Rsa Conference

Turku Energia - a Finnish energy distribution company - secured its power supply & IT network for the city’s 200,000 citizens. Utility SCADA systems are hacking targets, due to the damage that can be inflicted by sending cities dark or damaging the grids. The utility’s IT team ensured data integrity, visibility, and rapid threat detection and remediation within both IT and OT environments. Speakers: Vikram Sharma, Senior Engineering Manager, IoT, Cisco Kacy Zurkus, Content Strategist, RSAC

Study after study shows cybersecurity job descriptions lack clarity across most roles and industries — stifling talent recruitment, development and retention efforts. Infosec Institute and Aspen Cybersecurity Workforce Coalition will provide data-backed insights into how organizations are aligning job descriptions and training to tools like the NICE Framework, including what’s working and what’s not. Speakers: David Forscey, Senior Policy Analyst, National Governors Association Megan Sawle, VP of Research & Marketing, Infosec Kacy Zurkus, Content Strategist, RSA Conference

Rachel Tobac hacks people based on publicly available information. Camille Stewart encourages people to mitigate risk and defend against Rachel’s methods. We’re bringing these two industry leaders together for this one-of-a-kind podcast that will explore social engineering risks and highlight some best practices to help protect users and organizations. Presenters: Camille Stewart, Cyber Fellow, Harvard Belfer Center and Head of Security Policy, Google Play & Android, Google Rachel Tobac, CEO, SocialProof Security, White Hat Hacker Kacy Zurkus, Content Strategist, RSA Conference

The FBI’s Internet Crime Complaint Center received more than 791,000 complaints in 2020—a record number, representing a 69% increase over 2019. Join us for an in-depth discussion as we examine details of the report with FBI’s Cyber Division's Deputy Assistant Director Herb Stapleton. Speakers: Herb Stapleton, Deputy Assistant Director, Cyber Division, FBI Kacy Zurkus, Content Strategist, RSA Conference

Hotel chain data breaches have resulted in huge financial loss and reputational harm. Unlike other consumer-facing businesses, such as retail stores, hotels must hold onto payment card data for extended periods passing this valuable data among many participants in the payment security ecosystem as customers make reservations and complete travel. In this podcast, our guests will identify and discuss how organizations can reduce the risks associated with handling payment card information for hotels and, in turn, begin to strengthen the cybersecurity of the property management system (PMS). For more information, visit NIST’s project on Securing Property Management Systems. https://www.nccoe.nist.gov/projects/use-cases/securing-property-management-systems Speakers: John T. Bell, Founder and Principle Consultant, Ajontech LLC Arshad Noor, CTO, StrongKey Bill Newhouse, Cybersecurity Engineer, National Cybersecurity Center of Excellence (NCCoE) Kacy Zurkus, Content Strategist, RSA Conference

Business email compromise (BEC) has made a comeback. Vishing calls have proven profitable for cybercriminals as well. How can you stay ahead of these threats and detect fraud before any money is sent? Join us for a podcast that discusses how these attacks work, who they target and why. Our guests will also offer tips on what to do both professionally and personally to limit risk—from small things like training those who are handling the financial transactions to working with the banks and the cyber team. Speakers: Nicole Beckwith, Staff Cyber Intelligence Analyst, GE Aviation Ursula Cowan, Threat Research Analyst, FireEye/Mandiant Kacy Zurkus, Content Strategist, RSA Conference

In the industrial space, we’ve seen more organizations bringing in Chief Product Security Officers—with good reason. Security needs to be baked into the products that companies are delivering to customers, particularly when there is a life/safety impact. But the need for product security extends beyond ICS and OT. Join us with our guests Megan Samford and Patrick Miller who will look at why product security is the new frontier of the cybersecurity industry. Presenters: Patrick Miller, Founder, Director & President Emeritus, EnergySec and US Megan Samford, Chief Product Security Officer, Schneider Electric Kacy Zurkus, Content Strategist, RSA Conference

The majority of applications contain at least one security flaw and fixing those flaws typically takes months. Automating scanning and scanning via API can help development teams fix faster by a pretty wide margin. Veracode’s Chris Eng and Cyentia’s Jay Jacobs explore what’s driving the volume of code flaws, what factors influence fix rates, how organizations with higher fix rates are tackling the problem successfully, and automation as a best practice for DevSecOps and an action developers can take to "nurture" their apps to better security. Presenters: Chris Eng, Chief Research Officer, Veracode Jay Jacobs, Co-Founder and Chief Data Scientist, Cyentia Institute Kacy Zurkus, Content Strategist, RSA Conference

Principles of epidemiology can be effectively applied to cyber security, with some adaptations. What do travel quarantines and firewalls, social distancing and port closures have in common? Learn how much cyber incident responders can learn from the recent pandemic that effectively shut down so many of the human connections in the modern world. Presenters: Steve Faruque, Cyber Security Manager, IBM Dr. Manisha Juthani-Metha, Associate Professor of Medicine and Epidemiology and Infectious Diseases Specialist, Yale School of Medicine and Yale New Haven Hospital Kacy Zurkus, Content Strategist, RSAC This podcast is sponsored by Axonius. Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies.

The submissions and decisions have been made. The Program Committee’s selections will soon be announced. Before that happens join me and two members of a Hackers & Threats PC to discuss what trends they saw come through in this year's RSA Conference submissions. They'll also give a sneak peak into what attendees of RSAC 2021 have to look forward to on the Hackers & Threats track. Greg Day, VP and Chief Security Officer, EMEA, Palo Alto Networks Nicole Little, Walt Disney Studios Kacy Zurkus, Content Strategist, RSA Conference

TikTok and Huawei are probably two of the most notable Chinese technology companies that are enveloped in policy debates. The US government's most recent actions against TikTok could be an indication of future actions that could be taken against Chinese technology companies. Join us for the important discussion about how geopolitical motivations impact technology regulations and international interference operations. We'll look at how Western businesses are changing their technology development, operations and staffing strategies in Greater China and much more. Gabo Alvarado, Managing Director, Pointe Bello Katherine Koleski, Program Analyst, Defense Innovation Unit Aaron Turner, President and Chief Security Officer, HighSide Kacy Zurkus, Content Strategist, RSAC

Sometimes the greatest obstacles we must overcome are the ones we put in front of ourselves. It’s no different for businesses or even for an entire industry. In cybersecurity, one of the greatest barriers to entry could be the perception people have of what cybersecurity is. Many outsiders believe a job in cybersecurity equals sitting in front of a screen and coding all day. So, how do we rebrand ourselves in order to develop talent from various diverse sources? Join us to discuss different strategies for addressing the talent shortage.

What is OT systems management and why is it so critical to protecting our critical infrastructure? What are the necessary controls to ensure ICS/OT cybersecurity? A comprehensive program includes a range of controls and design efforts, In this podcast, industry leaders will discuss the challenges and requirements of protecting Operating Information Technology systems, which includes the need for establishing OT Systems Management, a holistic approach to hardening, updating, maintaining, and monitoring the endpoints and networks in industrial environments.

Though concerns over election security did not begin with the 2016 Presidential election, new and emerging threats coupled with an expanding attack surface have exacerbated what were already major security concerns for municipalities, states and the federal government. So what is the current risk environment and what has changed in CISA and the FBI’s cyber missions? We’ll answer these questions and offer tips on how the tech community and citizens can get involved in this can’t miss podcast.

Networking has many advantages and has the potential to open doors of opportunity, but how do you identify the right people to network with? What do you bring to the table and what are you looking for from others? Join us for an engaging exchange with two industry leaders who will share their perspectives on the value of education, experience and relationship building. They’ll share advice on how to meet security practitioners, motivate other, be a well-rounded worker and an industry influencer.

Agility is not a strategy, and Zero Trust is not a product you can buy. In a Zero Trust approach as identity becomes more important than ever, managing the lifecycle correctly is critical, during provisioning, use as well as destruction. These are some of the reasons why Zero-trust architecture is becoming the defacto segmentation approach in our digital-first world. Interrelated are the opportunities in both Edge Computing and DevSecOps to help businesses differentiate products and services by transitioning to more collaborative and risk-based security. Join us as we discuss Zero Trust, DevSecOps and Edge Computing with two industry experts who will explore the ways in which these approaches to customer-centric transformation can help businesses stay competitive.

COVID-19 has forced enterprises to adopt new ways of working in order to ensure their data remains protected as they navigate the impacts of the global pandemic and manage a distributed workforce. As more employees work remotely and an organization’s attack surface area increases, it’s never been more important to invest in security. At the same time, IT budgets are shrinking and security is at risk of being deprioritized or compromised in this new reality, where many employees are working from home and not on secure corporate networks. The only way to protect organizations is by protecting your endpoints, and in this podcast, we’ll discuss how adopting a zero-trust strategy can help organizations quickly adapt and prepare for a different post-pandemic world.

As Camille Stewart wrote, “Cyber diplomacy and international cyber capacity building are better served by having diverse representation that understands the cultural nuances that determine how technology will move through a society.” Similarly, when it comes to managing security risk management programs, diversity matters. Risk management has many challenges, which is why a team can only be enriched and strengthened by including those with a vast range of experiences. There is no one-size-fits-all when it comes to risk management, however being attune to issues of race and other forms of discrimination and how they manifest themselves in their work, will result in building better programs. In this podcast, we will hear from esteemed industry experts who will share their different perspectives on why diversity matters to risk management and the consequences of not addressing the lack of diversity in cybersecurity and risk management.

Having a communications person as part of the security organization ensures that the enterprise communicates security not only through awareness programs but also across silos. A security communications lead plays a critical role in developing and executing incident response plans as well as other security policies that impact the business. In order to effectively create a security aware culture, your security organization needs to be able to communicate the risks, the strategies to mitigate risks and the policies that must be followed in the event of a security incident. People need to understand their roles and responsibilities, which need to be clearly communicated. In this podcast, we will hear from industry experts who will help you understand the value of and implement good, clear security communications.

Security vendors come to the rescue with AI and automation to save the day. But even smart technology can only go so far, and while it can definitely help lessen the noise, it can never replace the intuition, inventiveness and insight of a human.Technology can’t replace humanity in security defense because endpoint lockdowns don’t work, and repetitive scenarios don’t advance anything but boredom. Rather, we need to give users the tools to be skeptical, aware and intuitive. Analysts need to find patterns in the process, not just the results. Security teams need to work together and across an environment to find what can be fixed, not just what individuals can break, and technology needs to assist, amplify and augment human behavior, not lead.