Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dark Reading Cyber Security Crash Courses
Dark Reading Courses
Archived Tracks

Enterprise Defense Crash Course  

Thursday, September 22 - Thursday, October 27
Our Lecturer
X
Chris Eng
Chris Eng

Chris Eng is Chief Research Officer at Veracode. Throughout his career, he has led projects breaking, building, and defending software for some of the world's largest companies. He is an unabashed supporter of the Oxford comma and hates it when you use the word "ask" as a noun.


HIDE


Presenter: Chief Research Officer, Veracode
Sponsor Speaker: Chris Eng
Sep 22 1PM
Customer databases, ERP, Big Data the keys to your enterprises kingdom lie in its applications. But application security is often overlooked, both by software makers and by internal development teams. What steps can your organization take to find and repair application vulnerabilities before your attackers discover them? A top app security expert discusses key practices for scanning and securing applications.

Presenter: Rich Mogull, Analyst & CEO, Securosis
Sep 29 1PM
Cloud computing services and technology offer a level of efficiency and cost savings that most enterprises simply cant pass up. But does the growing use of cloud technology create a growing threat to enterprise data? How can IT organizations track and secure data as it travels through the cloud? In this session, a cloud security expert will discuss the key danger points in cloud computing and the latest technologies and practices for cloud security.

Oct 6 1PM
Most major data breaches start with the compromise of a single endpoint a PC, a mobile device, a user who unwittingly gives up credentials. What can your organization to protect its endpoints? How can you create and enforce end user policies that protect your corporate data? In this session, a top expert discusses how endpoints and end users are most frequently compromised and how to keep your end users from falling victim.

Presenter: Andrew Blaich, Security Researcher, Lookout
Oct 13 1PM
Everyone is saying that the introduction of mobile devices and bring-your-own-device (BYOD) policies is a security risk to the enterprise. But exactly where do those risks come from? In this session, a top expert will debunk some of the myths about mobile security while raising up some threats and vulnerabilities you may not know about.

Presenter: Randy Trzeciak, Director, Insider Threat Center, CERT
Oct 20 1PM
Major data leaks such as Edward Snowdens release of NSA data are only the tip of the insider threat iceberg. Every day, enterprises face the threat of losing insider information not only through malicious leaks but through unintentional violations of security rules. How can organizations spot the signs of a data leak and stop it before it goes too far? How can IT help prevent accidental leaks of sensitive data? A top expert offers key advice on stopping data loss from within.

Presenter: Drew Vanover, Director of Technical Solutions, Blue Coat
Oct 27 1PM
As enterprises add new networking capabilities, SDN, and virtualized server environments, the risks they face are changing as well. In this informative session, a top expert on infrastructure security will discuss the latest threats to networks and servers and how your organization can mitigate them.

Enterprise Security Management Crash Course  

Thursday, January 12 - Thursday, February 2
Our Lecturer
X
John Pironti, President, IP Architects
John Pironti, President, IP Architects

John P. Pironti is the President of IP Architects LLC. He has designed and implemented enterprise-wide electronic business solutions, information security and risk management strategies and programs, enterprise resilience capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale for over 20 years. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional (ISSAP), and Information Systems Security Management Professional (ISSMP). He frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award-winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.


HIDE


Presenter: John Pironti, President, IP Architects
Jan 12 1PM
For many organizations, making the right business decisions means making the right decisions about risk. But the risk of a cyber breach is one of the hardest variables to measure. In this session, you'll get insight on how to evaluate cyber risk, and how to perform "what if" scenarios to help your business decision makers arrive at the right choices.

Presenter: Tim Wilson, Editor in Chief, Dark Reading
Jan 19 1PM
Thanks to a plethora of major and very public data breaches, security has become one of the most critical issues in IT. What are the chief threats that security departments face, and what are they doing about them? What are today's top priorities for security professionals? This session will include data from two recent surveys of IT and security executives.

Presenter: Rafal Los, Managing Director, Solutions Research and Development, Optiv
Jan 26 1PM
Over the years, most enterprises have acquired a plethora of tools to detect and/or block security threats. But how can organizations monitor these tools to detect potential threats and measure the security posture of the enterprise? In this session, a top expert on security monitoring will offer some advice on how to monitor and report on an enterprise's security posture, and how to use the data from multiple security systems to track down sophisticated threats.

Presenter: David Bradford, Chief Strategy Officer and Director of Strategic Partnership Development, Advisen
Feb 2 1PM
One of the ways that today's enterprises are minimizing cyber security risk is by buying cyber insurance, which promises to pay them back for the costs of a major data security breach. But how much does cyber insurance cost? And what does it pay in the event of a major compromise? In this session, an expert on cyber insurance will discuss the strengths and weaknesses of cyber insurance policies and the hidden costs that it may not cover.

You've Been Breached! Crash Course  

Thursday, November 10 - Thursday, December 22
Our Lecturer
X
Zach Wikholm, Research Developer, Flashpoint
Zach Wikholm, Research Developer, Flashpoint

Zach Wikholm is a Research Developer at Flashpoint where he specializes in information security and Internet of Things (IoT) risk analysis. Driven by lifelong interests in cyber threat research, emergent malware, and all things open-source (especially Linux), Zach has built a career around designing custom systems to help organizations achieve the optimal balance between security and usability. Prior to Flashpoint, Zach's extensive experience in security engineering and IT consulting led to his role managing all internal security and network infrastructure operations as the Director of Security at CARI.net. He lives in San Diego with his wife and two dogs.


HIDE


Presenter: Peter Gregory, Executive Director, Executive Advisory, Office of the CISO, Optiv
Sponsor Speaker: Zach Wikholm, Research Developer, Flashpoint
Nov 10 1PM
As organizations such as Target have discovered, cyber attackers sometimes attack indirectly, through suppliers, contractors, and customers. But how can you ensure that third parties are keeping their own systems secure and are not providing an avenue to compromise your data? How should you work with your partners in the event of a security incident? In this session, we discuss methods you can use to vet your suppliers security -- and how to work with your partners if a compromise is found.

Presenter: Adam Kujawa, Head of Malware Intelligence, Malwarebytes
Nov 17 1PM
Another key element in assessing risk is assessing your attractiveness as a target. Today's cyber attackers range from financially-motivated criminals to politically-motivated hacktivists to state-sponsored information-gathering hacker units. This session offers a look at the different types of cyber attackers, their methods, and their motivations.

Presenter: Chris Novak, Director, Global Investigative Response, Verizon
Dec 1 1PM
To understand the cyber risk your organization faces, you need to understand the likelihood of a breach and its potential cost. In this session, a top expert discusses the many and sometimes hidden costs of a data breach, including its impact on customers and end users. You'll also get insight on the frequency of data breaches, and a better understanding of how likely it is to happen to you.

Presenter: Jerome Segura, Lead Malware Intelligence Analyst, Malwarebytes
Dec 8 1PM
In the past, most cyber attacks simply exploited the most vulnerable systems. Today, however, there is an increasing number of sophisticated attacks that target specific companies, data, or even employees. These attacks are well-disguised and may escape conventional security defenses. What tools and strategies are there to prevent these exploits? In this session, you will hear about the latest types of targeted attacks and what your enterprise can do to stop them.

Presenter: Bhaskar Karambelkar, Data Science Lead, ThreatConnect
Dec 15 1PM
The good news in IT security is that there is a growing list of resources and services that can inform you about the latest threats in cyber space. The bad news is that with so many sources and data, using threat intelligence to improve your cyber defenses can be a bewildering process. In this session, you'll get a look at some of the different types of threat intelligence data, and you'll get advice on how to choose the right ones and integrate the information to improve your defenses.

Presenter: Andy Jordan, Security Associate, Bishop Fox
Dec 22 1PM
If your organization doesn't have a plan for handling a major data breach, you're already in trouble. In order to swiftly and effectively respond to a cyber compromise, you must develop a program for first response in the data center, and downstream response in the business units and in the public eye. This session offers some guidance on how to build an incident response plan, and how to test and practice that plan so that you're ready for the real thing.

Upcoming Webinars
Webinar Archives
Using Threat Hunting and Threat Intelligence to Strengthen Enterprise Cybersecurity
Date: Oct 19, 2021
View webinar
IT security teams are rapidly learning that an effective cyber defense means gaining a better understanding of attackers and the methods they use. In this Dark Reading webinar, top experts offer insights on how your organization can use emerging tools and practices such as threat hunting and threat intelligence to learn more about potential adversaries and proactively identify potential attacks. Attendees will also learn how they can combine these tools and practices to create an even more effective defense.

How Security Vulnerabilities Are Introduced In the Application Development Process - And How to Stop It
Date: Oct 12, 2021
View webinar
Every day, enterprises deploy application code that contains critical security vulnerabilities - because those flaws went overlooked or unrecognized by the application development team. How do these vulnerabilities escape the development process? In this Dark Reading webinar, top application security experts outline some of the most commonly-occurring vulnerabilities and offer insight on how and why these flaws are introduced during software development. Attendees will learn about tools and practices for eliminating these vulnerabilities, and receive advice and recommendations on how to improve the development process to find and fix application security flaws - before the code is deployed.

The Death of Network Hardware Appliances and the Evolution of Cloud-Native Architectures
Date: Oct 06, 2021
View webinar
Join this informative webinar where you will hear experts discuss the death of network hardware appliances and how cloud-native architectures can help you continue to provide secure, enterprise-class connectivity.

Next-Gen Authentication: A Strategy for MFA, Passwordless, and Beyond
Date: Oct 06, 2021
View webinar
Cyber experts agree: Data cannot become more secure until end user authentication goes beyond the simple password. But what are the right tools and strategies for authentication in your organization? How can you move beyond the password and implement next-generation authentication technology? In this webinar, experts offer a broad look at your options for multifactor authentication, the challenges and pitfalls of these options, and how to develop an authentication strategy that works best for your enterprise.

Tuning your Data Storage Strategy to the Hybrid Cloud
Date: Oct 05, 2021
View webinar
Data storage strategy isnt just about where you put your data, its about how you use your data. As more organizations expand into hybrid cloud environments, they are taking another look at requirements for speed, security, sustainability, retrieval rate, retention/destruction and data governance. What data is right for multiple clouds, and what isnt? How can you prevent potential data exposure and breaches when managing multiple clouds? Learn more and get better prepared with this InformationWeek webinar.

Learn Why XDR Delivers Better Outcomes to Secure Your Endpoints
Date: Sep 30, 2021
View webinar
Endpoint security continues to evolve. The increasing complexity of the threat landscape means we can no longer depend on next-gen antivirus (NGAV) or EDR (Endpoint Detection and Response) alone to protect against sophisticated attacks. It's well known that endpoint attacks are a common and frequently used entry point for attackers to move laterally to other valuable network assets. The good news is that there is a way to get more endpoint security with less effort, it's called eXtended Detection and Response (XDR), and it's available today. XDR is a common sense approach that recognizes that endpoint security must work seamlessly with other security controls, including identity, network, and email to defend against attacks. XDR provides a more holistic and effective approach to threat response. And endpoint security plays a pivotal role in XDRs ability to deliver more simplicity, visibility and efficiency to SecOps teams. Join Cisco security and their customer as they discuss how XDR helped protect their endpoints better with less effort.

Ten Hot Talks from Black Hat 2021
Date: Sep 29, 2021
View webinar
The annual Black Hat USA 2021 in Las Vegas featured a full slate of cybersecurity researchers presenting. They offered up discoveries about new critical security vulnerabilities, new threats, and new security tools that enterprise defenders need to know about as they plan their road maps and adjust their strategic priorities for the future. Join us for the webinar for an overview of the ten hottest presentations and learn about some of the key trends explored by researchers, including supply chain security issues, the use and abuse of artificial intelligence in cybersecurity and other business applications, the latest in social engineering and disinformation, and the goings-on within organized threat groups.

Claim Your Free Event Pass Today - Enterprise Connect 9/27-9/29
Date: Sep 27, 2021
View webinar
Time is running out, secure your FREE Enterprise Connect Virtual Pass today.

Detecting and Stopping Online Attacks
Date: Sep 23, 2021
View webinar
Today's cyber attackers can compromise your systems using a variety of methods, from well-disguised malware to sophisticated, targeted exploits aimed right at your company. How can you identify these attacks quickly and respond effectively? In this Dark Reading webinar, top experts discuss executive strategies and actionable methods your security operations team can use to detect different types of attacks and trigger a quick, effective response.

The Latest Cloud Security Threats & How to Combat Them
Date: Sep 22, 2021
View webinar
More businesses have shifted critical assets and operations to the cloud, as service providers enhance their security capabilities and companies adapt to more remote workforces. And cyber attackers have adapted accordingly. In this webinar, experts outline the top ways that attackers are exploiting cloud services, applications and implementations and give advice on how to use the cloud more securely.

3 Ways to Detect and Prevent Man-in-the-Middle Attacks
Date: Sep 21, 2021
View webinar
Join this webinar as cybersecurity expert Matt Petrosky, VP of Product Management at GreatHorn Email Security discusses 2021 supply chain, MitM and vendor email compromise attack trends, dissection of 3 examples and techniques used, and requirements and considerations to detect

Keep Phishing Attacks Out of Your Inbox, Implement DMARC the Right Way
Date: Sep 21, 2021
View webinar
In this webinar, Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, will teach you how to enable DMARC, SPF, DKIM the right way. You'll also discover six reasons why phishing still might get through to your inbox and what you can do to maximize your defenses.

Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40690
PUBLISHED: 2021-09-19
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract...
CVE-2021-41073
PUBLISHED: 2021-09-19
loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
CVE-2021-23441
PUBLISHED: 2021-09-19
All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution.
CVE-2021-41393
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVE-2021-41394
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.