Monday, 26 September 2022 | Operationalizing MITRE ATT&CK to Achieve Threat-Informed Defense

13:00 - 14:30 (GMT+8) I Earn 1.5 CPE Credits

The MITRE ATT&CK^® knowledgebase has expanded to more than 600 tactics, techniques, and procedures. It’s crucial information but making use of it can be overwhelming for even advanced cyber defenders.

During this interactive webinar, MITRE veteran Richard Struse, Chief Technology Officer at Tidal Cyber, will discuss how MITRE ATT&CK can be operationalized to help organizations achieve a proactive cybersecurity posture by implementing threat-informed defense, empowering them to go beyond patching vulnerabilities.

Join us live online and learn:

• The fundamentals of threat-informed defense and its applications
• The benefits and limitations of MITRE ATT&CK
• How to develop a threat-informed defense strategy

Moderator: Victor Yeo, CISSP, Regional Director/GM (Int. Gov - Singapore), BAE Systems Digital Intelligence

Richard Struse, Chief Technology Officer, Tidal Cyber

Richard is Chief Technology Officer at Tidal Cyber. Previously, he co-founded and served as the Director of the Center for Threat-Informed Defense at MITRE Engenuity. He also served as chief strategist for Cyber Threat Intelligence at The MITRE Corporation, leading the effort to improve cyber defense by better understanding adversary tactics and techniques. Rich founded and co-chaired the Cyber Threat Intelligence Technical Committee within OASIS, an international standards development organization.

Prior to joining MITRE, Richard served as Chief Advanced Technology Officer for the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC). He is the creator of the STIX and TAXII automated information sharing initiatives, widely adopted across the public and private sectors.

December 5, 2022

1:00 p.m. SGT I Earn 1.5 CPE Credits

Speaker and session description coming soon!

Monday, May 16, 2022 | Enabling Cybersecurity Resilience with Zero Trust Solutions

1:00 p.m. SGT (GMT+8) I Earn 1.5 CPE Credits

Purchase Recording

As organizations transform into becoming Cloud-First, they have the opportunity to re-engineer their cybersecurity defenses. Firewall technology and web application defenses have proved defenseless against attackers and the onset of ransomware. Cloud-native applications and their supporting architectures (e.g., microservices, containers, and orchestration) require more security. Both Machine and human user identities must protect at an even higher level of assurance.

Making Zero Trust a practical reality for organizations today requires strategic governance and oversight and security engineering knowledge and implementation skill. In this presentation, we examine the principles of Zero Trust and how they can be applied to defend identities and data, infrastructure, network components, web-service endpoints, and applications. Building on core principles, we show how to effectively implement Zero Trust in the Cloud for comprehensive security coverage, strengthen the coverage using machine learning, and simplify identity and access management. We provide a workbook where participants can evaluate their own organization's readiness for Zero Trust and conduct a mock vendor selection for Zero-Trust solutions and services.

Learning Objectives

1. Demonstrate a practical understanding of Zero Trust principles and design patterns.
2. Have the ability to create an organizational Zero Trust strategy.
3. How-to conduct a Zero Trust readiness assessment.
4. Have the ability to understand Zero Trust vendor solutions and make selections.

Richard Tychansky, Senior Architect

Mr. Tychansky is an industry-recognized expert in applying Threat Modeling to the development of Zero Trust Architectures, Cloud-Native Applications, API Security, Mobile Applications development, Legacy Systems, and complex embedded system-of-systems designs. He has been instrumental in leading global organizations into the brave new world of Zero Trust. He is a leader, accomplished Cloud Architect, conference speaker, and author of the popular (ISC)² course "Preparing for a Zero Trust Initiative."

He has a wealth of experience in embedded aerospace systems engineering, technical program management for secure software development, quantum cryptography, and machine learning. He excels at building high-performing global incident response teams and partnerships across cross-functional engineering teams. He has also worked with Google's Security & Privacy division to protect the data of over a billion mobile device and cloud services users.