High-profile security breaches, data thefts and cyberattacks are increasing in frequency, ferocity and stealth. They result in significant loss of revenue and reputation for organizations, destabilize governments, and hit everyone’s wallets. Cybersecurity is in the global spotlight and, now more than ever, organizations must understand how to identify weaknesses and protect company infrastructure from incursions. To do this, companies need cybersecurity rock stars — true experts on the leading-edge of technology in the real-world.
IEEE Computer Society is bringing together security experts from leading organizations such as IBM, the Department of Homeland Security, BAE, VISA, Cigital and HP at a one-of-a-kind event, Rock Stars of Cybersecurity, in Austin, TX, on September 24, 2014, to discuss real-world case histories and provide authoritative, actionable advice and strategies.
One important area to be addressed in sessions is risk management and new approaches to securing the enterprise. In his talk, “Security Frameworks, Strategies & Mitigation Efforts: Will They Lower Your Risk?,” Peter Allor, cybersecurity strategist, federal, IBM will address how governments worldwide are looking to secure not only their environments, but also critical infrastructures and the private sector supply chains that keep government domains operating. He explores a non-regulatory approach to security that differs from traditional compliance checklists and helps focus on the strategy of the business to transform security from a “Doctor No” blocking to a security posture enabling business operations.
Peter Fonash, CTO, U.S. Department of Homeland Security, will discuss how to strengthen the security ecosystem. Strengthening the security and resilience of the cyber ecosystem requires reducing the number of vulnerabilities and improving the ability to automatically mitigate attack methodologies. A general consensus has been forming in the cybersecurity community that cybersecurity defenses must become more automated, less reactive, more distributed and better informed. Fonash will address the role of DHS in cybersecurity, summarize existing programs to improve cybersecurity, discuss cybersecurity challenges and then present initiatives to meet those challenges.
Brett Wahlin, chief information security officer, HP, will deconstruct the current security paradigm vis-a-vis today’s business risk-centric environments and articulate the precept of a predictive behavior-based capability in “Security 2020: Predictable, Sensible, and Preemptive.”
In addition to understanding best practices, it’s equally important to understand what not to do, and some of the most common security mistakes companies of all sizes are making. In his talk, “Cyber Defense: 7 Sins of Security,” Peder Jungck, vice president and CTO at BAE, will highlight examples and lessons-learned framed around seven sins of the IT security mindset that shift in the face of the modern cyber adversaries.
A panel discussion will address the true goal of security programs — is it to find a cure, prevention or both? The problems that have created the need for increased cybersecurity have often been compared to a chronic illness that continuously mutates as it plagues businesses and consumers alike. And, like chronic illnesses of all kinds, there’s a debate about whether cybersecurity strategies should focus on prevention or cure. Experts including David Rockvam, vice president, Entrust, and Will Hurley, co-founder, Chaotic Moon Studios, will join moderator Joshua Greenbaum, principal, Enterprise Applications Consulting, to explore what these two very different approaches mean and what needs to be done by consumers, businesses, Internet providers, and government and nongovernment agencies in order to provide appropriate levels of safety and security at home and at work.
In addition to building enterprise-level security strategies, companies must design security into their technologies, processes and systems. Sarath Geethakumar, senior director — global information security, VISA, will discuss “Building Security into Payment Systems and Applications.” Rapid technology changes are forcing payment systems and solutions to constantly evolve. This evolution not only paves way for new and improved solutions, but also makes them lucrative and easy targets for attackers.This presentation explores how to build security into applications to ensure better, reliable and scalable solutions. Secure software development, when tailored to integrate into new and evolving agile methodologies, ensures a better and more secure software assurance model, as opposed to traditional post-development assurance approaches.
Improving software security at the development level is key, and Gary McGraw, CTO, Cigital will address a new model software security in his talk, “Scaling a Software Security Initiative: Lessons from the BSIMM.” He’ll provide important lessons in scaling software security touchpoints, and making them work efficiently and effectively in a global software security initiative. He’ll focus on the top three touchpoints — code review with a static analysis tool, architectural risk analysis and penetration testing — discussing the tools, technology, people and processes for each. The issues will be addressed head on, using examples from the 70+ Building Security in Maturity Model (BSIMM) firms and many years of real-world experience.
In today’s complex cybersecurity environment where new threats are ever-looming, organizations need rock star advice from the most visionary leaders. IEEE Computer Society’s Rock Stars of Cybersecurity will be held in Austin, September 24, and registration details and more information can be found at www.computer.org/portal/web/Rock-Stars/Cybersecurity.
Amanda Sawyer is the Manager of Key Technologies at IEEE Computer Society. She may be reached at edtor@ScientificComputing.com.