Is it really over when you are hacked? Or is it only over when our adversary has secured their impact and actions on objective? Perimeters are bound to be broken, but our game-over" scenarios should still be defended. We need to not only protect our inside, but carefully define what exactly are we defending? What has the highest impact on our organization, and from there on carefully architect our defenses to ensure we can always survive, even...

The idea of DevOps, the term the industry had initially decided on for the work between the Application and Operations teams, was coined 15 years ago. To give perspective, the iPhone 3GS came out that year. If we think of what we had to work with in 2009, we now know in hindsight that we have better options, solutions, software, and patterns. We have an iPhone 15; we no longer have BlackBerry OS or Nokia. Windows 8.1? I hope not. Here are a fe...

Come and learn from ENISA, the European Union's Agency for Cybersecurity), about the NIS2, the EU's cybersecurity legislation, which will come into force this year across all the EU's critical sectors. This seminar will help you get ready for the NIS2 incident reporting and security measures requirements, what NIS2 will mean for organizations doing business in the European Union, and what skills you may need to implement the NIS2. This online...

Data can end up in the unlikeliest of places, even for those organizations that have developed formal data governance policies and implemented technical controls to (try to) keep data in central data stores. Especially troublesome is data stored and worked with on user endpoints—workstations, laptops, devices—such as original unstructured files or containing data extracted from structured data sources. With this survey, SANS is see...

The cloud has changed infrastructure for all organizations and Federal agencies are no exception. However, it’s not as easy as simply “flipping the switch” because there are a myriad of regulatory requirements and considerations to navigate, and it requires careful planning and implementation. Join us on April 25, 2024, at 3:30 ET where SANS analyst Matt Bromiley and Cisco’s Technical Marketing Engineer, Christian Claus...

In the field of cybersecurity, we are failing to acknowledge that we have a big problem. Our job titles and job descriptions have the word security in it even though security isn’t our job. I have never met a security professional who claims that their organization will never be breached. Yet, we call ourselves security? When a breach does occur, it reflects poorly on us. Did it mean we did our jobs poorly that day? Let’s have the...

The number of cloud security breaches in the headlines have been staggering lately. It seems like a week cannot go by without a massive amount of sensitive data being leaked from either AWS, Azure, or Google Cloud. One example that would be funny if it were not so sad is the September 2023 incident where the Microsoft AI team leaked 38TB of sensitive data, including employee workstation backups and 30,000 internal Teams messages, due to a misc...

Are you struggling to get both your leadership and workforce to buy into cybersecurity? Do you feel overwhelmed and need to scale the impact of your security team? Learn how to engage and transform your organization into the biggest believers and supporters of cybersecurity by institutionalizing a strong security culture. What is a strong security culture and how it helps you Indicators of a strong security culture Top three drivers of a stron...

Step into the forefront of manufacturing resilience as we navigate today’s cybersecurity challenges. This dialogue with Matt Cowell, VP of Business Development at Dragos, and Mark Cristiano, Global Commercial Director – Cyber Security Services at Rockwell Automation, is dedicated to the shifting tides in cyber threats that manufacturers face, strategizing against the escalation of digital risks, and charting a progressive course of...

Stop Waiting for the Adversary It’s 2024. Ransomware is no longer new, the threats and risks are well known, the cases and payouts are public. Even with this ominous threats, why are security teams still caught off guard when their environments fall victim? It’s 2024 - the year we stop waiting for the adversary. In this 2024 Ransomware Summit, let’s explore all the angles. How ransomware actors find success, where they get in...