Endpoint
4/14/2017
11:15 AM
50%
50%

10 Questions To Get Practical Answers At Interop ITX

May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.

The Interop ITX conference is just around the corner, coming to the MGM Grand in Las Vegas May 15-19. Here's how to get answers to the questions that rattle around inside your noggin every day when you're banging your head against the wall. Questions like: 

1. Can I actually block ransomware attacks, or are good backups and ransom payments my only options? If you don't want to just sit around, tossing your spare change into the "Ransom Fund Jar," waiting to be infected, then there are Interop ITX sessions for you. Don't miss "Ransomware: How to Stop It In Its Tracks and Respond When You Can't," with independent security consultant Gal Shpantzer. Also check out a bonus speed session from WatchGuard Technologies, "Malware on Main Street: How Ransomware and Zero Days Target SMBs." 

2. How can I identify potential malicious insiders and mitigate insider threats without being Big Brother and making everyone I work with hate me? Let Paul Brager, lead associate, cybersecurity architect, ICS/SCADA at Booz Allen Hamilton, guide you through some methods to balance trust with preparedness (keep both your friends and your sensitive data), in "Malicious Insider Threats: Finding Them and Rooting Them Out." 

3. How can I survive this cybersecurity skills shortage now, when everyone wants to steal my best people, I don't have enough to begin with, and I still have to wait 10 years for those 6th-grade STEM program kids? Head to "Surviving the Security Skills Shortage" and get tips from Rob Duhart, DSC Security, Control and Automation Lead/IT Manager for Ford Motor Company, Katherine Fithen, Chief Privacy Officer and Director Global IT Governance & Compliance for The Coca-Cola Company, and Ann Johnson, Vice President of the Enterprise Cybersecurity Group at Microsoft. They'll discuss ways to get by with a small staff, ways to retain the staff you've got, and better places to scout undiscovered talent than middle-school robotics competitions.   

4. Okay I get it, the Internet of Things is full of threats. What am I supposed to do about it? It probably wouldn't do to rip the smart TV off the wall and you might not be able to take down the Mirai botnet all by yourself, but you can go to "Five Ways To Prepare Your Organization To Address The Internet of Things," with John Pironti, president of IP Architects, and learn what adjustments to make to your identity management, risk profile, and more. Also check out the bonus speed session from the Trusted Computing Group "Tackling IoT Security from the Inside Out" and, considering the recent impact of IoT botnets, check out EfficientIP's speed session on "Protect Your DNS Services Against Security Threats."  

5. I can't stop my customers from using the same account logins across sites. I can't stop other sites from having breaches of login data. So how can I protect my customers and my brand from account takeover hacks? You might not be able to stand over the shoulder of every user at the account creation stage and yell "Don't do that!" However, you can let Mike Milner, co-founder and CTO of Immunio, show you an account takeover attack in action and show you countermeasures in "Live Account Takeover Hack and Tips on Preventing Today's Most Dangerous Application Threat." 

6. Hey, all this new threat intelligence data is really nice, but when exactly am I supposed to look at it, how am I supposed to know what's most important for my organization, and how can I figure that out fast enough for it to be of any use? Clearly you need to spend some of your limited time with KPMG's threat intel cyber security consultant Cheryl Biswas and senior consultant Haydn Johnson in their session "Collecting, Correlating, and Analyzing Security Data." They'll give you techniques for finding the jewels in your data (without needing to buy yet another piece of technology to do it). And don't worry; it's only an hour.  

7. Will I ever get my developers to write more secure code, and what exactly is DevSecOps anyway? Developers may speak a different language and even be from a different planet. Learn more about their needs, their motivations, and how to speak their language in "The Security Pro's Guide To DevOps: How to Get Developers to Write Secure Code," with Franklin Mosley, principal application security engineer for Ellucian. (And while you're at it, persuade your company's developers to attend Franklin's complementary session in the DevOps track, "DevSecOps: Minimizing Risk, Improving Security."

8. Am I in for an unhappy surprise the first time I file a cyber insurance claim? Does my policy really cover what I think it covers? You've probably been in cybersecurity longer than most of the companies providing cyber insurance have. If you're planning on trusting them to help your organization in its darkest times, then you'd better let David Bradford, chief strategy officer for Advisen take you through "Cyber Insurance 101" first. 

9. Almost every attack manipulates end users in some way, whether it's through a phishing message or something else. What can I do that actually makes an impact on what users let through the door? Start your week with a workshop by Bikash Barai, co-founder of FireCompass, called "Security Awareness Isn't Enough: Using the Science of Habits To Transform User Behavior." Follow it up with the session "Defeating Social Engineering, BECs and Phishing," with Bishop Fox's managing security associate Rob Ragan and security analyst Alex DeFreese. If calling users "stupid" all these years hasn't worked, surely these speakers can suggest something that will be more effective. 

10. How can I get the people who approve my budget to actually approve it, with less of a hassle?

  • Step 1. Bring them to the Dark Reading Cybersecurity Crash Course. This two-day event is an excellent way for IT generalists to get initiated on the main issues in security, so they better understand your needs, and for security pros to get quickly caught up on the latest security trends. (It even includes a talk on Speaking to Management About Security.) 
  • Step 2. Spruce up your risk management and metrics skills in "The Art of Performing Risk Assessments" by Ali Pabrai, CEO of ecfirst. 
  • Step 3. Take your business game to the next level, and learn how to explain that security might actually make money, not just cost money. Head to "Managing Risks to Reap Rewards: How to Use Security as a Growth Advantage" with Roland Cloutier, SVP and global chief security officer of ADP.

Other questions you might get practical answers to while at Interop? How does the game craps work? Which Cirque du Soleil show is your favorite? Is a "dry heat" really preferable? Register now and learn more.   

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.