CSO's collection of videos on topics ranging from cryptocurrency to data breaches to security leadership, as well as IT security-related videos from some of Foundry's most popular virtual summits,
Celanese Corporation is a global chemical leader in the production of differentiated chemistry solutions and specialty materials used in most major industries and consumer applications. With IT and OT environments exposed to risk, the organization must build a unique ecosystem to secure and defend against attacks. Learn how CISO Jennifer Watson manages security complexity and velocity to minimize risks.
With more than 70,000 employees, BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. At BD, security spans a spectrum from enterprise IT, to products, manufacturing and services. Learn how CISO Rob Suárez manages the greatest risks in this environment, and what’s required to foster an ecosystem of trust across many stakeholders.
As AI deployments proliferate for better decision making, they also present risks across a large spectrum – from job displacement and socioeconomic inequality, to automated bias, to data poisoning, privacy violations, and AI threats used by bad actors. At the same time, AI itself is becoming an emerging and key ingredient for organizations to better defend against attack. Join us as we discuss how to put AI’s risks into perspective while leveraging AI for improved defenses.
With more than a half-million employees around the world, Accenture has a long history of supporting employees with technology as they visit clients. Those roots are what informed the organization’s traditional focus on the workstation, endpoint and identity -- rather than backhauling traffic through a VPN to maintain a corporate perimeter. Join us for this session to learn about how this approach is even further modernized with Zero Trust.
Join IDC analysts Brandon Butler and Christopher Rodriguez as they talk with Network World’s Ann Bednarz about the SASE model for streamlining network access and improving security. Deployed as a cloud service, it blends SD-WAN’s network optimization capabilities with security features such as zero-trust authentication, data loss prevention, threat detection, and encryption. Learn how SASE can offer easier network and security management, lower costs, and fewer vendors to manage.
Managing risk across an extended supply chain is extremely challenging for organizations of all sizes. The sheer volume of connected components that communicate, store, and process data will continue to expand the attack surface, and increase organizational risk. To address this, organizations need to understand their supply chain structure, the vulnerabilities that make it fragile, and which vulnerabilities present the highest risk. Join us for this session as we discuss these strategies and more with Randstad CISO Tami Hudson.
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser. Learn more about cryptojacking and how to protect yourself from falling victim to an attack.
ADP’s Senior Director, ESI Business Security Office and Global Programs Omar Prunera leads the development of ADP’s Security Ambassadors for Excellence (S.A.F.E.) program to inform and train employees about security, improve their knowledge and behavior, and maintain the highest levels possible for ADP’s security posture. Join us to learn the benefits of the S.A.F.E. program up to present day, including the metrics framework designed to measure its impact, and where this project is headed.
Coast Capital Savings Director of Information Security Stephen Pedersen leads a team that focuses on cybersecurity along with fraud prevention and detection as it expands its business nationally through a digital banking platform. Join us to learn how their security strategy creates a trusted digital banking experience with a scalable cybersecurity ecosystem by assembling and configuring out-of-the-box technologies while leveraging multiple cloud capabilities.
Brad Wells, Executive Director, Information Security, and Kandice Samuelson, Senior Director, IT Governance at PPD lead a team enhancing PPD's inventory tracking system that identifies PPD’s most valuable assets. Join us to learn how they distribute security resources for appropriate levels of protection, maintain compliance with government regulations and industry standards, and leverage information security controls aligned with client requirements, industry frameworks and privacy regulations.
CSO senior writer Lucian Constantin knows that paying ransomware demands should be avoided -- unless lives are on the line or the survival of a business is at stake. Join us as Lucian talks about the role of the ransomware negotiator, the person called in to negotiate terms with the criminals holding data hostage. He’ll explain their role, their background, and what they can and can’t do to regain access to critical data. He’ll also discuss the ethics that legitimate ransomware negotiators should adhere to.
The SolarWinds breach represents a tectonic shift in threat actor tactics, suggesting this kind of attack vector will be replicated. Not only were the attacker’s sophistication and technical proficiency high -- allowing them to stay in stealth mode -- they also understood the supply chain. Join us to learn how improved identity management and governance surrounding software components, along with workload runtime protection, are critical strategies in guarding against attacks like SolarWinds.
Every CISO understands how passwords across the workforce are difficult to remember, drive up help desk costs, and impede workforce productivity with ongoing password change requirements. And while single sign-on environments reduce some inefficiencies of passwords, they aren’t always ubiquitous. Are passwordless environments possible? Join us to hear how passwordless environments work, why Snowflake made the decision to deploy, and the efficiencies and upside they’re realizing.
Richard Harknett, PhD., Co-Director of the Ohio Cyber Range Institute, has examined the SolarWinds hack that’s not only dominated the news for months, but is defined by the level of sophistication, persistence, and patience exhibited by the attackers. Join us for this session when Professor Harknett looks at the big picture and discusses why we should be shifting our approach from a doctrine of persistent engagement, to a whole-of-nation frame that includes public and private sectors along with our international allies.
Today’s security challenges – from Solarwinds to ransomware, regulation, hybrid workforces, data privacy, critical infrastructure and more -- pose unique risks to various global regions. Join us as CSO’s editors around the world discuss the top risks in their geographies.
Security solutions from startup companies can be unique opportunities for an organization to fill critical gaps for a specific security need. That said, the way to consider a startup’s solution -- along with the relationship your organization has with them -- is different than with an established vendor company. Join us as a former CIO turned technology investor provides experienced guidance on how best to work with security startup companies.
PwC Chief Information and Technology Officer James Shira is an expert on managing security's big picture. With the growing focus on risk management from boards and senior leadership, James shares advice on keeping security and risk management a top priority for senior business leadership. We’ll discuss where security should be focusing efforts, risks businesses should be prioritizing, how to address the security talent shortage, and ways security leaders can prepare themselves for the future.
As Global CISO for GE, Justin Acquaro is an expert at providing access to critical applications for a large employee population – all with trust at scale. With an emphasis on strong user investment, a dedicated cross-function team, and strategic executive sponsorship, GE won a CIO 100 award for its MyApps Anywhere employee access project. Join us for this session to hear how the project unfolded, the ups and downs during the process, and how Zero Trust is embedded in the outcome.
Liberty Mutual’s Cybersecurity and Cloud Specialist Don Richard, IDC’s Program VP for Cybersecurity Products Frank Dickson, and IDG’s Editor-in-Chief of Enterprise Eric Knorr are all experts on cloud security. They discuss the nexus of how cloud security has shifted over the last five to seven years, what it looks like today, and how to prepare your organization for success in a cloud security future.
Jeff Thomas is CSO of Prudential Financial where his team created a CSO50 award-winning workplace threat management training course designed to capture employee attention and maintain interest. The solution combines a story with a graphic novel look-and-feel and an interactive game -- all designed to educate and motivate learners to recognize and report behaviors of concern observed in the workplace. Learn how this interactive storytelling approach drives engagement.
Kevin Charest is CISO of Health Care Service Corporation where his team created a CSO50 award-winning Cyber Fusion Center for cyber defense representing collaboration across five Blue Cross and Blue Shield plans in Illinois, Montana, New Mexico, Oklahoma and Texas. The center leads intelligence-driven security operations to provide real-time incident monitoring, detection, response and handling. Learn how it protects a complex matrix of data on 16 million members and 23,000 employees.
Michael Kenney is Lead Information Security Engineer at Penn Medicine where they’ve created their CSO50 award-winning ‘Penn Test Security Challenge’ that leverages gamification penetration testing exercises to add value. By building skills in a creative way, the program develops staff to effectively assess internal technologies so they can mitigate vulnerabilities before they occur. Learn how hacker and exploitation gaming improves staff satisfaction and skills.
Shawn Riley is CISO for the ND Information Technology Department serving the State of North Dakota’s government agencies. Its CSO50 award-winning K-20W initiative (kindergarten through PhD and workforce) called “Every Student, Every School, Cyber Educated” is setting students up for success with a focus on computer science and cybersecurity education and training. Join us to learn how this model for other states reflects a whole-of-government approach to helping students and businesses succeed.
Eric Simmons, Information Security Manager and Application Security Lead at Aaron’s, and Jeremy Brooks, Information Security Architect at Aaron's, led a CSO50 award-winning project to rethink application security for efficiency and speed. Partnering with QA, development, and DevOps, they built a platform enabling integration of application security across Aaron’s technologies. Learn how they now deliver faster feedback to development teams with self-service processes and automation.
CSO worldwide managing director Bob Bragdon discusses today’s issues with CSO editors from Australia, Germany, the United Kingdom and the United States. How is security evolving in various parts of the world with continued remote work? What’s the impact of data breaches and GDPR, along with potential legal exposure to CISOs? Where is ransomware a challenge? And how are relationships between CISOs and their boards adjusting? Hear perspectives from various regions of the world.
Tim Youngblood is Global CISO at McDonald's, one of the world's largest food service companies. Having worked at other large organizations, Tim's developed a unique understanding of the various stages in evolving your career to the CISO level. Join us for this in-depth interview to understand Tim's views on the evolving CISO role, his career and skills advice for aspiring security leaders, why expertise in operational excellence and partnering is essential, and the future of information security.
Aravind Swaminathan is a former cybercrime prosecutor and is currently Global Co-Chair of Cyber, Privacy & Data Innovation at Orrick, Herrington & Sutcliffe LLP where he’s directed more than 200 cybersecurity and data breach investigations. He discusses the current breach landscape, why CISOs can be in the crosshairs for personal liability, the implications if they conceal information or mislead investigators, and what CISOs should ask when considering a new CISO role.
Greg Wood is SVP of Information Security & Risk Management at The Walt Disney Company, one of the world’s largest media and entertainment companies. With an early life passion for technology, Greg discovered the critical role of security in a changing landscape. He shares how risk management creates a framework to protect, detect and respond to threats, how every business decision has an element of security, and why big business goals are achievable when security is involved.
Swatting is a form of harassment in which attackers try to trick police forces into sending a heavily armed strike force — often a SWAT team, which gives the technique its name — to a victim's home or business. Learn more about swatting and how to protect yourself from it.
Doxing is the practice of posting someone's personal information online without their consent. Doxers aim to reveal information that can move their conflict with their targets from the internet to the real world, including home addresses, employers, private correspondence, social security numbers, and criminal history or otherwise embarrassing personal details.
Don't let the cute name fool you, smishing (a portmanteau of 'SMS' and 'phishing') is a cyberattack that uses misleading text messages to trick victims into sharing valuable information, installing malware, or giving away money.
Vishing (short for voice phishing) is a form of attack that attempts to trick victims into giving up sensitive personal information over the phone. While that makes it sound like an old-fashioned scam, vishing attacks have high-tech elements.
All software has bugs, and some of those bugs are security flaws that can be exploited and turned into weapons. A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. Here's what you need to know.
A lot has happened since we uploaded our most recent video about the Huawei ban last month. Another reprieve has been issued, licenses have been granted and the FCC has officially barred Huawei equipment from U.S. networks. Our viewers had some great questions, so Juliet dove in and helped make sense of the confusing ban. Which Huawei phones have Android? Is it safe to buy a Huawei laptop? And what about the ban has changed since November? If you have any other questions that Juliet didn’t answer, be sure to leave them in the comments below.
If you have a Chromebook, you probably know there isn't a lot to figure out when you first start using it. You sign in with your Google account and you're pretty much good to go. But there's plenty of tips and shortcuts you might not know about. Check out JR's tips and tricks for getting the most out of your Chromebook.
If you're looking to maximize organization and collaboration, look no further. Check out Trello, a handy app that makes it super easy to organize pretty much anything. It's got some pretty powerful options for taking your organization to the next level. JR Raphael walks you through his top time-saving Trello tips.
Most consumers don't consider security when purchasing IoT devices. Yet botnet attacks can be devastating, impacting large portions of the internet. Learn how to prevent botnets in this video.
Wireless charging technology has been around for over 100 years, but it has only recently found mainstream practical use for powering electronic devices like smartphones. Learn how this technology works and what advancements we may see in the future.
Huawei’s soon-to-be released Mate 30 and Mate 30 Pro will not have access to Google’s Android operating system as we all know it. Google is prohibited from doing business with Huawei under the current ban, which means it can't offer support or updates for Android software on future Huawei handsets. In this episode of TECH(feed), Juliet discusses how the Huawei ban will affect the Mate 30 and Mate 30 Pro, and Huawei’s alternatives to Android.
Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this increasingly sophisticated form of cyberattack.
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker’s ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.
IPv6 is the latest version of the main communications method that identifies and locates computers and other devices on the internet. It provides more efficient packet handling, improving performance and security. Yet despite this, the rest of the internet is taking its sweet time to transition from IPv4. Here's what's at stake.
The dark web may sound ominous, but it’s really a catch-all term for the part of the internet that isn't indexed by search engines. Stay tuned for a guided tour of the web's less mainstream regions.
What’s it like to work at a Best Place to Work in IT? We take you inside Kaiser Permanente, CarGurus, and Kronos and reveal what they’re looking for in new hires.
Sharding is one of several methods being tested by start-ups, developers and current blockchain platforms to see if it can help developers finally address blockchain's scalability problem.
Security is the Achilles’ heel of all modern IoT technology, but the consequences of medical IoT hacking, in particular, can be disturbingly serious. A look at the state of the connected devices commonly found in hospitals, and why you might want to be somewhat worried about it.
Learn the key aspects of today's data center, from hyperconvergence to flash storage to hybrid connections.
How to keep your business running in the event of an emergency or disaster.
IDC analyst Joe Pucciarelli shares insights on the most relevant global trends and key predictions impacting CIOs, IT professionals and their organizations.
How to forecast the future with accuracy and confidence.