Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/14/2017
11:15 AM
50%
50%

10 Questions To Get Practical Answers At Interop ITX

May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.

The Interop ITX conference is just around the corner, coming to the MGM Grand in Las Vegas May 15-19. Here's how to get answers to the questions that rattle around inside your noggin every day when you're banging your head against the wall. Questions like: 

1. Can I actually block ransomware attacks, or are good backups and ransom payments my only options? If you don't want to just sit around, tossing your spare change into the "Ransom Fund Jar," waiting to be infected, then there are Interop ITX sessions for you. Don't miss "Ransomware: How to Stop It In Its Tracks and Respond When You Can't," with independent security consultant Gal Shpantzer. Also check out a bonus speed session from WatchGuard Technologies, "Malware on Main Street: How Ransomware and Zero Days Target SMBs." 

2. How can I identify potential malicious insiders and mitigate insider threats without being Big Brother and making everyone I work with hate me? Let Paul Brager, lead associate, cybersecurity architect, ICS/SCADA at Booz Allen Hamilton, guide you through some methods to balance trust with preparedness (keep both your friends and your sensitive data), in "Malicious Insider Threats: Finding Them and Rooting Them Out." 

3. How can I survive this cybersecurity skills shortage now, when everyone wants to steal my best people, I don't have enough to begin with, and I still have to wait 10 years for those 6th-grade STEM program kids? Head to "Surviving the Security Skills Shortage" and get tips from Rob Duhart, DSC Security, Control and Automation Lead/IT Manager for Ford Motor Company, Katherine Fithen, Chief Privacy Officer and Director Global IT Governance & Compliance for The Coca-Cola Company, and Ann Johnson, Vice President of the Enterprise Cybersecurity Group at Microsoft. They'll discuss ways to get by with a small staff, ways to retain the staff you've got, and better places to scout undiscovered talent than middle-school robotics competitions.   

4. Okay I get it, the Internet of Things is full of threats. What am I supposed to do about it? It probably wouldn't do to rip the smart TV off the wall and you might not be able to take down the Mirai botnet all by yourself, but you can go to "Five Ways To Prepare Your Organization To Address The Internet of Things," with John Pironti, president of IP Architects, and learn what adjustments to make to your identity management, risk profile, and more. Also check out the bonus speed session from the Trusted Computing Group "Tackling IoT Security from the Inside Out" and, considering the recent impact of IoT botnets, check out EfficientIP's speed session on "Protect Your DNS Services Against Security Threats."  

5. I can't stop my customers from using the same account logins across sites. I can't stop other sites from having breaches of login data. So how can I protect my customers and my brand from account takeover hacks? You might not be able to stand over the shoulder of every user at the account creation stage and yell "Don't do that!" However, you can let Mike Milner, co-founder and CTO of Immunio, show you an account takeover attack in action and show you countermeasures in "Live Account Takeover Hack and Tips on Preventing Today's Most Dangerous Application Threat." 

6. Hey, all this new threat intelligence data is really nice, but when exactly am I supposed to look at it, how am I supposed to know what's most important for my organization, and how can I figure that out fast enough for it to be of any use? Clearly you need to spend some of your limited time with KPMG's threat intel cyber security consultant Cheryl Biswas and senior consultant Haydn Johnson in their session "Collecting, Correlating, and Analyzing Security Data." They'll give you techniques for finding the jewels in your data (without needing to buy yet another piece of technology to do it). And don't worry; it's only an hour.  

7. Will I ever get my developers to write more secure code, and what exactly is DevSecOps anyway? Developers may speak a different language and even be from a different planet. Learn more about their needs, their motivations, and how to speak their language in "The Security Pro's Guide To DevOps: How to Get Developers to Write Secure Code," with Franklin Mosley, principal application security engineer for Ellucian. (And while you're at it, persuade your company's developers to attend Franklin's complementary session in the DevOps track, "DevSecOps: Minimizing Risk, Improving Security."

8. Am I in for an unhappy surprise the first time I file a cyber insurance claim? Does my policy really cover what I think it covers? You've probably been in cybersecurity longer than most of the companies providing cyber insurance have. If you're planning on trusting them to help your organization in its darkest times, then you'd better let David Bradford, chief strategy officer for Advisen take you through "Cyber Insurance 101" first. 

9. Almost every attack manipulates end users in some way, whether it's through a phishing message or something else. What can I do that actually makes an impact on what users let through the door? Start your week with a workshop by Bikash Barai, co-founder of FireCompass, called "Security Awareness Isn't Enough: Using the Science of Habits To Transform User Behavior." Follow it up with the session "Defeating Social Engineering, BECs and Phishing," with Bishop Fox's managing security associate Rob Ragan and security analyst Alex DeFreese. If calling users "stupid" all these years hasn't worked, surely these speakers can suggest something that will be more effective. 

10. How can I get the people who approve my budget to actually approve it, with less of a hassle?

  • Step 1. Bring them to the Dark Reading Cybersecurity Crash Course. This two-day event is an excellent way for IT generalists to get initiated on the main issues in security, so they better understand your needs, and for security pros to get quickly caught up on the latest security trends. (It even includes a talk on Speaking to Management About Security.) 
  • Step 2. Spruce up your risk management and metrics skills in "The Art of Performing Risk Assessments" by Ali Pabrai, CEO of ecfirst. 
  • Step 3. Take your business game to the next level, and learn how to explain that security might actually make money, not just cost money. Head to "Managing Risks to Reap Rewards: How to Use Security as a Growth Advantage" with Roland Cloutier, SVP and global chief security officer of ADP.

Other questions you might get practical answers to while at Interop? How does the game craps work? Which Cirque du Soleil show is your favorite? Is a "dry heat" really preferable? Register now and learn more.   

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark Reading,  7/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14248
PUBLISHED: 2019-07-24
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
CVE-2019-14249
PUBLISHED: 2019-07-24
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
CVE-2019-14250
PUBLISHED: 2019-07-24
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-14247
PUBLISHED: 2019-07-24
The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.
CVE-2019-2873
PUBLISHED: 2019-07-23
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...