RSAC 2021 #4
Segments
1. Metrics, Training, Culture – Why Your Phishing Program Isn’t Working – Drew Rose – RSA21 #4
Phishing reports have become the standard for measuring security awareness, and yet breaches keep happening. Something is broken. Knowing how to recognize a phishing attempt is a tiny part of creating a security-focused culture and protecting your business from attacks.
This segment is sponsored by Living Security.
Visit https://securityweekly.com/rsac2021 to learn more about them! This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!
Sponsored By
Guest
As Living Security’s creative mastermind, Drew Rose combines his experience developing security programs and his love of game design to expertly craft immersive products. He seeks to engage end users and create excitement with his educational experiences and measurable outcomes. Drew is a CISSP with a Bachelors of Science in Cybersecurity who has spent years building and optimizing security programs in the public and private sectors. While serving in the military, Drew learned effective strategies for fighting cybercrime and earned a top-level security rating in the U.S. government. At Living Security, Drew applies his in-depth knowledge to reducing enterprise and personal risk by designing science-based, collaborative security awareness programs.
2. Cyber Supply Chain Risk Management – Alyssa Feola – RSA21 #4
With the SolarWinds attack, supply chain attacks have been in the spotlight. Alyssa Feola joins us to discuss Cyber Supply Chain Risk Management.
Guest
Alyssa Feola is a Cybersecurity Advisor in the Technology Transformation Services within GSA. Since 2020, she has supports the organization by rationalizing, modernizing, and hardening the infrastructure and software that the workforce needs to do their jobs. She brings a wealth of knowledge, skills, and experience in acquisition, information technology, and cybersecurity. Her passions lie with innovation and modernizing government technology.
Host
3. Tech Consolidation and the Final Acts of Once Vital Point Solutions – Jess Burn – RSA21 #4
Of particular interest to me from our newly published “The Forrester Tech Tide™: Zero Trust Threat Detection And Response, Q2 2021” are what look like the final acts of several solutions once considered vital detection and response point products. While automated malware analysis (sandboxing) and network intrusion detection systems (NIDS) remained in our Divest category, three more technologies joined them this year: data loss prevention (DLP), managed security service providers (MSSP), and security user behavior analytics (SUBA). Why is this? Because these stand-alone technologies simply don’t cut it anymore. This isn’t to say these solutions are dead, mind you. No, they live on within larger, more comprehensive solutions.
Segment Resources:
https://go.forrester.com/blogs/the-death-and-life-of-the-standalone-solution/ https://www.forrester.com/report/The+Forrester+Tech+Tide+Zero+Trust+Threat+Detection+And+Response+Q2+2021/-/E-RES164039?objectid=RES164039
Guest
Jess is a senior analyst at Forrester serving security and risk professionals. She contributes to Forrester’s research on the role of the CISO and Zero Trust. Additionally, Jess covers email security; incident response and crisis management; and security training, education, and certifications. Prior to her analyst role, Jess spent eight years as a principal advisor on Forrester’s Security & Risk Council. In this role, she was a trusted partner to a network of CISOs and security and risk leaders making critical decisions in the areas of risk management, data privacy and protection, cybersecurity operations, and identity and access management.
Host
4. Recent Attacks Against Software Integrity – Ed Skoudis – RSA21 #4
Ed Skoudis joins us to discuss recent attacks against software integrity, including:
- open source libraries
- session tracking for single sign on
- weak crypto
- machine learning (ML) algorithms used to detect malware
- ransomware attacks - how they are evolving
Guest
Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.
5. How to Build and Maintain a Resilient Web App Security Program – Kevin Gallagher – RSA21 #4
Prior to building a web security program, you have to have a plan. How does one create that plan? In this segment, Kevin will focus on some concrete steps to help you create an AppSec plan using a simple framework.
This segment is sponsored by Netsparker.
Visit https://securityweekly.com/netsparker to learn more about them!
Sponsored By
Guest
Kevin Gallagher is the CRO of Invicti Security, the company behind the well-known brands, Acunetix and Netsparker. He is a top performing senior executive with 17+ years’ experience managing, bringing to market and selling innovative software management solutions to various high value market segments. Having worked at both start up’s and well established companies, Gallagher has earned recognition as a top – producing sales executive, serving as a motivating team leader and mentor.
