RSA Conference

The City of Baltimore’s recent ransomware incident not only caught government servers by surprise. It also jolted the industry as a stark reminder that cyberattacks can still occur where and when they’re least expected. Not the most comforting prospect—but are there constructive takeaways to be gleaned in the aftermath? Helping us uncover these silver linings are Duo Security’s Wendy Nather and LEO Cybersecurity’s Andrew Hay. Some of the topics to be covered in this podcast include: • How the Center for Internet Security’s Top 20 Critical Security Controls remains an effective guide for preventing cyberattacks—regardless of a company’s security budget • The importance of educating all employees on the need for good cyber hygiene habits • Taking a first-responder approach to dealing with a cyberattack, such as immediately bolstering IT staff Related links: https://www.colorado.gov/pacific/dhsem/atom/129636 https://www.cisecurity.org/controls/cis-controls-list/ https://sightlinesecurity.org/

It’s a key component of Microsoft’s new ElectionGuard. And as the world becomes increasingly hyperconnected, cryptography will be called upon to protect much more than our votes. In this podcast, Britta Glade talks to Microsoft Research’s Josh Benaloh and NIST’s Matthew Scholl about applied cryptography’s expanding role.

GDPR is not even a year old but in that short time, it’s dramatically changed how companies handle and are held accountable for the data they use. But beyond companies, the main purpose of GDPR was to protect and empower consumers. So, how well is it working? With the help of Bree Fowler, Technology Writer at Consumer Reports and John Elliott, Data Protection Specialist, this month’s RSAC Podcast focuses on how GDPR has impacted consumer expectations and their willingness to share personal information. During the episode, our experts will answer these questions and more: • When it comes to understanding a company’s privacy policies, what responsibility does the consumer assume? • Are there situations where consumers should push back and ask for more diligent privacy and data use regulations? • How much information is “appropriate” for companies to gather from their users?

Britta Glade and Hugh Thompson talk about their take on highlights from the week at RSA Conference 2019

As cybersecurity seeps deeper into so many areas of our lives, it’s more important than ever for technology creators and policy makers to work together for the benefit of society as a whole. That’s the backdrop for our new track at RSAC 2019, Bridging the Gap: Cybersecurity + Public Interest Tech, brought to you in partnership with Bruce Schneier and the Ford Foundation. In this podcast, Britta Glade talks to Bruce and the Ford Foundation’s Jenny Toomey as they discuss some of the topics that will be covered during the day-long track, including how cybersecurity and social progress are becoming increasingly intertwined—and how infosec professionals can contribute to positive change both individually and collectively.

Get a head start on Boot Camp with our CISO-focused February podcast episode. In it, RSAC CISO Boot Camp speakers, Dawn Cappelli, VP Global Security and CISO of Rockwell Automation, and Tim Callahan, SVP of Global Security and Chief Security Officer of Aflac Inc., will share their vision for RSAC CISO Boot Camp and preview topics that’ll be covered in March.

As it turns out, the weakest link in any cybersecurity solution is…us. More than ever, hackers are using a variety of social engineering scams designed to fool people into giving up personal information voluntarily. So how do you protect us from ourselves? Join hosts Britta Glade and Hugh Thompson and their guests Ira Winkler of Secure Mentem and Lance Hayden of Elligo Health Research for a wide-ranging discussion on what to do about the human problem, including establishing protocols, creating a Human Security Officer position and more.

Every year, RSA Conference receives hundreds of submissions from potential speakers. It’s the job of the RSAC Program Committee to examine every submission. Taken as a whole, these submissions form a fascinating view into the trends that will affect the industry in 2019 and beyond. In this podcast, you’ll hear from six Program Committee members as they discuss the trends they discovered that will be most relevant to you in the coming year.

In the 15 years since cybersecurity first received an October shout-out, technology has grown in leaps and bounds. But one thing that’s remained constant? The vital role that humans play in not only creating these advancements, but in driving their success and—often unknowingly—contributing to their limitations. In this episode, we talk with two awareness experts who share how best to secure our most important infosec asset: people. Some of the topics that we’ll cover include: •What are the core tenants of awareness training beyond phishing warnings? •What do you say to an IT team that believes it can code its way to complete safety? •How do you persuade employees to pay attention to cybersecurity—especially those who are working remotely from home networks?

What are some career tips for future cybersecurity professionals? Get the answers as Britta Glade talks with Founder and Managing Director, Ursus Security Consulting LLC, Kim Jones and Stanford University student Maggie Engler.

Britta Glade and Dr. Hugh Thompson delve into the latest cybersecurity technology developments with Microsoft’s Diana Kelley and Denim Group’s John Dickson. Topics to be covered include: •What is data gravity and how can it help analysts in the SOC/CDOC? •How can security strategies be adapted for DevOps application developments? •What are the advantages of using a layered machine learning (ML) model over a single ML? •Are humans in danger of being replaced by artificial intelligence?

Britta Glade and Hugh Thompson talk with State of Colorado CISO Deborah Blyth and Oracle CSO Mary Ann Davidson about the relationship between cybersecurity and the C-Suite—and the repercussions when the two go their separate ways.

Britta Glade and Hugh Thompson interview IBM Security’s Etay Maor and Symantec’s Dr. Saurabh Shintre about their upcoming artificial intelligence and blockchain seminars at RSAC 2018 Asia Pacific & Japan.

Tasked with creating a cybersecurity policy framework, the National Institute of Standards and Technology (NIST) had its work cut out for it—and then some. After all, it’s one thing to agree that organizations and the nation’s critical infrastructure need to be protected. And another to find common ground on how best to proceed. In this episode, we take a look at how the NIST Cybersecurity Framework was born, and where it’s headed once the recently drafted—and more user friendly—updates go into effect. Some of the topics we cover include: •To what degree are both the public and private sectors guided by the Cybersecurity Framework? •In what ways does the Cybersecurity Framework address various technologies such as IoT? •How does the Cybersecurity Framework weigh in on the challenges specific to vertical industries?

Cybersecurity has come a long way. But unfortunately, with every bit of progress the industry makes, threats and risks are never far behind. Especially now, in the midst of a turbulent political atmosphere, cyberattacks put everything from personal data to personal liberties at stake, leaving our government to address the biggest uncertainty of all: where do we go next? Joining hosts Britta Glade and Hugh Thompson, along with guests Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs, and Dmitri Alperovitch, co-founder and CTO of CrowdStrike, as they team up for our newest RSAC podcast episode. Topics covered will include: •What does today’s threat landscape look like and how can we address its many challenges? •Have there been changes in breakout time and speed of adversary activity within compromised networks and what does that mean for future security priorities? •How can infosec professionals engage Boards and other governing bodies in discussions of cybersecurity policy? •What challenges are unique to protecting critical infrastructure?