Endpoint
4/14/2017
11:15 AM
50%
50%

10 Questions To Get Practical Answers At Interop ITX

May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.

The Interop ITX conference is just around the corner, coming to the MGM Grand in Las Vegas May 15-19. Here's how to get answers to the questions that rattle around inside your noggin every day when you're banging your head against the wall. Questions like: 

1. Can I actually block ransomware attacks, or are good backups and ransom payments my only options? If you don't want to just sit around, tossing your spare change into the "Ransom Fund Jar," waiting to be infected, then there are Interop ITX sessions for you. Don't miss "Ransomware: How to Stop It In Its Tracks and Respond When You Can't," with independent security consultant Gal Shpantzer. Also check out a bonus speed session from WatchGuard Technologies, "Malware on Main Street: How Ransomware and Zero Days Target SMBs." 

2. How can I identify potential malicious insiders and mitigate insider threats without being Big Brother and making everyone I work with hate me? Let Paul Brager, lead associate, cybersecurity architect, ICS/SCADA at Booz Allen Hamilton, guide you through some methods to balance trust with preparedness (keep both your friends and your sensitive data), in "Malicious Insider Threats: Finding Them and Rooting Them Out." 

3. How can I survive this cybersecurity skills shortage now, when everyone wants to steal my best people, I don't have enough to begin with, and I still have to wait 10 years for those 6th-grade STEM program kids? Head to "Surviving the Security Skills Shortage" and get tips from Rob Duhart, DSC Security, Control and Automation Lead/IT Manager for Ford Motor Company, Katherine Fithen, Chief Privacy Officer and Director Global IT Governance & Compliance for The Coca-Cola Company, and Ann Johnson, Vice President of the Enterprise Cybersecurity Group at Microsoft. They'll discuss ways to get by with a small staff, ways to retain the staff you've got, and better places to scout undiscovered talent than middle-school robotics competitions.   

4. Okay I get it, the Internet of Things is full of threats. What am I supposed to do about it? It probably wouldn't do to rip the smart TV off the wall and you might not be able to take down the Mirai botnet all by yourself, but you can go to "Five Ways To Prepare Your Organization To Address The Internet of Things," with John Pironti, president of IP Architects, and learn what adjustments to make to your identity management, risk profile, and more. Also check out the bonus speed session from the Trusted Computing Group "Tackling IoT Security from the Inside Out" and, considering the recent impact of IoT botnets, check out EfficientIP's speed session on "Protect Your DNS Services Against Security Threats."  

5. I can't stop my customers from using the same account logins across sites. I can't stop other sites from having breaches of login data. So how can I protect my customers and my brand from account takeover hacks? You might not be able to stand over the shoulder of every user at the account creation stage and yell "Don't do that!" However, you can let Mike Milner, co-founder and CTO of Immunio, show you an account takeover attack in action and show you countermeasures in "Live Account Takeover Hack and Tips on Preventing Today's Most Dangerous Application Threat." 

6. Hey, all this new threat intelligence data is really nice, but when exactly am I supposed to look at it, how am I supposed to know what's most important for my organization, and how can I figure that out fast enough for it to be of any use? Clearly you need to spend some of your limited time with KPMG's threat intel cyber security consultant Cheryl Biswas and senior consultant Haydn Johnson in their session "Collecting, Correlating, and Analyzing Security Data." They'll give you techniques for finding the jewels in your data (without needing to buy yet another piece of technology to do it). And don't worry; it's only an hour.  

7. Will I ever get my developers to write more secure code, and what exactly is DevSecOps anyway? Developers may speak a different language and even be from a different planet. Learn more about their needs, their motivations, and how to speak their language in "The Security Pro's Guide To DevOps: How to Get Developers to Write Secure Code," with Franklin Mosley, principal application security engineer for Ellucian. (And while you're at it, persuade your company's developers to attend Franklin's complementary session in the DevOps track, "DevSecOps: Minimizing Risk, Improving Security."

8. Am I in for an unhappy surprise the first time I file a cyber insurance claim? Does my policy really cover what I think it covers? You've probably been in cybersecurity longer than most of the companies providing cyber insurance have. If you're planning on trusting them to help your organization in its darkest times, then you'd better let David Bradford, chief strategy officer for Advisen take you through "Cyber Insurance 101" first. 

9. Almost every attack manipulates end users in some way, whether it's through a phishing message or something else. What can I do that actually makes an impact on what users let through the door? Start your week with a workshop by Bikash Barai, co-founder of FireCompass, called "Security Awareness Isn't Enough: Using the Science of Habits To Transform User Behavior." Follow it up with the session "Defeating Social Engineering, BECs and Phishing," with Bishop Fox's managing security associate Rob Ragan and security analyst Alex DeFreese. If calling users "stupid" all these years hasn't worked, surely these speakers can suggest something that will be more effective. 

10. How can I get the people who approve my budget to actually approve it, with less of a hassle?

  • Step 1. Bring them to the Dark Reading Cybersecurity Crash Course. This two-day event is an excellent way for IT generalists to get initiated on the main issues in security, so they better understand your needs, and for security pros to get quickly caught up on the latest security trends. (It even includes a talk on Speaking to Management About Security.) 
  • Step 2. Spruce up your risk management and metrics skills in "The Art of Performing Risk Assessments" by Ali Pabrai, CEO of ecfirst. 
  • Step 3. Take your business game to the next level, and learn how to explain that security might actually make money, not just cost money. Head to "Managing Risks to Reap Rewards: How to Use Security as a Growth Advantage" with Roland Cloutier, SVP and global chief security officer of ADP.

Other questions you might get practical answers to while at Interop? How does the game craps work? Which Cirque du Soleil show is your favorite? Is a "dry heat" really preferable? Register now and learn more.   

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.