CISO Think Tank

When it comes to information security, many companies still focus on IT security and the technical protection of systems. Employees are often seen as the weakest link in a very complex chain, as 70% of all attacks today are aimed at people and only 30% at systems. However, this is a fallacy. Properly trained, employees can make an essential and valuable contribution to raising the overall level of security and are the most important building block of an all-encompassing security strategy. Therefore, all companies should focus on increasing the awareness of their employees. But how to build a successful awareness campaign that sensitizes employees to the topic of information security in the long term is presented in this session.

Over the last decade, the ability to understand and utilise existing, new and upcoming technologies has been a critical enterprise success factor. As a result, the need for capable and qualified leaders, whether front-line Analysts, mid-level Managers, or top level CXO’s is at an all-time high. However, the availability of personnel with the necessary skills is sinking to an all-time low. There simply is not enough expertise to go around, or is there? In this environment, senior leaders must express creativity in their pursuit of the people, performance, and passion necessary to address this capability shortfall.

Security control validation is a key component of compliance requirements for many organizations. But there are differing opinions about the best way to test controls, including when it should be done, how often, and what tools are most effective to support the process.

In this presentation, SafeBreach Regional Director Saul Williams makes the case for integrating continuous breach and attack simulation (BAS) as a practical approach for programmatic remediation. This presentation will explore:

• BAS fundamentals and objectives
• How to get the most benefit from your security controls
• How BAS can inform and enhance communications with key stakeholders

How can organisations stay ready to defend against cyber threats, so they don’t have to respond in a rush?

In a world of increasingly damaging cyber attacks, organisations need effective strategies to stay ahead of threats and drive a proactive security posture. But the nature of the threats can be hard to measure. How can you manage what you don’t know? How can you secure what you don’t manage?

Organisations need to ask key questions. What assets do we have? What is running on our IT estates? What goes in and out of our network? These are hard questions to answer. But to keep safe, visibility is key. We need to know what we look like to an attacker if we are to defend ourselves. Only with this knowledge can we maintain readiness to respond to new and unexpected dangers.

Securing your organisation no longer comes down to acquiring the right tools and building the best policies. Additionally, managing the flood of noisy, high volume security data means the difference between detecting a breach and missing a critical alert. Join this session to learn how data pipelines put choice and control over data back into the hands of security teams, helping get the right data, in the right formats, to the right places, all while reducing your SOC TCO

A zero trust approach to security has been steadily gaining steam for the last several years. The importance of this approach reached a new level with the May 2021 White House executive order requiring federal agencies to shift to this architecture by fall 2024.

Ransomware continues to grow and clearly as remote work became the new norm, and e-commerce increased. Leaders need to establish a mature level of cyber resilience to better handle ransomware and other potential data breaches. Luckily, zero trust can play a critical part in that strategy as more and more businesses are realizing that to build customer trust they must establish zero tolerance for trust in their security strategy. Will Zero Tolerance for Trust redefine the state of security as government and private industry scrutinize their trusted relationships more, and re-evaluate the ‘who, what, why’ in 2023 more than any other year?

Bridging the gap between business and technology is not easy and requires discipline and balance between technology, people, and the business. For so many organizations today, technology is the business. Technology needs to be understood as a critical enabler in every part of the organization from the front line to the back office. It creates new value by crunching data to deliver new insights, it spurs innovation, and it disrupts traditional business models.

For business and technology leaders alike, new actions and behavioral changes can help their organizations make this shift. CIOs must take responsibility for problems, they should convey that when technology fails, many people typically share responsibility.

The biggest fear for CISOs is often human error, typified by a distracted user that falls for a well-crafted social engineering email. Secure email gateways fail to catch business email compromises and security analysts struggle to keep up with the flood of user-reported suspicious emails. How can we truly create a culture of security while also making the best use of a cybersecurity leader’s most precious resource – people?

How do we come together, as a group of professionals, to create and foster an inclusive tech world where all women have a role to play? We know that a major part of this is attracting and retaining talent at every level but how exactly do we do that and where can we use technology to help? Our panelists will discuss how their companies are creating more inclusive environments, the use AI tools to help uncover hidden biases, what flexibility looks like for all team members and how they are advancing women earlier and signing them up for long term success.