Name: Secure Code Review: Catching Vulnerabilities at the Source
Start: 2022-11-03T20:00:00Z
End: 2022-11-03T20:00:33.000Z
Location: BrightTALK
Rating: 5

HackerOne pinpoints the most critical security flaws across an organization’s attack surface with continual adversarial testing to outmatch cybercriminals. HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Citrix, Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Hyatt, Microsoft, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.

The 8th Annual Hacker-Powered Security Report just launched. How can you interpret it to make the case for your own human-powered security program, attract more security researchers to your programs, or incentivize more impactful vulnerability reports? 

This webinar, featuring HackerOne customers and a leading member of our security researcher community, will answer that question.

From Data to Results: Building Resilience with Insights from the Hacker-Powered Security Report

In an era of increasing regulatory scrutiny, financial services organizations face mounting pressure to meet stringent cybersecurity compliance mandates. This session explores how HackerOne’s Vulnerability Disclosure Program (VDP) empowers financial institutions to meet these mandates while strengthening their security posture. We will discuss the essential role of VDPs in uncovering hidden vulnerabilities, fostering trust with regulators, and demonstrating proactive risk management. Attendees will gain insights into leveraging the HackerOne platform to streamline compliance processes, enhance transparency, and safeguard sensitive data, all while navigating the unique challenges of the finance sector.

The Compliance Advantage: Strengthening Financial Cybersecurity with HackerOne's VDP

As the cybersecurity landscape continues to change, understanding the perspectives of security researchers is essential for effective risk management.

In this 30-minute webinar session, we’ll dive into the top five takeaways from the 8th Annual Hacker-Powered Security Report. With practical examples and actionable recommendations, you’ll learn how to:

Ensure that AI deployments are secure and trustworthy 
Enhance your approach to vulnerability management 
Implement demonstrably valuable security measures
Watch this fast-paced exploration of the vital role of human expertise in the AI era.

5 Things to Learn from the 8th Annual Hacker-Powered Security Report

New threats emerge faster than any security team can fight them, which is why implementing an always-on vulnerability disclosure program (VDP) is not just a wise decision—it's becoming a standard practice mandated by government regulations and global compliance frameworks. Having a VDP openly demonstrates your organization's commitment to security, showcasing transparency, accountability, and a proactive approach to safeguarding your systems.

Why Implement a Vulnerability Disclosure Program (And How to Do It)

For retail, a security breach costs $2.96M on average—and traditional security measures can’t keep up with evolving threats. To protect your customer data and your reputation, proactive, always-on testing powered by ethical hackers is the way forward. watch this Q&A with Swiss sportswear brand On and HackerOne to learn the real-world benefits and practicalities of a human-powered security testing program for retail and e-commerce.

Retail Under Attack: HackerOne Customer Insights on Outsmarting Cybercriminals

Relying solely on internal teams and automated tools can leave crucial vulnerabilities overlooked. Traditional methods struggle to keep up with limited resources, evolving threats, and complex systems.

Enter HackerOne Bounty: Leveraging the expertise of the world's largest ethical hacker community, we offer proactive, continuous testing of your digital assets. Our custom-tailored bug bounty programs connect you with top-tier security researchers—and offer financial rewards to incentivize these creative minds to uncover novel and elusive vulnerabilities in your systems.

Everyone from seasoned security professionals to curious enthusiasts will find value in this session.

Continuous Security with HackerOne Bug Bounty: Cyber Defense Done Right

In this panel session from the 2024 Cybersecurity Summit, you'll hear from experts from HackerOne, Google Cloud, Ping Identity, Automox, and HID about how to manage your attack surface, plan for the continuing influx of AI tools and technology, and protect your organization against ransomware, DDoS attacks, and more.

2024 and the Biggest Threats to your Business

Talent shortages, launch delays due to skillset and staffing gaps, and challenges in retaining seasoned pentesters. These all create serious barriers to running successful and consistently effective pentest programs. 

Inefficiencies in everything from coordinating schedules to monitoring coverage, tracking remediation, and maintaining a cadence of communications for high-risk issues can undermine productivity and reduce security effectiveness. 

Watch this on-demand demo (the first 10 mins) followed by a Q&A to see how the security industry’s leading Pentest as a Service (PTaaS) platform, combined with talented and thoroughly vetted pentesters, can create a responsive program filled with meaningful findings that deliver on its ROI promise.

Beyond Traditional Testing: Elevating Cybersecurity with HackerOne Pentests

Exploited vulnerabilities are the most common root cause of the most significant ransomware attacks in the financial services sector. At the same time, nearly half of security professionals say that testing too late in the development cycle remains a major source of frustration. So why are we still failing to catch vulnerabilities earlier? The structure and priorities of development and security teams remain at odds for most organizations. In fact, few “shift left” initiatives have successfully gone to plan. 

Developer productivity is still often measured on speed of deployment, at the expense of security. Failing to catch vulnerabilities before code is released overburdens small security teams, stalls code production, and increases the risk of costly data breaches that erode brand trust.

In this on-demand recording from the December 2023 Finance & Risk Cyber Security Summit, HackerOne's CTO, Alex Rice, will demonstrate how we can reframe our thinking, team structures, and culture to recognize that security is a process, not a destination. Security teams must adopt an advisory role for development that embraces how developers work and supports developer-first initiatives to drive secure outcomes.

Shift Left Is Dead: A Post-Mortem.

Gain invaluable insights on quality-driven pentesting from our virtual "Ask Me Anything" (AMA) session, tailored for security leaders skeptical about the impact and results of community-driven pentesting. You'll have direct access to the representatives from the elite top 10% of pentesters from HackerOne's 2 million-strong ethical hacking community, selected for their proven skills in rigorous testing environments. Address your doubts in this hour-long interactive panel, dissecting everything from web app vulnerabilities to compliance intricacies, all through the lens of methodical, results-oriented pentesting.

Who Should Join

This session is essential for security decision-makers who are weighing the benefits of community-driven pentesting against traditional models. If you're seeking to understand how collaborative security efforts can align with and enhance your business's security posture, this AMA will provide the clarity and reassurance needed to make informed decisions about your security strategy.

Check out this on demand webinar to see how structured, community-driven pentesting can yield quality outcomes and provide ongoing security assurance!

Truth Behind the Hack: Elite Pentesters Tell All in a Live Q&A

With the 2024 election right around the corner, security and integrity are on the minds of U.S. constituents. 

In this on-demand webinar, cybersecurity and election integrity subject-matter experts from The Elections Group and HackerOne discuss the success of a 2023 hacker challenge conducted by the Election Security Research Forum and leading voting technology providers—and give some tips on how state and local government leaders can leverage the findings to improve their security stance. The webinar also discusses the intersection of IT infrastructure and cybersecurity and how CVD can help election officials improve internal processes while building trust with constituents.

Ready for 2024: How CVD/VDP Can Boost Election Integrity and Public Perception

Hackers gather in London, U.K. to partner with the Salesforce security team as they work to keep their digital landscape and users safe. Hosted by HackerOne in June, 2023.

H1-4420: Salesforce's Live Hacking Event in London

Learn how the global talent of the ethical hacker community can help you with your preemptive security, delivered via Pentest as a Service (PTaaS), to streamline validation and fix vulnerabilities fast. See how PTaaS can help you:
- Reduce risk in real-time.
- Find more critical and high vulnerabilities.
- Accelerate pentest results to find and fix security issues faster. 
- Go above and beyond compliance. Satisfy requirements for SOC 2 Type II, PCI DSS, ISO 27001, HITRUST, FISMA, SOX, and GDPR.

The Power of Pentesting as a Service (PTaaS)

Recent Enterprise Strategy Group (ESG) survey data from Jon Oltsik, Distinguished Analyst and Fellow, indicates that for 87% of respondents, ensuring secure and available applications is a top priority. 

Though the importance of app security is paramount, ESG also noted the following persistent roadblocks:
• Maintaining security consistency across data center and public clouds where cloud-native apps are deployed
• Use of multiple cybersecurity controls that increase costs
• And lack of visibility into public cloud infrastructure where apps are hosted.

Jon Oltsik showcases 9 advantages of continuous penetration testing to enhance your company’s app security, as well as 5 ways to improve pentesting itself, in this custom ESG webinar. 

Join the discussion to view Oltsik’s vendor-neutral analysis of the state of app security, glean ESG’s latest survey data, and overcome your own app security challenges.

ESG Analysts on the Value of Continuous Penetration Testing

A well-designed and purposefully run bug bounty program can have a tremendous impact on your organization's attack resistance. A few fundamental steps will help you hit the ground running, so you can successfully launch and maintain a high-performing bounty program.

In this webinar, HackerOne’s field experts will walk you through what you need to know, drawing on their firsthand experience planning bug bounty programs for organizations ranging from federal governments to SMBs and global enterprises. You’ll learn how they set up customers for success and how mature programs operate to derive maximum value.

Key takeaways:
- Pre-launch steps for an effective public or private bug bounty program
- Day-to-day operational practices to ensure consistent results and maximum ROI
- Real-world examples of how bug bounty programs drive hacker engagement and track results 
- How HackerOne Bounty can help reduce recurring vulnerabilities by up to 98% and enable organizations to release secure products faster

Frontline Tips for Managing a High-Performing Bug Bounty Program

2023 is panning out to be another challenging year for security leaders. Between the looming recession, ongoing tech layoffs, and climbing security incidents, uncertainty looms large.

Get tips for recession-proofing your security strategy from seasoned CISOs who’ve been through this before. HackerOne’s CEO will lead this roundtable discussion with CISOs from Cisco Security Business Group, Xerox, and Sumo Logic to learn about:
—Lessons learned from past recessions and what security leaders can do to prepare
—Tips for consolidating and investing strategically for the best security outcomes
—How to adjust your security strategy if you face resource constraints

Recession-Proof Your Security Program

Grammarly Shares How It Pinpoints the Most Critical Flaws in Its Attack Surface with Help from Ethical Hackers.
As a company selling writing assistant software to enterprises, Grammarly understands that product security is not a one-and-done initiative. Join this executive fireside chat to hear directly from Grammarly’s CISO about the value they get from adversarial testing via the HackerOne platform and its legion of ethical hackers.

Alex Rice, CTO and Co-founder at HackerOne and Suha Can, CISO at Grammarly will discuss how bug bounty and penetration tests fit into Grammarly’s preemptive security programs and how Suha measures the value of these solutions.

Register for the webinar to discover:

-How to effectively leverage bug bounty and pentesting in your application security strategy.
-The value of working with a crowdsourced security platform.
-How to prove the value of preemptive security initiatives to your non-security stakeholders.

The Impact of Preemptive Security

Cyber attacks are becoming more sophisticated with each passing day. It is crucial for companies to build a strong cybersecurity leadership team to address both present and evolving cyber threats. 

This talk from University of Washington's Deveeeshree Nayak will focus on the key strategies to build a leadership pipeline in cybersecurity to address common cyberthreats organizations will face. 

Key Takeaways:
- Best practices to build a strong cybersecurity leadership team.
- Key strategies to collaborate with a non-technical team.
- Tips to create a diverse and inclusive leaderships team.

How to Build a Successful Cybersecurity Team

Tune into this session and hear a walk-through scope on how to design a responsive playbook that will account for current threats and establish active continuum for security operations center (SOC) team. 

Key takeaways:
- Define the fundamentals and sync with best practice;
- Simplify your messaging and facilitate with actors;
- Align your business environment with postmortems.

Designing a Responsive Playbook

In today’s world, when it comes to ransomware attacks, it’s not a matter of if but when your company will be affected.

To avoid the painful outcomes ransomware ensures including, the prolonged shutdown of operations, lowered employee productivity, increased support cost, and reputational damages, it’s essential that organizations focus on creating a playbook for remediation and recovery that combine technology and process to get your operations back to normal quickly.

Speakers:
Alan Sanderson, VP of North American Sales at Absolute
Jeff Laskowski, VP of Global Professional Services at Absolute
Brian McGowan, VP of Global Security & Privacy at SharkNinja

The Reality of Ransomware Attacks

Perimeterless hybrid environments reliant on cloud infrastructure are a boon for threats. Sophisticated threat actors and insider threats are taking advantage of security gaps presented by this expanded attack surface.
 
Attend this webinar to learn the trends, required data, and detection summaries for key threats. You’ll hear about threats observed in real-life scenarios and how to improve your security posture and stop attacks early in the ransomware kill chain.  

Stay in front of emerging and unknown threats by ensuring you know about best practices in cloud infrastructure, preemptive ransomware and securing IoT and OT.

Speakers:  
Augusto Barros, VP, Cyber Security Evangelist, Securonix
Sina Chehreghani, Manager Incident Response, Securonix Threat Labs
Kayzad Vanskuiwalla, Director Threat Hunting & Intelligence, Securonix Threat Labs

The State of CyberSecurity 2022

As network environments get more complex (e.g., work from home users, BYOD and IoT devices, workloads migrated to public clouds), relying solely upon SIEM and End Point Detection and Response (EDR) solutions is not enough for effective cybersecurity.

This session will explore challenges these solutions face and the advantages you gain with advanced Network Detection and Response (NDR):
 
• Gain packet level visibility across your entire network environment (including public cloud)

• Fill the gaps in visibility left by EDR solutions

• Easily integrate into and complement an existing cybersecurity stack, improving an organization’s overall cybersecurity posture

We will introduce NETSCOUT’s advanced NDR solution, Omnis Cyber Intelligence, and demonstrate how it can improve incident response.

Overcome the Challenges of EDR with Advanced NDR

This session provides practical advice to establish cybersecurity metrics, Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). We begin with an explanation of the differences between them and why each are needed. Examples of how to design metrics, KPIs and KRIs are provided. Areas of focus include cybersecurity measurements for all organizations, for processes & functions and in alignment with a control framework. The end game is to measure if processes and controls are functioning as designed.

We also walk through tips for communicating new metrics and go-to-green updates for metrics in red or yellow status. The session includes 22 metrics and seven resources for many more. All of this saves time and can assist with enhancing your program.

About the speaker:
Gideon Rasmussen is a Cybersecurity Management Consultant with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse cybersecurity industry experience within banking, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management. Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences). He is certified in many programs including CISSP, CRISC, CISA, CISM, CIPP, ITILv3, and NSA-IAM.

Cybersecurity Metrics, KPIs and KRIs

IT and security teams across industries are supporting increasingly distributed workforces and a growing number of device options. Meanwhile, identity-based attacks are the top threat to organizations today, with a Verizon report from 2021 finding that 45% of organizations have suffered a breach due to identity-related threats. Staying ahead of these risks is critical, but since traditional approaches to identity security are often fragmented, complex, and lack agility, this is no easy feat.

By adopting an identity-first approach to security, organizations can elevate their security posture and reduce friction as they adopt hybrid and fully remote working models.

In this 45 minute discussion, ESG Senior Analyst Jack Poller is joined by Ryan Terry, Senior Solutions Product Marketing Manager at Okta, to discuss the role of identity in the modern security stack and explore tips and best practices for teams looking to bolster security and drive productivity across a distributed workforce. 

Topics for discussion include: 
- How to think about adopting an identity-first approach to security
- Balancing security with usability: How an identity-first mindset can mitigate risk while empowering distributed workforces
- Understanding Zero Trust: Why organizations are adopting the approach and how to decide if it’s right for your organization
- And more...

Bolstering Security in the Era of Remote Work

Over the past two years, virtual work has exploded and become the new normal for organizations, schools, and government. But with this new normal has come new dangers for staying safe and secure. 

CyberVista's George Monsalvatge wants to ensure users stay safe when connecting to networks from a variety of locations. In this presentation, he'll cover:
- Checking network connections.
- Signs of compromise.
- How to stop breaches.

How to Stay Safe While Working Virtually

Traditional threat intel is broken. We’re trained to conduct threat intel analysis based on what the industry has given us: wordy threat intel reports, long lists of indicators of compromise with little context, and TTPs that are difficult to take action on. 

Cyber deception, however, gives contextualized rich intelligence on attacker activity. Advanced deception environments, tailored to your attack surface, offer the next generation of threat intelligence collection and analysis. Deception environments are exceptionally effective because they generate known “bad” data. No one should be messing with them. The data they collect is clear and unequivocal. See how they offer clear signals in all the noise.

Start Gathering Your Own Threat Intelligence

Access to independent, current, globally sourced cyber threat intelligence at no charge.
 
We anticipate that the current conflict will lead to a growing number of cyberthreats. Threat actors will be trying to exploit the ongoing crisis for their own ends. To confront this potential wave of cyberattacks, businesses worldwide need to have access to trusted and timely threat intelligence.
 
Kaspersky are industry leaders in Cyber Threat Intelligence. At Kaspersky, we are pleased to announce, we are offering you access to some of our very latest threat intelligence at no cost.
 
Join our webinar to understand more about the features, and see a demonstration.
 
In this webinar Lee Rendell, Senior Presales Manager at Kaspersky UK, will talk you through what Kaspersky Threat intelligence service provides and why we are providing you access to the portal, the intelligence, and at no charge. We will run you through a demo of the Threat Intelligence Portal, to help you understand how this solution can benefit you and your organisation.

Threat Intelligence in action

Email remains the #1 attack vector, yet many businesses remain dismally unprepared for a successful attack. In this webinar, Michael Posey, Channel Presales Engineer at Vade, will examine the latest techniques hackers are using to bypass email filters and the tools and solutions for detecting and responding with precision.

The Email Menace: Understanding and Responding to the #1 Threat to Your Business

While the threat landscape continues to evolve at a rapid pace, organizations typically overlook (or poorly perform) the most foundational aspect of building a strong defensive posture -- the human element. Whether it is misconfiguring a system, clicking on a malicious link, or failing to detect or respond to an anomalous event, most breaches are successful because of human error or inattention. 

Tune into this webinar to learn:
- The key areas where humans create weaknesses.
- Review some common tricks that allow attackers in.
- Changing the mindset of your organization to be more security aware.
- Where to begin along with several takeaways.

It's Not the Silicon, it's the Carbon -- Those Darn Humans

Heraclitus, a Greek philosopher, is quoted as saying "change is the only constant in life." It is no surprise this also applies to the information security world we are a part of. 

The threat landscape is constantly evolving as are the industry and regulatory requirements organizations must adhere to. How then are we to maintain a security strategy that accounts for these ever-changing factors? 

In this live session, we will discuss the key components of a sound security strategy and how to identify and address the changing threats, requirements, and other factors impacting your strategy.

Building Your Security Strategy To Manage Change

What you’ll learn:
Outlining the various solutions in the cybersecurity market
Today’s top security challenges
The differences between Product (XDR) and Service (MDR)
How to select the right solution for your organization
An overview of Secureworks ManagedXDR
Answers to questions that our speakers received during the live webinar

EDR. XDR. MDR. If you’re looking at the cybersecurity market today, there are a lot of acronyms floating around – leading to a lot of confusion.

How do you filter through the alphabet soup and find the solution that solves your unique security challenges? Please join Secureworks® and Frost & Sullivan for a discussion that will clear the confusion in the market and help CISOs understand what to consider in discovering the right solution based on their organization’s needs!

EDR, XDR, MDR: Filtering Out the Alphabet Soup of Cybersecurity

Effective cyber defense requires time-consuming analysis and a level of data aggregation and correlation that is at best an art, and at worst cost prohibitive. Meanwhile, attackers remain agile and inventive, rapidly changing their methods with minimal costs (to them).  Automation brings with it the promise of leveling the playing field, giving more time back to defenders and keeping us equally agile. Unfortunately, it is far more common that automation in cybersecurity expands already monolithic tool sets, extends vendor lock-in, and increases our support costs.  

This talk will outline a pragmatic approach to automation in cyber defense that increases efficiency without breaking your budget. Attendees will learn how to identify candidate tasks and workflows ripe for automation, apply a repeatable approach to introducing automation, and avoid common pitfalls in building a more automated cyber defense.

A Pragmatic Approach to Automating Your Defenses

Are you confident that your Data Protection strategy is effective? With cloud apps, mobility, and state-sponsored threats on the rise, your data is now in danger more than ever. Securing distributed data has become a top challenge in today's organizations, and most security approaches fail to approach the problem holistically. Therefore it’s time to take a step back and re-evaluate your security model.

5 Critical Steps to Secure Cloud Apps and Data

With the post-pandemic work environment taking shape, CISOs must now come to terms with permanently remote and hybrid workforces, the decline of VPNs and perimeter-based security technologies and other inalterable changes. At this “point of no return,” security leaders require an updated roadmap to effectively manage new and improved cyber threats and a user base stretched out across locations doing work with third party and non-sanctioned applications. Attackers are growing sneakier and more sophisticated in penetrating the less defined barriers of the new workforce. CISOs should rethink old strategy and risk models in order to secure their companies in this destabilized post-pandemic world.

Tune into this panel discussion including top experts in the cybersecurity sphere and discover how CISOs and other security leaders can guide their companies into a safer future. Some of the key discussion points will include:

- Top threats predicted to strike in 2023 and how security leaders can prepare.
- How to phase out legacy security technologies that may no longer be effective in this post-pandemic work world.
- The biggest challenges brought forth by hybrid and remote workforces and how to address them. 
- Rethinking and re-organizing your organization’s risk model.

CISO Security Tips to Manage the “End” of COVID-19

How to defend against inevitable security breaches

Fallen victim to a data breach yet? If not, your organisation is one of the lucky ones - for now. Cyber attackers are using ever more sophisticated attempts to execute attacks on a daily basis. Realistically, it's unlikely that an organisation can swerve an attack without robust cyber security measures already in place to prevent, detect and mitigate cyber threats. 

Hear from Akamai's Director of Security Technology and Strategy, Richard Meeus and:
- Understand the common attacks in the cyber threat landscape - from DDoS, to phishing, MFA and microsegmentation.
- Discover cyber security models and strategies to protect your organisation should it fall victim to an attack.
- Learn how you can provide your users with risk-free access to applications and services.

Have You Been Breached Yet? Are You Sure?

In today’s rapidly changing world, it’s very easy to lurch from issue to issue without stopping to pause and think strategically about where the issues are coming from and how you can prevent the next one from being a career-defining incident. 

In this talk, Quentyn will take a light-hearted view of eight issues he sees frequently today; how they have developed, and how to avoid them keeping you up at night.

8 Things That Keep CISOs Up At Night (You Won't Believe Number 4!)

“Those that fail to learn from history are doomed to repeat it” —Winston Churchill. 

If the age of Covid has taught us anything, it’s that we need to be nimble and embrace change. But what breach lessons can we learn to help us navigate the future? 

Join BCyber’s Co-Founder & CEO Karen Stephens as she unpacks key breach themes and the lessons we can learn to help us prepare for the future. This is the chance to learn from the experiences of others rather than having to learn from your own breach!

Staying Ahead of the Breach

As engineering teams move faster and faster, we’ve seen application security “shift left” - with testing done earlier and earlier in the development lifecycle.  But the way teams test hasn’t changed - we’re still in a land of false positives, vetting applications against known vulnerabilities, and bracing ourselves for emergency patching when the next zero day hits.

By thinking like a hacker when testing applications - you can automatically find exploitable vulnerabilities and fix them while your code is still in development -- giving you stronger security while also increasing velocity

In this talk, we’ll discuss: 
The benefits (and limitations) of current approaches to application security
Balancing security and development velocity - how to build win/win scenarios
Setting realistic targets for application security programs based on known risks
Adopting a hacking mindset to help developers increase velocity and security both 
Using techniques like fuzzing and symbolic execution to ‘hack’ your applications in your own development pipeline

Think like a Hacker: How to Get ahead of Zero Days.

Recent cybersecurity incidents continue to show that public sector entities from local school districts to federal agencies are not immune to cyber threats. These range from ransomware attacks to data breaches involving sensitive student and staff data. 

Tune into this webinar that will examine trends, highlight examples, and share best practices for steps to take before, during, and after a cyber incident with a focus on public agencies and officials.

Public Sector Entities: Vulnerable and Less Prepared Cyber Targets

The evidence is in the news: threat actors are constantly on the hunt for weakly secured applications to exploit. Does your business have a target on its back? What can you do now to avoid becoming tomorrow’s data breach headline?

This webinar examines how cybercriminals are hacking applications and the need for effective application security. Inside, learn:

• How threat actors are exploiting unsecured software
• How we make exploitation too easy for the adversaries
• How a Protection Blueprint can change the tide
• And more

How threat actors hack your applications

Cyber attacks are not random acts that affect only a few. They are calculated ambushes that will impact you at some point -- whether you're prepared or not. Join this session as Jim Goldman discusses the state of cybersecurity, the implications of an attack, and what you can do to best mitigate your risk to protect yourself and your business. 

About the speaker:
Jim Goldman is the co-founder and CEO of Trava, a company created to protect small and medium-sized businesses from the potential damage of cyber threats through risk assessment, security strategy, and cyber insurance. He is a nationally published author and frequently requested speaker and subject matter expert on technical topics and security topics. Prior to founding Trava, he was a faculty scholar at Purdue University where he served as a professor and associate department head. He started a research lab serving the FBI and trust organizations for cloud computing companies that included Salesforce. And while at Salesforce he was responsible for enterprise-wide security governance, risk management, and compliance and built the company's first Security GRC organization.

It's Not Cyber Crime, It's Cyber Warfare

Geopolitical instability and cybersecurity are unavoidably intertwined. Organizations of all types can be at higher risk even if they’re not connected to a conflict. Cyberattacks are a weapon sometimes wielded even against nation-states not directly involved in a conflict. Going into 2023 Russia’s war in Ukraine will bring it with cyberthreats. Other nations too, including North Korea, Russia, China and Iran, are likely to raise organizational leaders’ concerns about security.

This panel will look at the current and near-future prospects for geopolitical conflict, including
• The role of cybercriminals in conflicts between nations, such as the Conti and Stormous ransomware groups’ support for Russia in the current Ukrainian conflict; 
• How nation-states weaponize cyber-attack skills to increase their power in the world;
• Where CISOs, CEOs, and other organizational leaders should focus security investments to respond to threats issuing from global conflict.
• What tools exist for companies to keep themselves from becoming “casualities” in an international conflict.

Moderated by: Rob Wright, News Director at TechTarget 

Panelists:
Kevin Kirkwood, Deputy CISO | LogRhythm Inc.
Ron Meyran, Senior Director | Radware
Deveeshree Nayak, Assistant Teaching Professor | University of Washington School of Engineering and Technology

Geopolitical Instability and Its Impact on Cybersecurity

Could your organisation truly survive a data breach and emerge unscathed? 

If the answer is no, or maybe, your cyber security strategy needs a rethink. The importance of preventing and protecting your organisation against a cyber attack is now a fundamental ‘must’, not simply an option. If your organisation was attacked, how would the attacker be detected and moreover, what response plan is currently in place and how could impacts be minimised?

In this fireside discussion, ESG Analyst John Grady is joined by Richard Meeus, Akamai’s EMEA Director of Security Technology and Strategy to explore how to bullet-proof your data for 2023. 

Join them to discuss: 
-  Why active prevention is now a security 'must-have' instead of a 'nice-to-have'
-  The risk organisations will face in 2023
-  How to minimise the impact of a breach
-  The state of ransomware in 2023 
-  And much more!

Get Ahead of the Game: Preparing for 2023’s Inevitable Cyber Security Breach

What if you could predict, and thus prevent, most security incidents in your organization? While we know 82% of attacks originate from human fallibility, effective risk management requires pinpointing the riskiest users. Fortunately, recent research has revealed the 7% of the workforce responsible for the majority of incidents. 

This presentation offers security professionals a new way to think about measuring user risk. Attendees will come away with:
• An understanding of how user risk can be quantified with data from security tools;
• Examples from leading security teams who’ve improved their organization’s cyber defense;
• An approach to the different stages of user-risk management, from feedback to tailored controls;
• Methods to mitigate workforce risk by applying risk-appropriate interventions; 
• Ways to use feedback to build trust and transparency and risk-based controls to enhance security protection;
• and more!

Master Security Kryptonite: How To Proactively Pinpoint and Mitigate User Risk

In today’s cybersecurity landscape, you can never let your guard down. Imagine you come into work to find your servers have been infected with ransomware.  Where do you go from here?   

By leveraging machine learning and true artificial intelligence, you can gain peace of mind knowing you have around-the-clock coverage to prevent cyberthreats and stop bad actors in their tracks. 

Join Jonathan Jackson – Director Sales Engineering, from the BlackBerry Cybersecurity team in APAC to learn: 

- The basic steps you can adopt now to prevent being exposed by threat actors. 
- How you can protect your organisation from threats lurking in the shadows 24x7x365. 
- It’s time to outsmart and outlast modern cyber threats.

Threat Actors Never Sleep ....Neither Can Your Security

In twelve short months, Zero Trust has gone from buzzword to the default security paradigm. The percentage of Asia Pacific companies with a defined Zero Trust initiative underway has increased dramatically, up almost 20% in 12 months. 83% of businesses now say Identity is important to their Zero Trust security strategy, and we’re seeing an interesting shift in the prioritisation of security over customer experience in the APAC region. 

According to Okta’s latest State of Zero Trust report, almost all APAC companies surveyed will have a Zero Trust strategy in plan or in play by the end of 2022. Many of these organisations have moved beyond the preliminary phases of implementation such as MFA, SSO and connected used directories. 

Join us as we invite guest security experts [name] from AWS and [name] from Crowdstrike to unpack the findings from this year’s report, and reveal what this means for the future Zero Trust adoption in APAC. 

What’s driving the rapid adoption of Zero Trust?
Why is the balance tipping in favour of Security over CX? 
Why should you prioritise Identity as the foundation of your Zero Trust strategy?   
How to accelerate your Zero Trust journey past the traditional and emerging phases?

Zero Trust - Revelations and evolutions of today’s default security paradigm

APIs are ripe and juicy targets for cybercriminals, and loaded with attack traffic that is invisible unless you have effective API security. APIs now consume as much as 60% of all internet bandwidth, but many of them have weak security architecture, which opens the door to data breaches, ransomware, malware, DDoS attacks, and other cyber threats.

Enterprises commonly don’t know how many APIs they have or which ones are dormant. Their APIs are like black boxes, leaving enterprises with a problem: they can’t protect what they can’t see.

Join this webinar to learn how cybercriminals are exploiting APIs, why the lack of visibility into API traffic is a serious problem for enterprises, and what you and your team should do now to mitigate risk. Presented by industry researcher and analyst Richard Stiennon, and API security expert Rob Dickenson, founder of Resurface Labs.

The Latest Trends in API Security: Learn How to Stay Ahead of Attackers

Quantum risk is the threat of capable quantum computers upending cryptographic methods, such as RSA or elliptical curve algorithms, widely used today for securing information flows through communication networks. A sufficiently capable quantum adversary would be able to decrypt sensitive data in short order disrupting the trust in the digital systems that increasingly undergird our society.

Join us to learn: 
What is quantum risk and when will it impact my organization?
How does encrypted data provide a false sense of security?
How to protect against a “Harvest Now, Decrypt Later (HNDL) attack 
How threat actors can use quantum computer to decrypt your data
 
Buckle up as we start your journey into quantum risk and understanding the coming storm.

Quantum Risk Is Here Now. Are You Ready?

2023 is shaping up to be another challenging year for CISOs. A possible recession, CISO liability for breaches, cyber Insurance and ransomware trends are just a slice of issues CISOs will have to contend with in the near future. 

This presentation will provide a look ahead into what is on the horizon and how we can best prepare our cyber defenses to protect our people, customers, and assets.   

About the speaker:
Mr. Zalewski, through his company S3 Consulting, provides the following security advisory services:

• Executive advisor for early-stage security companies
• CISO advisor to venture capital firms internationally
• CISO for companies requiring a temporary or part-time CISO
• International cybersecurity training and facilitation

He is the former CISO at Levi Strauss & Co and has held senior security positions at Pacific Gas & Electric and Kaiser Permanente.  Other positions Steve has held include senior engineering mgmt. roles in storage networks, data protection and enterprise operating systems.

His credentials include multiple patents in data protection and multi-processor operating system design and CISSP, CISM and CRISC security certifications.

Steve also co-hosts the CISOSeries Defense-in-Depth Podcasts and is a frequent speaker and panel moderator for webinars and industry events.

Top CISO Concerns for 2023 and How to Prepare For Them

Backed by decades of security experience, Towerwall learned that there is no single piece of technology or system that will keep your organization secure. 

That’s why Towerwall security experts developed a unique security approach that is not only consistent, repeatable and measurable, but also flexible enough to adapt to the changing threat landscape.

In this discussion, Towerwall Founder & CEO, Michelle Drolet outlines how your organization can deploy the 7 Dimensions and stay secure.

About the speaker:
Michelle Drolet, founded and CEO of TowerWall, is a member of the Forbes Technology Council. The Software Report recently named Drolet one of the Top 25 Women in Cybersecurity in 2021; she's also been named one of the Top CEOs to Watch in 2020 by CIO Views and The 10 Most Powerful Women in the Channel by VARBusiness Magazine. She sits on the Framingham Foundation Board Events Committee and the MassBay Cyber Security Advisory Board and is past chair of the Mass Bay Foundation Board, MetroWest Chamber of Commerce, and Framingham ESL. She is the founder of the Information Security Summit at Mass Bay Community College, New England’s premier event that gathers top security and risk management professionals for open dialogue on the latest threats, developments and trends occurring in information security.

7 Dimensions of Cybersecurity

Technology plays an important role in our day-to-day life. Whether it is working from home, managing our work schedules, or tracking personal routines and daily activities, we are majorly dependent on technology. With this reliance comes the biggest challenge of securing our information and preventing the risk of opening the doors to intrepid hackers. 

Tune into this presentation to hear TD Bank's Pankul Chitrav discuss some of the cyber security and risk mitigating techniques to achieve a risk-free cyber zone.

Entering a Risk-Free Cyber Zone

Ransomware continues to be a top security concern for cybersecurity teams, with no signs of abating in 2023. Instead, businesses must learn to live with the reality of expecting to be attacked and taking the right measures to react quickly when it happens. In this keynote presentation, ESG will present its latest findings on the prevalence of ransomware and provide best practices to help organizations make strides toward readiness, develop a plan for response, and recover quickly.

Ransomware Preparedness: Cyber Resiliency for 2023

The 2023 Threatscape

Security vulnerabilities discovered in applications are almost always rooted in security flaws in source code. Here, weaknesses may be logical errors, missing validation, insufficient logging, poor secrets management, missing user permissions checks, unsafe string concatenation, misconfigurations, and much more. 

In this session, you'll learn the importance of incorporating secure code review in the software development lifecycle. While automated scans are helpful and powerful tools, they're no replacement for code review by human experts.

Secure Code Review: Catching Vulnerabilities at the Source

Test Automation

Cloud Security

cyberattack

security vulnerabilities

attack surface

code review

Security

Cyber Security

IT Security

Vulnerability Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Secure Code Review: Catching Vulnerabilities at the Source

Presented by

About this talk

HackerOne