Name: When the Answer Really Is “No” -- How to Say It Diplomatically
Start: 2022-10-13T17:00:00Z
End: 2022-10-13T17:00:37.000Z
Location: BrightTALK
Rating: 4

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Identity governance and administration (IGA) programs are critical for managing enterprise security and compliance, yet many organizations face persistent challenges. Operational inefficiencies, reliance on manual processes, and the growing complexity of managing diverse applications and identities often hinder success. As the digital landscape evolves, the stakes are higher than ever for enterprises to modernize their IGA strategies.

This session explores the latest research from Omdia, revealing how leading organizations are addressing these challenges. From leveraging AI agents to automating workflows, discover actionable insights that can transform your IGA program into a driver of business value. Whether you’re refining an existing initiative or planning a new one, this session will equip you with the tools and strategies to stay ahead in 2026.

Join Todd Thiemann, Principal Analyst at Omdia, to uncover what’s working, what’s not, and where the future of IGA is headed.

Takeaways:
- Strategies for integrating more applications while controlling costs.
- Insights into rationalizing workforce identity security tool portfolios.
- The role of AI agents in combating deepfakes and enhancing automation.
- Best practices for governing non-human identities (NHIs) and AI agents.
- Key trends shaping the future of enterprise IGA programs.

Elevating Enterprise IGA Programs for the Future

The rapid growth of digital identities, evolving compliance demands and advanced cyber threats have made identity governance and administration (IGA) a critical priority for modern enterprises. Without a structured governance framework, organizations risk operational inefficiencies, data breaches and reputational harm. Issues like access sprawl and privilege misuse are no longer just IT concerns—they are pressing business challenges.

This session will explore how businesses can implement effective IGA strategies to manage identities, ensure compliance and mitigate risks. Learn how to align tools, policies and processes into a cohesive framework that supports enterprise-wide governance. Discover actionable steps to build a compelling business case, standardize global implementation and achieve quick wins that drive executive buy-in.

Join Vincent Amanyi, Founder of Boleaum Inc. to gain practical insights and proven strategies for enabling IGA success at scale.

Key Takeaways:
- Build a persuasive business case to secure board-level approval for IGA initiatives.
- Define a scalable implementation model for geographically dispersed organizations.
- Benchmark and strengthen your organization’s IGA foundation.
- Discover quick-win strategies to accelerate IGA adoption and demonstrate ROI.

Mastering Identity Governance: Strategies for Enterprise Success in 2026

Identity and access management is at a crossroads. Reliant on passwords and centralized directories, traditional IAM can’t meet the demands of today’s distributed infrastructures and increasingly sophisticated cyber threats. As businesses expand their digital presence, they need adaptable, privacy-preserving solutions to safeguard their assets and ensure seamless operations across ecosystems. But implementing these approaches isn’t without its challenges. 

Modern IAM offers transformative opportunities through decentralized identity models and blockchain-enabled verifiable credentials. These replace static identifiers with cryptographically signed proofs, allowing organizations to achieve tamper-proof identity verification, transparent lifecycle management and enhanced privacy. These new solutions align with zero trust principles, paving the way for trust-minimized environments that prioritize security and user control.

Join Yeghisabet Alaverdyan, Senior Researcher and Associate Professor at IIAP MESCSA RA, to share her insights on how the latest IAM strategies are redefining identity management for the modern age.

Takeaways:
- Discover why traditional IAM systems are not suited to modern infrastructures.
- Learn how decentralized identity models enhance security, privacy and user autonomy.
- Understand the role of blockchain in verifiable credentials and tamper-proof identity management.
- Explore how emerging IAM protocols align with zero trust principles. Gain actionable insights to future-proof your organization’s identity strategy.

Modern IAM: Decentralized Solutions for Evolving Threats

Organizations excel at documenting incidents but fail catastrophically at remembering them. Between audits, hard-won lessons evaporate, cultural knowledge resets to zero and enterprises find themselves vulnerable to the same predictable risks that should have been eliminated months ago.

This session reframes security culture as a living control system where organizational memory becomes your strongest defense. Discover how to transform retrospectives into measurable feedback loops, quantify learning as risk reduction and embed institutional knowledge into governance frameworks that create compounding resilience rather than cyclical vulnerability.

Join Oksana Denesiuk, Senior Product Manager at Kaiser Permanente and ISSA Advisory Board Member, to explore proven methodologies for building unbreakable organizational memory.

Key Takeaways: 
- Track how lessons learned translate into behavioral change and improved security posture. 
- Build lasting organizational memory through structured post-incident processes that strengthen defenses over time.
- Measure how well your organization learns from incidents and translate that into reduced security risks.
- Transform retrospectives into measurable feedback loops that prevent incident recurrence. 
- Embed organizational knowledge into leadership and accountability models for sustained cultural transformation.

Transform Security Culture into Measurable Organizational Memory

As organizations embrace AI systems and hybrid workforces, traditional security cultures focused only on human awareness can no longer address today’s complex risks. AI operates at machine speed, influencing decisions and actions in ways that demand a more integrated approach to managing security. Without a culture that accounts for both human and AI behaviors, organizations risk blind spots that could undermine trust, governance, and resilience.

Security culture needs to become a shared model where leadership, governance and incentives guide both human decisions and the design, training and accountability of AI systems. By viewing AI actions as part of the risk landscape and aligning human and machine behaviors with business goals, security leaders can transform culture into a measurable control and a strategic advantage in an AI-driven world.

Join Sandra Estok, CEO & Founder of Way2Protect, to uncover practical strategies for managing security behaviors, bridging human and AI risks, and effectively communicating with executives and boards.

Key Takeaways
- Understand how security culture must evolve to address both human and AI-driven behaviors.
- Learn to treat AI actions as part of the organization’s risk surface.
- Explore practical methods to measure security behaviors in hybrid work environments.
- Discover how leadership decisions shape human conduct and AI system outcomes.
- Gain techniques to communicate human and AI risks to boards in clear business terms.

Evolving Security Culture: Aligning Human and AI Risks for Business Resilience

Since technology cannot keep us completely protected, organizations must embrace a culture of cybersecurity to build true resilience. This cultural transformation is essential to safeguard against risks and ensure readiness to respond effectively when incidents occur.

This session explores how leading organizations are embedding cybersecurity into their values, attitudes, and practices. By fostering a culture of resilience, businesses can strengthen their ability to anticipate, adapt to, and recover from cyber threats. Learn why every manager has a pivotal role in shaping this culture and how to implement strategies that drive lasting change.

Join Dr. Keri Pearlson, Principal Research Scientist at MIT Sloan School of Management, to explore actionable steps for building a culture of cybersecurity that protects your organization and empowers your workforce.

Takeaways:
- Understand cyber resilience thinking and how it differs from traditional protection strategies.
- Discover key mechanisms for fostering an effective cybersecurity culture.
- Gain actionable insights for managers to enhance resilience at work and home.
- Learn from real-world examples of organizations successfully embedding cybersecurity into their culture.

Building Cyber Resilience Through Culture in 2026

Mergers and acquisitions create exponential cyber risk exposure, yet many organizations lack quantified risk frameworks to guide critical business decisions. As cyber threats evolve and regulatory scrutiny intensifies, executives need concrete data to balance growth opportunities against security investments.

Traditional risk assessments fail during rapid organizational change. This session reveals proven methodologies for translating cyber vulnerabilities into financial impact metrics that drive boardroom decisions. Learn to build communication frameworks that align security investments with business objectives while maintaining stakeholder confidence throughout complex organizational transitions.

Join Vincent Amanyi, Founder of Boleaum Inc, to explore actionable strategies for enterprise cyber risk quantification and communication.

Key Takeaways: 
- Develop risk appetite frameworks that identify, prioritize, and absorb organizational risks with minimal business disruption. 
- Master cyber risk quantification techniques that assign tangible dollar values to security threats across all business levels.
- Build structured communication models to effectively convey cyber risk criticality to diverse stakeholder groups. 
- Implement scalable cybersecurity benchmarking practices for growing organizations. 
- Create boardroom-ready risk reports that support strategic decision-making during M&A activities.

Quantify Cyber Risk Impact for Strategic M&A Growth

Breaches have become a daily reality. Dark web activities and emerging threat vectors outpace traditional defenses, creating blind spots that adversaries readily exploit. Without early warning systems, businesses remain vulnerable to sophisticated attacks that could have been prevented.

Effective Cyber Threat Intelligence (CTI) transforms raw intelligence into actionable insights that enable proactive defense strategies. This session demonstrates how to operationalize intelligence, map adversary tactics to business risks, and implement early warning systems that prevent breaches before they occur. Learn to distinguish signal from noise and convert threat intelligence into measurable risk reduction metrics that resonate with executive leadership.

Leverage Cyber Threat Intelligence for Proactive Risk Mitigation

Open-source software drives enterprise innovation, but unmanaged vulnerabilities create operational risks and regulatory exposure. As cyber threats evolve and compliance frameworks tighten, executives face mounting pressure to balance innovation speed with robust security governance.

Traditional approaches to OSS security often create friction between development teams and security requirements, leading to shadow IT practices and increased exposure. This session presents proven frameworks for integrating security into OSS workflows while maintaining developer productivity and meeting emerging regulatory demands like the EU Cyber Resilience Act.

Join Yesenia Yser, Security Engineer and Open-Source Advocate, to explore enterprise-grade strategies for OSS risk management.



Key Takeaways: 

Implement governance frameworks that protect OSS dependencies without slowing development
Create shared accountability between security, procurement, and engineering teams
Apply SLSA, SBOM, and OpenSSF standards to build enterprise-wide security trust
Balance regulatory requirements with collaborative open source community practices 
Turn OSS security management into a strategic business differentiator

Securing Open-Source Dependencies at Enterprise Scale

The current data security and privacy protection landscape is awash with tools, acronyms, buzzwords that promise to make data breaches and privacy incidents a thing of the past. Yet hotel chains, healthcare providers, banks, department stores and even governments constantly fall victim to data breaches, ransomware or nation-state attacks. 

The plain truth is that tools are only as good as the people that use them and the processes that go with it. Two thousand years ago, the Roman empire had better military tools than the nations they conquered. Yet through time, the Romans fell to the barbarians and are merely remembered through their ruins. Likewise, companies with the latest and most buzzworthy technology implemented still manage to fall victim to attacks. 

In this presentation, industry thought leader Ralph Villanueva will tap into over 15 years’ experience of data security and privacy protection to show why ultimately, the people behind the tools and the processes they use matter more in securing your organization’s data. 

Key Takeaways:
 - How to best deploy tools in the most cost-effective way to optimize benefits.
 - How to best deploy tools to mitigate data security risks from internal and external threats. 
 - The importance of a balanced and holistic approach to data security that equally considers people, processes and technology.

Tools are Nothing: Why People and Process Matter More in Data Security and Privacy

Data security has entered a new era, one defined by AI-powered threats, expanding cloud ecosystems, and evolving global privacy regulations. 

This session presented by TD Bank's Pankul Chitrav explores the critical shifts reshaping how organisations must protect sensitive information in a boundaryless digital world. We will break down the top risks, the essential capabilities of modern security architectures, and the must-have tools for protecting data across endpoints, cloud platforms, and AI workflows. From zero trust to automated posture management and advanced data discovery, you’ll learn what’s required to stay ahead of adversaries and maintain compliance. Whether you’re modernising your security program or building one from the ground up, this talk equips you with the insights needed to create a future-ready data protection strategy for 2025 and beyond.

Future-Ready Data Protection: Securing Modern Data Ecosystems in an AI-Driven World

Cyberattacks are continuing at pace and we're regularly hearing of new data breaches. But who is responsible for ensuring the security of personal data? 

Traditional data protection approaches are failing against modern attack vectors. Organizations need future-ready strategies that go beyond compliance checkboxes to create resilient security frameworks. In this session, we'll explore the current risks to personal data & privacy and delve into the range of models that can be used to protect your organizations critical assets.

This webinar will take you through examples of recent data breaches, identifying the challenges being experienced, learning from what went wrong and how best organizations can plan for the future. Such planning will investigate current good practice, adding some “steroids” to them such that organizations can hopefully stay in front of the next “breach”!

Steve Yates – Chairman of the Resilience Association, will share frontline experience about critical data assets security and protection of user privacy.  

Key Takeaways:

- Be aware of the challenges being experienced in the protection of data security & privacy;
- Understand how best to plan your data resources and capacity to meet tomorrow’s defense;
- Discover the core organizational elements needed for the establishment of a strategic, tactical and operational solution

Strengthen Data Security Strategy for Tomorrow's Resilience Defense

AWS infrastructure offers robust native security mechanisms, but the shared responsibility model places critical configuration burdens on app owners. This creates gaps that attackers can actively exploit through misconfigurations, privilege escalation, and cross-service vulnerabilities which can compromise entire cloud deployments.

Security automation emerges as an essential defense strategy for threat modeling, enabling businesses to enforce security best practices from deployment through ongoing operations. Automated security controls provide continuous monitoring, real-time threat detection, and optimized remediation across AWS services. This ensures a consistent security posture while reducing human error and response times.

Join Ernesto Marquez, Founder and Project Director at Concurrency Labs, to explore proven AWS security automation strategies for threat mitigation.

Key Takeaways: 

- Implement automated security controls that enforce best practices across AWS services 
- Deploy continuous monitoring and real-time threat detection for multicloud environments 
- Configure automated remediation workflows for common security vulnerabilities 
- Integrate AWS security automation tools into comprehensive threat modeling frameworks 
- Establish governance policies that maintain security consistency across cloud deployments

Deploy Automated AWS Defenses for Threat Prevention

As cloud supply chain attacks escalate in sophistication, traditional SBOMs alone prove insufficient for comprehensive security. While SBOMs provide valuable component inventories, they lack runtime verification capabilities—creating a critical blind spot that malicious actors increasingly exploit. This gap between static analysis and runtime behavior represents one of the most significant vulnerabilities in modern cloud environments.

The "Bill of Behavior" (BoB) approach addresses this challenge by providing vendor-supplied profiles of expected runtime behaviors. Generated using eBPF technology, BoBs codify legitimate syscalls, file access patterns and network communications. This enables immediate anomaly detection without custom rule creation, allowing organizations to verify software integrity throughout the supply chain and during execution, dramatically reducing the attack surface while simplifying security operations.

Join Dr. Constanze Roedig, Key Researcher at SBA-Research and Founder of Fusioncore.ai, to discover how this emerging standard complements existing SBOM frameworks to create verifiable trust in your cloud ecosystem.

Key Takeaways:
- Understand how Software Bills of Behavior (SBoBs) create verifiable trust between vendors and clients
- Learn practical implementation strategies using existing OCI distribution standards
- Discover how BoBs significantly reduce attack surfaces across both runtime and supply chain vectors
- Explore immediate benefits of receiving vendor-supplied behavior profiles with software packages
- Discover how CNCF Kubescape allows anomaly detection out of the box

Beyond SBOMs: Runtime Verification for Bulletproof Cloud Supply Chains

Organizations are rapidly adopting AI technologies without fully understanding the security implications. This is creating unprecedented vulnerabilities in cloud environments. In turn, with AI accessible to all stakeholders, the human factor has become the weakest link in cybersecurity defense strategies.

This session addresses critical considerations for IT and cybersecurity leaders to balance business innovation with risk management. Learn how to establish ethical AI frameworks, implement proper access controls, and build awareness programs that protect your organization while enabling AI adoption.

Join Kathleen Mullin, vCISO and Consultant, to explore practical strategies for securing AI in cloud environments while maintaining business agility.

Key takeaways:

• Define clear RACI matrices for AI business risk ownership and accountability 
• Assess whether AI solutions truly meet business requirements vs. alternative approaches
• Establish data governance and access controls specifically for cloud-based AI systems 
• Develop comprehensive AI awareness programs for organizational stakeholders 
• Evaluate current and future cloud AI risks within your security framework

Considerations: Securing the Cloud And In Specific AI

As organizations accelerate cloud adoption, sophisticated security technologies often create a false sense of protection while the most significant threats emerge from within. Human behaviour continues to be the weakest link in cloud security, not due to malicious intent, but through everyday mistakes that inadvertently expose critical systems.

When they create friction, security measures designed to protect can inadvertently increase risk as users will find shortcuts to achieve their legitimate objectives. This session explores the psychology behind user decision-making and reveals how threat actors exploit human nature to bypass cloud defenses, turning legitimate business processes into attack vectors.

Join Simon Ratcliffe, independent management & technology consultant, to discover practical strategies for human-centered cloud security.

Key Takeaways:

- Identify psychological triggers that make users vulnerable to cloud-based attacks 
- Recognize how security friction drives risky user behaviors and workarounds
- Design user-centric security that reduces human error without compromising protection 
- Develop indicators to detect insider threats before they escalate 
- Build security awareness programs that create lasting behavioral change

Securing the Human Element: Why People Remain Cloud Security's Top Vulnerability in 2025

Insider threats are one of the most challenging security risks in multicloud environments, where authorized users can exploit fragmented access controls and limited visibility across platforms. When organizations lack comprehensive oversight of user activities, data flows and privilege escalation paths, the risk posed by human error and malicious insiders is much greater.



Multicloud architectures amplify insider threat risks through inconsistent identity management, scattered audit trails, and complex permission structures that create blind spots for security teams. Strategic threat modeling designed around insider risks enables organizations to map user access patterns, identify privilege abuse scenarios, and implement behavioral monitoring across all cloud platforms before incidents occur.



Join Sandeep Tripathi, IT Solutions Designer at Daimler Truck AG, to discover systematic approaches for detecting and preventing insider threats in complex multicloud environments.



Key Takeaways: 

- Identify insider risk scenarios across cloud platforms using threat modelling frameworks
- Implement comprehensive user behavior analytics and cross-cloud activity monitoring
- Limit insider threat impact and lateral movement using zero-trust access controls.
- Develop incident response protocols for insider-driven security breaches
- Create governance frameworks for managing privileged access in multicloud environments

Mitigate Insider Threats in Multicloud Through Strategic Modeling

Every minute your cloud infrastructure grows, it creates new entry points for potential attacks. As organizations rush to embrace cloud innovations, they're unknowingly building digital labyrinths where traditional security measures fall short.

Cloud security threats are often perceived as purely technical challenges, but the human factor remains one of the most significant and underestimated risks. Misconfigurations, weak passwords, phishing attacks, and inadequate training open doors to breaches even in sophisticated environments. Employees inadvertently expose sensitive data through social engineering, while administrators overlook crucial updates. Insider threats pose significant risks when cloud systems are accessible from anywhere.

Join Jyotirmayee Pradeep Kumar, Vice President of Cloud DevOps at a leading global bank, to explore human factors in cloud security threats.

Key Takeaways: 
- Human error as the leading cause of cloud security breaches 
- Phishing attacks and social engineering threat vectors 
- Managing insider threats in distributed cloud environments 
- Essential security awareness training and culture development 
- Zero Trust architecture implementation strategies

Managing Human Risk in Cloud Security Operations

Why do we do the things we know we shouldn’t, and not do the things we know we should? Take password managers: Most of us know they’re an easy, useful tool that enhances our security, but not enough of us actually use them. What’s the reason behind this? Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, reveals new research from the Alliance about the public’s attitudes and beliefs about security, as well as potential drivers and barriers towards secure habits.

About the speaker:
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a proven track record of engaging and empowering people to protect themselves, their families, and their organizations.  Lisa has held leadership roles with the Ford Motor Company, CDK, InfoSec and MediaPRO, and is a frequent speaker at major events including RSA, Gartner and SANS. She is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

A Whole Lotta BS (Behavioral Science) About Security

Many people talk about the need for a cybersecurity mindset. The discussion generally focuses on whether you have one or not and how to foster a security mindset. However, why should there only be one cybersecurity mindset while there are, in fact, many types of cybersecurity mindsets. This diversity in thinking is required to strengthen your cybersecurity team.  

Tune into this presentation to learn about various cybersecurity mindsets and discover:
- How does mindset influences decision making?
- What are the potential cybersecurity mindsets?
- How does the interaction of mindsets build team cohesion?

Diversity of Cybersecurity Mindsets

Senior management is generally supportive of cybersecurity and lower-level staff do what they’re told to do. Middle management, however, is beset by perverse incentives to sell, sell, sell; cut costs; and do more with less. This leaves them without enough mind-space left to focus attention on cybersecurity. 

Tune into this cyber-session to discover tips and ideas covering:
--Finding and fixing the middle management weak spots.
--The consequences of a cybersecurity culture based on inaction.
--Potential solutions, tailored for middle managers, to enhance a cybersecurity culture. 

About the speaker:
Steve holds certification as a Master Business Continuity Professional (MBCP) as well as a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA). He is a specialist in business continuity management, IT disaster recovery planning, and information security and has implemented programs for numerous banks, government agencies, and industrial corporations. Before founding Risk Masters, Steve was with Deloitte & Touche as the leader of their Business Continuity Management practice. In recent years, his focus has been on the resilience of large business and technology environments. He is editor of the multi-volume series, e-Commerce Security, and author of several of the books in the series.

The Tone in the Middle: The Biggest Hindrance to a Cybersecurity Culture

Security Partners at Adobe provide product teams with guidance needed to help improve overall security posture. They partner with risk management, operational and application security teams to help product teams create unified security roadmaps and provide needed visibility for executive teams. This partnership has helped to elevate security and risk conversations into stronger business value conversations and improve overall risk management across Adobe.

Astrid Bailey, Security Partner Program Owner, will talk about her experience in building this program and scaling it using a tiered model to be effective across 200 product teams at Adobe. She will discuss lessons learned as she and her colleagues:
- Worked to get security requests positioned more strategically in product roadmaps.
- Made use of automation and standardization to help ensure management and executive teams are getting the information they need to make better security decisions.
- Improved the overall relationships between key security team leaders and product team leaders.

The best practices learned in developing this program will be beneficial to any organization looking to strengthen and improve the effectiveness of the relationship between security and other technical teams. Such an effort can help ensure your teams are even more invested in your overall risk management strategy.

About the speaker:
Astrid Bailey has been an IT project/program manager for over a decade. She has worked in numerous industries and on diverse efforts such as managing software development teams, coordinating large-scale vendor integrations to support corporate tradeshows, and, most recently, leading several key security programs at Adobe that focus on cross-org collaboration. In 2022, Astrid completed a Master of Science, Information Systems (Cybersecurity Management) at the University of Utah. Additionally, Astrid has her PMP certification and is an Associate of ISC2.

Building a Stronger Security Partner Team

It's no secret that the cybersecurity landscape is constantly changing, requiring CISOs and security teams to adapt and pivot at a moment's notice. But the security organizations with the strongest foundations will be most able to rise to whatever challenge the future brings. In this panel session, learn about the major initiatives CISOs are planning for in the coming year, changes they are anticipating, and pain points they hope to mitigate.
 
You'll hear about topics such as:
* Changing regulatory needs
* Surviving the economic and geo-political environment
* Crucial skills development areas
* Technology investments
* Cyber insurance

About the moderator:
Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the US. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce.

Confirmed panelists:
Ozgur Danisman, VP, EMEA Sales Engineering, Forcepoint
Brenna Leath, Head of Product Security, sas
Dr. Kelley Misata, Founder and Chief Trailblazer, Sightline Security

Key Concerns of Cyber Leaders

5 ways to improve your Security Ecosystem 

In this presentation I will show you how you can shift left your security layer by learning a new style: detecting and blocking threats at the earliest stage of the attack chain, and how threat intelligence can make your security insightful. 
 
I will explain how to translate threat intelligence into actual security enhancements which will lead to more tangible follow up to ensure your SecOps workload will be reduced. 
The old math will solve new problems by using what’s already on your IT, IoT (and some cases OT) network.

How Old Math Can Solve New Problems

In the case of a legacy data migration, companies need to migrate their corporate data from an old system to a new one. When it comes to Merger and Acquisition (M&A) data carve outs, companies need to extract, migrate and merge selective data from one company’s system to another. There are many risks involved in these types of migrations, including cybersecurity and privacy risks.
Attend “The Great Data Migration: Dealing with Cybersecurity and Privacy in Legacy Data Migration and M&A Data Carve Outs” on Wednesday, 12 October at 10:00 am GMT. 
- Learn how to take advantage of natural language processing and machine learning to automate sensitive data discovery, classification and redaction at scale. 
- Listen to Kyle DuPont, Co-Founder and CEO, Ohalo on how to gather insights to securely accelerate data migration during M&A. 
- Secure unstructured data assets in line with privacy regulations and the legal rules that govern the disclosure of sensitive personal information.

The Great Data Migration: Cybersecurity & Privacy in M&A & Legacy Data Migration

In recent years, much attention has been paid to the technology that prevents malware and malicious attackers from wreaking havoc in enterprise systems, especially during the COVID era. Multi-factor authentication? Check. Robust access control? Check. Intelligent firewalls? Check. 

Still, a lot of IT enterprise leaders overlook the importance of the IT compliance function in identifying COVID symptoms, especially the “people” aspect of the information technology triad of people-process-technology. In this presentation, Ralph Villanueva will speak about the vital role IT compliance plays in securing the enterprise by identifying these post COVID symptoms, and what enterprise IT leaders can do to harness their valuable expertise and unique role in the organization.

About the speaker:
Ralph has been keeping his employers compliant with IT and cybersecurity requirements across numerous and diverse regulations such as the Nevada Gaming Control Board, Payment Card Industry, COSO-Integrated Framework, COBIT and ISO 27001 since 2007, and data privacy since 2017. His more than two decades of internal and IT audit and compliance work in the US and the Asia Pacific region provide him with insights not only in enforcing IT and cybersecurity requirements in light of changing regulatory and technical environments, but also in anticipating and dealing with future. Ralph has also earned numerous certifications such as the ISO 27001LA and ISO 27701LA, CISA and CISM, PCI-ISA and PCIP, CIA and CRMA, CFE, CPA and ITIL. Since 2010, Ralph has regularly spoken at over 40 conferences.

The IT Compliance Role in Safeguarding the Enterprise from Post-COVID Symptoms

Today’s attackers leverage sophisticated techniques against their target organizations, using multiple attack vectors to exploit several security weaknesses. These weaknesses can include misconfigurations, unpatched vulnerabilities, overly permissive access policies, and more. Each may present only a low risk in isolation—but when combined, they create an exploitable chain of weaknesses that drive a high risk of breach.

Beyond Misconfigurations Correlating Threats to Truly Understand Your Cloud Risk

People are crucial to the success of your cybersecurity culture. With the rate of change in cyber and information Security, we need to start thinking differently about bringing our teams up to speed. This session will discuss some tips and ideas to build a more robust training and learning solution for your security team and create security champions throughout your organization. We will also explore the importance of providing career pathways to encourage growth and career advancement of your current teams and how to attract new talent. 

About the speaker:
Connie Matthews Reynolds is the Founder/CEO of ReynCon, LLC (REST- ReynCon Educational Services & Training). Her passion drove her to start her own company, to help companies and individuals seek to build more awareness toward soft and technical cybersecurity training and provide professional services to assist organizations in improving their security posture. A believer in the importance of giving back to the community, she is also President, Central Ohio ISSA; founding member of EmpoWE-R Women of InfoSec, named in Cybercrime Magazine's 181 Top Women in Cybersecurity to follow on Twitter and Columbus Business First's Who’s Who to Follow.

Building a Cybersecurity Culture: It's Time to Think Differently About Training!

Privacy and compliance teams are under increasing pressure to respond quickly to urgent issues. Whether from senior leadership, regulators, consumers, shareholders, or other stakeholders, the pressure after a cyber or other event can be intense. Pressure is equally high to be prepared for potential incidents. What steps can a company take to have a program that is effective and right-sized to its operations? How can it best prepare for the increasing external, unknown, and uncontrollable risks? Drawing from change and risk management research, this session will share some lessons learned and strategies to help you make the most of your privacy compliance program.

About the speaker:
Liisa Thomas is a partner and lead of the Privacy and Cybersecurity practice at Sheppard Mullin. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and praise her “thoughtful legal analysis combined with real world practical advice.” She is the author of two well-regarded treatises: Thomas on Data Breach and Thomas on Big Data, and teaches privacy and security law classes at Northwestern University where she is the recipient of the Edward Avery Harriman Law School Lectureship. She is consistently recognized as a privacy and cybersecurity leader by Chambers, Cybersecurity Docket, Legal 500, Best Lawyers in America and Crain’s Chicago Business. She was recently named to Legal 500’s Hall of Fame for Cyber Law. Liisa received her J.D. from the University of Chicago.

Understanding and Managing Cyber and Privacy Risk in an Increasingly Risky World

The adoption of cloud applications and infrastructure combined with increasingly dispersed workers and stakeholders, a variety of devices, and a constantly evolving threat landscape requires comprehensive security planning. As organizations' technical footprints spread, points of entry and potential vulnerabilities increase exponentially. This fireside chat will explore how security leaders can develop holistic programs to improve overall security hygiene and posture in a world of technical complexity.

Join us to learn about:

--The growing need for security posture platforms that address the cloud
--How to manage security consistently across a variety of environments
--Effective inventory and monitoring of assets and applications
--The security benefits and challenges of cloud-native applications
--Software and tools that help security staff offload mundane tasks
--And more.


Moderated by:
Jeremy Synder, Founder and CEO, FireTail.io
Featuring:
Deryck Mitchelson, Field CISO, Check Point Software

Improving Security Posture for the Modern Enterprise

The increasingly distributed nature of the modern enterprise is making zero-trust security approaches more relevant than ever. In this research-led session, John Grady, ESG Principal Analyst, will focus on how organizations are thinking about, planning for, and implementing zero trust across their environments.


Join to find out how zero trust can provide a framework to secure even the most complex environments, whether implementing least-privilege tenets for user access or securing the connections to and between the disparate aspects of today’s hybrid multi-cloud deployments. You'll learn exactly what a zero-trust initiative should entail, where to begin, and how best to overcome the organizational obstacles that result from such a cross-functional undertaking.

Zero Trust Security Strategies to Safeguard the Enterprise

Security Strategies to Safeguard the Enterprise

As cybersecurity experts, our overall goal is to protect the confidentiality, preserve the integrity, and promote the availability of data for authorized use—all without inhibiting the business from meeting its objectives. But what about the times when we must say “no” for various reasons? This interactive session focuses techniques for having a diplomatic “crucial conversation” with the business when a request just can’t be approved.

About the speaker:
Tamika Bass is an Information Security professional with more than 15 years’ experience in information security, including information security governance and risk management. Tamika is passionate about improving communication and understanding of information security in the industry. Tamika is an active speaker, college professor and enjoys spending her time educating technical staff on the importance of communicating effectively in the Information Technology space. Tamika holds the following certifications: CISA, CRISC, HCISPP, CBCP.

When the Answer Really Is “No” -- How to Say It Diplomatically

Cyber Security

Data Security

Data Privacy

Security Strategy

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

When the Answer Really Is “No” -- How to Say It Diplomatically

Presented by

About this talk

Information Security