In the field of cybersecurity, we are failing to acknowledge that we have a big problem. Our job titles and job descriptions have the word security in it even though security isn’t our job. I have never met a security professional who claims that their organization will never be breached. Yet, we call ourselves security? When a breach does occur, it reflects poorly on us. Did it mean we did our jobs poorly that day? Let’s have the...

The number of cloud security breaches in the headlines have been staggering lately. It seems like a week cannot go by without a massive amount of sensitive data being leaked from either AWS, Azure, or Google Cloud. One example that would be funny if it were not so sad is the September 2023 incident where the Microsoft AI team leaked 38TB of sensitive data, including employee workstation backups and 30,000 internal Teams messages, due to a misc...

Achilles Systems, a fictitious IT service provider to human resources teams in medium and large businesses, has fallen victim to an attack in which sensitive customer data and, potentially, customer networks, have been compromised. Achilles has a small security team who has historically focused on basic controls and compliance. However, it seems clear this attack was the work of a sophisticated adversary capable of circumventing the controls i...

In the past year, cyber threats are once again top of mind for organizations of all types. The global geopolitical situation continues to become more unstable, leading to increased conflicts and hybrid threats. As a result, cyber threat intelligence (CTI) professionals face significant challenges in managing the evolving threat landscape and providing actionable intelligence to their stakeholders. On this webcast, SANS Certified Instructor Reb...

Step into the forefront of manufacturing resilience as we navigate today’s cybersecurity challenges. This dialogue with Matt Cowell, VP of Business Development at Dragos, and Mark Cristiano, Global Commercial Director – Cyber Security Services at Rockwell Automation, is dedicated to the shifting tides in cyber threats that manufacturers face, strategizing against the escalation of digital risks, and charting a progressive course of...

Hands-On Cyber Security Training in Miami Celebrating 35 Years of Cybersecurity Excellence Dive into an immersive cyber security training experience at SANS Miami 2024 (June 3-15, ET). Led by world-renowned instructors boasting extensive industry experience, SANS Miami 2024 offers live access to top experts in the field. SANS Miami 2024 is equipped with industry-leading hands-on labs, simulations, and exercises that you can immediately apply u...

Our applications and APIs are the gateways to our most sensitive and valuable data. As such, application and API security has become more and more essential to protecting our organizations. On this webcast, SANS certified instructor David Hazar will review the results of our 2024 AppSec/DevSecOps survey, and provide insight into: The best way to provide API security Investment trends in automated testing technologies Which tests are more impor...

Achilles Systems, a fictitious IT service provider to human resources teams in medium and large businesses, has fallen victim to an attack in which sensitive customer data and, potentially, customer networks, have been compromised. Achilles has a small security team who has historically focused on basic controls and compliance. However, it seems clear this attack was the work of a sophisticated adversary capable of circumventing the controls i...

As cloud security controls mature, it’s common to find that a wide variety of security controls and configuration capabilities are melding into a single platform or service fabric, in addition to the cloud provider infrastructure. Ranging from CNAPP to CSPM to CWPP and beyond, controls that cover the pipeline, workload security, cloud environment configuration, IaC templates, and runtime (and much more) are starting to evolve into a much...

Adversaries targeting critical infrastructure systems (power grids, water management systems, heavy manufacturing, oil and gas refineries and pipelines, etc.) have demonstrated detail technical knowledge of control system components, industrial protocols, and engineering operations. These skilled and brazen adversaries continue to launch a combination or Ransomware and targeted ICS tailored attacks against the safety and reliability of critica...