SECURE North America | 2022

Jun 15, 2022 ‐ Jun 15, 2022



Sessions

The History and Future of Privacy

Jun 15, 2022 10:05am ‐ Jun 15, 2022 11:05am

Identification: SNA2203

To understand the future of privacy, we must examine the history of privacy. By exploring the interplay throughout history between emerging technologies and the human truth of privacy, this session will provide a broad view of the critical importance of the issue in society today.

Speaker(s):

Keynote iconKeynote

Preview Available

Keynote

Jun 15, 2022 11:10am ‐ Jun 15, 2022 12:10pm

Identification: SNA2204


Networking & Exhibit Hall Break

Jun 15, 2022 12:10pm ‐ Jun 15, 2022 12:40pm

Identification: SNA22NS01


Hot Topics in Cybersecurity Law: Your Questions Answered

Jun 15, 2022 12:40pm ‐ Jun 15, 2022 1:40pm

Identification: SNAA2206

“Does my cybersecurity insurance cover intrusions related to the Russia/Ukraine war?” “What are my reporting requirements under the Strengthening American Cybersecurity Act of 2022?” “How do recent presidential executive orders impact my data protection program?” “How do I prepare for the upcoming California Privacy Rights Act?” Information security professionals are asking these and many more questions about their duties under the law. In this presentation, a cybersecurity attorney will review current hot topics in information security and data privacy law and answer your questions. At its conclusion, attendees will be able to:
· Understand the cybersecurity legal implications of “hot” and “cold” conflicts around the world
· Appreciate subtleties in complying with new and upcoming data protection laws
· Justify asking for the resources needed to meet cybersecurity legal challenges

Learning Objectives:
  • Understand the cybersecurity legal implications of “hot” and “cold” conflicts around the world
  • Appreciate subtleties in complying with new and upcoming data protection laws
  • Justify asking for the resources needed to meet cybersecurity legal challenges
Speaker(s):

Hiring & Training Junior Cybersecurity Staff

Jun 15, 2022 12:40pm ‐ Jun 15, 2022 1:40pm

Identification: SNA2205

The latest (ISC)2 research reveals how cybersecurity hiring managers are finding talent for entry- and junior-level roles, how long and how much money it takes to train them, and what tasks you can entrust them to tackle on their own and when.

Speaker(s):

Orlando Doctrine iconOrlando Doctrine

Preview Available

Orlando Doctrine

Jun 15, 2022 1:50pm ‐ Jun 15, 2022 2:50pm

Identification: SNAA2207

Speaker(s):

Attack Tree-based Threat Modeling - Assessing & Mitigating Risk in an Objective Way

Jun 15, 2022 1:50pm ‐ Jun 15, 2022 2:50pm

Identification: SNAA2208

Most cybersecurity technologies deal with the past (logs, forensics) or the present (network monitoring, intrusion detection, anti-virus). Although necessary, these approaches are inherently reactive. Attack tree-based threat risk analysis deals with the future. Customers working in critical defense and aerospace applications have long used attack tree analysis to ensure that their systems' architectures will withstand both present day and future attacks. In the attack tree analysis process, the analyst builds a graphical, mathematical model of the system they wish to protect, and descriptions of the system's adversaries. Analysis reveals the attacks the adversaries are most likely to use and the best countermeasures. It is especially applicable to industrial control system (ICS) security and an ICS example will be presented.

Learning Objectives:
  • Attendees will learn how attack tree models can help them identify and prioritize the controls that will be most beneficial for their systems.
  • Discover how attack tree models can predict how their system is most likely to be attacked.
Speaker(s):

Networking & Exhibit Hall Break

Jun 15, 2022 2:50pm ‐ Jun 15, 2022 3:20pm

Identification: SNA22NS02


Security Strategy as a Driver for Awareness & Training

Jun 15, 2022 3:20pm ‐ Jun 15, 2022 4:20pm

Identification: SNAA2209

This session will discuss Security Office services and roadmaps as inputs to strategically targeting Security Awareness and Training (A&T) activities. The overall A&T goal is intentionally designed to drive enterprise security culture shift and maximize training effort rather than focus on a security compliance framework. We'll highlight initiatives – SimPhishing program, Ambassador program, Security Academy, Self-service security portal, topical videos, etc. - that are used to achieve this goal, with examples of metrics of success

Speaker(s):
  • Shelly J. Epps, MS, HCISPP, Director, Security Program Management, Duke Health

Fireside Chat: The Power of Diverse Voices in Cyber

Jun 15, 2022 3:20pm ‐ Jun 15, 2022 4:20pm

Identification: SNAA2210

Statistics show that an increase diversity and inclusion within cyber is imperative to securing diverse communities across the globe. Yet, how does that diversity truly impact and create a more sustainable cyber profession? In this fireside chat, we’ll discover how elevating and creating space for more diverse voices leads to that sustainability. We’ll talk with Anthony Hannon, CISSP, CISM—a leading voice in DEI in cyber—and discuss his journey in the profession and how he has navigated his own sense of belonging in cyber.

Speaker(s):
  • Dwan Jones, (ISC)² Independent Diversity Consultant, (ISC)²
  • Anthony Hannon, CISSP, CISM, CEO Action for Racial Equity Fellow at MassMutual, Minorities in Cybersecurity Board Member