Transition and change are two different states. For cyber security understanding how to identify and respond accordingly is important for the profession, the practice and the professional. So what is the impact of this increasingly important factor in a world where we continue to secure ‘a moving target’?

Delivering innovative cybersecurity leadership is critical for the global economy. In 2021 alone, there was a dramatic increase in ransomware activity, and according to Harvard Business Review, the worldwide cost of ransomware is predicted to exceed $265 billion by 2031. Because of this, cybersecurity professionals have increased pressure to keep their organizations safe. We must recognize that people are both the best response to cyber-attacks, and the weakest link in cyber security chains. In many organizations, there is a worrying absence of an innovative leadership mindset in how organisations approach their own cybersecurity. It’s critical to foster an environment where employees have the knowledge and instinct to be the first line of defense.

This panel will explore some of the following topics:
•How the last 2+ years of technology disruption has changed your roles as cybersecurity leaders
•Broadening the diversity of available security skill sets to cover the full scope of vulnerabilities for on-premises, cloud, networking, hosts, mobile, applications, etc.
•How effective and innovative solutions can bridge the talent gap and address both near term and longer-term needs.
•What your most pressing challenges are when redefining your cyber strategy and internal cultural mindset

Designing a secure application from the start is far more cost effective than playing whack-a-mole with security vulnerabilities in production. We will explore simple techniques to get developers thinking about security at the design stage, before they start writing code.

While governance, risk, and compliance were once seen as the organisation’s police- reacting to violations, misconduct, or other wrongdoing- that is no longer the case. Without a robust GRC framework that includes ESG, resiliency and strong cyber and compliance programmes, there is a serious risk to a company’s reputation and its ability to attract and retain the best talent and customers. A well-planned GRC strategy comes with lots of benefits: improved decision-making, more optimal IT investments, elimination of silos, and reduced fragmentation among divisions and departments, to name a few.
The stakes have been raised and there are no more excuses. The uncertainties and challenges faced by organizations will only escalate with ongoing technological advancements, a volatile economic and geopolitical landscape, mounting regulations, evolving environmental and social factors, and more.

Join this roundtable to discuss the following questions:
•The massive experiment with remote work puts sensitive company data at risk. How are you managing this from a GRC perspective?
•To manage regulatory compliance risks and mitigate the threat of data breaches, how can DPOs and legal leaders create successful cross-departmental alliances and efficient workflows?
•As cyber-attacks become more devastating, what are some ideas you must minimize risk within the organization?
•How has Environmental/Social/Governance (ESG) affected your GRC strategy?
•What can companies do to strengthen resilience and become future-ready, while also keeping in mind GRC policies?
•Has your organization done any work in breaking the siloes between risk, audit, compliance, and security teams to reduce redundancies and inconsistencies?
•What ideas do you have to move from the traditional and reactive approach to risk management, to one that is initiative-taking, tech- driven, and resilient?

Vulnerabilities in third party software are identified as one of most frequently exploited and costly attack vectors targeting organisations and their supply chains. This issue is perpetuated by a systematic reliance on third party and open source code. In fact, the Linux Foundation estimates that Free and Open Source Software (FOSS) constitutes 70-90% of modern software solutions.
ReversingLabs recently conducted a survey demonstrating that despite 98% of respondents recognizing third party and open source software as contributors to the increasing security risk, only 37% have a way to detect tampering across their software supply chain. Further, 54% of software suppliers acknowledged that their employer was at least open to the possibility that it would distribute software with a known security issue in order to meet delivery schedules.
There is a clear discrepancy between recognition of the risk and impact imposed by a software supply chain attack, and an effort to protect against it. This begs the question, whose responsibility is it to fix?

During this session, we will:
•Define key stakeholders in the supply chain
•Discuss roles and functions within an enterprise responsible for protecting against supply chain attacks
•Explore actionable steps to manage software supply chain security risk exposure
•Analyze how the supply chain threat landscape has changed and why software suppliers are increasingly targeted
•Identify drivers for change (e.g. legal, regulatory, and mandatory requirements)

Cloud adoption has grown rapidly in recent years. With remote work becoming the norm, companies need to be able to support and provide critical services to their off-site staff. Cloud-based infrastructure can bring significant benefits to an organization. It offers greater flexibility and scalability, and the ability to reduce costs and overhead by outsourcing much of an organization’s infrastructure stack to the cloud provider.
According to Check Point’s 2022 Cloud Security Report, 27% of organizations have experienced a security incident in their public cloud infrastructure within the last 12 months. Of these, a quarter (23%) were caused by security misconfigurations in cloud infrastructure. Other significant contributors to cloud breaches included improper data sharing (15%), compromised accounts (15%), and vulnerability exploitation (14%).
With the move to the cloud comes a need for cloud security. Cloud-based applications must be protected against attacks, and cloud-hosted data must be protected against unauthorized access in accordance with current regulations. Unfortunately, many organizations today are unfamiliar with how to secure cloud infrastructures. Multi-cloud deployments with diverse types of vendor-provided security settings make it even more difficult to adopt a robust security oversight which, in turn, could result in cloud-based resources being exposed to hackers.
As cloud strategies rapidly evolve, cloud security challenges have become a difficult hurdle to overcome. Join this roundtable to discuss what other leaders are doing to ensure their cloud stays secure and their organization stays resilient in a constantly evolving landscape.

Join this roundtable to discuss the following questions:
•How has the constantly evolving cyber security regulatory scope affected your deployment of the cloud? What are some of the cloud compliance challenges you are working through?
•Securing the cloud can be challenging, especially in complex, multi-cloud environments. What are some of the biggest challenges that organizations face when attempting to secure their cloud workloads?
•Has the Great Resignation and lack of qualified staff affected your cloud deployment? How are you working through this?
•Cloud environments differ significantly from on-prem infrastructure, which means that traditional security tools and approaches do not always work effectively in the cloud. How has this affected your security strategy?
•What innovative tools or platforms are you working with in this area?
•How can organizations work to secure their infrastructure when collaborating with vendors and third-party risk?

One of the biggest cybersecurity challenges is to justify the value of the right toolset that will identify, detect & thwart organized adversaries’ attack campaigns. Over the last couple of decades, organizations have adopted in depth defense strategies to provide layered defense mechanisms with the aim to protect valuable assets & information. During this session, we’ll explore some of the shortcomings of those strategies and how building walls doesn't help in containing breaches. We’ll also explore how a unified SOC toolset drastically empowers analysts to reduce the time required to identify and contain cyber-attacks, directly impacting the ROI of an organization's cybersecurity investment.

NLP has brought about many changes to our industry, opening the door for language services companies to become Language Intelligence companies, solving complex problems where language solutions are central. After successfully leading the EU's MAPA project (Multilingual Anonymisation for Public Administrations), Manuel Herranz will delve into the different ways to anonymize / pseudonymize /obfuscate sensitive content when working with data at scale, what are the roles and expectations and how GDPR compliant organisations can use anonymization for a more transparent relationship with their users and clients.
Manuel is CEO at Pangeanic. He will present different types of data anonymisation, such as data masking, pseudonymisation, redaction, obfuscation, and typical use cases.
In addition, you will hear some of the challenges in applying anonymisation when data is accessed by many users in modern environments, and how to overcome them.

The worldwide cyber talent shortage is real and growing. Just in the US there are 1 million people employed as cyber security professionals, but over 700,000 unfilled job postings and that number is growing at an alarming rate. Globally, the gap is at least 2.7 million. Initiatives are underway to address the shortage spanning government, industry groups, and the private sector, however the short-term cybersecurity implications are alarming. The lack of skilled practitioners extends beyond the issue of headcount- deficiencies exist in capability, diversity, morale and more. But effective and innovative solutions can bridge the talent gap and address both near term and longer term needs.

In this session we will discuss:
• Current options to increase the cyber talent capacity required to meet organizations’ current and future security needs.
• Broadening the diversity of available security skill sets to cover the full scope of vulnerabilities for on-premise, cloud, networking, hosts, mobile, applications, etc.
• The challenges, and importance, of establishing a continuous testing practice to keep pace with the continuous application development and deployment methodologies.
• The advantages of leveraging a global researcher community as part of your security operations.
• The importance of standard testing frameworks and operational transparency in leveraging untapped and available security talent

Hiring enough application security experts to ensure that all software is built and deployed securely is an increasingly impossible task. The solution is to move the responsibility for security into the development teams themselves through security champions.