Parham Eftekhari is a business executive specializing in cyber and national security. He currently serves as Executive Vice President, CISO Communities at CyberRisk Alliance, leading its CISO services platform which consists of the Cybersecurity Collaborative and Cybersecurity Collaboration Forum. Parham also serves as the chairman of the Institute for Critical Infrastructure Technology (ICIT), the nation’s leading cybersecurity think tank, which he founded in 2014. Other leadership roles during his more than 15 years in this sector include co-founder and Vice President of research at the Government Technology Research Alliance, founder of the world’s first webcam cover manufacturer CamPatch, and Advisory Board member at the Ready Rock Institute. Parham has developed and authored multiple research publications, regularly engages with the media, and has addressed forums ranging from Congress, TED, RSA, and C-SPAN. In 2017, Parham was recognized by (ISC)2 for his contributions to the field of cybersecurity with the Most Valuable Industry Partner – Government Information Security Leadership Award.
The increased complexity of malicious actors’ techniques demand CISOs stay one step ahead of the threat landscape while still preparing for potential worst-case scenarios. Join this panel discussion to learn the steps CISOs can take to minimize the impact of a ransomware attack.
The discussion explores:
The latest adversarial trends a...
Threat actors never stop working and employing new tools to hold your data hostage and take your business down. Attack vectors are often multifaceted and evasive. And the risk of reinjecting vulnerabilities, compromised accounts, and other attack artifacts back into your environment is a pervasive threat. Compared to previous data exfiltration att...
With the potential of cost savings, reduced operational complexities, and speed to market, many organizations are migrating from on-premises and third-party data centers to Cloud computing environments. However, accompanying these “cloud first” strategies are many challenges that include protecting confidential data and operating new securit...
The secure and efficient administration of user and technology identities across multiple Cloud and on-premises environments has been a challenge for organizations. Consequently, many CISOs are examining new Identity Governance and Administration (IGA) platforms and authentication mechanisms, which will involve large investments and implementation...
In today’s digital enterprises, identity-centered security is critical to reduce vulnerable attack surfaces, but implementation or rearchitecting efforts can be costly, burdensome to security teams, and create friction for users.
In this panel discussion, CISOs share their IAM implementation and maturation best practices and lessons learned alo...
The frequency of data breaches and leaks in 2023 has surpassed cyber incidents from the past five years, highlighting the necessity for strong cybersecurity frameworks. In his discussion, Bart Falzarano, Head of Information Security at Bitwarden, will highlight the critical role of Zero Trust architecture in enhancing Identity Access Management (I...
The embrace of SaaS and operating in multi-cloud environments creates an expansive and dynamic attack surface, making it difficult for security teams to maintain visibility into and understand risk levels. And with the protection of sensitive data now a shared responsibility between security teams and providers, CISOs have additional consideration...
Generative AI has taken over the conversation and, in time, will be transformative to the cyber industry and our society. But the models are still in development, and ultimately, CISOs must discern the appropriate places to leverage AI tools to help their company as well as define the acceptable risks and proper usage.
This panel discussi...
Managing the scope and complexity of third-party relationships can be a highly manual, time-consuming task for many security teams, and even after this effort effectively mitigating supply chain vulnerabilities remains one of the greatest threats to an organization’s security. In this panel discussion, security leaders share current approaches, ch...
The unique characteristics of OT systems – legacy equipment, long lifecycles, and the convergence with IT networks – complicates deploying traditional security approaches. And these inherent weaknesses in OT environments create a low-hanging and potentially lucrative target for threat actors, making it critical that security teams take steps to en...
Securing Operational Technology is a challenge for many organizations that depend on the continual availability of ICS/SCADA systems to manufacture their products. For example, maintenance windows for security patches are often hard to find and raise concerns about ““breaking”” systems. Furthermore, OT systems require Internet access and, therefor...
By operating Records & Information Management (RIM) functions, data security and lifecycle management practices have been employed by organizations even before computing became the norm. However, these practices are continually stretched to keep pace with new technologies, like AI, which can pose threats to data confidentiality and integ...
The rapid expansion of digital capabilities has moved sensitive data into various ecosystems, creating additional risk and compliance concerns for organizations. In this panel discussion, security leaders share their approach to striking the right balance of protecting data while enabling information sharing and innovation.
The discussio...
CISOs strive to develop and use security metrics as an objective way to: (1) portray the state of their security programs; and (2) effect positive change to security controls, like patching within SLAs and improving phishing email awareness. However, they are challenged by data collection difficulties, limitations of reporting tools, and uncertain...
Determining the most relevant cybersecurity metrics has long been discussed, but as high-profile attacks and regulatory scrutiny increases, effectively monitoring the progress and continued risk in a security program is paramount. In this panel, CISOs share their challenges and experiences implementing and expanding a metrics program and offer ins...
Vulnerability management remains an uphill challenge for security teams. In this month of CISO Stories, we look at the findings of a cross-sector task force of CISOs and staff who shared their challenges and best practices for developing effective vulnerability management practices. Topics include:
Managing vulnerabilities on premises, in the cloud, and in third-party environments
Identification, classification, prioritization, and remediation best practices
Standards and charters
Organizational structures
Scanning tools.
Supporting tools to be shared include a CISO’s Guide to Effective Vulnerabilities; and a Vulnerability Management Maturity Checklist.
Practitioners will also connect the dots on how effective vulnerability management can be used to continuously improve identity, application, cloud and network security, anti-ransomware efforts, zero trust, email security, threat intelligence, AI and third-party risk management.
This month of CISO Stories will look at the findings of a cross-sector task force of CISOs and staff who shared details of their incident management best practices, including incident response plans, playbooks, metrics, and business continuity plans.
The Incident Management Best Practices Guide presents a framework and components for the incide...
Key objectives of a governance, risk, and compliance program (GRC) are to ensure that the cybersecurity program has appropriate oversight, identifies and addresses cyber risks, and complies with all applicable laws and regulations. GRC functions shape cybersecurity program components and its principal functions to reduce risk and meet all complian...
A robust GRC program fosters the ability to manage key risks and protect sensitive data, aligning security initiatives with organizational objectives; and ultimately allows the CISO to establish trust and confidence with key stakeholders. However, the constantly evolving regulatory landscape is resource intensive to manage and requires striking a ...
