Red Flags Reimagined; The Evolution of Insider Threat

Employees are choosing permanent remote work, the ‘great resignation’ is overwhelming offboarding resources, nation states and criminal groups are getting bolder at recruiting employees to steal and ransom data, and COVID and political divisions are increasing employee stress, distraction, and disenfranchisement. To borrow from the cybersecurity ‘CIA Triad’ model, the Confidentiality, Integrity and Availability of […]

The Case for CMMC as a Unified Cybersecurity Standard

Cybersecurity standards have multiplied over the past two decades. FedRAMP, RMF, 800-171, and many others have complicated the lives of security professionals and made compliance a very expensive and highly stressful job. In this presentation, we’ll explore the relationship between the major standards, and the pros and cons of working towards a universal standard based […]

The Anatomy of Common Ransomware Attacks

This session will start with a brief overview of ransomware attacks and trends to set the stage. Subsequently we will dive into specific ransom attack life cycle components as they play out in real incidents. To close the session, we will be covering some core defenses to help better fend off ransomware attacks. Lessons Learned: […]

Take Control of Your Controls

Controls are implemented to address vulnerabilities and manage risk.  If your organization has key IT controls documented, monitored, tested in an enterprise GRC tool, and clear auditor evidence, this presentation is not for you.  A discussion on how to determine key controls, when to get those controls into a GRC, what makes great evidence for […]

Why Companies Fail PCI DSS Assessments

Having performed hundreds of PCI DSS assessments as a PCI QSA (Qualified Security Assessor) and signed just as many Attestation of Compliance (AOCs), we have identified common reasons why companies fail PCI DSS assessments. Some are technical in nature but a significant number of them is the ever-present question on scope. All of these have […]

Impactful Cybersecurity Tabletops

Table top exercises are a great tool to identify gaps and improve security posture. Sometimes mandated by regulations while other times directed by the board. They consume a lot of time and pull key people away from their daily jobs. Learn how to make them worth it and gain buy in from other areas across the organization. Learning Objectives: Effective planning leading up to […]