A veteran in the cybersecurity space, Nobel Tan is Chief Technology Officer for Uppsala Security and Sentinel Protocol, where he spearheads product development and intelligence research. Prior to this, Nobel also served as the company’s Head of Security Operations and Head of Engineering. Nobel is based in Singapore near the corporate HQ of Uppsala Security. An engineer by training with over a decade of expertise in Information Security and IT risk strategy in the cybersecurity sector, Nobel previously led a team of technical engineers at FireEye Inc. In that capacity, he oversaw the FireEye Cloud Product and related services such as Web and Email Threat Prevention. Beyond the office, Nobel has also been recognized for his contributions to the industry; he received a 2014 Award of Excellence by EVP Customer Services for creating transformative impact in customer services organizations.
Secure Coding and shifting left/getting it right is more critical with the massive increase in lines of code that we depend on to live in this increasingly code driven world.
A privacy program in this rapidly evolving regulatory environment must take into account many perspectives, including: an understanding of the current requirements applicable to each business process which involves personal information, the business justifications for the use of that personal information; the way in regulatory requirements translate into technical and process changes, how those changes are best addressed from the application level to the organizational level; future-proofing against changing applications, business needs, and additional regulatory requirements, increased customer and partner expectations, and peer competitor strategies. This program must also be risk based and designed to achieve a viable defensible position in the shortest amount of time, without boiling the ocean, and should include a road map for continuous improvement and recurring risk and privacy assessments.
Learn what cyber attack trends California is facing and find out from recent FBI cases how insider threats can pose a threat to your organization. The talk will provide insights from cases that display specific methods in which organizations were victims. How it happened, why it happened, who was affected and lessons learned. On the heals of National Insider Threat Awareness Month in September the latest best practices and resources will also be shared.
Supervisory Special Agent, Cyber Squad, FBI San Francisco
Historically, fraud detection and cybersecurity have been separate disciplines with unique objectives and approaches. But as criminal organizations seek to take advantage of online tools for fraudulent campaigns, they’ve created integrated techniques that encompass elements of both domains. Therefore, professionals charged with defending corporate networks and assets must also come together to defend against these shared adversaries.
In 2018, GDPR brought data privacy to the forefront. The prior regulation had the impact of “ankle biters” and was often ignored. However, the new version has the potential chomp of a Megalodon for non-compliance. The rapid pace of technology innovation, paired with the maturation of the Internet of Things, digitation/automation efforts along with big/deep data analysis, creates a world where ensuring data privacy seems impossible. Every week there are new reports of data breaches or privacy violations. Two recent examples are Ring Doorbell and Facebook.
Managing security within a cloud-native development pipeline requires reimagining traditional security rituals. With hybrid and multi-cloud deployments as well as different container runtimes, orchestration platforms, and technology stacks, getting it right requires more than tooling. We must understand how our teams build software and consume telemetry gleaned through operations. Securing the pipeline from developer tools to production infrastructure requires a continuous approach to security, by shifting left and shifting right too.
As more organizations have strengthened their cyber risk management, adversaries have shifted focus to third party ecosystems that historically have weaker defenses. To better manage these challenges, Delta Dental of California has built an adaptable third party risk assurance capability. It uses an innovative approach that tailors rigor and frequency of testing based on the impact and nature of each business relationship. It also incorporates threat intelligence to efficiently allocate valuable talent. Join us to learn how to apply these principles within your organization.
