SecureWorld Gov-Ed Virtual Conference 2021

This session is for SecureWorld Advisory Council members by invite only.

Participating professional associations and details to be announced.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

Security Awareness is well known for being the “best bang for the buck” out of all the risk mitigation techniques, but is it really? For Security Awareness to be effective, it must change the behaviors of employees and ideally lead to a mature security culture in your organization. Many programs that do not use adult education techniques and neuroscience fail to achieve behavior change—and can even make things worse. Once employees start to have a negative impression about information security, feel helpless, or begin to consider remediation as punitive, great damage has been done to the security culture and this can be difficult to reverse.

This fun presentation will help you to gain an understanding about effective Security Awareness program creation and implementation, as well as to build buy-in for a mature security culture.

Identity and Access Management has risen from a necessary evil to the “new perimeter” as applications migrate to the cloud. Having the right people aligned to your business processes with sound technology will propel your IAM program from the back office to business enabling function. This presentation will guide you on how to mature your existing identity and access management program, pitfalls to avoid, and tips to get your stakeholders on board.

As businesses grow, it becomes increasingly cheaper, more convenient, and more efficient to rely on third parties to take on certain business functions. However, the security of your organization’s assets is only as strong as the weakest link in your vendor chain.

Embracing the “trust-but-verify” approach, this session offers helpful tips and areas to focus on when validating your vendors’ cybersecurity controls.

Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

To build a culture that optimizes security, an organization needs to set information security leadership appropriately. Strategically, it needs to understand the organization’s risk tolerance, codify it as policy, and communicate it. Based on risk tolerance, it needs to create a roadmap that moves the organization from ad hoc and compliance-based cultures to one that’s risk-based. Tactically, security management needs to regularly drive buy-in for risk tolerance and policy. In addition, management needs to foster a culture that learns from incidents and failures rather than a culture that focuses on assigning blame.

Cloud computing has entered its second decade, and its prevalence is increasing, as “cloud first” is gaining more popularity than ever. Despite its prolonged existence, cloud computing still suffers from confusion and hype over how to secure the cloud. Also, longstanding concerns such as cloud governance continue to muddle the opinions and approaches of CIOs, CISOs, architects, and IT leaders. This session is aimed to demystify the myth of cloud being insecure and will emphasize how to build the security blocks around cloud while using varied service and deployments of cloud computing.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

This presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.

The sudden growth in the remote workforce exposed critical cybersecurity and privacy concerns that should be considered. This presentation will provide an overview of key legal considerations with remote work when it comes to privacy and security, as well as discuss some solutions to help mitigate risk as your employees work from home.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

NIST defines vulnerabilities as, “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” This panel will discuss current vulnerabilities and risk management through proper controls and best practices.

Authentication used to be a discreet decision with the purpose of securing a single access point. Today, the ability to utilize many different types of authentication—from passwordless authentication, to certificate-based authentication, to adaptive and multi-factor authentication—is the foundation of a robust access management framework. With all the terms flying around out there—MFA, 2FA, Zero Trust, IAM, etc.—it’s hard to keep track of what is supposed to be working. Our experts will help demystify the jargon, provide best practices, and steer you away from common missteps.

Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

Are you feeling the call towards cybersecurity leadership? Just being a good technologist is no guarantee you will be a good leader. There are many things that good leaders need to know that have nothing to do with technical knowledge.

Join in this conversation about the path from the Information Security technical role to an Information Security leadership role. Learn the right knowledge that will be powerful in helping advance your career up the ranks of security leadership!

In an ever-evolving digital landscape with cloud computing, mobility and IoT systems, more sophisticated approaches to vulnerability assessment are necessary. One of the central tools used in vulnerability testing is penetration testing, along with other techniques that are more broadly classified as ethical hacking. This discussion includes highlights from three case studies of ethical hacking in different settings. Highlights include approaches to ethical hacking and specific penetration techniques relevant to cloud computing and network security. Topics will also include challenges faced in ethical hacking within cybersecurity ecosystems and a discussion of a robust, integrative multi-layered used in ethical hacking.
Presentation Level: TECHNICAL (deeper dive including TTPs)

The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.

Worldwide events have accelerated cloud adoption trends. Organizational reliance on the cloud is at an all-time high. This panel will explore cloud security risks, controls, and best practices to help ensure a secure cloud computing environment.

Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.