The Role Identity Plays in Nearly Every Attack—Including Ransomware – Hed Kovetz – RSA24 #1
The common misperception that identity infrastructure and IAMs like Active Directory, Okta, or Ping can adequately secure the entire identity infrastructure is to blame for the continued barrage of cyber and ransomware attacks. Yes, each of these vendors has security controls baked into their solution, however they cannot extend those controls outside their environments to provide visibility, context, and protection beyond their walls. Hackers use the gaps between these tools to move throughout a company and evade detection. We don't expect Dell or Lenovo to protect our entire suite of endpoints. Nor do expect a single cloud provider to protect all your clouds; we rely on Wiz for that. Identity infrastructure remains the most unprotected part of the technology stack and needs dedicated protection, as organizations already apply for cloud, endpoints, or networks. Watch this conversation with Hed Kovetz as he takes us through why identity security remains the most unprotected part of the security stack, and what needs to change to advance the state of cybersecurity.
Segment Resources: https://www.silverfort.com/the-identity-underground-report/
This segment is sponsored by Silverfort. Check out Silverfort's Identity Underground Research Report that takes readers through the most common identity weaknesses that lead to compromise at https://securityweekly.com/silverfortrsac!
Hed Kovetz is a cybersecurity expert and entrepreneur, best known as the CEO and co-founder of Silverfort, a leading identity security company. With a background in offensive security, cryptography, and artificial intelligence, Hed brings deep expertise from both military and civilian sectors. As a product manager at Raytheon, he played a pivotal role in architecting cybersecurity programs for governments around the world.
Driven by a passion for solving complex challenges and a sharp understanding of the evolving threat landscape, Hed recognized the central role identity plays in modern cyberattacks. This insight led him to co-found Silverfort with Yaron Kassner and Matan Fatal. Together, they built a platform that stops identity-based threats without disrupting business operations.
As the threat landscape continues to evolve, Hed remains a key force shaping the future of identity security.
Dial A CISO Game: 175 Leadership Lessons from CISO STORIES Weekly Podcast! – Todd Fitzgerald – RSA24 #1
Each week, the author of the best-selling CISO COMPASS book and host of the popular CISO STORIES podcast dives into leadership issues on a relevant security topic with experienced guest CISOs and industry leaders. These consumable 25-30 minute podcasts are great on a drive to work, a break in the home office, or during a workout. At RSAC, Join us Tuesday May 7, 1:15-2:05PM PDT , as we randomly draw from these insights and engage YOU in the answers to CISO leadership questions! Join us in the Fun!
Segment Resources: https://www.scmagazine.com/podcast-show/the-ciso-stories-podcast www.amazon.com/author/toddfitzgerald
Subscribe to the CISO Stories podcast by searching for us in your favorite podcast catcher, and visit https://www.scmagazine.com/ciso-stories more information!
Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.
The Enterprise Browser: The First Win-Win-Win For CISOs, CIOs and End Users – Mike Fey – RSA24 #1
How companies are benefiting from the enterprise browser. It's not just security when talking about the enterprise browser. It's the marriage between security AND productivity. In this interview, Mike will provide real live case studies on how different enterprises are benefitting.
Segment Resources:
This segment is sponsored by Island. Visit https://www.securityweekly.com/islandrsac to learn more about them!
Michael Fey is Island’s co-founder and CEO. Fey was President and COO at Symantec. Prior to Symantec, he was President and COO of Blue Coat. Prior to that, Mike was EVP & GM for enterprise products at McAfee and CTO of Intel Security playing a pivotal role in Intel’s acquisition of McAfee for $7.7 billion in 2010.
Fey holds a degree in Engineering Physics and Mathematics from Embry-Riddle Aeronautical University and was co-author of Security Battleground: An Executive Field Manual, providing a playbook for security obligated executives coping with the new realities of cyber security responsibilities to the board.
Risk Reduction – the missing link in Third Party Cyber Risk Management – Alexandre Sieira – RSA24 #1
Vendors, sales channels, partners and other kinds of third parties are essential to most businesses. Ensuring that the information security risks of those other companies don't impact your own is the remit of Third Party Cyber Risk Management (TPCRM) teams. It is increasingly evident, however, that the existing practices and tools are not up to the challenge. They make the process even more adversarial than it needs to be, are focused on risk transfer and/or acceptance rather than reduction; are based on limited and low quality signals; and are often excruciatingly manual. We can do better as an industry, and in this conversation we are going to explore a new paradigm for TPCRM and its advantages for third and first parties.
Segment Resources: Alice in Supply Chains is a monthly marketing-free newsletter with curated news and commentary on TPCRM: https://www.linkedin.com/newsletters/alice-in-supply-chains-6976104448523677696/
This segment is sponsored by Tenchi Security. Visit https://securityweekly.com/tenchirsac to learn more about Zanshin and start a free trial now!
Alexandre (or Alex) Sieira is a successful information security entrepreneur in the information security field with a global footprint since 2003. He began his security career as a Co-Founder and CTO of CIPHER, an international security consulting and MSSP headquartered in Brazil which was later acquired by Prosegur. In 2015, he became Co-Founder and CTO of Niddel, a bootstrapped security analytics SaaS startup running entirely on the cloud, which was awarded a Gartner Cool Vendor award in 2016. After the acquisition of Niddel by Verizon in January 2018, he became the Senior manager and global leader of Managed Security Services products under the Detect & Respond portfolio tower at Verizon. Currently is the CTO and Co-Founder of Tenchi Security, a company disrupting the Third Party Cyber Risk Management market.
Hardware cybersecurity leader, Flexxon, introduces Server Defender at RSAC 2024 – Camellia Chan – RSA24 #1
The danger of post-breach disruption and downtime is extremely real. And while we should work to prevent these breaches in the first place, we must also be practical and pre-empt any potential incidents. Organisations armed with the most extensive software-based cybersecurity protection today continue to fall prey to hackers, have their operations disrupted and struggle to overcome the loss of data and system corruption. And with more business assets moving to the cloud than ever before - we are just asking for it aren't we?
The answer to this lies in advanced engineering at the hardware layer. Easily integrated into enterprise servers and data centers to provide full-stack protection across the entire life cycle of a potential attack.
Segment Resources: https://x-phy.com/flexxon-fortifies-data-center-security-with-x-phy-server-defender/
This segment is sponsored by Flexxon. 10% off Server Defender's early access pricing of USD 2,800 is available throughout RSA, please visit https://www.securityweekly.com/flexxonrsac to sign up!
Camellia Chan is the Co-Founder and CEO of X-PHY Inc., a pioneering cybersecurity company delivering hardware-based protection at the physical layer. She leads the company’s global strategy, innovation, and partnerships, with a focus on AI-embedded solutions that provide real-time, autonomous defense against modern cyber threats. Under her leadership, X-PHY has developed a growing portfolio of patented technologies and launched award-winning solutions like the X-PHY® Cyber Secure SSD.
Prevent cyberattacks by securing code from the start with Qwiet AI – Chris Hatter – RSA24 #1
Qwiet AI provides real time detection of security vulnerabilities in code along with the best AI generated fixes to aid developers in finding and fixing their code with the addition of AI AutoFix.
This segment is sponsored by Qwiet AI. Visit https://securityweekly.com/qwietrsac to learn more about them!
Chris Hatter serves as the COO/CISO of Qwiet.AI, an AI-powered AppSec platform. Additionally, Chris is an Operating Partner at NumberOneAI where he provides technical leadership to portfolio companies within the incubator.
He has over a decade of experience in cybersecurity strategies, managing threats and vulnerabilities, risk assessment, cyber resilience, legal and compliance issues, and crisis management. Prior to his current roles at Qwiet and N1AI, Chris served as the Global CISO for Nielsen, at the time, a global technology and data company that operated in over 150 countries with 80,000+ employees.
Chris holds a Bachelor of Business Administration in Management Information Systems from the University of South Florida and sits on the university’s advisory board of cybersecurity for executives.
Shifting Third Party Risk: From Bottleneck to Business Driver – Paul Valente – RSA24 #1
Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization.
This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them!
Paul Valente is the CEO & Co-Founder of VISO TRUST. He is also a former CISO and built successful security teams and programs at several companies including LendingClub, Restoration Hardware, and ASAPP. Paul’s security and risk programs have been vetted by hundreds of Fortune 1000 companies and his leadership and expertise has transformed the TPRM programs of forward-thinking companies around the world.
How Apiiro is defining ASPM with its breadth of integrations & depth of context – Idan Plotnik – RSA24 #1
Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine.
This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them!
Idan is a serial entrepreneur and product strategist, bringing to Apiiro nearly 20 years of experience in cybersecurity. Previously, Idan was Director of Engineering at Microsoft following the acquisition of Aorato where he served as the founder and CEO.
Automated Pentesting in the Cloud – Jay Mar-Tang – RSA24 #1
Despite building up impressive security stacks in the Cloud, organizations are still struggling to keep their environments safe.
Pentera recently introduced it's latest product, Pentera Cloud as the first tool to provide automated pentesting capabilities for cloud environments. This conversation will focus on the challenge of security validation and pentesting in the cloud, and how Pentera Cloud is redefining the speed and scale of pentesting in the cloud.
Segment Resources: https://www.youtube.com/watch?v=OelPadVrKGI
https://pentera.io/blog/a-new-era-of-tested-cloud-security-is-here/
This segment is sponsored by Pentera. Visit https://www.securityweekly.com/penterarsac to learn more about them!
Jay Mar-Tang is AVP, Field CISO at Automated Security Validation leader Pentera. Jay has been in the IT industry over 15 years, with over 10 years of cyber security experience. He earned his CISSP in 2014. During his career he has worked in 3 different geographies which include Mid Atlantic, New York City and the West coast of the United States. He has spent years engineering different solutions for clients of all verticals, such as MFA, DLP, SIEM, network forensics, EDR and Privilege Account management. Most recently after spending numerous years with blue team defensive technologies, Jay has joined Pentera, now advising and engineering red teaming strategies for clients in the west coast, and managing the team of engineers in North America.
CTEM: Understanding the essentials and why it matters – Zaira Pirzada – RSA24 #1
In reaction to the increasing potential of threat actors unaffected by the current state of cybersecurity measures and vulnerability management tools yielding “rarely actioned reports and long lists of generic remediations” as the attack surface continues to expand, Gartner has suggested a new program: CTEM - Continuous Threat Exposure Management.
A continuous threat exposure management (CTEM) program is an integrated, iterative approach to prioritizing potential treatments and continually refining security posture improvements.
Join Hive Pro’s VP of Product Marketing and former Gartner Analyst, Zaira Pirzada to better understand: - The state of the current threat landscape - The SOC pain points - What Continuous Threat Exposure Management is and best practices to implement it
Segment Resources: https://www.hivepro.com/blog/ https://www.hivepro.com/resource-library/whitepaper/the-exposure-management-acronym-dictionary/ https://www.hivepro.com/resource-library/whitepaper/a-comprehensive-ctem-guide-for-cisos/ https://www.hivepro.com/resource-library/whitepaper/revolution-of-vulnerability-management/
This segment is sponsored by Hive Pro. Visit https://securityweekly.com/hiveprorsac to book a demo!
Zaira Pirzada is the VP of Product Marketing at Hive Pro. Prior to joining Hive Pro, she was a Security Analyst with Gartner, Inc., covering the DLP, File Analysis, and Data Masking markets. Zaira was also featured on CBS as a main actress in the prime-time television show “Hunted”, Wired for her technical acumen, and is currently a popular-selling poet and performer.
Two Steps Forward for SaaS Adoption, One Step Back for Security – Adrian Sanabria – RSA24 #1
Businesses have moved mountains of data and computing into the cloud. Cloud security has received a lot of attention over the past ten years. Somehow, SaaS security gets overlooked, even though the industry spends six times more on SaaS than on the cloud. This session will explore the unique challenges of securing SaaS platforms and will dissect high-profile attacks against them.
Details for this RSA Talk:
Moscone West: 3009, Session ID: CLS-R02
Session Title: Two Steps Forward for SaaS Adoption, One Step Back for Security
Scheduled Day: Thursday, May 9
Scheduled Time: 09:40 AM – 10:30 AM
Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.
Toil! What is it good for? – Akira Brand – RSA24 #1
- What is Toil
- Cost of toil
- We'll gladly show you how we reduced it and how you can too, but... you have to come to the talk to find out!
Segment Resources: https://sre.google/sre-book/eliminating-toil
Cherniss (1980) introduced burnout as a process in which engaged employees withdraw from their jobs as a reaction to ongoing job strain
Maslach and Leiter’s (1997) definition of burnout as the process by which formerly important, meaningful, and challenging work (i.e., work that is highly engaging) becomes unimportant, meaningless, and unfulfilling (i.e., exhausting).
Is Work Engagement Exhausting? The Longitudinal Relationship Between Work Engagement and Exhaustion Using Latent Growth Modeling. APPLIED PSYCHOLOGY: AN INTERNATIONAL REVIEW, 2021.
—-------------------
“The root cause of burnout is people’s need to believe their life is meaningful - and the things they do, and consequently they themselves, are important and significant” Treating career burnout; a psychodynamic perspective. Journal of Clinical Psychology. May2000, Vol. 56 Issue 5, p633-642
—--------------
When the job is boring: the role of boredom in organizational Contexts. By: Guglielmi, Dina; Simbula, Silvia; Mazzetti, Greta; Tabanelli, Maria Carla; Bonfiglioli, Roberta. Work. 2013 —-----------------------
https://hbr.org/2010/05/need-speed-slow-down
https://hbr.org/2023/10/what-fast-moving-companies-do-differently
Come experience Akira and Jennifer's talk on toil TOMORROW, May 7, at 2:25 in room 3014 in Moscone West!
Akira Brand is the AVP of Application Security at PRAGroup, a publicly traded financial services company. An avid educator and passionate technologist, she speaks on AppSec and cybersecurity topics around the world.
Unpacking XDR: Coverage, Stitching, Aggregation – and the GenAI Wildcard – Oliver Tavakoli – RSA24 #1
The challenge of evaluating threat alerts in aggregate – what a collection and sequence of threat signals tell us about an attacker’s sophistication and motives – has bedeviled SOC teams since the dawn of the Iron Age. Vectra AI CTO Oliver Tavakoli will discuss how the design principles of our XDR platform deal with this challenge and how GenAI impacts this perspective.
Segment Resources:
Vectra AI Platform Video: https://vimeo.com/916801622
Blog: https://www.vectra.ai/blog/what-is-xdr-the-promise-of-xdr-capabilities-explained
Blog: https://www.vectra.ai/blog/xdr-explored-the-evolution-and-impact-of-extended-detection-and-response
MXDR Calculator: https://www.vectra.ai/calculators/mxdr-value-calculator
This segment is sponsored by Vectra AI. Visit https://securityweekly.com/vectrarsac to learn more about them!
Client-Side Threats, PCI DSS 4.0, and What You Need to Know – Lynn Marks – RSA24 #1
While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0.
This segment is sponsored by Imperva. To learn how Imperva protects websites against client-side attacks and streamlines regulatory compliance with PCI DSS 4.0 please visit https://securityweekly.com/impervarsac!
Lynn Marks is a skilled product manager with more than 10+ years of experience in R&D and B2B product management. Previously, she was product manager at Model N and Distil Networks (acquired by Imperva) where she oversaw the product roadmap and innovation. At Imperva she manages Imperva Advanced Bot Protection, Imperva Client Side Protection, and works closely with customers to solve complex business challenges. She holds a Bachelor’s Degree in Economics from UC Santa Barbara.
Privacy Leadership That Gets Results: The Privacy Leader Compass – Valerie Lyons – RSA24 #1
The Privacy Leader Compass presents a groundbreaking business oriented roadmap to building and leading a global privacy program. Founded on the McKinsey 7S model, the program is constructed around the 7S's of Privacy Leadership. Also included in the book are the contributions of over 60 world class pioneers of privacy.
Segment Resources: https://www.amazon.com/Privacy-Leader-Compass-Comprehensive-Business-Oriented/dp/1032467304
The book is available on Amazon and all good bookstores.
Included in the ‘Top 100 Women in Cybersecurity in Europe’, Dr. Valerie Lyons is an accomplished Cybersecurity and Privacy leadership expert. She is co-author of the best-selling book The Privacy Leader Compass. Dr. Lyons is Director and Chief Operations Officer in BH Consulting. She has previously worked for several global organizations, such as IBM, KPMG, and ABB, and served as Head of Information Security Risk in KBC Bank for almost 15 years. She has an in-depth knowledge of European data protection law and practices, and frequently presents at renowned international security and privacy conferences. In 2022, Dr Lyons was awarded a PhD in Information Privacy for her research into Privacy as a CSR. She also holds a Masters in Leadership. She is a certified CISSP for almost 25 years, a CDPSE for three years, and is a member of the Institute of Directors in Ireland.
