Hi [[ session.user.profile.firstName ]]

AWS Oil and Gas Roundtable

As part of their journey to Digital Transformation, Oil & Gas enterprises are shifting their focus on becoming agile through DevOps in order to provide efficiency and productivity. Because there is no single standard DevOps methodology, many companies are finding it challenging to manage security requirements, which contributes to a slow start, slow delivery, and overall difficulty to scale.

In this roundtable, we will discuss the challenges, the risks, and the different methodologies available to enforce security and compliance throughout the Software Development Lifecycle (SDLC) without having to compromise on security or agility while addressing the objectives of The Open Group Open Subsurface Data Universe (OSDU) Forum.

Key outcomes from the session: Identify key application security requirements and learn how to deliver secure code at the speed of DevOps Learn how to achieve compliance with OSS licenses according to company policies and industry regulations Learn how to increase developer agility and decrease capital expenses
Recorded Apr 19 2021 52 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jason Hammond,Head SE WhiteSource,Paco Hope,CSS Amazon,WS,Vivek Wandile, SA Wipro,Adam Jordan,Capability Center Lead ,Shell
Presentation preview: AWS Oil and Gas Roundtable

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How to Reduce Enterprise Application Security Risks Sep 30 2021 7:00 am UTC 60 mins
    Jeffrey Martin, Associate VP product & Lilach Aviad Director of Product Marketing
    WhiteSource, in conjunction with Ponemon Institute, recently surveyed over 600 IT and IT security practitioners who are familiar with their organizations’ approach to securing applications – and here’s a spoiler: the highest level of security risk is considered by many organizations to be in the application layer. So what can Enterprise organizations do to reduce their application security risks? Join Jeffrey Martin, Associate VP Product at WhiteSource and Lilach Aviad, Director of Product Marketing, as they present:
     Why applications are more vulnerable to attack than other areas of vulnerabilities.
     Addressing vulnerabilities in enterprise applications
     Best practices of high-performing organizations in reducing the application security risk.
  • Automating Open Source Security & Compliance in Global Cloud Communications Sep 28 2021 9:00 am UTC 49 mins
    Chris Wallace P. Security Architect Vonage|Valentine Weidel-Strategic Partner Alliances AWS|Brian Rogers-Channel WhiteSource
    With the growing adoption of software composition analysis (SCA), a technology that provides both developer-focused tools and governance solutions, more companies place developers, IT, security, and legal on the same page. This is the case of global cloud communications provider Vonage, which needed a SCA solution that could integrate both open source security and license compliance checks automatically throughout their SDLC.
    Join this webinar as Chris Wallace, Principal Security Architect from Vonage and Brian Rogers, Channel Sales Engineer from WhiteSource discuss:
    Best practices to manage open source risks throughout the SDLC
    How to reduce friction between security, development and compliance teams
    Vonage’s best tips and insights of how they gained full visibility and control regarding their open source libraries
  • Automate AppSec in Your CI/CD With SCA & DAST Sep 28 2021 6:00 am UTC 60 mins
    Shiri Arad Ivtsan, Director of Product & Scott Gerlach Co-founder and Chief Security Officer at StackHawk
    "We live in the age of DevOps. For organizations, this means speed and automation. AppSec, on the other hand, is often seen as slow and manual. This poses the question: how can organizations keep up with the speed, without having to leave AppSec behind?Join Shiri Arad & Ivtsan, Director of Product at WhiteSource and Scott Gerlach Co-founder and Chief Security Officer at StackHawk, as they discuss: The current challenges & pitfalls with Application security management today
    · Best practices for infusing automated, continuous security into your
    DevOps pipeline
    · The best AppSec tools to use in order to develop quickly and
    securely"
  • Cyber Attacks from Open Source perspective Recorded: Sep 20 2021 41 mins
    Sam Quakenbush, Sales Engineer Manager at WhiteSource & Zvika Ronen, CTO at FOSSAware
    From SolarWind to “Dependency confusion”, 2021 will be the year of open-source supply chain attacks, with an ever-growing number of hackers leveraging the increasing use of open source during software development to distribute malicious packages and exploit known vulnerabilities.
    Due to recent events, the software industry gained a deeper understanding about the potential risk of supply-chain attacks. Although this problem is complex with many aspects, solutions come faster when the problem is well-framed.
    In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
  • Dependency confusion - How easy is to Hack Into Organisations Recorded: Sep 14 2021 61 mins
    Maciej Mansfield S.Prodct Manager WhiteSource, Eylam Milner, Co-Founder & CTO Argon Security
    Join the expert as they describe various types of supply chain attacks which have been observed and blocked in the past year. They will discuss their experience defending against malicious packages and artifactory manipulation, and how this knowledge can be used to enhance your security across all ecosystems
  • AppSec is Dead. Long Live DevSecOps! Recorded: Aug 19 2021 27 mins
    Matias Madou, CTO & Co-founder, Secure Code Warrior
    In the ancient times of software creation, we had AppSec, and we had developers.
    Generally, AppSec was aware of security problems, their impact, and code-level fixes. However, these remedies would rarely work in the custom tech stack of the company. Fast-forward to today, and our demand for software is greater than ever before, as is the risk of data breaches from common vulnerabilities. The days of a hands-off security approach for developers are over, and with the right training and tools, they can take advantage of this process, upskill their security awareness and stand out among their peers.
  • API Security: When Failure looks like Success Recorded: Aug 18 2021 26 mins
    Keith Casey
    APIs have become fundamental to our teams. While we’d like to believe it was a carefully executed plan, let’s be honest - there’s as much luck as foresight in the mix. Luckily, success drives success so it's worked. Unfortunately, that success has cost us. APIs have become a devastating attack vector for apps that store everything from financial records to passport information to your dating interests. In this session, we’ll reconsider some of our earliest assumptions and lay out some strategies for bringing our APIs out of the shadows and protecting ourselves, our partners, and our customers.
  • Dependency confusion - How easy is to Hack Into Organisations Recorded: Aug 11 2021 61 mins
    Maciej Mansfield S.Prodct Manager WhiteSource, Eylam Milner, Co-Founder & CTO Argon Security
    Join the expert as they describe various types of supply chain attacks which have been observed and blocked in the past year. They will discuss their experience defending against malicious packages and artifactory manipulation, and how this knowledge can be used to enhance your security across all ecosystems
  • Threat Modeling: Finding the Worst Vulnerabilities You'll Never Write Recorded: Aug 3 2021 58 mins
    Matthew Butler
    Threat Modeling is fundamental to understanding risk. We do it every day: driving a car, crossing a street, walking alone at night in an strange city. Darkness, isolation, insecurity, vulnerability all trigger our threat modeling instincts. And that's exactly where our systems operate. In this talk, we'll see how to use threat modeling to find the worste vulnerabilities hidden in the complexity of our systems by uncovering architectural flaws early, exposing attack surfaces, identifying attack vectors. You can't code your way out of a bad architecture but you can threat model your way out.
  • Dependency confusion - How easy is to Hack Into Organisations Recorded: Jul 31 2021 61 mins
    Maciej Mansfield S.Prodct Manager WhiteSource, Eylam Milner, Co-Founder & CTO Argon Security
    Join the expert as they describe various types of supply chain attacks which have been observed and blocked in the past year. They will discuss their experience defending against malicious packages and artifactory manipulation, and how this knowledge can be used to enhance your security across all ecosystems
  • Cyber Attacks from an Open Source perspective Recorded: Jul 27 2021 41 mins
    Sam Quakenbush, Sales Engineer Manager at WhiteSource & Zvika Ronen, CTO at FOSSAware
    From SolarWind to “Dependency confusion”, 2021 will be the year of open-source supply chain attacks, with an ever-growing number of hackers leveraging the increasing use of open source during software development to distribute malicious packages and exploit known vulnerabilities.
    Due to recent events, the software industry gained a deeper understanding about the potential risk of supply-chain attacks. Although this problem is complex with many aspects, solutions come faster when the problem is well-framed.
    In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
  • Embarking on Digital Transformation with DevSecOps Recorded: Jul 20 2021 61 mins
    Erik Larson, R.Director and lead Cloud Practitioner Crosslake, Brian Rogers, S.Engineer Global Channels whiteSource
    Digital transformation has become a key foundational change in how organizations deliver value to their customers. Especially in the wake of the coronavirus pandemic, IT organizations have been embarking on Agile and DevOps transformations at scale to achieve Digital Transformations. However, too often, a key component is left behind - the subject of security. Organizations must reassess their security strategies and infrastructure especially when moving to the cloud which requires security tools that enable secure coding and vulnerability remediation.
    Join Erik Larson, Regional Director and Lead Cloud Practitioner from Crosslake, and Brian Rogers, Solutions Engineer Global Channels and Alliances from WhiteSource, as they discuss:
    How IT Organizations should embark on DevOps Transformation journeys to improve their chances of success
    What are the application security technologies that are important to implement in order to face modern threats
    Best practices of high performing organizations in reducing the application security risk
  • The Main Application Security Technologies to adopt in 2021 Recorded: Jul 13 2021 49 mins
    Shiri Arad Ivtsan, Director of Product at WhiteSource
    It's no secret that 2020 was a difficult year. The pandemic, and as a result, the lockdowns and quarantines sent tens of millions of global workers home, and the remote work caused a dramatic increase in the number of ransomware, phishing attacks, and accidental breaches by employees working at home.
    Despite the increases in these exploits, the application layer continues to be the most attacked and the hardest to defend.

    Join Shiri Arad Ivtsan, Director of Product at WhiteSource, as she shows:
    -What are the three AppSec technologies organizations should implement in the next year
    -How to keep organizations’ application security posture up to date and resistant to modern threats
    -Best practices when implementing each technology.
  • why-empowering-developers is a game changer for application security Recorded: Jun 30 2021 59 mins
    Maciej Mansfield S.Prodct Manager WhiteSource,Nicolas Bontoux PMM & Kirti Joshi PMM at SonarSource
    The 'Shift Left' mindset is a major game changer for Application Security. Not only is it a paradigm shift in the way developers (not just security teams) use these tools, but also how they are built and integrated into workflows.
    In this webinar, SonarSource and WhiteSource will share real-life insights and learnings on how empowering developers with the right tools positively impacts application security. Through the lens of different technologies (SAST & SCA) you will discover the foundations of developer adoption of security tooling, how it pairs with workflows already in place, and how teams can directly benefit from them. Join us to hear more from our Product Teams in person!
  • Shifting Priorities of Digital Native Security Recorded: Jun 22 2021 57 mins
    Rhys A.,Director PM at WhiteSource,Michiel P.,CO.F&PL at HackerOne,Scott W.,PSA at AWS,Dragan P. S.Director AppSecurity,IGT
    When shifting to or even starting out as a Digital Native company, there naturally comes new security topics which companies need to be aware of, including access control, auditing and disclosure.
    But there has also been a shift in older security topics as well, including some being less of a concern. As a result, there’s a need to enable security teams with higher visibility, scalability and expertise to adapt to an evolving digital ecosystem.
    For example, should a modern security strategy be based on the assumptions that source code will never be leaked, or that "internal" networks will never be breached?
    In this Roundtable, our experts will discuss:
    1. The challenge for cybersecurity teams is finding effective ways to deliver and maintain security at the speed of digital transformation.
    2. How can modern security platforms can help organizations stay ahead of potential threats?
    3. How have the relative importance of security threats changed as companies and products shift to being digital natives?
  • API Security: When Failure looks like Success Recorded: Jun 15 2021 25 mins
    Keith Casey
    APIs have become fundamental to our teams. While we’d like to believe it was a carefully executed plan, let’s be honest - there’s as much luck as foresight in the mix. Luckily, success drives success so it's worked. Unfortunately, that success has cost us. APIs have become a devastating attack vector for apps that store everything from financial records to passport information to your dating interests. In this session, we’ll reconsider some of our earliest assumptions and lay out some strategies for bringing our APIs out of the shadows and protecting ourselves, our partners, and our customers.
  • How to Transform Developers into Security People Recorded: Jun 8 2021 34 mins
    Chris Romeo CEO and co-founder of Security Journey and is a builder of security culture influencing education
    Developers are everywhere because software is everywhere. The challenge with developers is that most do not have a foundation in application security. To effectively engage them requires a four-phase process of application security connection - open their eyes, fill their brains, task their hands, and embrace the gathering. In this session, Chris provides guidance on each phase of this process so that organizations can launch an application security program with developers who understand the foundational lessons of application security and how to apply those lessons in their code.
  • The State of Open Source Security Vulnerabilities 2021 Recorded: Jun 2 2021 25 mins
    Shiri Arad Ivtsan, Director of Product & Lena Kleyner, Product Manager at WhiteSource
    The pandemic in 2020 raised a lot of uncertainty in the software development industry and the overnight shift to work from home introduced new security threats.
    WhiteSource ran a research and took a deep dive into its extensive vulnerabilities database to gain valuable insights into the state of open source security and learn how to keep up with the rapid pace of software development without leaving security behind.
    Join Shiri IvtsanDirector of Product & Lena Kleyner, Product Manager, as they discuss:
    The reasons behind the 50% rise in the number of reported open source vulnerabilities in 2020.
    The importance of implementing secure coding from the earliest stages of the DevOps pipeline
    Why it’s crucial for security and development teams to prioritize security alerts
  • Secure Coding Best Practices Recorded: May 25 2021 58 mins
    Matthew Butler, Principal Engineer
    Computer systems are under siege 24 hours a day, day in and day out. The critical security infrastructure designed to protect those systems, won’t. The other side has the best security hardware and software systems other people’s money can buy and they have all the time in the world to find creative ways to defeat them. Meltdown and Spectre are prime examples of security vulnerabilities that have lurked dormant for decades. Or have they? If your systems are in any way connected to the outside world, the other side will get inside the wire on you. Know that going in.

    Whether you write applications, libraries or work in kernel code, the line of code you write today may very well be the vulnerability someone else finds tomorrow. By nature, every code base contains hundreds of attack surfaces and it only takes one serious vulnerability to compromise your system.

    In this talk we’ll see:

    -How hackers think and how they identify weaknesses in our systems.
    -How to identify hidden attack surfaces, attack vectors and vulnerabilities in critical systems.
    -Where the most common vulnerabilities in Modern software development are and how to avoid them.
    -Why common guidelines and static analysis tools often fail to find vulnerabilities.
    -How to use Threat Modeling to analyze complex systems and built security into our systems at design time.
    -How to use Trust Boundaries to protect critical infrastructure.
    -Why open source and third-party libraries are fast becoming hidden liabilities in our software and how to protect ourselves against their vulnerabilities.
    -What the best practices for protecting our code from attack are.


    The critical security infrastructure designed to protect your systems is largely out of your control. The one thing you can control is the next line of code you write. This talk is for anyone writes kernel, applications, or libraries that run in the real-world and that face real-world attacks.

    In today’s world, that’s all of us.
  • Open Source Security: How to Lay the Groundwork for a Secure Culture Recorded: May 18 2021 46 mins
    Guy Bar Gil, Product Manager
    Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases.

    This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements.
An open source security and licenses management solution
WhiteSource allows engineering, security and compliance officers to effortlessly secure and manage the use of open source components in their software, allowing developers to focus on building great products. WhiteSource fully automates all open source management processes: component detection; security vulnerability alerts and fixes; license risk and compliance analysis along with policy enforcement; quality review, and new version alerts. It offers a complete suite of control, reporting and management to help software teams manage open source truly effortlessly. For more information about WhiteSource, visit http://www.whitesourcesoftware.com or follow us on twitter: @whitesourcesoft

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: AWS Oil and Gas Roundtable
  • Live at: Apr 19 2021 8:52 am
  • Presented by: Jason Hammond,Head SE WhiteSource,Paco Hope,CSS Amazon,WS,Vivek Wandile, SA Wipro,Adam Jordan,Capability Center Lead ,Shell
  • From:
Your email has been sent.
or close