ISC2 on Point with Careers: Build Cyber Confidence from the Ground Up

Oct 25, 2023 3:05pm ‐ Oct 25, 2023 4:00pm

Credits: None available.

Leadership development and growth can be a trial. Learn how to tap into experiences and apply them to new situations for a deep impact throughout your career. It may not be easy to hear that mistakes have been made, but the way we accept the truth and respond to the information can reshape the outcome. From budgeting and teambuilding to working through situations with difficult partners, get insights that keep the road ahead feeling full of new possibilities.

Learning Objectives:
  • Describe how to build cyber teams and delegate responsibility.
  • Recognize the importance of continuity for processes and roles.
  • Demonstrate objectivity when working with people who see things differently or create friction.

Zero Trust and Third-Party Risk: Reduce the Blast Radius

Oct 25, 2023 3:05pm ‐ Oct 25, 2023 4:00pm

Credits: None available.

As the level of incidents, events and breaches continues to grow by double digits year over year, it is now a mathematical inevitability that one or more of your third-parties will be a statistic. Learn how Zero Trust is a strategy and set of principles that assumes a breach will occur and creates architecture and operations around controls. Given the increased likelihood of a vendor breach, adopting a Zero Trust approach focused on third-party risk can greatly reduce risk for your organization.
Learning Objectives:
  • Explain why Zero Trust strategy is ideal in third-party risk and how it lends itself well to the staged journey of most Zero Trust deployments.
  • Utilize an OSI model type to demonstrate the overlap of Zero Trust and third-party risk.
  • Recognize that Zero Trust is a strategy and set of principles that assumes a breach will occur and creates architecture and operations around controls.

Defending Against Token Theft

Oct 25, 2023 3:05pm ‐ Oct 25, 2023 4:00pm

Credits: None available.

Token theft is the No. 1 unmitigated identity-based attack vector today. While strong authentication can mitigate most password-based attacks, this type of attack involves compromising a token after a victim user completed authentication. This session will cover the current threat landscape and what proactive measures you can take in your organization to prevent, detect and respond to token theft. You’ll get a walkthrough of a machine-learning algorithm that detects anomalous token usage, and detailed step-by-step incident response playbook you can use.
Learning Objectives:
  • Articulate to your stakeholders where token theft can occur and the prevalence of this attack type.
  • Determine what proactive measures to take to prevent and detect instances of token theft.
  • Respond to a token theft attack using the detailed process specified in an incident response playbook.

Learning from History: What Past Cyber Attacks Taught Us

Oct 25, 2023 3:05pm ‐ Oct 25, 2023 4:00pm

Credits: None available.

This session will review past incidents, breaches and ransomware outbreaks from the news and the Rapid7 security operations center to understand what we can all learn from these incidents. The presenters will discuss the attacks, vulnerabilities and trends they are seeing in their global security operations centers, including how they identify zero-day vulnerabilities and how organizations should respond. You’ll learn how to improve your organization’s prevention, detection and response procedures to better identify and stop today’s attacks.
Learning Objectives:
  • Analyze past security incidents, breaches and ransomware outbreaks to understand the root causes and what could have been done to prevent the incidents.
  • Recognize attacks, vulnerabilities and trends in global security operations.
  • Evaluate your organization's prevention, detection and response procedures to better identify and defend against attacks.

ICS2 on Point with DEI: Witnessing Progress: Career Journeys of IT and Security Pioneers

Oct 25, 2023 3:05pm ‐ Oct 25, 2023 4:00pm

Credits: None available.

Join Janice Reese, Director of Strategic Partnerships, Healthcare and Life Sciences of SoftServe, and Barbee Mooneyhan, VP of Security, IT, and Privacy of Woebot Health as they dive into their extensive career paths with a combined 40+ years of IT and Security experience. From triumphs and obstacles, allies and adversaries—they will share their compelling narratives of the pivotal culture shifts they have witnessed and the profound positive effects these changes have brought to the larger security industry for underrepresented groups.

Killing Me Too softly: Why Won’t Passwords Die?

Oct 25, 2023 3:05pm ‐ Oct 25, 2023 4:00pm

Credits: None available.

Decades into our lament of weak passwords, it’s been six years since NIST 800-63B formally published why “best-practice” password policies are bogus. Yet, here we still are, calculating how strong passwords are, and warning people against choosing passwords like “Summer2023.” What must we do to leave the password swamp behind? Why are we stuck? Thanks to bold moves by technology firms, we rallied as an industry to kill off SSLv3 and TLS 1.0. Now what must we do to kill off single-factor authentication?
Learning Objectives:
  • Identify gaps in the organization that are preventing retirement of technical debt.
  • Recognize force levers for effecting change in the organization, enabling the retirement of single-factor authentication systems.
  • Communicate the business case for retirement of broken authentication systems.

Global Voices From The EU: Safeguarding Cyberspace: Empowering a Capable and Diverse Cyber Workforce

Oct 25, 2023 3:05pm ‐ Oct 25, 2023 4:00pm

Credits: None available.

Join key influencers, policy makers and thought leaders from around the globe to hear their perspectives on regional cybersecurity issues impacting all corners of the world. Seize the opportunity to get answers to your questions from our featured guests. In an increasingly interconnected world, the role of securing cyberspace has never been more important. Studies show, however, that the number of trained professionals that can perform this critical role does not align to the current and future needs of the industry. The workforce gap is currently around 350,000 and expected to widen over the next three years. This session will explore the challenges that organizations face in developing skilled cybersecurity teams and examines the power of diversity in the workforce. Hear about successful strategies that have been used in the European Union to address the cyber workforce gap such as talent development schemes like the European Cybersecurity Skills Framework, collaboration between academia and industry and continuous learning. Attendees will gain insights into future trends, the importance of overcoming obstacles, and the imperative of nurturing a workforce poised to defend against evolving cyber threats.


How Bad Actors Achieve Total Domain Takeover in 30 Minutes

Oct 25, 2023 4:40pm ‐ Oct 25, 2023 5:35pm

Credits: None available.

Follow a penetration tester through the key stages of an engagement, from preparation to successful execution. Step-by-step, we’ll show you how someone can achieve total domain takeover within 30 minutes of entering a target’s building. Explore the preparation stages, in particular how to use OSINT, and view a demonstration of practical reconnaissance techniques. You’ll discover how shadow technology and building facilities can be used to bypass firewalls and provide a foothold onto a network. Learn how bad actors bypass physical security controls and leverage common vulnerabilities.

Learning Objectives:
  • Identify and mitigate common network and server vulnerabilities in order to prevent privilege escalation attacks.
  • Apply your knowledge of a social engineer's methodology to prevent common reconnaissance techniques.
  • Explain how to detect and mitigate the use of lesser-known attack vectors to breach firewalls.

What Threats Do Deepfakes Present?

Oct 25, 2023 4:40pm ‐ Oct 25, 2023 5:35pm

Credits: None available.

The capabilities for creating quality deepfake audio, image and video content have been rapidly improving in recent years due to advances in AI and machine learning. While this raises many individual privacy concerns, are deepfakes really a security threat to organizations? This session will explore the organizational security concerns posed by deepfakes and what you can do to combat the threats. You’ll learn the fundamentals of deepfakes, including how they are created, practical human deepfake detection methods and automated machine learning-based detection processes.

Learning Objectives:
  • Explain how deepfake content is created and approaches to detecting it.
  • Recognize how deepfakes can pose threats to organizations.
  • Implement actions to limit the risks posed by deepfakes.

Monitoring and Communicating Tech Risk

Oct 25, 2023 4:40pm ‐ Oct 25, 2023 5:35pm

Credits: None available.

Analyze recent industry survey results and CEO statistics to determine why we need to focus on cyber risk now. You’ll gain an understanding of risk metrics, starting with risk appetite. Learn how to set thresholds in line with risk appetite, construct risk metrics and go through the build process. Explore how effective risk reporting drives risk decisions.

Learning Objectives:
  • Define risk appetite.
  • Apply the risk metric build process
  • Employ the strategies in risk reporting.