Topic: Information Security

Seminar Topics

[1 CPE] A Complete Security Blueprint

  Presented by Brad Nigh, Consulting Strategist • FRSecure

By analyzing your existing program, work completed, and using our categorization—foundational, developing, and mature—you should be able to place yourself and get an idea of what’s next for your security program.

Brad Nigh is a passionate information security expert with 25+ years of overall IT experience, including 15+ years of IT management and leadership experience working in 24/7 environments that required top-tier technical skills, and efficient project management. In addition, he has years of experience working in highly regulated industries that are required to comply with PCI-DSS, HIPAA, HITECH, Sarbanes-Oxley, OCC, and various state regulatory requirements. At FRSecure he leads the Consulting Services practice serving businesses of all sizes, in all industries by cooperatively solving the complex issues surrounding information security.

[1 CPE] Penetration Testing War Stories

  Presented by Jamie Maguire, Sr Security Engineer • High Point Networks

Penetration testing, often referred to as pen testing, is the practice of testing a computer system, network, or web application to find vulnerabilities that an attacker could exploit. It involves simulating cyberattacks to identify and fix security issues before they can be exploited by malicious actors. In this session, we will review penetration tests performed by High Point Networks and discuss the specific vulnerabilities exploited, and how to remediate them.

[1 CPE] Demystifying Zero Trust: Simplifying Network Security

  Presented by Tanner Harrison, Systems Engineer • Fortinet

Today’s ever-changing threat landscape challenges traditional security models. The emergence of the Zero Trust model represents a transformative approach, reshaping how organizations protect their assets. This presentation aims to demystify Zero Trust, offering a comprehensive understanding that goes beyond buzzwords. We will explore the foundational concepts of Zero Trust, emphasizing the “never trust, always verify” philosophy. By the end of this session, attendees will be equipped with the knowledge to begin their Zero Trust journey, enhancing their security posture, and protecting critical data and systems from modern threats. Whether you are a security professional, IT manager, or organizational leader, this discussion will empower you to take decisive action toward a more secure future.

[1 CPE] A Review of FRSecure’s Annual Information Security Report

  Presented by John Harmon, Chief Executive Officer • FRSecure

FRSecure (an Information Security company located in Edina, MN) took the results of +/- 400 Validated Information Security Assessments and 55 Incident Response Engagements conducted in 2022 and created an anonymized report from the data called: The State of Information Security. Full details and access to the report are available here: https://frsecure.com/2023-annual-infosec-report/

In this presentation, FRSecure Information Security Consultant Dave Tuckman will highlight key findings in the report, and what we can learn from it.

Understand how you can mitigate risk going forward to protect your business and clients in an ever-changing threat landscape. Dave will provide additional perspective on how you can leverage this information for a better understanding of your third-party (supply, vendor, contractor) relationships.

Topics include:

  • FRSecure’s Annual State of InfoSec Report, informed by over 400 validated security assessments
  • Where organizations are getting it right vs. falling behind
  • How you can use this report to inform your own business’s security decisions
  • How you can use this report to inform your business’s Third-Party Risk Management

[1 CPE] AI and Social Engineering: The New Frontier of Cybersecurity

  Presented by Sherri Davidoff • Chief Executive Officer, LMG Security

Artificial intelligence is transforming the cyber battlefield. Hackers now use voice cloning, deep fakes, and AI-generated phishing attacks to steal funds, infiltrate cloud systems, and deploy malware. Join us in this cutting-edge keynote to witness the latest attack trends, including:

  • Voice Cloning: See a live demo and discover how scammers manipulate this technology.
  • Dark Web AI: View the latest AI hacker tools up for sale.
  • Text and QR Code Attacks: Learn how mobile threats can slip past traditional security.

Cybersecurity is all about people. We’ll wrap up with top strategies for cybersecurity training and staffing, showing you how to create a “human firewall” to safeguard your organization against these evolving threats.

Sherri Davidoff is the CEO of LMG Security and the author of three books, including “Ransomware and Cyber Extortion” and “Data Breaches: Crisis and Opportunity.” As a recognized expert in cybersecurity, she has been called a “security badass” by The New York Times. Sherri is a GIAC-certified forensic analyst (GCFA) and penetration tester (GPEN) and received her degree in computer science and electrical engineering from MIT.

[1 CPE] Intelligent SSE: Secure Everything from Anywhere

  Presented by Ramien Ebadypour, Principal Solutions Engineer • Netskope

This session will provide a technical overview of Secure Access Service Edge (SASE), focused on the following topics:

  • SASE Overview
  • What Your Future Network May Look Like
  • The Truth Behind Inline Malware Prevention
  • New Technologies That Make Data Loss Prevention (DLP) Easier
  • Zero-Trust Network Access VPNs are Difficult to Deploy
  • Maximizing Value Through Integrations and Automation

You will walk away understanding the fundamentals of SASE and how it will benefit your business.

[1 CPE] Cyber Crisis Retrospective: Learning from a Ransomware Attack

  Presented by Jeremy Pierson, Director of Cybersecurity, and Rainer Engel, Executive Director of Strategic Partnerships • CompuNet

Join us for a real-world analysis of a recent ransomware attack, where we will explore both the human and technical challenges that were faced. This session will delve into the techniques employed by the attackers and organizational roadblocks encountered during the incident. We will also discuss how consultants played an important role in discovering the incident and accelerating the remediation process. Attendees will gain valuable insights into the multifaceted nature of ransomware attacks and learn practical approaches to fortify their defenses and respond effectively to future threats.

[1 CPE] Top-Down Security: Aligning Security with Business Objectives

  Presented by Ben Mayo, Manager of IT & Security • Vision Net, Inc.

Is your organization’s security viewed merely as a cost center, a necessary expense of doing business? Do you face challenges in securing funding for your security initiatives? It’s time to shift the perception and prove that security is not just a cost, but a strategic enabler of business success. This presentation will explore methods to transform your security program into a key business asset, demonstrating tangible value. Learn strategies to align security with business goals and effectively communicate with the C-Suite and board members to gain their support and advocacy for your security initiatives.

[1 CPE] A Small Business Journey to the NIST Cybersecurity Framework 2.0

  Presented by Daniel Eliot • National Institute of Standards and Technology

The NIST Cybersecurity Framework (CSF) 2.0 is here! This is the first major revision of the globally recognized framework since its initial publication in 2014. If that wasn’t exciting enough, NIST also published the CSF 2.0 Small Business Quick Start Guide along with it. As a supplement to the CSF 2.0, the new Small Business Quick Start Guide provides small-to medium-sized businesses (SMB) with resources and considerations to kick-start their cybersecurity risk management strategy using the CSF 2.0. During this talk Daniel Eliot, NIST’s Lead for Small Business Engagement, will provide an overview of updates to the NIST Cybersecurity Framework 2.0 and will showcase the new CSF 2.0 SMB Quick Start Guide and other free NIST small business cybersecurity resources. Eliot will also spend time sharing various ways organizations can get more engaged with NIST’s cybersecurity and privacy work.

Daniel Eliot is the lead for small business engagement within the National Institute of Standards and Technology’s Applied Cybersecurity Division. In this role, he works across NIST’s cybersecurity and privacy program to advise and support development of cybersecurity resources, communication materials, and collateral tailored for use by small businesses. He also regularly works directly with the small business community and their advocates through external outreach and engagement. Immediately prior to joining NIST, Daniel worked within MITRE Corporation’s Center for Securing the Homeland, serving as the chief communications strategist at the NIST National Cybersecurity Center of Excellence. In prior roles he has also served as the director of education for the National Cybersecurity Alliance and manager of technology business development for the University of Delaware Office of Economic Innovation and Partnerships.