![RSA Conference](/img/default-banner.jpg)
- 4 657
- 9 449 490
RSA Conference
United States
Приєднався 17 кві 2007
RSA Conference is the premier series of global events and year-round learning for the cybersecurity community. RSAC is where the security industry converges to discuss current and future concerns and have access to the experts, unbiased content and ideas that help enable individuals and companies advance their cybersecurity posture and build stronger and smarter teams. Both in-person and online, RSAC brings the cybersecurity industry together and empowers the collective “we” to stand against cyberthreats around the world. RSA Conference. Where the world talks security.
Webcast: Full-Circle Zero Trust: Ensuring No App is Left Behind in your IAM Strategy
Presenter: Matthew Chiodi, Chief Trust Officer, Cerby
While the importance of a zero trust strategy is well-known, practical implementation often stumbles when faced with nonstandard and disconnected applications. This session moves beyond identifying gaps, offering a forward-looking blueprint to bring every application, irrespective of its native support for identity standards, under zero trust. We’ll dissect IAM best practices like granting business owners precise access control, establishing rigorous request and approval workflows, and leveraging automated provisioning and deprovisioning for seamless inclusion. We’ll also discuss how regular recertification fits into a dynamic, all-encompassing zero trust architecture. Attendees will leave equipped with an understanding of potential risks and a clear action plan to mitigate them, ensuring that no application remains an outlier in their zero trust strategy.
See more RSAC Webcasts here: www.rsaconference.com/library#sort=%40industrytopiccontentdate%20descending&numberOfResults=25&f:contenttype=[webcast]
While the importance of a zero trust strategy is well-known, practical implementation often stumbles when faced with nonstandard and disconnected applications. This session moves beyond identifying gaps, offering a forward-looking blueprint to bring every application, irrespective of its native support for identity standards, under zero trust. We’ll dissect IAM best practices like granting business owners precise access control, establishing rigorous request and approval workflows, and leveraging automated provisioning and deprovisioning for seamless inclusion. We’ll also discuss how regular recertification fits into a dynamic, all-encompassing zero trust architecture. Attendees will leave equipped with an understanding of potential risks and a clear action plan to mitigate them, ensuring that no application remains an outlier in their zero trust strategy.
See more RSAC Webcasts here: www.rsaconference.com/library#sort=%40industrytopiccontentdate%20descending&numberOfResults=25&f:contenttype=[webcast]
Переглядів: 280
Відео
Your Cybersecurity Budget Is a Horse’s Behind
Переглядів 223День тому
Presenter: Ira Winkler, CISO, CYE Security Explore the historical influence of horse-drawn carts on railcar dimensions and how it relates to rigid cybersecurity budgeting. Join this session to learn how to apply machine learning and other mathematical concepts to justify budget allocation, optimize risk, and design effective cybersecurity programs for limited resources. www.rsaconference.com/usa
Use Generative AI to End Your Love/Hate Relationship with DLP
Переглядів 99День тому
Presenter: Heidi Shey, Principal Analyst, Forrester Research Design an approach to data security for Generative AI use where DLP is an outcome, and not a single data control. This session will outline how an organization’s use of large language models today will impact the scope of the team's efforts, the AI policy they create and how they align this policy with other enterprise policies, and t...
Cloud-Enabling the Electric Grid with Consequence Driven Approaches
Переглядів 81День тому
Presenters: James Briones, Senior Techincal Advisor, DOE Emma Stewart, Chief Scientist, Power Grid, Idaho National Laboratory The DOE and GDO's ambitious project explores the seamless integration of cloud technology into the electric grid. This session, with industry leadership, outlines a comprehensive consequence-driven guide that aims to enhance grid resilience, optimize operations, and supp...
IP Protection and Privacy in LLM: Leveraging Fully Homomorphic Encryption
Переглядів 262День тому
Presenters: Benoit Chevallier-Mames, VP of Cloud and Machine Learning, Zama Jordan Frery, Research Scientist, Zama Large Language Models (LLMs) are increasingly utilized in various applications. However, there's a dilemma between safeguarding the model owner's assets and ensuring the user's data privacy. This session introduces a hybrid method that employs Fully Homomorphic Encryption to addres...
The Cybersecurity of Smart ‘Adult’ Toys, or Lack of It
Переглядів 223День тому
Presenter: Ken Munro, CEO, Pen Test Partners Inc. Societal taboos make talking about security flaws in smart 'adult' toys difficult, yet their prevalence has increased significantly during and post-COVID lockdowns. Discussing the very specific privacy issues their poor security presents will allow the vendors to be held accountable. This session will present a mature look at the problems these ...
A Walkthrough: AppSec Tool Selection, Procurement, and Implementation
Переглядів 120День тому
Presenter: Maria Mora, Staff Application Security Engineer, SiriusXM This session is aimed at those who want to see an Application Security tooling selection and procurement process from directive to implementation. We will walk through the different steps in selection, procurement, and implementation. Attendees will learn about various methods and strategies to ensure follow-through from the i...
Unveiling the Secrets of Codesys V3: ZeroDays, Forensic Artifacts and More
Переглядів 79День тому
Presenters: Ori Perez, Principal Security Researcher , Microsoft Maayan Shaul, Senior Security Researcher, Microsoft Vladimir Tokarev, Senior Security Researcher , Microsoft This session will examine the workings of Codesys V3 SDK, focusing on different ICS devices and vendors that commonly utilize the Codesys framework, the methods to gather all artifacts for a comprehensive forensics analysis...
AI, the Software Supply Chain, and Other (Not So) Puzzling Pieces
Переглядів 88День тому
Presenter: Jacob DePriest, VP, Deputy Chief Security Officer, GitHub As attacks against the software supply chain become more advanced, we must evolve along with them. With the addition of artificial intelligence integrations into the developer toolkit, the old view of supply chain security as just one tool or standard will no longer suffice. This session will examine how AI, with other methods...
What Hacking the Planet Taught Us About Defending Supply Chain Attacks
Переглядів 168День тому
Presenters: Douglas McKee, Instructor, SANS, Executive Director Threat Research, SonicWall Ismael Valenzuela, Faculty - Senior Instructor, SANS For years we have found software vulnerabilities and reported them to vendors. This experience has shown that there is a better way to defend against software supply chain attacks within our organizations. Join this session to discover what hacking the ...
The Price is WRONG - An Analysis of Security Complexity
Переглядів 856День тому
Presenter: Etay Maor, Senior Director Security Strategy, Cato Networks Based on recent reports, security complexity has the largest dollar effect on the cost of a data breach. This session will dive into examples of attacks where security complexity was the overarching cause of the attack. Also, dive into thorough research of over 1500 organizations and over 5T network flows to see where organi...
Navigating M&A Security Challenges: A Deep Dive into a Case Study
Переглядів 60День тому
Presenter: Marc Aguilar, Senior Director, Third-party Risk & M&A Risk, ADP With great promises, risks loom! Acquiring a company, or merging with it, could be a great way to expand your business or grow your technical capabilities. However, there are risks associated with it. This session will present a case study and show how to identify key security risks during a due diligence process and wha...
Agents of Chaos: Hacktivism Spreads Fear, Disinformation, and Propaganda
Переглядів 67День тому
Presenter: Alexander Leslie, Associate Threat Intelligence Analyst, Recorded Future Amid wars, disasters, and political instability - hacktivism does little but breed chaos. It has been co-opted by cybercriminals, nation-states, and influence peddlers seeking to advance malign narratives and capitalize on human suffering. This session will address the role of hacktivism in the cyberthreat lands...
DPAPI and DPAPI-NG: Decrypting All Users’ Secrets and PFX Passwords
Переглядів 183День тому
DPAPI and DPAPI-NG: Decrypting All Users’ Secrets and PFX Passwords
AI: Law, Policy, and Common Sense Suggestions to Stay Out of Trouble
Переглядів 73День тому
AI: Law, Policy, and Common Sense Suggestions to Stay Out of Trouble
Detecting Website Intrusion and Account Compromise with Machine Learning
Переглядів 42День тому
Detecting Website Intrusion and Account Compromise with Machine Learning
Key Management 101: DEKs, KEKs, and Credentials Living Together, Oh My!
Переглядів 80День тому
Key Management 101: DEKs, KEKs, and Credentials Living Together, Oh My!
My Resilient Career: How to Do More than Just Survive in Security
Переглядів 135День тому
Presenters: Helen Patton, Cybersecurity Advisor, Cisco Lokesh Pidawekar, Leader, Security Research, Cisco Mergers, layoffs, technology, oh my! It’s not just threat actors who make working in security difficult. In this session, attendees will learn how to thrive in security using mental health and strategic career management techniques. Sharing stories and resources to support one’s journey and...
How AI Is Changing the Malware Landscape
Переглядів 118День тому
Presenter: Vicente Diaz, Threat Intelligence Strategist, Google Last April 2023, VirusTotal implemented several AI engines to assist malware analysis and found AIs interpret malicious code differently than AVs, offering a new angle for malware detection but also showing strong and weak points, like being easily fooled by comments in malicious code. This session dives into insights from analyzin...
National Security 2030: Social Media and Emerging Cyberthreats
Переглядів 126День тому
National Security 2030: Social Media and Emerging Cyberthreats
Building Your Roadmap to Cyber Resilience - Five Things You Can Do Today
Переглядів 62День тому
Building Your Roadmap to Cyber Resilience - Five Things You Can Do Today
A New Era of Fraud: What Role Can Cyber Play?
Переглядів 33День тому
A New Era of Fraud: What Role Can Cyber Play?
Shielding the Clouds: Advanced Cyber Defense in Hybrid Environments
Переглядів 41День тому
Shielding the Clouds: Advanced Cyber Defense in Hybrid Environments
Join the Mission to Strengthen the Industrial Ecosystem
Переглядів 11День тому
Join the Mission to Strengthen the Industrial Ecosystem
CISOs Under Indictment: Case Studies, Lessons Learned, and What’s Next
Переглядів 249День тому
CISOs Under Indictment: Case Studies, Lessons Learned, and What’s Next
great panel and very interesting overview. Thank you for putting this up.
Very nice explanation Lenny THANK YOU :)
Lenyy is the best in this field without a doubt. His speech and demonstration skills are perfect for every level.
Very good and crisp presentation
Great information
Nice job of bringing it altogether and providing a very simple, yet complete explanation. Keep up the good work!
What about middle aged people looking for new careers? Would this be a good start for someone without CS experience? What about a CS grad that's worked in non-programming, non-hacking jobs looking to get into much more technical work. Is this a good place to start?
Is security just an illusion? (like neutrality in algorithms).
The first Teacher that understand what learning means
Aahh because the creatives go to employers who hire on merit....where the next big thing is actually made...duh!
cool.
On a lighter note...kudos for breaking up the shadow-web Silk Road in '04.
awesome video, are there ransomware groups like these based in the US and where do they learn these skills?
Who's doing that and why?
Great video !
Are there any videos that discuss the new variant of MITRE ENGAGE? now that SHIELD has been deprecated? I'm looking for real world examples for applying the 22 Engagement Activities - I think you refer to this as 'references' And as you mention in the video I'm also looking for methods to create deception related defenses. And if you can provide a method/tool to map att&ck tactics to all of the new engage fields w/o having to piece together several json files that would be very helpful. Thanks!
Thank you so much. From DRC
This dude is hilarious lol
Very interesting talk, always been interested in it
30:25 bell curve of ability. I learn slowly and can feel intimidated by difficulty. I may not do my homework. I also know that once I have gathered all the details, which I see more and deeper than others, and internalize them, I get faster and more able than average
26:55 the graphics are not poor at picoCTF, they are nostalgic
23:13 the highest expert mountain is how child protection bureaucracy deems itself about personal lives of their clients. They do not even go through the scientific process to get there.
22:22 it´s not talking about the cryptography, it´s talking about the implementation, in other words, metadiscourse.
3:15 How would you sell a zero day to Microsoft of Apple? If you use to break their system, they sue you for extortion. If you tell them what it is, they just take the info and don´t pay you 100000s.
So nice explanation sir thanks
A lot of apps feed me more of the same of what I search. And this gets to be very very, repetitious monotonous and simply boring. The apps are too busy feeding me thousands of videos of the same thing , and the feature that is supposed to give me variety doesn't even have a chance. I have to make up my own variety list. Technology is not becoming smarter it's becoming a nuisance.
Thank you for this. It's invaluable information
Tim urban is genius
Thank you Jen. Great content!
Good info. By 2023 this will be a step by step instruction set for avoiding extended car warranty calls. Joking aside, we will all need to think like this to help people in oppressed areas of the world. It's going to get worse before it gets better.
I'm not sure I follow how roll-based access aligns with automation. Least privileged, privilege aggregation, secrets protection and granularity would have all been good security themes to attach to automation.
another thing to consider is where (which wiki network) you create your proton and amazon accounts from - obviously you don’t want to do this at home or a friend/family member’s house or any of your typical locations
Good stuff and there are some common tools too.
What do you think about an alternative OS, so Google and Apple can't track you?
You say hacking isn't about breaking into things then you give those examples. Sigh. Hacking is so very much broader than that.
Main thing is enjoying writing that first program and then stretching always to see how much more you can make it do and how beautifully. Having math intuition and sense of what is elegant helps. I think you can hone that over time.
amazing!!
Why are we being targeted in the first place
Nice work amazing thinking
Magnificent
“They can free you from those eco systems” Blue pill, red pill… choose Lol
Hacking is like life O.o
Really Great!
Is solidity & Maian still valid?
Great content, really helpful and clear explication!!!! Thank you very much for the lecture Jen!
Biometrics is sad ;(
:)
Great presentation 😊👍
You're suppose to know binary analysis, web vulnerabilities, and common algorithm math before you go to one. If you go there just knowing how to use Kali tools you won't make it past one challenge
Evil is creative. Bad actors pay more and governments never do enough to think outside the box about the gravity of a situation when some day things get out of control.