Hi [[ session.user.profile.firstName ]]

IT Governance, Risk and Compliance

  • Do You Have a Roadmap for EU GDPR Compliance?
    Do You Have a Roadmap for EU GDPR Compliance? Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh Live 60 mins
    The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.

    Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?

    Join this webinar to learn:
    • Case study and legal/regulatory impact to GDPR
    • Security Metrics
    • Oversight of third parties
    • How to measure cybersecurity preparedness
    • Automated approaches to integrate Security into DevOps
  • GDPR Compliance and the Role of DLP and Behavioral Analytics
    GDPR Compliance and the Role of DLP and Behavioral Analytics Jon Oltsik, Sr. Principal Analyst, ESG Salah Nassar, Dir. Product Marketing, Symantec Steve Grossman, VP of Strategy Recorded: Aug 17 2017 64 mins
    The General Data Protection Regulation (GDPR) goes into effect in May 2018. It’s predicted that over 50% of companies affected will not be in full compliance in time. With fines as much as 4% annual revenue, cybersecurity experts, executives and boards are paying attention.

    What are the main obligations under the GDPR which will apply to your organization?
    How can you identify the gaps that exist between your existing programs and GDPR requirements?
    What changes are needed and which technologies can help to achieve compliance?
    What is a pragmatic timetable, in what order of priority, and at what cost?

    Join ESG Sr. Principal Analyst, Jon Oltsik, Symantec Director, Global Product Marketing and GTM Strategy, Salah Nassar, and Steven Grossman, Bay Dynamics’ Vice President of Strategy as we discuss how to:

    - Identify what data matters for GDPR compliance
    - Implement a framework for change
    - Leverage DLP and behavioral analytics for data governance

    The clock is ticking.
  • AlienVault Partner Program: An Intro to AlienVault USM
    AlienVault Partner Program: An Intro to AlienVault USM Mike LaPeters, VP Global Channel Sales & Garrett Gross, Director of Field Enablement Recorded: Aug 17 2017 60 mins
    Watch our partner webcast to learn about our award-winning, easy-to-sell AlienVault® USM™ platform and the AlienVault Partner Program. SIEM solutions integrate and analyze the data produced by other security technologies but unfortunately most mid-market organizations don't have the resources and time to create and maintain the data correlation rules that make SIEM solutions useful. This offers an opportunity for you to capitalize on the benefits of AlienVault USM. Once your prospects understand our approach to unified security management, it becomes a very quick sales cycle.

    An intro to AlienVault USM
    How to identify prospects quickly with a simple set of questions
    How to sell the benefits of USM for easier and faster threat detection
  • How to Grow and Accelerate your Managed Security Business
    How to Grow and Accelerate your Managed Security Business Garrett Gross, Director Field of Enablement Recorded: Aug 17 2017 33 mins
    Security continues to be one of the top three IT concerns for SMB, mid-market and large enterprise customers. Security and Cloud continue to be the top two industry/market spend opportunities for the channel to invest in, according to CompTIA’s 2016 Annual IT Report. The opportunity for MSPs to become Managed Security Service Providers (MSSPs) is exploding – as is the opportunity for MSSPs to strengthen and expand their bottom line and market share. If you are interested in expanding your current MSP practice with security offerings, please watch this “How-to" discussion on building and growing an MSSP. We discuss best practices and illustrate what “best in class” looks like when it comes to:

    Common security challenges for the mid-market
    Considerations when selecting security vendor partners and ensuring a profitable practice
    Operational, financial, and process considerations that are key to a successful MSSP
    Essential skills critical to build successful MSSPs
    Solutions, business resources, tools, and programs available to enable the success of an MSSP
    In addition, we discuss some common mistakes MSSPs make and how to avoid those when building your practice.
  • Threat Intelligence: The MSP’s Secret Weapon
    Threat Intelligence: The MSP’s Secret Weapon Garrett Gross, Director Field of Enablement Recorded: Aug 17 2017 34 mins
    One of the biggest challenges when creating a managed security offering is developing threat intelligence and instrumenting it with existing security controls. This challenge is magnified exponentially as a company's client base grows and needs evolve.

    In this session, you’ll learn about the benefits of building your service offering around a unified security platform and how integrated threat intelligence accelerates the detection process. We’ll also recommend how MSSPs can leverage open threat sharing communities and custom intelligence development to maximize revenue and differentiate themselves from the competition.

    Attend this Webchat and you will also learn:

    The importance of developing a comprehensive understanding of not only the different data types collected for analysis, but also the ways in which the data types interact with each other
    The need for an intelligent approach to identifying the latest threats to achieve the broadest view of threat vectors, attacker techniques and effective defenses
    Why the use of coordinated rule set updates is key to maximizing the effectiveness and efficiency of threat intelligence
    and to ensuring that your clients are protected no matter how (and how often) their business grows and needs change
  • A Step-By-Step Guide to Building a Profitable Security Practice
    A Step-By-Step Guide to Building a Profitable Security Practice Garrett Gross, Director of Field Enablement Recorded: Aug 17 2017 33 mins
    As your clients work on their 2017 budgets, they will be paying a lot of attention to security. It’s probably the top priority for most of them. Threat profiles have expanded, new attack vectors have emerged and legacy systems simply can’t keep up. It’s not nearly enough to sell some security software or deploy a few firewalls. For IT service providers, this presents both a challenge and an opportunity. On one hand, your customers need new security solutions that you haven’t delivered before. But on the other hand, your customers want to pay you for services that will increase both your revenues and profits.

    Given that your customers will want their security challenges addressed immediately, you need to rapidly develop the skills and services required to get the job done.

    In this fast-paced session, join experts from AlienVault and MSPmentor to outline a step-by-step process you can follow to build a thriving, profitable security practice. Key topics to be addressed include:

    The five vital technology tools you need to run an effective security practice
    A detailed profile of the target customers most likely to adopt IT services to help accelerate your sales process
    A map for building and pricing your security service packages to meet customers’ needs (and for building your profits)
  • GDPR and What It Means for Security Teams
    GDPR and What It Means for Security Teams Cheryl Tang, Director Data Security Products, Imperva Recorded: Aug 17 2017 37 mins
    The General Data Protection Regulation (GDPR) clock is ticking and the time to act is now. Organizations around the world are developing their GDPR plans. Non-compliance has significant costs…up to 4% of an organization’s annual revenue.

    Join us to learn:

    - What is GDPR
    - Deep dive into relevant data security articles of the GDPR
    - Review how different technology can address some of the GDPR data security requirements
  • How GDPR Affects US Companies
    How GDPR Affects US Companies Bob Siegel, President and Founder of Privacy Ref Recorded: Aug 17 2017 37 mins
    Learn how the EU General Data Protection Regulations affect US based companies.

    Join CyberDefenses and Privacy Ref's Bob Siegel to review how the GDPR directly impacts US based corporations. These far-reaching regulations impact any company that stores or transmits identifying information of any individual within the EU.

    In this webinar, you will be introduced to the basic elements of the GDPR and you will discuss the requirements that require action for US focused companies.

    About Bob Siegel:
    President and founder of Privacy Ref, Inc., Bob Siegel, started the company in 2012. After his time as Senior Manager of Worldwide Privacy and Compliance at Staples, Inc., Bob applied his experience and expertise to assisting companies implement and maintain strong privacy programs. Bob has worked with many different organizations, dealing with programs of all sizes and regulatory needs.

    Always seeking to improve his own understanding of all things privacy, Bob has earned certifications from the International Association of Privacy Professionals. These include certifications in US private and public sector, European, and Canadian privacy laws. Bob has also earned certifications in Information Technology Privacy and Privacy Program Management. Bob Siegel has also been recognized as a Fellow of Information Privacy by the IAPP for his outstanding dedication to the privacy community. He has also served on the IAPP's Certification Advisory Board for the CIPM program and the IAPP's Publication Advisory Board. Bob also serves on the IAPP’s teaching faculty leading classes in the areas in which he is certified.

    About CyberDefenses:
    CyberDefenses is a premiere cyber security services organization, providing advanced security services to the commercial and federal sectors. CyberDefenses Academy provides advanced training the IT, security and privacy professionals that wish to be at the top of their field.
  • Adding the S to MSP: Making Money in a Competitive Market
    Adding the S to MSP: Making Money in a Competitive Market Mike LaPeters, VP Global Channel Sales & Mike Calonica, VP American Sales Recorded: Aug 17 2017 35 mins
    Anybody can deliver technology, but these days MSPs also need to protect their customers’ networks and data. Cyber threats are a growing concern, and if you can’t provide security, your customers will find a provider who can. That’s why adding security to an MSP’s palette of services isn’t just an option; it’s a must.


    In this webcast, experts from Penton and AlienVault will discuss how to turn your MSP into a profitable MSSP by adding security for customers to protect their business from the scourge of cybercrime. Join this session to learn more about:

    Current threats and how they are evolving
    Comprehensive threat protection for the cloud
    Unified security for detecting threats and responding to incidents
  • Use of Managed Security Service Providers (MSSPs) - Benefits, Challenges and Tre
    Use of Managed Security Service Providers (MSSPs) - Benefits, Challenges and Tre Garrett Gross Director, Field Enablement Recorded: Aug 17 2017 55 mins
    Research shows that about half of organizations deploy a mix of in-house and outsourced IT security. Companies turn to outsourced and managed security services providers to alleviate the pressures they face, such as assessing and remediating against new types of attacks, protecting their organization against data theft, and addressing skills shortages and filling resource gaps. The 2017 Spotlight Report covering MSSP usage revealed the latest data points and trends in how organizations are leveraging Managed Security Services Providers (MSSPs) to augment, or in some cases completely outsource their security programs.

    In this session you'll learn about key findings from this survey including:

    The predominant driver for organizations to consider managed security services
    The most critical capabilities organizations look for in MSSPs
    The most requested security services offered by MSSPs
    Key benefits respondents have achieved by partnering with an MSSP

    Whether you are evaluating using an MSSP, or are an MSSP yourself, join us to gain valuable insights into how MSSPs are helping their clients. We'll also provide an overview of how our report sponsor, AlienVault, enables the threat detection capabilities of many MSSP's with their unified threat detection platform, AlienVault USM
  • Breaking Down Silos - DevOps Meets ITIL
    Breaking Down Silos - DevOps Meets ITIL Greg Pollock, VP of Product at UpGuard Recorded: Aug 17 2017 42 mins
    Big things are happening in software. Agile Software Development and DevOps are delivering innovations at a rate never seen before. Prompting many to ask 'Is this the end of ITIL?'.

    There is a perception that DevOps and ITIL cannot play well together. That an you must choose one over the other or risk catastrophic failure. This is simply not true.

    Many do not realize that DevOps relieson core concepts and processes of ITIL to be successful. Ignoring this relationship means missing out on service improvements that may be introduced and developed by integrating key areas of the ITIL framework and the collective body of knowlege that is DevOps.

    In this webinar we will take a close look at the simple things organizations can do to get most out of a balanced blend of traditional and modern IT practices.
  • Detecting a Healthcare Breach with the NIST Cybersecurity Framework
    Detecting a Healthcare Breach with the NIST Cybersecurity Framework Axel Wirth, CPHIMS, CISSP, HCISPP, Technical Architect, Symantec & Ken Durbin, CISSP Strategist: CRM & Threat Intel, Symantec Recorded: Aug 17 2017 55 mins
    Part 4 of 7: NIST Cybersecurity Framework for Healthcare Webinar Series

    Put on your detective hats with the DETECT function of the NIST CSF. Too often healthcare organizations are breached without ever knowing it.

    In this webinar, we’ll look at how the NIST CSF helps healthcare organizations set up technologies and policies to make sure they know, in a timely manner, when they’ve been breached, how they were breached and, most importantly, what they can do to mitigate this risk in the future.

    We will take a deeper dive into the core components of the DETECT function, including the categories of anomaly/event detection, continuous monitoring and effective detection processes.

    It can be difficult to learn that your organization has been breached, but that knowledge is crucial to improving overall cybersecurity operations.

    Register Today

    To view upcoming NIST Cybersecurity Framework for Healthcare Webinar Series Part 5-7 https://resource.elq.symantec.com/LP=4235
  • Como estruturar investigações internas antifraude
    Como estruturar investigações internas antifraude Kroll's Fernanda Barroso, Fernando Carbone, and Ian Cook Recorded: Aug 17 2017 59 mins
    Os dados do último Relatório Global de Fraude & Risco da Kroll demonstram que as empresas brasileiras ainda apresentam deficiências na detecção de fraudes, o que contribui para que boa parte delas passe despercebida.
    Junte-se aos especialistas da Kroll para uma discussão sobre as maneiras mais eficientes de estruturar uma investigação interna, com exemplos reais do trabalho desenvolvido pela principal consultoria global de gestão de riscos corporativos e investigações.
  • Preparing for GDPR: Are identity management and authentication core to GDPR?
    Preparing for GDPR: Are identity management and authentication core to GDPR? Sian John, Symantec & Enza Iannopollo, Forrester Recorded: Aug 17 2017 48 mins
    You’re preparing for GDPR. You’re auditing your information. You’re reviewing your security systems. But is this enough? Join us at Part Two of this BrightTALK webinar series where Symantec experts and a guest speaker from Forrester discuss how to ensure your security strategy is primed for GDPR.

    You’ll learn the proven milestones to bring together the people, policies and processes that will make your GDPR preparations more successful – and how other businesses have done so.
    Other topics will include:

    •Identifying gaps in your strategy
    •How to prioritise remediation and investments
    •How to protect user identities and authentication so that they can’t be used to break into your personal and sensitive information.
  • T-72 hours; Building Your GDPR Breach Response Plan
    T-72 hours; Building Your GDPR Breach Response Plan FireEye Recorded: Aug 17 2017 49 mins
    The first half of 2017 was the tipping point for cyber threats in Northern Europe. Organizations had to defend themselves against two cyber attacks involving rapid spreading malware. The latest incident severely disrupted global enterprises, causing significant downtime and impacting their revenue.
    Such high-profile, large-scale attacks show us that no organisation is safe from the reach of cyber-criminality. Post-GDPR, responding to these attacks will become all the more critical as breaches will have to be reported to the relevant regulatory body. By understanding your current security posture - internal processes and technology – combined with the external threat landscape – organisations can prepare themselves should a breach occur.

    In this webinar, you will learn how to assess your risk profile, evaluate your operational strengths and weaknesses as well as your tactical approach to responding to co-ordinated, targeted attacks.

    Register your interest here.

    Many thanks,
    The FireEye Team
  • GDPR Privacy Impact and Risk Assessments
    GDPR Privacy Impact and Risk Assessments Ariel Evans, CEO, InnoSec Recorded: Aug 17 2017 49 mins
    - InnoSec is the winner of the EU commission Horizon 2020 grant based on its innovation in GDPR and cyber risk -

    GDPR is an urgent issue that has companies scrambling to be compliant by May of 2018. Any organization that processes EU citizen data is in scope and the penalties are severe.

    Alignment with the requirements can reduce the chances of triggering a Data Protection Authority (DPA) to investigate a company’s privacy practices after the GDPR takes effect in May 2018. DPAs can impose a fine on companies of up to 4% of annual global revenues for egregious violations of the GDPR. Member states can also add to these fines. The Netherlands, for instance, has more than doubled its own fining capacity to 10% of annual revenues. European privacy advocates are pressuring DPAs to fully exercise these new powers after May 2018.To manage this risk, multinationals should have a means to demonstrate alignment with the GDPR requirements and communication of this program with DPAs that have jurisdiction over their major European operations.

    InnoSec’s GDPR solution provides privacy impact and risk assessments which measure the confidentiality and integrity of the system and the risk associated to it meeting articles 1,2, 5, 32, 35 and 36. Additionally, we provide a readiness gap analysis for managing, planning and budgeting for GDPR.

    Most e-commerce, educational and multi-national organizations process EU citizen data and are in scope for GDPR. Moreover, most organizations are not ready according to Gartner and his means the race to the finish line requires as much automation as you can afford. InnoSec provides a means for companies to save money and time with their GDPR assessment and gap analysis offering.. Our GDPR offering automates the assessment process and provides a gap analysis readiness feature, that also ensures that organizations can plan, budget and manage their GDPR program.

    Come to this webinar to see how it is done.
  • Privacy Level Agreement Code of Conduct for CSPs: a compliance tool for GDPR
    Privacy Level Agreement Code of Conduct for CSPs: a compliance tool for GDPR Nicola Franchetto of ICT Legal Consulting Recorded: Aug 17 2017 60 mins
    Nicola Franchetto will discuss in a practical and business oriented way, the new provisions of the GDPR and how the PLA Code of Conduct supports compliance with the forthcoming EU Data Protection Legislation. More precisely, Franchetto will highlight the true privacy compliance “game changers” introduced by the GDPR and offer the audience practical inputs on how to set up a sound and effective corporate Data Protection Compliance Programme, which will also include having a PLA in place with Cloud Service Providers.
  • Reduce Security Vulnerabilities in Enterprise Applications
    Reduce Security Vulnerabilities in Enterprise Applications Mike Pittenger, VP of Security Strategy, Black Duck Software, Adrian Davis, Managing Director, (ISC)² EMEA Recorded: Aug 17 2017 61 mins
    Would you leave sensitive data out in the open making yourself a target to thieves looking for a victim? That is exactly what your business is doing if it fails to identify vulnerabilities in their business applications. Cyber attackers are looking at your business applications for security vulnerabilities so they can get access and wreak havoc. It’s time to find and fix security vulnerabilities before the hackers do. Wondering where to start and what to do? This webinar will help you build a comprehensive plan to minimize threats and protect your company. Join this webinar to hear application security experts: Discuss methods for scanning & evaluating potential security vulnerabilities in out-of-the box and home grown business applications Teach methods for quickly detecting and eradicating software flaws Make recommendations for how to choose and implement vulnerability scanning tools Explain how to reduce security vulnerabilities during internal application development Examine the widespread use of open-source code and how it may expose your business to security threats
  • BrightTALK's GDPR Benchmark Special: How Prepared are You for May 2018?
    BrightTALK's GDPR Benchmark Special: How Prepared are You for May 2018? Josh Downs, BrightTALK; Stuart McKenzie, Mandiant; Sian John, Symantec; Nigel Tozer, Commvault & Tim Hickman, White & Case Recorded: Aug 17 2017 63 mins
    9 months until the GDPR deadline - are you completely up-to-speed?

    Our panel of data protection experts will be discussing the compliance considerations that you need to be assessing for May 2018 along with suggesting next steps from a cyber and general security standpoint.

    We'll also be asking YOU at what stage you're at in terms of your preparations via a series of interactive benchmarks as we go through the session to get a sense of where the security community is at in terms of preparations.

    -------------

    GDPR and its May 2018 deadline are now fully the minds of the vast majority of security professionals and with massive fines on the horizon for non-compliance, now is a better time than ever to get to grips with the legislation and ensure that your organisation is secure and compliant.

    It’s vital that your business has carried out the relevant preparations for compliance by then to make sure you don’t get whacked with a huge fine of up to £15m or 4% of your organisation’s global annual turnover.

    Not only are there potentially huge financial repercussions, but leaving your business open to attack and your customers at risk can cause serious reputational damage.
  • Defend Against WannaCry
    Defend Against WannaCry Alex Hinchliffe, EMEA Threat Intelligence Analyst, Unit 42 Aug 21 2017 10:00 am UTC 30 mins
    What you need to know and how to defend against it.

    Hours after WanaCrypt0r first emerged , the global ransomware campaign hit hundreds of thousands of computer systems and impacted multiple high-profile organizations around the world.

    Since the initial wave of attacks, new variants of the ransomware have been discovered in the wild, ensuring that the threat is far from over.

    Follow Alex Hinchliffe on a video interview during which he will cover this pervasive threat, and how it exploits vulnerabilities and spreads across networks.
  • Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities
    Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities Nathaniel Ford, Moderator (ISC)² EMEA, Membership Services, (ISC)² EMEA Aug 21 2017 12:00 pm UTC 60 mins
    Are you an (ISC)² member with questions about your certification and member benefits, or want to keep in touch with (ISC)² news in EMEA? Are you thinking about joining, and curious to hear more about what membership means and how (ISC)² can help you?

    Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
    - CPE opportunities, member benefits and getting involved
    - Updates on (ISC)² news, developments and changes in your region
    - Your membership requirements summarized
    - Who are the (ISC)² EMEA team and how we can help you
    - Focus discussions
    - Q&A session
  • Challenges in Building Connected Communities
    Challenges in Building Connected Communities Kate Garman, Jascha Franklin-Hodge, Peter Marx, Limor Schafman Aug 21 2017 3:00 pm UTC 75 mins
    Creating a seamless connected environment that supports smart community citizen services, streamlines operations, supports economic development is already a challenge for community officials. There are many different needs and directions to begin the conversion to an “intelligent” environment. Communities are also planning and building not just for current needs, but also for future connectivity infrastructure that will be used by autonomous vehicles, smart buildings, connected homes, AR/VR, eRetail, eHealthcare, smartgrid and more.

    This webcast will discuss such questions as:
    > What issues are city officials prioritizing for resolution through smart community applications?
    > How are communities planning for and deploying small cell infrastructure?
    > Which departments are involved in communications infrastructure?
    > How can suppliers navigate the multiple departments involved in decision making?
    > What business models are cities negotiating with their technology product partners?
    > What are some of the lessons learned from cities that you can translate into your own business offering?

    Speakers:
    Jascha Franklin-Hodge, CIO, Boston, MA
    Kate Garman,Smart City Coordinator, Seattle, WA
    Peter Marx, currently in the position of VP, GE Digital and former CTO, City of Los Angeles
  • GDPR update - less than 1 year to May 2018
    GDPR update - less than 1 year to May 2018 Greg Day, EMEA VP & CSO Palo Alto Networks Aug 22 2017 1:00 pm UTC 75 mins
    The General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive will both be enforced as of May 2018. You may think you’re ready for these laws, but covered companies may need to improve the security of personal data they hold, and of their networks and information systems. Data breaches and security incidents will have to be reported. As they prepare for the GDPR and NIS, it is imperative that organisations understand their cybersecurity risks and invest appropriately.

    Greg Day, EMEA VP & CSO Palo Alto Networks, explains the security-related requirements.
  • Stop Living in the Past: A New Approach to Application Security
    Stop Living in the Past: A New Approach to Application Security Joseph Feiman, Chief Innovation Officer, Veracode Aug 22 2017 3:00 pm UTC 30 mins
    Information security has not kept pace with the new reality of a software-driven world. Traditional defenses are proving inadequate in this environment. We’ll discuss how organizations should evolve their security strategies as users and applications become the risk focal point. Attend this session and learn about new approaches such as:

    • Work with the way developers work.
    • Cover not only the apps an organization develops internally, but also those it purchases or assembles from components.
    • Move beyond the software development lifecycle to the full software lifecycle, covering apps from inception through production.
  • Top 4 Ways Vulnerability Gets Into Software
    Top 4 Ways Vulnerability Gets Into Software Maria Loughlin, Senior VP of Engineering| Veracode Aug 22 2017 4:00 pm UTC 30 mins
    Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects? Are developers to blame? Is it just the nature of software?

    We’ll discuss the four primary ways that vulnerabilities end up in your software. Attendees at this session will understand the main sources of vulnerabilities and how to prevent them -- a good first step in making apps less like a red carpet for cyberattackers, and more like a moat. We’ll get attendees up to speed on the following:

    • Insecure coding
    • A threat landscape that never quits
    • Indiscriminate use of components
    • Programming language choice
  • How to Choose Your Next Database Audit Solution
    How to Choose Your Next Database Audit Solution Terry Ray, Chief Technology Officer at Imperva Aug 22 2017 4:00 pm UTC 60 mins
    Data is the lifeblood of today's business. As the volume of generated data continues to grow, so does the number of data breaches. It's more critical than ever for organizations to adopt database audit and protection solutions. But not all solutions are created equal.

    What are the key capabilities that IT and security teams should evaluate? Join Terry Ray as he discusses key considerations for selecting a database audit and protection solution.

    About the Presenter:

    Terry Ray is the Chief Technology Officer for Imperva, Inc., the leading provider of data security solutions. Terry works directly with Imperva’s largest customers to educate on industry best practices, challenges and regulations. He also, operates as an executive sponsor to strategic customers who benefit from a bridge between both company’s executive teams. During his 12 years at Imperva, he has deployed hundreds of data security solutions to meet the requirements of customers and regulators from every industry. Terry is a frequent speaker for RSA, ISSA, OWASP, ISACA, Gartner, IANS and other professional security and audit organizations in the Americas and abroad.
  • Your Path to a Mature AppSec Program
    Your Path to a Mature AppSec Program Colin Domoney, Consultant Solutions Architect—Veracode Aug 22 2017 5:00 pm UTC 30 mins
    According to Akamai, attacks at the application layer are growing by more than 25% annually. But many organizations still struggle to understand how to get started with application security, or what good looks like.

    To shed light on the application security process, this session will outline the steps most of Veracode's customers take to develop a mature application security program. Attend and hear about Colin’s experience developing and managing an application security program from the ground up and learn:

    • The different AppSec phases most organizations are currently in
    • The next steps to take when moving toward a more comprehensive AppSec program
    • Lessons learned, best practices and pitfalls to avoid -- from someone who’s been there
    • What a comprehensive, mature AppSec program entails
  • Learn how the NIST Cybersecurity Framework Benefits State and Local Governments
    Learn how the NIST Cybersecurity Framework Benefits State and Local Governments Renault Ross, Chief Cybersecurity Business Strategist North America, Symantec Aug 22 2017 6:00 pm UTC 60 mins
    The NIST Cybersecurity Framework (CSF) provides an excellent guide for state and local governments looking to improve their overall cybersecurity posture.

    Join our webcast hosted by Symantec Chief Cybersecurity Business Strategist, Renault Ross, where he reveals how to apply the CSF to state and local government.

    Learn to:

    •Identify where sensitive data is and who is accessing it.

    •Protect that data with universal policies to ensure stability of networks and infrastructure.

    •Detect cyber threats quickly and reduce the chance of breaches.

    •Respond to threats with automated actions.

    •Recover after a threat to produce reports to prove compliance.

    Register Today
  • You Can Get There From Here: The Road to Secure DevOps
    You Can Get There From Here: The Road to Secure DevOps Pete Chestna, Director of Developer Engagement—Veracode Aug 22 2017 6:00 pm UTC 30 mins
    If you are moving between methodologies, you are probably looking for a roadmap or at least lessons from someone that’s been through it already. Over its 10+ years, Veracode has moved from monolith to microservice and from waterfall to DevOps. We have learned a lot along the way and I’m eager to share the story. In this session learn:

    · A basic Understanding of Waterfall, Agile and DevOps from a people, process and technology point of view
    · Considerations when transitioning between these methodologies
    · An approach to leading the change in your own company
    · How Security can best be integrated into DevOps
  • Getting the Best out of DevSecOps
    Getting the Best out of DevSecOps Colin Domoney, Consultant Solutions Architect—Veracode Aug 22 2017 7:00 pm UTC 30 mins
    With application security rapidly moving towards a DevSecOps approach, it's important to understand from each team's perspective how to be successful in the new agile process. 

    Join this webinar to understand the perspectives--both the challenges and benefits of a DevSecOps approach, and how to integrate your security, operation and Developer teams.
  • Securing the Enterprise in a DevOps World: Keynote & Panel
    Securing the Enterprise in a DevOps World: Keynote & Panel David Wayland, Head of Enterprise Application Security, Fortune 500 Financial Firm & Chris Wysopal, CTO & Co-Founder Veracode Aug 22 2017 8:00 pm UTC 75 mins
    Securing a global enterprise requires security, development, vulnerability management, compliance and risk professionals to understand the engagement and inflection points in the software development lifecycle—and their roles to accelerate it. 

    Join Veracode for a two part session featuring "Securing the Enterprise in a DevOps World" with David Wayland, and an interactive panel discussion to continue the conversation on securing the enterprise in a DevOps World. This open round table discussion will be led by Veracode Co-Founder and CTO, Chris Wysopal. We will have time for Q&A so bring your questions!

    The discussion will touch upon:
    · Are you crawling, walking or running with your DevOps initiative?
    · Pitfalls? Success?
    · How are you connecting the dots for the business and the board on how your application security initiative is mitigating risk?


    Panelists: David Wayland, Head of Enterprise Application Security—Fortune 500 Financial Firm, Pete Chestna, Director of Developer Engagement—Veracode, Joseph Feiman Chief Innovation Officer—Veracode.
  • Detect and Respond to Cyber Threats with Threat Lifecycle Management
    Detect and Respond to Cyber Threats with Threat Lifecycle Management LogRhythm Aug 23 2017 12:00 am UTC 15 mins
    Today’s reality is that your organization will continue to be confronted by increasingly frequent and complex cyber threats.

    The Threat Lifecycle Management Framework (TLM) is a series of aligned security operations capabilities. It begins with the ability to monitor and search across your IT environment and ends with the ability to quickly mitigate and recover from security incidents. The result? Faster time to detect and time to respond, without adding staff to accomplish the job.

    See how LogRhythm’s Threat Lifecycle Management Platform can help your team sort through the noise to quickly discover and neutralize concerning incidents.
  • Accelerating Multi-Cloud Deployments
    Accelerating Multi-Cloud Deployments Matt Keil, Director of Product Marketing, Public Cloud at Palo Alto Networks Aug 23 2017 10:00 am UTC 45 mins
    Organizations are rapidly embracing multi-cloud architectures that span software-defined data centers (private clouds) and public cloud environments. To help organizations protect their cloud-based applications and data from cyberattacks, PAN-OS® 8.0 expands the VM-Series with new models and optimized performance, making it the broadest, most powerful line of virtualized firewall appliances on the market.

    New scalability and resiliency features for Microsoft® Azure® and Amazon® Web Services enable organizations to build secure cloud-centric architectures. Workflow automation features for VMware® NSX® and KVM with OpenStack® help streamline VM-Series deployments.
  • Moving towards XaaS: Could the Public versus Private Cloud debate be over?
    Moving towards XaaS: Could the Public versus Private Cloud debate be over? Rory Duncan, Research Director at 451 Research; Dan Havens, SVP, WorldWide Sales at Ormuco Aug 23 2017 1:00 pm UTC 60 mins
    The cloud promises to enable organisations to be more flexible, agile and responsive to the needs of their business and the demands of customer and partners. As physical infrastructure has become invisible to end-users, the role of service providers and channel partners has changed. Faced with public and private options, many firms are taking a XaaS approach, embracing the best of both private and public worlds - implementing hybrid architectures to deliver on-demand access to compute resources, capacity, and services, while also providing greater levels of control, security, and visibility of data and applications. In this webinar, Rory Duncan, Research Director with 451 Research will outline the opportunities for Service Providers and channel partners delivering cloud services, examining topics such as support, managed services, data protection and data sovereignty for facilitating cloud consumption.
  • GDPR - How to embrace PCI’s big brother
    GDPR - How to embrace PCI’s big brother Chief Operations Officer, Nick Rafferty & Head of GRC, Oliver Vistisen Aug 23 2017 3:00 pm UTC 45 mins
    If your organization stores, processes and transmits cardholder data, PCI’s big brother - the EU General Data Protection Regulation - could affect your ability to do business in the EU.

    Impacted PCI US companies may have EU residents as employees or customers.

    The GDPR has become a primary item on most organizations' agenda this past year, yet a disproportionate amount of focus has fallen on the fines that are set to come in force May 25, 2018.

    We want to take a more optimistic look at the regulation, why it came to be and how it can be a massive opportunity to strengthen your reputation and (re)gain customer confidence. We will also look at how the implementation and ongoing maintenance of compliance can be addressed through an analytical approach to the Articles themselves; the rules of the regulation.

    What attendees will learn:
    • How US ecommerce and other companies involved in payment card transactions can be impacted by the GDPR.
    • Why the world’s most valuable resource is no longer oil, but data.
    • Why the GDPR is far more than a simple check-box compliance exercise.
    •Why the GDPR is a massive opportunity in disguise for organizations who take it seriously.
    •How the GDPR aims to change company culture by turning risk assessments on their head.
    •An analytical breakdown of the GDPR Articles that uncovers those that are applicable to your organization, and how to tackle these through a risk based approach.
    •Key areas of focus for any GDPR program based on personal and client feedback.
    •How to effectively implement GDPR by expanding upon existing compliance programs and management systems (ISO 27001).
  • What is an Identity Provider (IdP) and Do You Need One?
    What is an Identity Provider (IdP) and Do You Need One? Stephen Allen, Authentication Expert at Gemalto Aug 23 2017 3:00 pm UTC 60 mins
    The explosion of cloud-based applications in the enterprise is making IT and security professionals rethink their cloud identity management strategy. By default, every cloud user creates an average of 17 cloud identities. But catering to 17 different user stores per employee or partner is simply not scalable from an administration perspective. And as if IT’s time is not precious enough, password resets account for 20% of helpdesk tickets. This adds to the compliance and security risks associated with cloud-based applications, which by default require only weak static passwords and offer no central point of management across disparate cloud-based services.

    Join Stephen Allen, Gemalto Product Manager for Authentication and Access Management, and learn how deploying an Identity Provider enables:

    •Cloud Single Sign-On for easy access to cloud apps
    •Regulatory compliance with standards such as PCI DSS
    •Reduced identity lifecycle overheads
    •Centralized management of cloud access policies
    •Increased security with step-up authentication
  • Veracode Web Application Scanning Demo | Discover, test, and monitor all of your
    Veracode Web Application Scanning Demo | Discover, test, and monitor all of your Glenn Whittemore, Solution Architect, CA Veracode Aug 23 2017 4:00 pm UTC 30 mins
    Looking for a consolidated solution to find, secure, and monitor all of your web applications?

    Join this 20 minute webinar to see how Veracode can help you easily track and inventory all of your external web applications with the ability to scan and scale on thousands of sites in parallel to find critical vulnerabilities and prioritize your biggest risks.

    Learn how to leverage technologies such as Veracode Web Application Scanning which enable teams to discover and address vulnerabilities during the production and pre-production phases of the software development lifecycle (SDLC). As one of the multiple scanning technologies Veracode offers on a single platform, your organization can systematically reduce risk while continuously monitoring your security posture.
  • Hunting Criminals with Hybrid Analytics, Semi-supervised Learning, & Feedback
    Hunting Criminals with Hybrid Analytics, Semi-supervised Learning, & Feedback David Talby, CTO, Atigeo Aug 23 2017 5:00 pm UTC 60 mins
    Fraud detection is a classic adversarial analytics challenge: As soon as an automated system successfully learns to stop one scheme, fraudsters move on to attack another way. Each scheme requires looking for different signals (i.e. features) to catch; is relatively rare (one in millions for finance or e-commerce); and may take months to investigate a single case (in healthcare or tax, for example) – making quality training data scarce.

    This talk will cover a code walk-through, the key lessons learned while building such real-world software systems over the past few years. We'll look for fraud signals in public email datasets, using IPython and popular open-source libraries (scikit-learn, statsmodel, nltk, etc.) for data science and Apache Spark as the compute engine for scalable parallel processing.

    David will iteratively build a machine-learned hybrid model – combining features from different data sources and algorithmic approaches, to catch diverse aspects of suspect behavior:

    - Natural language processing: finding keywords in relevant context within unstructured text
    - Statistical NLP: sentiment analysis via supervised machine learning
    - Time series analysis: understanding daily/weekly cycles and changes in habitual behavior
    - Graph analysis: finding actions outside the usual or expected network of people
    - Heuristic rules: finding suspect actions based on past schemes or external datasets
    - Topic modeling: highlighting use of keywords outside an expected context
    - Anomaly detection: Fully unsupervised ranking of unusual behavior

    Apache Spark is used to run these models at scale – in batch mode for model training and with Spark Streaming for production use. We’ll discuss the data model, computation, and feedback workflows, as well as some tools and libraries built on top of the open-source components to enable faster experimentation, optimization, and productization of the models.
  • Device Intelligence: Going Beyond Old-School Device Fingerprinting
    Device Intelligence: Going Beyond Old-School Device Fingerprinting Kedar Samant, CTO & Co-Founder, Simility Aug 23 2017 5:00 pm UTC 60 mins
    With old-school device fingerprinting, it’s easy to stop or allow known devices, but with the explosion of the number of new devices and companies engaging customers via multi-channels, the technology falls short in helping you identify transactions that are truly risky or good.

    In this webinar, you’ll see how device intelligence with machine learning allows you to derive more accurate fraud and risk insights from large amounts of device engagement data.
  • Using Reference Architectures to Fully Integrate Your Next-Gen Apps
    Using Reference Architectures to Fully Integrate Your Next-Gen Apps Pradeep Menon, Data Solution Architect & Karthik Rajasekharan, Azure Product Marketing Director Aug 23 2017 11:00 pm UTC 39 mins
    Intelligent application technology allows you to build apps with powerful algorithms, across platforms, with just a few lines of code. The answer lies in your application's architecture.

    Join Pradeep Menon, Microsoft Data Solution Architect, and Karthik Rajasekharan, Microsoft Azure Product Marketing Director to learn:

    - The different reference architectures and how to integrate these services into your applications immediately.
    - A hands-on approach to implementing Cognitive Services on Azure
    - About the next generation of application development and deployment