Members of the Data Connectors Community are well aware that the utilization of Multi-Factor Authentication (MFA) protocols, like those from a number of our Community Partners, is a good idea.  At the same time, those cybersecurity leaders face a constant struggle from their user communities, who chafe at the added friction they cause. 

News of the recent $3M fine imposed by the New York Department of Financial Services (NYDFS) against an insurance firm subject to the agency’s Cybersecurity Regulations (“Cyber Regulations”) should empower every CISO in the Community to substantiate the need for the added security MFA brings. 

Moreover, the case is instructive as it hits an incredibly common theme – the security around Microsoft Office 365. In this case, the company was ordered to pay the fine and take other corrective actions because it did not begin to implement MFA for its email system and other “third-party applications” until more than one year after the MFA rule went into effect (on March 1, 2018). 

The firm in question was the target of several phishing attacks which breached the systems and is thought to have caused the exposure of a substantial amount of sensitive, non-public, personal data belonging to its customers, including thousands of New York consumers. While the insurer did notify law enforcement, NYDFS asserted with this Consent Order that they were in violation. 

Office 365, by far the most widely used email and business collaboration suite used by our Community has been the target of too many Business Email Compromise (BEC), phishing/spear-phishing and other account compromise tactics to mention. Aside from Microsoft’s own Advanced Threat Protection (ATP), numerous Community Partners (Proofpoint, Mimecast, Avanan, Agari, Ironscales, etc.) offer myriad methods and solutions to combat the phishing threat.  

Moreover, Community Partners that offer MFA and more other advanced authentication tools (Auth0, Okta, SailPoint, HYPR, etc.) make adding state-of-the-art identity and access management a straightforward process.  Moreover, as demonstrated in their product demonstrations within the Virtual Summit Series over the past year, they do it with minimal additional friction, and a solid user experience. 

Community Members are well-served to look at the MFA, passwordless, and email security, and cloud email security supplemental solutions available to them.  The links above provide details on various providers, and a visit to one of our upcoming Virtual Summits would certainly include a few live, interactive demonstrations of note in the Virtual Exhibit Booths at the Solution Showcase. 

Questions on MFA or Cloud/Email Security? Submit a question for an upcoming panel to learn more.

MFA Miss Precipitates Heavy Fines from NY C …

Industry News Posted by Jen Greco on Apr 28, 2021

In their 2021 legislative sessions, 42 states and Puerto Rico have introduced more than 300 pieces of legislation pertaining to cybersecurity, according to research from the National Conference of State Legislatures. That compares with 280 pieces of legislation in 38 states in 2020.

Some of these measures, whether in the form of bills or resolutions, go on to create task forces that focus on the state’s own cyber infrastructure. Others focus on training and development, incident response and data protection strategies for citizens’ data.

According to the report from NCSL, this governmental action was in direct response to the influx of cyber threats, particularly at the start of the COVID-19 pandemic in spring and summer of 2020.

While hundreds of these bills are still in “pending” status, a few have successfully passed and have been either enacted or brought forth for the governor’s signature or veto.

For example, in Mississippi, House Bill 633 passed the Computer Science and Cyber Education Equality Act, which implements a mandatory computer science curriculum for students in grades K-12, based on standards that include training in cybersecurity.

Virginia has had one of the most active state houses in terms of passing cybersecurity legislation, with the most impactful being the state’s March 5 passage of the Consumer Data Protection Act (CDPA). Legislators seem to have taken a page from the 2018 California Consumer Privacy Act (CCPA), but withheld the revenue thresholds for imposing obligations. 

However, further legislation in Virginia included the addition of cyber attacks and virtual infrastructure to be included under the Emergency Services and Disaster Law. The state CIO was also given the opportunity to develop security awareness training for all state employees annually. They also expanded the definition of computer trespass, and equated the penalty of someone convincing another to spend cash under false pretenses as a Class 1 misdemeanor.

That said, the bills that remain in “Pending” status may continue to wait there for many months. For example, Maryland, which has more than 20 bills waiting to be voted on, adjourned their session on April 12. With legislative sessions ending as we draw closer to summer, many of these bills may be left untouched until 2022. 

State Governments Started 2021 with a Focus …

Industry News Posted by Jen Greco on Apr 23, 2021

You’re in the middle of mitigating a breach, and your IT department can feel like you’re out on an island alone, but with a variety of resources available for free from the Department of Homeland Security Cybersecurity Infrastructure Security Agency, there’s no reason to go it alone, according to Cybersecurity Advisor George Reeves.

Reeves joined the Texas Virtual Cybersecurity Summit, held on April 7 and 8, offering IT professionals from throughout the region a variety of resources to help prepare for and handle a breach. After all, groups like Hafnium (who were behind the Microsoft Exchange hack) and other bad actors are becoming more active than ever.

Recent events have been a continuous reminder as to why it’s so important to stay informed on all the existing cybersecurity threats. From SolarWinds to Microsoft Exchange, more organizations than ever have been tested this year, Reeves said.

“Our job is to help you recover, help you restore and maintain your critical services,” said Reeves.

With CISA’s help, organizations have the tools to navigate these challenges. For organizations looking to assess their current security vulnerabilities, or needing help with specific issues such as the Microsoft Exchange vulnerabilities, one vital place to look is on CISA’s website, which is filled with free (taxpayer funded) tools, assessments, tests, and other resources that will help build your complete cybersecurity infrastructure.

All tools are available through CISA here, including ways to work through the SolarWinds supply chain compromise and the Microsoft Exchange on-prem vulnerabilities.

CISA has released an overview on MITRE ATT&CK, as well as a command-line tool to help with detection of vulnerabilities called CHIRP (CISA Hunt and Incident Response Program), that goes through your environment to see if there are any hits. It is also useful to check out the Malware Analysis Reports, including details on the China Chopper Webshell, according to Reeves.

They’ve also just released the Aviary Dashboard, a companion resource to the Sparrow detection tool. It’s a dashboard that allows you to take down information and visualize current threats, Reeves said.

CISA works hard to develop tools and raise awareness of the current and imminent threats, including Automated Indicator Sharing (AIS) and the Multi-State Information Sharing & Analysis Center. AIS is a threat-sharing platform, collaboratively from across the country, while the MS-ISAC is a vital tool for the public sector – DHS-CISA supplements this. It’s a free program that allows for you to mediate and mitigate with the guidance of the experience of others who may have already seen this, Reeves said.

Managing a Breach? Don’t Miss CISA’s Va …

Industry News Posted by Jen Greco on Apr 16, 2021

Understanding New Regulatory Requirements and Managing Threats Remains Essential for IT Professionals

CHICAGO — APRIL 13, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading live Virtual Summits in the Midwest next week.

The 2021 Chicago Virtual Cybersecurity Summit provides senior executives in the area education regarding new solutions, as well as the latest updates and challenges in the industry. 

Headlining this two-day summit on Tuesday and Wednesday, April 20-21 are four prominent keynote presentations: 

  • Amy Nicewick, Section Chief for the Cybersecurity Division, Department of Homeland Security Cybersecurity Infrastructure Security Agency
  • EJ Hilbert, Former FBI Cyber Agent and CISO & Founder of KCECyber
  • Justin Fanelli, Chief Architect of Defense Medical Intelligence Data and Technical Director at the Naval Information Warfare Center
  • Joe Nocera, Lead of the PwC Cyber & Privacy Innovation Institute

In the coming months, all cybersecurity professionals will be dealing with the transition between pandemic- and post-pandemic life. PricewaterhouseCoopers’ (PwC) Joe Nocera will be addressing this topic in detail for the community.

“As we approach a post-COVID world, I’m working with clients to address a myriad of cyberthreats that have either intensified or evolved over the past year. Particularly as virtual work has led to companies handling more data than ever before, it is critical for companies’ customers and employees to feel confident that they can trust them to keep their data safe and manage it responsibly. I look forward to discussing these challenges and sharing best practices for building cyber trust at the Chicago event,” Nocera said. 

In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations. Malicious actors continue to adjust and evolve their ransomware tactics over time. In January, CISA started the Reduce the Risk of Ransomware Awareness Campaign. CISA’s Amy Nicewick will be addressing this topic and the awareness campaign in a session for the community.

“CISA is working collaboratively with our public and private sector partners to protect their networks from ransomware. Our awareness campaign highlights readily available and important best practices and resources that can be leveraged to better protect against, mitigate, and recover from a potential ransomware attack. Our goal is to help organizations at all levels reduce their risk of ransomware victimization,” Nicewick said.

The Summit will also feature live virtual exhibits and informative presentations from cybersecurity solution providers, as well as live, topical expert panels fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around limiting the risk of ransomware, regulations surrounding the Department of Defense’s Cybersecurity Maturity Model Certification, DevSecOps and the cloud, the role of cybersecurity in the Internet of Things, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves in 2021. 

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs from organizations throughout the Midwest:

  • Fred Kwong, Ph.D. — CISO & AVP Security, Identity & Operations, Delta Dental Plans
  • Matthew Zielinski — Director, Technology Infrastructure & CISO, Vivid Seats
  • Ron Zochalski — CTO/CISO, Lake County Government
  • Jim Serr — CIO, Joliet Junior College
  • Stephanie Southard — CISO, BCU 

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Cisco, Cymulate, Ordr and many more.

The Summit will take place over two days, Tuesday and Wednesday, April 20-21 at 8:00 a.m. CT on both days. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

More information can be found at dataconnectors.com/chicago

Compliance Issues, Ransomware Headline Chic …

Press Releases Posted by Jen Greco on Apr 13, 2021

In a recent panel as part of the Southern California Virtual Cybersecurity Summit, Capsule8 Security Strategist Jason Madey joined Moderator Merritt Baer, Principal Security Architect for Amazon Web Services, and fellow panelists Jonathan Knudsen, Synopsys, and Carlo Beronio, Attivo Networks, to discuss DevOps Security and its relationship with the cloud.

The discussion provided an opportunity for leading experts in the field to touch on the ongoing challenge of security trying to keep up with the rapid speed of feature releases and bug fixes made possible by DevOps. Madey and his fellow panelists discussed what companies need to do to ensure security doesn’t get left behind but that bug fixes and feature rollouts remain on schedule. How can DevSecOps become a realistic component of the modern enterprise?

The Old Tropes – Security as a Blocker

To start, panelists discussed the old tropes of DevOps and security – specifically that security is a blocker for development and innovation, acting as a gatekeeper for progress. Jonathan Knudsen spoke to the reality of the situation and how many companies are starting to move beyond this 1.0 view of application security. In the old model, dev teams would make a product and throw it over the wall, where security teams were tasked with catching any and all issues. Often, when the security team identified a security issue, it was too late – the product team was almost done with the process. This conflict has defined application security’s narrative for years, but it’s not necessarily the reality any longer. As Knudsen states, “what we’re seeing now is the transition to 2.0, in which application security integrates with the dev teams, becoming a part of the development cycle. So we talk about DevOps, but what we really mean now is ‘DevSecOps.'”

Of course, this is easier said than done. As Carlo Beronio notes, we’re in the midst of a substantial transformation as many companies move their terrestrial networks to the cloud. The perimeter is still there in some sense, but “there’s a new methodology of understanding how to apply security to these transitioned environments, and the ability to actually leverage your existing toolsets and morph them into those environments becomes critical.”

So what do the changes to security controls look like as many organizations move into the cloud?

Jason Madey discussed how we’re often talking about Linux in these situations and how many organizations are making “significant shifts from the way we did things on-premise to new management consoles and new says that we’re building and packaging and delivering our applications.” Traditional systems are end-user-centric, not necessarily workload-centric or container-centric, so it’s become vital to find and implement solutions that help gain visibility into the new cloud delivery environments.

 

Evaluating Vendors for Security Controls versus the Alternatives

Because the perimeter is dead, as Carlo notes and the traditional tools don’t offer the visibility needed, how does an organization evaluate vendors for cloud-native protection?

Madey notes that the model long used has started to change. In the past, the security tools used needed to be best-in-breed, and there was a siloed approach that eventually morphed into a single platform that can work across all systems. Now, however, many organizations operate in unique environments that each serve a unique purpose. “We need to recognize that environments are all completely different, and using one solution across all of them is simply not effective anymore. We need to be more specific, and of course, that’s going to come with plenty of research and market analysis, but we need to get away from having a one-size-fits-all solution and identify tooling that is born and bred for each specific environment.”

For this to work, however, it needs to be implemented correctly. Knudsen notes that “It has to be automated because you don’t ever want to be in this situation where you’re waiting around for a security engineer to push the button to run some tests, and it has to be integrated so that the results that you’re getting out of security testing are actually being fed back into the issue tracker or whatever other processes you’re already using.” The vague outlines for development are consistent across many companies, but the specifics will be unique. Tools need to be flexible enough to adapt to the different styles of development in use.

Going beyond this, Beronio notes that “it’s not just best-of-breed but ‘what’s integrating with my traditional workflow?’ How do we integrate a tool that can feed into specific environments, because it’s vital that security understands how dev teams are being compromised and that they understand where data is being placed.” The two most important questions for security end are “how are users getting compromised?” and “how are attackers using compromised users or credentials to access the rest of the networks?”

 

Measuring Performance to Drive Improvement

 

When looking at a truly integrated cloud-native model where companies can obtain economies of scale, what influence does that have on security?

Madey touched on several key points. In a lift and shift approach from traditional on-premise infrastructure to cloud environments, little changes. “I’m going to stand up those servers and run those applications, just instead of my closet, it’s going to be Amazon’s closet.” But when companies start to evaluate “truly building, creating and delivering applications from a Cloud-Native perspective, they must also start looking at how to intelligently build out containers, build into modern CI/CD pipelines, adopt cloud-native technologies and make leaner, more performant, and scalable applications.”

Containers are a major concern, for example. They allow companies to run applications leaner, scale them faster, ensure less downtime, and positively impact the bottom line. However, they are also newer; therefore a bigger target for attackers and traditional tools don’t offer the same level of visibility as they do for other environments.

 

Regulatory Considerations for Cloud-Native Environments

A big point of contention for many companies when considering cloud adoption is the regulatory piece. As Madey points out, it’s vital that vendors are transparent, running a clean operation, and that they are consistently dealing with the basic configuration and vulnerability tasks needed to keep your data safe. “We need a level of trust between us and our vendors to continue building and developing and pushing out software in the manner that we are.”

Baer emphasizes this: “Show me an industry that isn’t regulated in some sense or that doesn’t have to interact with regulated entities. We’re all impacted by compliance considerations.” But at the same time, when moving to the cloud, the bottom layers of the stack have now been outsourced to those providers. That means less overhead to maintain audit and compliance documentation for on-premise equipment.

When asked about risk frameworks, Beronio highlighted ISO 27000, NIST, and the MITRE ATT&CK Framework, allowing issues to be mapped to the appropriate individuals to deal with them as they come in. More importantly, MITRE has created a framework specifically for Linux and is working on building one specifically for containers, ensuring a more catered solution for all organizations, regardless of the environments they are running.

 

The Goal of Successful DevOps and Security Integration

Many elements can improve the communication between DevOps and security, helping to build a better, more responsive cloud-native environment for your organization. Culture is a significant part of this. As Knudsen notes, it’s not about “finding the most knowledgeable engineers. This is important, but so too is hiring people who communicate and will work closely with your DevOps teams, discussing security in a way they will understand and helping them integrate processes in a way that works without slowing down development.” Leadership is a significant part of this. Security is traditionally seen as a blocker, but when integrated carefully from the top down, it can be more fully integrated with DevOps, helping make it an organizational priority where everyone is on the same page. It’s about mindset as much as the process.

 

Capsule 8 is one of Data Connectors’ key partners. Learn more about the company and what great services they provide. Do you want to submit a guest blog post? Contact us.

Guest Post: The New World of DevSecOps and …

Hot Topics in Cybersecurity Posted by Michael Hiskey on Apr 7, 2021

Future wars won’t be fought by the fittest and strongest with guns and bombs; it’ll be done from behind a keyboard and mouse.

2020 HeadshotThat’s according to Marc Crudgington, based on the extensive research in his book, “The Coming Cyber War.” The challenge, he says, is for both organizations and individuals to be prepared and how to handle the inevitable — the cyber attack that might clear them out financially or cause a life and death situation.

The book is a solid page-turner, with incredible anecdotes — including the tale of an explosion 1/7th the size of the atomic bombs from World War II, deep in the heart of Siberia. The work also considers Crudgington’s extensive personal experience within the cybersecurity community, including his current role as a CISO of a major bank based in the Houston area.

Crudgington had his “I can write a book” wake-up call while on a ferry ride on the Potomac, in the heat of a discussion with an industry colleague. It was 2016, and like many others in the industry, they were talking about the allegations of election meddling by outside actors like Russia through digital means. Geopolitical factors affecting security became top-of-mind for him, and it ultimately inspired him to start writing.

“I felt that the moment I stepped off the boat, I thought I had something to say,” he said. “There, I termed it ‘the coming cyber war,’ and then I started writing the book little by little.” (That title, by the way, just came naturally, Crudgington said.)

The book, according to Crudgington, covers the dynamics of the CISO’s relationship with company executives, members of the Board of Directors, and highlights the vital role of the individual contributor in the security of an entire organization. These dynamics are covered in their own individual sections, allowing for a full picture of what organizations are up against in the cyber war.

“You cannot just keep security in the basement anymore,” he said. “The relationship between CISOs and other executives and their boards

After several years of research and collecting various experiences, it was the COVID-19 pandemic that really fired up Crudgington’s writing process, thanks to the extra down-time while at home. With the changing security environment that includes working-from-home and even more cyber scams, the outcomes from the pandemic also shaped some of the content of the book, he said.  of directors is becoming incredibly important.”

Cyber War Cover

 

Maintaining his focus and not getting too deep “into the weeds” was important to him, with a primary audience of cybersecurity executives. He said there are some ups and downs to the writing process, but by tapping into his creative side, it turned into an extremely enjoyable process.

“The easiest part is when you’ve done your research and sit down to write,” Crudgington said. “Sometimes it just flows, and sometimes it just doesn’t.”

And with his extensive experience, he has a great deal of advice to give for his fellow CISOs and up-and-comers. The “common knowledge” that he disagrees with? The idea that cybersecurity is a cost-center.

“There is efficiency to be gained with cybersecurity. It can be a win for you; it benefits you in the long-run,” he said.

Want more advice from Marc Crudgington? He will be joining the CISO Panel at Data Connectors Texas Virtual Cybersecurity Summit, offering his insight on how the local community can enrich their security protocols.

Plus, you can get a copy of his book here.

This is (Cyber) War: Thoughts on The Future …

Interviews Posted by Jen Greco on Apr 6, 2021

Leaders from U.S. Secret Service, Cybersecurity and Infrastructure Security Agency, Digital Forensics Lab Gather with CISOs to Collaborate to Move Past Rash of Advanced Persistent Threats

DALLAS, TEXAS – APRIL 6, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading live Virtual Summits in Texas this week.

The 2021 Texas Virtual Cybersecurity Summit provides senior executives in the area education regarding new solutions, as well as the latest updates and challenges in the industry. Leaders from law enforcement agencies team with Chief Information Security Officers (CISOs) from the private sector at the two-day summit this Wednesday and Thursday, April 7-8, which will feature: 

  • Special Agent in Charge William Smarr, US Secret Service, Dallas Field Office
  • VP and Chief Information Security Officer Andrew Vezina, Equitable Bank
  • Cybersecurity Advisor (CSA) George Reeves, Cybersecurity and Infrastructure Security Agency (CISA) 
  • Stephen Gemperle, Senior Special Agent, Lab Director for Regional Forensic Lab, US Secret Service – San Antonio Field Office
  • Clarke Skoby, Technical Staff Assistant, Advanced Digital Forensics Expert US Secret Service – Houston Field Office 

“We’re going to be discussing some leading-edge ideas for organizations across Texas, namely how to develop a Risk Balance Sheet so that companies can truly understand the threats they’re facing,” said Vezina, who will be giving the Wednesday afternoon keynote. “One of the biggest challenges we have in our industry is how to communicate the needs of the information security team to the rest of our organizations, but the good news is that there’s a better way.”

“It seems like every week we’re faced with a new cybersecurity threat,” said CSA Reeves.   “It’s important for organizations in Texas to know how to properly handle any disruption to their information systems, and for them to know how CISA can help,” he added. 

The Summit will also feature live virtual exhibits and informative presentations from cybersecurity solution providers, as well as live, topical expert panels fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around user-centered security, the benefits of having a risk balance sheet, defense-in-depth, artificial intelligence and machine learning in cybersecurity, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves in 2021. 

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs from organizations throughout Texas:

  • Roman Medina, Jr — VP,  CISO, Jefferson Bank
  • Luis Ossorio — Director IT, FROSCH
  • Ray Jay Yepes — CISO, Texas Department of Family and Protective Services
  • Marc Crudgington — CISO; SVP Information Security, Woodforest National Bank
  • John Frushour — Deputy CISO, New York-Presbyterian Hospital
  • Mark Adams — Senior Manager, IT Security and Compliance, and vCISO, Superior Energy
  • Mike Davis — CISO, ExactlyIT, Inc.

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Cisco, Druva, Attivo Networks, Pure Storage, Proofpoint, SEI, and many more.

The Summit will take place over two days, Wednesday and Thursday, April 7-8 at 8:00 a.m. CT on both days. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

More information can be found at dataconnectors.com/texas

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Cyber Fraud Task Force, Digital Forensics, …

Press Releases Posted by Jen Greco on Apr 6, 2021

Chief Information Security Officers from Seattle and Portland Share Insight on Managing Cybersecurity Amid Pandemic Attack Landscape

 

SEATTLE  – MARCH 29, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading live Virtual Summits in the Pacific Northwest this week.

The 2021 Seattle and Portland Virtual Cybersecurity Summit provides senior executives in the area education regarding new solutions, as well as the latest updates and challenges in the industry. 

Headlining this two-day summit this Wednesday and Thursday, March 31-April 1 are three prominent keynote presentations: 

  • Special Agent Timothy Hunt, US Secret Service, Cyber Fraud Task Force
  • Cybersecurity Advisor Ronald Watters, DHS Cyber Infrastructure Security Agency (CISA) 
  • “Offensive Security” host and author Jonathan Helmus

“Each year, we’re seeing newer and bigger threats, making the role of cybersecurity professionals more important than ever. It’s vital that CISOs stay on the cutting edge,” said Dawn Morrissey, CEO and Founder of Data Connectors. “Through these discussions by industry experts and thought leaders in information security, our attendees have the chance to get ahead.”

The Summit will also feature live virtual exhibits and informative presentations from cybersecurity solution providers, as well as live, topical expert panels fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around the SolarWinds & Hafnium/Microsoft attack, DevSecOps & Pentesting, user-centered security, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves in 2021. 

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs from organizations throughout the Pacific Northwest:

  • Kevin Morrison – CISO & Managing Director, Alaska Airlines
  • Dave Estlick – CISO, Chipotle Mexican Grill
  • Dennis Tomlin – CISO, Multnomah County
  • Robert Thomas – CISO, 180AConsulting.com
  • Hadas Cassorla – CISO & Principle, Scale Security Group
  • Bryan Hurd – CISO & VP, Aon Cyber Solutions 
  • Jon Washburn – CISO , Stoel Rives, LLP

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Okta, Cymulate, OneTrust, Ordr, Attivo Networks, Ivanti, Pure Storage, and many more.

The Summit will take place over two days, Wednesday and Thursday, March 31-April 1 at 9:00 a.m. PT on both days. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

More information can be found at dataconnectors.com/seaport.

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

U.S. Secret Service, Homeland Security Head …

Press Releases Posted by Hubspot System on Mar 30, 2021

Each week, we’ll be sharing links to some of our favorite blogs from our partners. This week, we’re all about data. Whether it’s about protecting yours from the Microsoft Exchange hack, a thoughtful look on data intelligence, a “less-is-more” approach, and more. You’ll want to add these blogs to your regular reading list to ensure you stay on top of the latest trends in cybersecurity.

CYMULATE

Luck favors the prepared… and Cymulate agrees. Cymulate Labs came out with two threat attack simulations for their customers to ensure their set to defend against the Microsoft Exchange vulnerabilities. Review their blog and ensure you’re ready.

ONETRUST

Smarter data management is the key. A thoughtful take on real data intelligence from OneTust’s blog, dubbed Real Data Intelligence: A balance between seeking data value and mitigating risk.

ORDR

The classic adage of “Less is More” is true, even when it comes to data. Ordr’s Danny Jump joins their blog for his first post. 

ATTIVO NETWORKS

The year of breaches continues, and attackers always have their eye on the prize: access to the active directory. Attivo Networks’ Chief Security Advocate is covering ways to stay protected in these trying times in her post “Recent Attacks Command New Innovation for Stronger Active Directory Security.”

IVANTI

Who doesn’t love a peek behind the curtain? Ivanti’s blog covers their recent moves in the industry, and discusses the intelligence and value behind “acquisition with intent.” This company is focused on smart growth, says CEO and Chairman Jim Schraper, in his recent blog post, “The Rise of the Everywhere Workplace.”

PURE STORAGE

Looking to move into a multi-cloud strategy? Don’t miss this post from Pure Storage’s Dan Kogan, who offers five critical steps in implementation. This is a helpful post in any stage of planning for multi-cloud, titled “5 Steps for a Successful Muticloud Strategy.”

Do you have a partner post you’d like to share? Let us know in the comments. To learn more about how to partner with Data Connectors, visit our site

Leave a Reply

Weekly Partner Roundup: The Data Edition

Industry News Posted by Jen Greco on Mar 26, 2021

On the Heels of Hafnium, SolarWinds Attacks, Senior Cybersecurity Executives Gather Online to Understand More of Communist Governments’  Intelligence Exercises—and What it Means to Their Duties to Protect New York Area Businesses

NEW YORK CITY – MARCH 22, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading series of Virtual Summits, arriving in the New York Metropolitan Area this week.

The 2021 will take place, and is slated to allow the local community of cybersecurity professionals to gain insights and education regarding the latest updates and challenges in the industry, despite the continued efforts for social distancing during the pandemic. 

Headlining the New York City Virtual Cybersecurity Summit this Wednesday, March 24 is a preeminent expert on the strategy behind Communist China’s intelligence-gathering efforts, Dr. Jonathan Ward.  The author of “China’s Vision of Victory,” and recurring guest on various news programs on Fox, Bloomberg, CNBC, MSNBC, Ward will be joining the summit for a live interactive question-and-answer session. 

“The Chinese Communist Party (CCP), and cybersecurity professionals they employ, are playing by a different set of rules,” Ward said.  “Deception, intellectual property rights, data privacies, etc. and the usual rules of engagement don’t apply. US institutions of all sizes are well served to understand where the CCP is directing their energies, and get out ahead with preparedness and defense,” he added. 

The Summit will also feature industry expert presenters and virtual exhibits from cybersecurity solution providers, as well as live, topical expert panel discussions fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around the SolarWinds hack, the future of cybersecurity, and user-centered security, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves in 2021 in panel discussions. 

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs from organizations throughout the New York metro:

  • Tim Rohrbaugh: CISO, JetBlue Airways
  • Suresh Chawdhary: Head of Security and Privacy, Nokia
  • Bernie Cowens: Chief Security Officer, Utility Technology Solutions
  • Stan Mierzwa: Director & Lecturer, Center for Cybersecurity, Kean University
  • Gene Barskiy: Head of IT and Security, Fisk Alloy
  • Christopher Frenz: AVP of IT Security, Mount Sinai South Nassau

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Cisco, Proofpoint, and many more.

The Summit will take place on Wednesday, March 24 at 8:00 a.m. ET. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

More information can be found at dataconnectors.com/nyc

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Geopolitical Luminary Dr. Jonathan Ward Hig …

Press Releases Posted by Jen Greco on Mar 23, 2021