CISO Forum has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Presentation [clear filter]
Wednesday, September 23

11:30am EDT

Prioritize Vulnerability Remediation and Mitigation Efforts Based on Network Insights & Business Context
Gartner predicts that by 2022, approximately 30% of enterprises will adopt a risk-based approach to vulnerability management. One of the greatest challenges cybersecurity and IT professionals face is the proliferation of security vulnerabilities, and the ability to prioritize their mitigation and remediation efforts. By combining vulnerability measures (CVSS and severity) with insights into how these vulnerabilities may be accessed and exploited via the network, you’ll have the context to identify and address vulnerabilities that pose the greatest threat to critical business assets.

Please join us for an informative session, hosted by Erez Tadmor, Director, Product Management at Tufin, to learn how you can:
  • Prioritize vulnerability remediation efforts based on exposure of critical assets as well as severity of vulnerabilities
  • Easily assess overall risk to critical assets resulting from vulnerabilities that are both accessible and exploitable
  • Automate risk mitigation by blocking access to the critical asset until remediation efforts can be fully implemented 
  • Monitor and measure risk exposure over time via a comprehensive dashboard that highlights overall vulnerability exposure network-wide and the impact of mitigation and remediation efforts

avatar for Erez Tadmor

Erez Tadmor

Director, Product Management, Tufin

Wednesday September 23, 2020 11:30am - 12:00pm EDT

11:30am EDT

Zero Trust for Humans
How user experience is crucial for a successful Zero Trust journey

avatar for Sean Frazier

Sean Frazier

Advisory CISO - Federal, Duo Security

Wednesday September 23, 2020 11:30am - 12:00pm EDT

12:00pm EDT

What CISOs Need to Know About Risk-Based Cybersecurity
As a security professional or executive, you can increase your security team’s value by focusing on risk over threats — even if you currently struggle to relate your role to your organization’s bottom line, or feel like you’re drowning in data that lacks context.
Join Stu Solomon, chief operating officer, Recorded Future for a live discussion on how to shift your organization toward risk-based cybersecurity. 
Attendees will walk away with:
  • An understanding of how security intelligence helps teams make better decisions based on contextual data and metrics
  • Methods for how to create a persistent information advantage for better security - with a focus on being profitable
  • A comprehensive framework that emphasizes risk over threats and learn how to create 

avatar for Stu Solomon

Stu Solomon

Chief Operating Officer, Recorded Future
Stu Solomon is Chief Operating Officer at Recorded Future, where he is responsible for leading all client facing activities globally including the intelligence research, analysis and delivery functions for Recorded Future.

Wednesday September 23, 2020 12:00pm - 12:45pm EDT
Main Stage

1:00pm EDT

Keynote: Make Security Cool From the Classroom to the Boardroom
NASA didn’t market the complexities and PhDs required to get to space, they just showed off something really cool: a person flying. 
We are in pivotal times. Pivotal in terms of technology innovations like the cloud and APIs driving global economic growth and opportunity. Disastrous in terms of them leaving without us, growing the security landscape, and not taking any of our best practice controls with them. 
In this keynote, we are going to level set on the facts of our threat landscape, how breaches occur, and put them in context to help prioritize risk. And then we are going to pivot risk treatment into business and personal impact stories hoping to land our zero-gravity moment.

avatar for Mary Gardner

Mary Gardner

Mary Gardner is Chief Information Security Officer (CISO) at F5. In this role, she is responsible for F5’s corporate-wide information security management efforts, along with strategic planning, governance, and controls. This includes identifying, evaluating, and reporting on F5’s... Read More →

Wednesday September 23, 2020 1:00pm - 1:45pm EDT
Main Stage

1:45pm EDT

The New Endpoint Challenge - Cracks in the Foundation
Cyber adversaries are not “sophisticated”, rather they are pragmatic. They have mastered the art of staying one step ahead of our controls. The endpoint, still the nexus of the cyber challenge, has become difficult for adversaries to maintain persistence on, due to advances in AI/ML, EDR, and Threat Intelligence. The battlefield is defined by the "time advantage" that either side has over the other. Hence, both APTs and criminal ransomware groups have adapted by going “further down the stack”, and they have arrived at firmware, hardware, and driver level TTPs (Tactics, Techniques, Procedures) that now plague enterprises across myriad threat scenarios ranging from supply chain, to malware, to insiders, IOT, and more. There is a dire lack of visibility here, and attackers are enjoying the omnipotence and indefinite persistence that platform-layer TTP’s provide.

This talk will challenge fundamental assumptions we make about cyber risk, by exposing platform security for what it is: the very foundation of trust, integrity, confidentiality and availability upon which the rest of the computing and cyber stack are built. We say we want a Zero Trust strategy, yet we haven’t protected the foundation itself that attackers are targeting. Welcome to platform security, hold on tight.

avatar for Scott Scheferman

Scott Scheferman

Principal Cyber Strategist, Eclypsium
Mr. Scheferman is a mission-driven 20+ year cyber security industry veteran with a strong reputation for effective leadership, exceptional public speaking, candid thought leadership, and the proven ability to shape and shift industry outlook. Mr. Scheferman keeps a hyper-current beat... Read More →

Wednesday September 23, 2020 1:45pm - 2:15pm EDT
Solutions Theater

1:45pm EDT

Why Asset Management Matters for Cybersecurity
Asset management doesn’t have the hype as some of the other topics in cybersecurity, but it’s a foundational challenge that’s only getting worse. In this session we’ll show why teams still struggle to get a straight answer about assets in 2020, a simple approach, and how Axonius customers are able to get a comprehensive asset inventory, uncover security gaps, and automatically validate and enforce security policies.


Wednesday September 23, 2020 1:45pm - 2:15pm EDT
Solutions Theater
Thursday, September 24

11:30am EDT

App Security to Defend Your Business Against Fraud and Abuse
Web and mobile apps now represent the single most lucrative set of targets for cybercriminals – which means that application security has never been more important. Together, our combined F5 and Shape Security solutions deliver a comprehensive application security stack that marries best-in-class defenses with the simplicity and ease of a single vendor. 
Attend this session to learn how F5 and Shape Security can help you achieve: 
  • Reduction in fraud and abuse losses
  • Measurable cost savings for hosting and bandwidth costs 
  • Detection and mitigation from vulnerability exploits to denial-of-service attacks 
  • Better application performance and uptime 

avatar for Shehzad Shahbuddin

Shehzad Shahbuddin

Solutions Engineer, Shape Security at F5

Thursday September 24, 2020 11:30am - 12:00pm EDT
Solutions Theater

12:45pm EDT

Creating and Distributing Strategic Intelligence for CISOs
Cyber risk is a top of mind concern for those at the executive level however, it remains a challenge to oversee largely due to the gap between the technical and business sides of an organization. There is a way to bridge this divide, making the information relevant and understood by both parties. Anomali, Senior Sales Engineer, Thomas Graves,  will demonstrate several use cases to show how Anomali gathers and associates intelligence on threat actors, malware, campaigns, vulnerabilities, and tactics, techniques and procedures (TTPs) to support strategic intelligence reporting for CISOs. Strategic intelligence reports support senior leadership's ability to understand how adversary TTPs align with the organization's defensive controls,  highlighting gaps in the defensive posture. These use cases show you how to stay ahead of the bad guys, join the discussion.

avatar for Thomas Graves

Thomas Graves

Senior Sales Engineer, Anomali
Thomas Graves is a Senior Solutions Engineer at Anomali. He has more than a decade of experience in computer network defense, security operations, and cyber intelligence analysis. As a cyber solutions professional, he is primarily focused on helping clients harness threat intelligence... Read More →

Thursday September 24, 2020 12:45pm - 1:15pm EDT
Main Stage

12:45pm EDT

Measuring and Mitigating the Risk of Lateral Movement
The ability to remotely execute code is often the cornerstone of an attack, but bad actors also attempt to reduce their footprint by abusing legitimate credentials combined with network, application and operating system functionality, and new cloud capabilities to remotely access systems and find high risk data. Patrick Pushor, Technical Evangelist at Orca Security, will explore modern lateral movement threats, mitigation strategies, and examine new vectors with the shift to the cloud while sharing key findings from Orca's 2020 State of Public Cloud Security Report.


Patrick Pushor

Technical Evangelist, Orca Security

Thursday September 24, 2020 12:45pm - 1:15pm EDT
Main Stage

1:30pm EDT

The Ever-Evolving Trendlines in Cloud Native Security 2020
Recently, Palo Alto Networks set out to better understand the practices, tools and technologies innovative companies are using to overcome the challenges of cloud native architecture, along with methodologies to fully realize the rewards of moving to the cloud. 

Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, Palo Alto Networks came away with an understanding of current and future investment levels in cloud and cloud native security tooling and level of preparedness in using hybrid- and multi-cloud infrastructure.
Join Palo Alto Network’s Head of Product Marketing, Prisma Cloud Keith Mokris and CSO Public Cloud, Matt Chiodi to unpack the findings on:

avatar for Matt Chiodi

Matt Chiodi

CSO, Public Cloud, Palo Alto Networks
Matt has spent the last eight years of his career focused exclusively on public cloud security working for some of the most well-respected companies in the Fortune 500. Prior to joining Palo Alto Networks by way of the RedLock acquisition, Matt was the Global Head of Cloud Security... Read More →
avatar for Keith Mokris

Keith Mokris

Head of Product Marketing - Prisma Cloud, Palo Alto Networks
Keith Mokris leads product marketing for Prisma Cloud at Palo Alto Networks where he is focused on helping enterprises secure their cloud native applications. Previously, he led product marketing at Twistlock and NowSecure, a mobile application security testing startup. In his free... Read More →

Thursday September 24, 2020 1:30pm - 2:15pm EDT
Main Stage

3:00pm EDT

Scale Efficiency Gains Through a Security Organization
Security teams are bombarded by noise daily – false positives, alerts without enough context, and incomplete data. Recorded Future's natural-language processing and machine-learning powered platform builds quantitative risk around IOCs based on the threat landscape.

During this presentation, Recorded Future will showcase how to consolidate data from 1M+ sources into relevant "intelligence cards" that analysts can use to make judgements during their day-to-day workflows, specifically around vulnerability management. Tune in for this live session to learn how all of this data can be programmatically extracted into SIEM tools, such as Splunk ES, to scale efficiency gains throughout a security organization.


Maulik Limbachiya

Recorded Future, Solutions Engineer - Global Accounts

Thursday September 24, 2020 3:00pm - 3:30pm EDT
Main Stage
  • Timezone
  • Filter By Date CISO Forum Sep 23 -24, 2020
  • Filter By Venue SecurityWeek Virtual Conference Center
  • Filter By Type
  • Break
  • Login
  • Panel
  • Presentation