Moderator: James Ransome
Panelists:
Secure Coding and shifting left/getting it right is more critical with the massive increase in lines of code that we depend on to live in this increasingly code driven world.
Matthew Corwin
A privacy program in this rapidly evolving regulatory environment must take into account many perspectives, including: an understanding of the current requirements applicable to each business process which involves personal information, the business justifications for the use of that personal information; the way in regulatory requirements translate into technical and process changes, how those changes are best addressed from the application level to the organizational level; future-proofing against changing applications, business needs, and additional regulatory requirements, increased customer and partner expectations, and peer competitor strategies. This program must also be risk based and designed to achieve a viable defensible position in the shortest amount of time, without boiling the ocean, and should include a road map for continuous improvement and recurring risk and privacy assessments.
Pavi Ramamurthy
CISO @ Upstart
How to effectively present your organization's security posture
Learn what cyber attack trends California is facing and find out from recent FBI cases how insider threats can pose a threat to your organization. The talk will provide insights from cases that display specific methods in which organizations were victims. How it happened, why it happened, who was affected and lessons learned. On the heals of National Insider Threat Awareness Month in September the latest best practices and resources will also be shared.
Supervisory Special Agent, Cyber Squad, FBI San Francisco
Historically, fraud detection and cybersecurity have been separate disciplines with unique objectives and approaches. But as criminal organizations seek to take advantage of online tools for fraudulent campaigns, they’ve created integrated techniques that encompass elements of both domains. Therefore, professionals charged with defending corporate networks and assets must also come together to defend against these shared adversaries.
In 2018, GDPR brought data privacy to the forefront. The prior regulation had the impact of “ankle biters” and was often ignored. However, the new version has the potential chomp of a Megalodon for non-compliance. The rapid pace of technology innovation, paired with the maturation of the Internet of Things, digitation/automation efforts along with big/deep data analysis, creates a world where ensuring data privacy seems impossible. Every week there are new reports of data breaches or privacy violations. Two recent examples are Ring Doorbell and Facebook.
Managing security within a cloud-native development pipeline requires reimagining traditional security rituals. With hybrid and multi-cloud deployments as well as different container runtimes, orchestration platforms, and technology stacks, getting it right requires more than tooling. We must understand how our teams build software and consume telemetry gleaned through operations. Securing the pipeline from developer tools to production infrastructure requires a continuous approach to security, by shifting left and shifting right too.
Abstract
As more organizations have strengthened their cyber risk management, adversaries have shifted focus to third party ecosystems that historically have weaker defenses. To better manage these challenges, Delta Dental of California has built an adaptable third party risk assurance capability. It uses an innovative approach that tailors rigor and frequency of testing based on the impact and nature of each business relationship. It also incorporates threat intelligence to efficiently allocate valuable talent. Join us to learn how to apply these principles within your organization.
Artificial Intelligence (AI) and Machine Learning (ML) have become the buzz words for Cyber Security. Everyone is talking about them, as if they are magic black boxes. In this talk, we are going to white-box ML to some extent to understand what is possible with the current generalization of technology in particular for the cyber security field. Furthermore, we will dive into one important example, how we can use Graph ML to better “connecting the dots” and to link multiple individual suspicious activities to understand the big picture of attacks.