Los Angeles, CA

In today’s rapidly evolving business landscape, the expansion of our technical ecosystems pose both unprecedented opportunities and considerable challenges.

The proliferation of interconnected systems, emerging technologies, and the increasing interdependence among them have given rise to multifaceted system risks that organizations must navigate. These risks encompass cybersecurity threats, regulatory compliance (old and new), data privacy concerns, interoperability issues, and the potential for disruptive system failures.

Through collaborative insights and shared experiences, this discussion aims to equip the attendees with proven actionable strategies to include:

• Understanding the dynamic nature of these risks
• Aligning technological initiatives with overarching business objectives.
• Blending innovation with a comprehensive understanding of organizational goals and market demand
• Real world case studies highlighting successful alignment between business objectives and our InfoSec programs

Specialized threats targeting OT environments have been around since at least 2010, with the reports of Stuxnet. Recognizing the criticality of these devices, Threat Actors have continued evolving, continuing to target OT devices, many of which are inherently insecure-by-design. Research, such as Vedere Labs’ OT:ICEFALL research project and Project Basecamp by Digital Bond from 10 years ago showed how significant the scope of vulnerable devices are that are pervasive in critical infrastructure systems. Today’s SOC needs to not only see those devices and the risks they pose while also ensuring accurate detection of the threats uniquely targeting those OT environments they’re deployed in. This session will explore this unique threat landscape and the capabilities required to combat the threats and automatically mitigate the risks specially targeting Operational Technology environments.

The principles laid out by Sun Tzu in his Art of War have transcended time and directly apply to the realm of cybersecurity. Join us with your fellow CIOs as we explore Sun Tzu’s teachings and their impact on today’s digital battleground. Through examples and case studies, we delve into how his strategies inform our cybersecurity defense and offense tactics, equipping us with the knowledge to stay one step ahead of cyber adversaries. Prepare to be inspired and enlightened by the wisdom of a military strategist and its contemporary applications in the ever-evolving cyber landscape.

As more threats emerge and adversaries’ TTPs increasingly change, the ability to rapidly assess relevant coverage across the defensive stack becomes increasingly important.

As more threat reports & repositories now contain detections around recently observed indicators & behaviors (a positive trend), it’s tempting to think that deploying only those detections means successful implementation of “threat-informed defense”. However, our research suggests adversaries are evolving their tactics, techniques, & procedures with increasing frequency and in ways that specifically target parts of the attack surface that are especially challenging to defend.

Layering (and distributing) defensive capabilities against today’s threats is essential, but making a quick assessment of coverage – that is both deep and wide – for each new threat is near-impossible if using traditional approaches. This talk will review recommendations for speeding up coverage assessments through threat & defensive prioritization, using two real examples as walkthroughs.

What to know when talking to vendors about their implementation of Artificial Intelligence into their products.

The threat landscape is continuing to expand and diversify as organizations move to a multi-cloud environment. CISOs need to ensure that their DevSecOps capabilities are incorporated within their overall business strategy to guarantee that their cloud applications and code can remain secure.

Topics covered:
·      Understanding there is no one-size-fits-all model for DevSecOps
·      Best practices for integrating DevSecOps into your cloud security strategy
·      Exploring the intersection between development, security and DevSecOps