RSS:2024 GRC/Risk Track (Day 1) :: Rochester Security Summit

RSS:2024 GRC/Risk Track (Day 1)

A Comprehensive Approach to IT Vulnerability Management

David Frier
10:00 am - 10:50 am

Vulnerability management is a critical aspect of safeguarding an organization’s infrastructure. This talk will introduce a comprehensive approach to vulnerability management that not only identifies vulnerabilities but also enriches, risk-ranks, and prioritizes them for effective use of available remediation resources. We will explore a system and process designed to ingest scan data, enhance it with valuable insights from sources like Known Exploited Vulnerabilities (KEV) and Exploit Prediction Scoring System (EPSS), and deliver actionable intelligence to IT teams. Attendees will leave with a clear understanding of how to implement a prioritized, data-driven vulnerability management strategy in their organizations.

David Frier

  • David C Frier, RIMS-CRMP, CISM, CISSP, CRISC, CCSK
  • vCISO and Senior Cybersecurity Program Manager at Sedara... but I speak only for myself, not for Sedara!
  • 0x2d years into IT, 0x13 years into Infosec
  • Geekosaurus
  • Avid player of poker... Orioles and Cubs fan... enthusiastic-if-slow rider of a Trek.
  • about.me or wheretofind.me

Real Risk in Today’s World…Dark Web Data Leaks

Bruce Cheney
11:00 am - 11:50 am

Cyber risk is a growing concern for businesses of all sizes. According to the FBI, there were over $12.5 Billion in losses due to cybercrime in 2023. And as cyber criminals are getting more sophisticated, they are increasingly using extortion and the Dark Web to their advantage. The combination of ransomware, extortion, and the dark web pose a serious threat to businesses.

In this presentation, Bruce Cheney, Sr. Engineer at Arctic Wolf, will lead a discussion on what Real Risk looks like and what you can do to increase your security posture. He will talk about the growing threat of cybercrime groups, show you Dark Web Data Leaks, and provide the steps you can take to stay ahead of the curve when it comes to being a victim of cybercrime.

Bruce Cheney

Bruce Cheney is a well-rounded Cyber Security Leader, Researcher, Enthusiast, Evangelist, and Speaker. He is an expert at helping organizations identify and understand the real Risks and Threats of a Cyber Attack (Ransomware, Extortion, etc.).

With 25+ years of IT experience and a strong and practical knowledge of technology from Layer 1 through Layer 7, Bruce can identify and help reduce Cyber Security risks for organizations of all sizes, verticals, and geographies. He is a thought leader and expert at finding chinks in companies’ armor and explaining how to fix them.

He has the skills to design, deploy, train, and troubleshoot a myriad of technology solutions, as well as explain to organizations how to secure those solutions. He has years of experience in professional training on complex IT topics, so making sense of complex topics is right up his alley, allowing him to specialize in Transferring Knowledge and Operational Best Practices to Customer Staff ensuring Post-Implementation Success.

Avoiding Concentrated Risk

Chas Clawson
1:00 pm - 1:50 pm

In today’s rapidly evolving cybersecurity landscape, avoiding concentrated risk in a consolidated security solutions market is crucial. As companies increasingly rely on fewer providers, the potential impact of a single point of failure grows. This can lead to vulnerabilities and increased exposure to cyber threats. Diversifying security solutions helps mitigate this risk by ensuring that no single vendor’s weaknesses can compromise the entire system. It also fosters innovation and flexibility, allowing organizations to adapt to new threats and technologies. By embracing a multi-vendor strategy, businesses can enhance their resilience and maintain robust security in a dynamic digital environment.

Chas Clawson

As a technologist interested in disruptive cloud technologies, Chas joined Sumo Logic's Cyber Security team with over 15 years in the field, consulting with many federal agencies on how to secure modern workloads. In the federal space, he spent time as an architect designing the Department of Commerce ESOC SIEM solution. He also worked at the NSA as a civilian conducting Red Team assessments and within the office of compliance and policy. Commercially, he has worked with MSSP practices and security consulting services for various fortune 500 companies. Chas also enjoys teaching Networking & Cyber Security courses as a Professor at the University of Maryland Global College.

Govern Once, Comply Many: Leveraging Your Security Skills to Manage AI Risk

F. Paul Greene
2:00 pm - 2:50 pm

Infosec teams are overtaxed and underfunded, and often now tasked with assessing and managing AI risk, AI governance approaches vary, however, and the technology is in flux. Fortunately, significant overlap and synergy exists between good security practice and ethical AI governance functions, such that Infosec teams are especially well suited to assess and potentially manage AI risk. This discussion will focus on the interplay between Infosec and AI governance frameworks, and offer practical solutions on how to govern once, comply many in relation to AI and Infosec. It will also offer strategies an Infosec team can use to leverage interest in AI to create focus and budget for core infosec functions.

F. Paul Greene, CIPP/US, CIPP/E, CIPM, FIP

F. Paul is the Chair of the Privacy and Data Security and Artificial Intelligence and New Technologies Practice Groups at Harter Secrest & LLP. He is an internationally recognized speaker and practitioner in the fields of complex data protection and governance, and has published extensively in the U.S. and U.K on these issues. He is also a Distinguished Fellow of the Ponemon Institute, the pre-eminent research center dedicated to privacy, data protection and information security policy.