Cybersecurity, Ethical Hacking, Regulatory Compliance
What’s the Latest in Cybersecurity? Key Takeaways from The University of Miami’s First Annual Cybersecurity Conference
Written By
Capsicum was proud to sponsor and participate in the University of Miami’s first annual Cybersecurity Conference. The Inaugural Conference was part of the Miami Herbert Business School's 2019 Homecoming Reunion events and festivities.
The conference examined the emerging trends and technologies needed to drive innovation and success in the Cybersecurity space. Events included a variety of dynamic and engaging panel discussions, as well as an inspiring keynote by Manny Medina, CEO of Cyxtera Technologies. The conference allowed attendees direct access to experts fueling the intersection of Cybersecurity and Fintech, including speakers from the CIA, FBI, and major corporations, as well as Capsicum’s own CEO Sandy Goldstein, who offered practical insights into the steps companies can take to ensure the integrity of data.
Read on to learn about 5 key Cybersecurity themes that were repeated throughout the conference!
1. How do you educate your CEO on the value of security?
In a modern organization, taking steps to bolster data across an enterprise requires the informed consent of the leadership team – but how can security professionals within an organization communicate the need for investment in security to C-Suite? Many panelists concluded that security professionals must speak in terms that decision-makers will understand; in other words, it’s about the business’ bottom line.
While a CEO might not understand abstract cyber threats (DDoS, Phishing, etc.), they will likely understand risk management and the threat of monetizable damage to operations and reputation. Security professionals need to position themselves as advocates who are protecting the longevity of the business, the product, and the enterprise. Take steps to have a conversation with the board, and involve decision-makers in the strategy, successes, and challenges inherent in building a Cybersecurity plan.
2. What are the essential responsibilities of the modern Chief Security Officer (CSO)?
The panelists offered their input and opinions about the most essential steps a security officer in an organization can take to secure data. Kevin Gowen, Chief Security Officer of Synovus highlighted the foremost need to protect user data, to understand where critical assets are, to know who is responsible for security in an organization, to teach people what to pay attention to, what are likely threats, and to know the maturity of your security program. Scott Croskey, Global Chief Security Officer at Cipher, emphasized the need to understand your third-party relationship and realize how much data third parties have access to.
Juan Gomez-Sanchez, Chief Security Officer at Lennar Corporation, highlighted the importance of basic systems hygiene such as patching, access control, server access, and change management. He also emphasized “defense and depth”: the concept of multiple defenses around an organization, people, processes, technology. In sum, there really is no one thing that solves all cyber concerns, so modern security officers need to employ a combination of strategies that complement the organization’s risk tolerance.
3. How Do Cybersecurity Experts Approach and Scrutinize the Litany of Tech Solutions Available In The Market?
With a vast market of technology products available, how can one navigate the utility against the hype? At its most basic level, any tech product implemented by an organization must accomplish two concrete outcomes: (1) reduce risk and (2) be cost-effective. That said, most panelists tended to agree: No one size fits all. Instead, companies should be strategic and use the right technology solution to address a given problem and ensure that it addresses the issue adequately. By taking a more focused approach to technology products, you can better position your organization to minimize the cost invested into technology products and maximize the value and utility gained from it.
4. Red Team v. Blue Team: Are Independent Hacking Assessments Mandatory Today?
With disparate standards for cybersecurity across different industries, organizations, and entities, resting on the laurels of your cybersecurity strategy simply is not enough anymore. In order to have an accurate picture of the effectiveness of your organization’s security policies and procedures, you must test the waters. Frequently bringing in an independent third party of both technical and functional individuals can provide your organization with a fresh perspective. And to the panelists, independent hacking assessments have become a mandatory necessity.
The “Red Team” vs. “Blue Team” protocol has existed in law enforcement along with the military for some time and speaks to the notion of enlisting a white hat hacker to test the resiliency of your organization’s cyber defenses. Otherwise, organizations stand to await the risk of destroying the brand and financial consequences.
5. Will Cybersecurity always be a catch-up game?
Cybersecurity has evolved both on the offensive and defensive sides, as have regulations. While law enforcement and regulatory agencies like the FBI and SEC are striving to make sure private and business entities have the capabilities to protect themselves and their customers, they can only educate the public once they have identified and addressed a given threat. Considering this pattern, the panel was asked: “will we always be one step behind bad actors in cyberspace?
Most experts said yes. Although the general public is growing more and more aware of the reality of the risks associated with data breaches and compromised security, so too are malicious actors growing increasingly sophisticated and complex. While it is not out of the question that cybersecurity will reach a point where the safety has outpaced the scoundrels, the current pattern has shown no signs of letting up. Particularly with the forthcoming onset of 5G and the additional threat surface that comes with it, for the foreseeable future, the name of the game is upkeep and continuing diligence.
About Capsicum
With years of experience mitigating cyber-threats, including company insiders, misconfigurations, missing security updates, malware, and programming errors, Capsicum’s team knows how deeply a company suffers when an intruder exploits their network’s vulnerabilities. For companies seeking more robust security in their current network, our team members perform a thorough, top-down assessment to create a unique security profile for your company.
Our Certified Ethical Hackers (CEH) and Computer Hacking Forensic Investigators (CHFI) provide risk assessment, penetration testing, code review, cloud security, threat hunting, and phishing attack simulation in order to create a unique security profile for your company by flagging vulnerabilities and anticipating weaknesses within your technical infrastructure and verifying that the policies, procedures, and controls you have in place are truly being enforced. With Capsicum at your side, risk assessment, penetration testing, code review, cloud security, threat hunting, and phishing attack simulation are just a few of the services our team of law enforcement and military-trained technology professionals can perform. If your business network has already been compromised, we use state-of-the-art forensic techniques to investigate all possible threats and respond to incidents quickly and effectively. We then work with you to set up world-class solutions that minimize your risk of future incidents.
If you have additional questions regarding any of our services, please do not hesitate to contact us either by phone or email.