It is no surprise that there is a shortage of cybersecurity professionals, and year upon year, these careers continue to be some of the most in-demand jobs in the corporate, healthcare, financial, education, and government sectors. While the term cybersecurity is broad in scope, there are many in-demand roles specifically in digital forensics and investigations. Digital forensics is a small subset of cybersecurity which is further broken up i...

The movement towards multi-cloud has been growing momentum with no end in sight. Over 50% of the respondents to the SANS 2022 Multi-cloud Survey not only use all of the Big 3 Cloud Providers (AWS, Azure, and Google Cloud), but they also use all of the next three most popular CSPs (Alibaba Cloud, Oracle Cloud, and IBM Cloud). Organizations look to so-called “cloud-agnostic” technologies to manage this complexity. One such technology...

This is a 2 hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (AWS Edition)“, we will work through the process of creating a detection that we can use...

Running a SOC is a complex combination of data sources, processes, and teamwork, and it's easy to get lost in the details. In this keynote we'll step back to think big picture about what a SOC truly needs to deliver and present some simple mental models that cyber security analysts and managers can use to abstract away complexity and gain clarity on their true priorities. We'll discuss SOC goals, workflow, how to gather those important but "ha...

Cybersecurity remains a critical aspect of every organization's operations. In many companies, cybersecurity is their top risk. As cyberattacks become more sophisticated and frequent, organizations need to develop a culture of cybersecurity to protect their assets and reputation. In this webinar, we will explore how to build a culture of cybersecurity within your organization in 4 discrete steps. Drawing from the article "How to Build a Cultur...

InfoSec program management is too inefficient to support the real-time needs of CISOs as they address the growing complexity of internal and external risks. The status quo - which often relies on antiquated tools, siloed processes, and over-investment in third parties - must yield to a more flexible, scalable, cost-effective approach. In this session, we'll introduce a new approach to enterprise-wide program development and automation that can...

Not sure how to make the leap from engineer to manager? Questioning whether or not you really want a leadership position? Unclear if you really have what it takes to be a CISO? Come hear real world case studies and learn tips and tools to help you on your path and take the next step in your career. Tools and topics covered will include: Learning what type of leader you want to be with the Boss-Leader-Manager Matrix How to scale yourself using...

Content delivery networks provide a valuable service and make the Internet a better place. Without them, streaming services would overwhelm entire networks. Mobile and single-paged web applications would take forever to load. But, what about sensitive data? Do we have to avoid caching sensitive data at all costs or are there ways we can secure it? Join me to learn more about origin protection and signature enforcement with custom policy in Ama...

The Industrial control system (ICS) / operational technology (OT) security environments require different security skills, technologies, and methods to manage the different risks, as they have mission and risk surfaces that set ICS/OT apart from traditional IT enterprise networks. ICS/OT networks are also seeing different attacks beyond traditional intrusions commonly seen in enterprise networks. Adversaries in critical infrastructure networks...

The number of organizations banning applications due to surveillance and spyware concerns on employee devices continues to grow In 2020, the average smartphone user had 40 apps installed on their mobile phone (source). And Zimperium’s zLab Research team found last year (2022) that 23% of all Android samples and 24% of the iOS apps in the public record are malicious, meaning mobile apps represent a major attack surface. Mobile threat defe...