– James McQuiggan

Organizations are barraged constantly with phishing campaign attacks, and one organization suffers a breach every fourteen seconds. According to the 2021 Verizon data breach report, over 85% of data breaches are due to human error. It is worth noting how criminals get into an organization’s systems and infrastructure. It comes down to phishing attacks or misconfigured and unpatched systems. One solution is utilizing a robust security awareness and training program. However, how many employees take it, retain it, or use it? If the program is useful, why do breaches continue to occur? Organizations have training programs. Employees complete it and move on. Unfortunately, most of the time, they don’t remember it. Thus, the next evolution of security awareness needs to be an influential security culture. Within the security, culture is a security mindset for every employee and can significantly reduce the risk of a data breach through employees.

– Jennifer Urban and Kimberly A. Klinsport

Urban and Klinsport will discuss new data breach notification timelines and requirements, legal aspects of successfully handling ransomware and related payments, emerging enforcement actions, and case law your organization needs to know.

– Joe Luna and Raffi Erganian

With a new zero-day in hand, how long does it take to find fresh targets across the global internet? With basic cloud services, a few hours, and about $20.

In this presentation we’ll walk through the drivers, challenges, and results gathered from performing distributed port scans across the entire addressable IPv4 space, basically the public internet. We’ll cover global trends that were observed and the implication of the research.

– Moderator: Carol Alexis Chen; Louis Bladel, Ross Delston

Monitoring and investigating insider fraud;

How Covid has changed the insider threat equation; and

Money laundering and other financial crime in and around the pandemic: why even non-financial firms should be alert to risk, red flags and compliance challenges.

– Moderator: Marci McCarthy; Panelists: Trina Ford, and Kate Mullin

Developing a robust, talented, homegrown workforce, particularly in the fields of STEM is a success factor for an innovation economy and is critical to America’s national security. Since the 1980s STEM proficiency has been declining in America, threatening our Nation’s continued technology leadership. We have witnessed developing and established countries around the world making great investments in STEM for their future. These investments are providing an innovation highway to develop emerging technology like cyber security. Creating competitiveness with enterprise experience to thwart an aggressive attack landscape, the U.S. can’t afford to fall behind on our investment in STEM. Join us for an engaging discussion learning how opportunities can be particularly successful in inspiring students who traditionally have been underrepresented in STEM fields, including girls, students of color, and students from disadvantaged backgrounds. We also will explore how job creators can increase the cyber workforce pipeline by widening the talent pool and empowering professionals to expand their skillsets, putting the country’s innovation process in the right direction.

– Fireside Chat Richard Greenberg with Stevan Bernard

Come join us as we have a fireside chat with Stevan Bernard, former EVP of Global Protection Services at Sony Pictures.

– Mike Wylie

Threat Hunting, how do you know if you’re doing it right? How do you define a successful threat hunting program? Where do you start? There are a lot of questions and preconceived notions about how threat hunting should work. Many organizations make the same mistakes without achieving their cybersecurity goals. This talk is summation of my threat hunting journey with the intent of inspiring others by sharing what has and has not worked for me and the organizations I help. By the end of the talk, attendees will walk away with a better understanding of threat hunting and actionable next steps to get an ROI.

– Kris Rides

The last few years have caused significant changes in not only where we work but also how we work. Candidates have re-prioritized their lives post-pandemic, which has significantly affected retention and how you should hire. This talk will focus on how those changes affect you, what you should be doing both as a company and as a hiring manager to keep you competitive and what changes a recession will or has already made.

Learning Objectives

• Understand changes post-pandemic
• What, as a hiring manager, you can do
• What your company should be doing
• How a recession could affect this

– Moderator: Marc Beaart; Michael Sohn, Eddy Wang, Marc Coopwood

Gain insights into current trends in cyber-crime from our friends at the Federal Bureau of Investigation (FBI), US Secret Service, US Department of Homeland Security (DHS), and LA County District Attorney’s Office. Listen to real-world examples and current issues in investigations.

Take a hands-on approach to learning about cyber security! This CMD+CTRL Shadow Bank Cyber Range session will train participants of all skill levels about common web exploits and techniques. Learn how to improve your practical cybersecurity skills and knowledge remotely! Security Innovation invites ISSA members to crack passwords, steal money and manipulate databases in CMD+CTRL Shadow Bank. Throughout the event, proctors will provide guidance, hints and tutorials in an intentionally vulnerable website while teaching players to think like an attacker! Participants will learn a variety of concepts and practical skills while having fun exploiting their way through dozens of vulnerabilities. No prior cybersecurity experience is necessary to learn and participate in this event. Participation for all skill levels is easy – join the webinar, fire up a web browser on your computer (no tablets) and get ready to hack! The latest version of Chrome is recommended for the best experience, but the latest version of any major browser will work. Prerequisite knowledge: An interest in cyber security and a desire to learn more. A security testing background is not required and most information provided by the proctor will focus on new learners. Advanced participants will find the free play and dozens of challenges engaging and fun.

– David Spark interviews Steve Tran and Matt Crouse

ISSA-LA will be hosting David Spark, producer of CISO Series, who has been referred to as “a DJ at a CISO rave.” Could the next ISSA event be rave-tastic?! Come and find out as Spark invites two local CISOs (to be announced) to participate in a really fun show where we’ll tackle tough cyber leadership issues, play games like “What’s Worse?!” and close with an audience question speed round

– Moderator: Richard Greenberg; Sascha Schleumer, Rosalia Hajek, Stephen Alford

Come hear a fascinating discussion with a panel of CISOs and hear some of the important issues they are grappling with. What are they doing about third-party risk? Hear about the programs they are building to deal with this problematic relationship that has proven to be an entry point for so many breaches. Learn what they are doing to help ensure they are prepared for a breach. There will be time for you to ask them questions. Don’t miss this enlightening and engaging session.

– Valerie Thomas

You won’t find these attack signatures in any IDS. Firewall rules are useless against me. Social engineers use persuasion, deception, and influence to bypass technical controls by exploiting the human behind them. As a security consultant I’ve utilized social engineering in penetration tests for years. Join me and learn how I’m owning your networks and obtaining your sensitive data.

– Isaac Roybal

Organizations need a new integrated approach to protecting digital assets that cover documents flowing within and outside enterprise boundaries. While information remains exposed to security risks from employees inside your organization, the magnitude of the risk exposure increases dramatically when confidential information travels to third parties.  With the understanding that the perimeter of the organization is disappearing, Seclore looks forward to discussing why leading organization choose Seclore to protect their digital assets, regardless of where the sensitive data may travel.