Cloud CISO Perspectives: Early September 2023

Welcome to the first Cloud CISO Perspectives for September 2023. I’ll be talking about what I’m looking forward to at this year’s mWISE Conference, which opens its doors on Monday in Washington, D.C. It’s one of the most unique conferences a security professional or business leader can attend. You can register to attend the conference in-person or on our event livestream. 

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

Why I’m excited to attend mWISE

The Mandiant Worldwide Information Security Exchange, or mWISE, is Mandiant’s annual threat intelligence and cybersecurity research conference. While there are dozens of security conferences you can go to each year, this one occupies a fairly unique place in the conference firmament because it’s produced by a vendor, but is vendor-agnostic. 

At mWISE, a global community of security practitioners will come together to share unique knowledge for strengthening their defenses, individually and together. It will feature frontline experts, critical insights, and cutting-edge trends. It’s really a must-attend for practitioners who want to up-level their understanding of the current risk and threat landscape and how others are operating successfully in it.

As many companies continue to release new AI tools, there is a growing conversation about the risks and opportunities for AI, and how emerging technologies might be regulated. New rule-making and legislation has already been proposed by government leaders. Within this context, we’re going to discuss how to drive industry consensus on responsible AI development.

I’ll be joined onstage by Dmitri Alperovitch, co-founder and executive chairman, Silverado Policy Accelerator; Chris DeRusha, Federal CISO, U.S. Office of Management and Budget (OMB); Trisha Kothari, co-founder and CEO, Unit21; and moderator Maggie Miller, cybersecurity reporter, Politico.

I’ll also be speaking at roundtables for boards of directors and CISOs. The board roundtable will address topics including an executive view of the threat landscape, security of AI, and the role of the board in a cyber event. The CISO roundtable will cover the practical use of AI in cybersecurity, the current geopolitical and economic threat landscape, incident response briefings, and crisis communications during incident response. Both roundtables will offer opportunities for small-group discussions. We strongly believe that only through candid, focused, and facilitated conversations can we stay vigilant against attacks, breaches, and malicious actors.

Also from the keynote main stage, we’re offering a threat intelligence panel. The work of cyber intelligence teams is becoming ever-more pertinent and yet increasingly difficult, as major geopolitical events and new technical demands transform the threat landscape. In order to help attendees prepare and respond more effectively to threats, the conversation will be open and frank, and centered on what the panelists see now and what they expect will likely happen over the next several months.

Panelists include John Hultquist, Mandiant Intelligence chief analyst, Google Cloud; Maddie Stone, security researcher, Google Threat Analysis Group (TAG); Jackie Koven, head of cyber threat intelligence, Chainalysis; Selena Larson, senior threat intelligence analyst, Proofpoint; and moderator Sean Lyngaas, cybersecurity reporter, CNN.

While there are dozens of sessions worth checking out, one of the ones that promises to be especially interesting — and a great example of the kind of deep insight participants share at mWISE — is a Monday afternoon conversation on the intersection of healthcare and cybersecurity between Brian Cincera, SVP and CISO, Pfizer, and chairman of the Board of Directors at Health-ISAC, and Taylor Lehmann, director, Office of the CISO, Google Cloud, and health security officer for Alphabet. 

Protecting healthcare and life sciences organizations from malicious actors is very challenging at the moment, as they’re aggressively targeted. Brian and Taylor will talk about their past experiences defending large health systems, discuss the unique threats they’ve faced, and share the lessons they learned from those experiences.

Nearly 100 speakers from the public and private sectors will be participating in more than 80 sessions at mWISE, discussing their hard-earned expertise with cybersecurity practitioners and industry leaders. Bringing together so many purpose-driven people who care about security is a great opportunity to share and compare best practices, identify new and emerging trends, and convert knowledge into collective action in the fight against persistent cyber threats.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month: 

Did you miss Google Cloud Next? Here’s a recap of all 161 of our announcements at Next ‘23 last month, including 10 security reveals. Read more.

Tigers, elephants, and human error: How to deflate cloud security myths: To get better at cloud security, focus on the fundamentals and stay away from flights of fancy. Take the time to understand threat and risk assessment, hire experts, and rely on a foundation of best practices. Here’s why.

News from Mandiant

Check out the keynotes at mWISE Conference: Mandiant Worldwide Information Security Exchange is a portfolio of vendor-neutral sessions and panels, focusing on engaging and educational insights, purposefully designed by the security community, for the security community. Read more. 

Deleting your way in: Why arbitrary file deletion vulnerabilities matter: Windows arbitrary file deletion vulnerabilities can no longer be considered mere annoyances or tools for Denial-of-Service (DoS) attacks. Over the past couple of years, these vulnerabilities have matured into potent threats capable of unearthing a portal to full system compromise. Read more. 

Data protection best practices: Corporate data theft is on the rise as attackers look to monetize access through extortion and other means. To effectively protect sensitive corporate data, organizations should establish data protection programs that consist of dedicated funding, security tooling, and defined teams. Read more.

Announcing the 10th annual Flare-On challenge: Get ready for the annual Flare-On challenge, which begins Sept. 29 and will run for six weeks. Our reverse engineering challenge attracts thousands of players every year, and is a must-do, single-player CTF-style challenge for current and aspiring reverse engineers. It is a grueling competition designed for the world’s best reverse engineers to test their skills through a series of progressively difficult puzzles. Read more.

Now hear this: Google Cloud Security and Mandiant podcasts 

IaC is the way to be: You can, in fact, use Infrastructure as Code to help secure the cloud. Hosts Anton Chuvakin and Tim Peacock talk Terraform for security teams with Rosemary Wang, developer advocate, HashiCorp. Listen here.

Mages of the Next ‘23 hallway: Anton and Tim revisit this year’s Next: What we announced, what presentations were the most fun, and the magic of HallwayCon. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in two weeks with more security-related updates from Google Cloud.