Topic: Information Security

Seminar Topics

[1 CPE] Understanding APIs and API Security Testing

  Presented by Synack

According to Gartner’s July 2022 analysis of the application security space, over 80% of today’s web traffic is API traffic. As of 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications. Hence, it is imperative that security organizations have a firm understanding of APIs and API security testing approaches.

This presentation covers:

  • Definition of an API and How APIs Work
  • Types of API Testing
  • Headless API Offensive Penetration Testing
  • API and OWASP

[1 CPE] Security and Resiliency for Your Most Critical Data

  Presented by Cohesity

Join this session for a walk-through of a real-world ransomware attack and the necessary steps to recover. We will cover a cyber insurance form to show how it aligns with our “Protect, Detect, Recover” point of view, and we will speak to the specific capabilities associated with each point.

[1 CPE] How AI Can Think Like an Attacker

  Presented by Darktrace

In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen and to recover if compromised. In this session, we’ll unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from attacks. Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organization.

[1 CPE] Top 10 Myths and Misconceptions About Ransomware

  Presented by Bitdefender

2021 was “the year of ransomware.” But so were 2017, 2018, 2019, and 2020 – and so far, 2022 is not very different. Ransomware is no longer a problem discussed only in the cybersecurity and tech communities – it is now a regular topic in mainstream media headlines and executive board meetings.

So why is ransomware such a menace, and why can we not seem to get rid of it? One of the reasons is that we seem to miss the continued evolution of ransomware. We keep preparing for the last war. Ransomware in 2022 is very different than ransomware in 2017, yet we still treat it the same way.

Roy Correa, Enterprise Field Engineer will help you to learn more about:

  • Ransomware evolution and what we need to un-learn to effectively combat it
  • The most common myths, misunderstandings, and misconceptions about ransomware and the threat actors behind it
  • The most effective tips to become more cyber resilient and prevent security incidents from turning into catastrophic breaches

[1 CPE] Digital Transformation is Built on a Foundation of APIs – But are Your APIs Secure?

  Presented by 42Crunch

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. Traditional security and management approaches are failing every day as the scale and reach of API attacks increase. The time is now right for enterprises to consider a new end-to-end continuous approach to protecting their APIs. In this talk, you will learn how Global 2500 enterprises are embracing a positive security model combining shift-left and shield-right methodologies to protect their APIs throughout the API lifecycle.

[1 CPE] The Future of Observability

  Presented by Cribl

Digital transformations, cloud migrations, and persistent security threats turned observability from a niche concern to an essential capability in today’s organizations. We’re still in the early days of observability maturity, but early stumbles point to where observability must go in the future. This talk discusses where observability is today and the three critical areas necessary for observability to deliver on its promises throughout the enterprise.

[1 CPE] Challenge the Threat of Ransomware: Best Practices to Prepare, Mitigate, and Recover

  Presented by Zerto

Ransomware attacks continue to rise in volume, severity, and costs to businesses attacked while cyber criminals continue inventing new and unexpected methods to spread malware and encrypt critical data. As attacks continue to specialize, no organization is immune to ransomware. So how do you avoid being forced to pay a ransom, disruptions to services and supply chains, and damage to your brand in the news? Join recovery and data protection experts from Zerto to discuss best practices for when – not if – ransomware strikes. Be prepared to minimize downtime, data loss, and mitigate the risks of ransomware. In this session, you’ll learn:

[1 CPE] Automate or Die: DevSecOps in the Age of Software Supply Chain Attacks

  Presented by Sonatype

As nimble organizations deliver new innovations, adversaries are also upping their game; something we’ve seen in recent high-profile and devastating cyber-attacks. Bad actors have the intent and ability to exploit security vulnerabilities in the software supply chain – and in some cases plant vulnerabilities themselves. They have increased scale through automation and improved breach success through precision targeting. If we don’t fight back by doing the same – automating security directly in the DevOps pipeline – then we’ll always be at the hackers’ mercy. This session will provide new research on the above and details on how to get started.

[1 CPE] Rethinking Your Data Strategy with Zero Trust Privacy

  Presented by Dr. Lisa McKee Ph.D., CISA, CDPSE, CRISC • Director of Governance, Risk, Compliance, and Privacy, Hudl

At the foundation of Zero Trust Privacy, should be data – and for good reason! Organizations that have visibility into their data and the activities around it are better equipped to implement a successful privacy program using the principles of zero trust. Many believe identity is the core principle of zero trust, but how does one implement effective access controls without knowing the data they are granting permissions to? Zero Trust Privacy supports privacy compliance while enabling the implementation of proper access controls to detect suspicious behavior, even when other security controls have been compromised.

The key points covered in this presentation will be as follows:

  • Understand what Zero Trust Privacy is and why data should be the foundation of any security and privacy program.
  • Identify methods for coordination and collaboration between privacy and security within a Zero Trust strategy.
  • Execute techniques for implementing and overcoming challenges of integrating Zero Trust Privacy.
  • Initiate discussions with organizational stakeholders on steps for creating a Zero Trust Privacy strategy for their organization.

Lisa McKee Ph.D., CISA, CDPSE, CRISC, has 20 years of industry experience in Cybersecurity, Privacy, Information Technology, Vendor Management, Software Development, IT Audit, Compliance, PCI, and GRC. McKee assists companies in conducting security and privacy assessments, program implementation, and managing compliance. She is a highly regarded privacy expert and a regularly featured speaker at conferences and events locally, nationally, and globally for IAPP, ISACA, IIA, ISC2, NEbraskaCERT, and RSAC. McKee is a member of the Accredited Standards Committee X9 providing input on industry standards. She is a member of several professional association boards and an adjunct instructor for security and privacy courses. She is passionate about privacy and security.

[1 CPE] Open-Source Developers Are Security’s New Front Line

  Presented by Sonatype

Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, where OSS project credentials are compromised and malicious code is intentionally injected into open-source libraries, allows hackers to poison the well. In this session, Sonatype will explain how both security and developers must work together to stop this trend or risk losing the entire open-source ecosystem.