Six Cybersecurity Sessions You Can’t Miss at ISC West

By Kara Klein, Associate Director of Marketing and Media Relations, Security Industry Association on February 15, 2023 | , |

ISC West 2023 is coming up March 28-31 in Las Vegas, and the Security Industry Association (SIA) and ISC West recently revealed full conference details for the SIA Education@ISC West program, including keynote presentations from top luminaries and 65+ sessions on the most current business trends, technologies and industry developments.

Among the robust lineup of conference sessions are several dynamic presentations featuring expert insights on cybersecurity. Here are six sessions you won’t want to miss; make sure to add them to your ISC West calendar!

All Times PDT

How Cybersecurity, Edge Analytics and AI Have Impacted the Design & Implementation of Physical Security Systems

Wednesday, March 29, 10:00-11:00 a.m.

Designing, implementing and maintaining physical security systems used to be relatively easy. They were purpose-built systems designed to deliver specific security safeguards, while also providing a physical deterrent to criminal activity and forensic evidence for use in investigations and court. All that continues to change and further evolve with the development and implementation of intelligent networked system solutions driven by advanced AI-driven hardware and software solutions. Thus moving away from specific purpose-built technology into multi-use business enablement technology. As a result, security system designers need to be fluent in several different disciplines ranging from mechanical and physical engineering to software development and programming, as well as cybersecurity.

This presentation will explore the “new convergence” and science of physical security system design and how systems integrators and managed service providers who were once relegated to supporting specific system classifications (physical security systems and networked systems, respectively) are often now competing on the same playing field having to demonstrate ROI while also ensuring the secure design and implementation of these IIoT devices.

Speakers:

  • Kirk Arthur, leader, worldwide public safety and justice, Microsoft
  • Ara Bagdasarian, founder, ZeroNow
  • Kasia Hanson, global director, video, safety and security sales, Intel Corporation
  • Antoinette King, founder, Credo Cyber Consulting

Increasing Cyber Awareness for Security Integrators

Thursday, March 30, 10:00-11:00 a.m.

Systems integrators secure education facilities, health care organizations, manufacturing plants, government buildings and utility facilities. Security integrators are a gateway for cyberattacks. Preventing a cyberattack starts with buy-in from employees. Making employees at all levels aware of the threats and training them in how to deal with these threats is essential for all security integrators.

“Cybersecurity is the responsibility of every individual and because of that it’s crucial to build awareness within your organization at every level. In our session, we will be discussing strategies and best practices for supporting a culture of awareness and equipping your team to defend against social engineering attacks.”

Josh Cummings, executive vice president, technology, Paladin Technologies

In this session, a panel of security industry experts will show you the steps to take to minimize the risk of a cyberattack.

Speakers:

  • Tyrone Chambliss, global program manager, Northland Controls
  • Josh Cummings, executive vice president, technology, Paladin Technologies
  • Gary Hoffner, vice president, PSLA Security
  • Christopher Peckham, chief operating officer, Ollivier Corporation

Top Five Things to Do to Enhance Cybersecurity on Physical Security Systems

Thursday, March 30, 11:15 a.m. – 12:15 p.m.

Those of us in the “physical security” arena are often separated from the cybersecurity function of our organizations, but just because we may not have direct responsibility for information and information system security, doesn’t mean that we do not have a big role to play in the cyber security of our organizations.

As the security industry evolves, we rely more and more on technological systems to control and monitor our physical security programs. It’s possible to introduce cybersecurity risk to the very organizations we are protecting if physical security technology added onto our networks is poorly integrated and managed. This could compromise not only our physical security posture, though our systems, but entire organizational networks through gaps and vulnerabilities left on the physical security system side.

So the question is, what can we do to help reduce this risk?

“I’m excited for this discussion with John Deskurakis and Darren Giacomini about how those of us with responsibility for physical security systems can best interact with our technology security teams to ensure a better security posture for us all. ISC West attendees who join us for this panel, will walk away with a fresh perspective on the importance of good ‘cyber-hygiene’ on their physical security systems and some solid tips for enhancing cybersecurity on systems used to physically secure their environments. As a quick sneak peek for today’s readers…questions we’ll be discussing range from the high-level topics such as ‘How is the rise of ‘smart’ everything – from thermostats to doors to cars – impacting how we need to look at security?’ to more tactical subjects such as ‘What advice do you have for physical security leaders around patch management for their systems?’. It will be an informative conversation, so be sure not to miss it!”

Rachelle Loyear, vice president, integrated security solutions, Allied Universal

Join us for this panel presentation on the top five easy steps you can take to help ensure your physical security systems are not the next cyberattack vector for your organization!

Speakers:

  • John Deskurakis, chief product security officer, Carrier
  • Darren Giacomini, director of advanced systems architecture, BCD
  • Rachelle Loyear, vice president of sales, integrated security, Allied Universal

Cyber-Physical Security: New Challenges and Liabilities for Security Professionals

Thursday, March 30, 1:00-2:00 p.m.

Ironically, with a significant number of cybersecurity breaches well documented by the media over the last few years, physical security systems/networks present one of the greatest risks to network security and corporations. Another alarming reality is that C-level personnel are increasingly to be held accountable, if not liable for these data thefts.

“As cybersecurity threats continue to grow against security systems, it is becoming increasingly imperative that physical security and cybersecurity professionals work together to combat these threats. Join us as we discuss some of the challenges and liabilities facing security professionals and how they can be become better prepared to defend themselves against malicious actors.” 

Will Knehr, senior manager of information assurance and data privacy, i-PRO Americas

This panel discussion will explore why and how security system networks are so vulnerable, how they can be better protected from hacker penetration, and what best practices should be in place before and after an attack occurs. The panel will be comprised of a leading publisher/editor in the physical security market who will moderate the discussion of four prominent C-level executives.

Speakers:

  • Bud Broomhead, CEO, Viakoo
  • Will Knehr, senior manager of information assurance and data privacy, i-PRO Americas
  • Kurt J. Meason, chief technical officer and vice president of technology, Boon Edam
  • Bart Vansevenant, chief product officer, RightCrowd

Extending Zero Trust to Physical Security and IoT

Thursday, March 30, 2:15-3:15 p.m.

Organizations have made implementing Zero Trust an urgent priority, as the number of cyber breaches and ransomware incidents from lax or insufficient passwords has dramatically increased. Yet for physical security devices (and the Internet of Things in general) many barriers exist in implementing Zero Trust, such as the use of 802.1x and TLS certificates, interfacing with different certificate authorities, and ensuring all certificates can be revoked or renewed quickly across the infrastructure.

“Establishing trust is central to security; knowing that all devices and data communications are authentic and in your control requires taking a zero trust approach.  Learn how implementing zero trust for physical security requires a different approach than IT assets because of the unique nature of physical security devices.”

John Gallagher, head, Viakoo Labs

This presentation will provide details, case studies, and best practices so organizations can succeed at extending Zero Trust to physical security.

Speaker:

  • John Gallagher, head, Viakoo Labs

Recovering From a Cyber Incident

Thursday, March 30, 3:30-4:30 p.m.

Best practices for recovering from a cybersecurity incident start with actions taken long before an incident takes place. How should data and facility redundancies be provisioned – hardware, software, cloud? Have policies, plans and procedures been evolved, tested and kept current? Have response personnel been identified and prepared for their roles in a disaster event? A business impact analysis assesses the enterprise’s ability to recover from a disaster and should form the basis for a contingency or business continuity plan. What needs to happen in the 48 hours immediately following an incident?

“Responding to a cyber incident is like trying to make it to the Super Bowl;  If your team has great leadership, a cybersecurity culture, buy-in from the entire organization, good preparation practices and policies, a great defense, and strategies and plans for all offensive plays by bad actors, the odds of making it through a season of threats and into the playoffs of responses and remediation should make you victorious in the big game of recovery!” 

Gary Hoffner, vice president, PSLA Security

This panel will examine elements of preparation and recovery, and it will provide consultants with a basis for further discussions with their clients.

Speakers:

  • Gary Hoffner, vice president, PSLA Security
  • Jerrod Johnson, head of global security and business continuity, Ferguson Enterprises
  • Jarrett Morgan, technology market leader, Mead & Hunt
  • Greg Moya, chief technology officer, market development and strategy, Dell Technologies

Additionally, don’t miss this special workshop offered by SIA during the conference:

Securing and Monitoring the Endpoints

Tuesday, March 28, 10:00 a.m. – 12:00 p.m.

Building on last year’s ISC West Cyber Workshop for Basic Pen Testing, Systems Hardening and Ransomware Assessments, this session will cover how endpoints can be installed and operated in a secure manner. These endpoints include access control devices, IP cameras, video encoders, miscellaneous IoT sensors and the associated network access device. Topics to be included are account usage with least privileges, using network boundaries to isolate devices, password management, firmware management, services operating on a device, encryption using SSL/TLS and OSDP, the use of IEEE 802.1X for network access control, endpoint certificates, SNMP, logging, and network management and security information and event management. Concepts will be presented using real-world examples and working solutions including sample scripts and tools.

Instructors:

  • Josh Cummings, executive vice president, technology, Paladin Technologies
  • Christopher Peckham, chief operating officer, Ollivier Corporation

Learn more about SIA Education@ISC West, view the full session lineup and register for the conference on the ISC West website.