ITSPmagazine
Application Security in an Open Source World
Watch now
Kunal Anand, Prevoty | Rob McCurdy, MSU | Nate Smolenski, New York Life | Andy Wickersham, Fortune 100 | Sean Martin, ITSP
Thanks for your interest in our webcast where we will be discussing how to secure applications that rely on third-party and open source software.
Aside from the data they collect, create, and store, applications can oftentimes be an organization's greatest digital asset. Building custom applications to match the customer and market demands mapped to revenue objectives and available resources can be tremendously rewarding, but also a potentially-huge undertaking.
Ultimately, time to market is always a factor ... a requirement that almost always wins out over security. One way to tackle the time and effort to deliver more quickly is to leverage third party and open source components. But, do these elements save you in the long run - or do they introduce more risk in the form of potential vulnerabilities that are either not easily uncovered (at best) or not easily patched (if patchable at all)?
To answer these questions and more, we've pulled together a group of experts that deal with these challenges on a daily basis. During their conversation, webinar attendees will learn:
- What the value of open source software (OSS) is
- What are some common cases where open source software is utilized in today's applications
- What are the security risks and pitfalls when using OSS
- A view into a few case studies for companies that have fallen victim to the risks of using OSS
- How have companies identified and mitigated the risks associates with the OSS component, Struts
- How to tune the secure software development lifecycle (SSDLC) to account for the use of open source software
Remember, when you register for this expert webcast you will also receive a download link for a new white paper titled "Application Security in an Open Source World."
Your Moderator:
Sean Martin, Editor-in-Chief, ITSPmagazine
Expert Panelists:
Kunal Anand, Co-Founder and CTO, Prevoty
Rob McCurdy, CIO, MSU
Nate Smolenski, CVP, New York Life
Andy Wickersham, AppSec Leader, Fortune 100 Co.
Read more >
Aside from the data they collect, create, and store, applications can oftentimes be an organization's greatest digital asset. Building custom applications to match the customer and market demands mapped to revenue objectives and available resources can be tremendously rewarding, but also a potentially-huge undertaking.
Ultimately, time to market is always a factor ... a requirement that almost always wins out over security. One way to tackle the time and effort to deliver more quickly is to leverage third party and open source components. But, do these elements save you in the long run - or do they introduce more risk in the form of potential vulnerabilities that are either not easily uncovered (at best) or not easily patched (if patchable at all)?
To answer these questions and more, we've pulled together a group of experts that deal with these challenges on a daily basis. During their conversation, webinar attendees will learn:
- What the value of open source software (OSS) is
- What are some common cases where open source software is utilized in today's applications
- What are the security risks and pitfalls when using OSS
- A view into a few case studies for companies that have fallen victim to the risks of using OSS
- How have companies identified and mitigated the risks associates with the OSS component, Struts
- How to tune the secure software development lifecycle (SSDLC) to account for the use of open source software
Remember, when you register for this expert webcast you will also receive a download link for a new white paper titled "Application Security in an Open Source World."
Your Moderator:
Sean Martin, Editor-in-Chief, ITSPmagazine
Expert Panelists:
Kunal Anand, Co-Founder and CTO, Prevoty
Rob McCurdy, CIO, MSU
Nate Smolenski, CVP, New York Life
Andy Wickersham, AppSec Leader, Fortune 100 Co.
Oct 4 2017
63 mins
- Date
- Rating
- Views
-
Application Security in an Open Source World Kunal Anand, Prevoty | Rob McCurdy, MSU | Nate Smolenski, New York Life | Andy Wickersham, Fortune 100 | Sean Martin, ITSP Recorded: Oct 4 2017 63 mins
Thanks for your interest in our webcast where we will be discussing how to secure applications that rely on third-party and open source software.
Aside from the data they collect, create, and store, applications can oftentimes be an organization's greatest digital asset. Building custom applications to match the customer and market demands mapped to revenue objectives and available resources can be tremendously rewarding, but also a potentially-huge undertaking.
Ultimately, time to market is always a factor ... a requirement that almost always wins out over security. One way to tackle the time and effort to deliver more quickly is to leverage third party and open source components. But, do these elements save you in the long run - or do they introduce more risk in the form of potential vulnerabilities that are either not easily uncovered (at best) or not easily patched (if patchable at all)?
To answer these questions and more, we've pulled together a group of experts that deal with these challenges on a daily basis. During their conversation, webinar attendees will learn:
- What the value of open source software (OSS) is
- What are some common cases where open source software is utilized in today's applications
- What are the security risks and pitfalls when using OSS
- A view into a few case studies for companies that have fallen victim to the risks of using OSS
- How have companies identified and mitigated the risks associates with the OSS component, Struts
- How to tune the secure software development lifecycle (SSDLC) to account for the use of open source software
Remember, when you register for this expert webcast you will also receive a download link for a new white paper titled "Application Security in an Open Source World."
Your Moderator:
Sean Martin, Editor-in-Chief, ITSPmagazine
Expert Panelists:
Kunal Anand, Co-Founder and CTO, Prevoty
Rob McCurdy, CIO, MSU
Nate Smolenski, CVP, New York Life
Andy Wickersham, AppSec Leader, Fortune 100 Co.- BrightTALK
-
Beyond the Equifax Breach - Lessons and Actions to Take Dr. Chris Pierson (Viewpost), Sarah Squire (Engage Identity), Debra Farber (The Privacy Pact), Dr. Ravi Rajamiyer (Cavirin) Recorded: Sep 22 2017 64 mins
The recent Equifax data breach, which may have jeopardized the personal information of 143 million U.S. consumers, will likely haunt us for years to come.
Join this interactive panel with experts from the cyber security, identity and privacy space to learn more about:
- What we know occurred or is likely to have occurred
- Data Breach Timeline - too slow or too fast
- External communications - how has the breach been handled and communicated
- Internal Actions - security remediation, work with law enforcement, root cause, incident response
- External forces - lawsuits, media scrutiny, and customer communications
Speakers:
- Dr. Christopher Pierson, CSO, Viewpost
- Sarah Squire, Founder and Principal Consultant, Engage Identity
- Dr. Ravi Rajamiyer, VP of Engineering, Cavirin
- Debra J. Farber Executive Privacy & Security Consultant, Cranium USA & Host of "The Privacy Pact," ITSPmagazine- BrightTALK
-
GDPR Impact on Small- and Medium-Sized Businesses (Part 3 of 3) Moderator: Sean Martin, ITSPmagazine | Panelists: Eoin Keary, Edgescan | Phil Lee, Fieldfisher | Chris Hurst, BT Recorded: Sep 13 2017 64 mins
Is your company based in the US and also operating in the EU? There are things you MUST learn about the Global Data Protection Regulation (GDPR). This law, which goes into effect May 25, 2018, will have an impact on your business. This expert webinar will help you prepare for what's ahead.
Here are some topics we will be exploring:
- Why small and medium are required to meet GDPR just like big companies.
- What can small- and medium-sized companies do to reduce their exposure?
- Why is this a good thing for companies to adhere to in the long run?
- What can mid-market companies do to streamline the process?
- What is the role of outsourced services in this? What are they?
- What areas of waste might exist that can be eliminated?
Moderator:
Sean Martin, ITSPmagazine
Panelists:
Eoin Keary, CEO, Edgescan
Phil Lee, CIPP/E, Partner, Fieldfisher
Chris Hurst, Virtual CISO, British Telecom- BrightTALK
-
Recommended Steps to Reach GDPR Compliance (Part 2 of 3) Sean Martin, ITSPmagazine | Kurt Hagerman, Armor | Mark Webber, Fieldfisher | Demetrios Lazarikos (Laz) | BlueLava Recorded: Aug 29 2017 62 mins
Is your company based in the US and also operating in the EU? There are things you MUST learn about the Global Data Protection Regulation (GDPR). This law, which goes into effect May 25, 2018, will have an impact on your business. This expert webinar will help you prepare for what's ahead.
Here are some topics we will be exploring:
- GDPR program ownership - Is a DPO necessary?
- What a risk-based regulation means to the business.
- How to manage risk and reduce exposure.
- Policy definition and control implementation requirements.
- When something goes wrong, who do you bow down to? The EU or the US?
Moderator:
Sean Martin, Editor in Chief, ITSPmagazine
Panelists:
Kurt Hagerman, Chief Information Security Officer, Armor
Mark Webber, US Managing Partner & Registered Foreign Legal Consultant, Fieldfisher
Demetrios Lazarikos (Laz), InfoSec Thought Leader, BlueLava- BrightTALK
-
How to Operate a GDPR-Compliant Business in the EU (Part 1 of 3) Sean Martin, ITSPmagazine | Rob Clyde, ISACA | Fred Kost, HyTrust | Cody Wamsley, McDonald Hopkins Recorded: Aug 17 2017 62 mins
Is your company based in the US and also operating in the EU? There are things you MUST learn about the Global Data Protection Regulation (GDPR). This law, which goes into effect May 25, 2018, will have an impact on your business. This expert webinar will help you prepare for what's ahead.
The requirements that GDPR places on organizations are wide-ranging and will impact everything from the people in the organization, to the processes and policies guiding the organization, straight through to the technology running the business. But before you can even begin to address the GDPR you need to be able to control your data. The first step in this process is knowing precisely what data you have and putting processes and tools in place to help you expose the data you don’t know you have.
The experts on this panel will discuss and explore the following points:
- What is the Global Data Protection Regulation?
- Who does it impact and why?
- What do organizations need to be aware of as they approach their compliance program?
- What are some of the common misconceptions organizations have?
- What things are often forgotten when organizations put together their compliance program?
Moderator
Sean Martin, ITSPmagazine
Panelists
Rob Clyde, Vice Chair of the Board of Directors, ISACA
Fred Kost, SVP Marketing, HyTrust
Cody Wamsley, Data Privacy & Cybersecurity Attorney, McDonald Hopkins- BrightTALK
-
We Need a Trust and Transparency Model for The Internet of Things Sean Martin, ITSPmagazine | David Billeter and Naresh Persaud, CA Technologies | Mandeep Khera Recorded: Aug 16 2017 64 mins
Today, security on the Internet is dependent on the trust between participants on the network. This is challenging because trust involves more than humans in this case and there are over 8.7 Billion devices already online today. And, trust is about to become more involved because, according to a Cisco study, 99% of the things in the world today will be connected to the Internet in the near future which means we will need a new model for trust and digital identity to manage this massive scale of trust we will need.
In this ITSPmagazine webinar, a panel of subject matter experts will explore the challenges and solutions to building trust on the Internet of things, looking at what identity means in the world of mobile devices and other Internet-connected things. Remember, it's not just the user that has an identity...
Some of the topics planned for the discussion include:
- What are some of the devices we see being used in business?
- Why do devices need identities?
- What does device-to-user authentication look like?
- What does device-to-device authentication look like?
- What role do applications play in the IoT world?
- How can all of these identities and activities be managed and policies enforced at scale?
--------
Moderator
- Sean Martin, CISSP, Editor-in-Chief at ITSPmagazine
Expert Panelists
- David Billeter, CISO at CA Technologies
- Mandeep Khera, Information Security Thought Leader and Executive
- Naresh Persaud, Sr. Director Security, Product Marketing, CA Technologies- BrightTALK
-
It’s Time To Take Charge Of Our Digital Future Ariel Robinson, ITSPmagazine | Jay Beale, Inguardians | Jessy Irwin, Jessysaurusrex | Mzbat Recorded: Jul 26 2017 55 mins
- Broadcast LIVE from Las Vegas during Black Hat 2017 -
Disruptors and visionaries across the globe are pushing the boundaries of science and technology, economics and industry, healthcare, policy, communications, and governance. From these advances emerge new career paths, educational disciplines, and opportunities for creation and discovery.
But things don't always work the way we expect them to, and the consequences of disruption are impossible to predict. What is sacrificed for the sake of efficiency or convenience? Who gets to make that call? Whose fault is it when pre-teens get radicalized online, or health records get misused for unauthorized research? And whose job is it to prevent that from happening? Is prevention even possible?
Individuals, enterprises, and society writ large have the right and responsibility to proactively shape and secure the future, but our ability to do so is at risk. As technology continues to proliferate without being well understood, people who fall victim to its failure or misuse feel more and more disempowered to prevent future damage. This is The Tech Effect: the complacency driven by the complexity of the technology ecosystem, and a rejection of responsibility for individual and collective safety, security, and ethics.
It’s time to take charge of our digital future.
Join us for this lively conversation.
Moderator:
- Ariel Robinson, Editor & Host, The Tech Effect, ITSPmagazine
Panelists:
- Jay Beale, CTO & COO, InGuardians
- Jessy Irwin, Security Empress at Jessysaurusrex
- Mzbat- BrightTALK
-
Power To The People - Knowledge Is Power Debra Farber, ITSPmagazine | Chris Roberts, Acalvio | Dr. Christopher Pierson, Viewpost | Arun Vishwanath, SUNY Buffalo Recorded: Jul 26 2017 50 mins
- Broadcast LIVE from Las Vegas during Black Hat 2017 -
As a society, we continue to focus on the capabilities that new technological products and services bring to bear, leaving the security - or rather, the safety - conversation for a later date and time… if at all.
Why is this? Perhaps it’s because we don’t care. Or, perhaps it’s because we don’t understand how things work. Or, maybe it’s because we don’t know all the technical mumbo jumbo. Or, it could just be that we expect “someone else” to take care of it for us. For example, every car has a seat belt, right? We don’t have to ask for the car dealer to add seat belts for us and there really aren’t different types of seat belts available in the commercial car arena. Cars just come with seat belts - period. We expect them to be there - even if some people choose to not wear them.
Regardless of the reason(s) behind the lack of conversation surrounding cybersecurity, we should all be able to agree on one simple fact: we use these new gadgets and services completely unfettered - with little to no regard to the risks we face for our privacy and even our safety.
Attend this session to gain the initial knowledge necessary by:
- Learning to ask is this thing secure?
- Understanding how or why it is or isn’t safe to use.
- Identifying your role in your own cyber safety and that of those around you.
It’s time to open our eyes and become aware of our surroundings. Join us to become aware.
Moderator:
- Debra Farber, Host of The Privacy Pact, ITSPmagazine
Panelists:
- Chris Roberts, Chief Security Architect, Acalvio Technologies
- Dr. Christopher Pierson, CSO and General Counsel, Viewpost
- Arun Vishwanath, Associate Professor at SUNY Buffalo & Black Hat Presenter- BrightTALK
-
The Side Effects of the Internet of Things Chenxi Wang, ITSPmagazine | Ted Harrington, ISE | Gary Hayslip, Webroot | Mike Ahmadi, Synopsys Recorded: Jul 25 2017 43 mins
- Broadcast LIVE from Las Vegas during Black Hat 2017 -
Innovation is moving so fast. Each day there's a new device or technological service to hit the market designed to make our lives easier, more convenient, and perhaps even healthier. They listen to us, watch us, learn about us. They help us make decisions. They “guess” our next move - our pending desire. They make decisions - even take action on our behalf. As a society we snatch up these new devices as quickly as they hit the shelves and use them with open arms, unknowingly putting our privacy and safety at risk.
How many devices are there? What are they used for? In this session, we’ll focus on the side effects associated with devices used to run our countries, our cities, our homes, our lives - even our physical being.
Ultimately, it’s about the lack of cybersecurity - because there is a lack of cybersecurity, there’s no conversation about it, and therefore there is no understanding (awareness) of what’s at risk for using these devices. It’s not necessarily a bad thing - but the fact we are making uninformed decisions as a society means we could be putting ourselves and our loved ones at risk without even knowing it.
This panel is part 1 of 2 parts - it’s all about the lack of security and the side effects it has on us as individuals and as a society. What are we trading in exchange for using these devices to make our lives “better”? Bottom line... are you (we) surrendering to the technology?
PANELISTS
- Ted Harrington, Executive Partner at Independent Security Evaluators
- Gary Hayslip, Vice President & CISO, Webroot
- Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group
MODERATOR
- Chenxi Wang, Host of The New Factor on ITSPmagazine- BrightTALK
-
Your Small Business Will Be Hacked - Because It Is Easy Sean Martin, ITSPmagazine | Rusty Sailors, LP3 | Russell Mosley, Dynaxys | Tom Caldwell, Webroot Recorded: Jul 25 2017 56 mins
- Broadcast LIVE from Las Vegas during Black Hat 2017 -
Small and medium businesses face countless threats, most of which have a human at their origin. These criminals, driven by financial gain, are essentially business owners – not unlike yourself – who are looking to spend as little money and as few resources as necessary to generate as much revenue as possible. Therefore, most cybercriminals target businesses that have a false sense of security.
Why would a cybercriminal spend a fortune going after a Fortune 1,000 when they can spend a few bucks to crack a small business? Exactly!
During this live webinar, we’ll explore the types of threats that small and medium businesses face and the business risk associated with these threats. It’s easier to get hacked than you think and it’s only a matter of time before it happens. Will your business be prepared? Are you doing everything you can to protect yourself beforehand?
Knowing that perfection is not possible, our panel of experts will look at 4 key steps that small and medium businesses should take to reach a reasonable level of cybersecurity:
- How to conduct an analysis to determine risk and the need to focus on cybersecurity within your business
- How to assess the cost of a breach, a loss of information and the impact that a cybersecurity event can have on your customers and partners
- How to create a plan to protect your systems, information, revenue and customers’ data
- Best practices for guiding your implementation, from segmentation to employee access control policies to information protection controls
Join us for an extremely informative session geared towards small and medium business owners and their IT staff.
Moderator:
Sean Martin, CISSP, Editor-in-Chief, ITSPmagazine
Panelists:
Rusty Sailors, President / CTO at LP3 and Chairman, Protecting Tomorrow
Russell Mosley, Director, Infrastructure & Security, Dynaxys
Tom Caldwell, Senior Director of Engineering at Webroot- BrightTALK