Name: 30 Years of CISSP: Interview with Jon France on Security, Risk and the Future
Start: 2024-06-06T10:41:00Z
End: 2024-06-06T10:41:12.000Z
Location: BrightTALK
Rating: 0

Dedicated to serving the information security community, in person, in print and online.

Generative AI technologies have huge potential in enhancing the capabilities of cyber defenders – from writing secure code to speeding up incident response.
In this session, we will focus on the practical application of generative AI in cybersecurity teams – looking at current real-world applications and hearing from security leaders who have implemented these tools to good effect.
The aim is to help security leaders understand the ways generative AI can help their teams today, improving efficiencies and reducing workloads. 
This webinar will highlight:
• The areas generative AI can have the most impact on cybersecurity operations
• The “noisy” generative AI cybersecurity marketplace, and how to find the solutions that are appropriate for your business needs
• How to deploy generative AI in security operations effectively, as well as safely

Deploying Generative AI in Security Teams, it’s Time for Action

Insider threat incidents are on the rise, fuelled by economic uncertainty and opportunities afforded by remote work. This environment provides more opportunities for malicious actors to lure employees into stealing sensitive data from their organization.
An ISC2 study in late 2023 found that over half of cybersecurity professionals have experienced an increase in insider risk-related incidents, with 71% agreeing that times of economic uncertainty increases the risk of malicious insiders.
This session will focus on:
• The latest trends in insider threat incidents, and the impact of the economic environment
• What tools and processes can help identify potential insider threat actors early
• How to appropriately address suspicious behavior, and creating an environment that is less conducive to insider threat incidents occurring

Looking Closer to Home to Address the Rising Insider Threat Risk

This 30-minute keynote session offers one sponsor the opportunity to present to the Infosecurity Magazine Online Summit audience.

Headline Keynote Autumn 2024 Day Two

Software vulnerabilities are one of the biggest cyber-threats to organizations, with a record number of vulnerability disclosures in 2023. Zero days are being actively exploited by sophisticated threat groups, as demonstrated by the Ivanti vulnerabilities that were discovered earlier this year.
The continuous process of applying fixes to vulnerabilities across all software stacks is an overwhelming task for many organizations. A new strategy is needed to make vulnerability management a sustainable and effective process.
A panel of experts will discuss best practice approaches for a modern vulnerability management program, tailored to business risk and prioritization. 
Sign up to hear:
• How threat actors target software vulnerabilities, and why this tactic is often so damaging
• Vulnerability management challenges across an increasingly complex tech stack
• How to create a sustainable software patch management program, tailored to business needs

Tackling Rising Software Vulnerabilities Sustainably

Join us for the opening keynote session of Infosecurity Magazine’s Online Summit, where an industry luminary will unveil critical insights into the future of cyber-defense.

Opening Keynote Autumn 2024 Day Two

Cyber threat actors are well-known for their ability to adapt, continuously finding novel ways to target organizations in the face of ever-improving defenses. One example of this is the practice of stealing data and threatening to publish as well as encrypting it during ransomware attacks, amid improved backup capabilities.
From combining DDoS with ransomware, to finding alternative initial access techniques, it can feel like a near impossible challenge for defenders to stay up-to-date with cybercriminals and adapt their security posture accordingly.
In this session, a panel of threat intelligence experts will highlight novel tactics being employed by threat actors so far in 2024, and discuss the areas cybersecurity teams should be prioritizing their resources on.
Join this session to learn:
• New approaches used by threat actors in 2024, including in launch DDoS and ransomware attacks
• Changes in initial access techniques and technologies utilized, and why these shifts have occurred
• The areas cybersecurity teams should be prioritizing their defenses towards in the face of these trends

Keeping up with the Attackers: Reviewing the Latest Threat Techniques

Headline Keynote Autumn 2024 Day One

The belief that cybercriminals only target large businesses has been widely disproven in the past few years. For example, research from Sage found that around half of small and medium enterprises (SMEs) experienced at least one cyber incident in 2023.
SMEs hold highly valuable data and are viewed as a soft target by cybercriminals due to the limited resources they are often able to put into their cybersecurity posture. This is an issue that has been exacerbated by the current financial crisis, with cybersecurity spending expected to be slashed in 41% of SMEs in 2024 according to JumpCloud research.
During this panel, we will highlight how SMEs are being targeted by threat actors, and how IT teams in these organizations can utilize their limited resources most effectively, as well as fight for additional support from business leaders.
• The latest cyber-attack trends relating to SMEs, including how and why attackers are targeting these firms
• The unique security challenges faced by SMEs, such as limited expertise and resources
• How SME IT teams can utilize their limited resources more effectively, and where to look for outsource expertise

Cybersecurity on a Budget: How SMEs Can Stay Safe Amid Rising Attacks

CISOs face unprecedented challenges in building and maintaining an effective cybersecurity team. Organizations are experiencing rising attacks across increasingly complex and interconnected IT estates.
On top of this is the widely discussed cyber skills gap, meaning many security teams are understaffed. This in turn is leading to stress and burnout among cyber professionals, with many considering leaving the sector.
An expert panel will discuss innovative approaches CISOs can take to build, nurture and retain an effective cybersecurity team in this environment, encouraging novel approaches to motivation and progression opportunities.
This session will highlight:
• The challenges faced by security leaders in building and developing an effective cybersecurity team
• Providing development opportunities and other strategies to retain cybersecurity professionals for longer
• How new technologies, such as AI, can be utilized effectively to positively impact cybersecurity roles

CISO Management 101: Nurturing an Effective Cybersecurity Team

Join us for the opening keynote session of Infosecurity Magazine’s Online Summit, where an industry luminary will unveil critical insights into the future of cyber-defense. 

Speaker to be announced!

Opening Keynote Autumn 2024 Day One

Security teams face the reality that sometimes adversaries will compromise an environment. 

A user may click on a link in a phishing email that downloads malware. A threat actor may exploit an unpatched vulnerability, or simply log in with compromised credentials. But once an adversary gains access, there is an opportunity for threat hunting to identify and remove a threat before they begin to move laterally. 

To act swiftly in a sea of log data, threat hunters need to know the tactics, techniques, and procedures (TTPs) of the adversary — an innovative and reliable way to identify intrusions and eliminate threats inside a network. 

This is intelligence-led behavioral threat hunting.

Why use TTPs? Adversaries that have gained initial access to an organization, often use trusted applications allowing threats to conceal their activity, increasing the  difficulty to detect ephemeral  indicators of compromise (IOCs) and artifacts. It’s much harder for adversaries to adapt TTPs collected in cyber threat intelligence (CTI) programs.

Join Intel 471 for our 30-minute webinar to discover:  
 · Why CTI elevates hunts to new levels of accuracy and measurements of success
 · How to maximize the value of your security logging data with CTI-driven behavioral threat hunting 
 · How to use CTI-powered behavioral threat hunt packages to identify stealthy, malicious activity 
 · How behavioral threat hunting can identify precursors to ransomware attacks 
Don't miss out on this opportunity to learn how to strengthen your organization's security posture!

Supercharge Your Security With Intelligence-Driven Behavioral Threat Hunting

Account fraud is a growing risk for organizations and their customers, with threat actors becoming adept at techniques like fake account creations and account takeovers (ATO). 
Attackers are also expanding the volume of account fraud through the use of bots, and we are seeing severe consequences and escalating risks to businesses.
In this webinar, a panel of expert speakers will help fraud and cybersecurity experts stay abreast of the latest trends in account fraud attacks, including the advanced tactics employed by threat actors and the industries primarily being targeted.
The speakers will also provide best practice advice on how to combat these threats, including leveraging advanced technologies such as AI anomaly detection and other approaches to fortify your defenses to protect against the next wave of account fraud.
Join this webinar to learn about:
• The latest trends in account fraud, including the evolving tactics used by threat actors and industry-specific challenges
• The inadequacies of current security measures in protecting against these threats
• The critical solutions organizations need to implement to protect against account fraud, including the role of multi-layered machine learning and AI

The Future of Fraud: Defending Against Advanced Account Attacks

Digital transformation has added exponentially more devices, networks and cloud access to nearly every organization. In this interconnected reality, IT security and cybersecurity professionals are challenged with proactively protecting this expanding external attack surface from rising cyber-threats.
Managing these potential points of entry into your digital ecosystem begins with discovering exposed assets, evaluating potential risks and mitigating them.  
Leveraging cyber threat intelligence (CTI) provides a more efficient and effective approach to attack surface management (ASM), by enabling security teams to identify and prioritize remediation of the most at risk internet-facing assets.
This allows organizations to go beyond traditional ASM approaches by seeing their attack surface from the attackers’ view.
But not all CTI is equal. The question is how relevant, timely and accurate is the CTI I'm using to protect my business?      
Sign up to learn:
• How cyber threat actors are targeting the expanded external attack surface
• How CTI-led ASM can allow security teams to prioritization and remediation initiatives
• How CTI-led ASM addresses multiple use cases including third-party monitoring 
• How to discover the most appropriate ASM solutions using advanced business requirements

Going Beyond Traditional ASM with Cyber Threat Intelligence

As cyber threats continue to evolve, safeguarding sensitive information and maintaining regulatory compliance has never been more crucial.
Join us for an insightful webinar tailored for professionals in the industrial sector, focusing on critical strategies for securing intellectual property (IP) and CAD files. 
This session will explore the implementation of zero trust architecture and robust data loss prevention (DLP) measures to ensure comprehensive risk management across your organization.
Key discussion points include:
• Securing IP and CAD Files: Learn how to protect your most valuable assets from unauthorized access and cyber threats.
• Compliance: Stay ahead of regulatory requirements and ensure your cybersecurity practices meet industry standards.
• Zero Trust: Understand the principles of zero trust and how to apply them to create a resilient security framework.
• Data Loss Prevention: Explore advanced DLP solutions to prevent data breaches and accidental data leaks. Discover strategies for safeguarding SAP files during export processes to ensure data integrity and confidentiality.

Mastering IP & Data Security in the Industrial Age

Sophisticated cyber attackers are constantly devising new ways to infiltrate networks and compromise sensitive data. This webinar will provide valuable insights into the tactics, techniques and procedures (TTPs) used by these attackers, as well as strategies for detecting and preventing their malicious activities. 
During the session, our expert speakers will delve into real-world examples and case studies to illustrate the methods employed by sophisticated attackers. 

You will gain a deeper understanding of the vulnerabilities commonly exploited by these adversaries and learn best practices for fortifying your network defenses. 
Join us to learn:
- Top tactics and techniques sophisticated attackers are using on your network
- Advanced threat protection strategies 
- Best practices for network security resilience

Unpacking the Top Vulnerabilities Exploited by Sophisticated Attackers

"Ransomware remains the top cyber threat, with attackers employing new tactics. Law enforcement takedowns and botnet disruptions might disrupt the ecosystem, but the pay-to-decrypt debate continues. 
Speaking to Infosecurity, Jon Davies, Senior Director - Cyber Defense at News Corp, shares his expert insights on these issues and lessons learned from recent attacks.
Alongside his role at News Corp, Jon is also a Board Director, Fellow and Full member of CIISEC. He was previously a Microsoft Chief Security Advisor and the first Specialist Fellow - Cyber Security for the UK MOD. 
Jon has extensive experience across multiple pillars of cyber security having worked across various industries within both IT & OT. 
Jon also advises PE & VC with respect to cyber risk associated with M&A and facilitated the first UK ransomware tabletop to include NCA, ICO and hostage & kidnap negotiators in support of the NCRC."

Ransomware Realities, Jon Davies Talks Tactics, Takedowns & Lessons Learned

"Ameet Jugnauth, Vice President of the ISACA London Chapter, discusses findings from ISACA’s State of Digital Trust 2024 report, offering practical advice for security leaders to drive improved digital trust in their business.
He also emphasizes the importance of governance, risk and compliance (GRC) in the modern would, and how security leaders can work effectively with the C-suite and boardroom in developing these strategies.
Additionally, Jugnauth highlights key lessons other sectors can learn from cybersecurity practices in the cybersecurity industry."

#Infosec2024: Why Businesses Need to Boost Digital Trust

"This year marks the 30th anniversary of the Certified Information Systems Security Professional certification (CISSP). Infosecurity speaks to Jon France, CISO, ISC2 about the legacy of the certification and the evolving CISO. 
France is an information Security professional and CISOs at ISC2 serving as advocate for security and risk management activities, skills development and awareness amongst all users of technology across industry as well as within ISC2.
Jon is a CISSP and has more than 25 years of experience building and leading diverse technology and security teams, setting and executing strategy and delivering programs that empower stakeholders and operations while effectively managing risk across media and telecommunications sectors.
Driven by a passion for technology and security in the tech enabled era, where societal reliance on technology is pervasive for social, economic, and physical health. Focusing on raising resilience of the broader tech ecosystem, the systems and architectures that are used and the data that flows through it, ultimately protecting the users and consumers."

30 Years of CISSP: Interview with Jon France on Security, Risk and the Future

CISO

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

30 Years of CISSP: Interview with Jon France on Security, Risk and the Future

Presented by

About this talk

More from this channel