rsa214

RSAC 2021 Episode #4 – May 20, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Metrics, Training, Culture – Why Your Phishing Program Isn’t Working – 12:30 PM-12:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/livingsecurity for more information!

Description

Phishing reports have become the standard for measuring security awareness, and yet breaches keep happening. Something is broken. Knowing how to recognize a phishing attempt is a tiny part of creating a security-focused culture and protecting your business from attacks.

This segment is sponsored by Living Security.

Visit https://securityweekly.com/rsac2021 to learn more about them! This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!

Guest(s)

Drew Rose

Drew Rose – CSO – Founder at Living Security

@LiveSecAware

As Living Security’s creative mastermind, Drew Rose combines his experience developing security programs and his love of game design to expertly craft immersive products. He seeks to engage end users and create excitement with his educational experiences and measurable outcomes. Drew is a CISSP with a Bachelors of Science in Cybersecurity who has spent years building and optimizing security programs in the public and private sectors. While serving in the military, Drew learned effective strategies for fighting cybercrime and earned a top-level security rating in the U.S. government. At Living Security, Drew applies his in-depth knowledge to reducing enterprise and personal risk by designing science-based, collaborative security awareness programs.

Hosts

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. Cyber Supply Chain Risk Management – 01:15 PM-01:30 PM

Description

With the SolarWinds attack, supply chain attacks have been in the spotlight. Alyssa Feola joins us to discuss Cyber Supply Chain Risk Management.

Guest(s)

Alyssa Feola

Alyssa Feola – Cybersecurity Advisor at

@its_a_lisa

Alyssa Feola is a Cybersecurity Advisor in the Technology Transformation Services within GSA. Since 2020, she has supports the organization by rationalizing, modernizing, and hardening the infrastructure and software that the workforce needs to do their jobs. She brings a wealth of knowledge, skills, and experience in acquisition, information technology, and cybersecurity. Her passions lie with innovation and modernizing government technology.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

3. Tech Consolidation and the Final Acts of Once Vital Point Solutions – 02:00 PM-02:15 PM

Description

Of particular interest to me from our newly published “The Forrester Tech Tide™: Zero Trust Threat Detection And Response, Q2 2021” are what look like the final acts of several solutions once considered vital detection and response point products. While automated malware analysis (sandboxing) and network intrusion detection systems (NIDS) remained in our Divest category, three more technologies joined them this year: data loss prevention (DLP), managed security service providers (MSSP), and security user behavior analytics (SUBA). Why is this? Because these stand-alone technologies simply don’t cut it anymore. This isn’t to say these solutions are dead, mind you. No, they live on within larger, more comprehensive solutions.

Segment Resources:

https://go.forrester.com/blogs/the-death-and-life-of-the-standalone-solution/ https://www.forrester.com/report/The+Forrester+Tech+Tide+Zero+Trust+Threat+Detection+And+Response+Q2+2021/-/E-RES164039?objectid=RES164039

Guest(s)

Jess Burn

Jess Burn – Senior Analyst at Forrester Research

@jess_burn_

Jess is a senior analyst at Forrester serving security and risk professionals. She contributes to Forrester’s research on the role of the CISO and Zero Trust. Additionally, Jess covers continuous controls monitoring; incident response and crisis management; and security training, education, and certification.Jess spent the last eight years as a principal advisor on Forrester’s Security & Risk Council. In this role, she was a trusted partner to a network of CISOs and security and risk leaders making critical decisions in the areas of risk management, data privacy and protection, cybersecurity operations, and identity and access management.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

4. Recent Attacks Against Software Integrity – 02:45 PM-03:00 PM

Description

Ed Skoudis joins us to discuss recent attacks against software integrity, including:

– open source libraries
– session tracking for single sign on
– weak crypto
– machine learning (ML) algorithms used to detect malware
– ransomware attacks – how they are evolving

Guest(s)

Ed Skoudis

Ed Skoudis – SANS Fellow and Counter Hack Founder at SANS Institute & Counter Hack

@edskoudis

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Hosts

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

5. How to Build and Maintain a Resilient Web App Security Program – 03:30 PM-03:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/netsparker for more information!

Description

Prior to building a web security program, you have to have a plan. How does one create that plan? In this segment, Kevin will focus on some concrete steps to help you create an AppSec plan using a simple framework.

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!

Guest(s)

Kevin Gallagher

Kevin Gallagher – Chief Revenue Officer at Netsparker by Invicti Security

@KRG2

Kevin Gallagher is the CRO of Invicti Security, the company behind the well-known brands, Acunetix and Netsparker. He is a top performing senior executive with 17+ years’ experience managing, bringing to market and selling innovative software management solutions to various high value market segments. Having worked at both start up’s and well established companies, Gallagher has earned recognition as a top – producing sales executive, serving as a motivating team leader and mentor.

Hosts

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance