Tampa

Modern AI is an essential component of an effective Cybersecurity defense, one capable of addressing the scale and severity of novel threats facing SOC teams. Unfortunately, the promises made by the marketing departments of most vendors have failed to materialize, and caused confusion and skepticism.

This keynote will help to explain why the type of technology adopted for threat detection is critical, where most solutions fall short, and what that means for the next wave of AI in Cybersecurity.

It is time to start focusing on business outcomes and results over buzzwords. This talk will include real-world scenarios from MixMode AI’s platform.

“Pay Up, or Else”. The number of organizations who have been faced with this scenario has been steadily increasing over the past several years as ransomware attacks continue to rise — both in numbers and the size of payouts.

The clear and present danger of a ransomware attack looms large among cyber executives and business leaders as the number of vulnerabilities increases daily. According to a 2022 CRA Business Intelligence survey, nearly one in four respondents reported that their organization experienced one or more ransomware attacks in the past 12 months, and almost one out of three of these organizations said the attacker succeeded in gaining access to their systems, encrypting files, and demanding a ransom

According to this survey, many believe that the worst is yet to come and that they are at a significantly higher risk of a cyberattack than ever before – it’s not a matter of “if,” but “when.”

Preparing for the inevitable and defending against the threat of a ransomware attack requires constant evaluation and assessment, and then making the necessary adjustments.

On this panel, our lineup of industry experts will discuss the key security measures enterprises must take, going beyond backup and recovery and anti-malware/anti-virus solutions to include endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS security tools, SIEM, DLP and encryption, and cloud security software.

During the past 10 years I’ve participated in many security incidents, received confidential readouts of other company incidents, collaborated with top well-known incident response firms as well as government agencies. It’s with these experiences and learnings I’ve applied an overlay of Zero Trust to the problem. Having also delivered Zero Trust strategies at two globally-recognized enterprises we can speak to the reality of the problem and solution.

In 2022 I presented how my Enterprise Security teams delivered Zero Trust at Adobe and Cisco. So, let’s talk about why we prioritized the initiative; a forward thinking strategy that really defended against the attacks we were seeing. During this session we’ll discuss some high-profile security incidents from the past year, reviewing the themes, kill chain, and how or where a Zero Trust strategy might help prevent the attack, slow them down, or reduce risk.

As an example, many high profile hacks all started similarly. Related to an employee or contractor credential theft (or purchase) and an MFA fatigue or bypass. These are NOT highly sophisticated attacks and there are strategies that can save your bacon.

As security practitioners, we’re always trying to find ways to get ahead of attackers and mitigate threats before they wreak havoc in our environments. But, traditional defense-in-depth strategies rely more on reactive controls to build walls that we hope will stop attacks from being successful. However, time and again, we see news headlines proving how often and how easily these reactive approaches are defeated.

Today’s attack surface requires a different approach, focusing on preventative risk mitigation strategies that give more visibility, more context and a better mechanism to tie technical risk to business context. While reactive controls are still necessary, the more we can identify areas of risk before the attackers do and close the gaps in our defenses, the fewer attacks will take place and the more effective those reactive controls will be.

Preventative security strategies are driven by making better decisions about how, when and where to mitigate risks. In this talk, we’ll review techniques to implement within your security program that will give a better understanding of the technical and business risk across your attack surface, how to identify the areas to focus on first and ways to drive a more meaningful approach to mitigating risks before cyberattacks exploit your weaknesses.

Most of us know, articulating security requirements to business partners in simple risk language is instrumental to the success of today’s CISO/Security role. A key question to ask yourself is, are you getting to “win win” with your business partners and an enabler of digital innovation for organizational success, or are you seen as a hindrance to progress? In this talk/workshop, Pam Lindemoen, will explore this concept to transform your existing security model to allow weighing the possibilities for risk tolerance (monitoring capabilities as compensating controls). These concepts allow the modern day CISO/security professional, like yourself, to focus on what matters most and be seen as the differentiator for the business – not a barrier.

Use of the cloud is continuously growing, not surprisingly so due to its perceived lower costs, greater agility, and ability to increase computing power with increased demand & continuously deploy new applications and software features.

Despite the appeal of cloud, there are many security risks and vulnerabilities and managing these risks has proven to be a big challenge as cyber criminals shift their tactics to cloud data and systems in responses to this increased use of the cloud. According to a CRA Business Intelligence’s September 2022 Cloud Security Survey, misconfigurations, lack of oversight, and little visibility across the organization are among their chief concerns regarding cloud deployments.

If organizations are going to successfully adopt/transition to the cloud, they must ensure security is part of their program. An effective cloud security program includes various process and technology capabilities to effectively keep up with the current threat landscape and vulnerabilities.

We all have been talking about “cloud” for a number of years. We migrated to the cloud and working in and with multi-cloud environments. However, security teams in many organizations have a hard time keeping up. Cloud environments and technologies are fundamentally different than traditional on-prem environments, with different challenges, new risks (as well as opportunities), threats and tools unique to the cloud. Trying to move security teams to consider the cloud environment NOT as an extension or as an evolution of the on-prem environment is not easy and many fail trying to adopt similar methodologies and techniques embedding security into the cloud as they did on prem. In this session we will talk about why and where it is so different, focusing on how organizations and security teams should act differently when addressing security concerns in the cloud.

As an InfoSec leader, your world has dramatically changed in just the last couple of years, and the door for risk has swung wide open. Attackers are smart, stealthy and focused on profiting from your high value information and ransomware payments.  And they’re usually a few steps ahead of you.

With cybersecurity top of mind for your Executives and the Board, you need to anticipate questions and be ready with answers. Unfortunately, the conversation we’ve been having around cyber security is ineffective.  The right conversation is centered on business priorities and the company’s appetite for risk so the value of investment choices is clear and informed decisions can be made. The goal is to choose the right level of spend to defensibly protect your company as it operates, grows and expands.

Attend this session and learn: