The Journey to Building API Security

APIs are a crucial enabler for digital transformation and microservices. This session will delve into the API threat landscape and provide actionable tasks in taming these challenges. The presentation plan will include “Why API Security is on every CISO’s mind,” “Typical API Security Challenges,” “Best Practices for Tackling API Security,”

Les Correia Executive Director, Enterprise Cybersecurity & Risk, Estée Lauder

DE&I in Security: We CAN do more, but what more can we do?

Our hackers are diverse, so shouldn't we be? Improving diversity and inclusion in the cyber security profession will be critical to closing the industry's well-documented skills gap. The industry presents a complex picture, showing diversity with higher levels of representation than the wider technology industry in some cases, such as LGB and female representation and cyber professionals feeling confident in being themselves in the workplace.

Dr. Nida Davis Director of Security Architecture, Microsoft

Christy Emma Peel Director, Security & Compliance, Dräger

Jeffrey Moore Chief Product Security Officer, Dräger

Track 1: Compliance Frameworks - How SOCs and Risk Teams are using the framework to communicate externally - to the C-Suite, Board and Insurance organizations.

While many mature SOC’s have been adopting the MITRE ATT&CK framework since its launch in 2015 to provide a global knowledge base of threat activity, techniques and models, it’s the outside of the SOC frameworks that business leaders, compliance and risk teams, risk insurers and industry are placing their emphasis on.
The session will discuss the link between compliance and the SOC and whether or not your organization is using these frameworks to protect your organizations against modern threats while providing evidence outside of the SOC to demonstrate adherence to the framework’s controls.
•What are the clear links between compliance and your organizations SOC?
•How is your business using these frameworks to protect the organization?
•Is it important to provide evidence outside of your SOC?

Track 2: Cyber & The Board: You had their Curiosity, Now you have their Attention

Boards have always found it simple to appreciate and justify the use of locks, keys, and cameras to protect essential infrastructure. However, as security risks have migrated deeper into cyberspace and become more complicated, it has become more difficult for boards to determine how effective information security officers are.
All of this is changing. Following the pandemic, boards are mandating organisational resilience and attempting to establish a brand that promotes an effective security culture. There are currently security committees that are monitored by qualified board members. Most importantly, cybersecurity risk as a fundamental determinant in third-party transactions and commercial engagements such as M&A, where security is increasingly becoming a competitive advantage desired by investors.

Track 3: Response Learning - Improving Security Post Incident

• What opportunities do you see for organisations to improve how they learn from cybersecurity incidents?

Securing Innovation

Your organization is implementing new technology, some of it may be extremely innovative. It's so modern in fact, that the business has never come across such tech before - metaverse, blockchain, NFT. How do you work with the CIO to make sure the roll out and usage of said tech is secure?

Going on the offensive in a democratised age

The need for security leaders to be proactive and on the offensive has often been seen as the best way to take on cyber risk which is growing every day. Yet how is this meant to be achieved as organisational seek to accelerate digital transformation where risk and compliance issues slow progress. The world of Hybrid work and accessing global talent pools demand that ever more distributed workers are given access to key data and tools and demand their employers trust them in the process. At the same time different functions who are desperate to take control of their digital destinies to create better customer solutions faster. How can security leaders meet the future of Cyber war head on as organisations seek to build a culture of trust, democratisation and customer centric responsiveness.

Zero Trust

Josh Copeland Security Operations Center (SOC) Director, AT&T

Information Security and Reputational Impact of Social Media

Social media is no longer just another means by which to communicate with one another, it has become a source of cybersecurity intelligence as well as a threat vector unto itself. The threat is just not cyber but one of brand and reputation. In the age of mis and disinformation all organizations, all organizations cannot continue to ignore the impact that social media has on brand, reputation and trust.

Lester Godsey Chief Information Security Officer, Maricopa County

Adaptive Security

The adaptive security model is a cybersecurity strategy that focuses on prevention, detection, and response. The adaptive approach ignores standard perimeter concepts and believes that there is no distinction between safe and unsafe. This is a critical paradigm shift, especially in light of the move to cloud services and ubiquitous computing outside of the company.