Rsa Conference

In this podcast, we will uncover the realities of insecure control systems software in critical infrastructure. From discovering zero-days to exposing vulnerabilities in built-in features, we'll explore the role of both vendors and operators in safeguarding our essential utilities. By the end, listeners will have a new perspective on the need to implement strong security practices into the foundation of the control systems that make modern life possible. Don't miss out on this crucial conversation about the current state and the future of our critical infrastructure! Speakers: Brian Foster, GMS Cybersecurity Lead, South California Edison Kacy Zurkus, Content Strategist, RSAC

There is a general lack of quantum risk awareness among board members. The emergence of powerful quantum computers are an impending threat to our digital ecosystems — e.g. mobile phones and internet — because they can conceivably crack classical encryption. A quantum algorithm with that capability already exists; yet, quantum risk management is not a standard topic discussed at board meetings. Speakers: Maëva Ghonda, Host, Quantum AI Institute Podcast and Senior Fellow of HQS Quantum Simulations Dr. Lily Chen, Project Leader, Mathematician, Cryptographic Technology Group, NIST Kacy Zurkus, Content Strategist, RSAC

Ransomware Operators have not only increased the ransoms they demand but are also using additional coercion techniques to perform multifaceted extortion attacks. Between us, we have worked on several ransomware incidents observing closely the challenges that organizations face while battling and remediating ransomware incidents. Based on the learnings from responding to such incidents, we will share our learnings and thoughts on the ransomware attack life cycle, practical security controls and enforcement measures to defend against and limit the impact of ransomware attacks. Speakers: Anurag Khanna, Manager, CrowdStrike Services Thirumalai Natarajan, Senior Manager, Mandiant Consulting Kacy Zurkus, Content Strategist, RSAC

Most organizations have moved beyond the insecure username and password access control a long time ago and started using multifactor authentication. But as Yahoo, Deloitte, and LinkedIn know, MFA won’t always save the company from a data breach. Not only has MFA access been defeated multiple times by attackers, but users hate it. It’s cumbersome, annoying, increasingly exploitable. In this podcast Violet Sullivan and Jessica Smith will discuss the evolution of MFA, why and how it can be exploited, and what organizations can and should do to address access control in a way that keeps their data security and users happy. Speakers: Jessica Smith, Vice President of Client Services, AllClear ID Health Violet Sullivan, Esq. CIPP/US, Vice President of Client Engagement, Redpoint Cybersecurity Kacy Zurkus, Content Strategist, RSAC

In the same way that the tango begins with foundational steps, the layering of device, application/workload, and user identity forms the foundation of Zero Trust security. Each intentional step weaving to create an intricately coordinated pattern. Join us as we take a look at the cryptographic dance between keys and identity that forms the basis of and maintains Trust in a Zero Trust world. Speakers: Karen Reinhardt, Principal Engineer, Cryptographic Services, The Home Depot Kacy Zurkus, Content Strategist, RSA Conference

Security analysts must fight both attackers and the products and services they rely on to drive their detection and response capabilities because of a lack of usability of security tools and processes. This podcast explains an emerging cybersecurity technology trend: analyst experience (AX). Join us to understand how AX can enable your team to find more effective security tools, build better workflows, and help security analysts make faster, more accurate decisions. Speakers: Allie Mellen, Analyst, Security and Risk, Forrester Research Jeff Pollard, Vice President & Principal Analyst, Forrester Kacy Zurkus, Content Strategist, RSA Conference

Back in 2017 New America and The Christian Science Monitor hosted then 14-year-old and CEO of VannTechCyber LLC, Paul Vann. He was indeed a rising star in the field, but where is Vann now? Join this RSAC 365 podcast as we shine a spotlight on the making of a cyber professional. We’ll feature Paul Vann, who’s now a senior at the University of Virginia and a Developer at Cyborg Security. Vann will inspire listeners with his story of growing from a “hacker kid” to a developer working on a malware analysis tool as well as his goals and aspirations for a future in the industry. Speakers: Paul Vann, Student, University of Virginia Kacy Zurkus, Content Strategist, RSA Conference

When it comes to defending critical infrastructure from cyber threats, understanding the threat landscape is critical to assessing risk and implementing a robust security strategy. Threat intelligence enables organizations to identify and react to threats, and we know that having the right attack surface intelligence informs the processes and procedures needed to quickly recover. Yet, intelligence sharing remains a problem for defenders. In this podcast we'll explore the value in public/private partnerships, the barriers to threat intelligence, and how organizations can collaborate to overcome those barriers and improve resilience. Speakers: Erin Miller, Executive Director, NCC/Space ISAC Kacy Zurkus, Content Strategist, RSA Conference

Congress has tried for years to pass a comprehensive federal data privacy and security law without success, which impacts consumers, industry, and security. Meanwhile, other countries and multiple U.S. states have moved forward with laws. However, the bipartisan, bicameral American Data Privacy and Protection Act (ADPPA) could be an opportunity to change this. This podcast will cover why data privacy and security legislation is important and look at the R Street Institute’s report on reaching consensus on traditional roadblocks, specific aspects of the bill like data security, the bill’s current status and possible next steps, and remaining challenges. Speakers: Brandon Pugh, Resident Senior Fellow and Policy Counsel, Cybersecurity and Emerging Threats, R Street Institute Kacy Zurkus, Content Strategist, RSA Conference

While there seems to be a growing awareness of the threats to the cyber-physical world with cybercriminals increasingly targeting industrial organizations within critical infrastructure, are current investments, regulations, and actions enough to stop attackers. In this podcast, we’ll have a follow up Q&A to the RSAC 2022 session, “The Cyber Physical War—Lessons from the Digital Front Line,” to understand what more must be done to protect industrial organizations. Speakers: Ian Bramson, Global Head of Industrial Cybersecurity, ABS Group Kacy Zurkus, Content Strategist, RSA Conference

We live very “smart” lives equipped to stay connected anywhere, any time. Getting connected is easy, securing it may be a fool’s errand if not approached properly. Say goodbye to the days of signature-based detection and say hello to IoT data anomaly and volatility predictive analysis for advanced “on the go” monitoring, detection and response. In this podcast, we will discuss novel approaches in using data analytics models from financial market trading systems (quant) to determine security volatility when faced with unprecedented and overwhelming volumes of data. We’ll propose potential solutions called the Cyber VIX and engineering concepts to test cyber defenses such as the “shake down test” and where failures and blind spots can be predicted and modeled. Speakers: Peter Tran, CISO & EVP Global Cyber and Product Security Solutions, InferSight LLC Kacy Zurkus, Content Strategist, RSA Conference

Our world is becoming increasingly interconnected and more interdependent than ever before. We continue to see an increase in cybercrime, which brings us to an inflection point - who's responsible for addressing security in our integrated digital world and what should be the role of policymakers and industry regulators in promoting good cyber hygiene and incentivizing collaboration? Speakers: Shinesa Cambric, CISSP, CISA, CISM, CDPSE, Product Manager, Microsoft Jay Hira, Cyber Security Strategy and Transformation Director This podcast is sponsored by DNSFilter. DNSFilter offers industry leading threat protection for companies across the globe. Utilizing powerful artificial intelligence, we identify and block threats 7 days earlier than competitors.

Over the course of the last two years, cybersecurity planning and thought leadership have picked up with a parallel increase in regulation, Congressional action, and government reorganization. The Cyberspace Solarium Commission recommended and got a National Cyber Director and incident reporting legislation through the hard work of the SASC, HASC, and HSGAC, but where do these changes leave us now? Is the National Cyber Director leading the federal government effort, or are government turf battles making leadership in cyber confusing? And what about incident reporting - how many new proposals have we seen, and which are the most critical to understand? Join us for a discussion of all of these issues and what the cybersecurity landscape might look like in a year or five years from now. Speakers: Tatyana Bolton, Policy Director, Cybersecurity and Emerging Threats, The R Street Institute Kacy Zurkus, Content Strategist, RSAC

Integrating security into the development lifecycle can be a challenge, especially for those who don’t understand why security matters to development and operations. What’s the ROI of DevSecOps? What are the key KPIs? Join us for an insightful conversation that explains why DevSecOps is important while shining a spotlight on some DevSecOps bloopers to avoid. Our guests will also expose the cost of bad DevSecOps and offer suggestions for how to measure developers on security. Speakers: Keenan Skelly, CEO, Shadowbyte Stephanie Simpson, Vice President of Product, SCYTHE

Virtual health providers create favorable conditions for the LGBTQ population's access to healthcare, an influx of electronic personal health information, and massive increases in cyber threats. Using software flaws, bad actors increasingly target healthcare systems to steal, monetize, and affect availability of data. This session explores software integrity and DevSecOps approaches to secure highly interconnected digital healthcare systems. Speakers: Safi Mojidi, Head of InfoSec, FOLX Health Kacy Zurkus, Content Strategist, RSA Conference

Massive cloud proliferation has driven huge increases in IT and security complexity, the vast majority of which come from trying to force fit legacy concepts, processes and even tools, into a cloud context. This will cover the most important considerations and requirements facing organizations to adequately understand and affect their new reality – and evolve their security thinking. Speakers: Nipun Gupta, Senior Security Leader, Devo Sounil Yu, CISO and Head of Research, JupiterOne Kacy Zurkus, Content Strategist, RSAC

Leading and guiding a data-driven security program as a BISO can be challenging. Data is everywhere and owned by many departments. Once a BISO has found that data they need, they must overcome the challenges of data access, storage, normalization and all the other steps required to turn that data into an actionable story. Fortunately, the Cloud can make this easier and faster. Speakers: James Binford, Director and Business Information Security Officer, Humana Ashish Rajan, Host of Cloud Security Podcast & SANS Trainer, Cloud Security Kacy Zurkus, Content Strategist, RSAC

What does an attacker need to do to exploit a threat? Join us to discuss the TTPs attackers are using to exploit myriad threats in today’s threat landscape. Our guests will look across different sectors to understand new and emerging threats, how those threats can be exploited, and steps organizations can take to avoid being the next victim of a cyberattack. Speakers: Jerone Jones, Founder, JustOne Solutions, LLC Alexiaa Jordan, Cyber Security Consultant, JustOne Solutions

The technology we work to secure is ever evolving, as are the threat actors that are out there trying to exploit those technologies. Hence, the challenge we face today with securing and then defending those advances in technology requires people that are just as excited about learning how to defend that new technology as someone once was about creating it. There is absolutely someone out there that is passionate about hacking their way into that new technological advancement, no matter what it is. Join this podcast to learn what motivates hackers and how to help instill a passion for defending against cyber threats in the members of a security team. Speakers: Tiffiny Bryant, Cyber Security Analyst, Crystal Clear Technologies, Inc Kacy Zurkus, Content Strategist, RSAC

Across the security world, there’s a growing appreciation about the need to better understand our software supply chain. Transparency won’t solve all our problems, but will lay a foundation for greater resilience and more informed decisions. This discussion will review the basics of SBOM, using the recent log4j vulnerability to understand how SBOM can help across the software ecosystem—and also understand its limits. We’ll also delve into the future of SBOM, exploring some of the gaps, where we need to focus to advance the state of the art. Our ultimate goal should be the integration of SBOM into the broader vulnerability and security data ecosystem through automation. Speakers: Allan Friedman, Senior Advisor and Strategist, CISA Kacy Zurkus, Content Strategist, RSA Conference