Security Operations One Year On: How COVID-19 Changed SecOps (Forever?)

One year removed from the gravest health crises in more than a century, security operations, like virtually every field, has been disrupted. Generally speaking, investment in security controls has risen, but a rash of challenges have emerged and persisted, including threats related to endpoints, phishing, ransomware, cloud and the supply chain.

This panel will take inventory on the year that was for SecOps professionals, and look toward what the future holds for this critical function, discussing everything from alerts and caseload to communication and collaboration to zero trust and automation.

Diversity and Inclusion in the SOC: How to Make Sure Security Operations Is Made for Each Other

Cybersecurity does not just have a skills shortage problem – it also has a diversity and inclusion problem. Women continue to be significantly underrepresented, and while minority representation in infosec is slightly higher than the U.S. average, inclusive cultures remain elusive.

Yet studies have shown that organizations with greater gender and BIPOC equity outperform companies with more homogenous workforces. For security teams, that means being better equipped to more creatively and innovatively detect and respond to threats.

This panel will ask the tough questions to key influencers in the infosec field, zeroing in on shortfalls (and success stories) specific to cybersecurity operations and share learnings and best practices that will help drive a real diversity and inclusion strategy in the SOC.

A Cloud-Native SOC? Say What?

Cloud infrastructure is ephemeral and constantly changing. Tools and practices also change as a result. Plus, there are now a broader set of teams and tools involved in deploying, managing and updating the cloud systems and applications. Is a SOC still needed? What is a SOC to do? How does the Security Operations Center (SOC) change as a result?

Leveraging OSINT to track cyber threat actors: Redux

In the cyber threat intelligence world, OSINT is often synonymous with technical indicators and internet scanning tools. While these play a major role in tracking cyber threat actors, there are non-technical OSINT techniques that support both tracking and attribution of threat actors. These types of techniques can further support an analyst in clustering activity, attributing operators and finding new samples.

ATTACK on C-Suite: Cheat Codes

The topic of cybersecurity can be difficult to discuss with the executive branch of an organization. Thus, the thought of presenting the MITRE ATT&CK framework to an executive let alone an entire C-Suite can be a daunting task. Fear not, for I have the cheat codes to make even a novice become triumphant in this endeavor!

In this presentation, I will be giving you the necessary tips and insight needed when creating an ATT&CK implementation plan that targets executive management. These tips will cover all aspects that appeal to executive management such as: risk, revenue, impact, compliance and regulation.

Here Comes the Sun(burst)

The solarwinds cyberattack caught most organizations unprepared and uncovered several blindspots in our defenses. This session will dissect the Solarwinds/Sunburst attack and offer practical takeaways on how security operations teams can be better prepared for the future.

Say Yes to the Devs: Creating a Culture of "Yes" in the SOC

Today’s enterprises are distributed around the world. From cloud to SaaS, detection now needs to be distributed with a high signal-to-noise ratio. To achieve this, your SOC needs to be a team of “yes.” What does that mean?

It means the SOC needs to be seen as a valued and trusted partner who will be brought in early to help ensure that new code, new products or new procedures will seamlessly integrate into the SOC. This talk will cover techniques required to shift to this new approach, the skills required of the team and methods for working with multiple stakeholders.

Boring SOC Metrics for Boring Purposes!

Metrics are boring! They’re typically collected and displayed to prove that the SOC is doing something. Usually in the form of a count of something, or time to do something, the reports read like the distributed ledger of a cryptocurrency.

Let’s challenge ourselves to do it better. This talk provides incentive and a few examples of how to produce metrics that will help your SOC, its Management, and your users to understand what’s actually happening in your environment. Fair warning: it’s not easy! If you want to be boring, keep doing what you’re doing. If you want to strive to excel, watch this.