Recently, the U.S. has fallen victim to the most pernicious and skillful cyber espionage campaign known in our history, SolarWinds. The days to come will reveal more vulnerabilities, other points of weakness in the supply chain and further weaken technical defenses. Supply chains are complex and ever-changing. Consider third-party integrators, addition of new software or hardware products into the environment, and employees of the companies that make up the supply chain. Today’s dynamic technology fabric creates a greater need for due-diligence and common security control baselines as a standard for doing business. Basic reviews typically focus on “questionnaire” type audits that don’t address or satisfy the risks of the third-party workforce. (The 2018 (ISC)2 Cybersecurity report noted that 33% of small businesses admit that their employees had mishandled client credentials.) We, as leaders in cybersecurity, must begin to seriously address all aspects of the supply chain and respond to the weakest links.

In the past several years, dark web activities have spread far beyond traditional boundaries. Today’s competition and overabundance of stolen data broke traditional dynamics and forced a rapid evolution of cybercrime. One stolen users’ credential may bring down an entire company, as ransom and ransomware continues to evolve. Stolen data is drawing record sale prices. Zero-day vulnerabilities are more effective and expensive. Social engineering attacks are complex and often impossible to distinguish from real activities. Insider threats are even more dangerous. All of these threats and changes in cybercrime make the dark web more dangerous and impactful than ever. Our deep dive into the current state of the dark web should provide a better background for improving defenses today and tomorrow.

As a cybersecurity professional, there are many opportunities for those with a cyber skillset. With more people are looking to change their career or advance within a cybersecurity space, they begin to ask: How will I stand out from the other cybersecurity professionals applying for the same job opportunities? Think of your career development like training for the Tour de France. There are several stages that must be achieved before you can get closer to wearing the yellow jersey and stand on the podium, i.e., achieve your career goal. Training for the stages of a Tour de France is similar to training for the stages of your own career development. However, the stages in your development will be measured in years vs. miles.

Gender diversity in tech is a hot topic for organisations, as many understand the benefits that women can bring, such as greater profitability, innovation, and lower costs. However, when it comes to cybersecurity women offer another advantage. They think differently to men and this includes how they see risk. Join best-selling author, and 23-year cybersecurity veteran Jane Frankland to hear about the unique differences between men and women in terms of risk and how a failure to attract and retain women in cybersecurity is making us all less safe. Key takeaways include: Understand the current situation and why women in cybersecurity really matter. Learn how women see risk in a different way to men, and why this is advantageous. Gain a true understanding of the three main challenges the industry needs to overcome if it’s going to increase the numbers of women. Learn how to remove barriers to entry whilst obtaining the right calibre of professional. Discover how to cultivate talent through internal and collaborative programmes. Find out what cultural changes you can make in the workplace right now so you remain operating happily within it or cultivating a more diverse workforce.

The days of old school corporate espionage are long behind us. The “classic” insider threat had a risky job to appropriate information and then faced a logistical nightmare to sell it. Those times are long gone replaced by something far more effective, sinister and less detectable. U.K. intelligence agency, Mi5, are so deeply concerned by the rise of insider threats created by “social manipulation techniques” they have helped launch a campaign to increase awareness. In this talk you will hear stories of how key, loyal employees with access to critical IP and R&D have been socially engineered and fed convincing stories to give nefarious actors at all levels access to the Crown Jewels. Would be lovers, people posing as human rights activists, businessmen and recruiters looking for talent, conferences that didn’t exist and even someone who believed he had started working for Mi6. All these people unknowingly became insiders. All handed over IP and commercially sensitive information. How did they fall for it? Hear their stories in this keynote.

Many organizations have small IT departments or maybe just one IT "guy" and no security personnel. These organizations understandably turn to third parties to outsource most and sometimes all IT. However, they don't ask for security and the outsourced IT companies don't always offer or provide secure IT solutions. Small and medium-sized businesses need to learn how to outsource IT that comes with security. They need to have the tools to ask the right questions and make sure they are not just getting IT, but getting secured IT with an organization that understands security. This talk will provide information organizations need to bring in secure IT vendors and help IT vendors think about why they should be including security in all IT outsourced services.

An advanced society requires complex human interactions. We now need teamwork skills at a greater scale than ever before which means our emotional intelligence (EQ) skills need strengthening. This starts with a set of common behavioral standards. EQ is a (noun) meaning “the capacity to be aware of, control, and express one's emotions, and to handle interpersonal relationships judiciously and empathetically.” Hence, the standards for interactions depend greatly on our EQ skills. This talk will define the standards for interactions, and together, we will grow our EQ. Our security, privacy, economic well-being and mental health depend on the ability to engage others positively, for example win-win communication. When we establish a baseline of standards for human interactions, with win-win communication, humans will excel.

Which leading cloud provider has the most effective security features -- AWS, Azure or Google Cloud (GCP)? We'll look at three common use cases and provide live demonstrations to compare security architectures and features across all three cloud platforms. The discussion includes: Identity: Cloud customers typically create multiple AWS accounts, Azure subscriptions or GCP projects. How should a centralized source of identity be architected? Private Networking: Security-conscious cloud customers use private networking as part of a defence in depth strategy. How can this be achieved with cloud services such as storage or serverless functions which are internet-facing by default? Content Delivery Network: How can a web application be presented to global users with low latency and a high level of security?

Recently, data surpassed oil as the world's most valuable asset. Current data protection methods have too many dependencies on systems and networks through which data passes. So far, attempts to solve this problem have not adequately minimized external dependencies. The self-protecting data concept, as a zero trust use case, involves adding protections to data objects to make such objects "self-protecting." The protections would include metadata tags and tamper-awareness and action logic that allows the data object to automatically, or remotely, choose courses of action when a given threat is detected. Artificial intelligence techniques are needed due to the complexity involved with managing numerous data attributes as metadata; the need for autonomous access control, infrastructure independence; and automation of detection, alerting, and response.