyber security execs.'

Of 101 major cyber incidents last year, 62% would have been prevented if organizations had followed one specific principle. The Principle of Need to Have Available describes surrendering permissions not required for the next set of defined tasks. We compare this with the Principle of Need to Know and show how more than half of recent major cyberattacks could have their impact limited. This principle helps protect against ransomware and for longer campaigns requires attackers to work harder to get to all the data. Unfortunately, applying this principle is not just a case of updating your information security policy because it has several disadvantages for which we provide a critique. As an example of such critique, given not all work within the organization can be broken into premeditated tasks, the principle cannot be applied to all roles and ranks without prior impact evaluations. Still to protect your organization, the Principle Need to Have Available provides an addition to your arsenal worthy of considering.

To keep cloud DevOps secure, it’s necessary to be able to answer the fundamental questions that arise in the wake of any security incident: Who did what, when? With traditional software development, it’s relatively easy to answer these questions. DevOps practices imply fast-paced change to code and delivery of this code into a production environment. The impact is exponential in cloud environments. How can this be done in a secure fashion without impacting operational efficiency?

In this session, you'll learn strategies to secure privileged access from a developer’s point of view using a zero trust approach.

Objective 1: Understand the risk linked to privileged access in DevOps and where it resides

Objective 2: Identify opportunities for PAM to mitigate risks

We all dread the question : where do you want to be in 5 years but rarely do we think about planning the stages of our career and what it takes to get to the next level. Many times career progression appears to be increases in salary and evolution of titles. But how do you really create a strategy to expand your technical and soft skills as well as your career fulfillment? And is reaching for the executive position really what you want out of your career?

We will talk with two executives about their career planning be it deliberate or accidental to find out any tips on how to craft a career development plan that progresses the way you would like it to.

Presenters describe apprenticeship pathways, including pre-apprenticeship and youth apprenticeship, for high school students interested in pursuing careers that require cybersecurity skills. These pathways are especially critical in underserved communities, where there are limited opportunities to gain career exposure and digital literacy at early ages, thus delaying the individual's long-term benefits from pursuing a successful cybersecurity-related career.

Students will learn what is available nationwide, how to reduce costs while learning a career with paid career progression to obtain early success in a highly sought field. Students will also understand the benefits of having hands-on experience with certifications and providing an abbreviated term for return on investment for the student.

Organizations are increasingly planning for the inevitable: a sizable cybersecurity issue that may land them on the headlines. When planning for such an event, it’s not an uncommon practice to outsource incident response requirements to a remote incident response team. This may include leveraging a retainer or other arrangement to essentially have expertise available during a time of crisis.

Unfortunately, it’s not as simple as the organization calling on incident responders with an urgent cry for help. How well the organization prepares to work with their incident responders and considers the people, process and technology in place to support such a team may ultimate enable or hinder a successful response to a cybersecurity incident.

In a time of international disruption driven by economic, social, military and political conflict, cybersecurity becomes both a weapon and a target. Ian will provide valuable context for cybersecurity practitioners looking to understand the global issues that impact their day-to-day roles and outline how they can use crises and disruption to create global prosperity and opportunity.