Topic: Information Security

Seminar Topics

[1 CPE] Zero Trust in Motion: Securing East/West Traffic to Reduce Risk

  Presented by HPE Aruba Networking

Ransomware and targeted cyber security threats are on the rise. A proactive prevention strategy should use both tried and proven methodologies as well as new and emerging technologies. East West traffic identification and isolation is key in preventing malicious content from spreading, both in the Data Center and at the Campus Edge of the network. We will focus on innovative approaches to address the security compliance, performance, agility, and scalability demands of today’s highly distributed, hybrid, network environments.

[1 CPE] Demystifying Zero Trust: Simplifying Network Security

  Presented by Tanner Harrison, Systems Engineer • Fortinet

Today’s ever-changing threat landscape challenges traditional security models. The emergence of the Zero Trust model represents a transformative approach, reshaping how organizations protect their assets. This presentation aims to demystify Zero Trust, offering a comprehensive understanding that goes beyond buzzwords. We will explore the foundational concepts of Zero Trust, emphasizing the “never trust, always verify” philosophy. By the end of this session, attendees will be equipped with the knowledge to begin their Zero Trust journey, enhancing their security posture, and protecting critical data and systems from modern threats. Whether you are a security professional, IT manager, or organizational leader, this discussion will empower you to take decisive action toward a more secure future.

[1 CPE] Push Your Vulnerability Management Program Forward

  Presented by Chaney Edwards, Sr Security Solutions Engineer • Rapid7

We will begin focusing on building a framework that we will dive into the elements of in greater detail later in the presentation. These elements will be:

  1. Know your leadership, user base, regulations, and requirements
  2. Building policy and procedures
  3. Scan scheduling, design, and validation
  4. Remediation and exception processes
  5. Validation of program
  6. Flexibility and the OODA loop

We will start by focusing on the importance of knowing your leadership, user base, regulations, and requirements –– and ensuring others know that Leadership and Management buy-in is critical to the success of the program. We will talk about how to interact with your user base and what you should communicate with those individuals. We will also touch on how regulations and business requirements will play a part in your program design as well. Next, we will spend time on building policy and procedures and understanding the hierarchy and differences around Information Security Policy vs. Guidelines vs. Procedures.

From there we will shift gears and focus on scan scheduling, design, and validation of the scans in place. While many feel this is the most important part of a program, getting the data is the least important part of the whole process and we will discuss why that is. We will cover topics including scan frequency, targets, and validation. We will touch on the benefits of tagging, the use of agents, and reporting. The focus will be that there is no “right way” to scan and rather several considerations to guide you to what is right for you and your environment. We will also discuss remediation methods and how to track said remediations. With any remediation process, exceptions will occur, and we will touch on best practices for not only accepting that risk into your environment but curating that list for a continual review.

Finally, we will discuss program validation, flexibility, and the OODA loop (Observer, Orient, Decide, Act) and how where you are on day one in your program will inevitably change over time. For validation we will cover reporting not only to leadership but to internal stakeholders like security and governance programs, but also the user base as well. We will discuss topics requiring your program to be flexible like new assets, mergers and acquisitions, new projects, leadership changes, and more. Leveraging the OODA loop we will discuss processes to help tackle these changes and ensure your program can survive an ever-changing landscape.

The session will then end with a live Q&A to discuss any topics had or to field any thoughts on the matter to garner a collaborative end to the talk and allow for audience participation.

[1 CPE] Modernizing Application Delivery with the Enterprise Browser

  Presented by Island & Abnormal

In today’s dynamic business environment, organizations are increasingly seeking ways to modernize their application delivery infrastructure. The Enterprise Browser (EB) has emerged as a powerful solution that addresses the evolving needs of enterprises. This presentation explores the key features and benefits of the EB, highlighting how it can transform application delivery for enhanced security, productivity, and user experience while reducing IT infrastructure and support costs.

[1 CPE] Building a Fortress: Why Allowlisting Traffic is Key to Secure Networks

  Presented by Charles Killmer, Sr Security Analyst and Solution Architect • FRSecure

In this presentation, we’ll explore the critical role of allowlisting in enhancing network security. By focusing on controlling both ingress and egress traffic, allowlisting ensures that only trusted traffic is permitted, reducing the attack surface and minimizing vulnerabilities. Learn how adopting a comprehensive allowlisting strategy can help build a secure, resilient network fortress, protecting your systems from malicious threats and unauthorized access. Whether you’re implementing it for the first time or refining your approach, this session will highlight best practices and common pitfalls.

[1 CPE] The Modern Kill Chain: How Attacks Have Gone from Months to Minutes

  Presented by Tony Kelly, Sr Manager, Sales Engineering • Lookout

Cloud breaches are now happening in minutes, not months. Threat actors are exploiting the fact that mobile devices are more susceptible to social engineering, enabling them to gain direct access to cloud infrastructure and swiftly compromise data. Join us for this 50-minute presentation to learn:

  • How the traditional cyber kill chain has evolved to exploit mobile users
  • Why attacks utilizing a mobile device are increasing
  • What makes your organization vulnerable to a modern-day attack
  • Why stopping breaches requires the ability to identify anomalous data movements
  • The three key capabilities you need to defend against modern breaches

[1 CPE] Enhancing Security with Observability: Real-Time Threat Detection and Insights

  Presented by Kyle Kowalski, Lead Solutions Engineer • Dynatrace

In a world of complex dependencies, leveraging observability data can improve the security posture of any organization. From identifying false alarms to removing noise, to including critical context to vulnerability and anomaly detection, it helps to identify threats in real time.

Kyle Kowalski, Lead Solutions Engineer, will discuss how organizations can merge logs, metrics, events, and traces to create a comprehensive view of their environments. He will demonstrate the impact of AI in unifying these data points for faster, more accurate security insights.

[1 CPE] Don’t Build a Fire Department

  Presented by Brian Knopp, Principal Sales Engineer • Arctic Wolf

Building and maintaining an internal SOC operation is hard. We’ll discuss why it’s imperative that organizations lean on 3rd party partners to provide 24×7 monitoring across your collective attack surfaces.

[1 CPE] Architecting a Data-Centric Approach to Zero Trust

  Presented by Aaron Kremer, Technical Solution Specialist • NetApp

Security has become a key pillar to protect data, data management and mobility is critical for ensuring the data is where it is needed, and with all the complexity everyone is managing, simplicity is key to helping customers accelerate their outcomes.

[1 CPE] AI in Cybersecurity: Navigating the Double-Edged Sword

  Presented by Johan Bloomhart, Principal Sales Engineer • WatchGuard & BlackPoint IT

The rise of Artificial Intelligence (AI) has introduced both transformative opportunities and unprecedented risks to the cybersecurity landscape. While AI is a powerful tool for automating threat detection and enhancing security protocols, it also presents new avenues for cybercriminals to launch more sophisticated attacks. In AI in Cybersecurity: Navigating the Double-Edged Sword, we’ll explore AI’s dual impact—empowering both defenders and attackers—and discuss how to harness AI responsibly to protect against emerging threats.

This session will cover:

  • An overview of AI’s evolution and its prominence in the modern business world.
  • How malicious actors exploit AI for nefarious purposes, and the vulnerabilities that arise.
  • How cybersecurity professionals use AI to fortify defenses, identify threats, and mitigate risks.
  • Predictions for AI’s long-term influence on the security industry.
  • The latest technological tools and techniques that can mitigate the risks posed by AI.

We’ll also offer guidance on developing an artificial intelligence policy that allows your organization to leverage AI’s productivity benefits while minimizing risks to data security. Participants will walk away with actionable insights into how to implement AI securely in their business, staying ahead of both competitors and cyber threats.