Archives: Seminar

[1 CPE] Chain Reaction: CISA Task Force & the Cyber Supply Chain

  Presented by Chad Kliewer • Information Security Officer, Pioneer Telephone Cooperative

We’ve all heard of “supply chain” by now. How do we go about actually doing something about it? Chad Kliewer will introduce the CISA Task Force that has been digging into supply chain issues for several years and share some resources – even some specifically designed for small and medium businesses – to adopt sound cyber supply chain practices.

Chad Kliewer is the Information Security Officer overseeing the cybersecurity and privacy programs for Pioneer Telephone Cooperative in Kingfisher, OK. He has over 20 years of experience in Information Technology and Security from PC Tech to CIO, including PCI, HIPAA, and SOX compliance. During his career, Chad has worked in healthcare, banking, and telecommunications, and has been outsourced, insourced, and resourced working with companies from 50 employees to more than 50,000 employees giving insight to companies large, small, and between. He holds a master’s degree in Cybersecurity and Information Assurance from Western Governors University, is currently serving on the board for InfraGard Oklahoma, and maintains the CISSP and several other certifications.

[1 CPE] The Insider Threat You Don’t See Coming

  Presented by INTERFACE Advisory Council

IT leaders spend countless hours focusing on security awareness training and safeguarding systems. End-users of all types have been thoroughly educated on what not to do and taught how to identify threats. Now with so many employees working remotely, this has only added to the challenges of good cyber hygiene.

In recent months, we have seen the “great resignation” as employees are quitting jobs at record numbers. Some of this is through job dissatisfaction while some are leaving to spend more time with family. The question to ask now is, have IT departments armed employees to be a new insider threat? Could a disgruntled employee now intentionally allow a threat to get through your systems? How can you tell malicious intent by an end-user vs. an innocent mistake?

Join the INTERFACE Advisory Council for a discussion about this threat. These challenges are nothing new but have quickly become more complex and common.

Panelists:

  • Aaron Baillio • Chief Information Security Officer, University of Oklahoma
  • Jonathan Kimmitt • Chief Information Security Officer, University of Tulsa
  • Daisha Pennie • Manager, IT Compliance, Oklahoma State University

[1 CPE] Ten Easy Things You Can Do Today to Secure Your Online Presence

  Presented by Pedro Serrano • Chief Information Security Officer, Grand River Dam Authority

In this presentation, Pedro Serrano will take a quick look at the most important security issues that every company should be educating its users on.

  1. You are the Target
    • Why you are the target – it’s all about Money!
    • How much data are you sharing?
  2. Social Media
    • You should check your settings, regularly!
  3. Protect your PC
    • Pedro’s 5 rules for home PC
  4. Passwords Sharing Devices
    • With so many passwords, let’s learn how to manage
    • Best password managers available today
  5. Protect your home network with a simple change in your router
    • OpenDNS – free and it works!
  6. Two Factor Authentication
    • Easy ways to implement it (This is now the new normal)
  7. Online purchases – we all do!
    • How to protect yourself – Debit vs. Credit card
  8. Backup your data (Work – Home – Phone)
    • Can you verify that it’s there?
  9. Microphones are always on! – Who is listening?
    • You carry and have them in your home
    • Your car is listening, and I know where you are
  10. Credit Freeze – It’s really easy now!

The main theme of this session could be summarized like this:

The Human element: I can add all the technical controls that I can get my hands on but if my employees (internal users) behave in a matter that is not safe (like clicking on a link that is malicious) the technical controls will not be able to stop an attack. Therefore, you are the first and last line of defense, you can make the difference!

[1 CPE] Leading and Innovating in a Hyperconnected World

  Presented by Mike Mathews • Vice President for Technology and Innovation, Oral Roberts University

The acceleration in technology advancements within a hyperconnected world has forced many IT leaders to re-invent their standard mode of operations. In addition to being a great manager, leader, and coach, the IT leader of the future must be a world-class innovator. Michael Mathews will discuss the trends across the globe which have impacted most businesses while dissecting what it means to be an innovative leader across any organization.

Mike is currently the VP for Technology and Innovation at ORU, where he has served for the past 7 years. Mike has over 24 years of experience as a senior-level IT executive bringing creative solutions that value the end-users of education, technology, and business process management. These solutions have benefited the end-users of higher education, manufacturing, and high technology company products. Mike spent 12-years working at Cray Research where he trained hundreds of supercomputer engineers across major industry sectors.

Mike has held positions as a VP of Innovation, Chief Information Officer, General Manager of CIOs, Chief Strategist for Innovation, Business Development Officer, Trainer, Teacher, and Vice President of Academic Services for leading corporations and higher education. Mike has been a CIO within higher education and corporate training for over 19 years. Mike has spoken in ten different countries during the past five years to educate governments and leaders on educational modalities.

Mike is the author of three books and hundreds of articles on theology, education, and technology that is shifting the worldview for everyone.

Mike was named 2021 Leading Education Technologist by Chief Information Officer Reviews, 2020 Top 20 Business Leaders by Industry Wired, 2019 Top Ten Innovators by Industry ERA, one of America’s Top 30 Education innovators in 2017, and a 2018 CIO 100 Award Winner.

[1 CPE] Immutable Storage: Level-Up Ransomware Readiness

  Presented by Arcserve

IDC advises that a 3-2-1-1 strategy is the new best practice for effectively protecting customers against ransomware. The last 1 is the important piece of the puzzle, where a copy is also stored on immutable storage. The growing risk of compromise to your customers’ data – specifically via ransomware DEMANDS the most up to date and complete solutions arsenal.

[1 CPE] Stopping Zero-Day Ransomware with Autonomous Incident Response

  Presented by Airgap

New strains of ransomware are leaving organizations vulnerable and show no sign of slowing down; security teams are unable to respond proportionately to an attack, leading to cyber disruption across the organization. This can affect all industries including manufacturing, critical infrastructure, healthcare, or any organization like yours and mine.

Join this session to unpack some of 2022’s most advanced ransomware threats and their behavior. Also, you can learn how to fix network flaws from the core for connected OT/IT/IoT, and stop lateral threat movement in every stage of the Cyber Kill Chain. If you have concerns about Zero-Day exploits or are assigned with Zero Trust initiatives, don’t miss this opportunity to learn how you can take autonomous action with 24/7 availability to stop the threat on its track. We’ll discuss:

  • Recent ransomware threat trends, including double extortion and RDP attacks in OT and ICS
  • How Autonomous Response takes DEFCON action to contain an emerging zero-day attack unattended with Zero Trust policy enforcement
  • Real-world examples of ransomware detection through agentless segmentation and containment

[1 CPE] Cyber Attack Responder Viewpoints

  Presented by Jeremy Wilson • Deputy CISO, State of Texas

This session will cover lessons learned from the State of Texas’ Cybersecurity Program. We will focus on how to prepare for and respond to a cybersecurity attack. There are plenty of low and no-cost options and activities that can help your organization prepare. We will provide additional information and services specifically for governmental entities in the State of Texas, but other organizations will still find value in our approach and how we deal with different types of attacks from Nation-State Advanced Persistent Threat (APT) actors to opportunistic hacktivists.

[1 CPE] Protecting Your Critical Data

  Presented by Optiv & Rubrik

Businesses today rely heavily on technology and data. Though most organizations have developed strategies to access critical data during an outage caused by natural disasters or power disruptions, these strategies are ineffective during a cyber attack. Interconnected users, servers, cloud devices, and continuous web access results in an environment that is open for cybercriminals to significantly disrupt operations and/or take an entire network hostage.

How can you support the identification and protection of critical data that must be shielded from the impact of cyber attacks, while also enabling rapid recovery to a secure state? Join us to learn how you can automatically store backups in a malware-protected, air-gapped vault or a remote cloud-based solution that safeguards your data’s confidentiality, integrity, and availability. We’ll discuss how you can ensure your data is verified and clean before entering the vault and is maintained in an immutable state while within the vault, significantly reducing recovery time by guaranteeing that you are recovering to a known good state.

[1 CPE] Thinking Upstream: Avoid the Fallout of the next Log4Shell

  Presented by Tidelift

News of a zero-day vulnerability in the popular open-source project Log4j broke in December, leading many organizations scrambling to figure out the impact on their applications. Nearly every organization developing applications was impacted, and the fallout was so broad that the FTC issued guidance.

Log4Shell comes on the heels of the U.S. White House cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world.

Recent high-profile breaches like Log4Shell, the Colonial Pipeline ransomware attack, or the SolarWinds software supply chain attack have shown that our cybersecurity defenses are woefully inadequate. This executive order forces a higher standard of cybersecurity for any organization selling software to the federal government, which in turn makes it the de facto global standard for all software in the future.

Tidelift CEO and co-founder Donald Fischer shares his perspective on how the Log4Shell vulnerability and the cybersecurity executive order impact software supply chain security. He’ll brief attendees on the key issues addressed by the executive order, including software bill of materials (SBOM), supply chain security, and provenance requirements. He’ll outline the gaps that most organizations will need to close to stay in compliance. And he’ll share a proactive approach to addressing open-source software supply chain health and security upstream.

If you want to ensure your organization is fully prepared for the coming changes, you won’t want to miss this session.

[1 CPE] Stopping Ransomware with Autonomous Response

  Presented by Darktrace

Join Brianna Leddy, Darktrace’s Director of Analysis, as she unpacks some of today’s most advanced ransomware threats. Learn how Self-Learning AI understands the organization to reveal every stage of a ransomware attack – and takes targeted, autonomous action to stop the threat in its tracks.