Name: Security in the Age of Open Source
Start: 2017-01-26T13:00:00Z
End: 2017-01-26T14:00:38.000Z
Location: BrightTALK

(ISC)² Security Briefings EMEA offers members in Europe, the Middle East and Africa a chance to learn about the latest trends, tools and best practices in cyber, information, software and infrastructure security while earning CPEs

When approaching software supply chain security, managing the risk related to open-source usage is often a top consideration for builders of applications. Several notable vulnerabilities, such as Apache Struts and Log4j justify that consideration, demonstrating just how widespread the downstream impacts can be. However, managing open-source risk gets increasingly difficult the more ubiquitous it becomes, and organizations become more complacent as they focus on hardening other nodes of their software supply chain.  
 
Join Synopsys and (ISC)² June 28, 2022 at 1:00 p.m. BST as we elevate the conversation beyond tool implementation and discuss the importance of installing an open-source risk management program in order to protect your organizations, and your consumers, from supply chain threats. We will discuss:
o Implications of open-source risk  
o Obstacles to effectively managing open-source risk 
o The necessary people, processes, and tools to overcome those obstacles

Open-Source Risk: The Ground Zero of Software Supply Chain Security

With more and more organizations moving their operations to multi-cloud environments, IT and security professionals with specialized cloud knowledge will be in demand. Becoming a CCSP demonstrates to potential employers and business partners that you have the technical skills needed to secure valuable assets in the cloud.
 
The vendor-neutral, globally recognized CCSP certification proves your expertise, advances your career, and gains support from a community of cybersecurity leaders here to help you throughout your professional development journey.
 
Where do you begin your certification journey in cloud security? What do you need to study? How do you even get started in a vast field with so many areas, and so many opportunities?
 
Join this online information session, and you will learn:
 
• Why it has never been more important to become a Certified Cloud Security Professional
• What are the essential qualifications of a Cloud Security Leader
• What is the earning potential
• Recent changes regarding the CCSP exam
• The topics covered in the CCSP CBK (Common Body of Knowledge)
• The merits and benefits of CCSP certification for you as well as the steps involved to attain accreditation. 
 
And, you can ask any question that will support your certification journey.
 
Save your spot now and begin your professional development journey with (ISC)2!

Increase Your Hiring Appeal as a Cloud Security Expert with the CCSP

With the threat of nation-state level cyberattacks on the rise, it’s essential for defenders of critical infrastructure to pressure test their cyber defense capabilities.  

In this webcast, June 9, 2022, at 1:00 p.m. BST, Corelight and (ISC)² discuss the specific techniques, tactics, and procedures that defenders should monitor in order to identify and disrupt attacks in their environment.

Join us to learn more about:
• The current threat landscape
• Intelligence sharing groups
• Centralizing alerting and intelligence
• Reusable data-telemetry-based behavioral detections

Defending Against Nation-State Actors

The 2021 (ISC)² Cybersecurity Workforce Study estimates there are 4.19 million cybersecurity professionals worldwide. the study also shows that global demand for cybersecurity professionals continues to outpace supply — resulting in a Cybersecurity Workforce Gap of 2.72 million professionals. 

The cyber world needs your expertise. But how can you, as a security leader of tomorrow, acquire the technical and soft skills that drive business prosperity? CISSP is one of the world’s most valued information technology and information security certifications today. With a proven track record of over 25 years in the making, the CISSP truly demonstrates that you are at the top of your cybersecurity game in terms of knowledge, skills and experience.

In this information session, you will learn:
• Why it has never been more important to become a Certified Cybersecurity Professional
• What are the essential qualifications of a Cybersecurity Leader
• Recent changes regarding the CISSP exam 
• The topics covered in the CISSP CBK (Common Body of Knowledge) 
• The merits and benefits of CISSP certification for you as well as the steps involved to attain accreditation. 

And, you can ask any question that will support your certification journey.

Save your spot now and begin your professional development journey with (ISC)² !

Accelerate Your Cybersecurity Career with the CISSP Certification

Ransomware readiness is the #1 board-level directive when it comes to cyber security.  Join Cyberbit and (ISC)² on May 26, 2022 at 1:00 p.m. BST as we prepare information security executives and incident responders for ransomware by running a live simulation of a corporate ransomware crisis.
 
You will be presented with an unfolding cyberattack scenario, confronting you with critical decisions ranging from the C-Level to the SOC manager level. We will then shift gears to the cyber range, which will emulate a real-world SOC and demonstrate how IR experts can successfully investigate and eradicate a ransomware attack.
 
The session will combine the C-level, decision-making challenges encountered in a ransomware crisis with a hands-on, ransomware investigation simulated in a cyber range. The simulation allows you, as the audience, to impact the flow of the scenario by providing your suggested actions while our experienced instructor will provide you with helpful tips.

LIVE Ransomware Crisis Simulation with You in Control

A record 71% of organizations were compromised by ransomeware last year with 63% of ransomware victims paying ransoms, encouraging cybercriminals to increase their attacks.

CyberEdge’s 2022 Cyberthreat Defense Report (CDR) has become the standard for assessing organizations’ security posture, for gauging perceptions of IT security professionals and for ascertaining current and planned investments in IT security infrastructure.

Now in its ninth year, the 2022 CDR assesses the views of 1,200 IT security professionals representing 17 countries and 19 industries. It’s the most geographically comprehensive view of IT security perceptions in our industry.

Join (ISC)2 (a sponsor of this year’s study) and CyberEdge on Wednesday, May 25, 2022 at 1:00PM Eastern for highlights and key insights of the results, including:

• Lack of skilled personnel and low security awareness inhibit IT security’s success
• 84% of organizations are experiencing a shortfall of skilled IT personnel; IT security administrators, analysts and architects are in shortest supply
• Nearly all respondents (99%) agreed that achieving a specialty cybersecurity certification would help their careers; the top choices were cloud security, software security and security administration

Key Insights from CyberEdge’s 2022 Cyberthreat Defense Report

Kubernetes and OpenShift have become one of the standards for modern cloud-based application development.  As this infrastructure grows and clusters scale, workload security becomes essential and huge volumes of TLS and mTLS certificates are being used by development teams who are building and deploying workloads on ever faster release cycles. Recent research is showing 94% of companies using Kubernetes in production are regularly experiencing security vulnerabilities. Without observability and control, these companies simply can’t establish and maintain a validated and auditable chain of trust for every workload deployed to a Kubernetes cluster. 

In this Venafi and (ISC)² webinar May 24, 2022 at 1:00 p.m. BST, we will hear from cloud native experts on how platform team leaders and cloud security architects can come together with highly automated security tooling that can eliminate the threats that come from certificate misconfigurations without compromising developers’ speed.

Workload Misconfiguration – The #1 Security Threat When Using Kubernetes

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:

- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarised
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session

Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities

The Inside (ISC)2 webinar series gives attendees access to the leaders and decision makers within the association to hear the latest insights from the Board and executive levels, including a look at recent successes and plans for upcoming programs. Join (ISC)2 CEO Clar Rosso on April 27 at 1:00 p.m. EST as she is joined by Board Chairperson Zach Tudor, CISSP and (ISC)2 Chief Qualifications Officer Dr. Casey Marks, who will provide an update on the new entry-level cybersecurity certification pilot program as well as the online proctored CISSP exam pilot.

Inside (ISC)2: Quarterly Board Update and the Latest on Exams

Abundant data is now available to put numbers behind what we instinctively know: trusted organizations are more successful. InfoSec teams have a prominent role in helping their organization become trusted, and therefore more successful: first and foremost, by communicating changes in the IT & security risk posture. 

On April 21, 2022 at 1:00 p.m. BST, One Trust and (ISC)² drill down into how IT & Security teams support risk reduction, build trust, and drive growth.

Key Takeaways include:

• Learning about recent research that quantifies the value of trust for businesses.
• Hearing about Maturing IT & Security risk management responsibilities and activities to respond to the ever-changing security landscape.
• Discussing communication improvements and how to create transparency in your risk remediation process.

How Successful Security Teams Manage Risk, Build Trust and Drive Growth

Cloud and containers are being adopted by a broad set of organizations as they try to maintain a competitive advantage. In our recent Cloud-Native Security and Usage Report, we found that 75% of containers in the cloud have vulnerabilities! Security and capacity planning are ever-present obstacles to running a well-tuned and more secure environment, no matter where you are in your journey. We identified critical insights and best practices, based on real-time data from billions of containers living in multiple clouds, and we’re eager to share. Join Sysdig and (ISC)2 on April 19, 2022 at 1:00 p.m. BST as we look at how to evaluate the maturity of your cloud-native infrastructure. We’ll also cover:

• The latest trends in container and Kubernetes adoption
• Whether shifting security left is really working
• Why so many vulnerabilities make it to production
• Best practices for improving your security posture

Close Security Gaps in Cloud and Container

People ultimately decide our security posture -- our security is only as effective as our end-users’ comprehension and compliance. Join Duo Security and (ISC)2 on April 12, 2022 at 1:00 p.m. BST as we look at the psychology and behavior science of individuals making risk decisions and leaders affecting culture change, and how it affects the security of organizations and the applications on which they rely.
In this webinar, you will learn how to:

• Develop a security culture primed to expand beyond your perimeter

• Move beyond security awareness to security action

• Design a user experience to make the secure choices the easy choice

Between the Chair and Keyboard

By design, cloud native applications are more accessible (and thus more vulnerable) than on-prem environments. You can’t air gap a cloud environment, which increases the potential for mistakes. Additionally, we all accept that it is not feasible to have a perfect patch program, and therefore some risks are (hopefully) weighed and accepted.

On April 7th, 2022 at 1:00 p.m., GMT, (ISC)² and Palo Alto will discuss research on the blast radius of open source Helm charts and how vulnerabilities in Kubernetes-based applications are a chain of potential attack vectors. We’ll talk about best practices for locking these applications down to minimize the attack surface.

Best Practises for Container and Kubernetes Security

It’s what keeps many of us awake at night-- knowing that a cyberattack is inevitable.  Still there are things you can do to help strengthen your security posture. 

Join NETSCOUT and (ISC)² on March 29, 2022 at 1:00 p.m., GMT for a discussion that will expose critical factors in understanding the global threat landscape as Dr. Eric Cole, Founder, and CEO of Secure Anchor Consulting, sheds light on cyber vulnerabilities that organizations are currently ignoring and outline strategies to reduce cyber risk. Paul Barrett, CTO for NETSCOUT, will unpack strategies to minimize the risk through network visibility. Additionally, the presenters will also share regional examples from EMEA and expand upon the highly correlated risk reduction factors associated with network visibility in cyber.

Preparing for the Inevitable: How to Detect and Respond to Cyberattacks

C-Suite executives and high-profile employees are highly attractive targets for threat actors seeking to compromise enterprise networks, exfiltrate data, commit fraud, take over their accounts or disseminate false information. Such forms of malicious exploitation could lead to data breaches, costly ransomware attacks, as well as resulting in serious operational, financial, and reputational consequences.
 
Yet executives and the security teams that protect them are often unaware that the threat landscape has shifted in their direction, or the exposure they face. With 60% of executives having personally identifiable information (PII) for sale on underground marketplaces, many organizations are not aware of, or effectively mitigating, this element of exposure.

Join ZeroFox and (ISC)² on March 24, 2022, at 1:00 p.m. GMT for a Security Briefing webcast that will cover the importance of understanding the threat landscape, the targeting top executives, proactively identifying where your information is and how this could be leveraged against you. We’ll also highlight how a strategic approach to understanding threat intelligence is vital to protecting your organization and employees.

Executive Exposure: Taking a Strategic Approach to Threat Intelligence

The conflict between Russia and Ukraine is sending shockwaves throughout the world. Cybersecurity and privacy practitioners and departments are being impacted significantly by what’s happening. As the digital footprint fractures in the region with companies leaving and services pulling out, what does that mean for your organization? If you have operations in the region, how are you exfiltrating & protecting your data, when services are down or diminished and ensuring you are following the local laws on data preservation and handling? What about the threat landscape? What does it currently look like and how might that shift as the geopolitical circumstances change? What are you seeing as the immediate, mid term and long term impacts that you will have to cope with and plan for? Join (ISC)2 on March 23, 2022 at 10:00am Eastern for a discussion-based webcast examining these questions and exploring the “new normal” of how to approach risk management and security in this new global environment.

The Fallout: The Russia/Ukraine Conflict and Its Impact on Cybersecurity

The Inside (ISC)2 webinar series gives attendees access to the leaders and decision makers within the association to hear the latest insights from the Board and executive levels, including a look at recent successes and plans for upcoming programs. Join (ISC)2 CEO Clar Rosso on March 21, 2022 at 1:00p.m. EST as she is joined by Board Chairperson Zach Tudor, CISSP, and (ISC)2 CISO Jon France, CISSP, who will provide his perspective on some of the big news affecting the cybersecurity community, including the invasion of Ukraine, Log4j and emerging trends in 5G security.

Inside (ISC)2 Quarterly Board Update & Insights on Emerging Cybersecurity Issues

As the cyber threat landscape continues to evolve, organizations are falling short when it comes to identifying and mitigating risk. Companies of all sizes are left in the dark, without insight into how susceptible their networks are to a data breach. 

To proactively mitigate risk, organizations need automated tools that continuously monitor and measure the cybersecurity posture of their entire ecosystem – including internal and external networks.

Join Security Scorecard and (ISC)² March 15, 2022 at 1:00 p.m., GMT to learn more about:
● How customers utilize risk ratings today
● How risk ratings have evolved over the last decade and where they may go next
● Innovation in how risk ratings are leveraged by organisations

How Do You Rate- Exploring Risk Scoring

With over 4,000 new open source vulnerabilities discovered since 2014, developers need new tools in their arsenals to guide, enforce, and monitor their use of open source code throughout the SDLC.
 
Join Mike Pittenger, VP of Security Strategy at Black Duck Software, where he’ll discuss how your organization can:
 
·         Automate identification of all open source you’re using and map against known and newly identified vulnerabilities
·         Accelerate remediation
·         Take action today to better enforce open source security without impacting an agile SDLC

Security in the Age of Open Source

Security

Information

Agile

Vulnerabilities

CISSP

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Security in the Age of Open Source

Presented by

About this talk

More from this channel