SecurliCon

NEW CYBERSECURITY CONFERENCE FOCUSES ON REAL-WORLD THREATS
It’s FREE … and you don’t even have to wear shoes.

 
 

Netswitch’s first virtual International Cybersecurity conference SecurliCon, scheduled for January 27, 2017, provides vital help in understanding and defending against evolving and advanced external and internal security threats based on hard-earned experience in the real world.

The agenda will cover topics ranging from security analytics to encryption, SCADA and Critical Infrastructure Protection to public key cryptology, behavior baselining and analytics, active detection and response and the role of vulnerability assessments and penetration testing in today’s cybersecurity environment.

Recently added topics include the application of secured sensors and smart systems in B2C and B2B2C businesses, cyberthreat resistance techniques, data privacy through masking and obfuscation, legal protection (Legal Hardening) against security breaches, employment and recruiting issues in cyber-security markets and an update on biometric authentication. The conference is sponsored solely by Netswitch and no vendor presentations, agendas or exhibits will be allowed.

“Netswitch recognizes its role in driving cybersecurity awareness,” Stanley Li, CEO of Netswitch said. “We felt that as the industry leader in managed detection and response it was our responsibility to deliver useful, real-world information in an effective and efficient way so information technology professionals can do their jobs even better and make an even greater impact on cybersecurity and safety.”

ABOUT NETSWITCH

Netswitch is one of the world’s leading Managed Security Service Providers (MSSP) serving businesses of all sizes through Securli®, its award-winning Managed Detection and Response platform. Securli® Integrated Security Technologies are in use at over 3,000 client sites around the world providing managed intrusion detection and prevention, advanced behavioral analytics, preemptive breach detection, monitored and managed web firewalls and gateways, 24x7 SOC and security information and event management (SIEM), managed incident response and remediation and complete audit-ready regulatory compliance.

Netswitch is headquartered in South San Francisco, California and serves the Middle East and APAC markets through its ASIA Pacific Headquarters in Hongkong.

For more information about Netswitch and SecurliXF®, please visit www.netswitch.net.

Sessions



It Takes a Village: Insights on Building a Successful Cyber Program

Phil Ferraro
As security incidents accelerate in both frequency and severity, the transparency of the aftermath increases as well. Employees, Boards of Directors, and even the public are more aware of the potentially devastating nature of cyber attacks, and they want to know exactly what you're going to do about it. In this session, Phil Ferraro shares insights gleaned from almost two decades working in cyber security for enterprise companies and the federal government. He explores the critical lessons learned over the course of a remarkable career, including his tips on building a world-class global Cyber Security program.


The Riskiness of Risk Framework Selection

Fred Doyle
COBIT. OCTAVE. FAIR. ISO. NIST. AIE-IT. These are just six of the innumerable competing frameworks that have been developed in an attempt to manage the risk associated with Information Technologies.

Each of these frameworks has its own strengths and weaknesses, but none of them are applicable to all organizational levels of a typical governmental or commercial entity. In this presentation, Frederick Doyle reviews some of these common frameworks, compares their praxis and fidelity to risk theory, and assesses their relevance to the Executive, Strategic, Operational, and Tactical organizational levels.


Cybersecurity: Why We Can’t Get It Right

T. Casey Fleming

  • The U.S. is losing the Cybersecurity battle - one-third of U.S. GDP every year
  • One-third of attacks are successful (only the breaches we are aware of)
  • $1 trillion industry 2017-2021 - Cybersecurity Ventures
  • Our adversaries have the upper hand and are winning - but why?
  • The “new” global competitive model changed long ago - we never caught on
  • What every organization must do immediately to survive


The Hole in your Data Security Strategy

Allan Martin
In today’s marketplace, IT leaders spend a significant amount of time and money ensuring that their company’s data is secure. Even so, breaches are commonplace. In 2015 alone, the Identity Theft Resource Center reported that in the U.S. there were 781 large-scale data breaches.

The biggest reason? Access to data in non-production test environments. Test data is necessary to support application development, quality assurance, and other mission-critical activities. If this data is not secured internally and from external partners, it poses a huge security and compliance risk, not to mention significant costs.

In this discussion we will outline the essential steps that corporations should include within their overall security strategy to ensure all data; structured and unstructured, is protected.


Looking For A Job In a “0% Unemployment” Industry

Deidre Diamond
With cyber security having a reported unemployment rate of zero percent, one might assume it’s easy to find a dream job in our industry. That’s not the case: job seekers face tremendous struggles navigating the interviewing and hiring processes, and companies struggle finding candidates with skills who also fit their budgets.

How does one attract, hire and retain cyber security talent? How can someone find a position they want to stay in for more than 18 months? What is really going on in the cyber security staffing space? CyberSN CEO and Founder Deidre Diamond will answer these questions and more.


Privacy, Compliance and Cyber-Liability - How One Influences the Other

Don Cox
Jeanne Morain
Every week news media posts information about a hacked company or one experiencing a ransomware event. In 2015, Intellectual Property Theft increased by 53%!

Jeanne Morain and Don Cox will partner to discuss this complex topic and how it impacts businesses.

Laws and regulations have been legislated throughout the world to protect the privacy of citizen's personal identifiable information. Jeanne Morain will discuss Compliance (Security/Business/Regulatory), Export Approvals, HIPAA, NIAP, PCI, SOX, Privacy Shield (formerly Safe Harbor) and other regulatory requirements related to Privacy.

From a cyber liability point of view, what is your company's exposure? What impacts the determination of liability? Don Cox will discuss industry cyber related controls, employee / customer training, cyber protection solutions, and the cyber staffing.


Insider Threats and the Dark Web

Liam Bowers
Providing an understanding of how malicious employees can use the dark web to sell and transfer sensitive corporate data and Intellectual Property.

This talk will offer an overview of terminology and concepts like Corporate Counterintelligence, dark web, insider threats, amount of intellectual property stolen each year, etc., and two vignettes on Insider Threat:

  1. Volunteer Insider Threat – describing the case of a disgruntled employee selling Intellectual Property on one of the Dark Web forums dedicated to such trade. I will discuss the type of IP stolen, the approximate value to the company and how the theft was discovered. I will also provide recommendations to prevent, deter, and identify potential malicious employees.
  2. Recruited Insider Threat – this will detail the case of an insider threat who was recruited from someone outside the company to provide sensitive data. This type of interaction often uses Peer-to-Peer communication platforms which can make the communications and data transfer difficult to trace. I will describe the scenario and offer recommendations to identify external recruitment of employees, explain how P2P communications can be monitored and highlight the importance of restricting access to sensitive data within a corporate network.


Privacy in the Internet of Things: Protection Today & Expectations for the Future

Jessica Groopman
The world is growing ever more connected, but as this trend expands from our laptops and smartphones to our stores, cars, homes, even bodies, businesses will not be able to use existing templates for addressing (or not addressing) privacy.

As customer data becomes your core asset, what do your customers expect from you? What does this mean for companies leveraging sensors and connected products?

This talk explores implications for privacy that impact both consumers and businesses in the Internet of Things. In this presentation, you will learn:

  • Drivers and differentiators for why the Internet of Things transforms traditional notions of privacy
  • Risks, rewards, challenges, and opportunities for addressing privacy head-on


Role of Vulnerability Assessments and Penetration Testing in Today's Cybersecurity Environment

Mary Siero
Vulnerability management, and a key component of any good vulnerability management - penetration testing, makes up the foundation of an effective cybersecurity program. They are also one of the most mis-understood elements of these programs. Mary Siero discusses why running a vulnerability scan and conducting penetration testing are not by themselves, enough for a comprehensive and meaningful vulnerability management program.


"Legally Strengthening" Your Company For the Eventual Cybercrime Attacks

Jack Russo
This talk will examine the emerging and growing body of Federal and State laws protective of corporate assets subject to cyberattack. The sources of such laws are many, from intellectual property to tort to privacy laws. Given the newness and complexity of the known and foreseeable threats, attention will be paid to the application of new federal statutes and new case interpretations and how to position to best take advantage of both.


Hacking Hospitals

Ted Harrington
In this session, we present findings from a long term security research study in healthcare, in which we discovered that adversaries can deploy cyber-attacks that result in harm or fatality to patients. Over the course of 24 months, we investigated 12 hospitals, 2 healthcare data facilities, 2 medical devices and host of supporting applications and technologies. Our focus was to (a) determine the feasibility of attacks against patient health, (b) determine the contextual is- sues from both technical and business perspectives, and (c) articulate the solution.

We discovered that the healthcare industry is pursuing the wrong security mission, with an almost exclusive focus on protecting patient data, yet almost no consideration of protecting patient health. We identified a number of security vulnerabilities which, if exploited, would result in patient harm or fatality. We also identified a very wide range of business and industry shortcomings, which lead to the introduction of such security vulnerabilities. Notably, we also published a blueprint, which is an actionable, step-by-step guide to help a healthcare organization of any size migrate to a more robust defense posture.

The presentation will resonate with the audience by exploring issues from their perspective (i.e., that of healthcare business executives and IT managers responsible for protecting digital assets, including patient health and patient records). The content of this talk is calibrated to a high level, intended to be easily digested by an executive audience.

This session provides a high level analysis of what we did, what we discovered, and what we recommend. The source study data can be found here: https://www.securityevaluators.com/hospitalhack/


Operational – Threat Driven Security Program

Mischel Kwon
Unfortunately, many security programs today are driven by compliance. Monitoring is a rote process driven by unknown vendor content and success is an increase in malware detection. This talk will discuss how a program driven by threat intelligence, an understanding of both what is detected and the health and well-being of the network, can drive both a stronger defensive posture and inform a compliance program. Using a data driven approach we will show the discuss how to detect, remediate and report on a system where metrics are less about the number of malware incidents detected and more about time to remediate.


The Matrix as metaphor for Security Frameworks

Bruce Bonsall
The universe of cyber security is vast, and ever expanding. Every dimension, every plane, and every vector is in play. Tracking all the relevant objects, the millions of pertinent bits of security information cannot possibly be collected and analyzed in any meaningful way without automation. The management of cyber security controls is a herculean journey requiring persistence, deep insight and infinite diligence. It requires machines … and it requires a Matrix, a governance matrix… a framework that enables an organized approach to maintaining control.

This session will explore the governance of security controls with an emphasis on leveraging frameworks and employing disciplined methodology to free organizations from the overwhelming chaos of controls required to protect the typical information age enterprise.