Hi [[ session.user.profile.firstName ]]

IT Security

  • Emerging trends in Incident Response: SANS 2017 Incident Response Survey Results
    Emerging trends in Incident Response: SANS 2017 Incident Response Survey Results James Carder (LogRhythm CISO & VP of LogRhythm Labs), Matt Bromiley (SANS Analyst and DFIR Instructor) Live 60 mins
    SANS' 2016 survey of incident response (IR) capabilities indicated that the IR landscape was ever changing. Advanced industries were able to maintain effective IR teams, but it identified hurdles responders face to increase the efficiency of their IR teams.

    In this SANS Incident Response Survey webcast, James Carder, LogRhythm CISO & VP of LogRhythm Labs, joins industry experts to explore the results of the fourth annual SANS survey on incident response. Together they'll provide insight into the maturity of IR processes and functions spanning a variety of environments.

    You'll learn:

    • Types of attacks experienced and nature of the breaches
    • Time needed to detect, contain, and remediate breaches
    • Maturity of network visibility infrastructures and security operations centers' response capabilities

    Watch now to learn more about the incident response capabilities of your peers and how IR can help you protect your network.
  • Secure Web & Cloud Gateway: Security & Threat-Protection for the Enterprise
    Secure Web & Cloud Gateway: Security & Threat-Protection for the Enterprise Michael Mauch Recorded: Aug 22 2017 30 mins
    For business, the web is both essential and dangerous. As more workers go mobile and workloads move to the cloud, the reliance and peril of the web is only going to grow. You need visibility into all this Web traffic, so you can protect your business from the threats it introduces.

    Secure web gateways (SWGs) can deliver the insights and controls you need to mitigate the risks of the web. They pick up where next-generation firewalls (NGFWs) leave off, providing the Layer 7 termination and in-depth inspection of web traffic (port 80 and 443) required to uncover and protect against the increasingly sophisticated web threats targeting your business.

    In this webinar learn how a proxy-based architecture provides unique security and threat-protection advantages for the enterprise in this new normal of remote users/offices, cloud apps, mobile devices.

    ●A proxy-based architecture is ESSENTIAL to meeting the needs of the Cloud Generation.
    ●Symantec BC Proxy SG is the best security defense.
    ●Symantec Proxy SG dramatically improves threat protection, while reducing costs of other security infrastructure.
  • The Future of Cybersecurity
    The Future of Cybersecurity Oren Falkowitz, Founder and CEO of Area 1 Security Recorded: Aug 21 2017 22 mins
    Oren Falkowitz, Founder and CEO of Area 1 Security, presented at Data Driven NYC in October 2015 on the future of cybersecurity.

    Data Driven NYC is a monthly event covering Big Data and data-driven products and startups, hosted by Matt Turck, partner at FirstMark Capital.

    Find out more about Data Driven NYC at http://datadrivennyc.com and FirstMark Capital at http://firstmarkcap.com.
  • Technology & Innovation Panel II: Looking Back - Swedish Lunch 2017
    Technology & Innovation Panel II: Looking Back - Swedish Lunch 2017 Moderator: Yobie Benjamin, Christer Fuglesang, Oren J. Falkowitz and Sam Cassatt Recorded: Aug 21 2017 29 mins
    Moderator: Yobie Benjamin CTO at ClickSwitch
    Panel: Christer Fuglesang, Oren J. Falkowitz and Sam Cassatt

    Held at Schatzalp Castle in Davos during the World Economic Forum 18th of January 2017.
  • It's Always Phishing
    It's Always Phishing Oren Falkowitz, CEO of Area 1 Security Recorded: Aug 21 2017 26 mins
    Kleiner Perkins Caufield & Byers (KPCB) partners with the brightest entrepreneurs to turn disruptive ideas into world-changing businesses. Oren Falkowitz demonstrates the increasing need for proper cybersecurity.
  • Phishing Hurts Everyone: Hackers Don't Target By Size
    Phishing Hurts Everyone: Hackers Don't Target By Size Presentation by Oren J. Falkowitz Recorded: Aug 21 2017 7 mins
    Area 1: Presentation by Oren J. Falkowitz (CEO) at Collision Conference in New Orleans LA on 2 May 2017
  • Guardians of the Cyber Galaxy! I Fortune
    Guardians of the Cyber Galaxy! I Fortune moderator Jeff John Roberts joined Oren Falkowitz, CEO of Area 1 Security, as well as former NSA head Gen. Keith Alexander Recorded: Aug 21 2017 25 mins
    Cybersecurity was on the main stage for the first time at Fortune Tech 2017 moderator Jeff John Roberts joined Oren Falkowitz, CEO of Area 1 Security, as well as former NSA head Gen. Keith Alexander, now of IronNet and Marten Mickos of HackerOne discussed how to keep the internet safe from hackers.
  • Challenges in Building Connected Communities
    Challenges in Building Connected Communities Kate Garman, Jascha Franklin-Hodge, Peter Marx, Limor Schafman Recorded: Aug 21 2017 76 mins
    Creating a seamless connected environment that supports smart community citizen services, streamlines operations, supports economic development is already a challenge for community officials. There are many different needs and directions to begin the conversion to an “intelligent” environment. Communities are also planning and building not just for current needs, but also for future connectivity infrastructure that will be used by autonomous vehicles, smart buildings, connected homes, AR/VR, eRetail, eHealthcare, smartgrid and more.

    This webcast will discuss such questions as:
    > What issues are city officials prioritizing for resolution through smart community applications?
    > How are communities planning for and deploying small cell infrastructure?
    > Which departments are involved in communications infrastructure?
    > How can suppliers navigate the multiple departments involved in decision making?
    > What business models are cities negotiating with their technology product partners?
    > What are some of the lessons learned from cities that you can translate into your own business offering?

    Speakers:
    Jascha Franklin-Hodge, CIO, Boston, MA
    Kate Garman,Smart City Coordinator, Seattle, WA
    Peter Marx, former CTO, City of Los Angeles, currently in the position of VP, GE Digital
  • Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities
    Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities Nathaniel Ford, Moderator (ISC)² EMEA, Membership Services, (ISC)² EMEA Recorded: Aug 21 2017 49 mins
    Are you an (ISC)² member with questions about your certification and member benefits, or want to keep in touch with (ISC)² news in EMEA? Are you thinking about joining, and curious to hear more about what membership means and how (ISC)² can help you?

    Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
    - CPE opportunities, member benefits and getting involved
    - Updates on (ISC)² news, developments and changes in your region
    - Your membership requirements summarized
    - Who are the (ISC)² EMEA team and how we can help you
    - Focus discussions
    - Q&A session
  • Defend Against WannaCry
    Defend Against WannaCry Alex Hinchliffe, EMEA Threat Intelligence Analyst, Unit 42 Recorded: Aug 21 2017 22 mins
    What you need to know and how to defend against it.

    Hours after WanaCrypt0r first emerged , the global ransomware campaign hit hundreds of thousands of computer systems and impacted multiple high-profile organizations around the world.

    Since the initial wave of attacks, new variants of the ransomware have been discovered in the wild, ensuring that the threat is far from over.

    Follow Alex Hinchliffe on a video interview during which he will cover this pervasive threat, and how it exploits vulnerabilities and spreads across networks.
  • The Hunt for IoT that Threatens Our Modern Way of Life
    The Hunt for IoT that Threatens Our Modern Way of Life Sara Boddy, Principal Threat Research Evangelist Recorded: Aug 18 2017 62 mins
    Not a week goes by without another IoT hack headline, yet we’re not doing enough to address this threat. We’ll show you in this presentation why the threat of IoT should remain top of mind.

    Join us for this webinar to learn about:

    - Global scope of IoT devices and their vulnerability posture – aka the IoT threat landscape
    - The growth of threat actor activity targeting IoT devices from 2016 to current day
    - A viewpoint of pre and post Mirai as an indication of what’s to come
    - The networks launching IoT attacks
    - The countries being targeted
    - What “dealing with” the threat of IoT looks like
  • Global Encryption Trends
    Global Encryption Trends David Holmes, Principal Threat Research Evangelist Recorded: Aug 18 2017 62 mins
    F5 is releasing three years of original mass scanning data and analysis on cryptographic security posture.

    What you’ll learn in the webinar:
    •How you rank against the rest of the world and your competitors.
    •Why TLS 1.3 should probably be named TLS 4.0. ​
    •Which attacks are concealing payload within encrypted tunnels
  • 6 Reasons Why Dev Should Own Security
    6 Reasons Why Dev Should Own Security Geva Solomonovich, Snyk and John Morello, Twistlock Recorded: Aug 18 2017 21 mins
    Open source, containers and microservices, and a myriad of DevOps tools reduce the time and friction to deploy code. Oftentimes, security becomes a limiting factor in bringing new innovations to market.

    To build secure applications without slowing development cycles requires a new approach to security: Shift-Left Security. This means moving security to left in the development process and into the purview of developers by integrating it into existing workflows.

    Join us for this to learn:
    - 6 reasons development should own security
    - Best practices to employing Shift-Left security
    - How to deploy secure apps at DevOps speed
  • Destination: 3-D Secure 2.0 - Hosted by PYMNTS.com
    Destination: 3-D Secure 2.0 - Hosted by PYMNTS.com Ankur Karer, Director of Payment Security Presales, CA Technologies Recorded: Aug 18 2017 61 mins
    After a 17-year journey through hardships & learning experiences, 3-D Secure is finally undergoing a much-needed overhaul. EMVCo has released EMV 3-D Secure 2.0 (3DS 2.0); optimized for mobile and traditional web browser transactions.

    The new protocol delivers important additional e-commerce transaction metadata, including an extensive set of device data. This enhanced data will facilitate even greater fraud prevention gains for customers, who participate in cardholder authentication programs based on 3-D Secure.

    Join Ankur Karer, Director of Payment Security Presales at CA Technologies to learn how 3-D Secure 2.0 is poised to change online payments authentication.
    • Discover the key drivers that influenced this indisputable transformation
    • Evaluate the important benefits for mobile and in-app purchases
    • Analyze the significant new data elements to combat fraud
  • Secure Web & Cloud Gateway: Security & Threat-Protection for the Enterprise
    Secure Web & Cloud Gateway: Security & Threat-Protection for the Enterprise Michael Mauch Recorded: Aug 18 2017 28 mins
    For business, the web is both essential and dangerous. As more workers go mobile and workloads move to the cloud, the reliance and peril of the web is only going to grow. You need visibility into all this Web traffic, so you can protect your business from the threats it introduces.

    Secure web gateways (SWGs) can deliver the insights and controls you need to mitigate the risks of the web. They pick up where next-generation firewalls (NGFWs) leave off, providing the Layer 7 termination and in-depth inspection of web traffic (port 80 and 443) required to uncover and protect against the increasingly sophisticated web threats targeting your business.

    In this webinar learn how a proxy-based architecture provides unique security and threat-protection advantages for the enterprise in this new normal of remote users/offices, cloud apps, mobile devices.

    ●A proxy-based architecture is ESSENTIAL to meeting the needs of the Cloud Generation.
    ●Symantec BC Proxy SG is the best security defense.
    ●Symantec Proxy SG dramatically improves threat protection, while reducing costs of other security infrastructure.
  • Do You Have a Roadmap for EU GDPR Compliance?
    Do You Have a Roadmap for EU GDPR Compliance? Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh Recorded: Aug 17 2017 60 mins
    The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.

    Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?

    Join this webinar to learn:
    • Case study and legal/regulatory impact to GDPR
    • Security Metrics
    • Oversight of third parties
    • How to measure cybersecurity preparedness
    • Automated approaches to integrate Security into DevOps
  • GDPR Compliance and the Role of DLP and Behavioral Analytics
    GDPR Compliance and the Role of DLP and Behavioral Analytics Jon Oltsik, Sr. Principal Analyst, ESG Salah Nassar, Dir. Product Marketing, Symantec Steve Grossman, VP of Strategy Recorded: Aug 17 2017 64 mins
    The General Data Protection Regulation (GDPR) goes into effect in May 2018. It’s predicted that over 50% of companies affected will not be in full compliance in time. With fines as much as 4% annual revenue, cybersecurity experts, executives and boards are paying attention.

    What are the main obligations under the GDPR which will apply to your organization?
    How can you identify the gaps that exist between your existing programs and GDPR requirements?
    What changes are needed and which technologies can help to achieve compliance?
    What is a pragmatic timetable, in what order of priority, and at what cost?

    Join ESG Sr. Principal Analyst, Jon Oltsik, Symantec Director, Global Product Marketing and GTM Strategy, Salah Nassar, and Steven Grossman, Bay Dynamics’ Vice President of Strategy as we discuss how to:

    - Identify what data matters for GDPR compliance
    - Implement a framework for change
    - Leverage DLP and behavioral analytics for data governance

    The clock is ticking.
  • AlienVault Partner Program: An Intro to AlienVault USM
    AlienVault Partner Program: An Intro to AlienVault USM Mike LaPeters, VP Global Channel Sales & Garrett Gross, Director of Field Enablement Recorded: Aug 17 2017 60 mins
    Watch our partner webcast to learn about our award-winning, easy-to-sell AlienVault® USM™ platform and the AlienVault Partner Program. SIEM solutions integrate and analyze the data produced by other security technologies but unfortunately most mid-market organizations don't have the resources and time to create and maintain the data correlation rules that make SIEM solutions useful. This offers an opportunity for you to capitalize on the benefits of AlienVault USM. Once your prospects understand our approach to unified security management, it becomes a very quick sales cycle.

    An intro to AlienVault USM
    How to identify prospects quickly with a simple set of questions
    How to sell the benefits of USM for easier and faster threat detection
  • How to Grow and Accelerate your Managed Security Business
    How to Grow and Accelerate your Managed Security Business Garrett Gross, Director Field of Enablement Recorded: Aug 17 2017 33 mins
    Security continues to be one of the top three IT concerns for SMB, mid-market and large enterprise customers. Security and Cloud continue to be the top two industry/market spend opportunities for the channel to invest in, according to CompTIA’s 2016 Annual IT Report. The opportunity for MSPs to become Managed Security Service Providers (MSSPs) is exploding – as is the opportunity for MSSPs to strengthen and expand their bottom line and market share. If you are interested in expanding your current MSP practice with security offerings, please watch this “How-to" discussion on building and growing an MSSP. We discuss best practices and illustrate what “best in class” looks like when it comes to:

    Common security challenges for the mid-market
    Considerations when selecting security vendor partners and ensuring a profitable practice
    Operational, financial, and process considerations that are key to a successful MSSP
    Essential skills critical to build successful MSSPs
    Solutions, business resources, tools, and programs available to enable the success of an MSSP
    In addition, we discuss some common mistakes MSSPs make and how to avoid those when building your practice.
  • Threat Intelligence: The MSP’s Secret Weapon
    Threat Intelligence: The MSP’s Secret Weapon Garrett Gross, Director Field of Enablement Recorded: Aug 17 2017 34 mins
    One of the biggest challenges when creating a managed security offering is developing threat intelligence and instrumenting it with existing security controls. This challenge is magnified exponentially as a company's client base grows and needs evolve.

    In this session, you’ll learn about the benefits of building your service offering around a unified security platform and how integrated threat intelligence accelerates the detection process. We’ll also recommend how MSSPs can leverage open threat sharing communities and custom intelligence development to maximize revenue and differentiate themselves from the competition.

    Attend this Webchat and you will also learn:

    The importance of developing a comprehensive understanding of not only the different data types collected for analysis, but also the ways in which the data types interact with each other
    The need for an intelligent approach to identifying the latest threats to achieve the broadest view of threat vectors, attacker techniques and effective defenses
    Why the use of coordinated rule set updates is key to maximizing the effectiveness and efficiency of threat intelligence
    and to ensuring that your clients are protected no matter how (and how often) their business grows and needs change
  • A Step-By-Step Guide to Building a Profitable Security Practice
    A Step-By-Step Guide to Building a Profitable Security Practice Garrett Gross, Director of Field Enablement Recorded: Aug 17 2017 33 mins
    As your clients work on their 2017 budgets, they will be paying a lot of attention to security. It’s probably the top priority for most of them. Threat profiles have expanded, new attack vectors have emerged and legacy systems simply can’t keep up. It’s not nearly enough to sell some security software or deploy a few firewalls. For IT service providers, this presents both a challenge and an opportunity. On one hand, your customers need new security solutions that you haven’t delivered before. But on the other hand, your customers want to pay you for services that will increase both your revenues and profits.

    Given that your customers will want their security challenges addressed immediately, you need to rapidly develop the skills and services required to get the job done.

    In this fast-paced session, join experts from AlienVault and MSPmentor to outline a step-by-step process you can follow to build a thriving, profitable security practice. Key topics to be addressed include:

    The five vital technology tools you need to run an effective security practice
    A detailed profile of the target customers most likely to adopt IT services to help accelerate your sales process
    A map for building and pricing your security service packages to meet customers’ needs (and for building your profits)
  • How GDPR Affects US Companies
    How GDPR Affects US Companies Bob Siegel, President and Founder of Privacy Ref Recorded: Aug 17 2017 37 mins
    Learn how the EU General Data Protection Regulations affect US based companies.

    Join CyberDefenses and Privacy Ref's Bob Siegel to review how the GDPR directly impacts US based corporations. These far-reaching regulations impact any company that stores or transmits identifying information of any individual within the EU.

    In this webinar, you will be introduced to the basic elements of the GDPR and you will discuss the requirements that require action for US focused companies.

    About Bob Siegel:
    President and founder of Privacy Ref, Inc., Bob Siegel, started the company in 2012. After his time as Senior Manager of Worldwide Privacy and Compliance at Staples, Inc., Bob applied his experience and expertise to assisting companies implement and maintain strong privacy programs. Bob has worked with many different organizations, dealing with programs of all sizes and regulatory needs.

    Always seeking to improve his own understanding of all things privacy, Bob has earned certifications from the International Association of Privacy Professionals. These include certifications in US private and public sector, European, and Canadian privacy laws. Bob has also earned certifications in Information Technology Privacy and Privacy Program Management. Bob Siegel has also been recognized as a Fellow of Information Privacy by the IAPP for his outstanding dedication to the privacy community. He has also served on the IAPP's Certification Advisory Board for the CIPM program and the IAPP's Publication Advisory Board. Bob also serves on the IAPP’s teaching faculty leading classes in the areas in which he is certified.

    About CyberDefenses:
    CyberDefenses is a premiere cyber security services organization, providing advanced security services to the commercial and federal sectors. CyberDefenses Academy provides advanced training the IT, security and privacy professionals that wish to be at the top of their field.
  • Adding the S to MSP: Making Money in a Competitive Market
    Adding the S to MSP: Making Money in a Competitive Market Mike LaPeters, VP Global Channel Sales & Mike Calonica, VP American Sales Recorded: Aug 17 2017 35 mins
    Anybody can deliver technology, but these days MSPs also need to protect their customers’ networks and data. Cyber threats are a growing concern, and if you can’t provide security, your customers will find a provider who can. That’s why adding security to an MSP’s palette of services isn’t just an option; it’s a must.


    In this webcast, experts from Penton and AlienVault will discuss how to turn your MSP into a profitable MSSP by adding security for customers to protect their business from the scourge of cybercrime. Join this session to learn more about:

    Current threats and how they are evolving
    Comprehensive threat protection for the cloud
    Unified security for detecting threats and responding to incidents
  • GDPR and What It Means for Security Teams
    GDPR and What It Means for Security Teams Cheryl Tang, Director Data Security Products, Imperva Recorded: Aug 17 2017 37 mins
    The General Data Protection Regulation (GDPR) clock is ticking and the time to act is now. Organizations around the world are developing their GDPR plans. Non-compliance has significant costs…up to 4% of an organization’s annual revenue.

    Join us to learn:

    - What is GDPR
    - Deep dive into relevant data security articles of the GDPR
    - Review how different technology can address some of the GDPR data security requirements
  • Use of Managed Security Service Providers (MSSPs) - Benefits, Challenges and Tre
    Use of Managed Security Service Providers (MSSPs) - Benefits, Challenges and Tre Garrett Gross Director, Field Enablement Recorded: Aug 17 2017 55 mins
    Research shows that about half of organizations deploy a mix of in-house and outsourced IT security. Companies turn to outsourced and managed security services providers to alleviate the pressures they face, such as assessing and remediating against new types of attacks, protecting their organization against data theft, and addressing skills shortages and filling resource gaps. The 2017 Spotlight Report covering MSSP usage revealed the latest data points and trends in how organizations are leveraging Managed Security Services Providers (MSSPs) to augment, or in some cases completely outsource their security programs.

    In this session you'll learn about key findings from this survey including:

    The predominant driver for organizations to consider managed security services
    The most critical capabilities organizations look for in MSSPs
    The most requested security services offered by MSSPs
    Key benefits respondents have achieved by partnering with an MSSP

    Whether you are evaluating using an MSSP, or are an MSSP yourself, join us to gain valuable insights into how MSSPs are helping their clients. We'll also provide an overview of how our report sponsor, AlienVault, enables the threat detection capabilities of many MSSP's with their unified threat detection platform, AlienVault USM
  • GDPR update - less than 1 year to May 2018
    GDPR update - less than 1 year to May 2018 Greg Day, EMEA VP & CSO Palo Alto Networks Aug 22 2017 1:00 pm UTC 75 mins
    The General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive will both be enforced as of May 2018. You may think you’re ready for these laws, but covered companies may need to improve the security of personal data they hold, and of their networks and information systems. Data breaches and security incidents will have to be reported. As they prepare for the GDPR and NIS, it is imperative that organisations understand their cybersecurity risks and invest appropriately.

    Greg Day, EMEA VP & CSO Palo Alto Networks, explains the security-related requirements.
  • How to Stay Ahead of Today's Ransomware Realities
    How to Stay Ahead of Today's Ransomware Realities Ken Westin, Security Specialist, Splunk Aug 22 2017 3:00 pm UTC 75 mins
    The recent ransomware outbreaks have destabilized business operations around the world.

    The most recent ransomware scare came from what appeared to be a new variant of the Petya ransomware. Leveraging exploits and techniques similar to WannaCry, along with other advanced techniques, to cause damage by sabotaging systems, this latest attack clearly demonstrates how damaging malware can and likely will continue to be to organizations.

    How can you proactively prepare for such threats?

    Watch this webinar to learn how to apply a broader analytics-driven approach to do the fundamentals better, and minimize the risk that your organization will be affected.

    This session will include live demonstrations, and will cover best practices in the following areas:

    • Security fundamentals – the importance of consistent blocking/tackling and security hygiene
    • Posture assessment – establishing end-to-end visibility of potential ransomware activity
    • Investigation, hunting and remediation – IR techniques to verify alerts and hypotheses, and prioritize based on risk
    • Threat intelligence – identifying C2, file hashes and other ransomware IoCs
    • Automation and orchestration – integrating a layered security architecture to drive to faster decisions
    • Leveraging machine learning to detect ransomware patterns and adapt threat models for the latest mutations
  • Stop Living in the Past: A New Approach to Application Security
    Stop Living in the Past: A New Approach to Application Security Joseph Feiman, Chief Innovation Officer, Veracode Aug 22 2017 3:00 pm UTC 30 mins
    Information security has not kept pace with the new reality of a software-driven world. Traditional defenses are proving inadequate in this environment. We’ll discuss how organizations should evolve their security strategies as users and applications become the risk focal point. Attend this session and learn about new approaches such as:

    • Work with the way developers work.
    • Cover not only the apps an organization develops internally, but also those it purchases or assembles from components.
    • Move beyond the software development lifecycle to the full software lifecycle, covering apps from inception through production.
  • How to Choose Your Next Database Audit Solution
    How to Choose Your Next Database Audit Solution Terry Ray, Chief Technology Officer at Imperva Aug 22 2017 4:00 pm UTC 75 mins
    Data is the lifeblood of today's business. As the volume of generated data continues to grow, so does the number of data breaches. It's more critical than ever for organizations to adopt database audit and protection solutions. But not all solutions are created equal.

    What are the key capabilities that IT and security teams should evaluate? Join Terry Ray as he discusses key considerations for selecting a database audit and protection solution.

    About the Presenter:

    Terry Ray is the Chief Technology Officer for Imperva, Inc., the leading provider of data security solutions. Terry works directly with Imperva’s largest customers to educate on industry best practices, challenges and regulations. He also, operates as an executive sponsor to strategic customers who benefit from a bridge between both company’s executive teams. During his 12 years at Imperva, he has deployed hundreds of data security solutions to meet the requirements of customers and regulators from every industry. Terry is a frequent speaker for RSA, ISSA, OWASP, ISACA, Gartner, IANS and other professional security and audit organizations in the Americas and abroad.
  • Top 4 Ways Vulnerability Gets Into Software
    Top 4 Ways Vulnerability Gets Into Software Maria Loughlin, Senior VP of Engineering| Veracode Aug 22 2017 4:00 pm UTC 30 mins
    Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects? Are developers to blame? Is it just the nature of software?

    We’ll discuss the four primary ways that vulnerabilities end up in your software. Attendees at this session will understand the main sources of vulnerabilities and how to prevent them -- a good first step in making apps less like a red carpet for cyberattackers, and more like a moat. We’ll get attendees up to speed on the following:

    • Insecure coding
    • A threat landscape that never quits
    • Indiscriminate use of components
    • Programming language choice
  • Your Path to a Mature AppSec Program
    Your Path to a Mature AppSec Program Colin Domoney, Consultant Solutions Architect—Veracode Aug 22 2017 5:00 pm UTC 30 mins
    According to Akamai, attacks at the application layer are growing by more than 25% annually. But many organizations still struggle to understand how to get started with application security, or what good looks like.

    To shed light on the application security process, this session will outline the steps most of Veracode's customers take to develop a mature application security program. Attend and hear about Colin’s experience developing and managing an application security program from the ground up and learn:

    • The different AppSec phases most organizations are currently in
    • The next steps to take when moving toward a more comprehensive AppSec program
    • Lessons learned, best practices and pitfalls to avoid -- from someone who’s been there
    • What a comprehensive, mature AppSec program entails
  • Solving for compliance: Mobile app security for banking and financial services
    Solving for compliance: Mobile app security for banking and financial services Brian Lawrence, NowSecure Security Solutions Engineer Aug 22 2017 6:00 pm UTC 45 mins
    Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data.

    Join us for a 30-minute webinar during which NowSecure Security Solutions Engineer Brian Lawrence will explain:
    -- How and where exactly mobile apps fall in scope for various compliance regimes
    -- Mobile app security issues financial institutions must identify and fix for compliance purposes
    -- How assessment reports can be used to demonstrate due diligence
  • Learn how the NIST Cybersecurity Framework Benefits State and Local Governments
    Learn how the NIST Cybersecurity Framework Benefits State and Local Governments Renault Ross, Chief Cybersecurity Business Strategist North America, Symantec Aug 22 2017 6:00 pm UTC 60 mins
    The NIST Cybersecurity Framework (CSF) provides an excellent guide for state and local governments looking to improve their overall cybersecurity posture.

    Join our webcast hosted by Symantec Chief Cybersecurity Business Strategist, Renault Ross, where he reveals how to apply the CSF to state and local government.

    Learn to:

    •Identify where sensitive data is and who is accessing it.

    •Protect that data with universal policies to ensure stability of networks and infrastructure.

    •Detect cyber threats quickly and reduce the chance of breaches.

    •Respond to threats with automated actions.

    •Recover after a threat to produce reports to prove compliance.

    Register Today
  • You Can Get There From Here: The Road to Secure DevOps
    You Can Get There From Here: The Road to Secure DevOps Pete Chestna, Director of Developer Engagement—Veracode Aug 22 2017 6:00 pm UTC 30 mins
    If you are moving between methodologies, you are probably looking for a roadmap or at least lessons from someone that’s been through it already. Over its 10+ years, Veracode has moved from monolith to microservice and from waterfall to DevOps. We have learned a lot along the way and I’m eager to share the story. In this session learn:

    · A basic Understanding of Waterfall, Agile and DevOps from a people, process and technology point of view
    · Considerations when transitioning between these methodologies
    · An approach to leading the change in your own company
    · How Security can best be integrated into DevOps
  • Expanding to International Markets
    Expanding to International Markets Eric Negler, Head of Strategic Partnerships at Signifyd, and Vince Lau, Product Marketing at ThreatMetrix Aug 22 2017 6:00 pm UTC 45 mins
    Join this webinar to hear stories of how specific digital retailers have successfully entered new international markets and are now realizing increased sales without the downside of risky orders.
  • Getting the Best out of DevSecOps
    Getting the Best out of DevSecOps Colin Domoney, Consultant Solutions Architect—Veracode Aug 22 2017 7:00 pm UTC 30 mins
    With application security rapidly moving towards a DevSecOps approach, it's important to understand from each team's perspective how to be successful in the new agile process. 

    Join this webinar to understand the perspectives--both the challenges and benefits of a DevSecOps approach, and how to integrate your security, operation and Developer teams.
  • Securing the Enterprise in a DevOps World: Keynote & Panel
    Securing the Enterprise in a DevOps World: Keynote & Panel David Wayland, Head of Enterprise Application Security, Fortune 500 Financial Firm & Chris Wysopal, CTO & Co-Founder Veracode Aug 22 2017 8:00 pm UTC 75 mins
    Securing a global enterprise requires security, development, vulnerability management, compliance and risk professionals to understand the engagement and inflection points in the software development lifecycle—and their roles to accelerate it. 

    Join Veracode for a two part session featuring "Securing the Enterprise in a DevOps World" with David Wayland, and an interactive panel discussion to continue the conversation on securing the enterprise in a DevOps World. This open round table discussion will be led by Veracode Co-Founder and CTO, Chris Wysopal. We will have time for Q&A so bring your questions!

    The discussion will touch upon:
    · Are you crawling, walking or running with your DevOps initiative?
    · Pitfalls? Success?
    · How are you connecting the dots for the business and the board on how your application security initiative is mitigating risk?


    Panelists: David Wayland, Head of Enterprise Application Security—Fortune 500 Financial Firm, Pete Chestna, Director of Developer Engagement—Veracode, Joseph Feiman Chief Innovation Officer—Veracode.
  • Detect and Respond to Cyber Threats with Threat Lifecycle Management
    Detect and Respond to Cyber Threats with Threat Lifecycle Management LogRhythm Aug 23 2017 12:00 am UTC 15 mins
    Today’s reality is that your organization will continue to be confronted by increasingly frequent and complex cyber threats.

    The Threat Lifecycle Management Framework (TLM) is a series of aligned security operations capabilities. It begins with the ability to monitor and search across your IT environment and ends with the ability to quickly mitigate and recover from security incidents. The result? Faster time to detect and time to respond, without adding staff to accomplish the job.

    See how LogRhythm’s Threat Lifecycle Management Platform can help your team sort through the noise to quickly discover and neutralize concerning incidents.
  • Accelerating Multi-Cloud Deployments
    Accelerating Multi-Cloud Deployments Matt Keil, Director of Product Marketing, Public Cloud at Palo Alto Networks Aug 23 2017 10:00 am UTC 45 mins
    Organizations are rapidly embracing multi-cloud architectures that span software-defined data centers (private clouds) and public cloud environments. To help organizations protect their cloud-based applications and data from cyberattacks, PAN-OS® 8.0 expands the VM-Series with new models and optimized performance, making it the broadest, most powerful line of virtualized firewall appliances on the market.

    New scalability and resiliency features for Microsoft® Azure® and Amazon® Web Services enable organizations to build secure cloud-centric architectures. Workflow automation features for VMware® NSX® and KVM with OpenStack® help streamline VM-Series deployments.
  • The State of Security Operations: How Prepared Are You For An Attack?
    The State of Security Operations: How Prepared Are You For An Attack? Duncan Brown, IDC, Matthias Maier, Splunk, Nathaniel Ford, (ISC)² EMEA Aug 23 2017 11:00 am UTC 60 mins
    Cyberattacks are top of mind for organizations across the globe. In fact, 62 percent of firms are being attacked at least weekly and 145 percent are experiencing a rise in the number of security threats. But do organizations have the processes in place to investigate and effectively respond to these incidents? IDC recently surveyed security decision makers at 600 organizations to understand the state of security operations today.

    Join this webinar to hear from guest speaker Duncan Brown, Associate Vice President, Security Practice, IDC, and Matthias Maier, Security Product Marketing Manager, Splunk, and discover:

    ●The time and associated cost security teams spend on incident response and how you compare to your peers

    ●How organizations are coping with an average of 40 actionable security incidents per week

    ●Where teams are focusing their security efforts

    ●Why an analytics-driven approach can make security investigation more efficient and effective, reducing costs and improving security posture
  • What is an Identity Provider (IdP) and Do You Need One?
    What is an Identity Provider (IdP) and Do You Need One? Stephen Allen, Authentication Expert at Gemalto Aug 23 2017 3:00 pm UTC 60 mins
    The explosion of cloud-based applications in the enterprise is making IT and security professionals rethink their cloud identity management strategy. By default, every cloud user creates an average of 17 cloud identities. But catering to 17 different user stores per employee or partner is simply not scalable from an administration perspective. And as if IT’s time is not precious enough, password resets account for 20% of helpdesk tickets. This adds to the compliance and security risks associated with cloud-based applications, which by default require only weak static passwords and offer no central point of management across disparate cloud-based services.

    Join Stephen Allen, Gemalto Product Manager for Authentication and Access Management, and learn how deploying an Identity Provider enables:

    •Cloud Single Sign-On for easy access to cloud apps
    •Regulatory compliance with standards such as PCI DSS
    •Reduced identity lifecycle overheads
    •Centralized management of cloud access policies
    •Increased security with step-up authentication
  • Web App Attacks: Hacker Methodologies and Remediation Strategies
    Web App Attacks: Hacker Methodologies and Remediation Strategies Stephen Coty, Chief Security Evangelist at Alert Logic Aug 23 2017 3:00 pm UTC 60 mins
    It’s well known that web application attacks are the leading cause of breaches, according to Verizon’s 2017 Data Breach Investigations Report, but have you ever wondered how adversaries conduct their attacks and what methods they use to successfully compromise their web application targets?

    Register for this eye-opening webinar presented by Stephen Coty, Chief Security Evangelist at Alert Logic, who will discuss the realities of web application attacks and:

    • The global perspective of the current state of web application vulnerabilities
    • Understand how reconnaissance is used by attacks to discover and pinpoint systems to compromise
    • Attack methodologies and how vulnerable web apps can be leveraged by attackers to gain privileged access
    • Remediation strategies to help defend against web apps attacks
  • Veracode Web Application Scanning: Discover, test, & monitor web applications
    Veracode Web Application Scanning: Discover, test, & monitor web applications Glenn Whittemore, Solution Architect, CA Veracode Aug 23 2017 4:00 pm UTC 30 mins
    Looking for a consolidated solution to find, secure, and monitor all of your web applications?

    Join this 20 minute webinar to see how Veracode can help you easily track and inventory all of your external web applications with the ability to scan and scale on thousands of sites in parallel to find critical vulnerabilities and prioritize your biggest risks.

    Learn how to leverage technologies such as Veracode Web Application Scanning which enable teams to discover and address vulnerabilities during the production and pre-production phases of the software development lifecycle (SDLC). As one of the multiple scanning technologies Veracode offers on a single platform, your organization can systematically reduce risk while continuously monitoring your security posture.
  • Preparing for Cyber Risks to Healthcare Operations: Be Ready, Not Sorry
    Preparing for Cyber Risks to Healthcare Operations: Be Ready, Not Sorry Ed Kopetsky (Stanford Children's Health), Chris Holda (Huntzinger Management Group), Mike McKinley (Delta Risk) Aug 23 2017 5:00 pm UTC 60 mins
    Ensuring you have an approach to incident response, a plan for technical recovery, and the ability to maintain patient care and business continuity in the event of an attack is key. How prepared is your organization? Join fellow CIOs, CISOs, and other IT and cyber security professionals for this interactive discussion on how to secure healthcare operations.

    Learn more about how to reduce the risks that cyber attacks can pose in this live 45-minute webinar presented by experts from Stanford Children's Health, Delta Risk, and Huntzinger Management Group as they discuss essential elements of how to respond to a cyber-attack and properly prepare a business continuity plan.

    What you’ll learn:
    • Key cyber-hygiene best practices to implement
    • What the essentials are for incident response
    • How to set technical recovery priorities
    • Patient care and business continuity considerations

    SPEAKERS

    Ed Kopetsky is Chief Information Officer at Stanford Children’s Health and an Advisor with Next Wave Health Advisors. He is responsible for the strategic direction for information technology and biomedical systems, and serves on multiple advisory boards for healthcare technology companies.

    Chris Holda is a Sr. Management Consultant with Huntzinger Management Group. He has more than 20 years of experience in IT Operations and 15 years in Healthcare IT. His areas of expertise include technical operations, technical infrastructure, system integrations, licensing and contracting. As a licensed attorney, he brings a unique hands-on perspective within Healthcare IT.

    Mike McKinley has more than two decades of experience in cyber and information security in both the private and public sectors. He serves as VP and GM at Delta Risk, where he manages a team of skilled consultants who specialize in providing healthcare and other critical infrastructure clients with advisory services, managed cyber security solutions, and incident response.
  • Hunting Criminals with Hybrid Analytics, Semi-supervised Learning, & Feedback
    Hunting Criminals with Hybrid Analytics, Semi-supervised Learning, & Feedback David Talby, CTO, Atigeo Aug 23 2017 5:00 pm UTC 60 mins
    Fraud detection is a classic adversarial analytics challenge: As soon as an automated system successfully learns to stop one scheme, fraudsters move on to attack another way. Each scheme requires looking for different signals (i.e. features) to catch; is relatively rare (one in millions for finance or e-commerce); and may take months to investigate a single case (in healthcare or tax, for example) – making quality training data scarce.

    This talk will cover a code walk-through, the key lessons learned while building such real-world software systems over the past few years. We'll look for fraud signals in public email datasets, using IPython and popular open-source libraries (scikit-learn, statsmodel, nltk, etc.) for data science and Apache Spark as the compute engine for scalable parallel processing.

    David will iteratively build a machine-learned hybrid model – combining features from different data sources and algorithmic approaches, to catch diverse aspects of suspect behavior:

    - Natural language processing: finding keywords in relevant context within unstructured text
    - Statistical NLP: sentiment analysis via supervised machine learning
    - Time series analysis: understanding daily/weekly cycles and changes in habitual behavior
    - Graph analysis: finding actions outside the usual or expected network of people
    - Heuristic rules: finding suspect actions based on past schemes or external datasets
    - Topic modeling: highlighting use of keywords outside an expected context
    - Anomaly detection: Fully unsupervised ranking of unusual behavior

    Apache Spark is used to run these models at scale – in batch mode for model training and with Spark Streaming for production use. We’ll discuss the data model, computation, and feedback workflows, as well as some tools and libraries built on top of the open-source components to enable faster experimentation, optimization, and productization of the models.