Drawing a parallel between real-world security and cyber security to provide a better perspective on why Security in general everyone’s job and Cyber Security is not an exception. Bringing experience and understanding of cyber security perceptions from multiple roles working with numerous projects and organizations across the world. Emphasizing on the training and awareness requirements customized to the audience instead of one training fit for all approach to increase understanding and adoption of Cyber Security practices.

Just over 20 years ago I helped build the FBI’s InfraGard Program. Although we aspired to be proactively preventative, we have lived stymied, notwithstanding our best intentions, in the world of the Reactive and its associated “Defense in Depth” complexity and cost. Proactive prevention eluded us. The security industry has profited quite nicely from the insecurity of the world and this reactive paradigm. For decades we have relied on the best technology we had at the time to deflect the onslaught of what we faced daily in the way of malware and other attacks. The effectiveness of that AV technology was always predicated on having latest signatures on hand, which the adversaries could easily defeat with just the slightest modification of their last iteration. That signature-based paradigm required much in the way of downstream resources and expense and usually at least one “sacrificial lamb” upon which to let each new instance of threat sink its teeth. On a good day the capture and deflection rates rarely rose above 50%, requiring that we labor assiduously to manage leaderships’ expectations. We finally got leadership to understand and accept what became almost a mantra in the industry: “It’s not if but when”--as galling professionally as that admission was to make. However, just as predicted 50 years ago by Thomas Kuhn in his book the Structure of Scientific Revolutions, we’re seeing the dawn of a new day where AI’s machine learning and advance mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99%. The FBI has now called me back into service to help redesign the next generation of InfraGard leveraging this emerging force. Our discussion will explore my generation’s journey toward this emerging new paradigm, its challenges, and what it portends for the future.

McClurg serves as Vice President and Ambassador-At-Large of Blackberry | Cylance. He engages the industry around the globe on the risk challenges today and how AI uniquely mitigates them. Champions a move from a historically reactive security posture to one focused on proactively predicting and mitigating future risks. He comes to Blackberry | Cylance from Dell, Honeywell, and Bell Labs/Lucent where he served as their CSO.
Before joining the private sector, he served in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation (FBI), where he held an assignment with the US Department of Energy (DOE) as a Branch Chief charged with establishing a Cyber-Counterintelligence program within the DOE’s newly created Office of Counterintelligence. Prior to that, McClurg served as a Supervisory Special Agent within the FBI, assisting in the establishment of the FBI’s new Computer Investigations and Infrastructure Threat Assessment Center or what was later known as the National Infrastructure Protection Center within the Department of Homeland Security. McClurg also served, for a time, on assignment as a Deputy Branch Chief with the Central Intelligence Agency, helping to establish the new Counterespionage Group and was responsible for the management of complex counterespionage investigations. He also served as a Special Agent for the FBI in the Los Angeles Field Office where he implemented plans to protect critical US technologies targeted for unlawful acquisition by foreign powers and served on one of the nation’s first Joint Terrorism Task Forces. McClurg was recently voted one of America’s 25 most influential security professionals; holds a J.D. Degree from Brigham Young University; is a member of the Utah Bar Association; Co-chaired the Overseas Security Advisory Council (OSAC) of the U.S. Department of State; serves as a special advisor to FBI; and served as the founding Chairman of the International Security Foundation. He also holds an MA in Organizational Behavior, BS and BA degrees in University Studies and Philosophy from Brigham Young, and advanced doctoral studies in Philosophical Hermeneutics at UNC-Chapel Hill and UCLA

Software Supply Chain - Software vendors routinely suffer breaches that they either don’t know about or choose to not publicize (until a customer or researcher discovers the evidence).

Cybersecurity is defined by its evolving nature. Both sides – the threat actors and the defenders – constantly innovate. Recent events have painted a dark picture. Organizations are seeing Cybersecurity related reports on the front page of Wall Street Journal, the New York Times, the BBC News, etc., as a few major organizations have been breached and suffered loss of critical customer data. The impact of these events can be significant with security talent which is scarce and adds additional security challenges. Threats are on the rise: 160 million records exposed, 101 days between compromise and detection, and over $4 million of cost/business impact per breach. The potential impact in terms of recovery cost, brand impact, and public relations recovery can be extremely significant.

Security automation and threat intelligence solutions will help organizations where all knowledge and information of what is good and bad is plugged-in and provide insight to ensure the organization is secured as per internal security practices and industry guidelines and overcome the complexities of cyber-security compliance. With an increasingly multifaceted cyber threat landscape and the extreme scarcity of skilled security professionals, many organizations are looking for ways to improve and simplify security operations. Organizations are stressed to find answers that provide adequate security at the scale they need, and at a reasonable price. The answer is security automation and continuous compliance.

Mr. Malik is a Security Program Manager at Microsoft Corporation, Redmond, WA, USA. In his role, Mr. Malik is responsible for leading projects at Microsoft’s Digital Security and Risk Engineering Team, including Engineering, Assessments, Consulting and Risk Management. These projects are focused both on improving Microsoft’s internal security and on improving the security of some of Microsoft’s largest customers.

Mr. Malik is competent and dynamic professional offering a distinguished and insightful exposure of over 19+ years of experience across high-growth environments related to Infrastructure Solutions design and deployment, Identity Management, Risk Assessments, Incident Management, Service Delivery, Service Assurance and Client Relationship Management. Mr. Malik work hard with unending energy and focus to dig deep into the problems and also step back to view the big picture, for both internal and external customers. Mr. Malik is a strategic thinker and look for ways to improve or enhance the organization, product or service(s).

Mr. Malik is currently the Lead Infrastructure Security Engineering Program Manager for a multi-million-dollar, multi-year effort to improve the security of High Security Environments. It consists of private cloud computing, network and storage hardware, and associated software that must provide enhanced security against unauthorized disclosure to protect, detect and respond to threats against Microsoft IT Assets and responsible for designing security for high security solutions for Administrators at Microsoft as well as customers. Solutions are used by 40k+ users across the company for livesite, mission critical service management.

Key Accomplishments:

• Business Consulting

Mr. Malik has led multiple engagements including architected the enterprisewide transformation that deliver security services both internally within Microsoft's IT structure, and externally to large enterprise customers. These projects secure Microsoft's informational assets and add strategic value to Microsoft's customers and similar projects for external customers.

• Enterprise Architecture

Mr. Malik is overall security architecture for Internal services used by Administrators of the company for secure access to all critical “dial-tone” services. Mr. Malik is engaged in designing and development of key features and services used within the solutions, including telemetry first, high availability and multi-zone failover solutions for 99.99%+ availabilities by utilizing modern development and infrastructure techniques, while staying isolated and secure, these included zero touch, fully automated deployment practices utilizing PowerShell DSC, WDS, and other automation(s).

• Credentials

Mr. Malik is a frequent presenter at Internal EBC’s, symposiums and conferences.

The world's best hacker-groups have multi-stage pipelines they move targets through. This presentation shows a near-real-time look at a sophisticated attack from the inside-out. These intrusions are amplified when attackers use detailed messaging that resonates with target audiences. The good news - there are easy-to-see patterns.
This is a more technical presentation.

Software executive with more than 30 years of experience building complex, multi-tier, end-to-end, secure, technology solutions for dozens of Fortune 500 companies in the following industries: consumer package goods (CPG), travel & hospitality, utilities, entertainment, high-tech, insurance, finance and banking, package delivery, telecom, wireless and retail – both brick-and-mortar and e-commerce. My wide-ranging project management experience, architecture/design knowledge, business intelligence and predictive analytics background, and hands-on development skills combine to help companies create competitive business advantages using technology. What I enjoy most is leading teams of technical professionals who love the idea of building exceptional software solutions that help companies stand out from the crowd!

Why Libra and Calibra are just competing with WeChat Pay and China's goal of creating a sovereign digital currency by deploying China UnionPay's Smart Mobile POS Peer-to-Peer Smartphone payments program to possibly launch a stable coin, We will discuss how our technology is critical for protecting those private keys from a crypto wallet application on Android Smartphones. We will discuss how Chat Apps + crypto mobile wallets + Smartphones with Peer-to-Peer Payments are the real ballgame for WeChat Pay, AliPay and Libra/Calibra. It will be exciting because no one else in the World is talking about this. I have supplied a simple PPT but I did not add the critical slides about China UnionPay when I presented in Nanjing, China last month, because this is still very sensitive.