Hi [[ session.user.profile.firstName ]]

Building a Product Security Incident Response Team: Learnings from the Hivemind

Catch Kymberlee Price's Black Hat 2016 talk in a live webcast. This presentation will address some best practices and templates to help security teams build or scale their incident response practices.
Recorded Aug 12 2016 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Kymberlee Price, Sr. Director of Researcher Operations
Presentation preview: Building a Product Security Incident Response Team: Learnings from the Hivemind
  • Channel
  • Channel profile
  • Expert Panel: Bug Bounty Trends and What They Mean Recorded: Jul 27 2017 60 mins
    Casey Ellis, Founder & CEO, Bugcrowd Jeremiah Grossman, Chief of Security Strategy, SentinelOne HD Moore, Founder of The Meta
    Traditional methods for vulnerability discovery are failing us. With rapidly expanding attack surfaces, motivated adversaries, and the growing shortage of full-time infosec professionals, organizations are fighting a losing battle. One thing is clear: We need a new approach.

    Enter the Bug Bounty model. Bug bounties have quickly evolved from a “nice to have” to a “must have” for most application security teams.

    What’s behind this trend? Why are bug bounties growing, and why now?

    Join our expert panel as we discuss the key findings from The 2017 State of Bug Bounty Report.

    - Casey Ellis, Founder & CEO of Bugcrowd
    - Jeremiah Grossman, Chief of Security Strategy at SentinelOne
    - HD Moore, Founder of The Metasploit Project
  • 3 Reasons to Swap Your Next Pen Test for a Bug Bounty Recorded: Jun 29 2017 60 mins
    Jason Haddix, Head of Trust and Security & Wade Billings, VP, Technology Services, Canvas by Instructure
    In the past several years, bug bounty programs have disrupted the pen test norm, and provide organizations with a robust and all-encompassing security assessment solution. Instructure, the company behind Canvas Learning Management System (LMS), made the switch three years ago and have never looked back.

    In this webinar, we will explore...
    • Why Instructure replaced their last three penetration tests and the results they’ve found
    • The three fundamental differences between the penetration testing model and the bug bounty model
    • How organizations running bug bounty programs have seen improved results in both volume and quality in vulnerability submissions
  • Ensuring Maximum Protection—How 3 Security Vendors Approach Their Own Security Recorded: Mar 28 2017 60 mins
    Alvaro Hoyos, David Baker, David Farrow, Gene Meltser
    Security vendor products are held to a higher standard of security—and for good reason as the very existence of their organization could be at risk due to a vulnerability. Many of these vendors are turning to bug bounty programs to not only find any vulnerabilities in their products and services, but also to provide assurance to their clients.

    Join our security panel for a live discussion on the following topics:
    1. What unique appsec challenges come along with complex & high-risk environments
    2. How to design security programs to provide robust coverage of those technologies
    3. Why bug bounties were so quickly adopted within the security industry
    4. Open Q&A with the panelists

    Featured speakers:
    Alvaro Hoyos, Chief Security Officer @ OneLogin
    David Farrow, Sr Director, Information Security @ Barracuda Networks
    David Baker, VP Operations @ Bugcrowd, formerly CISO @ Okta
    Gene Meltser, Enterprise Security Architect @ Sophos
  • Breaking the Vulnerability Cycle—Key Findings from 100 CISOs Recorded: Mar 2 2017 67 mins
    Jason Haddix, Brad Arkin, Kim Green, DARK Reading
    Bugcrowd surveyed 100 CISOs and security decision makers and found that today’s application security teams are facing 3 distinct issues that lead to vulnerability:

    1. Active and efficient adversaries
    2. A ballooning attack surface
    3. Cybersecurity resource shortage

    When combined, these adverse conditions form a ‘vulnerability cycle’ – leaving organizations susceptible to a breach or worse.

    View this ondemand webinar to:

    - Get plans to combat these 3 issues in 2017
    - Learn how to dissect each component of the vulnerability cycle
    - Discover security tools and best practices
    - Find out top CISO investments for 2017
  • Are You Vulnerability Blind? 3 Reasons to Reconsider a Bug Bounty Recorded: Jan 25 2017 45 mins
    Johnathan Hunt, VP Information Security at Invision; Paul Ross, SVP Marketing at Bugcrowd
    Bug Bounty programs are critical to the security programs of thousands of organizations, but many still have not embraced them. Join security leader Johnathan Hunt, VP Information Security at InVision, Paul Ross, SVP of Marketing at Bugcrowd to discuss why that situation must change, through topics including:

    - How a security expert changed his mind about bug bounties
    - Why no bug bounty means missed vulnerabilities
    - How Bugcrowd finds a P1 bug every 27 hours

    We will explore InVision’s bug bounty experience from conception to being critical to their customers’ confidence in their security.

    *Register for the webinar now*

    “Whether or not you’re going to have the good guys working for you or not, doesn’t mean the bad guys are going to stop working”

    - Johnathan Hunt, Invision
  • 5 Critical Security Issues for 2017 (And How to Address Them) Recorded: Dec 13 2016 64 mins
    Jeremiah Grossman, Daniel Miessler, Richard Rushing, Paul Ross
    Over the past twelve months we’ve witnessed a shift in how companies are tackling their application security challenges. Join a CISO, an AppSec guru, and IoT security expert to hear industry leading perspectives on the trends that have emerged over the past year, and what to look forward to in the next.

    Our all-star panel of industry experts includes Jeremiah Grossman, Founder of WhiteHat Security and Chief of Security Strategy with SentinelOne, Daniel Miessler, Project Leader: OWASP IoT Security Project and Richard Rushing, CISO at Motorola Mobility, for a discussion on what trends every security professional needs to be aware of for 2017.

    The critical trends you need to know about will include:
    • How crowdsourcing security assessment will improve pen testing in 2017
    • Why IOT security is becoming every CISO’s problem
    • How will AI and Machine Learning impact protecting your company’s fate?
  • 7 Bug Bounty Myths, BUSTED Recorded: Dec 7 2016 55 mins
    Jason Haddix, Paul Ross, Dark Reading
    Despite thousands of large and small organizations running bug bounty programs, there is still a lot of fear and uncertainty about these in the cybersecurity community. In this webinar we will explore 7 myths about Bug Bounty programs, the hackers who are involved, and the impact they are having on the security posture of organizations around the world.

    When you attend this webinar you will:

    - Learn if a bug bounty program is right for your organization
    - Understand if a bug bounty encourages hackers to attack your systems
    - Explore the real benefits of bug bounty programs – and find out if they actually work
    - Get insight on whether these programs are too hard and costly to manage
  • The State of Vulnerability Discovery — How Bug Bounties Are Making a Difference Recorded: Oct 22 2016 63 mins
    David Baker, CSO of Okta, Casey Ellis, CEO of Bugcrowd, John Pescatore, SANS Analyst
    Bug bounty programs are moving from the realm of novelty towards becoming best practice. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few. Bug bounty programs have increased 210% percent since 2013.

    Bug bounties provide an opportunity to level the cybersecurity playing field, strengthen the security of products, and cultivate a mutually rewarding relationship with the security researcher community.

    Join Bugcrowd, SANS, and a customer panel as we discuss the momentum behind crowdsourced security.

    Topics covered:
    1. How bug bounties fit with a robust security strategy
    2. Why bug bounties are being adopted by all types of organizations
    3. How Okta saved the equivalent cost of two full-time employees with Bugcrowd
  • The Bug Bounty Tipping Point: Strength in Numbers Recorded: Sep 21 2016 49 mins
    Casey Ellis, Founder & CEO, Kymberlee Price, Sr. Director Researcher Ops
    Our 2016 State of Bug Bounty Report announced that bug bounty programs adoption has increased 210% since 2013.

    As more and more companies leverage the capabilities of the global researcher community to identify critical vulnerabilities, we must ask...has the bug bounty economy reached a tipping point?

    Join Bugcrowd as we unpack the top trends in crowdsourced cybersecurity and review the key findings from The State of Bug Bounty Report 2016.

    Register to learn:
    - Bug bounties, defined: Quick history and evolution
    - What motivates a bug hunter
    - Maturity of the bug bounty economy
  • Guest Webcast | OSS Security Maturity: Time to Put On Your Big Boy Pants! Recorded: Aug 30 2016 60 mins
    Jake Kouns of Risk Based Security and Christine Gadsby of Blackberry
    This guest webcast features Jake Kouns of Risk Based Security and Christine Gadsby of Blackberry who will be giving their Black Hat 2016 talk, analyzing the real risk of using OSS and the best way to manage its use within your organization.

    Through real world examples and personal experience, the speakers will...
    - Examine the current hype around OSS, highlighting what organizations should be the most concerned about, and how to evaluate the true cost of using OSS
    - Explore how to utilize learnings from your incident response function to create smarter products and avoid maintenance costs of OSS
    - Introduce a customized OSS Maturity Model and walk through the stages of organizational maturity with regards to how they prioritize and internalize the risk presented by OSS

    Learn more about Jake Kouns:

    Learn more about Christine Gadsby:
  • Building a Product Security Incident Response Team: Learnings from the Hivemind Recorded: Aug 12 2016 47 mins
    Kymberlee Price, Sr. Director of Researcher Operations
    Catch Kymberlee Price's Black Hat 2016 talk in a live webcast. This presentation will address some best practices and templates to help security teams build or scale their incident response practices.
  • The Art and Value of Bug Bounty Programs Recorded: Jul 1 2016 57 mins
    Keren Elazari, cyber security analyst and senior researcher
    In our wired, connected world, software flaws are inevitable – so why not utilize the nature of our connected world to work with a distributed immune system made up of thousands of security researchers? This webcast will provide in-depth analysis based on extensive academic research, conversations with CISOs experienced in running such programs, and the security researcher community.

    In this webinar, we will highlight the business, technology, and organizational values companies derive from these bug bounty programs. Finally, the talk will identify the common myths, fears and barriers for participation, and suggest recommendations to counter these barriers.

    Key Takeaways:
    - Bug Bounty program evolution and myth busting
    - Lessons from Barracuda’s Bug Bounty program
    - How businesses and technology derive value from bug bounty programs
    - The art of running a successful & effective bug bounty program
Crowdsourced Cybersecurity
Learn how Bugcrowd delivers the power of crowdsourced cybersecurity through bug bounty solutions and hackers on-demand

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Building a Product Security Incident Response Team: Learnings from the Hivemind
  • Live at: Aug 12 2016 4:00 pm
  • Presented by: Kymberlee Price, Sr. Director of Researcher Operations
  • From:
Your email has been sent.
or close