Hi [[ session.user.profile.firstName ]]

Identifying and Managing Vulnerabilities in Health Care

The nearly blinding pace of technology growth in health care has led to networks of systems and devices that not only help support and maintain human lives, but have also taken on some of the characteristics of the biological systems they interact with. As the patient changes so do the medical devices connected to the patient, and so does the network connected to the medical devices. This interconnected system of man and technology has led to an environment where vulnerabilities in the technological systems can lead to dire consequences for the patient. Like the human systems technology must interact with, the technological systems need to be managed throughout their entire lifecycle, from inception to retirement. Please join this session for an overview of how vulnerabilities can be discovered, and what we need to do to continue managing vulnerabilities throughout the lifecycle of a healthcare system.
Recorded Nov 13 2014 64 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Mike Ahmadi (Medical Device Security, Codenomicon); Debra Bruemmer (Security Analyst, Mayo Clinic); Skip Snow (Forrester)
Presentation preview: Identifying and Managing Vulnerabilities in Health Care

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Silver Bullet Podcast #137 with Wafaa Mamilli Recorded: Aug 30 2017 32 mins
    Gary McGraw
    Wafaa Mamilli is Vice President, Chief Information Security Officer (CISO) at Eli Lilly and Company where she leads a global, enterprise-wide information and product security organization. She started her career consulting in Paris prior to joining Lilly France in 1995. Before being named CISO, Wafaa held several international leadership responsibilities across Lilly, including a stint as Information Officer of their diabetes division.
  • Systems Failures Fuel Security-Focused Design Practices Recorded: Aug 2 2017 47 mins
    Christopher Rommel, Executive Vice President, VDC Research and Joe Jarzombek,Security Strategist, Synopsys
    Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. A single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense (A&D) are especially at risk.

    In this webinar, Christopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results from a recent report highlighting issues facing these organizations. They will also identify what considerations need to be made for the security of software that enables and controls system functionality.

    This webinar will explore:
    • The importance of quality and security in current projects
    • The amount of code re-use from previous projects
    • How automated quality and security testing tools can integrate into your current SDLC
  • Silver Bullet Podcast #136 with Pavi Ramamurthy Recorded: Jul 31 2017 32 mins
    Gary McGraw
    Pavi Ramamurthy manages the security ecosystem at LinkedIn as a Senior Information Security Manager. The Security Ecosystem team holds much of the responsibility for software security at the firm, including: software security training, awareness, bug herding, application vulnerability response, program management, and security positioning for partners and customers. Pavi has over 20 years of experience in software engineering and development, coupled with 10 years of hands on security experience. She has also worked in various capacities at VMware, Determina, Vitria Technology, and 3Com. Pavi holds an MS in Computer Engineering from Santa Clara University and she lives in Silicon Valley with her family.

    Listen as Pavi and Gary discuss whether a background in development makes you a better software security resource, CI/CD, security testing, the role that office hours play in software security awareness, and more.
  • The Side Effects of the Internet of Things Recorded: Jul 25 2017 43 mins
    Chenxi Wang, ITSPmagazine | Ted Harrington, ISE | Gary Hayslip, Webroot | Mike Ahmadi, Synopsys
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    Innovation is moving so fast. Each day there's a new device or technological service to hit the market designed to make our lives easier, more convenient, and perhaps even healthier. They listen to us, watch us, learn about us. They help us make decisions. They “guess” our next move - our pending desire. They make decisions - even take action on our behalf. As a society we snatch up these new devices as quickly as they hit the shelves and use them with open arms, unknowingly putting our privacy and safety at risk.

    How many devices are there? What are they used for? In this session, we’ll focus on the side effects associated with devices used to run our countries, our cities, our homes, our lives - even our physical being.

    Ultimately, it’s about the lack of cybersecurity - because there is a lack of cybersecurity, there’s no conversation about it, and therefore there is no understanding (awareness) of what’s at risk for using these devices. It’s not necessarily a bad thing - but the fact we are making uninformed decisions as a society means we could be putting ourselves and our loved ones at risk without even knowing it.

    This panel is part 1 of 2 parts - it’s all about the lack of security and the side effects it has on us as individuals and as a society. What are we trading in exchange for using these devices to make our lives “better”? Bottom line... are you (we) surrendering to the technology?

    PANELISTS
    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Gary Hayslip, Vice President & CISO, Webroot
    - Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group

    MODERATOR
    - Chenxi Wang, Host of The New Factor on ITSPmagazine
  • State of Software Composition 2017 - What's in your app? Recorded: Jul 12 2017 34 mins
    Robert Vamosi, CISSP and Security Strategist at Synopsys
    So much of the software today is created using third-party code, and why not? After all, it’s quicker and cheaper than building from scratch. Using third-party software, however, isn’t without challenges as the recent report The State of Software Composition Analysis 2017 reveals. In this webinar, the presenters will not only share highlights from this report, but they’ll also explore:

    •The use of trusted repositories for open source software, preferably from the source.
    •The use of SCA to monitor the ongoing state of software decay.
    •The need to update third-party software libraries as appropriate throughout the lifecycle.
  • What You Need To Know About Petya/NotPetya & Cyber Attack Protection Recorded: Jul 11 2017 59 mins
    Eric Hanselman (451 Research), May Wang (ZingBox), Ted Harrington (ISE), Mike Ahmadi (Synopsys)
    Another widespread cyber attack in late June wreaked havoc across businesses, organizations, banks, government agencies, utility companies, shipping companies, and even power plants. Was this a ransomware attack or something more sinister?

    Join this panel of industry leaders and security experts for an interactive session on:
    - Why cybersecurity is a key focus for enterprises and organizations worldwide
    - Why ransomware protection is more crucial than ever
    - How to best prepare against future cyber attacks
    - Steps your organization should take today to ensure data security. Short term steps and long-term strategy

    Speakers:
    - May Wang, Co-founder & CTO of ZingBox
    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group

    Moderator:
    - Eric Hanselman, Chief Analyst at 451 Research
  • Silver Bullet Podcast #135 with Ksenia Dmitrieva-Peguero Recorded: Jun 29 2017 26 mins
    Gary McGraw
    Ksenia Dmitrieva-Peguero is a Principal Consultant within Synopsys’ Software Integrity Group. She is a subject matter expert in a variety of software security practices including static analysis tool design and execution, customization, and deployment. She is also an expert in the areas of penetration testing and threat modeling. Throughout her career as a consultant, Ksenia has established and evolved secure coding guidance and best practices for many different firms, and has delivered numerous software security training sessions. She speaks regularly at events around the world on topics such as HTML5, CSP, and JavaScript. Ksenia holds degrees in Education and Computer Science from Clemson University, and an MS in Computer Science from George Washington University. She lives in Virginia with her husband and newborn daughter.

    Listen as Gary and Ksenia discuss software security awareness, AngularJS, security conferences, and more.
  • Medical Device Security: An Industry Under Attack and Unprepared to Defend Recorded: Jun 21 2017 49 mins
    Larry Ponemon, Chairman of Ponemon Institute & Mike Ahmadi, Director of Critical Systems Security of Synopsys
    A recent survey commissioned by Synopsys was designed to understand the risks to clinicians and patients due to insecure medical devices. The resulting report identified some expected findings, but others were extremely surprising. For instance, 67% of medical device manufacturers and 56% of healthcare delivery organizations believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. Join Larry Ponemon of the Ponemon Institute and Mike Ahmadi of Synopsys as they discuss report highlights. They will also provide insight and predictions regarding the future of security in the medical device and healthcare industries.
  • Don’t WannaCry? Here’s How to Stop Those Ransomware Blues Recorded: Jun 14 2017 22 mins
    Steve Cohen, Product Marketing Manager, Synopsys & Robert Vamosi, CISSP and Security Strategist, Synopsys
    After taking the world by storm, it’s time to dig into the WannaCry ransomware worm to learn how a decades-old technique is still catching us off-guard. We’ll also examine how to safeguard your organization in the future against this type of attack.

    In this webinar, our experts will discuss the benefits of securing your organization's software to keep the bad actors from pivoting from vulnerabilities in the network layer to those in the application layer. We'll show you how to shrink the time to value in the market without compromising quality and security via a secure SDLC.
  • Silver Bullet Podcast #134 with Kelly Jackson Higgins Recorded: May 24 2017 25 mins
    Gary McGraw
    Kelly Jackson Higgins is the Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with over 20 years of experience as a reporter and editor. Publications that Kelly has been associated with include Network Computing, Secure Enterprise Magazine, Communications Week, and more. Kelly’s coverage of computer (i.e., cyber) security has led her to be selected as one of the top 10 cybersecurity journalists in the U.S. She holds a BA from the College of William and Mary where she also played on the women’s soccer team. She currently lives near Charlottesville, VA.

    Listen as Gary and Kelly discuss how to separate fact from fiction when it comes to news in security, changes in security-focused journalism in recent years, social media, security politics, and more.
  • Software Security Strategy with BSIMM Recorded: May 3 2017 54 mins
    Sammy Migues, Principal Scientist
    If you play a role in your organization’s software security program, you know there is no shortage of things to do. In fact, the Building Security In Maturity Model (BSIMM) calls out the 113 most commonly observed software security activities. The BSIMM enables experts like you to discover what others are doing in this universe, how those activities currently work, how they worked in the past, and how they are likely to work in the future.

    However, implementing BSIMM activities like a checklist won’t get you to success. It takes some real strategy to efficiently include new software security activities and also ensure existing activities continue to be applied well.

    Listen as Sammy Migues, Principal Scientist at Synopsys, discusses how to marry BSIMM activities to a strategy enabling you to build a viable security program. Sammy bases his insights on over 300 in-depth assessments within the BSIMM and 30+ years of industry experience.
  • Silver Bullet Podcast #133 with Cheryl Biswas Recorded: Apr 27 2017 30 mins
    Gary McGraw
    Cheryl Biswas is a Cyber Security Consultant focusing on threat intelligence at KPMG Canada. Her IT career began over 20 years ago at CP Rail’s helpdesk, with further roles in vendor management and change management. She went on to work as an InfoSec researcher at JIG Technologies where she advised her team and clients on security matters and weekly threat intel updates. Cheryl strives to connect people within information security, with a focus on end users. She shares a passion for learning and security by blogging, speaking at conferences, and through her social media presence. Cheryl holds a B.A. in Political Science from York University. She lives in Toronto, Canada with her three kids.

    Listen as Gary and Cheryl discuss aligning security to work as a service for the business rather than an imposition for employees, trending cyber security political topics, work-life balance, and more.
  • Moving Toward Better Security Testing of Software for Financial Services Recorded: Apr 20 2017 62 mins
    Steve Kosten, SANS instructor & Mike Ware, managing principal at Synopsys Software Integrity Group
    The financial services industry (FSI) maintains high-value assets and typically operates in a very complex environment. Applications of all types—web applications, mobile applications, internal web services and so forth—are being developed quickly in response to market pressures by developers with limited security training and with relatively immature processes to support secure application development. This combination presents a juicy target for attackers, and data shows that the FSI continues to be a top target. Attempts to introduce security into the application life cycle frequently face challenges such as a lack of available application security expertise, concerns about costs for tooling, and a fear among product owners that security processes might impede the development cycle and slow their response to market conditions.

    This webinar will explore:
    - Who is the financial services industry (FSI)?
    - Drivers of application security
    - Inhibitors of application security
    - The foundation of a secure SDLC
  • Silver Bullet Podcast #132 with Chenxi Wang Recorded: Mar 29 2017 33 mins
    Gary McGraw
    Dr. Chenxi Wang is the founder of the Jane Bond Project. She has built an illustrious security career with experience at Forrester Research, Intel Security, CipherCloud, and Twistlock. Dr. Wang started her career as a computer security faculty member at Carnegie Mellon University. She holds a Ph.D. in Computer Science from the University of Virginia and currently lives in Silicon Valley with her family.

    Listen as Gary and Chenxi discuss the life of Professor John C. Knight, the Jane Bond Project, the Grace Hopper Conference, the state of software security, DevOps, fixing the diversity in tech issue, and more.
  • Forrester Total Economic Impact™ Study: Seeker® – IAST Recorded: Mar 1 2017 52 mins
    Liz Witherspoon, Forrester & Nadav Kotlarsky, Sr. Product Manager, Seeker
    Implementing Seeker, Interactive Application Security Testing by Synopsys, in your Agile development environment not only reduces time and cost to remediate security vulnerabilities, but also reduces risk of a data breach. To quantify these benefits, Synopsys commissioned Forrester Consulting to conduct an in-depth customer case study to examine the potential ROI an organization may realize from deploying Seeker.

    Join guest speaker Liz Witherspoon, Principal Consultant at Forrester Research, and Nadav Kotlarsky, Sr. Product Manager, as they explore an in-depth customer case study quantifying the potential ROI of deploying Seeker.
  • Silver Bullet Podcast #131 with Kate Pearce Recorded: Feb 28 2017 32 mins
    Gary McGraw
    Kate Pearce is a Senior Security Consultant at Cisco within the Customer Solutions division. In her career, Kate approaches security from diverse perspectives encompassing defenders, builders, assessors, and attackers. Her approach blends business, academic, and assessment contexts with a clear focus on evidence-driven security approaches. Kate holds an MSc and a BSc in Computer Science from the University of Canterbury. A repatriated Kiwi, she currently lives in Wellington, New Zealand with her wife and cat.

    Listen as Gary and Kate discuss the state of the software security industry, gender perspectives in the security space, the relationship between biology and security, and more.
  • What's New in Coverity 8.7 Recorded: Jan 25 2017 44 mins
    Yan Huang, Sr. Product Manager, Coverity
    Synopsys, Inc. recently released Coverity 8.7, the latest version of the company's industry-leading static analysis tool and one of the core components of its Software Integrity Platform.

    This webinar presents several imporant updates to enhance its security analysis and extend its utility to a broader audience, including organizations developing web and mobile applications and software systems for vehicles and other safety-critical systems.

    Highlights:
    - Enhances Android security analysis to detect critical vulnerabilities and weaknesses on the OWASP Top 10
    - Improves security analysis and accuracy for JavaScript, Java and C# web applications
    - Expands desktop analysis with Integrated Development Environment (IDE) plugins for mobile and web application security testing
  • Silver Bullet Podcast #130 with Jessy Irwin Recorded: Jan 23 2017 32 mins
    Gary McGraw
    Jessy Irwin is Vice President of Security and Privacy at Mercury Public Affairs. Her work focuses on human-centric technology and security. Jessy works tirelessly to make security and privacy accessible to the average person through education and awareness. As an outspoken advocate, she writes and speaks publicly about security research, strong crypto, and security education. She studied Art History and French at Virginia Tech and is now based in San Francisco.

    Listen as Gary and Jessy discuss social engineering, security research, and security education and accessibility.
  • Silver Bullet Podcast #129 with Kelly Lum Recorded: Dec 27 2016 34 mins
    Gary McGraw
    Kelly Lum, a.k.a. Aloria, is a Security Engineer at Tumblr and an Adjunct Professor of Graduate Computer Networking and Application Security at NYU. She has 13 years of experience in computer security, having previously worked in both the government and financial services spaces. Kelly is also a frequent speaker on the Black Hat SummerCon Countermeasure circuit where she often focuses on data loss prevention (DLP) and bug hunting.

    Listen as Gary and Kelly discuss the differences between application security and software security, finding bugs versus fixing bugs, improving code review tools, and how mental illness affects her analytical security outlook.
  • How to Deliver Robust and Secure Software Recorded: Dec 13 2016 59 mins
    Jonathan Knudsen
    Software development is a mad rush to market where it seems like the only thing that matters is functionality. Everyone is just trying to make something that works and start selling it before anyone else.
     
    In the long game, security, robustness, and safety are crucial. Resilient, enduring software demands a proper secure development life cycle (SDLC) in order to locate and eliminate vulnerabilities during product development and after release.
     
    Automated tools are indispensable for locating vulnerabilities, and a signoff approach to the SDLC results in a final product, brought to market in a timely fashion, that presents a minimized risk to both producer and consumer.
     
    This presentation examines the classes of tools that locate vulnerabilities and shows how they are used in the context of product development to save time and money and minimize risk.
Application security is a journey.
We go beyond traditional application testing to empower you to build security into your software at every stage of your development process. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Identifying and Managing Vulnerabilities in Health Care
  • Live at: Nov 13 2014 7:00 pm
  • Presented by: Mike Ahmadi (Medical Device Security, Codenomicon); Debra Bruemmer (Security Analyst, Mayo Clinic); Skip Snow (Forrester)
  • From:
Your email has been sent.
or close