Just how effective or mature is your security program? Given the multitude of assessment, rating, and cybersecurity frameworks, it can be challenging to determine security operations readiness and resilience through a single measurement or framework. Is effectiveness based on defending against an attack or the ability to mitigate attacks in the first place? Should compliance drive our security strategy, or should our security strategy enable c...

In July 2023, SANS partnered with Carahsoft for the 2023 Government Security Solutions Forum, where cybersecurity preparedness went back to basics. In this webcast, SANS Certified Instructor Matt Bromiley will review the top trends that emerged during the forum. Matt also uncovers how organizations can prepare for the National Cybersecurity Strategy Implementation Plan, or NCSIP, released by the White House in March 2023. His focus on preparat...

The evolution of hybrid cloud environments demands innovative solutions to unify on-premise and cloud-based resources seamlessly. This talk, titled "Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes," illuminates the integration challenges and visibility capabilities provided by Entra ID for reconciling identity and access management in hybrid cloud landscapes. Learning Objectives: To enlighten the audience on the import...

As we head into the last quarter of 2023, three major mandate changes are occurring, each positioned to make a large impact on how businesses, governmental bodies, and critical sector organizations operate. The goal of the SANS Cyber Compliance Countdown is to focus on what you need to know in these complicated and broad requirements and to offer solutions on how to meet these directives. Below is a quick overview of the changes and this forum...

The Cloud is enabling businesses to quickly adopt and use technology in ways that we've never imagined before. Security teams need to find ways to keep up; automation is the solution. By using Policy as Code tools we can define and enforce security guardrails. This allows developers and cloud engineers to continue shipping features while bringing the confidence to everybody that security requirements are being met. Learning Objectives: Examine...

Mobile devices are regularly used for personal and professional reasons, and people rarely put a company’s cybersecurity ahead of their personal needs. This dual-usage introduces organizations to a wide range of threats, many of which originate from mobile apps on personal devices. And if sideloaded apps continue to grow in popularity as expected, the number of mobile risks and threats will accelerate. Join cybersecurity experts from Zim...

We are lucky in Infosec. It may not be an easy field to get into, but once in infosec there is plenty of work available and many work models. Most start out as a full time employee. You have a job and work for one organization. You can also be a contractor. Most contractors have one contract with one client at a time, and the terms of remuneration are different than a full time employee and generally one has more freedom. You can also be an in...

Identity governance and administration (IGA) — ensuring that the right people have the right access at the right time — has emerged as a business-critical security concern for enterprises worldwide. IGA plays a key role in reducing the risk of identity-based security failures, which the Identity Defined Security Alliance (IDSA) reports impacted 90% of enterprises in 2022. But a broad range of factors, including complex IT and busin...

Today, most security professionals are actively architecting and implementing cloud security controls across SaaS, PaaS, and IaaS environments. We’ve learned that what once worked on-premises may not work quite the same in the cloud, and a wide range of new and innovative security platforms and services have emerged and evolved in recent years to address critical cloud security use cases and categories, including: Cloud security monitori...

Going from responding to incidents to actively hunting threats is a stance shift that requires maturity in your cybersecurity journey. It also requires having access to the right threat intelligence, the right visibility across your environment, as well as the right tools to do the job. Advances in data science and artificial intelligence can help organizations bridge the maturity gap, but we shouldn’t forget that it’s ultimately a...