Events | SC Media

Events

Union Pacific tracks cyber risk via its own probability modeling methodology

Rick Holmes, assistant VP and CISO at Union Pacific Railroad, detailed at InfoSec World 2020 how the transportation giant incorporates cybersecurity risk into its larger enterprise risk management process in order to help senior executives estimate losses caused by potential cyber incidents and make better decisions on where to invest in defenses. “We think that…

Ex-CIA exec: Covid-19 has created ideal ‘crisis’ conditions for malicious hackers

Companies trying to stave off business disruption caused by the global Covid-19 pandemic may be ripe for compromise as they introduce new risks in the scramble to maintain business continuity, warned a retired senior CIA executive in a keynote presentation Wednesday at the InfoSec World 2020 digital conference. In essence, the coronavirus has created ideal…

Risk assessments reveal businesses remain deficient in security compliance, training

InfoSec World 2020 – An analysis of more than 100 risk self-assessments conducted by business organizations across a cross-section of industries revealed that over 65 percent admitted to achieving zero-to-minimal compliance of U.S. state data privacy and security regulations, including myriad breach laws and the California Consumer Privacy Act. The discouraging findings show that business…

Lululemon’s Rex Sarabia works up a sweat building a security awareness program from scratch

At InfoSec World 2020 on Monday, Rex Sarabia, security awareness program manager at Lululemon, led the session “Building an Enterprise Security Awareness Program from the Ground Up.” SC Media interviewed Sarabia about his presentation to learn more about Sarabia’s biggest challenges, his tips for security professionals starting up their own programs, and how he “gamifies”…

Sapphire Software’s Nicholas Takacs asks: Is self-aware malware possible yet?

“Two can play at this game…” Cybersecurity is a non-stop arms race between white hats and malicious hackers, and the three “A’s” — automation, analytics and artificial intelligence — are among the more powerful defensive tools that CISOs can implement to defend their organizations. But cybercriminals can also potentially employ them to magnify their attacks…

Pwn2Own contest yields 13 bugs, as virtual format expands talent pool

Research teams at the Pwn2Own 2020 competition successfully exploited 13 software vulnerabilities this past week, including bugs found in products from Adobe, Apple, Microsoft, Oracle and Ubuntu. Participants earned $270,000 over the two-day event — the first Pwn2Own ever to be held virtually, as a measure to combat the rapid spread of the novel coronavirus.…

Cyber investment exec talks COVID-19, Snowden and rise of threat intel automation

The cyber threat intelligence tech space has made significant leaps in the last few years, becoming far less manual, according to Hank Thomas, CEO and co-founder of Strategic Cyber Ventures and former principal/director, cyber intelligence and security, with Booz Allen Hamilton, in an interview with SC Media. “It was seemingly like that particular sector was…

RSA 2020: Equifax CISO touts company’s transparency it as seeks breach redemption

Fresh off a financial settlement over its 2017 data breach that affected roughly half the U.S. population, Equifax is forging ahead with a $1 billion-plus investment in a new security plan — and CISO Jamil Farshchi was eager to tout the credit reporting agency’s progress so far in a session this week at the RSA…

We interviewed cyber experts on a Vegas ferris wheel. Then ride security showed up…

In the film “Ocean’s 11,” Danny Ocean and his team of expert cybercriminals execute a daring casino heist in glitzy Las Vegas. This past summer at the Black Hat and DEF CON conferences in Sin City, the editorial staff at SC Media attempted to pull off a less ambitious – and decidedly more legal –…

Next post in Network Security