ISC2 on Point with Careers: How to Lead High-Performance Security Teams

Oct 25, 2023 10:25am ‐ Oct 25, 2023 11:20am

Credits: None available.

Learn how to be a better security team manager and leader. In this session, we’ll discuss the fundamentals of management. Find out what makes a great security team and how to hire. Understanding emotional intelligence and what motivates team members. Get strategies for goal setting and performance evaluations. You’ll learn the importance of feedback and coaching.
Learning Objectives:
  • Outline what makes a great security team and how to hire.
  • Recognize emotional intelligence and what motivates team members.
  • Implement meaningful goals and evaluate performance.

Protecting the ML Pipeline: Practical Guidance for Securing Machine Learning Systems

Oct 25, 2023 10:25am ‐ Oct 25, 2023 11:20am

Credits: None available.

Advancements in Machine Learning (ML) have enabled a surge in adoption of ML solutions to address problems across numerous domains. With this rising reliance on ML in many organizations, it is critical that such systems are protected from malicious activities. This talk will present ML-specific cybersecurity issues, discuss ML adversarial techniques, and explore case studies of real-world ML cyber incidents. Further, this presentation will describe secure machine learning systems development approaches and secure machine learning operations (MLOps) pipelines.
Learning Objectives:
  • Describe cybersecurity threats to machine learning systems.
  • Relate ways to protect machine learning systems from adversarial attacks.
  • Explain techniques for building secure machine learning systems development pipelines.

The Art of Privilege Escalation - How Hackers Become Admins

Oct 25, 2023 10:25am ‐ Oct 25, 2023 11:20am

Credits: None available.

Privilege escalation is one of the most common techniques bad actors use to discover and exfiltrate sensitive valuable data. From their perspective, it’s the art of increasing privileges from initial access, which is typically a standard user or application account, all the way up to administrator, root or even full-system access. With NT AuthoritySystem access or on the Linux root account, cybercriminals have full access to a system — and with domain administrator access, they own the entire network.
Learning Objectives:
  • Anticipate the ways bad actors escalate privileges.
  • Utilize proven tools to identify privilege escalation.
  • Apply strategies to reduce the risks of privilege escalation.

Fixing Inconsistent and Incompatible GRC

Oct 25, 2023 10:25am ‐ Oct 25, 2023 11:20am

Credits: None available.

The presenter and his team spent the last year rebuilding cyber risk governance for a multi-billion-dollar global financial services firm. They inherited hundreds of risk findings from a dozen teams — a misleading pile of disparate forms with many different rankings and scales. The pile only hinted at the true reality of the problems. Hear what they tried, what failed and what they eventually did to make it work.
Learning Objectives:
  • Develop an actionable and business-friendly cyber risk statement.
  • Reconcile risk findings across the enterprise with subject matter experts who are not infosec experts and build bridges to work with them.
  • Implement and manage a GRC automation project.

Zero Trust Threat Modeling

Oct 25, 2023 10:25am ‐ Oct 25, 2023 11:20am

Credits: None available.

What does Zero Trust mean at the top of the technology stack? Apply the concept to threat modeling by understanding change in a Zero Trust world and considering a threat model of Zero Trust architecture. We’ll explore new design principles, introduce a mnemonic to apply the significant threats impacting Zero Trust and expose a new taxonomy specific to Zero Trust application.
Learning Objectives:
  • Describe new design principles in a Zero Trust threat model and apply a mnemonic and taxonomy of threats impacting Zero Trust applications.
  • Recognize what changes with threat modeling in a Zero Trust world.
  • Explain the impact of Zero Trust on threat modeling.

Cloud Architectures: Secure Experimentation and Innovation

Oct 25, 2023 10:25am ‐ Oct 25, 2023 11:20am

Credits: None available.

Dive deep into development, sandbox and production environments to implement guardrails, configurations and automation that drive practitioners to operate more securely. This session will identify how these architectures can create opportunities in vulnerability management and SLA enforcement by exploring real-world examples. Take back actionable and specific environmental configurations that maximize your ability to experiment and innovate while minimizing risk. Learn how introspection to business metrics can provide functional security operations value in minimizing the attack surface area of your cloud environments.

Learning Objectives:
  • Create secure environmental structures supporting DevSecOps practices
  • Describe secure cloud environments and best practices for innovation and experimentation
  • Demonstrate success and value through the correlation of business metrics with security data.

PII in the Sky: Maintaining Cloud Control when Access Extends Beyond the Service Edge

Oct 25, 2023 11:35am ‐ Oct 25, 2023 12:30pm

Credits: None available.

This session will explore recent innovations that underlie secure, performant solutions answering the need to control data even when it is held, processed or transmitted by other parties. The techniques deployed are infrastructure-agnostic and compatible with cryptographically enforced role- and identity-based access controls, end-user privacy preservation, authorized data recovery, multiparty computation and collusion resistant operations. Complex constructs such as ephemeral blinding and personalized tokenization are now accessible through no-code, low-code and full-code integration models.
Learning Objectives:
  • Assess the risks associated with data traversing beyond the security service edge, as well as those associated with the corresponding parallels to granular internal access controls.
  • Describe the fundamentals of novel techniques enabling federated, distributed access control on externally held data.
  • Apply solutions across adoption models to materially reduce the likelihood of breaches and their adverse impacts.

Cyber Risk Management from a CISO’s Perspective

Oct 25, 2023 11:35am ‐ Oct 25, 2023 12:30pm

Credits: None available.

Discover how to weigh the balance between cyber risk and operational requirements. We’ll discuss how to select a security framework and develop a vulnerability management strategy tailored to your organizational needs. Learn to recognize the impact of laws and regulations on security programs, and the importance of written information security policies and procedures.
Learning Objectives:
  • Apply risk-aware decisions for a balanced cyber risk management strategy.
  • Select security frameworks that are most appropriate for organizational requirements.
  • Develop a formal written information security program and define the reality of approving security exceptions.

AI Functionality in Applications: Beware of the Risks

Oct 25, 2023 11:35am ‐ Oct 25, 2023 12:30pm

Credits: None available.

AI technology is being embedded in popular applications from Microsoft, Adobe and Google. As the content you create and store in these applications is data mined to facilitate AI-type creative support, your intellectual property may be at risk. We will examine ways to reduce that risk in this session.

Learning Objectives:
  • Call out the ways AI technology is being embedded in popular applications from Microsoft, Adobe and Google.
  • Recognize how AI leverages content you created to enhance productivity.
  • Recommend ways to reduce risks to your intellectual property from data mining by AI applications

ISC2 on Point with Careers: You Can Get There from Here: Achieve Your Cyber Career Goals

Oct 25, 2023 11:35am ‐ Oct 25, 2023 12:30pm

Credits: None available.

Two recruiting executives in this cleared space are ready to assist you in reaching your career goals. They’ll speak from their own personal experiences to share how confidence not only propelled them through stages but made it possible to help others. Neither speaker graduated college and both got through diversity hurdles over time. In this session, we’ll refine job searching and resume creation in cybersecurity. Find out how to connect with organizations after applying by contributing content, volunteering or learning something new.
Learning Objectives:
  • Devise a plan to search strategically for your next career opportunity.
  • Prepare your resume so it stands out and get noticed by hiring managers.
  • Consider moving forward from your current role to your next opportunity.