Theresa Payton discusses how security is fundamentally broken, because we're not focused on the human point. As employees, people want to have mobile experiences the same way they do as consumers. Workforces need the right tools to do their job, but ensure they're protected from the threats that come from mobile technology. It's time we embrace these technologies and empower our teams to make good choices as they interact with data.
Top cyber security incidents of 2016 including US Presidential election influence by Russia, DNC email hack, Panama paper leak, yahoo hack, shadow brokers hacking into NSA, ATM hack in India, Malware in Hitachi payment service, SWIFT cyber heist, Bitcoin hack, Weak password in Adult friend finder, MIRAI botnet affecting users of Twitter, Reddit, Amazon, Netflix, Paypal, Pinterest
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
Top cyber security incidents of 2016 including US Presidential election influence by Russia, DNC email hack, Panama paper leak, yahoo hack, shadow brokers hacking into NSA, ATM hack in India, Malware in Hitachi payment service, SWIFT cyber heist, Bitcoin hack, Weak password in Adult friend finder, MIRAI botnet affecting users of Twitter, Reddit, Amazon, Netflix, Paypal, Pinterest
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
This presentation outlines the leaps and bounds of Cloud Computing and Risk Management in the age of enormous global data surveillance, whistle blowers, Wikileaks, data leakage and what to do to protect data.
Social Engineering - Enterprise Phishing.pptxDaniel Gorita
Definition of Social Engineering
Social engineering is the art of manipulating people to disclose confidential information, perform actions, or compromise security.
It involves psychological manipulation and technical exploits
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
Since the last elections in the United States, France, and other nations, fake news has become a tool to manipulate voters. This creation of fake news creates a problem that ripples through an entire society creating division. However, the media has not scrutinized enough on data misuse. Daily it appears that there are breaches causing millions of users to have their personal information taken, exposed, and sold on the Dark Web in exchange of encrypted currencies. Recently, news has surfaced of major social media sites allowing emails to be read without user consent.
Top 15 more outrageous data loss incidents since the inception of the Internet. It is becoming more crucial to protect and backup your data when even the most trusted banks, credit card companies and government agencies betray your trust.
How cybercriminals, leakers, State-sponsored hackers failed their opsec
The talk was given during the No Hat conference in Bergamo (Italy) https://www.nohat.it/
Streaming: https://www.youtube.com/watch?v=b64RE9cXajA
from minute 6.52.11
Data Mining Online Audiences with D8A GroupJon Gosier
Using a combination of the data-analysis products available from D8A Group, we’ve been monitoring the unfolding events in real-time to illustrate the ways our technology platforms can be used by companies, PR firms, marketing agencies, political groups, celebrities, and NGOs to make data informed decisions in real-time crisis scenarios.
In this case study document, we analyze breaking news scenarios involving Chris Christie's Brigegate scandal, Kerry Washington's appearance at the Golden Globes, and the Knight Foundation who we weren't aware had any news events at the time, but we quickly became aware of two through the use of our software.
The primary purpose of using technologies like the D8A suite of analytic products is to monitor and capture real-time data for analysis and research. They are also predictive, helping to surface trends, patterns, and happenings before one might find out about them otherwise. D8A’s products work across multiple communication channels.
Rethinking the concept of trust (DoDIIS 2019 presentation)Forcepoint LLC
Eric Trexler, Vice President of Global Governments & Critical Infrastructure at Forcepoint spoke at DoDIIS 2019. He described how trust is changing, and offered advice for agencies to considering how to balance trust and security.
Sparking Curiosity to Change Security BehaviorsForcepoint LLC
In this presentation Dr. Margaret Cunningham, Principal Research Scientist, Forcepoint X-Labs, explores the topic of curiosity in cybersecurity.
Curiosity is a powerful catalyst for behavioral changes, but for the most part, curiosity has been used to exploit users rather than to motivate positive security behaviors. This session explores the science of curiosity, provides examples of how curiosity increases security risks, and discusses strategies for using curiosity to increase engagement and positive security behaviors. Through this session attendees can apply strategies learned for motivating positive security behaviors as a means to mitigate risk and decrease alert fatigue within an organization.
Presented at Black Hat USA 2019 on Wednesday August 7, 2019.
Related blog: https://www.forcepoint.com/blog/x-labs/sparking-curiosity-change-security-behaviors-bhusa-2019-slides-and-summary
This presentation outlines the leaps and bounds of Cloud Computing and Risk Management in the age of enormous global data surveillance, whistle blowers, Wikileaks, data leakage and what to do to protect data.
Social Engineering - Enterprise Phishing.pptxDaniel Gorita
Definition of Social Engineering
Social engineering is the art of manipulating people to disclose confidential information, perform actions, or compromise security.
It involves psychological manipulation and technical exploits
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
Since the last elections in the United States, France, and other nations, fake news has become a tool to manipulate voters. This creation of fake news creates a problem that ripples through an entire society creating division. However, the media has not scrutinized enough on data misuse. Daily it appears that there are breaches causing millions of users to have their personal information taken, exposed, and sold on the Dark Web in exchange of encrypted currencies. Recently, news has surfaced of major social media sites allowing emails to be read without user consent.
Top 15 more outrageous data loss incidents since the inception of the Internet. It is becoming more crucial to protect and backup your data when even the most trusted banks, credit card companies and government agencies betray your trust.
How cybercriminals, leakers, State-sponsored hackers failed their opsec
The talk was given during the No Hat conference in Bergamo (Italy) https://www.nohat.it/
Streaming: https://www.youtube.com/watch?v=b64RE9cXajA
from minute 6.52.11
Data Mining Online Audiences with D8A GroupJon Gosier
Using a combination of the data-analysis products available from D8A Group, we’ve been monitoring the unfolding events in real-time to illustrate the ways our technology platforms can be used by companies, PR firms, marketing agencies, political groups, celebrities, and NGOs to make data informed decisions in real-time crisis scenarios.
In this case study document, we analyze breaking news scenarios involving Chris Christie's Brigegate scandal, Kerry Washington's appearance at the Golden Globes, and the Knight Foundation who we weren't aware had any news events at the time, but we quickly became aware of two through the use of our software.
The primary purpose of using technologies like the D8A suite of analytic products is to monitor and capture real-time data for analysis and research. They are also predictive, helping to surface trends, patterns, and happenings before one might find out about them otherwise. D8A’s products work across multiple communication channels.
Rethinking the concept of trust (DoDIIS 2019 presentation)Forcepoint LLC
Eric Trexler, Vice President of Global Governments & Critical Infrastructure at Forcepoint spoke at DoDIIS 2019. He described how trust is changing, and offered advice for agencies to considering how to balance trust and security.
Sparking Curiosity to Change Security BehaviorsForcepoint LLC
In this presentation Dr. Margaret Cunningham, Principal Research Scientist, Forcepoint X-Labs, explores the topic of curiosity in cybersecurity.
Curiosity is a powerful catalyst for behavioral changes, but for the most part, curiosity has been used to exploit users rather than to motivate positive security behaviors. This session explores the science of curiosity, provides examples of how curiosity increases security risks, and discusses strategies for using curiosity to increase engagement and positive security behaviors. Through this session attendees can apply strategies learned for motivating positive security behaviors as a means to mitigate risk and decrease alert fatigue within an organization.
Presented at Black Hat USA 2019 on Wednesday August 7, 2019.
Related blog: https://www.forcepoint.com/blog/x-labs/sparking-curiosity-change-security-behaviors-bhusa-2019-slides-and-summary
In this presentation Raffael Marty, VP of Research of Intelligence, Forcepoint X-Labs, explores the topic of Artificial Intelligence (AI) in cyber security. What is AI and how do we get to real intelligence in a cyber context? Raffael outlines some of the dangers of the way we are using algorithms (AI, Machine Learning) today and what that leads to. We then explore how we can add real intelligence through export knowledge to the problem of finding attackers and anomalies in our applications and networks.
Presented at AI 4 Cybersecurity in NYC on April 30, 2019
Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...Forcepoint LLC
Wishful thinking won’t protect your data and systems. Without understanding two key psychological constructs, motivated reasoning and decision fatigue, people will continue to put their trust in software alone to keep their systems safe – and then shift responsibility for adverse events onto end users. For example, those impacted by motivated reasoning will reuse passwords without believing it might actually have an impact. People who experience decision fatigue avoid decisions or choose the least effortful action. However, there are steps organisations and individuals can take to recognise and cope with these parts of human nature – are you prepared?
Every single security company is talking about how they are using machine learning—as a security company you have to claim artificial intelligence to be even part of the conversation. However, this approach can be dangerous when we blindly rely on algorithms to do the right thing. Rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and, in turn, discovering wrong insights.
In this session, we will discuss:
• Limitations of machine learning and issues of explainability
• Where deep learning should never be applied
• Examples of how the blind application of algorithms can lead to wrong results
Using Language Modeling to Verify User IdentitiesForcepoint LLC
How can we verify identity using unstructured data from a user device? While biometrics like fingerprinting and facial recognition are often used for authentication, research around natural language processing has found people's use of language as uniquely identifying.
In this session, we will discuss multiple facets of language modeling:
• Efficacy on different kinds of unstructured text within a corporate network
• As a technique to detect anomalous user activity, compromised accounts, and stolen credentials
• As an integral part of a cybersecurity program in addition to UEBA and risk-adaptive protection
Driving the successful adoption of Microsoft Office 365Forcepoint LLC
For enterprise and mid-sized companies who have deployed Office 365 but have not realized the full value of their investment, Forcepoint removes the barriers to full adoption by enhancing security and compliance, taking back unsanctioned IT, and implementing the right architecture.
Is your security solution having trouble keeping up? Explore what a modern security solution looks like—built to tackle the evolving threat landscape while adapting to today’s global, mobile workforce.
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...Forcepoint LLC
This 20 minute talk was delivered by Forcepoint Principal Security Analyst Carl Leonard at Infosecurity Europe 2018. Delivered to the Strategy track this talk provides a review of the macro trends affecting businesses today, reviews root cause of standout data breaches, highlights the security risk presented by employees, and offers guidance on how to protect your business from specific root causes.
Addressing Future Risks and Legal Challenges of Insider ThreatsForcepoint LLC
Get an in-depth analysis of the framework of insider threats, its legal considerations and global privacy implications, and best practices to build an effective insider threat program.
A Predictive “Precrime” Approach Requires a Human FocusForcepoint LLC
In Philip K. Dick’s 1956 “The Minority Report,” murder ceased to occur due to the work of the “Precrime Division,” that anticipated and prevented killings before they happened. Today, we are only beginning to see the impact of predictive analytics upon cybersecurity – especially for insider threat detection and prevention. Based on user interaction with data, CISOs and their teams emerge as the IT equivalent of a Precrime Division, empowered to intervene before a violation is ever committed. Discover the technologies which make predictive analytics valuable, along with ethically minded guidance to strike the balance between vigilance and privacy.
A pirate used to have to show up on your shores, now they can stay on the other side of the world and still be a pirate. They are the mercenaries of the modern day – hackers who carry out crippling cyberattacks for personal gain, for political motivations, or perhaps on behalf of foreign governments, wittingly or unwittingly. The complexity of the problem also means there’s no simple answer for the global community. Mr. Daly looked at how we arrived at this convergence of actors and discussed efforts to get countries cooperating more effectively to prevent international cybercrime and bound cyber warfare.
Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)Forcepoint LLC
The DoD Mission Partner Environment (MPE) enables Command and Control (C2) for operational support planning and execution – residing on a shared network infrastructure at a single security level with a common language. Rory Kinney, OSD DoD CIO, shared his perspectives on how an MPE capability allows Mission Partners (MPs) to share information with all participants within a specific partnership or coalition and the role MPE-IS plays in securing the global mission.
Security Insights for Mission-Critical NetworksForcepoint LLC
Networks are at the heart of the most critical missions. In environments where network availability and increased comprehensive security seem to be at odds, what are the options? Learn why traditional firewall solutions have been replaced with next gen technologies that mitigate the management burden while offering even more robust security and protection.
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
Balancing productivity and security has been an age old challenge for IT. Nowadays, tight budgets and a shortage of skilled security personnel are further complicating the security equation at a time when mobile workers and cloud applications require effective defenses beyond traditional perimeters. Fortunately, there are new perspectives and best practices to help Government IT security leaders secure systems and users everywhere, with the same level of mission-critical protection that Federal networks require.
By 2025, millennials are projected to make up 75% of the total workforce. Organizations have been adapting their processes, policies and environments to match the millennial culture, but are they truly prepared to handle millennial technology practices? Michael Crouse – Forcepoint VP, Insider Threat explains.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
4. #Speed
Source: Various sources including Fortalice Solutions’ client archives 2015-2016, M-Trends by Mandiant
2016, and law enforcement reports.
Image: Stocksnap, Luis Llerena
5. #NotURFault
Daily Mail UK, Katherine Rushton Media And Technology,
October 23, 2015
“Robbed by 'jihadi'
cyber hackers:
Conmen who stole
TalkTalk customers'
details are already
raiding their bank
accounts”
Image: StockSnap.io, Alex Wong
10. 1 stocksnap.io image by Vee O
IoT #Headlines…#DataInHotWater
“Anticipating The Internet Of Things: How Can
Businesses Combat The Risk?”
Source: Forbes, July 31, 2015
& Infosecurity Europe 2015
12. #TheHuman
Source: : “What the Public Knows About Cybersecurity”,
Pew Research Center, Kenneth Olmstead & Aaron Smith,
Pew Research Center, March 22, 2017.
75% - password
13% - VPN
Image: Stocksnap.io
13. #NoHelp
44%
Source: PwC’s Global Economic Crime Survey 2016, “Adjusting the Lens on Economic Crime Preparation
brings opportunity back into focus”.
19. • Admit All Security is
Defeatable
• Adversarial Targeting
• Aggressive Offensive
• Plan Ahead
#Top4Actions
20. Time is a #Hater
#Now – Craft
Responses to
Digital Disasters
#BreachHangover
Kit – Set up now
#TriggerPull -
Matrix triggers
Your New #BFF Rules
Image: Stocksnap, Raymond Sam
21. stocksnap.io image by Olu Eletu
#We’veGotThis!!
#Top2
#Practice Digital Disaster
#CrisisPRPlan
22. #NeedaGuide?
Want videos or articles that help
you be more secure in 2 minutes or
less?
Email Bonus@FortaliceSolutions.com