Held Wednesday, July 15, 2020 | 8:30 AM - 4:00 PM CT | Fee: $249
CyberRiskNOW: Security Testing Edition Summary:
This virtual conference is designed to provide interactive training on evolving cybersecurity threats and how your organization should be testing its People, Process, and Technology in today's cyber-landscape. CyberRiskNOW: Security Testing Edition will cover the numerous different ways to consider testing your Information Security Program, from a Process perspective (policy, procedure, governance), a Technology perspective (are the controls you've implemented working as intended, and are they adequate), and a People perspective (is all that Security Awareness Training effective?).
Not only will this virtual conference include live video from our presenters, but you’ll be able to interact with other attendees and with event moderators through our Virtual Lobby in Discord, as well as share information, best-practices, and tools you’re using at your organization. An invitation to join our CyberRiskNOW Discord server will be sent to all attendees prior to the conference.
This event will also be recorded for later viewing in case you’re not able to attend live all-day or on the date.
8:30 AM - Event Lobby Opens
8:50 AM - Welcome & Housekeeping
9:00 AM - Testing Your Processes
9:50 AM - 10 Minute Break
10:00 AM - Testing Your Technology
10:50 AM - 10 Minute Break
11:00 AM - Blue Team vs. Red Team vs. Purple Team Testing
12:00 PM - 60 Minute Lunch Break
1:00 PM - Testing Your People
1:50 PM - 10 Minute Break
2:00 PM - Action Tracking, Board Reporting, and Known Risk Exceptions
2:50 PM - 10 Minute Break
3:00 PM - SBS Panel Discussion + Q&A
3:30 PM - Event Concludes
4:00 PM - Event Lobby Closes
Hear from past event attendees!
"The contents were all relevant, easy to understand, and include great examples. All presenters were knowledgeable and have good presenting skills. Poll questions were good and a great way to interact with the audience." - Banker from Texas
"Lots of new information and a great review of known information. It also inspired thoughts and ideas that may not have been directly related to the topic at hand. The presentation topics and presenters were engaging and kept interest. The open communication with SBS staff in Discord and Q&A after each session was nice." - Banker from North Dakota
"Perfectly executed, excellent presenters and content." - Banker from Pennsylvania
Meet the Speakers:
- Jon Waldman and Chad Knutson, are two co-founders of SBS CyberSecurity and have been working in the cybersecurity field for the last 15 years.
- Buzz Hillestad leads the SBS DFIR Team and has helped organizations of all shapes and sizes recover from incidents ranging from ransomware to insider threats.
- Patrick Gillespie and Kat Fish provide expert insight into the Network Security and IT Audit side of testing.
Full Topic Descriptions
Testing Your Processes - Kat Fish
Testing your Information Security Program is a fundamental element of most organizations, whether it's due to regulatory guidance or just good security best-practices. You can't have good security without good security governance. But what should you do or look for when it comes to testing your ISP Processes - your policies, procedures, culture, and roles and responsibilities? This session will feature one of SBS' outstanding IT Auditors, Kat Fish (yes - that's her real name!), who works with organizations across the country to identify risk and help clients build better Information Security Programs. We'll discuss the following ways to test your Processes in 2020:
- Regulatory Requirements for IT Audit
- Audit Issues
- Audit Processes
- Adequacy vs. Compliance
- Internal Audit vs External Audit
- Process Areas to Test in 2020
Testing Your Technology - Patrick Gillespie
Testing your technology in 2020 is a critical component of ensuring your network, organization, and confidential information are protected against today's cyber threats. However, there are many different ways to test your technology and many different technologies to test. Where do you start, and where should you focus? This session will feature one of SBS' talented Network Security Engineers, whose job is to identify and exploit network and application vulnerabilities to highlight risk and better protect our customers from cyber attacks.
We'll discuss the following ways to test your technology in 2020:
- Vulnerability Assessment
- Penetration Testing
- Firewall Configuration Review
- Web Application Testing
- Password Audit
- Remote Access Review
- Email System Review
Red Team vs. Blue Team vs. Purple Team - Buzz Hillestad
When you think of a “hacker,” you might envision a 15-year old kid in his (or her) mom’s basement “hacking the planet.” But that’s not what most hackers look like today. Most technical cybersecurity professionals consider themselves “hackers” as well, with varying focuses and skills. In fact, there are many different “colors” associated with hacking, from white (good guys), black (bad guys), red (offense), blue (defense), and purple (mediators).
When it comes to cybersecurity roles in business, “hackers” tend to fall into three colored “teams.” In this session, we’ll discuss the duties of each, the skills needed, and the way each team interacts with each other to improve security testing for organizations. We’ll cover:
- Red Team = Offensive Security
- Blue Team = Defensive Security
- Purple Team = Collaborative Security
- How you can leverage each “team” to improve your information security posture
Testing Your People - Chad Knutson
You’ve all heard the adage that “people are security’s greatest weakness.” It’s much easier to convince a person to break the rules they’ve been asked to follow via Social Engineering than it is to convince a firewall to break the rules it’s been programmed to follow. However, training and educating your People about cybersecurity effectively and building a culture of cybersecurity can turn your People into your greatest line of defense against today’s cyber threats.
In this session, we’ll dig into some of the best methods of training and educating your People about cyber threats, as well as how to effectively test your People to make sure your training works:
- Common Social Engineering Threats
- Effective Ways to Test Your People
- Building a Culture of Cybersecurity
- Creating Accountability When Testing Your People
- And more…
Action Tracking, Reporting Upstream, and Known Risk Exceptions - Jon Waldman
One of the most overlooked aspects when it comes to testing your Information Security Program is what you do after the testing has been completed. The goal of ISP testing is NOT to get a clean report; the true goal of ISP testing is to find the risk and improve your organization’s security.
Since there are always improvements to be made, new threats to combat, or new things to test, what you do after testing has been completed is one of the most important processes in information security. Improvement is best found when having to overcome the tests and adversity of life and business.
In this session, we’ll break down some of the best-practices to follow when building a valuable, comprehensive ISP, including:
- Follow-through on ISP testing findings and recommendations
- The 4 ways to manage risk
- It’s OK to say NO to Auditors/Examiners
- Reporting Critical ISP components upstream
- Known Risk Exceptions
- And more…
Panel Discussion - All Presenters Return
Your SBS presenters will all come back together to provide some closing remarks, address any additional discussion throughout the seminar, and answer whatever questions you might have from today's session. We'll be collecting and answering questions throughout the day, but feel free to submit any additional questions during the final break that weren't answered already.
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.