Daniel Conroy never expected to be a CISO. He never expected to be in America. He was a rugby playing, triathlon-competing lad from Ireland, who came to the United States for a brief stint with a semiconductor company, using his background as an electrical engineer. Seventeen years later, Daniel, his wife and children are living in Stamford, Connecticut where he is a much sought after CISO in the industry.
The Triathlon of Cyber Security
As his background in rugby and triathlons attest (he took up triathlons because they were easier on his knees), Conroy is fiercely competitive. As a CISO, he realizes that his opponents are trained well-funded and well-connected cyber criminals – and that’s an understatement.
Conroy’s past harkens back to the days when information security, or the more archaic term “computer security,” was part of a job function, and not its own function. “Back then,” Conroy said, “using a Super Bowl analogy, it was 11 defenders facing 11 attackers. Things have changed. It’s still 11defenders but now they have to face the entire stadium. Our approach to security has had to change.” Conroy said.
Matt Hollcraft, CISO Maxim Integrated
Ryan Kazanciyan, CSA Tanium
The amount of time an attacker remains within your network directly affects the scope and cost of a breach. As you know, attackers are creative; once in your network, they can remain undetected for months, wreaking havoc along the way.
But investigating and hunting are easier said than done. Each day, security professionals are faced with a constant flood of alerts to filter through and prioritize. And, during an active investigation, it’s a struggle to understand the context of any anomalies without a clear picture of what’s happening across your network.
In this webinar, we’ll share real-world examples from the front lines of cyber-hunting, and discuss best practices on how to reduce the mean time to investigate.
Wednesday, July 12, 10 am PDT / 1 pm EDT
By Devon Bryan
"We drive into the future looking into our rear view mirrors" Marshall McLuhan
Notably absent from the dearth of ongoing blockchain conversations, is the cyber defenders perspective. Perhaps the reasoning could simply be that thought-leaders feeding the blockchain hype cycle are opposed to having security types pouring cold water on their "1000 blockchain flowers blooming" conversations.
Or, perhaps the "paid paranoids" across the security community are still wrestling with the decision of which existing security risk management framework applies to this peer-to-peer distributed ledger technology, if any at all.
By David Sheidlower
Security professionals feel no great joy in being right about patching. The past two months have been a period of “I told you so” moments for anyone who has ever had to have the conversation with a sys admin about the importance of patching. (It’s been a long time for me but the memory lingers.)
Still security professionals care more about being safe than being right so, as I say, there’s no great joy. But, now that we’ve had two months of ugly exploits that were very much enabled by unpatched systems and everyone appears to be paying attention, we should take a few moments to review the excuses we’ve heard for why it was not important to patch.
Security Current, the premier information and collaboration community by CISOs for CISOs, named Verodin the winner of its Security Shark Tank® New York City competition. The event brought security solution providers face-to-face with potential buyers.
Participating vendors were given 15 minutes each to pitch their solution in a rapid fire question and answer format to a panel of information security executives interested in innovative technologies. The executives scored each vendor based on innovation and vision, ease of use and implementation, value to the industry, and the presenter’s ability to clearly and effectively articulate their value.
CISO Daniel Conroy served as event host and panel moderator.
The CISO panel included:
James Beeson, CISO, Cigna
David Hahn, CISO, Hearst
Michael Higgins, VP & CISO, NBCUniversal Inc
Timothy Kropp, Technology and Security Leader, Bridgewater Associates
Elena Kvochko, CIO, Group Security Division Barclays
Brian Lozada, CISO, Zocdoc
Tomas Maldonado, VP & CISO, International Flavors and Fragrances
Mike Molinaro, CISO, BioReference Labs
David Peach, CISO, The Economist
Richard Rushing, CISO, Motorola Mobility
David Sheidlower, CISO, BBDO
Hussein Syed, CISO RWJBarnabas Health
Max Tumarinson, CISO Amalgamated Bank
John Whiting, CISO, DDB
Participating CISOs lauded the Security Shark Tank’s unique format that enables them to engage with their peers as they learn about new technology.
“The Security Shark Tank is like no other event in terms of its value for security executives,” said host and moderator Daniel Conroy. “Events like these help bring industry experts together to find the next-gen innovative cybersecurity solution and remind us that as CISOs we need to work as one team to mitigate the cyber risks and threats our organizations face through real-time cyber situational awareness.”
Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.
Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.
A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower
Jason Witty, US Bancorp EVP and CISO
Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.
He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.
By Daniel Conroy
Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.
There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.