Enterprise Security 2022

• In this talk, we will present the third party software supply chain attacks and defenses on web and mobile applications, and how ThreatModeling can help identify supply chain threats.
• We will then discuss third party assessments and how Risk Management plans can then be developed to mitigate vulnerabilities presented from the increased threat surface created by third party vendor tools and SDKs.

• Why is it important to assess vendor risk management?
• How to develop effective strategies for addressing higher risk vendors.
• Implementing ongoing oversight utilizing metrics and external alerts.

• Discussing how to prevent compliance violations.
• Understanding future cloud-based threat vectors; insecure APIs, hijacking, data breaches, malicious insiders & more.
• Recognising the pitfalls of misconfiguring cloud storage.

• Discussing the recent changes in public cloud technology and how Confidential Computing can be used to lock-down data and create a trusted environment, even in an environment shared by other customers, open to third parties, and in a geography that is considered untrusted.
• Discovering how Enterprises can embrace the cloud and protect confidential data like PII, PHI, and more without recoding or refactoring applications.
• Examining the benefits of Confidential Computing for protecting sensitive workloads and applications.

eviewing what we mean by a Smart City.Real Projects Discussed: Innovate Las Vegas.

To Follow Soon…

It’s become imperative for organizations from Main Street to the DoD to fundamentally rethink cyber security. It’s not something that any business can ignore; it’s a new operational reality and part of the cost of doing business. Yet too often we hear from organizations that haven’t planned or budgeted for cybersecurity—they aren’t prepared to make the investment or do the hard work.

CISA’s Zero Trust Maturity Model provides an excellent roadmap for organizations with a crawl-walk-run approach to maturing cybersecurity practice.

In this presentation, DTS Director of Cybersecurity Derek Kernus and Managing Principal Edward Tuorinsky will present both the technical thinking around Zero Trust and a leadership perspective as they discuss:

• The key element of zero-trust
• Why it’s the right model to use
• The steps involved in implementing a zero-trust architecture
• The role of culture and leadership in adoption
• Additional benefits gained through robust cybersecurity

Policies and processes are one challenge but any security effort’s success ultimately comes down to people and culture. Zero trust may require a change in an organization’s mindset around cybersecurity, but it’s an essential need for every organization.

• Deterrence is key: ensuring you have appropriate policies, strong encryption, and good access controls.
• Assessing best practice detection and monitoring techniques.
• What to do if you’ve identified an insider attack.

Reviewing what we mean by a Smart City.

Real Projects Discussed: Innovate Las Vegas.

Jeff Platon, CMO , shares insights and experiences from a Hoxhunt conducted study with 25 million phishing simulations and attacks seen in the wild. Learn key findings from the study that help transfer away from” just awareness” to effectively reducing risk together with the workforce.

– Understanding the key concepts of a cloud security program.

– Identifying the appropriate responsibility matrix for your program,

– Understanding the importance of centralized governance controls.

– Discussing the benefits of implementing infrastructure-as-code (IaC).

– Examining how vendor relationships help build your program.

• To Follow Soon…

The emergence of new and disruptive cyber technologies will change the reaches of cyber operations. How do we limit or mitigate the exploitation of the cyber domain by hostile actors in hybrid campaigns? We will also touch on the role of AI in securing the global supply chain as it relates to protecting our critical infrastructure.