Thursday 19 March 2019
The Seminars will take place from 12.15 – 13.00.
Delegates will be able to attend one seminar at the event. No pre selection is required – delegates will be able to select which session they attend onsite.
Main Conference Plenary Room
Phishing: How it can land a big target
Scott Lester, Cyber Lab Manager, 6point6
The session will cover the continuing threat posed by phishing and spear-phishing cyber attacks, both of which remain amongst the most prevalent and effective form of attack across almost every industry. We’ll provide an overview of the threats, and talk through the steps 6point6 Cyber Lab followed when setting-up an example phishing capability. We will also present a spear-phishing process demo, beginning with the selection and researching of the target(s) through to crafting the email and executing the attack. We’ll then cover exactly what an attacker can do from the moment their email triggers the first click from the target…
Decoupling Security Segmentation from Network Infrastructure
Trevor Dearing, Director of Technology, Illumio
Malware, ransomware and other cybercrime attacks are growing and becoming more sophisticated. And yet many businesses are not prepared to protect themselves from the inherent risks and dangers. This is often because most internal networks are wide open by design, since using traditional data centre firewalls as a security measure is difficult and expensive. Would you like to learn about a new way to decouple security segmentation from the network infrastructure, and implement an affordable, practical way to protect your business?
- Network segmentation was designed to allow data traffic to move fast, not secure your servers and applications
- Security segmentation prevents lateral network traffic and protects your applications
- Application architects do not know how their systems are deployed in the network, and therefore cannot implement countermeasures against cyber criminals
- Data centres often lack the necessary security mitigation systems, thereby putting your high value applications at great risk
Is Your Vulnerability Management (VM) Program Ready for Cloud, DevOps and the Evolving Threat Landscape?
Dean Ferrando, Senior Security Engineer, Sales Systems Eng, Tripwire International Inc
Many organizations have already developed a mature VM program for their traditional enterprise and application platforms. But radical new shifts in the tech ecosystem mean you will need to protect your systems on new platforms as well as defend processes against a wide assortment of potential vulnerabilities. This session walks through the five stages of VM maturity to help you determine where you are and what work is required for you to improve your program in the face of emerging DevOps and cloud complications.
Risk Exchanges: The Key to Vendor Risk Management Efficiency
Ignasi Riera, GRC Sales Manager, OneTrust GRC
Your vendors often handle your most sensitive data. This presents new challenges as third-party risk, security, privacy, legal and IT teams struggle to vet and manage the vendors they rely on most. We’ll discuss emerging vendor management trends and breakdown how risk exchanges are key to more efficient business operations. – Understand vendor risk management trends and challenges – Learn how risk exchanges make vendor risk management more efficient.
Attackers Prey on Uncertainty: How to Fail at Threat Detection
Dave Philpotts, Senior Sales Engineer, Varonis Systems
It takes a great deal of visibility and context to detect and respond to sophisticated threats. Attackers usually target data, where enterprises have the least visibility and most uncertainty. In this session, we will explore new, sophisticated threats from inside and out, demonstrate how easy it is for adversaries to bypass traditional controls, and present a methodology to better protect data at scale, improve threat detection, and reduce uncertainty.
Automating Third-Party Risk: The Three Pitfalls to Avoid When Building and Evolving Your Third-Party Risk Management Program
Constantine Malaxos, Director of Strategic Alliances, ProcessUnity
Vendor risk assessment questionnaires are vital to the success of your Third-Party Risk Management program. They also can be tedious, time-consuming, and painful–for both your team and your vendors. The right mix of best practices and technology can reduce risk, drive efficiencies, and ultimately make life easier for you and your vendors.
Attendees will learn how to:
• Rate the maturity of their Third-Party Risk Management processes
• Identify the steps required to advance their program
• Introduce more collaboration to better manage questions and issues while reducing vendor fatigue
• Avoid the three critical pitfalls that prevent success
The Feeling and Data of Security
Javvad Malik, Security Awareness Advocate, KnowBe4
The presenter spent months speaking to CISOs, security professionals and practitioners, as well as going undercover to speak to business owners, which certainly rattled some cages. Thankfully, he dodged many bullets, all in the name of attempting to quantify the unquantifiable: Is security based on a feeling, or hard data? Come along, find out what the professionals think, what the general landscape is, what steps organisations can take and maybe a few hard-to-believe side stories.
– Take an objective look at what effective security looks like, covering all aspects around people, processes and technology
– Appreciate the complexities of researching and trying to find the tangibles in something intangible
– Learn to re-prioritize actions and activities and maybe even their entire risk framework based on the outcomes of the research