Cybersecurity Crash Course - Day 2
Andy Brandt (Independent Security Professional)
Dinah Davis (Director of R&D, Arctic Wolf)
Paul Kurtz (Founder/CEO, TruSTAR)
John McCumber (Director of Cybersecurity Advocacy, (ISC)2)
Rob McGovern (Senior Technical Product Manager , LogRhythm)
Sara Peters (Senior Editor, Dark Reading)
John Pironti (President, IP Architects)
Andy Schworer (Director, Incident Response, CrowdStrike)
Jason Straight (Chief Privacy Officer/SVP Cyber Risk Solutions, UnitedLex)
Suzanne Widup (Senior Analyst, Verizon Enterprise Solutions)
Tim Wilson (Editor in Chief, Dark Reading)
Location: Grand Ballroom F
Date: Tuesday, May 1
Time: 9:00am - 5:00pm
Pass Type: All Access, Summits & Workshops
Vault Recording: TBD
Audience Level: Introductory
Note: an RSVP is required for Workshops & Summits. Please RSVP by making your selections in your registration account.
An intensive, two-day event for IT pros who need to bone up on information security essentials
If you are an IT pro who needs a fast, comprehensive, and authoritative course that will catch you up on all of the latest developments and thinking about data security, then Dark Reading’s Cybersecurity Crash Course is for you. Taught by recognized experts in their respective areas of security specialty, the Cybersecurity Crash Course offers two days of education that will give you the fundamental concepts you need to understand today’s security challenges, as well as an overview of the latest attacks, threats, and vulnerabilities that put enterprises at risk. You’ll get insights on the key steps every organization should take to protect critical data, as well as a detailed look at how to respond when your systems have been compromised. Our goal is to make you “security savvy” by giving you the basics you need to understand the threats and responses, while at the same time catching you up on the latest exploits being perpetrated by computer criminals, nation-states, and hacktivists. Best of all, uou’ll have an opportunity to ask the experts questions about specific threats to your environment – in a supportive, safe, and intimate setting where there are no dumb questions.
Day 2: You've Been Breached!
9:00-9:45am: Day 2 Opening Address: The Impact of a Data Breach
To understand the cyber risk your organization faces, you need to understand the likelihood of a breach – and its potential cost. This session discusses the many – and sometimes hidden – costs of a data breach, including its impact on customers and end users. You'll also get insight on the frequency of data breaches and a better understanding of how likely it is to happen to you.
9:45-10:30am: Who Are the Bad Guys and Why Do They Want to Hack Your Organization?
Today's cyber attackers range from financially motivated criminals to politically motivated hacktivists to state-sponsored, information-gathering hacker units. What are the motives and methods of these disparate adversaries? This session offers a look at the different types of cyber attackers and how you can build a cyber defense strategy that extends across a wide variety of threats.
10:45-11:00am: Lightning Talk 3: Putting You into UEBA
In 15 minutes, the LogRhythm team will explain User Entity Behavior Analytics and show how you can make your security smarter with UEBA.
11:00-11:45am: Five Malware Trends That May Already Be Hitting Your Enterprise
Ransomware. Data-stealing Trojan Horses. Polymorphic malware designed to evade signature-based security defenses. Today’s IT organizations are constantly bombarded by a wide variety of malware, from opportunistic to targeted attacks. This session explores the most recent trends in malware-based attacks and offers some insight on how you can protect your critical data against them.
1:00-1:45pm: Five Key Components of an Incident Readiness Strategy
Incidents are inevitable in any organization. An effective incident readiness strategy can be the difference between a materially impacting incident and one that is considered a minor business interruption. There are many aspects and components of an effective incident readiness strategy that can be considered, but this session will outline five in particular that are essential to successfully preparing for and navigating incidents.
1:45-2:30pm: Threat Intelligence: What It Is, What It Isn’t, and How to Use It
The good news in IT security is the growing range of threat intelligence resources and services that can inform you about the latest threats in cyber space and the criticality of each. The bad news is that with so many sources and data, using threat intelligence to improve your cyber defenses can be a bewildering process. This session offers a look at the different types and sources of threat intelligence data and advice on how to choose the right ones to improve your defenses.
2:45-3:30pm: Protecting Your Data in the Electronic Supply Chain
Your organization’s cyber defenses may be solid, but online attackers sometimes attack indirectly, through suppliers, contractors, and customers with access to your systems. How can you ensure that your partners are keeping their own systems secure and are not providing an avenue of compromise for your data? How should you work with your supply chain in the event of a security incident? Learn methods to vet your suppliers’ security and how to work with your partners if a compromise is found.
3:30-3:45pm: Lightning Talk 4: The Inner Workings of Ransomware
Last year was all about large Ransomware hacks like WannaCry, Petya/NotPetya, and CRYPSHED to name a few. In this talk Dinah will detail how it works, how to avoid it, and what is coming next in the world of Ransomware. She will also demonstrate what happens when ransomware is exploded on a computer in the Arctic Wolf Networks labs.
3:45-4:30pm: Understanding Risk Management Analysis
This session will cover the fundamental concepts for all cybersecurity decision making. Attendees will explore the underlying basis for risk management analysis. We will begin by defining the basic elements that comprise the broader elements of applied risk. There will be a discussion of the threat to data and critical service, and how threats are classified and assessed. Once the risk mitigation process is described, we will examine the hierarchical nature of safeguards, and end with a overview of the risk mitigation decision making process.
4:30-5:15pm: Understanding and Managing the Legal and Financial Risks of Cyberattack
A major data breach may not only present technical problems and interrupt your business – it may put you in court. What are your organization’s legal responsibilities and financial risks, and how can you manage them? Learn about the issues and liabilities associated with cybersecurity, including the strengths and weaknesses of cyber insurance policies.
5:15pm: Closing Remarks