Cybsecurity Training

In 2023, will we see continued advances in cybersecurity training? Humans didn’t evolve to spot dangers in the digital world. The school system doesn’t teach them defense against the dark arts of cyber-attack. It’s on us. Human risk is an organizational problem. Equipping our people with the skills to stay safe from phishing attacks is our responsibility. Automation, adaptive learning, and artificial intelligence/machine learning can help deliver personalized training at scale. Why is that important? Because people need to participate frequently with relevant training that stays at the edge of their skill level in order to improve and stay engaged. A long, dry video followed by a punishment-based phishing simulation has been proven not to work. Fixating on failure leads to failure. Rewarding people as they acquire skills in a dynamic learning environment confers measurable improvement. This approach broadly describes gamification, whose demonstrated success is grounded in established principles of behavioral science and business and will be key to protecting organizations of all sizes in the year ahead.

• Moderator: Christophe Foulon, Information Security Office & Technology Risk, Sr Manager at Capital One
• Panelist: Randy Muyargas, Director, Information Security, Systems and Technology at Cordoba Corporation
• Panelist: Michael Nichols, VP, Commercial at Color
• Panelist: Bob Fabien Zinga, CO at USNR
• Panelist: Harry Belt, Director, Information Security – Risk Management at Germantown Technologies

The Demand for Cyber Insurance is Going to Increase, But it’s Going to Become Harder to Get

Cybersecurity awareness has its benefits and drawbacks…one of those drawbacks is higher premiums for cyber insurance. In Q1 2022 alone, premiums for cyber insurance rose nearly 28% compared with Q4 2021. This is largely due to heightened awareness of the financial and repetitional risks of cyber incidents such as ransomware attacks, data breaches, vulnerability exploitation and more. At the same time, underwriters are also making requirements for obtaining cyber insurance much more strict, requiring things like two-factor authentication and the adoption of specific technologies like EDR, XDR and more. In fact, these documents used to be two-page questionnaires…now they’re full audits and 12+ pages long. Be prepared for increasing cyber insurance premiums and stricter requirements to obtain insurance. Join us, as we discuss what can we expect from cyber insurance in 2023 and beyond.

• Moderator: Edwin Covert, Head of CyberRisk Engineering at Bowhead Specialty
• Panelist: Ben Rothke, Senior Information Security Manager at Tapad
• Panelist: Chris Alejandro, Head of Compliance at Apriva
• Panelist: Lee Bailey, Sr Director, Information Security at Unilever Prestige
• Panelist: Esteban Guzman, Senior Systems Administrator at Servicon

How to Address the Weakest Link in Cybersecurity – People

Cyber crime statistics estimated the global cost of $6 trillion in 2021. Cyber criminals continue to evolve their attacks faster than security professionals can adapt. But is the weakness with the technology in place to combat malicious actors or is it the people in the organization who continue to fall prey to the common tactics such as phishing? Every business owner, executive, and board member is now hypersensitive to the impact from cyber crime but continue to focus on tools and technology.

Many organizations invest in cyber awareness programs to educate their employees and contractors and now are mandatory in many industries today but the number of breaches continues to increase. Therefore, the approach to improving the cybersecurity defenses must elevate to re-engineering the “DNA” of all resources – inside and out – to think cyber smart.

This panel will discuss ideas to help materially change the conversation about cyber awareness so anyone in contact with a business is cyber vigilant.

• Sponsor: Regents & Park, Inc
• Moderator: Jason James, Partner & vCISO at Regents & Park, Inc Jay Schneider, Senior Information Technology Security Officer at Vantage Systems, Inc.
• Panelist: Fidel Hernandez, IT Security Governance Risk and Compliance at Hyundai AutoEver America
• Panelist: Ben Rothke, Senior Information Security Manager at Tapad
• Panelist: Eric Herzog, Chief Marketing Officer at Infinidat
• Panelist: Robert Kirtley, Director of Cyber

Building a Security-Aware Culture in 2023 and Beyond

Perhaps the most important step that can be taken at any organization is to ensure that it is working towards initiating and fostering a culture of awareness around cybersecurity issues. Today, it’s no longer good enough for employers or employees to simply think of cybersecurity as an issue for the IT department to take care of. In fact, developing an awareness of the threats and taking basic precautions to ensure safety should be a fundamental part of everyone’s job description in 2023! Phishing attacks rely on “social engineering” methods to trick users into divulging valuable information or installing malware on their devices. No one needs technical skills to learn to become aware of these types of attacks and to take basic precautions to avoid falling victim. Likewise, basic security skills like the safe use of passwords and developing an understanding of two-factor authentication (2FA) should be taught across the board and continually updated. Taking basic precautions like this to foster a culture of cybersecurity-awareness should be a core element of business strategy at organizations that want to ensure they build resilience and preparedness over the coming 12 months.

• Sponsor: Hoxhunt
• Moderator: Christophe Foulon, Information Security Office & Technology Risk, Sr Manager at Capital One
• Panelist: Randy Muyargas, Director, Information Security, Systems and Technology at Cordoba Corporation
• Panelist: Lee Bailey, Sr Director, Information Security at Unilever Prestige
  Panelist: Fidel Hernandez, IT Security Governance Risk and Compliance at Hyundai AutoEver America

Escalating Cyber Risk From the IT Department to the Boardroom

Despite today’s frequent headlines regarding companies falling victim to cyberattacks or suffering data breaches, cyber risk is still a relatively new threat – is it? While companies may have an idea about the potential effects on reputation and impact on the overall business, many are yet to experience one first-hand, or at least not on a high-profile scale. That means there’s still unfamiliarity around how exactly to manage the risk. Many companies are changing their approach, in some cases, cybersecurity is still departmentalized and seen as the remit of the IT team.

How do you incorporate a cybersecurity strategy into the company’s overall governance, risk, and compliance structure? What’s the best approach?

• Sponsor: Enclave Security
• Moderator: Kelli Tarala, Founder, Owner and Principal Consultant at Enclave Security
• Panelist: Christopher Ghazarian, General Counsel at DreamHost
• Panelist: Christian Lees, CTO at Resecurity
• Panelist: Junaid Aasi, Senior Technical Security Risk Engineer at UCLA Health
• Panelist: David L. Chavez, ITS Product Manager at Intact Insurance Specialty Solutions
• Panelist: Brad Taylor, CEO and Co-Founder at Proficio

2023 Will Be a Tumultuous Year as Competing Privacy Regulations Are Passed at the State and Local Level

Information privacy will continue to grow in visibility and execution, but the charge will be led by various regional regulations that don’t always align with each other. Chief Privacy Officers will play an even greater advisory role to the enterprise as they are asked to help navigate often-competing privacy rules to enable the organization to operate as close to historical norms as possible. Wise organizations won’t pull any punches when it comes to protecting the bottom line, so Chief Privacy Officers should expect to be brought into the overall conversation. Join us, as we discuss how Chief Privacy Officers should collaborate with colleagues in legal, compliance and IT to address risks, recommend solutions and ensure compliance with regulations.

• Moderator: Michael Gregson, Business Analyst, Data Privacy at Waste Management
• Panelist: Harry Belt, Director, Information Security – Risk Management at Germantown Technologies
• Panelist: Joshua Soto
• Panelist: Rashmi V, Founder & CEO at ITASC Solutions LLC

Data Visibility, Compliance and Information Governance

In 2023, CISOs will prioritize adopting solutions that provide visibility into the data their organization holds, where it lives, and the risks imposed by that data. This visibility is critical for security leaders as they build programs to meet compliance requirements in a highly regulated world, and secure data in an increasingly challenging threat landscape. One of the first laws in cybersecurity is that you need to know your assets. Simply put, you can’t protect what you don’t know. Join us, as we discuss the value of data classification and information governance.

• Moderator: Kirk Hanson
• Panelist: Paul Starrett, Founder at PrivacyLabs
• Panelist: Tony Zirnoon, Head of Business Development and Partnerships at WaveStrong, Inc.
• Panelist: Taylor Falls Olson
• Panelist: Katey Wood, Principal Product Marketer, Privacy and Compliance at Amazon Web Services (AWS)
• Panelist: Greg Silberman