The Dark Reading Cybersecurity Crash Course is a two-day event for IT pros (October 5 and 6) who need to catch up on the latest in cybersecurity. No matter what your position in IT, the rapid changes in cybersecurity threats and technology could change the course of your day -- or even your year. But if security isn't your specialty, it can be hard to keep up with all of the latest trends and developments in cyberspace, or learn about the emerging technologies and practices that can help you keep your data safe. Particularly in these days of a pandemic, it’s critical to gain insight into the latest threats, as well as the latest tools and practices for protecting your workers, wherever they might be.
At the Cybersecurity Crash Course, you’ll get advice on the key steps your organization should take to protect critical data, as well as a detailed look at how to respond when your systems have been compromised. Our goal is to make you "security savvy" quickly by summarizing the most current thinking on enterprise defense, while at the same time catching you up on the latest exploits being perpetrated by computer criminals, nation-states, and hacktivists.
What are the chief cyber threats that could compromise your organization?
What risks are security experts and practitioners most concerned about – and what are they doing about them?
What are the latest best practices and technologies for defending enterprise data?
What should you be doing to secure emerging technologies such as the latest wave of mobile devices and the Internet of Things?
How can you secure cloud services and other technologies that lie outside your perimeter?
How should your team respond in the event of a data breach, and how should you repair your systems afterward?
Who Should Attend
IT and Networking pros who need to know more about security
CIOs / CTOs of small and mid-sized organizations who don't have a large IT security staff
Security professionals who are new to the role and need a fast, comprehensive update on the latest threats
Operations and help desk professionals who must work with IT security issues and interact with cybersecurity counterparts
Day 1: Cyber Defense Strategies
Building Cybersecurity Into Building Blocks of an Organization
Allen Ohanian (CISO, LA County DCFS)
To achieve cyber resiliency, effectively combat and survive cyber attacks, information security should be architected in the building blocks of the enterprise and interwoven into the culture, vertically and horizontally. Is your organization equipped to timely detect, prevent, withstand, and survive cyberattacks?
Re-thinking and Re-defining Enterprise Infrastructure Security
Jeff Wilson (Chief Analyst, Omdia | Informa Tech)
The Covid-19 quarantine effort has caused most enterprises to completely re-think their IT infrastructure strategies to support employees, suppliers and customers working remotely. How has this sudden shift changed cybersecurity strategies? How will those strategies evolve over time? This session offers insight and recommendations.
Practical Solutions for Securing Your Cloud Services
Jim Reavis (Co-founder and CEO, Cloud Security Alliance)
Enterprises are moving more and more of their critical data into cloud services and applications. But how can you be sure that your data is safe from potential attacks or data leaks? In this session, attendees will learn about the latest threats to cloud services, and how to work with their service providers to ensure that their critical information is secure.
Authentication: From Identifying Your Users to Trusting Your Users
Gal Shachor (Distinguished Engineer, CTO Trusted Identity, IBM); Jose Rodriguez, (Senior Software Engineer, IBM)
Identity and access management (IAM) systems have authenticated users using credentials for decades. But approaches to IAM are changing rapidly. In this session, we discuss what a next-generation IAM architecture can look like and how organizations are approaching the IAM challenge in real life.
How Hackers Attack Your Mobile Apps
Scott King (Director of Embedded Security, Zimperium)
Securing apps against attacks and manipulations is a full-time job. It is a full-time job since cybercriminals engage in hacking 24 hours a day to find innovative attack methods to uncover mobile app secrets and private user data. To defend against constant attacks, application developers must implement security throughout the entire app development lifecycle to secure data and limit risk but at a low cost to the user experience.
Making Applications Secure in a DevOps World
Brad Causey (CEO, Zero Day Consulting)
For most organizations, applications are the core of the business. But application security vulnerabilities are often overlooked, both by software manufacturers and by internal app development teams. What steps can your organization take to find and repair application vulnerabilities – before your attackers discover them? And how can build security into your own app development processes? A top applications security expert discusses these critical issues
Third Party Risk Management: War Stories and Best Practices
Tony Howlett (CISO, SecureLink)
As enterprises expand their outsourcing programs, they increase third-party access to critical infrastructure and privileged accounts. This trend is creating a vendor access "tsunami," as the average enterprise now has 67 vendors that access their networks and systems on a regular basis. Managing all these entities in a secure and compliant way is becoming harder and harder. In this talk, we will discuss emerging best practices for managing third party risk in a manner that is both secure and efficient.
Day 2: You've Been Breached!
The Impact of a Data Breach
Suzanne Widup (Sr. Principal – Threat Intel, Verizon Enterprise Solutions)
To understand the cyber risk your organization faces, you need to understand the likelihood of a breach – and its potential cost. In this session, a top expert discusses the many – and sometimes hidden – costs of a data breach, including its impact on customers and end users. You'll also get insight on the frequency of data breaches, and a better understanding of how likely it is to happen to you.
Building a Security Operations Program
Roselle Safran (Founder and CEO, KeyCaliber)
No matter what your industry or company size, you need an operations plan for security: the people, tools, and processes you'll need to manage an ongoing array of cyber threats and vulnerabilities. In this session, an experienced leader in security operations discusses the latest technology and best practices for security operations, and how enterprises are implementing them.
How to Know When You've Been Compromised
Paul Kurtz (Founder and CEO, TruStar)
Data breach experts say that many enterprises don't detect compromises until they are discovered by a third party, such as a trading partner or a law enforcement agency. What's more, many enterprises may take weeks or even months to detect a well-hidden exploit. This session offers tips and recommendations on how to shorten the time between an attacker's initial intrusion and the time that the enterprise detects and responds to it.
Managing Insider Threats
Maxine Holt (Senior Director of Research, Omdia | Informa Tech)
Not all cyber breaches and compromises are initiated by outside attackers. In some cases, it might be your employees and trusted users who instigate a compromise, either accidentally or maliciously. In this session, we offer a look at the most common, current insider threats and how to mitigate them.
Planning and Executing an Effective Incident Response
Yaron Levi (CISO, Blue Cross/Blue Shield of Kansas City)
You've uncovered a compromise of your enterprise's cyber defenses. Now what? This session describes the process of building and triggering an effective incident response process, including the staffing, tools, and planning you'll need in order to limit the damage caused by a cyber compromise.
Hacking Everything – The Dark Side of the Internet of Things
Jeff Crume (Distinguished Engineer, CTO IBM Security - North America; IBM Master Inventor, Academy of Technology Member, IBM)
With the Internet of Things (IoT), essentially everything becomes a computer. We know that computers can be hacked. This means that everything can be hacked -- including cars, home appliances, medical devices, and more. This session will give examples of IoT hacks and the consequences of not getting security right as we move to this important new technology.
Remediating and Retrenching After a Data Breach
After you've identified a compromise, uncovered the extent of the intrusion, and stopped the immediate threat, it's time to assess the damage and repair your defenses. In this session, experts will discuss the lessons learned from a major breach, the steps you should take to evaluate its impact, and the methods you should use to ensure that such a breach never happens again. You'll get insight not only on technology impact, but on issues such as cyber insurance and liability.