This post was originally published here by (ISC)² Management.
Last year’s Security Congress in Austin was our largest one yet with nearly 2,000 cybersecurity professionals in attendance. You know what they say, everything is bigger in Texas!
Our first independent Congress featured 139 educational sessions, as well as vendors presenting in the Solutions Theater, (ISC)² member focus groups, Cloud Security Alliance (CSA) Summit and the Information Security Leadership Awards (ISLA) Americas ceremony and celebration.
If you attended last year, you saw the excitement and enthusiasm from staff, speakers and attendees. If you were unable to attend, you’re in luck – you can watch some of the top sessions from 2017’s Security Congress online! Below is a list of the sessions currently available – and we’ll keep adding them as we get closer to the 2018 event.
Help Wanted! – Addressing the Cybersecurity Skills Shortage
This panel conversation on one of the hottest topics in cybersecurity – the skills shortage – took place during the first day’s luncheon. The session was attended in person by 800 cyber pros. Gary Beach, author of The U.S. Technology Skills Gap, served as moderator. The panel was made up of Brandon Dunlap of Amazon, Donald W. Freese, deputy assistant director for the FBI, our own CEO David Shearer, CISSP, and Deidre Diamond, founder and CEO of CyberSN and #brainbabe. Cybersecurity is a fairly new industry – and it’s critical to all businesses, so without a built-in backfill, how can we fill the growing number of open jobs? The panel discusses solutions – including early childhood education, government programs, on-the-job trainings, internships and more. Brandon Dunlap on training your staff: “If you can build that relationship and make that investment, you can keep them for life.”
It’s a Brave New Cybercrime World – Donald W. Freese
The opening keynote for the 2017 Security Congress event was a “fireside chat” about cybercrime with Donald Freese and Brandon Dunlap. Donald discussed the importance of terminology (“risk vs. threat” and “probability vs. possibility”) and learning the languages of the other departments you’re working with. Emphasizing collaboration and outreach within your own organization, Donald also talked about the accessibility of the FBI (through various regional offices, as well as FBI Twitter) and the value of building relationships with your local agencies before there is an issue to report.
Cybersecurity Careers: It’s Not Just Hacking
Deidre Diamond is a powerful voice in the cybersecurity industry. She is the founder of CyberSN – a cybersecurity staffing agency – and the #brainbabe movement to replace “booth babes” with STEAM students at conferences and conventions. She spoke to a crowded room about the 500,000 unfilled cyber jobs and what those of us already in the field can do to help fill the gap. She referenced the 2017 Global Information Workforce Study’s findings that the percentage of women in the field remained stagnant at 11 percent, as well as research showing that 56 percent of women in tech are leaving inside 10 years. Aside from the lack of women in cybersecurity, there are other ways that the industry can grow – and that involves shaking the stereotype of the hoodie-clad man in the basement. Cybersecurity jobs involve so much more than simply “hacking,” and it’s time to come together to see how we can work together to recruit new and unique talent to this exciting and lucrative field.
From 10% to 100% Cloud in 3 Years: How (ISC)² is Doing it & Putting Security 1st
Our own COO Wes Simpson led a Birds of a Feather session where he talked about how (ISC)² has been transitioning to a 100% cloud-based services model. The interactive discussion starts with the how and why our organization made the choice to go all in with the cloud – and of course, how our team ensured that security would be front and center throughout the entire process. Using a DevSecOps approach, our IT team restructured, and grew quite a bit, to focus on accomplishing our mission of “Digital-End-To-End” (DETE) revamping of our online presence. If you are preparing for a move to the cloud, or even if you’re in the midst of the journey, this session is a must-watch.
Paul Oakes, CISSP-ISSAP, CCSP, CSM, CSPO, AWS PSA, is a senior enterprise security architect for TD Bank. He has 16 years of Agile experience and 20 years of security experience, working in the cloud for the past 10. He teaches courses on Agile, as well as security, and delivers a conceptual roadmap for cloud security professionals to use as a guide to tackle their day-to-day tasks of securing their cloud, or transitioning to a cloud security environment.
Agile methodology is reality-driven and, inherently, your enemy is already using it. Paul describes Agile’s essential principles as “based in technical excellence, good design, motivated individuals and empowered, self-organized teams.” This session is an ideal starting point for understanding Agile methods and how they can serve a cloud security environment.
Cyber, Risk and Gender: Is There a White Male Effect in Cybersecurity?
Security researchers from ESET, a security software company, presented findings on the intersection of cyber, risk and gender. Lysa Myers and Stephen Cobb, CISSP, reviewed numerous studies that indicated that white males perceived less risk than the rest of the population, termed “the white male effect.” Most of the industry in the U.S. fit these demographics, yet, cybersecurity professionals tend to see more risk in technology than their peers.
Resiliency is More Than A Mood: Building a Safer Homeland – Juliette Kayyem
Juliette Kayyem, author of Security Mom, was Tuesday’s keynote speaker at Security Congress and shared about her experiences as a terrorism expert for the U.S. Department of Homeland Security. She spoke about minimizing risk and maximizing defenses, and understanding that you’re never going to get your risk or vulnerability to zero. While much of cybersecurity work focuses on prevention and preparation (“left of boom” policies), there also needs to be a focus on the response and recovery efforts when an incident does occur. Juliette Kayyem offers five important steps to building a more resilient system and what we all need to do to “keep calm and carry on.”
We’re expecting another sell out at this year’s Security Congress in New Orleans. Early bird registration is now open – including discounts for (ISC)² members, students and groups. Save your spot now and we’ll see you in N’awlins this October!
Photo:Future Students – Charles Sturt University
