Hello, and welcome to a searchsecurity.com. podcast: How Security is Well Suited for Agile Development.

Size: px
Start display at page:

Download "Hello, and welcome to a searchsecurity.com. podcast: How Security is Well Suited for Agile Development."

Transcription

1 [ MUSIC ] Hello, and welcome to a searchsecurity.com podcast: How Security is Well Suited for Agile Development. My name is Kyle Leroy, and I'll be moderating this podcast. I'd like to start by introducing our expert. Joining us today is Patrick Vandenberg, Manager, IBM Rational Security and Compliance. Welcome, Patrick, and thanks for joining us today. VANDENBERG: Happy to be here. This podcast is being brought to you by IBM. For more information on IBM, please visit their Web site at All right, so let's jump right in to our discussion. How do you fit in to IT security? VANDENBERG: So, our group, Rational Security Compliance, is actually part of a larger brand in IBM called IBM Security. And that brand has five pillars, and we sit in the application and process security. So really we focus on the vulnerabilities that are present in applications and help organizations address those so that they can improve the overall security in IT. So, for example, if we want to look at Web applications

2 which is a pretty popular concern today -- there is a number of ways in which organizations need to protect Web applications from network protection to the application. And we would focus on the part that looks at the vulnerabilities within the application. And the reason why the multiple pillars exist in IBM Security, a defense indepth approach is very much required. So we need to look at the many different ways that malicious attacks can look at compromising assets in an organization. So we do need to pay attention to the application layer, the network layer, identity and access management, even physical security as well as data and information. So all of these elements combine to a full service approach to IT security. All right, so what should the development team...sorry, I'm going to ask that one again. So, why should the development team care about security? VANDENBERG: Yes, that's an interesting point. As we all know, development is mandated to deliver quality functionality on time, on budget. And some other group in the organizations, typically in IT operations, is responsible for security. -2-

3 And while the awareness is certainly increasing and the investment is starting in this area, it's predominately owned by IT security and even some new investment around having a security practitioner focus on application security where you have somebody who's aware of the vulnerabilities within the code. And while it's great that somebody in IT security is starting to look at vulnerabilities in the application itself, the real challenge here is that all this code, the software, is actually coming from the development organization and for several different reasons there's the opportunity to address application security does reside with development. So for instance, there are vulnerabilities that are readily identified by a security practitioner, and so much so that it creates a bottleneck for the security practitioner. Well, to have that issue remediated, we have to go back to the development organization, fix that code so that the vulnerability doesn't exist in the first place. And this is why application security is necessary. It's very different from having real-time operational protection of network assets, as an example, with application security. We're talking about issues that are within the code itself, and because of that nature, we rely on the development -3-

4 community to be able to help improve the security posture of these applications. All right. Could you elaborate? What are the first steps an organization should take? VANDENBERG: Yes, so this is an interesting discussion and it can be quite a lengthy one. And from what we've seen over time in a few thousand customers is that there is a progression. And we sometimes refer to this as the customer maturity model. So, naturally, with an issue that is not as prevalent in the market or it hasn't been historically, there is a commensurate smaller investment by organizations and a smaller number of skilled resources to address application security. So what can typically happen is an organization's first step is to outsource the security testing effort called penetration testing, or even bring this in house, to, as I mentioned, a security practitioner who's going to do the security audit. But what we've seen here, especially for organizations that have a continuous stream of applications that are in development and that they look to deploy is that there is a -4-

5 bottleneck for typically that one or two people that are responsible for identifying vulnerabilities. What ends up happening is these resources are tasked with protecting the organizational assets. And if they see too much risk in these organizations, they're going to have to say, look, I cannot allow this application to be deployed. It's going to create risk for the organization. And as a result, we get a bottleneck which results in delays, opportunity cost for that project not getting deployed on time, and also we do know that those issues at some point need to get remediated by a development organization. So, they're going to be touching all the hands in the application lifecycle and that process over again. So there's increasing costs for doing this. Now, there is a great opportunity for organizations engaging a development organization, and what can happen here is if we can have security addressed earlier in the development process, then we can alleviate that bottleneck, and we can also remove that effect of having multiple stakeholders touch these issues multiple times -- which is very costly. So, the earlier we can have security addressed, the more cost effective this is. We don't have the bottleneck at the security audit stage, and we don't have that lost -5-

6 opportunity cost of delayed projects. Now, you might say, why do we need the security practitioners in the first place? Well, there's a tremendous experience with these people who are able, if we can relieve the bottleneck for them, then we can leverage them as an acceptance test to make sure that the security posture of these applications is acceptable to be deployed. And we can use their expertise to find maybe the tougher to find security issues in a deployed state. But at the same time, what we can do by engaging the development organization at the code or build or test stage is we have many more resources to scale to find the volumes of easy to find and fix issues. And we're not suggesting here that you'd be looking at deploying security practitioner tools to these people. That's not something that is practical. That's not something that's going to be successful. What we do condone, though, is helping the education and awareness and adopting some practices to bring in some capabilities that support the existing use cases and environments that are in use. So, solutions that integrate with developer IDEs, with the build system that fully integrate into the test scripts so -6-

7 that as you're writing a script for functional performance and services testing, an automated security scan happens as well. And then you fold these vulnerabilities into the remediation effort that developers are already engaged in. This is a way to engage security -- the practice of security -- into the existing process, have a governance model that's going to manage these issues and track them through, and support collaboration between development QA and security. So, Patrick, how is security relevant and feasible in an agile model? VANDENBERG: Yes, that's a great question, because a lot of people will feel on first discussions that security requires a lot of heavy lifting. And while adopting existing practices is not an easy...there are a lot of dynamics in play, you've got cultural change, you've got some training and awareness that will need to happen... What is actually interesting and not typically seen up front is that security is very conducive to an agile environment. So as I mentioned earlier, if you're going to have somebody late in the process who's going to stop these projects because it's posing risk for the organization and they don't have a choice but to do that, because that is their job

8 Then you're really running counter to an agile environment. In embedding security early into the process what you're doing is you're allowing lightweight quick checks for security just like in the same stream as the rest of the activity that is going to avoid this heavy lifting slowdown that can happen by doing a full security test late in the process. So, it really allows vulnerability testing and remediation to go hand in hand with agile. Right? Let's piece this down, let's have a quick process so that there's a lightweight effort and it's not going to be disruptive and allow us to get a quick response or a quick delivery on our project out the door. All right, and finally, what are some key techniques and practices which need to be adopted to support security in an agile environment? VANDENBERG: So, I think I touched on a few of these already with some of the other questions, and really what this requires is the support of the different communities to embrace this model in the software lifecycle management process. So if you have considerations of collaboration and governance of embedding security into the existing use cases -8-

9 and tooling that are in place and there is software and solutions available to do this from IBM and the necessary services, then you can go hand in hand with your transformation through an agile process. So, for example, integrating into the IDE, or integrating into the build stage, as an example, to do that, to do that test. And security becomes a regular process. And your security practitioners or your auditors can become, can operate as an admin in the background that can set up standardized scan templates that can be, really all that detail can be extracted from your development community. So we're not derailing all that brainpower and time. They can do the triage of these vulnerabilities to support the developers so that we're stripping out all the noise, as much noise as possible so that the bugs, the security bugs or defects that the developers are receiving and intermediate on are easy to find, easy to fix and are validated as being real issues. In this way, the investment on the part of the developers, but as I said, has been chugged down to being lightweight on a quick turn in the normal process, becomes more of a lightweight effort, a very non-disruptive or non-intrusive approach to leveraging the opportunity to scale with all the resources we have in our development community versus -9-

10 waiting for one or two people to slow the entire process down and do an exhaustive test late in the cycle. All right, great. Thanks, Patrick. This has been an interesting and informative discussion. Thank you for your time today, and thanks to our listeners for taking time out of their day. I'd like to thank IBM for bringing us this searchsecurity.com podcast. I thank you all so much for joining us. [ MUSIC ] [END OF SEGMENT] -10-

Show notes for today's conversation are available at the podcast website.

Show notes for today's conversation are available at the podcast website. Title: Managing Security Vulnerabilities Based on What Matters Most Transcript Part 1: The Challenges in Defining a Security Vulnerability Julia Allen: Welcome to CERT's Podcast Series: Security for Business

More information

Hello, and welcome to another episode of. Getting the Most Out of IBM U2. This is Kenny Brunel, and

Hello, and welcome to another episode of. Getting the Most Out of IBM U2. This is Kenny Brunel, and Hello, and welcome to another episode of Getting the Most Out of IBM U2. This is Kenny Brunel, and I'm your host for today's episode which introduces wintegrate version 6.1. First of all, I've got a guest

More information

Welcome to this IBM Rational podcast, enhanced. development and delivery efficiency by improving initial

Welcome to this IBM Rational podcast, enhanced. development and delivery efficiency by improving initial IBM Podcast [ MUSIC ] GIST: Welcome to this IBM Rational podcast, enhanced development and delivery efficiency by improving initial core quality. I'm Kimberly Gist with IBM. Catching defects earlier in

More information

Welcome to this IBM Rational Podcast. I'm. Angelique Matheny. Joining me for this podcast, Delivering

Welcome to this IBM Rational Podcast. I'm. Angelique Matheny. Joining me for this podcast, Delivering Welcome to this IBM Rational Podcast. I'm Angelique Matheny. Joining me for this podcast, Delivering Next Generation Converged Applications with Speed and Quality, is Derek Baron, Worldwide Rational Communications

More information

Welcome to this IBM podcast, Realizing More. Value from Your IMS Compiler Upgrade. I'm Kimberly Gist

Welcome to this IBM podcast, Realizing More. Value from Your IMS Compiler Upgrade. I'm Kimberly Gist IBM Podcast [ MUSIC ] Welcome to this IBM podcast, Realizing More Value from Your IMS Compiler Upgrade. I'm Kimberly Gist with IBM. System z compilers continue to deliver the latest programming interfaces

More information

Welcome to this IBM Rational podcast, Using the. System Architect Migration Toolkit to Migrate Your DoDAF 1.5

Welcome to this IBM Rational podcast, Using the. System Architect Migration Toolkit to Migrate Your DoDAF 1.5 IBM Podcast [ MUSIC ] GIST: Welcome to this IBM Rational podcast, Using the System Architect Migration Toolkit to Migrate Your DoDAF 1.5 model to DoDAF 2.0. I'm Kimberly Gist with IBM. Many IBM Rational

More information

Part 1: Critical Infrastructures and Their Reliance on Critical Information Infrastructures

Part 1: Critical Infrastructures and Their Reliance on Critical Information Infrastructures Title: Managing Risk to Critical Infrastructures at the National Level Transcript Part 1: Critical Infrastructures and Their Reliance on Critical Information Infrastructures Julia Allen: Welcome to CERT's

More information

Welcome to this IBM podcast, Object Management. Group's Telco ML, Example of a Mobile Communications API.

Welcome to this IBM podcast, Object Management. Group's Telco ML, Example of a Mobile Communications API. IBM Podcast [ MUSIC ] Welcome to this IBM podcast, Object Management Group's Telco ML, Example of a Mobile Communications API. I'm Angelique Matheny with IBM. Many existing application programming interfaces,

More information

Part 1: Information Security for City Governments; Defining e-discovery

Part 1: Information Security for City Governments; Defining e-discovery Integrating Security Incident Response and e-discovery Transcript Part 1: Information Security for City Governments; Defining e-discovery Julia Allen: Welcome to CERT's Podcast Series: Security for Business

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

Vulnerability Assessments and Penetration Testing

Vulnerability Assessments and Penetration Testing CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze

More information

Practical Guide to Securing the SDLC

Practical Guide to Securing the SDLC Practical Guide to Securing the SDLC Branko Ninkovic Dragonfly Technologies Founder Agenda Understanding the Threats Software versus Security Goals Secure Coding and Testing A Proactive Approach to Secure

More information

I'm Andy Glover and this is the Java Technical Series of. the developerworks podcasts. My guest is Brian Jakovich. He is the

I'm Andy Glover and this is the Java Technical Series of. the developerworks podcasts. My guest is Brian Jakovich. He is the I'm Andy Glover and this is the Java Technical Series of the developerworks podcasts. My guest is Brian Jakovich. He is the director of Elastic Operations for Stelligent. He and I are going to talk about

More information

Welcome to another episode of Getting the Most. Out of IBM U2. I'm Kenny Brunel, and I'm your host for

Welcome to another episode of Getting the Most. Out of IBM U2. I'm Kenny Brunel, and I'm your host for Welcome to another episode of Getting the Most Out of IBM U2. I'm Kenny Brunel, and I'm your host for today's episode, and today we're going to talk about IBM U2's latest technology, U2.NET. First of all,

More information

Module 6. Campaign Layering

Module 6.  Campaign Layering Module 6 Email Campaign Layering Slide 1 Hello everyone, it is Andy Mackow and in today s training, I am going to teach you a deeper level of writing your email campaign. I and I am calling this Email

More information

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill

More information

BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology

BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS

More information

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services Sponsored by: Cisco Services Author: Leslie Rosenberg December 2017 Predictive Insight, Automation and Expertise Drive Added Value for Managed Services IDC OPINION Competitive business leaders are challenging

More information

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1 SECURITY AUTOMATION BEST PRACTICES A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1 Introduction The best security postures are those that are built

More information

HP Fortify Software Security Center

HP Fortify Software Security Center HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)

More information

BBBT Podcast Transcript

BBBT Podcast Transcript BBBT Podcast Transcript About the BBBT The Boulder Brain Trust, or BBBT, was founded in 2006 by Claudia Imhoff. Its mission is to leverage business intelligence for industry vendors, for its members, who

More information

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported

More information

Cyber Resilience - Protecting your Business 1

Cyber Resilience - Protecting your Business 1 Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience

More information

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES A Guide to Making Your Security Team Successful with Automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough Nut to Crack

More information

Security Automation Best Practices

Security Automation Best Practices WHITEPAPER Security Automation Best Practices A guide to making your security team successful with automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

Virtualization. Q&A with an industry leader. Virtualization is rapidly becoming a fact of life for agency executives,

Virtualization. Q&A with an industry leader. Virtualization is rapidly becoming a fact of life for agency executives, Virtualization Q&A with an industry leader Virtualization is rapidly becoming a fact of life for agency executives, as the basis for data center consolidation and cloud computing and, increasingly, as

More information

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better

More information

Texas Regional Infrastructure Security Conference (TRISC) Dan Cornell

Texas Regional Infrastructure Security Conference (TRISC) Dan Cornell Securing the SDLC: A Case Study Texas Regional Infrastructure Security Conference (TRISC) 2008 Dan Cornell April 22, 2008 Agenda Denim Group introduction and background The problem: Integrate security

More information

Improving Security in the Application Development Life-cycle

Improving Security in the Application Development Life-cycle Improving Security in the Application Development Life-cycle Migchiel de Jong Software Security Engineer mdejong@fortifysoftware.com March 9, 2006 General contact: Jurgen Teulings, 06-30072736 jteulings@fortifysoftware.com

More information

Escaping PCI purgatory.

Escaping PCI purgatory. Security April 2008 Escaping PCI purgatory. Compliance roadblocks and stories of real-world successes Page 2 Contents 2 Executive summary 2 Navigating the road to PCI DSS compliance 3 Getting unstuck 6

More information

Product Security Program

Product Security Program Product Security Program An overview of Carbon Black s Product Security Program and Practices Copyright 2016 Carbon Black, Inc. All rights reserved. Carbon Black is a registered trademark of Carbon Black,

More information

Integrated Access Management Solutions. Access Televentures

Integrated Access Management Solutions. Access Televentures Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1

More information

The Convergence of Security and Compliance

The Convergence of Security and Compliance ebook The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction....3 Positive versus Negative Application Security....3

More information

A new approach to Cyber Security

A new approach to Cyber Security A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.

More information

Lecture 34 SDLC Phases and UML Diagrams

Lecture 34 SDLC Phases and UML Diagrams That Object-Oriented Analysis and Design Prof. Partha Pratim Das Department of Computer Science and Engineering Indian Institute of Technology-Kharagpur Lecture 34 SDLC Phases and UML Diagrams Welcome

More information

Survey Results: Virtual Insecurity

Survey Results: Virtual Insecurity Best Practices SURVEY Survey Results: Virtual Insecurity May 2013 Executive Summary: Virtual Assets Could Bring Real Risk Virtualization technologies have reshaped how IT offers and delivers their services

More information

IBM AND THE FUTURE OF SMART IT. February 26, 2008

IBM AND THE FUTURE OF SMART IT. February 26, 2008 IBM AND THE FUTURE OF SMART IT February 26, 2008 LANINGHAM: Welcome to a podcast on IBM and the Future of Smart IT. I'm Scott Laningham. We're here to talk about the ballooning energy use by computing

More information

MITOCW watch?v=0jljzrnhwoi

MITOCW watch?v=0jljzrnhwoi MITOCW watch?v=0jljzrnhwoi The following content is provided under a Creative Commons license. Your support will help MIT OpenCourseWare continue to offer high quality educational resources for free. To

More information

Metrics That Matter: Quantifying Software Security Risk

Metrics That Matter: Quantifying Software Security Risk Metrics That Matter: Quantifying Software Security Risk Brian Chess Fortify Software 2300 Geng Road, Suite 102 Palo Alto, CA 94303 1-650-213-5600 brian@fortifysoftware.com Abstract Any endeavor worth pursuing

More information

Securing Digital Transformation

Securing Digital Transformation September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated

More information

Bring Your Own Device (BYOD)

Bring Your Own Device (BYOD) Bring Your Own Device (BYOD) An information security and ediscovery analysis A Whitepaper Call: +44 345 222 1711 / +353 1 210 1711 Email: cyber@bsigroup.com Visit: bsigroup.com Executive summary Organizations

More information

Security Automation & Orchestration That Won t Get You Fired. Syra Arif Advisory Security Solutions Architect November 2017

Security Automation & Orchestration That Won t Get You Fired. Syra Arif Advisory Security Solutions Architect November 2017 Security Automation & Orchestration That Won t Get You Fired Syra Arif Advisory Security Solutions Architect ServiceNow @syraarif November 2017 1 Speaker Introduction NAME: Syra Arif TITLE: Advisory Security

More information

align security instill confidence

align security instill confidence align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed

More information

THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE

THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE SESSION ID: DEV-F02 THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE Matt Clapham Principal Product Security Leader GE Digital (Healthcare) @ProdSec Agenda What is product security What is a product security

More information

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved. EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT An Insight Cyber White Paper Copyright Insight Cyber 2018. All rights reserved. The Need for Expert Monitoring Digitization and external connectivity

More information

Security Awareness at Unitil Corporation

Security Awareness at Unitil Corporation Security Awareness at Unitil Corporation An Inside Look at Running an Effective Security Awareness Program Using SANS Securing the Human End User Solution Executives on the Front Line of Cybersecurity

More information

P1_L3 Operating Systems Security Page 1

P1_L3 Operating Systems Security Page 1 P1_L3 Operating Systems Security Page 1 that is done by the operating system. systems. The operating system plays a really critical role in protecting resources in a computer system. Resources such as

More information

CATCH ERRORS BEFORE THEY HAPPEN. Lessons for a mature data governance practice

CATCH ERRORS BEFORE THEY HAPPEN. Lessons for a mature data governance practice CATCH ERRORS BEFORE THEY HAPPEN Lessons for a mature data governance practice A guide to working with cross-departmental teams to establish proactive data governance for your website or mobile app. 2 Robust

More information

Transcript: A Day in the Life Desiree: 7 th Grade Learning Coach Profile

Transcript: A Day in the Life Desiree: 7 th Grade Learning Coach Profile Transcript: A Day in the Life Desiree: 7 th Grade Learning Coach Profile Transcript (Video) Transcript (Video with Audio Description) Transcript (Audio Description) Transcript (Video) 00:00:00.000 [MUSIC]

More information

AS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER?

AS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER? E-Guide AS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER? SearchSecurity A pplication development teams often prioritize timely delivery of software above all other concerns

More information

Securing Your Digital Transformation

Securing Your Digital Transformation Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,

More information

Device Discovery for Vulnerability Assessment: Automating the Handoff

Device Discovery for Vulnerability Assessment: Automating the Handoff Device Discovery for Vulnerability Assessment: Automating the Handoff O V E R V I E W While vulnerability assessment tools are widely believed to be very mature and approaching commodity status, they are

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

More information

Digital Marketing Manager, Marketing Manager, Agency Owner. Bachelors in Marketing, Advertising, Communications, or equivalent experience

Digital Marketing Manager, Marketing Manager, Agency Owner. Bachelors in Marketing, Advertising, Communications, or equivalent experience Persona name Amanda Industry, geographic or other segments B2B Roles Digital Marketing Manager, Marketing Manager, Agency Owner Reports to VP Marketing or Agency Owner Education Bachelors in Marketing,

More information

Selecting Your Wordpress Theme

Selecting Your Wordpress Theme Selecting Your Wordpress Theme Wordpress uses templates, otherwise known as Themes to define the look, feel, and functionality of a blog. The Theme you choose is not only the face you present to the world

More information

Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO

Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO tom.stiehm@coveros.com 1 About Coveros Coveros helps organizations accelerate the delivery of business value through

More information

Is Your Web Application Really Secure? Ken Graf, Watchfire

Is Your Web Application Really Secure? Ken Graf, Watchfire Is Your Web Application Really Secure? Ken Graf, Watchfire What we will discuss today Pressures on the application lifecycle Why application security defects matter How to create hacker resistant business

More information

CYBERSECURITY PENETRATION TESTING - INTRODUCTION

CYBERSECURITY PENETRATION TESTING - INTRODUCTION CYBERSECURITY PENETRATION TESTING - INTRODUCTION Introduction Pen-testing 101 University Focus Our Environment Openness and learning Sharing and collaboration Leads to Security Weaknesses What is Penetration

More information

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

How Security Policy Orchestration Extends to Hybrid Cloud Platforms How Security Policy Orchestration Extends to Hybrid Cloud Platforms Reducing complexity also improves visibility when managing multi vendor, multi technology heterogeneous IT environments www.tufin.com

More information

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS Building digital trust and cyber security resilience is no longer just an IT issue, it s a business mandate. Fusion brings a simplified approach to our client

More information

Symantec Security Monitoring Services

Symantec Security Monitoring Services 24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts

More information

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.

More information

WebSphere Portal development teams on Web 2.0 technologies. Hear how IBM has

WebSphere Portal development teams on Web 2.0 technologies. Hear how IBM has What is Web 2.0? Series: Web 2.0 for Lotus, WebSphere Portal and You Listen to Pete Janzen from IBM Lotus interview various experts from the Lotus and WebSphere Portal development teams on Web 2.0 technologies.

More information

Transcript: A Day in the Life of a K12 Seventh Grade Teacher

Transcript: A Day in the Life of a K12 Seventh Grade Teacher Transcript: A Day in the Life of a K12 Seventh Grade Teacher Transcript (Video) Transcript (Video with Audio Description) Transcript (Audio Description) Transcript (Video) 00:00:00.000 MUSIC 00:00:05.799

More information

SEO For Security Guard Companies

SEO For Security Guard Companies startasecuritycompany.com SEO For Security Guard Companies How We Built Two Multi-Million Dollar Security Companies Using Search Engine Optimization Contents 1. Thanks For Downloading! Congratulations!

More information

MITOCW ocw f99-lec07_300k

MITOCW ocw f99-lec07_300k MITOCW ocw-18.06-f99-lec07_300k OK, here's linear algebra lecture seven. I've been talking about vector spaces and specially the null space of a matrix and the column space of a matrix. What's in those

More information

MITOCW MIT6_01SC_rec2_300k.mp4

MITOCW MIT6_01SC_rec2_300k.mp4 MITOCW MIT6_01SC_rec2_300k.mp4 KENDRA PUGH: Hi. I'd like to talk to you today about inheritance as a fundamental concept in object oriented programming, its use in Python, and also tips and tricks for

More information

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation

More information

Securing a Dynamic Infrastructure. IT Virtualization new challenges

Securing a Dynamic Infrastructure. IT Virtualization new challenges Christian Fahlke GMT Channel Leader Internet Security Systems IBM Central & Eastern Europe, Middle East and Africa (CEEMEA) May 20th, 2009 Securing a Dynamic Infrastructure IT Virtualization new challenges

More information

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection White Paper Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection Table of Contents Introduction....3 Positive versus Negative Application Security....3 Continuous Audit and Assessment

More information

Comprehensive Database Security

Comprehensive Database Security Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

New Zealand Government IBM Infrastructure as a Service

New Zealand Government IBM Infrastructure as a Service New Zealand Government IBM Infrastructure as a Service A world class agile cloud infrastructure designed to provide quick access to a security-rich, enterprise-class virtual server environment. 2 New Zealand

More information

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN Improving Data Governance in Your Organization Faire Co Regional Manger, Information Management Software, ASEAN Topics The Innovation Imperative and Innovating with Information What Is Data Governance?

More information

Q&A Session for Connect with Remedy - CMDB Best Practices Coffee Break

Q&A Session for Connect with Remedy - CMDB Best Practices Coffee Break Q&A Session for Connect with Remedy - CMDB Best Practices Coffee Break Date: Thursday, March 05, 2015 Q: When going to Asset Management Console and making an update on there, does that go to a sandbox

More information

9 th CA 2E/CA Plex Worldwide Developer Conference 1

9 th CA 2E/CA Plex Worldwide Developer Conference 1 1 Introduction/Welcome Message Organizations that are making major changes to or replatforming an application need to dedicate considerable resources ot the QA effort. In this session we will show best

More information

White Paper. How to Write an MSSP RFP

White Paper. How to Write an MSSP RFP White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current

More information

Introduction... 1 Part I: How ITIL Can Help You... 7

Introduction... 1 Part I: How ITIL Can Help You... 7 Contents at a Glance Introduction... 1 Part I: How ITIL Can Help You... 7 Chapter 1: Managing IT Services: Welcome to the World of ITIL...9 Chapter 2: Using the Building Blocks of ITIL...19 Chapter 3:

More information

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary

More information

Professional Services for Cloud Management Solutions

Professional Services for Cloud Management Solutions Professional Services for Cloud Management Solutions Accelerating Your Cloud Management Capabilities CEOs need people both internal staff and thirdparty providers who can help them think through their

More information

Dell helps you simplify IT

Dell helps you simplify IT Dell helps you simplify IT Workshops the first step. Reduce desktop and data center complexity. Improve productivity. Innovate. Dell IT Consulting Services New Edition 2011 Introduction Are you spending

More information

Ruby on Rails Welcome. Using the exercise files

Ruby on Rails Welcome. Using the exercise files Ruby on Rails Welcome Welcome to Ruby on Rails Essential Training. In this course, we're going to learn the popular open source web development framework. We will walk through each part of the framework,

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

Metrics That Matter:

Metrics That Matter: Metrics That Matter: Quantifying Software Security Risk Abstract: Any endeavor worth pursuing is worth measuring, but software security presents new measurement challenges: There are no established formulas

More information

to Enhance Your Cyber Security Needs

to Enhance Your Cyber Security Needs Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything

More information

Cybersecurity. Securely enabling transformation and change

Cybersecurity. Securely enabling transformation and change Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why

More information

MITOCW ocw f99-lec12_300k

MITOCW ocw f99-lec12_300k MITOCW ocw-18.06-f99-lec12_300k This is lecture twelve. OK. We've reached twelve lectures. And this one is more than the others about applications of linear algebra. And I'll confess. When I'm giving you

More information

NEXT GENERATION SECURITY OPERATIONS CENTER

NEXT GENERATION SECURITY OPERATIONS CENTER DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting

More information

An Aflac Case Study: Moving a Security Program from Defense to Offense

An Aflac Case Study: Moving a Security Program from Defense to Offense SESSION ID: TTA-F02 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global Chief Security Officer Aflac Threat Landscape Security risks are growing at a faster

More information

How To Make 3-50 Times The Profits From Your Traffic

How To Make 3-50 Times The Profits From Your Traffic 1 How To Make 3-50 Times The Profits From Your Traffic by Chris Munch of Munchweb.com Copyright Munchweb.com. All Right Reserved. This work cannot be copied, re-published, or re-distributed. No re-sell

More information

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013 Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security

More information

BBC Learning English 6 Minute English Work s

BBC Learning English 6 Minute English Work  s BBC Learning English 6 Minute English Work Emails NB: This is not a word for word transcript Hello and welcome to 6 Minute English from BBC Learning English. I'm Michelle. And I'm Neil. Thanks for joining

More information

About Us. Services CONSULTING OUTSOURCING TRAINING MENTORING STAFF AUGMENTATION 9/9/2016

About Us. Services CONSULTING OUTSOURCING TRAINING MENTORING STAFF AUGMENTATION 9/9/2016 About Us Incorporated in January, 2003 QA and QC in expertise focused on functional, performance and application security validation HPE Software Gold Partner, HPE Authorized Software Support Partner &

More information