The 9th annual ISSA-LA conference, the “premier cybersecurity event in Southern California,” came to a close after two successful days of opening and closing keynotes, panels, forums and training sessions – not to mention the eagerly anticipated cocktail receptions.
Over six hundred people – IT personnel, InfoSec leaders, analysts and practitioners from such diverse industries as law, healthcare, insurance and banking – came to learn from the experts and network with fellow attendees at the Universal Hilton in Los Angeles.
The first of two days was Training Day, which featured four all-day training classes: “Information Security Management Boot Camp for IT Professionals,” “Essential Defense Tactics,” “Web Security Attack & Defense” and “Real World Red Team Attacks.”
Friday was Summit Day, and was filled with keynotes, sponsor events and panels, such as “Digital Trust in the Era of Artificial Intelligence,” “Defending the Enterprise Against Social Engineering Attacks,” and “Law Enforcement Panel.” It also included two forums – “CISO Forum and Healthcare Privacy and Security Forum” and “The Healthcare Privacy and Security Forum” – in which information security professionals got the chance to discuss their challenges, opportunities, and upcoming trends and shifts.
Aside from the usual irony of technical malfunctions at a technology-based event (dead microphones, dropped wi-fi and lights spontaneously dimming in the middle of a session), the vibe was friendly and energetic and the tech difficulties didn't take away from the overall experience had by all. I heard many great speakers, interviewed a handful of people for ITSPmagazine, and networked with colleagues and conference attendees – all against the backdrop of a giant Minion hovering over us from Universal Studios across the way.
Read on a for a few highlights from Summit 9.
Keynote - Ira Winkler
After opening remarks from the always jovial ISSA-LA President and Summit Chair Richard Greenberg, the first keynote speaker took the stage.
Ira Winkler, President of SecureMentem, was as blatantly honest and fast talking as ever, and after a late start (due to aforementioned technical glitches) he managed to wrap up his speech more or less on time. He asked the question “What makes an attack sophisticated?” and then for forty minutes he discussed Fighting Sophisticated Attacks with Advanced Persistent Security.
He says that everyone is so busy asking if a cyber attack is sophisticated that they neglect the real question: how do we solve it? According to Winkler, the purpose of debating whether an attack is sophisticated is merely a way to deflect blame. But is it a sophisticated attack or is it just bad security? As he has stated many times before: if a single user action can destroy your network, your network sucks.
He gave some examples of recent cyber attacks that were labeled as sophisticated, and he wasn’t shy about destroying that myth. Hacking Team, Ashley Madison, TV5Monde and an IRS breach were all instances of basic Security 101 going unheeded by organizations that should know better – much better. When a business’ password is “1234” or “passw0rd” (with a zero replacing the “o”) or it’s visible on the computer screen behind you when you’re on live TV (true story), that’s not a sophisticated attack; that’s just good old fashioned amateur security.
Some commonalities of poor security include improperly segmented networks, Detection Deficit Disorder (ignoring or looking at incidents in wrong places), failure to white list, not monitoring critical systems, poor awareness, no multi-factor authentication and phishing messages.
So what makes an attack sophisticated? When they’re adaptive and persistent, not advanced or simply labeled “sophisticated.” When you call an attack sophisticated, you are deflecting blame by saying, essentially, that it was unpreventable. Winkler’s analysis of the above mentioned recent attacks explained how they could have been prevented.
Winkler wrapped up his keynote with this bit of wisdom: “When people change their behavior, they change the culture.”
Keynote - Manley Feinberg
Business Leadership Expert Manley Feinberg is an award-winning speaker, business leader, author, published outdoor adventure photographer and professional musician. His ISSA-LA keynote 7 Vertical Lessons & 1 Essential Question for Leading with Impact was based, in part, on his book Reaching Your Next Summit: 9 Vertical Lessons for Leading with Impact, which he was signing at the event.
Unlike many keynotes which can tend to be dry and uninspiring, Feinberg was energetic and funny, and interspersed some of his edge-of-your-seat lessons from rock climbing with InfoSec leadership qualities and roles.
He started off by explaining that leaders “often struggle to deliver more value under tightening budget constraints and rising expectations. Add the complications of regulations, engaging a multi-generational workforce, constantly shifting technology, and the balance of personal life needs, and you have a serious challenge.” And then he managed to find the commonalities between scaling vertical mountain walls in Central Asia and working in the InfoSec space, whether on the front lines or in a leadership role.
As he delivered his keynote, he brought out props (from his pocket, from behind the podium, from offstage) to illustrate and drive home the points he was making. For instance, when he discussed the idea of giving your employees a little slack, he produced a rope and mimed securing a climber with a belay rope. And when he talked about believing in yourself and setting goals, he played the national anthem Hendrix/Van Halen-style on an electric guitar (as he told the story of doing exactly this in high school).
He offered inspired ideas to help conference attendees “develop a service leadership mindset that engages, equips and inspires both them and their team members to step up and lead regardless of their title.” Here is a brief summary of the points he left the crowd with:
Gain 7 personal leadership principles that will empower every attendee to stretch their comfort zones and serve beyond position
Discover the one area you must micro-manage to gain clarity in the chaos, drive focus and build momentum
Drive innovation by encouraging individuals to step up, support others and say what they see
Encourage networking and valuable relationship building between attendees
Engage, equip and inspire attendees with multiple ideas they can use immediately to develop stronger relationships and increase their influence across vertical and horizontal boundaries
About Selena Templeton
Selena Templeton is the Column Editor for the Equal Respect column on ITSPmagazine.