As we look forward to (ISC)2 Security Congress 2020 on November 16-18, we are continuing to highlight a few of last year’s sessions to review so you know what to expect for the upcoming digital conference. You can also earn CPEs for viewing these sessions if you weren’t able to attend last year’s conference. Preparing for Cyber War: Learnings from Responding to Disruptive Breaches Charles Carmakal and Jermey Koppen, both from Mandiant, share real world case studies of threat actors and their motivations of money, fame and power. They share the importance of investigating attacks by both internal and external extortionists and how to properly deal with demands from aggressive attackers. A significant rise of aggressive attacks within the last

If you’re looking for ways to fulfill your CPE requirements, it doesn’t get much more convenient than the Professional Development Institute (PDI), a portfolio of timely and relevant continuing education courses that are provided to (ISC)2 members as part of their membership benefits. The latest addition – available now – to the on-demand library of 36 courses is a Lab course titled “Security Analysis with SPARTA,” which is aimed at security practitioners and anyone looking to implement the penetration testing execution standard (PTES) and the tools and processes found within SPARTA and security assessment tools. SPARTA’s design automates many common vulnerability assessment tasks and is regularly used for network infrastructure penetration and security testing. This tool is primarily focused on

By AJ Yawn, CISSP FedEx. Booz Allen Hamilton. Republican National Committee. Dow Jones & Co. Verizon Wireless. Time Warner Cable. WalMart. These eight organizations all have the same thing in common: Leaky S3 buckets that were misconfigured and exposed sensitive customer data. Amazon S3 (or Simple Storage Service) bucket misconfigurations and breaches continue to show up in cybersecurity publications. A disappointing fact considering how newsworthy these breaches have been. Amazon S3 is an object storage service on Amazon Web Services (AWS) that provides customers with infinitely scalable and durable storage for websites, mobile applications, backup and restore, and many other use cases. This service is one of the original services on AWS and is often the first entry point into the

We recently announced that this year’s (ISC)² Security Congress will take place entirely virtually. The decision was made as COVID-19 cases continue to surge around the globe in the interest of safety of attendees, speakers, sponsors and staff. This year’s event will include three days of sessions from top security experts November 16-18. We’ll announce the sessions – including the timing of the programming – soon, but in the meantime, many sessions from the 2019 event are available online completely free. Get a taste of what Security Congress 2020 will have to offer, while getting ahead on your CPEs by checking out some of last year’s favorite sessions. Threat Hunting for M&A Cyber Due Diligence Jacob Williams of Rendition Infosec