Weaving Security into Every Application
|
|
- Sandra Green
- 5 years ago
- Views:
Transcription
1 Weaving Security into Every Application Paul Fox AVP Technology AT&T 2018 TM Forum 1
2 Cyber Security Accelerating Threat Telecom Breaches 300,000 Number of complaints filed with the FBI Internet Crime Complaint Center in 2017 Sales $1.4 Billion Reported losses resulting from those complaints in % Telecom companies with 10,000+ employees said they d seen attempted breaches increase in the past year.* 81% said they expect attacks to increase in the coming year.* Source: * TM Forum 2
3 Is your company currently pivoting to DevSecOps? A. I don t know what DSO is B. We are exploring this change C. We plan to implement DSO D. We have implemented DSO Attn AV Team: Play 10 second Audio 2018 TM Forum 3
4 Evolution to DevSecOps Wanting Flexibility Wanting Change Wanting Stability Wanting Security Customers Development Operations Security Create flexibility Improve time to market Create effective change Add/Modify features Create stability Enhance Services Create security Protect customers Protect enterprise Agile Development DevOps DevSecOps Fixes this Fixes this Fixes this 2018 TM Forum 4
5 What is DevSecOps? DevSecOps (DSO) embeds security in the product lifecycle, integrating security through requirements, design, development, test & operations for software delivery. DSO involves the inclusion of threat modeling, risk assessment, automation & analytics. One Team Culture DevOps Breaking down traditional silos, consideration of other roles, common success measures, shift left DevSecOps Security added as part of one team, shift left of Ops team becomes more important with security as a nonfunctional requirement Product Focus Focus on life of software & end to end product knowledge versus project Security becomes key attribute to producing a quality product for our customer; Reduced code complexity Faster Delivery More frequent deployments, automate wherever possible, reduce waste & leverage platforms Model what the top 5% are doing & use data powered insights DevOps promotes Non-functional Requirements upfront & throughout each iteration (along with functional requirements). Security is a non-functional requirement & becomes everyone s responsibility! DATA INSIGHTS TURN ART INTO SCIENCE DATA FUELS AUTOMATIO N Insightful Decisions around software enablement & platform usage Higher Logic Work - benchmark the best teams Reduction of Repetitive Tasks to increase time spent on innovation 2018 TM Forum 5
6 What is your biggest security concern today? [Word Cloud 1] Attn AV Team: Play 10 second Audio 2018 TM Forum 6
7 Why Move to DevSecOps? More agile More reliable Win in the marketplace Sales 46x more frequent deployments* 2x speed in fixing vulnerabilities over dynamic analysis in production** 98% of 300 surveyed companies said they have or plan to integrate DevSecOps 440x faster lead times than their peers* 170x faster mean time to recover* 80% of rapid development teams will embed DevSecOps by 2021 Source: Gartner + *Accelerate (2018) by Nicole Forsgren, PHD; Jez Humble and Gene Kim ** TM Forum 7
8 Pivoting to Security Missed Opportunities for Software Scanning Prior to DevSecOps Under utilization of current tools Scan analysis centralized & manual Many developers ignore scan results Partial static and dynamic scanning Run cycles are long Key Ideas Design Threat Modeling Near-Realtime Static Testing Pre-Prod Dynamic Testing Increased Penetration Testing War games (Red/Blue) ACTION: Security Scanning now happens throughout Continuous Integration & Delivery PMO: Design FMO: Develop Code Test Production Scan Integrate through requirements, design, development, test & operations for software delivery 2018 TM Forum 8
9 DevSecOps Security Methods & Application METHODS : Static Dynamic Penetration Threat Modeling WHAT IT IS & HOW WE USE IT: Static app security testing (SAST) inspects the source code of an app for hardcoded passwords, IP addresses, etc. SAST provides a list of critical findings with ample detail to immediately mitigate vulnerabilities Dynamic application security testing (DAST) tests an application or software product in an operating state. This kind of testing is helpful for industry-standard compliance & general security protections for evolving projects. DAST can identify code issues and top vulnerabilities such as Cross-Site Scripting Penetration testing (pen testing) uses attack methodologies on your own IT systems to identify security gaps. Pen Testing helps discover loopholes in the system such as, ID-Enumeration Vulnerability Threat Modeling is a process by which potential threats can be identified by assessing application design. Threat Modeling allows for risks to be assessed, prioritized & mitigated. Risk Assessment Upon completion of threat modeling, Risk Assessment conducts a holistic analysis of the risks that impact the overall business. Risk Assessment provides analysis to minimize the loss or damage to the company through numerical risk assessment, diagrammatic vulnerability points & strategic operational risk lists TM Forum 9
10 How many security tools do you use in the development process? [Word Cloud 2] Attn AV Team: Play 10 second Audio 2018 TM Forum 10
11 DevSecOps using a CI/CD Pipeline Any synchronous and asynchronous activity can be integrated CI/CD Pipeline: Code Repository CI BUILD CD DEV DEPLOY CD TEST DEPLOY UAT CD PROD DEPLOY IDE Code Quality Pen Testing Non-Invasive Pen Testing Code Complexity Scan Dynamic App Security Testing Static Application Security Testing = Synchronous activity = Asynchronous activity = Security tooling = Code quality tooling = Optional Gate Approval The CI/CD Pipeline can orchestrate activities implemented by commercial or open source tooling TM Forum 11
12 Code Complexity Scan Measuring coding effort via Code Complexity Metrics(CCM)? Code Complexity is an internal benchmark of the quality and maintainability of source code measuring against multiple static source code metrics. Evaluating Lines of Code is not enough Coders must produce maintainable code without technical debt Benefits Ability to pinpoint skill & training gaps & to develop a stronger delivery team with higher quality & lower cost Increase accountability across dev teams with our vendors & partner with them to build more productive teams Speed metrics can be utilized to improve productivity & in time, improve our ability to estimate project efforts 2018 TM Forum 12
13 DevSecOps Mission Statement Move to a unified, automated CI/CD platform by utilizing industry leading technologies that produce higher quality code, faster delivery, decreased cost, and increased security TM Forum 13
Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018
Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new
More informationI keep hearing about DevOps What is it?
DevOps & OpenShift I keep hearing about DevOps What is it? FOR MANY ORGANIZATIONS, WHAT IS I.T. LIKE TODAY? WATERFALL AND SILOS Application Version X DEVELOPMENT OPERATIONS IT OPS IS UNDER PRESSURE ENVIRONMENT
More informationDevOps A How To for Agility with Security
DevOps A How To for Agility with Security Murray Goldschmidt, COO Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne
More informationSuman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017
Suman Sourav Director DevSecOps, Vantage Point Security OWASP Indonesia Day 2017 About me Certified Secure Software Lifecycle Professional (CSSLP) 12+ Years of Experience in Software Security Co-Founder
More informationTest Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions
Test Automation Strategies in Continuous Delivery Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions The world of application is going through a monumental shift.. Evolving
More informationTHE THREE WAYS OF SECURITY. Jeff Williams Co-founder and CTO Contrast Security
THE THREE WAYS OF SECURITY Jeff Williams Co-founder and CTO Contrast Security 1. TODAY S AVERAGE APPLICATION IS A SECURITY DISASTER 2. SOFTWARE IS LEAVING SECURITY IN THE DUST SOFTWARE Typical enterprise
More informationSecure DevOps: A Puma s Tail
Secure DevOps: A Puma s Tail SANS Secure DevOps Summit Tuesday, October 10th 2017 Eric Johnson (@emjohn20) Eric Johnson, CISSP, GSSP, GWAPT Cypress Data Defense Principal Security Consultant Static code
More informationApplication Security at Scale
Jake Marcinko Standards Manager, PCI Security Standards Council Jeff Williams CTO, Contrast Security Application Security at Scale AppSec at Scale Delivering Timely Security Solutions / Services to Meet
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationAppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationCOMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY
COMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Published January, 2018 : BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Speed is nothing without control.
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationDevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1
DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1 Agenda State of DevOps Value of DevOps Benefitting from DevOps DevSecOps What you can do as InfoSec 2 The State of DevOps - 2017 Automation is
More informationEnterprises Look to Open Source to Navigate the IT Modernization Journey
Enterprises Look to Open Source to Navigate the IT Modernization Journey An IDC InfoBrief, Sponsored by Red Hat January 2018 Sponsored by Red Hat Page 1 Enterprise Applications are at a Tipping Point Moving
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationSecurity as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS
Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation
More informationThe Divine and Felonious Nature of Cyber Security
The Divine and Felonious Nature of Cyber Security ( Introduction to DevSecOps ) John Willis @botchagalupe https://github.com/botchagalupe/my-presentations The Felonious Nature of Cyber Security Infecting
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationAutomation, DevOps, and the Demands of a Multicloud World in the Telecommunications Industry
Automation, DevOps, and the Demands of a Multicloud World in the Telecommunications Industry An IDC InfoBrief, Sponsored by Red Hat March 2018 Sponsored by Red Hat Page 1 Methodology In September, 2017
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationOvercoming the Challenges of Automating Security in a DevOps Environment
SESSION ID: LAB-W02 Overcoming the Challenges of Automating Security in a DevOps Environment Murray Goldschmidt Chief Operating Officer Sense of Security @ITsecurityAU Michael McKinnon Director, Commercial
More informationTHE EMERGING PRODUCT SECURITY LEADER DISCIPLINE
SESSION ID: DEV-F02 THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE Matt Clapham Principal Product Security Leader GE Digital (Healthcare) @ProdSec Agenda What is product security What is a product security
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationTHE FOUR PILLARS OF MODERN VULNERABILITY MANAGEMENT
WHITEPAPER THE FOUR PILLARS OF MODERN VULNERABILITY MANAGEMENT A comprehensive approach to reducing vulnerabilities across your ecosystem TABLE OF CONTENTS INTRODUCTION PAGE 3 1 2 3 4 ENHANCING NETWORK
More informationDevOps Agility Demands Advanced Management and Automation
DevOps Agility Demands Advanced Management and Automation An IDC InfoBrief, Sponsored by Red Hat December 2017 Sponsored by Red Hat Page 1 Methodology In September, 2017 IDC conducted a global study to
More informationExperience Security, Risk, and Governance
Experience Security, Risk, and Governance Agenda and recommended event path 26 28 March Vienna, Austria Contents 3 Welcome 4 Overview 5 Evening Programs 6 Sessions at-a-glance 11 Digital Transformation
More informationGain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services
Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs
More informationAUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs
AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs WITH PALO ALTO NETWORKS AND REAN CLOUD 1 INTRODUCTION EXECUTIVE SUMMARY Organizations looking to provide developers with a free-range development environment
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationQuality Engineering in DevOps world a Strategic Enabler
www.cigniti.com Unsolicited Distribution is Restricted. Copyright 2015-16, Cigniti Technologies Quality Engineering in DevOps world a Strategic Enabler » Analyst Speak» DevOps in a nutshell» DevOps vs
More informationDevOps and Continuous Delivery USE CASE
DevOps and Continuous Delivery USE CASE CliQr DevOps and Continuous Delivery Page 2 DevOps and Continuous Delivery In the digital economy, increasing application velocity is key to success. In order to
More informationA DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND Chris Van Tuin Chief Technologist, West cvantuin@redhat.com THE NEED FOR SPEED THE ACCELERATION OF APPLICATION DELIVERY FOR THE BUSINESS In short, software is eating the world. -
More informationMarc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute
HOST EXPERT PANEL Shashi Kiran CMO Quali Marc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute Pascal Joly Director, Technology Partnerships
More informationDefensible and Beyond
TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017 Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial
More informationStrengthen and Scale security using DevSecOps
OWASP Indonesia Meetup Strengthen and Scale security using DevSecOps $ www.teachera.io!"# @secfigo % secfigo@gmail.com # whoami Author, Speaker and Community Leader. Speaker/Trainer at Blackhat, AppSec EU,
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationCloud Connections SEE Partner Summit Janos Strausz Product Sales Specialist, DC
Cloud Connections SEE Partner Summit 2015 Janos Strausz Product Sales Specialist, DC 75% of Businesses To be Digital in 5 years 1 81% 80% 81% 80% Mobile Technologies Mobile for Technologies Customer for
More informationThe Four Pillars of Modern Vulnerability Management
WHITEPAPER The Four Pillars of Modern Vulnerability Management A comprehensive approach to reducing vulnerabilities across your ecosystem TABLE OF CONTENTS Introduction 3 Enhancing Network Vulnerability
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationClosing the Hybrid Cloud Security Gap with Cavirin
Enterprise Strategy Group Getting to the bigger truth. Solution Showcase Closing the Hybrid Cloud Security Gap with Cavirin Date: June 2018 Author: Doug Cahill, Senior Analyst Abstract: Most organizations
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationBackground FAST FACTS
Background Terra Verde was founded in 2008 by cyber security, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance
More informationHOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE
#RSAC SESSION ID: SPO3-T07 HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE Tom Corn Senior Vice President/GM Security Products VMware @therealtomcorn
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationTHE MAIN APPLICATION SECURITY TECHNOLOGIES TO ADOPT BY 2018
THE MAIN APPLICATION SECURITY TECHNOLOGIES TO ADOPT BY 2018 1 Application Security Continues to Evolve This September, consumer credit reporting agency Equifax reported a security breach that occurred
More informationAmir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus
Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus amirz@redhat.com TODAY'S IT CHALLENGES IT is under tremendous pressure from the organization to enable growth Need to accelerate,
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationHPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017
HPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017 Brought to you by the Vivit Business Intelligence Special Interest Group led by Oded Tankus Hosted By Oded Tankus Project Manager
More information2018 Report The State of Securing Cloud Workloads
2018 Report The State of Securing Cloud Workloads 1 Welcome to our 2018 report on the state of securing cloud workloads A summary of the responses of close to 350 professionals whose primary areas of responsibility
More informationCAPABILITY. Managed testing services. Strong test managers experienced in working with business and technology stakeholders
TESTING SERVICES 1 CAPABILITY Innovative use of open source tools helping early and frequent and reducing license costs Test strategy Managed services Test management Functional Strong test managers experienced
More informationTripwire State of Cyber Hygiene Report
RESEARCH Tripwire State of Cyber Hygiene Report August 2018 FOUNDATIONAL CONTROLS FOR SECURITY, COMPLIANCE & IT OPERATIONS When a high-profile cyberattack grabs the headlines, your first instinct may be
More informationVulnerability Management
Vulnerability Management Modern Vulnerability Management The IT landscape today is changing and because of that, vulnerability management needs to change too. IT environments today are filled with both
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationCognizant Cloud Security Solution
CLOUD SECURITY OVERVIEW Cognizant Cloud Security Solution Transform your security operation to protect your business across public and hybrid cloud environments. December 2017 The advantages of moving
More informationCyber Threat Intelligence Debbie Janeczek May 24, 2017
Cyber Threat Intelligence Debbie Janeczek May 24, 2017 AGENDA Today s Cybersecurity Challenges What is Threat Intelligence? Data, Information, Intelligence Strategic, Operational and Tactical Threat Intelligence
More informationAGILE AND CONTINUOUS THREAT MODELS
SESSION ID: DEV-R04 AGILE AND CONTINUOUS THREAT MODELS Nancy Davoust Vice President, Security Architecture and Technology Solutions Comcast CONTEXT FOR AGILE AND CONTINUOUS THREAT MODELING The Landscape
More informationBuilding an Effective Cloud Operating Model on AWS
Building an Effective Cloud Operating Model on AWS Jeff Armstrong (Cloud Architect, Cloudreach) 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introductions Cloud Operating Model
More informationA Methodology to Build Lasting, Intelligent Cybersecurity Programs
EBOOK Risk-Centric Cybersecurity Management : A Methodology to Build Lasting, Intelligent Cybersecurity Programs A Brinqa ebook Think InfoSec is ready to keep your enterprise secure through the next transformative
More informationDay One Success for DevSecOps and Automation on Azure
Day One Success for DevSecOps and Automation on Azure Chris Jeffrey Senior Cloud Architect Microsoft Azure Cloud Technology Partners, A Hewlett Packard Enterprise Company Twitter: @chrisjeffrey_uk What
More informationHardening the Cloud: Assuring Agile Security in High-Growth Environments (Moving from span ports to virtual appliances)
SESSION ID: CSV-F01 Hardening the Cloud: Assuring Agile Security in High-Growth Environments (Moving from span ports to virtual appliances) Aaron McKeown Lead Security Architect Xero Fast or Secure Fast
More informationThe ADC Guide to Managing Hybrid (IT and DevOps) Application Delivery
The ADC Guide to Managing Hybrid (IT and DevOps) Application Delivery Digital Transformation Is Changing the Way that Applications Are Managed and Delivered To meet the growing challenges of a competitive
More informationA DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND Chris Van Tuin Chief Technologist, West cvantuin@redhat.com In short, software is eating the world. - Marc Andreessen, Wall Street Journal, August 2011 UBER, LYFT FALLOUT: TAXI
More informationGoing cloud-native with Kubernetes and Pivotal
Going cloud-native with Kubernetes and Pivotal A guide to Pivotal Container Service (PKS) by role Fast, low-risk enterprise-grade Kubernetes has arrived With Pivotal Container Service (PKS), organizations
More informationWill your application be secure enough when Robots produce code for you?
SESSION ID: ASD-W02 Will your application be secure enough when Robots produce code for you? Hasan Yasar Technical Manager, Faculty Member SEI CMU @securelifecycle With the speed of DevOps It is me! I
More informationThat Set the Foundation for the Private Cloud
for Choosing Virtualization Solutions That Set the Foundation for the Private Cloud solutions from work together to harmoniously manage physical and virtual environments, enabling the use of multiple hypervisors
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationHPE IT Operations Management (ITOM) Thought Leadership Series
haroldk@theedison.com 89 Fifth Avenue, 7th Floor New York, NY 10003 www.theedison.com HPE IT Operations Management (ITOM) Thought Leadership Series Supporting Transformation from Traditional IT to a Digital
More informationConverged Security - Protect your Digital Enterprise May 24, Copyright 2016 Vivit Worldwide
Converged Security - Protect your Digital Enterprise May 24, 2016 Copyright 2016 Vivit Worldwide Brought to you by Copyright 2016 Vivit Worldwide Hosted By Richard Bishop Vivit Board United Kingdom Chapter
More informationDigital Renewable Ecosystem on Predix Platform from GE Renewable Energy
Digital Renewable Ecosystem on Predix Platform from GE Renewable Energy Business Challenges Investment in the Industrial Internet of Things (IIoT) is expected to top $60 trillion during the next 15 years.
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationRobots with Pentest Recipes:
Robots with Pentest Recipes: Democratizing Security Testing for DevOps Wins Abhay Bhargav - CTO, we45 Yours Truly Co-author of Secure Java For Web Application Development Author of PCI Compliance: A Definitive
More informationAzure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region
Azure DevOps Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region What is DevOps? People. Process. Products. Build & Test Deploy DevOps is the union of people, process, and products to
More informationDemystifying GRC. Abstract
White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over
More informationEvolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha
Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationMitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment
Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security
More informationHow to Build an Appium Continuous Testing Pipeline
How to Build an Appium Continuous Testing Pipeline Step-by-Step Tutorial November, 2017 Today s speakers Guy Arieli, CTO, Experitest Ruth Zamir Marketing Director Experitest 01 Why do we need continuous
More informationTHE STATE OF IT TRANSFORMATION FOR RETAIL
THE STATE OF IT TRANSFORMATION FOR RETAIL An Analysis by Dell EMC and VMware Dell EMC and VMware are helping IT groups at retail organizations transform to business-focused service providers. The State
More informationCREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud
CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud Ted Brunell Principal Solution Architect, DoD Programs tbrunell@redhat.com @DoDCloudGuy AGENDA Overview of Current Security
More informationElizabeth Lawler CEO & Co-Founder Conjur,
SESSION ID: ASD-W02 Is DevOps Breaking Your Company? Elizabeth Lawler CEO & Co-Founder Conjur, Inc. @elizabethlawler Agenda I. Security + DevOps Overview Unstoppable Force vs Immovable Object Aligning
More informationMaking hybrid IT simple with Capgemini and Microsoft Azure Stack
Making hybrid IT simple with Capgemini and Microsoft Azure Stack The significant evolution of cloud computing in the last few years has encouraged IT leaders to rethink their enterprise cloud strategy.
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationQualys Cloud Platform
18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform
More informationIT Consulting and Implementation Services
PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from
More informationQualys Cloud Platform
Qualys Cloud Platform Our Journey into the Cloud: The Qualys Cloud Platform & Architecture Thomas Wendt Regional Manager Post-Sales, DACH, Qualys Inc. Digital Transformation More than just adopting new
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationAutomating Security Practices for the DevOps Revolution
Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More information