2021 Secure Iowa Conference Presentations
Third Party Risk Management Tools & Techniques
Julie Gaiaschi, CISM, CISA, Third Party Risk Association
Third Party Risk Management (TPRM), while not a new concept, is continuing to increase in importance. This is mainly due to the threat landscape growing in complexity, organizations having a greater reliance on third parties to support critical services, digital transformation projects growing in momentum, an increase in regulations, and environmental impacts (such as the effects of a pandemic on supply chains). In addition, there has been an increase in regulatory scrutiny on organizations, to ensure they are aware of the risks and impacts their third parties have to their organization.
In this session, we will explore the:
- Importance of TPRM and the role it plays within organizations
- Key components of a TPRM program
- Trending TPRM techniques and tools to address emerging risks
The Invisible Hacker: Where Human and Technology Meet
Jason Moulder, Pratum
Can hackers break into your network just by touching someone’s smartphone? Possibly. While the idea of implanting a chip under your skin may make most people squirm, the technology could soon make logging in and transferring data as simple as touching a reader. And, of course, biohackers see new opportunities for compromising systems. In this session, Pratum penetration tester Jason Moulder breaks down what’s already possible with biohacking and helps you update your security plan for this growing technology.
How to Get Executives to Buy Into Your Security Plan
Wade Britt, Baton Global
Everyone at your company wants a bigger budget next year. How do you get leaders to choose your cybersecurity initiatives for their investment? Join an executive consultant/corporate culture expert for tips on framing your requests as a strong business case that every leader will understand. You’ll learn how to gather internal support from other teams, talk about risk and impact, and link security to the big picture of the company’s reputation and future.
Lessons Learned Deploying Modern Cloud Systems into Highly Regulated Environments
Eric Johnson, Puma Security
Numerous challenges confront anyone building and deploying modern systems in a highly regulated cloud environment. Regulators impose requirements meant to apply in a traditional on-premise environment, driving unique design decisions in cloud-native environments. In this session, we will explore key lessons learned from building a regulated cloud environment, automating deployments, securing networks, and configuring compliance services. You'll leave with an understanding of key regulatory requirements and the cloud-native security controls for meeting them.
Legal Landmines in Data Investigations
Nate Borland, BrownWinnick
If it happens on a company device, you can look at it, right? Not every time. Employers don’t have a complete legal greenlight to do whatever you want, whenever you want. Join an Iowa attorney for insights on areas where companies must tread carefully when performing digital investigations into employee activities. You’ll get guidelines that will help you stay within civil rights law, work effectively with law enforcement, navigate gray areas of Bring Your Own Device Policies and more.
What You Need to Know About Version 8 of the CIS Controls
Andres Torrado, OneNeck
The CSC security controls drive a baseline of controls organizations use to form strategic plans and operational security improvements. The CSC controls have been recently updated to version 8 with some big changes from version 7. This talk will be covering some of those changes and why those changes occurred. What security events in the world today are driving those changes.
What you will get out of it: Why or why not to implement the CSC controls and the benefits of using it. Also, if organizations are using CSC controls to understand the new controls and the reasons for the change.
Ransomware Decoded: Understanding & Preventing Modern Ransomware Attacks
Kraig Faulkner, Cybereason
It's no secret that ransomware presents an increasing danger to organizations. Ransomware attacks have jumped 105% since the beginning of COVID-19, with 73% of those attacks being effective. Is your organization investing in the right defenses against these costly and dangerous attacks? This presentation will help you beat today's advancing attacks, stop data exfiltration and prevent the latest trend of “double extortion."
Digital Hapkido: Redirecting the Attacker's Energy
Andy Neller, CISSP, CRISC, CCE, Wellmark
See a proven defense-in-depth control structure that deals with complex adversaries and ransomware/malware. With this plug-and-play talk, you can take different aspects of the security controls back to protect your organization. You'll learn about alternative options to some of the covered controls to help you raise the security posture of your environment. You'll see practical adversary obstructions and learn to leverage the home-field advantage to flip the script on hackers.
Cloud Security Essentials
Dustin Whited, Dragos
Security pros often don’t get access to cloud workloads until long after they’ve been implemented and sometimes even when they’re running production workloads. In this session, you’ll learn best practices that implement security from Day 1. You’ll learn how to build security guardrails that protect developers within the environment and how to build a roadmap to compliance.