Get Your Global Excellence Awards Entry Kit Now
Security Predictions and Directions
Join the Cyber Security Worldwide Community on LinkedIn
 Home Executive Briefings Security Predictions Entry Kit Global Excellence Volunteer as Judge Register Awards About
 

2018 Security Predictions and Directions

Bitcoin and Cryptocurrency fraud on the rise in 2018
Steven Bearak, CEO & Co-Founder - IdentityForce, Inc. - Framingham, MA USA

With a market capitalization today approaching $200 billion, Bitcoin accounts for over half of the market capitalization of all cyber currencies, as reported at www.coinmarketcap.com. However, remember, even cyber currencies aren’t immune to hacking. In fact, it’s well-known that hackers are now taking over one of the key components of personal information – the mobile phone number – to reset passwords. These fraudsters, within seconds, can then change the password within a virtual currency wallet and simply drain the funds. Just like that. This is certainly a key component of fraud for us all to keep a watchful eye on in 2018. 

Brief Biography
In 2006, siblings Steven Bearak and Judy (Bearak) Leary co-founded IdentityForce, Inc. Since then, the two have continued a nearly 40-year family tradition of pioneering the identity theft protection industry. Under Steven’s leadership, the U.S. government awarded IdentityForce elite Tier-One status as an approved provider of identity protection services for data breaches affecting over 21.5 million people. Steven is often sought out by the press as a source for pertinent security topics spanning consumer and business audiences, and he writes regularly for HR and security publications.
Important Issues:
  • The Dark Web will get… Darker! There are over 4 billion indexed pages on the Web, but the growth of the Dark Web will increase as the value of Personally Identifiable Information (PII) keeps increasing (and more breaches are happening).
  • The information on the Dark Web can be used to impersonate legitimate consumers to open bank or credit card accounts, purchase products and services, and much more. And, the most popular form of payment accepted on the Dark Web is Bitcoin.
  • At this point, it’s not a matter of if your personal information is on the Dark Web, but how much of it is there being bought and sold.
Direction for CSOs and Decision Makers:
  1. With the consumerization of IT and the continuous blend of personal and professional lives, CSOs continue to be focused on securing data on any and every device accessed by their employees.
  2. The InfoSec teams are responsible for the security processes and protocols within the four walls of the organization. However, encouraging them to work alongside Human Resources teams is hugely beneficial to help those same best practices carry over outside.
  3. By having IT and HR team up, regular training and ongoing education can be one of the best defenses to protecting sensitive company and employee data, especially within organizations that have a mix of Millennials, Baby Boomers, and Gen Xers.
For 40 years, IdentityForce, Inc. has provided best-in-class, highly scalable, award-winning identity theft, privacy and credit protection solutions to consumers, businesses, and government agencies. With IdentityForce, members benefit from the most robust and award-winning identity protection, going as deep as Dark Web monitoring to keep personal information safe. A pioneer of identity protection, IdentityForce’s innovation and customer-centric approach has made the company a trusted partner for both organizations and individuals. IdentityForce also provides custom-tailored programs to organizations enabling them to build closer relationships and additional revenue streams. Learn more at www.identityforce.com.

AI and machine learning takes on more importance
Timothy Liu, CTO, Co-founder of Hillstone Networks - Hillstone Networks - Santa Clara, CA USA

Systems utilizing security analytics has been gaining acceptance for the past few years. These systems hold the promise to discover complex patterns inside large amount of data, not possible with human eyes. Security analytics have found their way into existing products such as endpoint security and SIEM, as well as creating product categories such as UBA/NBA (User Behavior Analysis/Network Behavior Analysis). With the advancement of AI and machine learning technology, the capability of these systems can be greatly improved. We will find more security products and service offering using machine learning, and more security budget allocated for them.

Brief Biography
Timothy Liu is founder and CTO of Hillstone Networks where he oversees technical roadmap and product strategy. Before founding Hillstone, Timothy was in NetScreen and Juniper where he developed for ScreenOS VPN and kernel, and later on managed ScreenOS VPN team. Previously, Timothy held various engineering positions in Intel and Silvan Networks. Timothy Liu holds a Ph.D. in Physics from University of Texas at Austin, and Bachelor of Science from University of Science and Technology of China.
Important Issues:
  • AI and machine learning.
  • Ransomware.
  • Cloud Security.
Direction for CSOs and Decision Makers:
  1. More security budget allocated for security products and service offering using machine learning.
  2. As the increasing in security incidents shows that the cloud will be the new battleground in the defense against cyber-attacks.
Hillstone Networks’ Layered Threat Protection provides continuous threat defense at perimeters, internal networks and their critical assets, down to each virtual machine. Established in 2006 by NetScreen, Cisco and Juniper executives, Hillstone Networks is relied on by more than 15,000 customers around the world, including Fortune 500 companies, higher education, financial institutions and service providers. Hillstone Networks’ US headquarters is located in Santa Clara, California.

Upsurge in software security as CISOs mandate application security testing
Anita D'Amico, CEO - Code Dx - Northport, NY USA

Vulnerabilities in an organization’s software applications are among the primary vectors used by attackers to breach a system. The Equifax breach was just one of many attacks traced back to the exploitation of a software vulnerability. During just the third quarter of 2017, there were more than 230 million web application attacks on U.S. websites. Mobile and Internet of Things (IoT) apps also present easy targets. Approximately 30% of mobile apps and 38% of IoT apps contain significant vulnerabilities that can be exploited by attackers.

After decades of investing resources in network security, attention is now shifting to application security (AppSec). CISOs, Boards of Directors, and the U.S. government realize that any sound security program must include AppSec, which extends to security testing of all their enterprise, web, mobile and IoT apps, as well as the third-party software components they use. Insecure software represents a liability that they are now addressing by maturing their own organization’s AppSec programs, and demanding that their suppliers do the same.

In 2018, we will see increased adoption of application security processes, well beyond the post-release penetration testing used by many to date. There will be an upsurge in static security testing used during software development, automated penetration testing, assessment of the vulnerabilities in third-party libraries, as well as AppSec training of developers and security analysts.

Brief Biography
Anita D’Amico, PhD is the CEO of Code Dx, Inc. which provides solutions to analyze and manage vulnerabilities in software. She started her career as an experimental psychologist, and for the past twenty years has applied that background to enhancing the performance of cybersecurity analysts. For the past seven years she has focused primarily on methods for increasing the adoption of security practices during the software development process.
Important Issues:
  • Increasing the speed, ease and automation of application security, so that security testing and remediation can keep pace with the rapid release cycles of web and mobile applications.
  • Raising awareness within the software development community of the need to build security into every stage of the Software Development Lifecycle.
  • How to combine network and application security in a way that each adds value to the other.
Direction for CSOs and Decision Makers:
  1. Invest resources in building security into your software from the start, to avoid more costly post-release patches and breaches.
  2. Do not rely on any single technique or tool for testing the security of the software you offer or use. Few work well alone, but used together they offer good vulnerability coverage.
  3. DevSecOps: Build security into your DevOps pipeline.
The State of Patching: Our Biggest Vulnerability?
Juan Perez-Etchegoyen, CTO - Onapsis - Boston, MA USA

In the age of named vulnerabilities and marketing-driven vulnerability disclosure, security professionals are under pressure to get ahead of the next big threat. But is this approach backfiring? Organizations continue to leave themselves exposed by not regularly and properly applying security patches - which can be more damaging than preparing for the next named vulnerability.

Brief Biography
Juan Pablo leads the Research & Development teams that keep Onapsis on the cutting-edge of the business-critical application security market. His SAP and Oracle cyber-security research has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing’s and Standards.
Important Issues:
  • Cryptocurrency miners gaining access through unpatched systems.
  • New ERP application attacks.
  • Migration of Business-Critical Applications to the Cloud.
Direction for CSOs and Decision Makers:
  1. Properly building and prioritizing patch schedules and processes.
  2. Aligning IT application, audit and security teams internally.
  3. Making security an enabler for digital business transformation projects.
Most organizations will continue to struggle with their sensitive data
Jonathan Sander, Chief Technology Officer - STEALTHbits Technologies - Hawthorne, NJ USA

In 2018, organizations will continue to invest in perimeter, network, endpoint, and application security. Most organizations will continue to struggle to focus on their most critical assets, sensitive data. Without a true focus on sensitive data and credentials, specifically Data Access Governance programs, organizations will fail to protect the assets that are prized by adversaries. 

As regulatory compliance standards like EU GDPR and 23 NYCRR 500 mandate organizations to have true Data Access Governance programs in place, we will see a slight focal shift. This shift will be because of the regulatory mandates, but it will not be a significant shift because of the unwillingness of C-Level executives to invest in security. 

Within security organizations, data security teams will need to continue to focus on people, process, and technology. They will need to identify the holes in their organizations, both from a personnel standpoint as well as a processes standpoint, then implement the proper technologies to help with some of those gaps. Ultimately, automation through technology will be key in supplementing the gaps in the people and process problems. 

Brief Biography
Jonathan is responsible for driving technical innovation, ensuring that STEALTHbits is well positioned in their current and emerging markets. Jonathan also plays the role of evangelist at STEALTHbits venues large and small. Prior to STEALTHbits, Jonathan was VP of Product Strategy for Lieberman Software. At Quest Software from 1999 through 2013, he worked with the security and ITSM portfolios and helped launch Quest’s IAM solutions, directing all business development and product strategy efforts. Previously, he was a consultant at Platinum Technology focusing on the security, access control and SSO solutions. Jonathan graduated from Fordham University with a degree in Philosophy.
Important Issues:
  • Cyber Security skills shortage – the hiring gap. With more than 1 million unfilled cybersecurity jobs, being able to train and retain top security talent within organizations is going to continue to be critical.
  • Sensitive Data – being able to discover, classify, and set the appropriate security levels for your sensitive data—and monitoring access and changes in real-time— so that adversaries (insider or external) can't exploit or steal your data & credentials.
  • EU GDPR, 23 NYCRR 500, and other regulatory compliance standards – gearing up for the change in how we protect our data and the massive fines that could be assessed if we do not do so appropriately.
Direction for CSOs and Decision Makers:
  1. Go back to the basics – ensure your foundation is structurally sound by implementing basic security policies and protocols. Then, actually enforce them. Verify critical security configurations in Windows. Monitor the proper usage of privileged accounts.
  2. Focus on what matters most – every attacker is after the same two things; credentials and data. Securing credentials and data is the most logical and most pragmatic way to reduce an attacker’s opportunity to carry out a successful breach.
  3. Make Security Part of Doing Business – take the time to invest in your employees and get them to incorporate security into their everyday mindset. To educate employees, companies must create their own security awareness programs and start with basics.
With digital transformation, access security moves up strategic stack
Scott Gordon, Chief Marketing Officer - Pulse Secure - San Jose, CA USA

The conventional approach to access security is about control and limitations. This is problematic, because when access and collaboration becomes a challenge, users will find a way around barriers. This goes beyond Shadow IT. Access control gaps and security incidents will only get worse with the proliferation of end user devices, the increase in malware (ransomware), and the growth of IOT devices on corporate networks. At the same time, organizations want to take further advantage of hybrid cloud and mobility – placing greater demands on user experience, availability, and contextual authentication requisites. Organizations will need to be more progressive in architecting how to bridge their users and devices with key applications and information in a multi-cloud environment, and assure appropriate access compliance within and outside their network - often on a global scale. This is about coupling protection with ease of access, flexible consumption, on-demand deployment and resources optimization. This strategically shifts the focus to enablement rather than restriction. As such, the role of integrated on premise and cloud secure access technologies will move up the CTO, CIO and CSO’s security stack.

Brief Biography
Scott Gordon (CISSP) is the chief marketing officer at Pulse Secure. He possesses over 20 years’ experience contributing to security management, network, endpoint and data security, and risk assessment technologies at innovative startups and large organizations. Previously, Scott was CMO at ForeScout (FSCT). He has also held executive and management roles at AccelOps (acq by Fortinet), Protego (acq by Cisco), Axent (acq by Symantec) and McAfee.
Important Issues:
  • Closing hybrid IT access security gaps.
  • Piecemeal IoT defenses.
  • New consumption blind spots.
Direction for CSOs and Decision Makers:
  1. Hybrid IT phased migration.
  2. Policy-based orchestration.
  3. VPN and NAC integration.
Professionals drowning in meaningless alerts demand “less is more” approach
Joseph Polverari, CEO - Versive - San Francisco, CA USA

As we all know, cybersecurity companies are racing to use AI to improve security, but most still fail to stop or even slow down adversaries. Bolting on machine learning on to an anomaly detection framework only surfaces more anomalies. Networks are very noisy, and most tools are unable to separate the merely anomalous from the truly suspicious. Sadly, CISOs and security teams have become trained to expect this “cyber theatre” and falsely believe that a solution is more effective because it is sending more alerts.  

But as the old adage goes, quantity doesn’t mean quality. In cybersecurity, delivering less to the analyst will ultimately provide them more value. How?

Delivering genuinely valuable results over a barrage of clutter requires a radically different methodology: one that is abstracted away from the detection of specific tools, signatures, and IoCs. All adversaries (from the simplest to the most sophisticated) must engage in core campaign behaviors that are effectively impossible for them to avoid, and these behaviors reveal themselves in internal network data. Focusing on campaign behavior makes it possible to eliminate the vast majority of meaningless alerts you get today, in favor of connected activities that highlight genuine adversary behavior.

The greatest opportunity for defenders to take back the upper hand is an abstraction away from detection of ever-changing tools and the resulting endless stream of alerts, and towards the investigation of the few, readily actionable summaries of unfolding adversary campaigns. New solutions that cut through noise will enable professionals to work smarter. 

Brief Biography
Joe is responsible for driving overall business and operational strategies to accelerate growth. His expertise is in delivering disruptive technologies that solve complex, machine-scale enterprise problems.

Prior to Versive, Joe was Chief Strategy & Development Officer at Yodlee, responsible for global strategy, go to market, business and corporate development activities, and entrepreneurship. Joe has over 20 years of experience in multinational business strategy, including two IPOs.

Joe holds a BS in Economics and Juris Doctorate from Santa Clara University, and a certificate in business management from the Stanford Graduate School of Business.
Important Issues:
  • Netflow capture.
  • Cloud security.
  • Artificial Intelligence / Machine Learning.
Direction for CSOs and Decision Makers:
  1. Embrace netflow capture for internal network visibility.
  2. Focus on understanding holistic adversary campaigns, not alerts.
  3. Apply the same security scrutiny to cloud-based assets as your on-premises assets.
GDPR will have enormous impact on the global security landscape
Ambuj Kumar, CEO and co-founder - Fortanix - Mountain View, CA USA

GDPR is a binding, legislative act where companies can be fined for not being compliant. Any data that can be used to identify a person – directly or indirectly – such as financial data, photos, home addresses, medical information, social media, IP addresses, is all protected under the GDPR. This includes organizations on a global level that collect data and distribute it across multiple data centers and nations. Being GDPR compliant involves a lot more than technology, as companies also need to create a culture of privacy and adopt initiatives for business process change. Sensitive data can be collected from customers only for legitimate business needs. Companies need to understand their exposure and commit to continuous compliance. Efforts need to be driven by business unit leaders, legal teams and IT teams coming together to help ensure this commitment. In addition, they need to be open to embrace the methods that will ensure privacy protection. 

Brief Biography
Prior to founding Fortanix, Ambuj was lead architect at Cryptography Research Inc. where he led and developed many of the company's security technologies that go into millions of devices every year. Previously, he worked for NVIDIA where he designed world's most advanced computer chips including world's fastest memory controller. He has Bachelor of Technology from IIT Kanpur and Masters of Science from Stanford University, both in EE.
Important Issues:
  • GDPR
  • BYOK
  • Runtime Encryption
Direction for CSOs and Decision Makers:
  1. GDPR requires a people, process and technology approach with encryption and key management technologies playing a fundamental role for privacy.
  2. Encrypt your data to securely adopt public cloud but use BYOK to remain in control and avoid vendor lock-in.
  3. Establish policies for running highly sensitive workloads in untrusted environments of public cloud and evaluate new technologies that provide Runtime Encryption protection.
Rapid convergence in the application security product market
Jeff Williams, Chief Technology Officer and Co-Founder - Contrast Security - Baltimore, Maryland, USA

The need for application security has never been more critical. As businesses are transformed from real world functions into digital ones, the amount of code being produced continues to skyrocket. We are seeing a rapid increase in the number of libraries and frameworks in use, the number of connections made by applications and APIs and the speed of deployment. All of these factors make applications more difficult to secure. Meanwhile, applications are being used for more and more critical things. To anyone paying attention, it's pretty obvious that we'll see more and more breaches in 2018 and beyond. 

In order to make progress in application security, we must automate. There simply aren't enough experts to do the job manually. In fact, tools designed for experts don't help, as they are difficult to install, burdensome to run and complex to interpret the output. If an expert has to be involved, it's really not automation at all. We need tools that novice developers and operations staff can use effectively. To scale effectively, application security tools have to run continuously across an entire application portfolio in parallel. 

Application security is too important to trust to a patchwork of unintegrated tools. The market in 2018 will driving towards a unified approach that covers organizations in two ways. Developers are empowered to deliver clean, secure code and operations gains confidence that attacks are identified and blocked in production. 

Brief Biography
Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. Previously, Jeff was co-founder and CEO of Aspect Security, a successful and innovative application security consulting company acquired by Ernst & Young. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years.
Important Issues:
  • Organizations that move to DevSecOps will thrive against their competition.
  • Attacks after a vulnerability disclosure will happen faster than ever.
  • Federal breach legislation will force companies to disclose breaches quickly.
Direction for CSOs and Decision Makers:
  1. Increase the focus on application security within security budgets.
  2. Aggressively embrace cloud and DevSecOps.
  3. Add new approaches, not new employees, to fix the cybersecurity skills gap.
This is the year for Blockchain - no really!
Jason Remillard, Co-founder and Chief Technology Officer - Data443 Risk Mitigation, Inc. - Raleigh, NC USA

X/Y/Z-Coin aside, 2017 can be considered the epoch for blockchain technologies entering mainstream. With so many use cases to work with (really - just consider what a RDBMS or a public RESTFul API is used for today) - the technical challenges of blockchain are well handled. Anyone now can start, host and manage their own blockchain. This will spawn off a whole wave of integration, collaboration and synchronization requirements.  

More importantly for Data443 - all of this requires security, encryption, identity, reporting, and other standard IT security use cases - WE WILL BE THERE.  

For example, just this week some great news out of Davos that (for me anyways) has an audacious goal - a blockchain for every identity on the planet (specifically the over 1.5 BILLION - that can not prove an identity). We are used to audacious goals of the past (Google organizing the worlds' information, Facebook connecting everyone that wants to, etc.). - we are going to be there in a supportive and key role - its going to be a busy 2018!

Brief Biography
Jason Remillard, MBA, CISSP is the President of Data443 Risk Mitigation, Inc. (OTCPK: LDSR). He is a founding member of the Blockchain Executive Group and has been involved in various types of financing and trading activities during his career. He is also the former VP of CISO Global Security Architecture and Engineering at Deutsche Bank. He has been in the security business for over 25 years.
Important Issues:
  • Data Security and Protection - in a distribution world.
  • Identity Proof and Governance.
  • Data Privacy - and letting your customers manage it themselves - you have to 'release' it!
Direction for CSOs and Decision Makers:
  1. Don't forget the basics! - defence in depth, testing and validation, etc.
  2. Trust no one! - your third party risk and compliance programs will probably need much more support this year.
  3. Leverage and contribute to your network! We are all in this together - everyone will have great ideas and guidance - use it!
Protecting against exploits in production becomes a cornerstone in cyberdefense
Kunal Anand, Co-founder and Chief Technology Officer -Prevoty - Los Angeles, CA USA

With recent breaches getting more impactful and damaging than ever, organizations need to stay ahead of the threat curve and invest more in defensive measures. Post recent breaches, the importance of protecting applications has reached new heights with the understanding that most breaches occur through exploitation of inherent vulnerabilities in applications. We predict that security budgets will once again increase, due to the fact that despite consistent increases in spending over the last few years, the bad guys remain successful in their endeavors to wreak havoc. The ability to protect against those exploits in production will become a cornerstone in cyberdefense. 

Brief Biography
Kunal Anand is co-founder and CTO of Prevoty, the leading provider of autonomous application security solutions. Previously, he was Director of Technology at the BBC Worldwide, overseeing engineering and operations across the company’s global digital entertainment and gaming initiatives. Anand also has several years of experience leading security, data and engineering at Gravity, MySpace and NASA’s jet propulsion laboratory. His work has been featured in Wired Magazine and Fast Company. He continues to develop the patented security technologies that power Prevoty’s core products. Anand received a Bachelor of Science from Babson College.
Important Issues:
  • Legacy application risk - Many organizations are still deploying legacy apps with known and unknown risk. Resource scarcity negatively impacts SSDLC programs; DevOps simply isn't a viable solution. As an industry, we need to come up with alternatives.
  • Wrapping security around a decentralized world - containers, IoT, and micro-services, are making it incredibly difficult for security teams to architect and implement security controls. We need to collectively create best practices.
  • Noise reduction and better issue identification - There is just too much noise produced by point solutions and the SOC can't scale exponentially. As an industry, we need to create better frameworks/models to filter noise & identify real security events.
Direction for CSOs and Decision Makers:
  1. As computer workloads move to the cloud, CISOs need to re-evaluate their budgets and focus on what's relevant.
  2. Leverage DevOps for better application monitoring. rather than looking at DevOps as a means to deploy code, I suggest that CISOs should look at trying to capture the pulse of what's already happening in production.
Identity will become the new currency in 2018
Stephen Maloney, Executive VP of Business Development and Strategy - Acuant Inc. - Greater NYC, NY USA

In 2018, the concept of the value of personally identifiable information - and where and how it should be accessed - will be brought to the forefront. High profile breaches like Equifax have made people question the methods currently being used to safeguard this data. The emergence of new technologies like biometrics will also introduce new challenges as organizations and government entities struggle to safeguard PII data.

The continued deluge of data breaches has left consumers frustrated with the current identity verification process. As such, identity - and protecting that data - will have greater value than ever before. This notion will drive consumers to advocate for more ownership over how and when their personally identifiable information (PII) gets shared. They'll expect financial institutions, retailers and government entities to better protect their data while offering greater flexibility around how it's being used. is fast and agile, while also protects users, applications, and data. Identity will help to drive a customer first mentality for business and government alike. Businesses that better leverage identity will transform their businesses in the digital age becoming agile while protecting the consumer.

Brief Biography
Stephen joined Acuant in May 2016 with the acquisition of AssureTec. Prior he was co-founder, director and president of SolutionPoint International, a diversified security and risk management company, and Chairman of Design2Launch, a pioneer in digital workflow software that was sold to Eastman Kodak Company (NYSE:EK). As EVP of MSA he was at one of the first companies to receive Safety Act certification by DHS. Earlier he co-founded and was CEO of i3 Mobile, a leader in wireless information leading the company to a successful IPO (NASDAQ:IIM). He graduated from Fordham, has an M.B.A. and has held TS clearance.
Cyber technology is going to consolidate
Greg Fitzgerald, Chief Operating Officer - Javelin Networks - Austin, TX USA

With over 1500 cybersecurity vendors in the market and many that have been started with seed, A and B round funds over the past 3 years, there are just too many vendors competing for to few customers. Customers are confused by 'marketing claims' that are overreaching, confusing or just plain lies by the vendors. Hence, they are now cautious about evaluating new vendors -slowing the buying process - and putting pressure on vendors to survive. So while there may be great technology to advance the 'good guys' over the bad. Many will not survive because the bigger, more financially stable and often times less quality companies are able to outmaneuver (or outlast) the better tech. Its a game of survival for both the buyer and the vendor.  

As such, the industry is in an oligopoly where just a few big vendors dominate the space (Palo Alto Networks, Symantec, ProofPoint, Cisco, Fortinet, etc.) and only a handful of emerging vendors that have risen to the top of the startups (Cylance, CarbonBlack, Crowdstrike, etc.) and thousands of smaller ones. Natural progress of big fish eating the little ones and the middle fish out muscling and out maneuvering the big and small. Its going to be an interesting 2018.

Brief Biography
With over 25 years of creating, growing and leading the biggest cybersecurity brands in the industry, Fitzgerald is constantly in touch with the trends, vendors, buyers and investors. He's successfully taken to market game changing protection solutions like TippingPoint IPS, Sourcefire FireAmp, Fortinet UTM, Cylance AntiMalware and Javelin Networks Active Directory Protection. He advises emerging technology companies that protect and prevent cyber attacks (and actually work!).
Important Issues:
  • Awareness their solution is unique and sustainable.
  • Hiring the right employees in all departments.
  • Funding and cash flow.
Direction for CSOs and Decision Makers:
  1. Look beyond the vendor marketing to the product and team building it.
  2. Ensure you buy technology that integrates with the ecosystem to reduce cost and improve compatibilty.
  3. Take a chance on new tech, 'legacy' is now tech that is just 3 years old. The bad guys are ahead of us!!
2018 Will Be a Year of Huge, Automated Attacks
Chandra Pandey, Founder and CEO - Seceon - Westford, MA USA

2018 will be a year in which cyber-attacks will target industries hitherto bypassed by the majority of digital criminals. Manufacturing will be hit hard as well as healthcare and financial sectors, particularly as attack vectors increase and attackers figure out how to automate attacks for bigger and better pay offs. Looming regulatory compliance requirements will also present challenges for small and mid-sized businesses.

Would-be invaders know how to leverage or steal huge computing power to go after smaller, less protected businesses giving attackers easier targets with valuable payouts. More attacks will be directed towards small and medium sized banks, hospitals, manufacturers.

Therefore, you will see these companies turning to managed service providers to better protect themselves against today’s maelstrom of rapidly evolving threats. The threat landscape demands automated threat detection and elimination with greater accuracy than humans or traditional perimeter defenses can provide. MSSPs are under pressure to deliver affordable differentiated services to clients, easily deployed at scale, simplifying on-boarding and growth of new clients.

As such they will continue to evolve traditional offerings with new services specifically aimed at delivering managed detection and response (MDR). According to Gartner, by 2020, 80% of worldwide MSSPs will offer MDR-type services. MDR is a natural service extension, especially when it comes to supporting resource-constrained SMB customers. By enabling MSSP partners to deliver MDR services vendors like Seceon will play a strategic role in new provider offerings by embedding real-time, automated threat detection and remediation solution in these services.

Brief Biography
Before founding Seceon, Chandra was General Manager and Vice President of Platform Solutions, BTI Systems. He led the global team launch of the Intelligent Secure Cloud Connect platform to more than 20 deployments in less than 18 months. Chandra has also held senior leadership roles at Juniper Networks, Ciena, Lucent and HP. At Juniper, he led the worldwide Solutions Architecture and Engineering teams, delivering integrated security solutions for enterprise, service provider, managed service organization and major OEM partners. Chandra holds multiple patents in application virtualization, highly scalable data center architecture, scalable multicast distribution and power optimization for high performance computers.
Important Issues:
  • Delivering zero-trust security with machine learning and AI-based automated threat detection and response.
  • GDPR compliance.
  • IoT.
Direction for CSOs and Decision Makers:
  1. Implement solutions that increase visibility across all aspects of your network (applications, users, hosts, services) and enable your security teams to automatically analyze and detect anomalous activity and eliminate it before it inflicts damage.
  2. Increasingly complex networks, platforms and applications demand scalable security solutions that can ingest critical data points for analysis.
  3. Time is not on your side; seek to address prioritized threats - existing and zero-day - in real time.
Spear phishing becomes more dangerous method of cyber attack
Amy Baker, VP of Marketing - Wombat Security Technologies - Pittsburgh, Pennsylvania, USA

While phishing, in general, will remain a prominent cyber threat in 2018, we expect spear phishing to be more frequently used by cybercriminals to narrow in on high-value targets. We studied spear phishing in our 2018 State of the Phish™ Report, and found good and bad news: On average, 13% fewer companies said they experienced this form of attack in 2017 than in 2016. However, many of the organizations that did experience spear phishing in 2017 reported an alarmingly high frequency each quarter. Eight percent of organizations we surveyed experienced 26 or more spear phishing attacks per quarter. An additional 21% of businesses recorded between 6 and 15 attacks per quarter. 

Spear phishing is a type of social engineering attack in which cybercriminals tap into multiple sources of information — like social media postings and voice phishing (vishing) calls — to gather details that personalize their attacks, making them very difficult for users to spot. These techniques are often used in damaging business email compromise (BEC) attacks, which the FBI and others have flagged as pervasive threats. These types of targeted, sophisticated attacks can lead to fraudulent wire transfers or loss of sensitive employee data (like W-2 statements or other tax information), and absolutely rely on end-user participation for success. The ideal strategy against spear phishing emails — given that technology safeguards often miss them — is a proactive, comprehensive training program that helps users identify and avoid the hallmarks of these types of attacks.

Brief Biography
Amy Baker, Vice President at Wombat Security Technologies, has been in the information technology and security industry for more than 25 years and has been specifically focused on infosecurity awareness and training for the last several years. Amy led the development of Wombat’s Best Practices Methodology for Security Education programs and, along with her team, drives the enhancement of Wombat’s security education software. She has presented at Gartner Security and Risk Management summits, ISSA, ISACA, eCrime Congress, SecureWorld, and Security Current.
Important Issues:
  • GDPR compliance.
  • Data integrity.
  • End-user awareness.
Direction for CSOs and Decision Makers:
  1. Take a proactive, continuous approach to cybersecurity awareness training.
  2. Make cybersecurity a top-down, side-to-side initiative within your organization.
  3. Don’t assume technology will save you, invest in the human element of security.
Better personal data protection by the GDPR deadline
Kris Lahiri, Data Protection Officer - Egnyte - Mountain View, CA USA

On May 25, 2018, the General Data Protection Regulation (GDPR) will apply across all 28-Member States of the European Union (EU). This will impact all businesses dealing with personal data and usher in significant changes to currently used processes and tools. 

Implementation of the GDPR should prompt companies worldwide to conduct comprehensive assessments of all current processes and procedures used to handle any data, with a close look at procedures for handling personal data.

Focusing on breach management and updating notification processes should help ensure companies pay close attention to this extremely important aspect of cybersecurity. Although the GDPR is directed at protecting the data of EU residents, it will undoubtedly impact businesses worldwide as they look toward implementation. 

This regulation is expected to raise data handling standards across all industries.

Brief Biography
Kris is a co-founder of Egnyte. He is responsible for Egnyte's security and compliance, as well as the core infrastructure, including storage and data center operations. Prior to Egnyte, Kris spent many years in the design and deployment of large-scale infrastructures for Fortune 100 customers of Valdero and KPMG Consulting. Kris has a B.Tech in Engineering from the Indian Institute of Technology, Banaras, and an MS from the University of Cincinnati.
Important Issues:
  • Locating and classifying personal data.
  • Ransomware protection.
  • User behavior analytics.
Direction for CSOs and Decision Makers:
  1. Work closely with line of business leaders to truly understand their workflows. This will help head off shadow IT and foster healthy collaboration across all roles within the company.
  2. Continuously re-evaluate the skills that are available to you both internally and externally. The security landscape changes so rapidly that it’s important for your team to be able to rely on outside help and not be overwhelmed with responsibilities.
  3. Embrace automation and apply the philosophy of Dev-Sec-Ops as relevant to you.
Security companies will adopt new automation technologies in 2018
Jack Miller, Chief Information Security Officer - SlashNext - Pleasanton, CA USA

Over the last few years we have seen significant increases in the amount of file-less attacks like social engineering attacks. Current security technologies are often too cumbersome and complex, which requires added staff to identify and block incoming attacks. Consequently, in 2018, more security experts will adopt automated systems that use cognitive computing techniques to immediately identify incoming attacks and produce a fast binary verdict of either “safe” or “malicious.” The training and awareness programs that have been implemented to address these threats have proved ineffective and will be augmented with technical controls that leverage cognitive computing to protect employees when they access the Internet. 

Brief Biography
Jack Miller brings more than 25 years overall experience and 18 years’ experience as a CISO from a variety of industries to SlashNext. Prior to SlashNext, Jack held an executive in residence role at Norwest Venture Partners where he contributed to the SlashNext evaluation and funding decision. Jack served as CISO at American Automobile Association (AAA - Auto Club Enterprises), Orange County and Riverside County and as a Corporate Information Security Officer at Pacific Life Insurance. Jack has authored a cybersecurity patent, security bylines for numerous technology publications and speaks regularly at industry conferences and events.
Important Issues:
  • Plugging the current talent shortfalls.
  • Providing adequate funding for security budgets.
  • Adopting new and innovative technologies.
Direction for CSOs and Decision Makers:
  1. Don’t assume employees can think like hackers, instead support them with orchestration tools that automate the interaction between various security systems, eliminating the need for manual intervention.
  2. Don’t assume hackers don’t want anything your company has, or the need to worry about security because their company is small or flies under the radar. Assume they want what you have, even if it's just access to your big partners or customers.
  3. Look at security as an evolving investment. Don't assume that the technologies which stopped malware ten years ago will stop the latest types of attacks now.
Continued increase in fileless and memory-based attacks
Satya Gupta, Co-founder and Chief Technology Officer - Virsec - San Jose, CA USA

In the second half of 2017 we saw more than a tenfold increase in major fileless and memory-based attacks, driven by their effectiveness and ongoing damage from the Shadow Brokers leaks. We expect this trend to continue well into 2018, until security vendors find more effective means to block these attacks. 

Brief Biography
Satya Gupta is Virsec’s visionary and has over 25 years of expertise in embedded systems, network security and systems architecture. Prior to Virsec, he was Director of Firmware Engineering at Narad Networks and Managing Director and Chief Engineer at Eastern Telecom and Tech Ltd. Satya holds six patents in complex firmware architecture with products deployed to hundreds of thousands of users. He holds a BS degree in Engineering from the Indian Institute of Technology in Kanpur and additional degrees from the University of Massachusetts at Lowell.
Important Issues:
  • Application security.
  • Memory-based and fileless attacks.
  • Ongoing fallout from Spectre and Meltdown.
Direction for CSOs and Decision Makers:
  1. Change your mindset from chasing threats to stopping real attacks.
  2. Perimeter security is increasingly irrelevant, especially as infrastructure moves to the cloud.
  3. Applications are the new security battleground – secure them first, not last.
Businesses get stronger through cyber resilience, if they prepare
Chris Moyer, Vice President & General Manager, Security - DXC Technology - Tysonse, VA USA

Companies know that security threats are an inevitable part of running a business in today’s connected world. In 2018, enterprises will become more resilient by planning, practicing, measuring and continuously refining their response to cyber-attacks, threats and vulnerabilities. Despite the many destabilizers facing enterprises today, businesses will gain strength through frequent cyber resilience drills that stress the end to end process. 

Brief Biography
Chris leads DXC Technology Security services, the world’s largest independent security services company. He provides strategy to implementation focused end-to-end Security services protecting, detecting and responding to the enterprise risk management needs of leading organizations. With over 4,000 security professionals, 16 global security operations centers - DXC Security powers digital transformations for enterprises with solutions tuned to industry needs.
Important Issues:
  • Cyberwarfare gets hotter.
  • Ransomware gains sophistication.
  • Patching increases, fueling enterprise frustration.
Direction for CSOs and Decision Makers:
  1. Focus on application security, promote DevSecOps development practices and invest in training and data handling; advocate for the practice of building in security at the start of any software development project.
  2. Before deploying security solutions, evaluate information security and make sure it still meets your organization’s needs with the changes in digital use and updates in regulations and legislation.
  3. Scanning the horizon for new threats and countermeasures is critical to protecting the business. Invest in Threat Monitoring and Detection solutions that integrate into your Security Operation Centers.
Attack vectors will emerge from what is considered secure today
Aviv Grafi, CTO and Co-Founder - Votiro - Tel Aviv, Israel

2018 will see an increase in the use of file sharing via platforms that are considered safe today. For example, Whatsapp, Dropbox, Box etc. Hackers will take advantage of this relaxed attitude towards these platforms and use that to attack organizations with ransomware and steal sensitive information, exposing user's personal information. 

Brief Biography
Aviv is the brains behind R&D and innovation at Votiro. He has accumulated over 10 years of experience in the fields of telecommunications, embedded technologies, and information security.

Prior to co-founding Votiro, Aviv served in an elite intelligence unit of the Israel Defense Forces, nurturing his passion for finding simple solutions to complex security issues.

Aviv holds a BSc in computer science, a BA in economics, and an MBA from Tel Aviv University. He is the inventor and principal software architect of Votiro’s enterprise protection solutions.
The year of AI-aided cyber-attacks
Nicola Whiting, Chief Operations Officer - Titania Ltd - Worcester, UK

2018 will be the year when AI and cyber-crime come to a head. At a recent conference, 62% of cyber security leaders polled believed there will be an AI-enhanced cyber-attack within 12 months. Cyber-weapons that use machine learning will eventually be able to attack organisations with a speed, scale and efficiency beyond the most sophisticated human hackers. They will have limitless time to learn and grow more intelligent as they won’t face the same biologically-imposed limits on their time and capabilities that humans do, such as the basic need for food and sleep. Crucially, they will be able to autonomously ‘learn’ and adapt to an opponent’s defensive strategies, effectively becoming smarter and more effective each time an attack is repelled.

This will compel humans to beat the attackers at their own game by turning to AI-aided cyber-defence. In the future, we will see governments and corporations with built-in AI that understands how all their individual device settings, such as firewalls and routers, interact with each other (just like a human would). We will also see AI deployed to learn from each cyber-attack and make humans smarter at resisting them. In the future, we may even see AI autonomously predict and intercept cyber-attacks before they occur. Automated technologies with built-in machine learning will work together to detect and connect disparate events, such as the CEO logging in from Russia while making a payment from Washington. 

Brief Biography
Nicola Whiting is Chief Operations Officer at Titania, which developed the world’s first advanced and detailed configuration-auditing tool. Nicola is a prominent figure in the cyber security world, who regularly comments in publications such as Huffington Post, the Guardian and the Financial Times. She was also named as one of SC Magazine’s 20 most influential women to watch in cyber security of 2017. Nicola has been instrumental Titania’s success, which in 2017 received the Queen’s Award for Enterprise and supports many of the world’s most recognisable organisations including: the FBI, PayPal, Cisco, and KPMG.
Important Issues:
  • The cyber security skills shortage and the emerging technologies that can help organisations plug their skills gap.
  • The need to look beyond basic cyber security software and consider emerging technologies that are able to contend with the rapidly evolving threat landscape.
  • Increasing regulation facing businesses, such as GDPR and the NIS Directive and the technology that needs to be considered to aid companies comply with this regulation.
Direction for CSOs and Decision Makers:
  1. Consider the regulations coming into play this year and the tools that will aid your ability to comply.
  2. Deploy tools that can be implemented seamlessly into your existing infrastructure and that will enhance your security team’s offering.
  3. Address the skills gap in your organisation with new technologies such as automation and ‘smart’ tools.
Cryptomining software will become the most wanted malware
Varun Badhwar, CEO & Co-founder - RedLock - Menlo Park, CA USA

There will be a sharp increase in cryptomining attacks as organizations rapidly adopt public cloud computing platforms such as AWS, Azure, and Google Cloud. While cloud computing enables business agility, the risk of exposure increases since more users have privileged access to these environments. Hackers are using compromised access keys to penetrate these environments, spin up compute resources, and mine crytocurrencies at the expense of the organizations.

Monitoring these environments for anomalous user activity is critical for detecting access key compromises. Organizations will need to rely on cloud security tools like RedLock that apply artificial intelligence to baseline normal user behavior and detect any deviations. In addition, these tools will need to automatically remediate issues in order to quickly close any windows of opportunity. 

Brief Biography
Varun Badhwar is the co-founder and CEO of RedLock, a venture-backed startup in the cloud threat defense space. Prior to founding RedLock, Varun co-founded CipherCloud where he oversaw product strategy and worldwide field operations. Previously, he was responsible for ensuring the security of the Force.com ecosystem at Salesforce. Varun was also a consultant within the Risk Advisory Services practice at KPMG, where he advised Fortune 500 Clients. He earned a Bachelor of Science degree in Computer Science from the University of Southern California, and has certifications for CISSP, CISA, and LPT.
Important Issues:
  • GDPR compliance.
  • Vulnerability management in public cloud computing environments.
  • Defending against cryptomining.
Direction for CSOs and Decision Makers:
  1. Ensure compliance by implementing policy guardrails across your public cloud computing environments.
  2. Integrate your existing vulnerability management tools with cloud security solutions to detect risky hosts.
  3. Monitor for anomalous user activity within your public cloud computing environment.
Consumers will control their identities and stop compromising their privacy
James Stickland, CEO - Veridium - Quincy, Massachusetts, USA

Despite the rapid use of social media in today’s digital age, there are no clear and concise guidelines to control digital identity. While we’ll certainly start to see progress in 2018 into identity ownership with General Data Protection Regulation (GDPR) (in the EU), we still have a long road ahead. Individuals must consider who we are authorizing to represent us on the Internet. Take Google, Facebook or Twitter, for instance, who have set themselves up as identity providers. Every time you’ve clicked “Login using Facebook” on a third-party website, you’ve authorized Facebook to represent you online. But they aren’t just sharing your data in a way you can see, they’re also selling it in ways you can’t. Essentially, your identity is now a form of currency and you’re not the one reaping the profits. Digital identity is ripe for disruption over the next decade, with savvy consumers taking back control over their identities as they stop trading privacy for convenience. 

Brief Biography
A seasoned executive in financial technology, James Stickland is tasked with driving business revenue and investment growth, as well as leading the company’s global go-to-market strategy for its flagship solution, VeridiumID. Based out of the company’s London headquarters, James comes to Veridium from the UK-based fintech firm Red Deer Systems. Previously, he held senior leadership roles at HSBC, JP Morgan Chase and CISCO SYSTEMS, where he specialized in expanding a pipeline of venture capital and accelerating innovation within emerging technology portfolios.
Important Issues:
  • Biometric authentication (including behavioral).
  • Self-sovereign identity.
  • Update all of your software and educate your employees about phishing attacks.
Direction for CSOs and Decision Makers:
  1. Empower your customers with transparency and incentives to manage their own data including identity, biometrics, medical and financial information.
  2. Build identity platforms that are flexible and can be changed quickly and seek solutions that push data back to customer storage options rather than vulnerable silos.
  3. Vendors are here to help. Bring them into strategy discussions, even difficult ones, you would rather not share. If they are inside, they can help.
Insider threats will gain more importance at enterprise cybersecurity landscape
Dennis Turpitka, CEO and Founder - Ekran System - Herndon, VA USA

New data breaches and new cyber espionage cases damaging business reputations and causing significant loss will make headlines. With external threats becoming more sophisticated and frequently involving internal actors as well, insider threat detection and protection strategy will become an important part of any business security policy.

Privileged user monitoring and data access audit will become not only formal compliance regulations, but also crucial components of corporate infrastructure health.

As the attention and demand will grow, cybersecurity market will extent insider threat protection segment and develop more offers not only for enterprises, but also for small and medium businesses. 

Brief Biography
Besides being CEO and Founder of Ekran System, cybersecurity company, Dennis is founder and CEO of Apriorit, a software R&D service provider focused on security and virtualization markets. 

For several years, Dennis managed the engineering department of Logmein, a public SaaS company. He is also the founder of several more security startups.
Important Issues:
  • Managing growing volume of security information.
  • Developing effective automated threat detection tools.
  • Transferring from automated detection to prevention and corresponding infrastructure changes as preventive measures.
Direction for CSOs and Decision Makers:
  1. Develop balanced comprehensive security strategy investing not only to the perimeter protection but also to internal threat detection.
  2. Gather best practices and typical use cases to share with partner vendors to push further product development.
  3. Think of all points of connection and potential data leak: from authorized and personal devices to clouds.
Vulnerable open source and third-party components will allow massive hacks
Jeff Luszcz, Vice President of Product Management - Flexera - San Francisco, CA USA

The impact of unknown and unmanaged open source and third-party software components was demonstrated during the Equifax Hack. The public nature of this attack brought awareness to the public and technology companies around the composition and management of the third-party software used to build modern software products.

Audit data shows that the typical technology company’s product is at least 50 percent open source and third-party software. Of the third-party components in use in these products, the vast majority (>95 percent) are unknown and untracked by the company. These components often contain known security vulnerabilities, or conflicts with a company’s open source license policy.

Without the use of Software Composition Analysis (SCA), companies are unable to ensure the security and compliance of their products.

With the increased pace of development, the worldwide distribution of teams and the increased quality and quantity of third-party components, software companies are depending more and more on “wiring” together reusable software components. This is software they didn’t create themselves and didn’t go through the same set of security reviews that home grown software did. While the quality of many open source components is higher than proprietary software, it’s often the case that once a version is selected, it’s ignored and forgotten as development moves on to new features. These forgotten components age out, and become attack vectors as vulnerabilities are discovered in them.

Additionally, software procured as part of the commercial supply chain is more opaque in terms of its own third-party dependencies. 

Brief Biography
Jeff Luszcz is the Vice President of Product Management at Flexera, the leading provider of next-generation software licensing, compliance, security, and installation solutions for application producers and enterprises. Prior to Flexera, Jeff was the Founder and CTO of Palamida, a leading provider of open source discovery and vulnerability management tools. Since 2004, he has helped hundreds of software companies understand how to best use open source while complying with their license obligations and keeping on top of security issues. He received his B.S. from Cornell University School of Operations Research and Industrial Engineering.
Important Issues:
  • Document, secure and manage your Software Supply Chain.
Direction for CSOs and Decision Makers:
  1. Work with your development and security organizations to start the process of discovering and managing your use of open source and third-party components.
Brownouts become challenging for IoT start-ups
Rob Martens, Allegion Futurist, VP of Connectivity Platforms - Allegion plc - Carmel, Indiana, USA

2018 will be a year of reckoning for IoT tech start-ups. As these companies move from Gen 1 concepts to mature operations, this is the year that many will stumble, plagued by brownouts in user support, security, and distribution. Early adopters are forgiving of a new concept, but by the time a company reaches Gen 2, expectations are high and brownouts and complexity test their patience. This is the inflection point – where tech start-ups make the leap to the next level of maturity and viability or remain a novel concept. 

Brief Biography
Rob is the global futurist for Allegion, where he is responsible for finding promising technology and solutions. Recently, Rob was named by Inc. magazine as one of the “20 influencers who will lead the Internet of Things” and recognized by Accenture and Forbes as one of “40 IoT leaders to follow on social media.” He is a frequent columnist and speaker on topics ranging from the IoT and connected home to the future of eco-system design and enabling technology.
Important Issues:
  • Seamless IoT and data security integration.
  • Addressing complexity and service expectations.
  • Building a business model that can last.
Direction for CSOs and Decision Makers:
  1. Reduce barriers to interoperability.
  2. Reduce friction points and simplify the user experience.
  3. Equip the organization to deliver its considerable obligation for product support.
Exploitation of IoT devices will increase significantly 
Rod Soto, Director of Security Research - JASK - San Francisco, CA USA

According to Gartner, the number of IoT devices will outnumber the world’s population by the end of this year and will grow to 20.4 billion by 2020. The introduction of new, cheaper devices like the Google Home Mini and security cameras are driving proliferation of IoT in the home and at businesses. Consumers are dropping these devices into their home Wi-Fi networks without any monitoring of the risks they pose. Most devices don’t even have an interface to manage them, so users don’t know if they’ve been compromised as part of a botnet attack or if it’s listening and sending their conversations to a malicious destination. These devices also allow hackers to gain entry to a home and to know if the owner is there or not, posing a huge risk to privacy. 

Brief Biography
Rod Soto has over 15 years of experience in information technology and security. He recently joined JASK as Director of Security Research. Rod has spoken at ISSA, ISC2, OWASP, DEFCON, BlackHat, RSA, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las Vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking tournament series.
Important Issues:
  • IoT Management/Security.
  • Ransomware targeting vertical markets.
  • Multi-factor authentication attacks & exploitation (SMS/Phishing).
Direction for CSOs and Decision Makers:
  1. Using AI/ML against ransomware attacks.
  2. Enhancing security operations using Machine Learning & feedback loops.
  3. Extending corporate defenses to home-based employees.
A major cryptocurrency exchange will be hacked
Rowland Johnson, CEO - Nettitude - Leamington Spa, United Kingdom

As organised crime units continue to focus on monetising their attacks, so they will adjust their efforts towards cryptocurrency platforms and exchanges. As this market is currently unregulated, the controls around the governance and risk is a lot less rigorous than conventional banks that hold traditional deposits. With cryptocurrencies becoming part of mainstream conversation, and rocketing values resulting in continued media attention, the threat against cryptocurrency is high. It will probably take a major currency to be breached or to fail, for this market to start being more heavily controlled by financial services regulators. 

Brief Biography
Rowland founded Nettitude in 2003 with a vision for providing high quality cyber security and risk management consultancy services for organisations across the globe. Rowland has developed an award winning company that delivers high quality consultancy services and is at the cutting edge of the security industry. Leading from the front, Rowland is a Qualified Security Assessor (QSA) for the Payment Card industry (PCI) as well as a Payment Application Qualified Security Assessor (QSA) and a Point to Point Encryption QSA. Rowland is a CESG CHECK Team Leader and a CREST Team Leader Infrastructure.
Ransomware-as-a-Service is Changing the Malware Dynamic
Grant Elliott, CEO and President - Ostendio - Arlington, VA USA

Ransomware was revitalized in 2017, the year of ransomware, and the malware has evolved into Ransonware-as-a-Service. The Wannacry and NotPetya attacks brought ransomware to the forefront of public conscious – with many people experiencing it for the first time. 

It’s becoming easier for anyone, even non-technical people, to simply download a ransomware tool and initiate their own attack. What this means is that essentially attacks can come from anywhere, are completely random and only latch on when it finds something of value. With huge sums of ransom handed over in 2017, there is no incentive to stop.

Businesses need to commit to moving forward with technical and procedural solutions which can protect them from attacks which can ruin their networks and reputation. 

Brief Biography
Grant Elliott is the CEO and Co-Founder of Ostendio, a cybersecurity and information management SaaS platform. He is the former COO and CISO of Voxiva (now Wellpass), an integrated messaging and patient engagement platform. He has over 10 years’ experience developing and managing cybersecurity programs and supporting regulatory audits. Before working at Voxiva, Elliott held senior positions at AT&T. 

Elliott is also the Co-Founder and President of the Health Care Cloud Coalition, a healthcare compliance advocacy group funded by, amongst others, Microsoft and Apple. He mentors at AccelerateDC Venture Mentoring Service, and is an Adjunct Professor at the Pratt Institute.
Important Issues:
  • The cybersecurity skills shortage will continue to rise.
  • Classifying risk data will become more important than ever.
  • Ransomware-as-a-Service will continue to wreak havoc.
Direction for CSOs and Decision Makers:
  1. Implement security awareness training for all employees monthly.
Breach disclosures on PII will grow in board risk management
Daniel Brett, Founder & CSO - CounterCraft - San Sebastián

As the General Data Protection Regulation (GDPR) becomes enforceable impacting any organization in the world that processes details regarding citizens in the European Union, it is anticipated that many more organizations will begin to take cyber risk management as a serious board-level issue. The resultant discussion and understanding should start to rebalance the question of ownership and emphasis on the blend of people, process and technology required to protect an organization and its assets.

Specifically as required in the GDPR, the role that new and innovative security technologies and approaches could play in improving their cyber risk outcomes should be investigated in a pro-active manner by CISOs. This is likely to lead to enterprise security architectures being refreshed, and new areas and disciplines such as Threat Analysis, Active Cyber Defense and the intelligent use of Defensive Cyber Deception being adopted more fully in larger scale organizations. 

Brief Biography
Daniel is the Chief Strategy Officer and Head of Marketing. He is a specialist in internationalization and B2B sales, and has managed high-level accounts, clients and sales teams worldwide. His business acumen is coupled with a technical background in IT. With over 15 years of experience in the industry, he has been asked to speak as an expert on cybersecurity by international conferences and media outlets such as the BBC.
Important Issues:
  • Determined, persistent cybercriminals will continue to evolve their attack behavior for monetary gain.
  • Too many Apps which have not been created using Security by Design or Privacy by Design principles.
  • Continued growth of sprawling international ICT estates for enterprises with very porous perimeters, and complex supply chains.
Direction for CSOs and Decision Makers:
  1. To be successful continue to focus on the optimal blend of investment in people, process and technology to get better results.
  2. Work with CIOs and CDOs to ensure they are aware of the risks of some of their Digital Transformation assumptions in software & systems.
  3. Start to develop new approaches to intelligent mitigation of threat actors, such as using Deception Technologies and Cyber Counterintelligence.
Enterprises will struggle with the EU General Data Protection Regulation
Salvatore Stolfo, Founder and CTO - Allure Security - Waltham, MA USA

In 2018, we will see U.S.-based companies and multinational corporations increasing budget spend on security operations to prepare for the incoming EU General Data Protection Regulation (GDPR), which goes into effect in May. Inevitably, once the regulation goes into effect, we will see a U.S. corporation that doesn't comply tagged with a steep fine. This will ultimately drive interest in technologies that can track data outside the corporate network and provide real time alerting of data loss, so businesses can improve their response time and comply with GDPR's 72-hour breach disclosure mandate. 

Brief Biography
As professor of Artificial Intelligence at Columbia University since 1979, Dr. Stolfo has spent a career figuring out how people think and how to make computers and systems think like people. Early in his career he realized that the best technology adapts to how humans work, not the other way around. Dr. Stolfo has been granted over 47 patents and has published over 230 papers and books in the areas of parallel computing, AI knowledge-based systems, data mining, computer security and intrusion detection systems. He is the founder and CTO of Allure Security.
Important Issues:
  • GDPR compliance - or face steep fines.
  • Less of a focus on data breach prevention and more focus on detection.
  • Controlling the flow of sensitive data beyond the enterprise network/infrastructure.
Direction for CSOs and Decision Makers:
  1. If you've done nothing to prepare for GDPR, suspend all other ongoing security activities and concentrate on GDPR preparedness 100%. This isn't simple, and will take all of your resources.
  2. Ask for a formal assessment from your company's compliance and legal departments of all potential risk and liability pertaining to GDPR.
  3. Identify and test technologies that can accurately map the flow of documents coming in and out of your organization. Technologies such as beaconization, for example, provide visibility into the geolocation of documents once they leave the firewall.
Enterprises will shift from process-driven to intelligence-driven incident response
Liz Maida, Founder, CEO and CTO - Uplevel Security - New York City, NY USA

Organizations spend countless resources to triage, contain and respond to cybersecurity attacks, but they are throwing away their most valuable asset - the intelligence gathered throughout the incident response lifecycle. This approach is unsustainable. Instead, many organizations will find ways to decrease their reliance on individual vendors and instead leverage their own incident data to streamline and dynamically adjust their response operations. These organizations will embrace intelligent prioritization based on historical data, alert triggers and alert mechanisms. By incorporating their organizational context, they will quickly surface the most critical threats and enable their security teams to quickly and effectively resolve those threats. 

Brief Biography
Liz Maida is co-founder and CEO of Uplevel Security, the industry’s first adaptive system of intelligence that uses graph theory and machine learning to modernize security operations and improve incident response. She was formerly a senior director at Akamai Technologies and served in multiple executive roles focused on technology strategy and new product development. Liz holds a Bachelor of Science in Engineering degree from Princeton University and dual master’s degrees in Computer Science and Engineering Systems from the Massachusetts Institute of Technology.
Direction for CSOs and Decision Makers:
  1. Look for visualization methods that provide actionable insights to extract more intelligence from cybersecurity analytics.
  2. Ditch playbooks in exchange for more dynamic, real-time solutions.
  3. Don't become too reliant on a single vendor and instead find ways to harness and standardize a defense-in-depth approach that creates a more informed and flexible security stack.
IoT security is a concern. Every device is at risk
Fatih Orhan, VP, threat labs - Comodo - Clifton, NJ USA

We need to be as vigilant with these types of devices as we are with PCs and servers. IoT devices and networks should be scanned for viruses and malware and have their firmware and operating systems checked as standard procedure. Security products should aim to protect even sensors. 

Brief Biography
As an IT and security expert, Orhan is currently leading the development of innovative methods and techniques in various Comodo security products. 

Current responsibilities include malware/spam/phishing detection techniques, static and dynamic behavior analysis, reputation systems, content classification and categorization.
Important Issues:
  • Cybercriminals acting as a service.
  • Machine learning and AI.
  • Ransomware.
Smart cars need smart roads… which need smart-secure IT/OT infrastructures
Carlos Solari, VP, cybersecurity services - Comodo - Clifton, NJ USA

Smart cars need smart roads…which need smart-secure IT/OT infrastructures. Seeing, hearing, reading all the buzz and the impressive investment dollars behind the start of smart cars reminds me of when we thought that personal computers were the answer to take on the monolithic mainframe. That was in the 1970s. 

Fast forward to the present, and we now see that they needed an infrastructure - call it the internet in all its manifestations of protocol adoption, ethernet, websites, cloud data centers, mobile devices, etc. Smart cars serve as just one example. Were these PCs and their connections to the internet infrastructure made secure, at the earliest point of the OSI stack and TCP/IP implementations? No. That started late, and it remains in catch-up mode. 

We are at the moment of massive changes coming from robotics, IoT, and yes, even smart cars. They will succeed when they are coupled with smart roads and smart IT/OT infrastructures. That is the prediction. Now to the question. Think we should make them secure…before it’s too late? 

Brief Biography
Current Role: VP, Cybersecurity Services, Comodo in Clifton, NJ. Past Roles: CIO for Mission Secure Inc., security for industrial control systems, White House CIO (2002-2005) guiding the development of IT capabilities with Information Security as a primary concern, FBI IT Executives (1992-1999), VP for Information Security and Quality Programs at Alcatel-Lucent (2006-2010). VP for Information and Cyber Security at CSC leading the transformation to Managed Security Services as the principal program line of business supporting Fortune 500 Companies.
Important Issues:
  • Cybercriminals acting as a service.
  • Machine learning and AI.
  • Ransomware.
Active Directory will Continue to Grow as an Attack Vector
Mickey Bresman, CEO - Semperis - New York, NY USA

In 2017, we saw attackers grow more sophisticated, using new and different ways to compromise businesses through Active Directory. In the ONI attacks, the attackers entered the network through phishing emails, wiped the event and security logs, and eventually compromised the Domain Controllers and Active Directory servers to gain full control over the network. These attacks showed us that malware attacks are no longer just about compromising single systems, they are about finding quicker paths to compromising multiple enterprise applications.

ONI and NotPetya also showed us that it’s no longer clear whether attackers are actually looking to collect ransom or trying to wipe out entire systems. Many organizations that fell victim to NotPetya came to a complete standstill in the aftermath of the attack, resulting in over a billion dollars in losses, so having a Disaster Recovery plan in place is now more important than ever.

As we continue into 2018, Active Directory will continue to grow as an attack vector - whether it’s mining Active Directory for information, compromising user accounts in a path to permissions escalation, or purposefully targeting domain controllers with ransomware (as seen in the ONI attacks). As such, enterprises need to take the necessary steps to ensure that they are protected by auditing their IT environment, educating their employees on cybersecurity best practices and, in case all else fails, making sure they have a Disaster Recovery plan so they can bounce back quickly from any attack.

Brief Biography
Mickey Bresman is the CEO of Semperis and leads the company’s overall strategic vision and implementation. A long-time enterprise software expert, Mickey began his technical career in the Israeli Defense Force Navy computing technical unit over a decade ago. Prior to co-founding Semperis, Mickey was the CTO of a Microsoft gold partner integration company, YouCC Technologies, successfully growing the company’s overall performance year over year. Mickey graduated from Bar-Ilan University with a BA in Technical Management and a Minor in Electronic Engineering.
Government mandated encryption backdoors will hurt global security and privacy
Jeff Hudson, CEO - Venafi - Salt Lake City, UT USA

Simply put: if governments mandate backdoors, cyber criminals will gain access to them and use them to attack. Especially after all of the significant security incidents over that last two years, can we really trust any corporation or government agency to keep sensitive data safe? Secondly, any government that mandates backdoors is no different from the world’s most authoritarian governments. At this moment, citizens in the United States have basic rights to privacy. But, if our government mandates backdoors that protection goes away.

Brief Biography
Jeff Hudson is CEO of Venafi, the market leading cybersecurity company in machine identity protection. A key executive in four previous and successful technology start-ups that have gone public, Jeff has over 25 years of leadership experience in information technology and security management. Jeff has spent a significant portion of his career developing and delivering leading-edge technology solutions for global 5000 organizations and government agencies. He speaks regularly to global audiences at technology and business conferences worldwide and is a frequent contributor to leading business and IT security publications, including The Wall Street Journal, New York Times, Forbes and more.
Important Issues:
  • Protecting machine to machine communications.
  • Make sure cryptography programs can scale.
  • Protecting encrypted tunnels.
Direction for CSOs and Decision Makers:
  1. Protect machine identities with at least the same care used to protect user names and passwords.
  2. You need to be agile enough to automatically change Certificate Authorities, certificates, keys or algorithms in response to specific threats.
  3. Protect and control privileged SSH access.
Least privilege gets a facelift in the world of DevOps
Elizabeth Lawler, Vice President, DevOps Security - CyberArk - Newton, MA USA

Organizations are starting to understand that “identity” hasn’t been completely addressed in the full enterprise stack. There’s no common standard for machine identity, access control and management, or audit across a multiplicity of platform components, and organizations are only as safe as their weakest link. The weak link could be a VM, container or any of the dozens of platform layers that now exist across the network. As these matrixes expand, they become substantially harder to control.

This requires a stronger definition of machine identity in highly automated systems that carry increasingly sensitive data. I predict that in the next year we’ll start to see a meaningful application of the concepts formerly used in human access management applied to machines. By forcing the DevOps team through the thought process of, “Who are you, what are you, what are you asking for?” to machines – including the DevOps environment –organizations can apply security best practices and limit what machines are doing, without compromising operations. This will enable true accountability for the security posture of DevOps environments and the process of continuous delivery of least privilege in DevSecOps can become a reality.

Brief Biography
Elizabeth Lawler is Vice President, DevOps Security at CyberArk. CyberArk, the market leader in Privileged Account Security, secures secrets and machine identities in highly dynamic DevOps environments at scale. Lawler is responsible for CyberArk’s DevOps business strategy and execution.

Prior to CyberArk, Lawler was CEO and co-founder of Conjur, a DevOps security company acquired by CyberArk in May 2017. Lawler has over 20 years of experience working in highly regulated and sensitive data environments. Prior to founding Conjur, Elizabeth was Chief Data Officer of Generation Health and held a leadership position in research at the Department of Veterans Affairs.
The Rise of Software Defined Perimeter Technology
Amit Bareket, CEO & Co-Founder - Perimeter 81 - Tel Aviv, Israel

With the rise of the mobile workforce, increasing popularity of BYOD policies and rapid adoption of cloud-based technology, the world of secure network and remote access is about to transform. Businesses will need to move away from traditional VPN technology and turn to simplified Software-Defined Perimeter (SDP) solutions in order to ensure network and remote access security. 

This is due to the fact that the traditional VPN can no longer meet the needs of the modern workforce. With its costly hardware infrastructure, incompatibility with the cloud, complex distributed management systems, complicated employee client applications and requirement for extensive management and personnel, this technology is no longer a feasible option for many businesses. 

Emerging SDP technology, on the other hand, offers quick, secure and easy segmented and secure network access. The software-based infrastructure of SDP services allows for seamless integration with major cloud providers, automatic network deployment and easy installation and management. Moreover, the flexibility of this technology enables instant updates and upgrades, highly advanced network monitoring capabilities, and savings of hundreds of thousands of dollars every year.

With the demands of the modern and distributed workforce, the world of secure network access is headed towards a great shift, and Software-Defined technology will be a the forefront.

Brief Biography
Amit Bareket is the Founder and CEO of Perimeter 81, a new SDP service powered by SaferVPN. Amit is a cybersecurity expert with extensive experience in system architecture and software development. He is the author of 7 patents issued by the USPTO for storage, mobile applications and user interface. Prior to SaferVPN, Amit worked as a Software Engineer for major enterprises including IBM XIV Storage and BigBand Networks. He graduated Cum Laude with a B.Sc. in Computer Science and Economics from Tel Aviv University and served in the Israel Defense Force's elite intelligence unit.
Important Issues:
  • Network Security.
  • Cloud Security.
  • Wi-Fi Security.
Direction for CSOs and Decision Makers:
  1. Simplify Your Network Security with Software-Defined Technology.
  2. Embrace the Rise of Flexible BYOD Policies with Services.
  3. Transform Your Cloud Security with Native API Integration.
Credential-based attacks and exploitation will accelerate and dominate in 2018
Lavi Lazarovitz, Security Researcher Team Lead - CyberArk - Petach-Tikva, Israel

In the past year, organizations continued to struggle to address cyber security risks created in the wake of rapid technology adoption, and the challenge most organizations face is that today’s technologies often lack the security of more mature technologies. This has opened organizations to attacks targeting privileged credentials. In the coming year will see increased use of automation and expanding hybrid cloud and DevOps environments that will create fertile ground for attackers based on a growing variety of privileged credentials associated with human and non-human users. 

Based on its research, CyberArk Labs believes that credential-based attacks and exploitation will accelerate and dominate the threat landscape in 2018, including:

Attackers Hide Behind Machine Identities – By stealing machine identities, attackers can keep a lower profile on the network while using related credentials to control processes and even security policies. 

Key Chaos Leads to Unintended Consequences – The prevalence of SSH keys to access cloud resources and the lack of adoption of PKI for DevOps environments are leading contributors to key chaos. Security teams must improve oversight and management to avoid these keys becoming easy targets for attackers. 

Security as a Target: Authentication in Attackers’ Crosshairs – Consolidation of identity means more opportunity for lateral movement across services, and a compromise of the authentication service may lead to a total loss of the identity. Current authentications methods such as two-factor and single sign-on must adapt to protect against emerging threat vectors, or become targets themselves.

Brief Biography
Lavi leads a team of security researchers at CyberArk who do, think, write and code cyber security. Working alongside this team, he studies the methods and tactics employed by hackers to penetrate and exploit organizational networks and is responsible for devising effective detection and mitigation techniques to thwart cyber attacks. Prior to CyberArk, Lavi led a professional services team of web security engineers at Fireblade. He served in the Israeli Air Force for 11 years as a pilot and also as an intelligence officer.
Security product become smarter than ever
Yusen Chen, CEO - Chaitin Tech - Beijing, China

With the complexity and diversification of security issues, the gap in security talents is constantly expanding. In current environment, security products that require complex configuration to use are often unable to maximize their effectiveness due to a lack of security staff. With the development of technology such as AI, we hope that the security products can become more intelligent so that they can release manpower maximally and make security more efficient. More intelligent security products make business safer.

Brief Biography
Recommended student for admission to Zhejiang University, visiting scholar of Northwest University. Chen is the youngest entrepreneurs of B2B cyber security industry in China, who named a 30 Under 30 list by Forbes in 2017.
From very beginning of student hood, Chen was ambitious in network attack and defense competitions. His team achieved all top 3 prizes worldwide, such as DEFCON CTF, Pwn2Own, China Network Security Competition, Capital Network Information Security Competition and etc.
• 2015 Attend US Black Hat Conference as keynote speaker
• 2017 Qcon Security Forum Host
• 2017 30 Under 30 Asia: Enterprise Technology by Forbes.
Important Issues:
  • Application Security.
  • Business Security.
  • Data security.
Direction for CSOs and Decision Makers:
  1. Rational planning, complete the construction of security foundation under the limited budget.
  2. Use smart security solutions to liberate labor.
  3. Consider using AI for products of security company.
The Crash of Crypto-Currencies
Dodi Glenn, Vice President of Cyber Security - PC Pitstop - Sioux City, Iowa, USA

Crypto-currencies, like Bitcoin, will continue to be talked about, and more consumers will jump on the bandwagon. Unfortunately, I predict more malware will be written to target the crypto-currency wallets, robbing consumers of hard earned money. I also believe we will see a crypto-currency crash, where the value will no longer be as high as it was in 2017. Currently 1 Bitcoin is valued at 10,529 US Dollars, however, I expect it to go below 5,000 USD before 2018 is over. The value of bitcoin has already dropped significantly over the last 30 days. Just a month ago, one bitcoin was valued at just over $19,000 US Dollars.

Brief Biography
Dodi Glenn has over 13 years of experience working in the cyber security industry. As the Vice President of Cyber Security at PC Pitstop and a Board Member for the Anti-Malware Testing Standard Organization (AMTSO), Dodi is well armed in assessing security risk from malware, managing targeted attacks, and creating defenses for virus and ransomware intrusionss.
Important Issues:
  • Data Breaches.
  • Ransomware.
  • IoT Device Security.
Direction for CSOs and Decision Makers:
  1. Implement a default deny approach.
  2. Ensure programs and operating systems are updated timely.
  3. Conduct cyber security training with your employees. Each and every one of them.
Governments will begin issuing security regulations on IoT device manufacturers
Ofer Amitai, CEO - Portnox - Walnut, CA USA

While regulations governing IoT security features are beginning to be drafted, there is still not enough demand from the consumer side to warrant manufacturer’s investments in security features. This begs a major question in 2018 of whether governments, in similar fashion to the US and EU, will begin issuing security regulations on IoT device manufacturers that protect consumers and companies from digital (and even physical) risk. Therefore, together with GDPR and other compliance regulations, in 2018 we are likely to see more governments and industry authorities (such as NIST) stepping up to enforce privacy, safety and security regulations on IoT manufacturers. This also may result in an increase in the price of IoT devices, which, up until this point have been relatively low, as manufacturers struggle to carry out reverse compliance initiatives that come into effect.

Brief Biography
As CEO and co-founder of Portnox, Ofer is responsible for the day-to-day operations for setting the strategic direction at Portnox. Ofer has over 20 years experience in network security, from establishing the first IT security team in the Israeli Air Force to managing the security division at Xpert Integrated Systems to being Microsoft Regional Director of Security, Ofer is a proven innovator and thought leader in network security. Mr. Amitai holds a B.Sc. in Computer Sciences.
Important Issues:
  • Blockchain and the hacking of applications.
  • Mobility of the workforce.
  • Automation.
Direction for CSOs and Decision Makers:
  1. Prepare for DDoS and Ransomware to join forces.
  2. Invest in more endpoint, network and cloud security solutions to accommodate the mobile workforce.
  3. Pay close attention to personal BYOD and IoT devices, particularly in light of the Meltdown and Spectre vulnerabilities.
‘Hacking back’ policy will be an increasing concern
Richard Henderson, Global Security Strategist - Absolute - Vancouver, British Columbia, Canada

I am concerned about recent efforts to make it legal for organizations to ‘hack back’ against attacks on their infrastructure.Two members of the U.S. House of Representatives introduced a bill earlier this year that allows victims to hack their hackers. The trouble is, we already know that real, definitive attribution is incredibly difficult. So, how can we ever be sure that we’re attacking the real source of an attack? What will happen when the source of an attack is another company that suffered its own breach and is being used as an intermediary? Will that company then be forced to “hack back” the hacking hackers? The situation could quickly devolve into chaos if organizations are allowed to build red teams with the sole purpose of going on the offensive.

Brief Biography
Richard Henderson is the global security strategist at Absolute, where he is responsible for spotting trends, watching industries and creating ideas. He has nearly two decades of experience and involvement in the global hacker community and discovering new trends and activities in the cyber underground. He is a researcher and regular presenter at conferences, a skilled electronics hacker, and has instructed students at DefCon. Richard is also currently co-authoring the second edition of Cybersecurity for Industrial Control Systemss.
Important Issues:
  • Endpoint visibility and control to boost detection and response.
  • GDPR compliance.
  • Mobile and IoT ransomware.
Direction for CSOs and Decision Makers:
  1. Take General Data Protection Regulation (GDPR) seriously and prepare accordingly.
  2. Move away from knowledge-based questions and embrace new methods to authenticate customers to prevent financial and identity theft.
  3. Put a significant share of your security dollars toward endpoint detection and response (EDR) technologies to mitigate malicious and non-malicious insider threats.
The CISO will be reborn and rebranded
Stephen Moore, VP and Chief Security Strategist - Exabeam - Beijing, Indianapolis, Indiana, USA

Since its initial inception, a CISO’s true role has been a topic of hot debate. Are they organizational influencers and C-suite members or just sacrificial lambs in the event of a security breach? Recent trends show that fewer CISOs are reporting directly to the CIO, and are instead acting more independently and strategically within their organization. A key driver of this could be that cybersecurity is now on the boardroom agenda in its own right, instead of falling under “general IT issues.” As a result, many CISOs are spearheading security messaging as part of organizational strategy instead of CIOs or CTOs, who previously handled such communications.

Brief Biography
Stephen Moore is the VP and chief security strategist at Exabeam, the leader in security intelligence platforms. His main focus is driving solutions for threat detection and response, and advising customers in breach management and program development. Prior to Exabeam, Stephen spent more than seven years at Anthem in a number of cyber security practitioner and leadership roles. Most recently, he served as staff vice president of cyber security analytics, playing a leading role in the response and remediation of Anthem’s infamous 2015 data breachs.
Important Issues:
  • Cyber incident response & orchestration.
  • Cloud Visibility.
  • Device Analytics for IOT, Energy, and medical devices.
Direction for CSOs and Decision Makers:
  1. Be friendly and follow the money: Prepare for security data to drive key decisions within the sales, legal, and marketing teams. This will interestingly drive board relevance.
  2. Focus on results-based measurements: Focus on metrics that represent real risk and effort, rather than “shock and awe” reporting, to move the internal security conversation forward in a meaningful way.
  3. Your paper IR plan is quietly terrible. It fails to represent the scope and pressures of a breach. At minimum, automate the repeatable technical steps, get friendly with your internal allies, and have solutions that can build incident timelines.
Accessible and secure data management will be a growing concern
Chris Byers, CEO - Formstack - Indianapolis, IN USA

The Healthcare Information and Management Systems Society (HIMSS) recently issued a call to action for the nation’s health sector. Aimed at encouraging health policy changes, the document—titled “Achieve Nationwide, Ubiquitous, Secure Electronic Exchange of Health Information”—calls for interoperability with a focus on accessible and secure data exchange. To answer this call, the healthcare community will take a step forward and implement protocols, care approaches, and trusted exchange frameworks that improve the consistency, accessibility, and security of electronic health information exchange.

Brief Biography
Chris Byers is the CEO of Formstack, an Indianapolis-based company offering an online form and data-collection platform. Prior to Formstack, Byers co-founded an international nonprofit that was built via remote relationships among partners in Europe, Africa, and the United Statess.
Important Issues:
  • Data management.
  • User experience.
  • Automated workflows/processes.
Direction for CSOs and Decision Makers:
  1. Make data accessible yet secure.
  2. Always consider the user experience.
  3. Automate workflows whenever possible.
Malware will invade hardware at an increasing rate
Giovanni Vigna, Co-founder and CTO - Lastline - Redwood City, CA USA

With the proper skills and access, a cybercriminal can tamper with virtually anything that has non-volatile, writeable storage, and render it inoperable—or even malicious. Since most malware detection products can't identify malware that has found its way into hardware, we expect to see hackers increasingly turn to this type of attack during 2018. 

Most malware takes root in applications and operating systems. However, we’ve recently seen an increased amount of malware that attacks the firmware and memory of hardware devices like disk controllers, network and graphic cards, fingerprint sensors, and computer cameras. For example, we witnessed malicious firmware in 26 Android devices and a fake Apple firmware patch that was full of malware. In another instance, according to The Register, earlier this year at least 10 industrial plants running Siemens equipment, seven of which were in the United States, had their logic controllers infected with malware. 

The point here is not that it was industrial infrastructure that was targeted, but that it was the hardware in the logic controllers that was compromised, and that can happen in virtually any industry.

Brief Biography
Giovanni Vigna leads technology innovation at Lastline. He has been researching and developing security technology for 20+ years, working on malware analysis, web security, vulnerability assessment, and intrusion detection. He's a Professor of Computer Science and director of the Center for CyberSecurity at the University of California, Santa Barbara. He's authored 200+ publications, peer-reviewed papers, conferences, and books. He's known for organizing and running an annual inter-university Capture The Flag (iCTF) hacking contest that involves hundreds of students around the world. He also leads the Shellphish hacking team, which is the longest-running team playing at DefCon's CTFs.
Forget Passwords: Biometrics Are Transforming the Authentication Process in 2018
Robert Weideman, Executive Vice President & GM, Nuance Enterprise Division - Nuance Communications - Sunnyvale, CA USA

2017 was a record year for hacks of personal customer details. These breaches give fraudsters access to our identities including the answers to those annoying security questions. One thing the fraudsters can’t do much with? Voice biometrics “voiceprints.” And that is why banks, telcos and many other companies are increasingly replacing passwords, PINS and security questions with biometrics. 

With a few words of speech, voice biometrics can confirm you are who you say you are at accuracy and security levels better than pins, passwords and security questions. And it knows how to detect recordings from real, live speech – rendering the data useless to fraudsters in the case of a breach. In addition to voice biometrics, facial recognition and behavioral biometrics can.

Brief Biography
Robert Weideman is the executive vice president and general manager of the Nuance Enterprise Division, responsible for customer self-service solutions that are used by organizations to optimize the customer care experience. With Nuance, he serves as the general manager for Dragon and Imaging products and SVP of international marketing in EMEA. Previously he served as chief marketing officer for ScanSoft, and vice president of marketing for the Adobe Systems' portfolio company Cardiff Software from 1999-2001, performing an instrumental role in establishing the W3C XForms XML standard. He has also held senior marketing roles at TGS.com and Computer Associates.
Important Issues:
  • Multimodal biometric security.
  • Mobile and IoT Authentication.
  • Virtual/Mobile Payment Security.
Direction for CSOs and Decision Makers:
  1. The trend in authentication and security is to make it less invasive to the individual, not more. Great examples of this are voice biometrics that authenticate us as we speak and behavioral biometrics as we type, tap and swipe on our devices.
  2. Virtually all security should be biometric based, as it’s the most convenient and secure method to reliably validate who we are (as consumers, citizens and employees).
  3. For high-security use-cases, more than one biometrics credential should be required – a multifactor approach that combines voice with facial or behavioral biometrics.
API security will become a business use-case
Jason Macy, Chief Technology Officer - Forum Systems - Needham, MA USA

From IoT to mobile and cloud, APIs underlie the modern computing infrastructure. While OWASP’s inclusion of ‘Underprotected APIs’ in the OWASP Top 10 – 2017 RC1 list helped to elevate the criticality of API security, the Wishbone hack, the Instagram vulnerability and the Circle with Disney web filter API Management flaw demonstrated that organizations continue to provide services and integration via APIs that are susceptible to compromise and malicious access. The explosive proliferation of APIs will continue in 2018, and the loss of data and impact to reputation will spur organizations to (finally) carve out a meaningful portion of security spending for protecting APIs.

Brief Biography
Jason Macy is the Chief Technical Officer responsible for innovation and product strategy for global operations. Jason has been a leading visionary for enterprise architecture design and successful deployment of API identity and security technology. With hundreds of deployments worldwide, Jason’s unique ability to pragmatically solve complex, industry use cases and provide sustained engineering initiatives continues to forge the leadership role of Forum Systems product technology. Drawing from experience from virtually every industry sector, Jason has helped to evolve the product technology platform to be the global leader in FIPS 140-2 API security and identity.
Important Issues:
  • Organizations continue to provide services and integration via APIs that are susceptible to compromise and malicious access. The proliferation of APIs will continue in 2018, as will organizations' loss of data and damage to their reputation.
  • As the trend toward identity consolidation and centralized Identity and Access Management (IAM) continues, the false sense of security around IAM platforms will result in high-profile hacking of enforcement points.
Direction for CSOs and Decision Makers:
  1. From IoT to mobile and cloud, APIs underlie the modern computing infrastructure. Don't be the next victim; carve out a portion of security spending for protecting APIs.
  2. IAM tools are not security tools. Couple your IAM solution with hardened cybersecurity capabilities, such as API Security Gateway technology, for a trusted identity infrastructure.
'Device Kidnapping' will compromise IoT devices on a large scale
Thomas Fischer, Global Security Advocate - Digital Guardian - Waltham, Massachusetts, USA

The Internet of Things – consumer, medical or manufacturing – is a Pandora’s box, resisting containment or conservatism. As with any innovation, convenience often trumps security – a truth borne out by researchers compromising everything from cars to pacemakers. While these compromises are interesting academic experiments, there is a confluence of conditions that could portend a more concerning potential. Looking at vulnerabilities in IoT access and management that have already been disclosed, and putting them in the context of other attack trends and events, there is a picture of motive and opportunity for widespread ransoming of IoT devices: 

•IoT ransomware is fundamentally different from the computer and laptop paradigm, but no less dangerous. While ransomware is easier to reverse on such devices, timely and critical attacks will eliminate that advantage and victims, unable to counter the effects of the ransomware, will be more willing to pay the ransom (e.g., ransoming pacemakers or infusion pumps shortly after surgery, or hacking cars while traveling in harsh climates).

•The criminal underground is awash in PII in 2017 – credentials as well as a wealth of information to affect account hijackings – making such attacks in 2018 much more likely.

•Recent attacks on low level protocols, like KRACK, compromise networking foundations. 

•Ransomware remains very popular, even in the wake of post-WannaCry protections, with criminals also moving “downstream” to target schools, hospitals and other organizations, making them the perfect target for IoT ransomware attacks in 2018.

Brief Biography
Thomas Fischer is global security advocate at Digital Guardian. Based out of the company’s EMEA headquarters in London, Thomas plays a lead role in advising customers while investigating malicious activity and analyzing threats. He’s a strong advocate of knowledge sharing and mentoring in the infosec community and serves as the director of Security BSides London and as a chapter board member of ISSA UK.
Critical Infrastructure Insecurity Will Manifest Itself
Galina Antova, Co-founder and Chief Business Development Officer - Claroty - New York, NY USA

Organizations are nowhere near as ready to combat critical infrastructure threats and will realize many (unfortunate) truths: they don’t have a clear understanding of what assets they own; proper industrial network cybersecurity hygiene is much harder to achieve than in IT networks; air-gapping is a fallacy; and organizations don’t possess the necessary personnel skills, their teams aren’t talking to one another and they aren’t currently monitoring their networks the way they should.

Brief Biography
Galina Antova is the Co-founder & Chief Business Development Officer at Claroty. Prior to co-founding Claroty, she was the Global Head of Industrial Security Services at Siemens overseeing development of its portfolio of services that protect industrial customers against cyber attacks. While at Siemens, she was also responsible for leading the Cyber Security Practice and Cyber Security Operations Center providing managed security services for industrial control systems operators. Previously, Galina was with IBM Canada in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from IMD in Switzerlands.
Important Issues:
  • Nation-states will conduct more critical infrastructure probing.
  • Ransomware will spillover (again); expect disruption.
  • Boards will demand insights on critical infrastructure security and finally empower action.
The EU will impose a billion dollar GDPR violation penalty
Ameesh Divatia, Co-founder and CEO - Baffle - Santa Clara, CA USA

The European Union’s General Data Protection Regulation (GDPR) that comes into effect on May 25th, 2018 is a game-changer because it imposes penalties associated with a failure to report data breaches, that are, a percentage of the violators revenue.  My prediction is that, in 2018, the EU will identify a violation and impose a meaningful penalty in order to make it a poster child for things to come.  While the penalty will be challenged, this will force a change of behavior among data collectors (companies that use their customer’s data for their business purposes) to be mindful of what they store.  In addition, it will bring a significant focus on protecting data that is in their possession and adopt security principles that protect data at the record level at all times – at rest, in transit and in use.  This new paradigm will enable the ability to maintain control of that data with the data collector only irrespective of where the data is stored or processed – something that cloud infrastructure providers love because it puts the burden of data protection on their customer as required in their shared responsibility model.  US regulators are not too far behind to impose similar penalties when sensitive information of their constituents is compromised.  In short, data management as we know it, is about to enter a whole new era in 2018!

Brief Biography
Ameesh Divatia is Co-founder and CEO of Baffle, Inc., with a proven track record of turning innovative ideas into successful businesses.
Core internet protocols and standards (e.g. TCP/IP) will be exploited
Leonardo Cooper, CEO - Vault One - Houston, TX USA

As technology evolves we find ourselves relying in all these older protocols and standards to communicate and operate. For instance, TCP/IP was first proposed in 1974, and it is a flawed protocol waiting for someone to exploit it.

Brief Biography
Leonardo Cooper is the CEO & Founder of Vault One (vaultone.com), a cybersecurity platform for enterprises which secures privileged identity through the power of Artificial Intelligence and Blockchains.
Important Issues:
  • Privileged Identity Management.
  • File-less Malwares.
  • IoT Security.
Direction for CSOs and Decision Makers:
  1. Adopt a Privileged Information Management and Access Solution.
  2. Think Beyond the Firewall.
  3. Deploy Disaster Recovery Solutions.
Inside threat in conjunction with social engineering as new threat
Yossi Appleboum, CEO - Sepio Systems - Gaithersburg, MD USA

We have started to witness socially engineered trusted employees, acting as "guided cyber weapons" uses for data theft and sabotage. The challenge with this emerging attack method is that it is impossible to find and prevent before damage is done. In several cases, we have witnessed a long term data leakage as well as attacks that sabotaged the normal operation of organizations.

Brief Biography
With more than 25 years of experience, Mr. Appleboum brings a broad vision on Cyber Security. In 1992, Mr. Appleboum joined the Israeli Army Intelligence (unit 8200) and served as Chief Architect. In 1998, Mr. Appleboum co-founded WebSilicon which focused on delivering security systems. In 2013, WebSilicon was acquired by Magal and Mr. Appleboum appointed as the CTO of Senstar, Magal’s US division. In 2016, Mr. Appleboum co-founded Sepio Systems, a Cyber Security startup company that brings a new approach for defending supply chains against cyber-attacks. Mr. Appleboum serves as the Co-CEO of the company, responsible for North American operationss.
The CISO role will become more critical
Gary Hayslip, Chief Information Security Officer - Webroot -San Diego, CA USA

Over the next year the CISO position will become more critical to businesses and move out of the CIO’s shadow. Eventually I predict that the CISO role will become mandated for all organizations that are doing business with the Federal Government. This may not happen in 2018, but I think we will see momentum towards this type of regulation.

Brief Biography
Gary Hayslip is responsible for the development and implementation of all information security strategies, including Webroot’s security standards, procedures, and internal controls. Hayslip also contributes to product strategy to guide the efficacy of the Webroot security portfolio. Previously, Hayslip was CISO of the City of San Diego, and held various infosec roles with the U.S. Navy (Active Duty) and U.S. Federal Government. In these positions, he founded security programs, audited large disparate networks, and consolidated legacy infrastructure into converged virtualized datacenters. Hayslip co-authored “CISO Desk Reference Guide: A Practical Guide for CISOs” focused on enabling CISOs to expand their expertises.
Important Issues:
  • Malware will leverage artificial intelligence.
  • There will be increased legislation around IoT devices.
  • Consumer’s lack of privacy will gain attention.
The endpoint will become the building block of modern network
Tomer Weingarten, CEO, Co-Founder - SentinelOne, Inc. - Mountain View, CA USA

As the mobile workforce continues to embrace public SaaS applications and cloud workloads, the “standard” company network perimeter will continue to dissolve. This will require companies to continuously map their assets, both inside and outside the firewall, to discover, understand, and reduce the organization’s attack surface and risk. The endpoint, as the exclusive device to allow access to content and data – will become the building block of the modern network.

Brief Biography
omer co-founded SentinelOne in 2013. He is responsible for the company’s direction, products, and services strategy. Before SentinelOne, Tomer led product development and strategy for the Toluna Group as a VP of Products. Prior to that he held several application security and consulting roles at various enterprises, and was CTO at Carambola Media.
Important Issues:
  • Enterprise IOT as a new threat vector.
  • Crypto-miners and more heists.
  • File-less attacks will continue to rise in popularity and effectiveness.
Direction for CSOs and Decision Makers:
  1. Rethink their traditional approach to cybersecurity and progress alongside a rapidly evolving threat landscape.
  2. Don't think about security as something you ‘apply’ to a network. Your network cannot exist or be operational without security defining it.
  3. Consider the easy button – products that can fill the skill gap and integrate well with other products in the defense lines, by all means – automation, APIs, and workflows.
Securing critical SAP systems goes mainstream for all SAP customers
Joris van de Vis, Co-founder - ERP-SEC - Wageningen, Netherlands

More and more SAP running organisations will become aware that securing their mission-critical systems can no longer be ignored. And if they were already aware, more affordabe solutions will hit the market to help them get insight and mitigate issues in an automated way.

The impact of all this is that much more customers (not just the big ones) will run their mission critical SAP systems in a more secure way.

Brief Biography
Joris knows his stuff in the security field of SAP. His specific interest lies in SAP platform security. He likes helping customers to secure their SAP systems and doing SAP security research. 

He reported 75+ vulnerabilities to the SAP Security team and regularly presents on the topic of SAP security at Security conferences. He was invited twice to present on SAP's internal security summit as well. Joris has got 17+ years of experience working for large SAP running companies and government departments. Joris is co-founder of ERP-SEC, a SAP security focused company based in the Netherlands.
Important Issues:
  • SAP platform security.
  • SAP Security in relation to the EU GDPR.
Direction for CSOs and Decision Makers:
  1. Secure your SAP platform on a structural base and automate it.
2018 is the year of more sophisticated mobile attacks
David Vergara, Head of Global Product Marketing - VASCO Data Security -Chicago, IL USA

2018 will be the year we see even more sophisticated mobile attacks, including iterations of overlay, which are constantly evolving to effectively steal and monetize personal information. There will be a greater need for centralized mobile app security reporting – businesses need to know the types and frequency of attacks taking place on mobile apps to prioritize and better manage threats.

Brief Biography
David is the Head of Global Product Marketing at VASCO and has over 10 years of experience in the software security space. Prior to VASCO, he was VP Marketing for Accertify (An American Express Company) leading go-to-market strategy for their online fraud detection solution and he was Sr. Director Product Marketing at IBM with Product Marketing responsibility for the advanced and predictive analytics portfolio.
Important Issues:
  • Mobile attacks.
  • The rise in synthetic identity fraud.
Account takeover (ATO): the biggest threat to consumers and businesses
Ryan Wilk, Vice President, Delivery - Customer Success - NuData Security, Inc., A Mastercard Company - Vancouver, British Columbia, Canada

Fraudsters and organized criminals are increasingly adept at leveraging a company’s valuable data for ransomware and other types of attacks, and there’s a major upswing in the use of that data for account takeover (ATO) in particular.

In 2018, ATO will continue to be one of the largest and most rapidly growing threats – especially with so much personally identifiable information (PII) now in the wild due to mega breaches. In addition to using ATO for fraudulent credit card purchases, bad actors are also increasingly stealing stored value such as rewards dollars, points, software keys, or even tickets stored in an account – all without ever actually generating a credit card event. This type of fraud goes undetected until a legitimate customer complains about the mysterious disappearance of their rewards.

When institutions and retailers only monitor the outcome of purchases, they inadvertently leave themselves and their consumers open to another, largely unconsidered, world of theft they have no visibility into – and that can cost millions of dollars in losses.

Organizations need intelligent, real-time security capabilities that evaluate the user’s behavior throughout the session to flag any suspicious conduct within their online environment. Passive behavioral layers are showing near 100% accuracy in detecting anomalous activities during a session, including the rewards functionality.

With this technology implemented into the multi-layered strategy, even if a would-be fraudster attempts to log in with valid credentials, deviations from the legitimate user’s typical behavior patterns will trigger intelligent friction and thwart the attempted theft.

Brief Biography
Ryan Wilk ensures the success of NuData customers across the partnership. Ryan has extensive knowledge of eCommerce, eCommerce risk prevention, payment systems, and ticketing systems. He specializes in project management, systems integration, cost savings, and analytics. He was previously Manager of Trust and Safety at StubHub (an eBay company), managing the order review team and overseeing the operation/optimization of fraud management tools. Ryan previously established and implemented the eCommerce Loss Prevention teams for Universal Orlando Resort and Universal Studios Hollywood. He also founded and chaired the Merchant Risk Council’s Ticket Affinity Group and created the Theme Park Round Table.
Important Issues:
  • Securing the online space with integrated layers that look at the device as well as at the human.
Direction for CSOs and Decision Makers:
  1. Implement multi-layered technologies that include passive biometrics to evaluate the human behavior in the online environment.
Container adoption accelerates the need for container security
Matt Alderman, Chief Strategy and Marketing Officer - Layered Insight - Denver, CO USA

Business Innovation and Digital Transformation are changing the pace and scale at which applications are being developed. To stay agile, application development is employing new processes, such as DevOps, and new technologies, such as containers. Now, organizations are putting these next-generation, containerized applications into production without a true understanding of the security impacts.

Containers are unique, as they do not contain an operating system. Thus, traditional security solutions do not address the security concerns of containers. As DevOps teams get ready to deploy these next-generation, containerized applications, security will not have the security solutions required to protect them. This will mean either: 1) deployment of these applications will slow down, thus slowing down digital transformation, or 2) these applications will be deployed into production without any security protections.

Neither outcome is good for the organizations. This means security teams will scramble to look for solutions, thus accelerating the adoption of container security.

Brief Biography
An information security, compliance, and risk veteran with 20+ years of experience, Matt is the Chief Strategy & Marketing Officer at Layered Insight. Prior to Layered Insight, Matt is an advisor to various security start-ups and the former VP of Strategy at Tenable, where he developed long-term strategies for both application and container security, including the acquisition of FlawCheck. Matt is also a co-host on Security Weekly, a weekly security video podcast, and has published various blogs and articles on security. Matt holds a MS in Computer Engineering from Case Western Reserve University and is a CISSP.
Important Issues:
  • Container Security.
  • Applications Security.
  • Data Security.
Direction for CSOs and Decision Makers:
  1. Unify DevOps and SecOps by embedding security into the next-generation, containerized applications.
  2. Simplify your IT infrastructure by embracing cloud computing.
  3. The perimeter is vanishing, embrace the mobile revolution.
More security & tighter regulation
Victor Fredung, CEO and Co-founder - Zensed - Ängelholm, Ängelholm, Sweden

Due to the recent security breaches that has been plaguing online businesses and especially in the cryptocurrency market I believe that new and reliable security measures need to be in place. Fraud is also seeing an increasement in ecommerce businesses and sophisticated fraudsters are finding new ways to fool the systems. Applying Artificial Intelligence and biometrics verification is definitely helping to some extent but a way to have a sustainable balance needs to be figured out.

Brief Biography
Victor Fredung is a well known name in the InfoSec area. He has worked and are currently working with top companies in the market and has a well known reputation for predicting newest trends in the mentioned markets. He started out operating high risk gateways and learned at an early stage what harm fraud can do to online businessess. He has since then devoted his time and effort to successfully bringing new and innovative technologies like Zensed to the market.
Important Issues:
  • Security breaches.
  • Regulations.
  • KYC.
Direction for CSOs and Decision Makers:
  1. Look at new technology.
  2. Find a good balance.
  3. Have a good customer experience.
State-sponsored cyber attacks are the new, preferred method of warfare
Carson Sweet, Co-founder and Chief Technology Officer - CloudPassage - San Francisco, CA USA

Put simply, cyber is the new battleground for cross-state conflict. There are a few reasons that this situation has evolved to the point that seeing attacks on U.S. infrastructure will happen in the near future - growing dependence on technology, growing challenges in protecting technology, and the attractiveness of cyber warfare. These issues have existed for years, but they're independently hitting critical mass while at the same time converging into a "perfect storm" situation.

Brief Biography
Carson Sweet is co-founder and chief technology officer for CloudPassage. Carson led the team that created Halo, the patented security platform that changes the way enterprises achieve infrastructure protection and compliance. Carson’s information security career spans three decades and includes a broad range of entrepreneurial, management and hands-on technology experience. Carson and his teams have created groundbreaking security solutions across a range of industries and public sectors, with heavy focus on financial services, federal government, and high-tech. Carson focuses on long-term product, technology, and business strategy as CloudPassage expands market share through existing and emerging cloud security solutions.
Adopting a DevSecOps process unites development, security and operations teams
Setu Kulkarni, Vice President, Product & Corporate Strategy - WhiteHat Security -Santa Clara, CA USA

If you haven’t already planned your shortlist of security must haves this year, you may find yourself on the reactive side. In 2018, we’ve already seen an attack at the Winter Olympics and we expect the industry will continue to see breaches occur at a massive scale.

The main reason is that organizations on the whole still aren’t investing enough time and energy into security. The web application layer is the single highest point of entry when it comes to breaches, yet we continue to focus more on firewalls and antivirus software. In addition, to keep up with consumer demand, we also want to release code as fast as we can. The faster we release code, the faster we release vulnerabilities as well, which means attackers have ample opportunities to pull off a big breach.

WhiteHat predicts that more and more companies will begin to adopt the DevSecOps process and bring the Development, Security and Operations teams together. This process is working with companies and we know it reduces both the number of vulnerabilities introduced, and the time required to fix those vulnerabilities. By combining efforts and teams with one mission of fast, secure, and stable code we can eliminate competing priorities which hinder secure releases. 

We predict there will be many more cutting-edge companies move in this direction, with the slower moving organizations to follow in the coming years.

Brief Biography
Setu joined WhiteHat in 2016 and is responsible for product vision, strategy, and direction. Previously, he led product management and strategy for an operational intelligence product portfolio, a variety of strategic and operational initiatives for TIBCO Inc. His expertise includes building an SOA platform for integration and BPM businesses, a business launch platform for cloud business, mainstreaming the LogLogic acquisition and developing a next-gen ITOA offering. Setu has held engineering and pre-sales roles in India and Europe working for NDS, Infosys, Adobe, and TIBCO. He earned a degree in computer science and engineering from Visvesvaraya Technological University, India.
Important Issues:
  • Integrating Sec into DevOps.
  • Securing web apps, APIs, microservices, single page applications.
  • Leveraging AI and machine learning.
Direction for CSOs and Decision Makers:
  1. Make a culture shift to integrate Security early in the SDLC.
  2. Move AppSec higher on your overall cybersecurity agenda.
  3. Close the Security knowledge gap with Training & Certification.