Software Supply Chain risk has quickly become the topic of the day with the fallout from the Solar Winds hack among others being a prime example of the risks of malicious code being inserted upstream in the software supply chain. The question for hands-on practitioners is what does this mean from a practical, ground level, developer’s perspective? In this presentation, we delve deep into practical demonstrations of common container security issues and offer practical solutions.
APIs are software glue that is revolutionizing our digital worlds by helping enable the next industrial revolution driven by AI/ML and IoT. Implications of APIs are profound on organizations both positive (innovation, newer business models, competitive differentiation etc.) and negative (hidden attack vector, business continuity impact etc.).
While cybersecurity is broad in both its context and application, information security is singularly focused on the protection of data. In practice however, most organizations repeatedly use the same tools, controls, strategies, mindset, etc., to defend against cyber-attacks as they do to protect their data. The unfortunate reality is that most tools are designed fundamentally to address cybersecurity, and while these tools may to some degree help with information security, it’s really not their raison d’être.
In this session, we will argue the importance of segregating IAM controls from information security mechanisms and why doing so can enhance your security posture.
Dimitri holds BBA and MBA degrees from Baruch College and earned his JD from Brooklyn Law School. Prior to co-founding Atakama, Dimitri spent 15 years as an attorney, most recently practicing regulatory and enforcement law at Bingham McCutchen where he represented large financial institutions in high-stakes matters. Dimitri began his career at Merrill Lynch.
As the world moves from Web2 to Web3, threats are evolving. Moving forward, we need a framework for not only protecting against cryptocurrency and blockchain attacks, but also a method to share that information. In this talk, Rick will discuss some of the threats he has seen at some of the top cryptocurrency exchanges as well as discuss a framework for threat intel in the future.
Rick Deacon is co-founder of Apozy(browser visibility and protection), a stealth Web3 cybersecurity company(blockchain and cryptocurrency), and RADwood(80's and 90's automotive festival). Rick has been a cybersecurity professional for over 12 years, beginning his career as a penetration tester. Rick has spoken at DEFCON, B-Sides, ISSA, and numerous other conferences in the past, with a focus on offensive and defensive security.
In the past few years, there has been a tremendous increase in Malware attacks, with both private and governmental organizations losing thousands of dollars in ransomware attacks. In this session, we will take a deeper look into the Malware families that have been on the rise, and the techniques used by the malware writers (attackers) to evade detection.
A veteran in the cybersecurity space, Nobel Tan is Chief Technology Officer for Uppsala Security and Sentinel Protocol, where he spearheads product development and intelligence research. Prior to this, Nobel also served as the company’s Head of Security Operations and Head of Engineering. Nobel is based in Singapore near the corporate HQ of Uppsala Security. An engineer by training with over a decade of expertise in Information Security and IT risk strategy in the cybersecurity sector, Nobel previously led a team of technical engineers at FireEye Inc. In that capacity, he oversaw the FireEye Cloud Product and related services such as Web and Email Threat Prevention. Beyond the office, Nobel has also been recognized for his contributions to the industry; he received a 2014 Award of Excellence by EVP Customer Services for creating transformative impact in customer services organizations.
Moderator: James Ransome
- Brook Schoenfield
- Jim Manico
- Anmol Misra
Secure Coding and shifting left/getting it right is more critical with the massive increase in lines of code that we depend on to live in this increasingly code driven world.
A privacy program in this rapidly evolving regulatory environment must take into account many perspectives, including: an understanding of the current requirements applicable to each business process which involves personal information, the business justifications for the use of that personal information; the way in regulatory requirements translate into technical and process changes, how those changes are best addressed from the application level to the organizational level; future-proofing against changing applications, business needs, and additional regulatory requirements, increased customer and partner expectations, and peer competitor strategies. This program must also be risk based and designed to achieve a viable defensible position in the shortest amount of time, without boiling the ocean, and should include a road map for continuous improvement and recurring risk and privacy assessments.
CISO @ Upstart
How to effectively present your organization's security posture
Learn what cyber attack trends California is facing and find out from recent FBI cases how insider threats can pose a threat to your organization. The talk will provide insights from cases that display specific methods in which organizations were victims. How it happened, why it happened, who was affected and lessons learned. On the heals of National Insider Threat Awareness Month in September the latest best practices and resources will also be shared.
Supervisory Special Agent, Cyber Squad, FBI San Francisco