Metrics, Training, Culture – Why Your Phishing Program Isn’t Working – Drew Rose – RSA21 #4
Phishing reports have become the standard for measuring security awareness, and yet breaches keep happening. Something is broken. Knowing how to recognize a phishing attempt is a tiny part of creating a security-focused culture and protecting your business from attacks.
This segment is sponsored by Living Security.
Visit https://securityweekly.com/rsac2021 to learn more about them! This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!
As Living Security’s creative mastermind, Drew Rose combines his experience developing security programs and his love of game design to expertly craft immersive products. He seeks to engage end users and create excitement with his educational experiences and measurable outcomes. Drew is a CISSP with a Bachelors of Science in Cybersecurity who has spent years building and optimizing security programs in the public and private sectors. While serving in the military, Drew learned effective strategies for fighting cybercrime and earned a top-level security rating in the U.S. government. At Living Security, Drew applies his in-depth knowledge to reducing enterprise and personal risk by designing science-based, collaborative security awareness programs.
Cyber Supply Chain Risk Management – Alyssa Feola – RSA21 #4
With the SolarWinds attack, supply chain attacks have been in the spotlight. Alyssa Feola joins us to discuss Cyber Supply Chain Risk Management.
Alyssa Feola is a Cybersecurity Advisor in the Technology Transformation Services within GSA. Since 2020, she has supports the organization by rationalizing, modernizing, and hardening the infrastructure and software that the workforce needs to do their jobs. She brings a wealth of knowledge, skills, and experience in acquisition, information technology, and cybersecurity. Her passions lie with innovation and modernizing government technology.
Tech Consolidation and the Final Acts of Once Vital Point Solutions – Jess Burn – RSA21 #4
Of particular interest to me from our newly published “The Forrester Tech Tide™: Zero Trust Threat Detection And Response, Q2 2021” are what look like the final acts of several solutions once considered vital detection and response point products. While automated malware analysis (sandboxing) and network intrusion detection systems (NIDS) remained in our Divest category, three more technologies joined them this year: data loss prevention (DLP), managed security service providers (MSSP), and security user behavior analytics (SUBA). Why is this? Because these stand-alone technologies simply don’t cut it anymore. This isn’t to say these solutions are dead, mind you. No, they live on within larger, more comprehensive solutions.
Segment Resources:
https://go.forrester.com/blogs/the-death-and-life-of-the-standalone-solution/ https://www.forrester.com/report/The+Forrester+Tech+Tide+Zero+Trust+Threat+Detection+And+Response+Q2+2021/-/E-RES164039?objectid=RES164039
Jess is a principal analyst at Forrester serving security and risk professionals. She contributes to Forrester’s research on the role of the CISO with a focus on security talent management. Additionally, Jess covers incident response and crisis management, and email and collaboration security. Prior to her analyst role, Jess spent eight years as a principal advisor on Forrester’s Security & Risk Council. In this role, she was a trusted partner to a network of CISOs and security leaders bringing them together to share insights and best practices to tackle common challenges.
Recent Attacks Against Software Integrity – Ed Skoudis – RSA21 #4
Ed Skoudis joins us to discuss recent attacks against software integrity, including:
- open source libraries
- session tracking for single sign on
- weak crypto
- machine learning (ML) algorithms used to detect malware
- ransomware attacks - how they are evolving
Ed Skoudis has taught over 40,000 security professionals globally in penetration testing and incident handling. Ed currently serves as the President of the SANS Technology Institute college, supporting over 2,500 students earning their master’s degrees, bachelor’s degrees, and cyber security certificates. Ed is consistently one of the first authorities brought in to provide post-attack analysis on major breaches. Ed is also the founder of the SANS Penetration Testing Curriculum, the CEO and founder of the Counter Hack penetration testing firm, and the leader of the team that builds SANS NetWars and the SANS Holiday Hack Challenge. Ed is a keynote speaker and an Advisory Board member for RSA Conference. He is also on the board of directors for a community bank, a charity, and another college.
How to Build and Maintain a Resilient Web App Security Program – Kevin Gallagher – RSA21 #4
Prior to building a web security program, you have to have a plan. How does one create that plan? In this segment, Kevin will focus on some concrete steps to help you create an AppSec plan using a simple framework.
This segment is sponsored by Netsparker.
Visit https://securityweekly.com/netsparker to learn more about them!
Kevin Gallagher is the CRO of Invicti Security, the company behind the well-known brands, Acunetix and Netsparker. He is a top performing senior executive with 17+ years’ experience managing, bringing to market and selling innovative software management solutions to various high value market segments. Having worked at both start up’s and well established companies, Gallagher has earned recognition as a top – producing sales executive, serving as a motivating team leader and mentor.
