Is Your Org Ready for its Next Breach? Preparing for a Security Incident – Jon Check – RSA23 #4
The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach.
This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them!
Jon Check is the Vice President of Cyber Protection Solutions at Nightwing. He
leads the team that delivers proactive cybersecurity and next-generation technology to protect customers from persistent cybersecurity threats. Prior to this role, Jon held executive positions at Raytheon, CSRA Inc, and IBM Global Business Services. Jon is also a board member and former chairman of the National Cybersecurity Alliance, a board member of the U.S. Cyber Games, and an AFCEA DC board member. He holds a Bachelor of Arts in environmental science from the University of Virginia.
How Automated Security Validation is Revolutionizing Security – Amitai Ratzon – RSA23 #4
While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them.
This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them!
Amitai Ratzon has been Pentera’s CEO since January 2018. He transitioned Pentera from a stealth mode startup into a unicorn and the global category leader, through 3 funding rounds, led by AWZ Ventures & The Blackstone Group (Round A), Insight Partners (Round B) and K1 Investment Management and Evolution Equity Partners (Round C). Amitai is a cybersecurity speaker, moderator and influencer working closely with CISOs of fortune 500 companies to shape their cybersecurity strategies and technology stacks.
Prior to joining Pentera, Amitai held executive positions leading enterprise sales teams at global companies such as SuperDerivatives (NASDAQ:ICE), Earnix and CallVU. Amitai holds a B.A in Business Administration and an LL.B, both from the interdisciplinary Center, Herzliya and an International Executive MBA from Kellogg-Recanati, granted jointly by Tel Aviv University, Israel and Northwestern University, Chicago, IL.
DigiCert: Digital Trust is a Strategic Imperative – Deepika Chauhan – RSA23 #4
In today’s hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work.
Segment Resources:
https://www.digicert.com/blog/digital-trust-as-an-it-imperative https://www.digicert.com/blog/solving-digital-trust-for-the-real-world https://www.digicert.com/campaigns/foundation-for-digital-freedom https://www.digicert.com/digicert-one
This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them!
Deepika Chauhan is the Chief Product Officer at DigiCert. She leads a global team of customer-obsessed product managers and engineers, responsible for continued innovation on DigiCert ONE, the platform for digital trust. Chauhan oversees the overall product strategy to ensure that organizations from the largest enterprises to SMBs can provide comprehensive trust and security across all of their devices, users, servers, software and content.
Chauhan has a wealth of experience in product development, business strategy, marketing, sales and organizational transformation. Prior to DigiCert, Chauhan led Strategy and Business Operations for the Website Security Business Unit at Symantec. Before Symantec, she was at McKinsey & Company, working with a number of different area tech companies on some of their most strategic initiatives. Prior to McKinsey, she led product development as part of the mobile browser team at Nokia for several years.
How No-code Automation is Tackling Burnout and Human Error in Cybersecurity – Thomas Kinsella – RSA23 #4
Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization’s security posture.
Segment Resources: https://www.tines.com/reports/voice-of-the-soc-analyst
This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them!
Thomas Kinsella is the co-founder and CCO of Tines, a no-code automation platform for security teams. Before Tines, Thomas led security teams in companies like Deloitte, eBay, and DocuSign. As CCO, Thomas is responsible for customer success, professional services, and more. Thomas has a degree in Management Science and Information Systems Studies from Trinity College in Dublin.
How to Get and Stay Cyber Ready – Nick Biasini – RSA23 #4
“Man plans, the Universe laughs” - unfortunately, that’s been the saying for far too long when it comes to cybersecurity. Security leaders know it's only a matter of time before their organization gets breached, but instead of being ready for it, they rely on fixing the problem after it happens. In Cisco’s newest report, the first ever Cybersecurity Readiness Index, it was found that a small minority of businesses globally (15%) consider themselves to be ready and able to defend against the expanding array of cybersecurity risks and threats of today. Organizations need to get ready and stay ready with solutions they can trust.
Segment Resources: Report: Cybersecurity Readiness Index https://www.cisco.com/c/dam/m/en_us/products/security/cybersecurity-reports/cybersecurity-readiness-index/2023/cybersecurity-readiness-index-report.pdf
Press Release: New Cisco Study Finds Only 15% of Companies Surveyed are Ready to Defend Against Cybersecurity Threats https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m03/new-cisco-study-finds-only-15-of-companies-surveyed-are-ready-to-defend-against-cybersecurity-threats.html
This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them!
Nick Biasini’s interest in computers and technology started at a young age when he tore apart his parents’ brand new 486SX PC. Ever since he has been tinkering with computers in one way or another. In his current role, Nick serves as the Head of Outreach for Cisco Talos leading the team responsible for the majority of the published research. Before that Nick was responsible for exposing new details to major threats, with a focus on crimeware. This includes identifying techniques like Domain Shadowing, helping to stop large scale malware campaigns, and revealing clever spam campaigns. Nick has a master’s degree in digital forensics from the University of Central Florida and has worked in both public and private sector positions in the security industry for more than fifteen years.
Malicious Packages Unwrapped – Getting Ahead of Application Infiltration – Jeff Martin – RSA23 #4
Unlike vulnerabilities, which can and do often exist for months or years in application code without being exploited, a malicious package represents an immediate threat to an organization, intentionally designed to do harm. In the war for cybersecurity, attackers are innovating faster than companies can keep up with the threats coming their way. A new approach is needed to stay ahead of the impacts of malicious packages within applications.
Findings from our latest report "Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities" illustrate the growing threat of malicious packages. From 2021 to 2022, the number of malicious packages published to npm and rubygems alone grew 315 percent.
Mend.io technology detected thousands of malicious packages in existing code bases. The top four malicious package risk vectors were exfiltration, developer sabotage, protestware, and spam. Nearly 85 percent of malicious packages discovered in existing applications were capable of exfiltration – causing an unauthorized transmission of information. Threat actors leveraging this type of package can easily collect protected information before the package is discovered and removed.
We’ll share why as long as open source means open, the door will be left open to bad actors, so it’s especially critical to know when things are being brought into your code. Malicious packages represent an immediate threat, unlike vulnerabilities, and can not be taken lightly.
Segment Resources: 360° Malicious Package Protection - https://www.mend.io/malicious-open-source-package-protection/
Please download the Mend Malicious Packages Special Report and be on the lookout for a webinar reviewing the findings on May 30. You can learn more about how to get ahead of malicious packages at https://www.mend.io/malicious-open-source-package-protection/
This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to learn more about them!
Jeff has spent the last 20 years in Product roles helping both the organizations he worked for and their customers transform and measure their software risk management processes and practices. He especially enjoys cultural and mindset transformations for their ability to create lasting progress.
