Dark Reading Cyber Security Crash Courses
Dark Reading Courses
Archived Tracks

Enterprise Defense Crash Course  

Thursday, September 22 - Thursday, October 27
Our Lecturer
X
Chris Eng, VP Research, Veracode
Chris Eng, VP Research, Veracode

Chris Eng (@chriseng) is vice president of research at Veracode. Throughout his career, he has led projects breaking, building, and defending software for some of the world's largest companies. He is an unabashed supporter of the Oxford comma and hates it when you use the word "ask" as a noun.


HIDE


Presenter: Chris Eng, VP Research, Veracode
Sep 22 1PM
Customer databases, ERP, Big Data the keys to your enterprises kingdom lie in its applications. But application security is often overlooked, both by software makers and by internal development teams. What steps can your organization take to find and repair application vulnerabilities before your attackers discover them? A top app security expert discusses key practices for scanning and securing applications.

Presenter: Rich Mogull, Analyst & CEO, Securosis
Sep 29 1PM
Cloud computing services and technology offer a level of efficiency and cost savings that most enterprises simply cant pass up. But does the growing use of cloud technology create a growing threat to enterprise data? How can IT organizations track and secure data as it travels through the cloud? In this session, a cloud security expert will discuss the key danger points in cloud computing and the latest technologies and practices for cloud security.

Oct 6 1PM
Most major data breaches start with the compromise of a single endpoint a PC, a mobile device, a user who unwittingly gives up credentials. What can your organization to protect its endpoints? How can you create and enforce end user policies that protect your corporate data? In this session, a top expert discusses how endpoints and end users are most frequently compromised and how to keep your end users from falling victim.

Presenter: Andrew Blaich, Security Researcher, Lookout
Oct 13 1PM
Everyone is saying that the introduction of mobile devices and bring-your-own-device (BYOD) policies is a security risk to the enterprise. But exactly where do those risks come from? In this session, a top expert will debunk some of the myths about mobile security while raising up some threats and vulnerabilities you may not know about.

Presenter: Randy Trzeciak, Director, Insider Threat Center, CERT
Oct 20 1PM
Major data leaks such as Edward Snowdens release of NSA data are only the tip of the insider threat iceberg. Every day, enterprises face the threat of losing insider information not only through malicious leaks but through unintentional violations of security rules. How can organizations spot the signs of a data leak and stop it before it goes too far? How can IT help prevent accidental leaks of sensitive data? A top expert offers key advice on stopping data loss from within.

Presenter: Drew Vanover, Director of Technical Solutions, Blue Coat
Oct 27 1PM
As enterprises add new networking capabilities, SDN, and virtualized server environments, the risks they face are changing as well. In this informative session, a top expert on infrastructure security will discuss the latest threats to networks and servers and how your organization can mitigate them.

Enterprise Security Management Crash Course  

Thursday, January 12 - Thursday, February 2
Our Lecturer
X
John Pironti, President, IP Architects
John Pironti, President, IP Architects

John P. Pironti is the President of IP Architects LLC. He has designed and implemented enterprise-wide electronic business solutions, information security and risk management strategies and programs, enterprise resilience capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale for over 20 years. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional (ISSAP), and Information Systems Security Management Professional (ISSMP). He frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award-winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.


HIDE


Presenter: John Pironti, President, IP Architects
Jan 12 1PM
For many organizations, making the right business decisions means making the right decisions about risk. But the risk of a cyber breach is one of the hardest variables to measure. In this session, you'll get insight on how to evaluate cyber risk, and how to perform "what if" scenarios to help your business decision makers arrive at the right choices.

Presenter: Tim Wilson, Editor in Chief, Dark Reading
Jan 19 1PM
Thanks to a plethora of major and very public data breaches, security has become one of the most critical issues in IT. What are the chief threats that security departments face, and what are they doing about them? What are today's top priorities for security professionals? This session will include data from two recent surveys of IT and security executives.

Presenter: Rafal Los, Managing Director, Solutions Research and Development, Optiv
Jan 26 1PM
Over the years, most enterprises have acquired a plethora of tools to detect and/or block security threats. But how can organizations monitor these tools to detect potential threats and measure the security posture of the enterprise? In this session, a top expert on security monitoring will offer some advice on how to monitor and report on an enterprise's security posture, and how to use the data from multiple security systems to track down sophisticated threats.

Presenter: David Bradford, Chief Strategy Officer and Director of Strategic Partnership Development, Advisen
Feb 2 1PM
One of the ways that today's enterprises are minimizing cyber security risk is by buying cyber insurance, which promises to pay them back for the costs of a major data security breach. But how much does cyber insurance cost? And what does it pay in the event of a major compromise? In this session, an expert on cyber insurance will discuss the strengths and weaknesses of cyber insurance policies and the hidden costs that it may not cover.

You've Been Breached! Crash Course  

Thursday, November 10 - Thursday, December 22
Our Lecturer
X
Zach Wikholm, Research Developer, Flashpoint
Zach Wikholm, Research Developer, Flashpoint

Zach Wikholm is a Research Developer at Flashpoint where he specializes in information security and Internet of Things (IoT) risk analysis. Driven by lifelong interests in cyber threat research, emergent malware, and all things open-source (especially Linux), Zach has built a career around designing custom systems to help organizations achieve the optimal balance between security and usability. Prior to Flashpoint, Zach's extensive experience in security engineering and IT consulting led to his role managing all internal security and network infrastructure operations as the Director of Security at CARI.net. He lives in San Diego with his wife and two dogs.


HIDE


Presenter: Peter Gregory, Executive Director, Executive Advisory, Office of the CISO, Optiv
Sponsor Speaker: Zach Wikholm, Research Developer, Flashpoint
Nov 10 1PM
As organizations such as Target have discovered, cyber attackers sometimes attack indirectly, through suppliers, contractors, and customers. But how can you ensure that third parties are keeping their own systems secure and are not providing an avenue to compromise your data? How should you work with your partners in the event of a security incident? In this session, we discuss methods you can use to vet your suppliers security -- and how to work with your partners if a compromise is found.

Presenter: Adam Kujawa, Head of Malware Intelligence, Malwarebytes
Nov 17 1PM
Another key element in assessing risk is assessing your attractiveness as a target. Today's cyber attackers range from financially-motivated criminals to politically-motivated hacktivists to state-sponsored information-gathering hacker units. This session offers a look at the different types of cyber attackers, their methods, and their motivations.

Presenter: Chris Novak, Director, Global Investigative Response, Verizon
Dec 1 1PM
To understand the cyber risk your organization faces, you need to understand the likelihood of a breach and its potential cost. In this session, a top expert discusses the many and sometimes hidden costs of a data breach, including its impact on customers and end users. You'll also get insight on the frequency of data breaches, and a better understanding of how likely it is to happen to you.

Presenter: Jerome Segura, Lead Malware Intelligence Analyst, Malwarebytes
Dec 8 1PM
In the past, most cyber attacks simply exploited the most vulnerable systems. Today, however, there is an increasing number of sophisticated attacks that target specific companies, data, or even employees. These attacks are well-disguised and may escape conventional security defenses. What tools and strategies are there to prevent these exploits? In this session, you will hear about the latest types of targeted attacks and what your enterprise can do to stop them.

Presenter: Bhaskar Karambelkar, Data Science Lead, ThreatConnect
Dec 15 1PM
The good news in IT security is that there is a growing list of resources and services that can inform you about the latest threats in cyber space. The bad news is that with so many sources and data, using threat intelligence to improve your cyber defenses can be a bewildering process. In this session, you'll get a look at some of the different types of threat intelligence data, and you'll get advice on how to choose the right ones and integrate the information to improve your defenses.

Presenter: Andy Jordan, Security Associate, Bishop Fox
Dec 22 1PM
If your organization doesn't have a plan for handling a major data breach, you're already in trouble. In order to swiftly and effectively respond to a cyber compromise, you must develop a program for first response in the data center, and downstream response in the business units and in the public eye. This session offers some guidance on how to build an incident response plan, and how to test and practice that plan so that you're ready for the real thing.

Upcoming Webinars
Webinar Archives
Building a Cybersecurity Architecture to Combat Today's Risks
Date: Oct 25, 2017
View webinar
"Layered defense" has traditionally been the modus operandi of IT security, but this approach can't be counted on to stand up to today's threats and attacks. In addition, attack surfaces are growing every day as companies adopt technologies like cloud and the Internet of Things. We'll help you rethink IT security from a strategic, architectural perspective and outline ways to build a comprehensive set of defenses that can discourage and repel attackers.

Citizen Data Scientists: What Are They, How Can They Help?
Date: Oct 26, 2017
View webinar
Join us on AllAnalytics radio as we welcome a panel of bloggers to talk about the state of today's citizen data scientist. Our guests include Pierre DeBois, Lisa Morgan, and Jen Underwood.

4 Key Steps in Implementing the Data Warehouse of the Future
Date: Oct 26, 2017
View webinar
Today organizations need performance and flexibility at an affordable price. A Hadoop-based environment offers just that: speed, scalability, and flexibility while minimizing disruption to a company. Join this session to learn how to implement the technology gradually, target the right use cases and plan for scale.

Planning for Infrastructure Transformation
Date: Oct 31, 2017
View webinar
Companies are adopting "digital business" in an effort to align business goals with technology that will help them move as fast as possible with the greatest efficiency. These initiatives cannot succeed without drastically re-thinking the infrastructure on which all systems and applications run. During this webinar we'll discuss the factors to consider and how you can develop both a strategy and tactical plans for updating your organization's infrastructure.

Ransomware: Latest Developments & How to Defend Against Them
Date: Nov 01, 2017
View webinar
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly are just around the corner. Learn how ransomware can affect your organization and steps you can take to defend your systems and users against it.

Intel's Chief Data Scientist Talks AI, Machine Learning
Date: Nov 01, 2017
View webinar
Rogers holds a PhD in Physics, and his career experience has spanned multiple industries from hedge funds, to medicine, to evangelizing big data technologies. At Intel he has spent his time in the field helping organizations solve problems by using these technologies. He'll share some of his experiences of using machine learning to tackle big problems in healthcare and child welfare. And we'll talk about the trends he sees on the horizon.

NPL 101: Get Started with Natural Language Processing
Date: Nov 07, 2017
View webinar
In this All Analytics 101-style session we will:<br> &bull;&nbspExplain technical terms and concepts around NLP<br> &bull;&nbspDive into some use cases<br> &bull;&nbspLook at what it takes to deploy NLP inside an organization<br> &bull;&nbspExamine how organizations can evaluate NLP projects

Analytics: What's Hot & What You Need to Know
Date: Nov 07, 2017
View webinar
Keeping up with the newest trends in data and analytics can be exhausting, don't get left behind the curve on the biggest trends in analytics today like Natural Language Processing, Machine Learning, Augmented Analytics, Real Time Analytics, and Edge Analytics. This five-part educational series will break out key topics in a 101-style providing an overview of technology, terms to know, real-world use cases, how to get started, and how to measure results. Check out the more detailed descriptions for these presentations and our expert speakers. Register now!

Get Started with Edge Analytics
Date: Nov 08, 2017
View webinar
Join All Analytics and Andrew Hopkins, Managing Director - IoT Products Industries at Accenture for this 101-style session where we will:<br> &bull;&nbspCover basic edge analytics terms and concepts<br> &bull;&nbspTake a closer look at common use cases<br> &bull;&nbspReview how organizations can decide when and how to deploy these technologies <br> &bull;&nbspLook at how to measure the results of these implementations.

Analytics 101: Machine Learning
Date: Nov 09, 2017
View webinar
Machine learning is a key component in the Artificial Intelligence (AI) toolbox. This technology automates the building of analytical models as machines learn from experience. More enterprises are experimenting with this technology now. Are you ready?

Building Security for the IoT
Date: Nov 09, 2017
View webinar
In this webcast, experts discuss the most effective approaches to securing Internet-enabled systems and offer advice on monitoring and protecting next-generation IoT technology. Register today!

Real-Time Analytics 101
Date: Nov 14, 2017
View webinar
In the competitive, connected, big data world, speed to insight and action are more critical than ever before. Decision makers can no longer rely on static analytics. In this session, Jen Underwood, Founder of Impact Analytix, LLC and All Analytics will walk through real-world, real-time analytics use cases for cyber-security, operations management, finance, marketing, and sports.

Ransomware: A Hunting We Will Go
Date: Nov 15, 2017
View webinar
Ransomware is one of the favorite flavors of malware and is particularly vicious and showing no signs of slowing down. Join this webinar as Senior Security Researcher Kyle Wilhoit helps us to understand ransomware trends, ransomware use cases, the financial workings behind the attacks and how to combat these attacks. Kyle will also look at some upcoming Ransomware predictions for 2018.

Get Started with Augmented Analytics
Date: Nov 15, 2017
View webinar
Augmented analytics is the next wave of market disruption in the data and analytics market, according to Gartner. It is an approach that automates insights using machine learning and natural language generation. Join Sophie Sachet, Principal Analyst at Impact Analytix and All Analytics to learn more about the concepts behind the term augmented analytics and the different uses cases.

Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.