Mastering DevSecOps and Security Operations in 2021
Speakers Expected From
hours of Tech Talks
WHAT'S NEW IN Cyber Security 2021
CII / CIP
Mastering DevSecOps and Security Operations in 2021
The world is changing enormously fast, and so do the cyber security threats and issues.
To stay up to date and be ready for the newest security challenges - using clouds, scaling the users remote access, apply the most actual and relevant security standarts - one has to upgrade their knowledge as often as possible
We've gathered the world-class security specialists to share their experience, best practices and special approach to problem solving.
"Security Predictions: Where is the Security Industry Going Next?"
Security Predictions: Where is the Security Industry Going Next?
Every year the top security companies, industry thought-leaders and tech media publications come out with their predictions for the coming year. And every year Dan Lohrmann publishes his roundup of these security industry reports, forecasts and trends. The report for 2021 can be found at: https://www.govtech.com/blogs/lohrmann-on-cybersec...
In addition to counting down (and referencing) the top 21 security prediction reports from the leading vendors, this webinar will examine: - Where is their agreement on what's coming next? - Where is their major disagreement? - Where will cyberattacks come from next? - Which vendors have the best reports (and why)? - Who are the award-winners for most creative, most likely, most scary and other security industry predictions?
We will discuss security and tech predictions on AI, autonomous vehicles, cloud solutions, cyberthreats, ransomware, IoT, malware, multi-factor authentication, business priorities, data breaches, spending, new vulnerabilities to watch for, mobile threats, 5G, new announcements, major security incidents, government contracts, election security, attacks on global events (like the 2021 Olympics), cyber incident response and much, much more.
This session is a crash course for CISOs and cyber risk leaders. How do you give a cyber talk for non-cyber executives and the board? In this segment, author of 'Cyber Risk Leaders: Global C-Suite Insights, Shamane Tan will walkthrough key extracts from her years of research and more than a thousand coffee meetings with CxOs from across the globe. Find out where do Birds & Buttons fit in, as Shamane highlights key cyber risks success criteria for board and executives.
This presentation will provide an in-depth analysis of the latest trends, tactics, and news of the cyber threat landscape as seen from the eyes of a practicing security engineer. Once you have seen what the bad guys have been up to today, you will be exposed to a crash course of security best practices and architecture design that will help avoid the breach of tomorrow.
"The Future of Security: Community & Collaboration"
The Future of Security: Community & Collaboration
(1) Intro to Speaker, Speaker background & how they got into tech/security (2) Open source and open collaboration and its impact on Security (3) Learning from each other at all ages and abilities (4) An idealistic picture of the future
When building cloud applications, we should always bear in mind that our services are exposed on the Internet and can be accessed by anyone and may have untrusted users.
Because of this, we need to be proactive and aware of these possible security threats so that we can design our cloud applications to be able to handle them properly. Apart from preventing malicious attacks, cloud applications must also be designed to protect sensitive data and grant access for certain resources to only authorized users.
In this session, I will be talking about 3 security patterns that can be used to prevent malicious or accidental actions outside of the applications designed usage, and to prevent disclosure or loss of information when building for the cloud.
"Hashes, hashes everywhere, but all I see is plaintext..."
Hashes, hashes everywhere, but all I see is plaintext...
A technical talk specifically covering unorthodox and advanced password cracking techniques, passphrase cracking, an example of crypto-wallet cracking and foreign language password cracking. This talk contains numerous examples of password cracking tooling and syntax as well as a video showing a multi stage password attack.
To clarify, this talk is best suited toward a technical audience / individuals already in technical cyber security roles and existing penetration testers, although anyone with an interest in password cracking will still learn lots.
"SOCKS Over RDP and Citrix - How to Pentest over Jump Boxes"
SOCKS Over RDP and Citrix - How to Pentest over Jump Boxes
In 2020, some penetration testers are still struggling with what should be basic tasks, such as testing over jump boxes; which is quite a common request from clients. Although there have been many attempts to try to solve this issue in different ways, there is nothing that could be used effectively from the perspective of time and effort. At the moment Balaz is assembling a tool that creates a virtual channel over an RDP connection and spins up a SOCKS5 proxy on a remote host, just like SSH's –D switch. This solution could easily and effectively resolve the recurring pain points that penetration testers experience when trying to test via such restrictions.
An Ethical Hacker Guide to protecting Windows Endpoints
When it comes to cyber security, one thing is clear: the most potent threat vectors into any organization are its endpoints. Your endpoints represent fertile ground for attacks because their users, applications, and services often have elevated privileges that give cyber criminals an easy on-ramp to the inner workings and data within your organization.
But you can fight back. Endpoint privilege management is a set of technologies IT security teams can use to automatically contain threats long before they become exploits.
Join Thycotic Advisory CISO Joseph Carson for an endpoint security webinar and see first-hand how a vulnerability is used to get to an endpoint.
"Open Source-based SOC - Why, When and How to avoid Traps"
Open Source-based SOC - Why, When and How to avoid Traps
Security Operations Centers are at the centre of modern security programs and hence requires proper thinking in their design and delivery. We'll walk through all key aspects, pros&cons when selecting the right people, process, technology, culture and metrics consistently ramping up and maturing Open Source-based, highly scalable and effective SOC.
"Rage Alongside The Machines - Practical Advice for Automating Investigation and Response"
Rage Alongside The Machines - Practical Advice for Automating Investigation and Response
If the idea of automating breach response fills you with a sense of uneasiness, you're definitely not alone. But the flipside of doing everything manually isn't ideal either – and can actually bring more risk to a situation, especially during a major incident. During this session, Sam and Jess (aka The Real Housewives of Automation), will explain where, how and when automation can help you investigate and respond quickly, accurately, and without creating a LinkedIn profile updating moment.
Here's what we'll be discussing:
End to end automated vs manual response – a look into a real breach through two different lenses The machines are our friends – how automation will help your team thrive Raging alongside the machines – how to get the right balance Investigation and response automation – where to start and how to finish
From ancient Greece to present day, the art of social engineering has been used by military strategists , con artists and hackers to gain access to important information from unsuspecting victims. Social engineering can take several forms all of which aim to take advantage of human emotion. While the technologies available for conducting social engineering attacks continue to evolve, the basic premise of these attacks stays the same and has done so throughout history.
"Eyes on the future, watching over your shoulder: XSS still in your path"
Eyes on the future, watching over your shoulder: XSS still in your path
Nowadays, APIs (Application Programming Interfaces) are a central piece in software architecture and a foundational element of innovation. By nature, APIs expose application logic with a clear separation of concerns (SoC), powering micro-service-oriented architectures and boosting feature-reach software throughout the integration of multiple service providers.
This technological trend makes well-known vulnerabilities, such as Cross-Site Scripting (XSS), sound like a thing of the past, but we'll prove it wrong. In this talk, we will dissect the anatomy of a security vulnerability recently found on a popular helpdesk software. We will discuss in-depth how an API was used as an attack vector to exploit an XSS vulnerability, leaving the door open to takeover agents' accounts or hijack administrators' sessions.
Attendees will get a better understanding of how threat models changed with the rise of APIs in modern software architectures and how to deal with it from a security perspective.
Gives access to Junior track only with no recordings. Focuses on entry-level content around Cyber Security.
Q&A panel participation
Live stream for both tracks
Q&A panel participation
Recordings of both tracks
Certificate of attendance
Gives access to both Junior and Senior tracks, recordings are included. Focuses on deep tech content around Cyber Security.
While offline events are temporarily gone, Geekle never stops! We are running the Cyber Security Global Summit on June 29-30, 2021. Our speakers are leading experts from top companies all over the world who are ready to share what challenges Cyber Security experts face in their work.
Geekle has the unique experience to gather huge tech summits with 10'000+ attendees in different tech domains. We hope to create something the world has never seen before for the Cyber Security Community!
See you all!
Geekle Corp. 910 Foulk Road, Suite 201 Wilmington, DE 19803, USA