Hi [[ session.user.profile.firstName ]]

Why Security Must Be Part of the Software Life Cycle

As businesses embark on digital and cloud transformation to accelerate velocity and improve operational efficiencies, security just is not keeping pace. Virtually every business relies on software to keep it running, to keep it competitive. Simultaneously, application vulnerabilities are escalating, and breaches are common C-suite conversations. The current approach to application security relies on multiple security tools deployed at different layers of the software development life cycle, returning volumes of results. This taxes already understaffed application security and SecOps teams, who are challenged to make sense of it all, to address the vulnerabilities and to convey the full risk picture to the business.

In the webinar, Michael Osterman, Principal Analyst, Osterman Research, will discuss:

- Why the current approaches to security management are no longer adequate as the pace of business accelerates.
- The key steps to mitigate risk, including identifying, prioritizing and remediating vulnerabilities continuously.
- Why security should be part of the software development process and at all points in the software lifecycle.
- How prioritizing vulnerabilities properly can reduce risk
Recorded Jul 31 2019 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Michael Osterman, Principal Analyst, Osterman Research
Presentation preview: Why Security Must Be Part of the Software Life Cycle

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • An Open Source Solution to Accelerate Application Security Recorded: Nov 14 2019 5 mins
    Patrick Hayes, Solutions Architect, ZeroNorth
    An Open Source Solution to Accelerate Application Security
  • Bringing DevSecOps to Industrial Control Systems Recorded: Nov 13 2019 32 mins
    Aaron Wise, Director of Engineering, ZeroNorth
    Bringing industrial control systems and critical infrastructure into the modern age will require more than just software updates. It’ll require continuous software updates. The challenge is that every time new updates to software powering applications or infrastructure are introduced, so too is the potential for new vulnerabilities. Every little change of code creates the potential for a new vulnerability that attackers can exploit, and the demand for updates to be delivered faster and faster only increases the security challenges. Any business that relies on software as a competitive differentiator – in other words, every business today – is facing this issue and trying to figure out ways to deal with it. But for industrial control systems (ICS) that are already playing catch-up and trying to adapt to a connected world, these challenge will be that much more daunting.

    This webinar will provide an overview of DevOps and DevSecOps cultures to help the people using and managing ICS understand how these practices fit into their organizations. It will empower those tasked to secure critical infrastructure with the knowledge they need to ensure that comprehensive discovery and remediation of software vulnerabilities are in place so they can proactively manage risk.
  • Rethinking Security for Digital Transformation Recorded: Oct 11 2019 26 mins
    John Steven, CTO, ZeroNorth; Dave Howell, vice president of marketing, ZeroNorth
    Digital transformation isn’t coming--it’s here. ZeroNorth surveyed cybersecurity professionals across a range of industries to get their input on effectively managing risk across applications and infrastructure in this age of digital transformation. Join ZeroNorth CTO John Steven and vice president of marketing Dave Howell as they discuss the findings of the survey.
  • Securing AWS Environments Across Software and Infrastructure Recorded: Oct 10 2019 33 mins
    Andrei Bezdedeanu, Vice President of Engineering at ZeroNorth
    As digital transformation is driving organizations to become software-centric, many turn to Amazon Web Services for the flexible infrastructure that supports the rapid development and delivery of software, such as microservices. But gaining a comprehensive view of risk across an AWS environment can become challenging.

    In this webinar, ZeroNorth vice president of Engineering Andrei Bezdedeanu will share details on how the platform’s integration with AWS Security Hub provides a comprehensive view of application and infrastructure security across AWS, from custom code development, to open source libraries, to applications moving towards production.

    You’ll also gain insight into areas such as:

    - Correlating data across software and infrastructure scanning tools
    - Identifying vulnerabilities in the AWS servers used to develop and deploy applications
    - Integrating into the software development pipeline and streamlining remediation
    - Analyzing data from AWS Security Hub partners, including other application and infrastructure scanning tools
    - Gaining a real-time view into vulnerabilities and misconfigurations across AWS cloud infrastructure
  • End-to-End Vulnerability and Risk Management Across the Enterprise Recorded: Aug 14 2019 44 mins
    Brian McGraw, Global Head of Advisory Services, CyberProof, a UST Company; John Steven, CTO, ZeroNorth
    Digital transformation is redefining organizations in all industries into software-centric businesses. Assessing, planning and implementing vulnerability management across your organization is therefore crucial. In this webinar, CyberProof, a UST Global company, and ZeroNorth will share details on the companies’ integrated solution and discuss how customers are benefitting from end-to-end vulnerability & risk management across the enterprise.
  • Why Security Must Be Part of the Software Life Cycle Recorded: Jul 31 2019 47 mins
    Michael Osterman, Principal Analyst, Osterman Research
    As businesses embark on digital and cloud transformation to accelerate velocity and improve operational efficiencies, security just is not keeping pace. Virtually every business relies on software to keep it running, to keep it competitive. Simultaneously, application vulnerabilities are escalating, and breaches are common C-suite conversations. The current approach to application security relies on multiple security tools deployed at different layers of the software development life cycle, returning volumes of results. This taxes already understaffed application security and SecOps teams, who are challenged to make sense of it all, to address the vulnerabilities and to convey the full risk picture to the business.

    In the webinar, Michael Osterman, Principal Analyst, Osterman Research, will discuss:

    - Why the current approaches to security management are no longer adequate as the pace of business accelerates.
    - The key steps to mitigate risk, including identifying, prioritizing and remediating vulnerabilities continuously.
    - Why security should be part of the software development process and at all points in the software lifecycle.
    - How prioritizing vulnerabilities properly can reduce risk
  • 20-Minute Speed Demo: Orchestrate Application and Infrastructure Security Recorded: Jun 19 2019 23 mins
    ZeroNorth Team
    In just 20 minutes, see how ZeroNorth can help you orchestrate risk management across applications and infrastructure.

    Join us for a quick-hit online demo—In less than half an hour, we’ll show you how ZeroNorth is the only platform that enables you to:

    • Minimize noise by correlating and prioritizing vulnerabilities across apps and infrastructure
    • Reduce costs by consolidating the management of existing scanning tools (e.g., SCA, SAST/DAST, container management, pen testing, network scanning)
    • Implement consistent vulnerability discovery and remediation
    • Gain continuous visibility of risk throughout the software development lifecycle


    We look forward to seeing you on June 19!
  • Zerto Gains One Source of Truth for Risk, Compliance & Vulnerability Management Recorded: May 15 2019 46 mins
    Rob Strechay, SVP of Product and Raz Oliar, CISO, Zerto; John Steven, CTO, ZeroNorth
    Securing the value stream is becoming a priority for most organizations. Validating the security posture of the companies who supply technology is now standard business practice. IT Resilience platform provider Zerto has over 6,000 customers across more than 70 countries. It’s critical that they ship secure software and have a continuous view of risk and compliance to ensure they meet customer and regulatory requirements. Additionally, Zerto has a very dynamic development environment with over 200 engineers, 12 different sites and over 100 different SaaS services. They work in a true CI/CD environment and their infrastructure changes daily, so they have to be agile.

    In this webinar, learn from Zerto’s SVP of Product and its CISO how using the ZeroNorth security orchestration platform allows them to:

    •Consolidate disparate tools to achieve “one source of the truth” of security posture.
    •Identify and remediate critical vulnerabilities quickly to meet internal SLAs.
    •Ensure the compliance audit process is accomplished more efficiently and is ready for future growth.
  • DevSecOps from Cradle to Scale: Real-World Lessons and Success Cases Recorded: Apr 15 2019 42 mins
    Dr. Chenxi Wang
    Many businesses today are harnessing the tools and promise of DevOps or Agile to drive innovation. Everything from new website capabilities to entirely new products are fair game in this revolution. However, the majority of security tools and processes are not inherently designed to be integrated in this new world, which is limiting the results new developments can bring.

    In this webinar, Dr. Chenxi Wang, Founder & General Partner, Rain Capital and member of Board of Directors of OWASP will discuss:
    • How to effectively integrate security into your DevOps process
    • How to integrate it at scale
    • Real-world examples of business results using this approach

    Chenxi will also cover where to get started with "DevSecOps," what metrics to use and what security at scale can mean for businesses.

    Guest Presenter:
    Dr. Chenxi Wang is the founder and general partner of Rain Capital, an early stage cyber security-focused venture fund, and member of the Board of Director of OWASP. Previously, she was the co-founder of the Jane Bond Project, a cyber security consultancy.
  • Collaborative Defense—Bringing Business & Security Together for Resiliency Recorded: Feb 20 2019 38 mins
    Mike Brown, RADM, USN (Ret), former Dir. Cybersecurity Coordination for DHS & DOD; Ernesto DiGiambattista, CEO, ZeroNotht
    Defending your applications, infrastructure and network is constant in today’s persistent threat environment. Organizations can’t do it alone and the tools of detection, defense and response can no longer work in isolation of each other. Resiliency and collaboration are topical, consistent themes, reinforced by the innovation coming out of the cybersecurity industry. But what does this really mean for IT, security and development teams day-to-day?

    Join Mike Brown, RADM, USN (Ret), former Director, Cybersecurity Coordination for DHS and DOD for a discussion on industry direction, the type of collaboration that can yield immediate results to teams and the criticality of protecting application infrastructure.

    Michael Brown is Founder & President, Spinnaker Security LLC, a cybersecurity consultancy focused on understanding, identifying and mitigating business risks associated with cybersecurity. Brown brings executive leadership, including crisis management, from both public and private sector experiences. Prior, he was President, RSA Federal LLC and VP/GM Global Public Sector of RSA Security LLC. Responsibilities also included RSA Information Technology, Security and Enterprise Risk Mgmt portfolios.

    Brown joined RSA after over 31 years in the US Navy. Brown’s last position on active duty was as Dir, Cybersecurity Coordination for DHS, responsible for increasing interdepartmental collaboration in strategic planning for the Nation’s cybersecurity, mutual support for cybersecurity capabilities development, and synchronization of current operational cybersecurity mission activities for the Depts of Defense and Homeland Security. He also served as DHS Deputy Asst Secretary, Cybersecurity & Comms, Acting Asst Secretary, Cybersecurity & Comms and as Asst Deputy Dir Joint Interagency Task Force for the Office of the Dir of National Intelligence. Brown also had various leadership positions, including command of the Naval Information Warfare Activity.
  • Getting Started with DevSecOps Recorded: Jan 10 2019 31 mins
    Andrei Bezdedeanu, VP of Engineering, ZeroNorth
    Collaboration between development and security teams is key to DevSecOps transformation and involves both cultural and technological shifts. The challenges associated with adoption can be mitigated by empowering developers with the appropriate security tools and processes, automation and orchestration.

    In this video, Andrei Bezdedeanu, ZeroNorth VP of Engineering, discusses how to get started with DevSecOps and the resulting benefits, including the delivery of more secure applications, lower cost of managing your security posture and full visibility into application and enterprise risks. He will also review the challenges, enablers and benefits to DevOps and DevSecOps and review key concepts such as DevOps vs SecOps and automation and orchestration.

    You will learn:
    • How to seamlessly automate and orchestrate security across the entire SDLC.
    • The foundation of DevSecOps, and the application development and deployment processes.
    • How to remove the cultural differences between DevOps and SecOps teams to make way for collaboration.
  • Holistic, Continuous Visibility into Application Security Risk Recorded: May 29 2018 2 mins
    ZeroNorth
    From code commit to application delivery, the ZeroNorth platform orchestrates and automates static and dynamic security testing and analysis, continuously, for a holistic view of your application security risk. Without impacting development velocity. Because security should never be a barrier to innovation. Learn how in just 90 seconds.
Provider of risk-based vulnerability orchestration across the SDLC
ZeroNorth is the first company to deliver risk-based vulnerability orchestration across applications and infrastructure. By orchestrating scanning tools across the entire software lifecycle, ZeroNorth provides a comprehensive and continuous view of risk, and reduces costs associated with managing disparate technologies. ZeroNorth empowers customers to rapidly scale application and infrastructure security, while integrating seamlessly into developer environments to simplify and verify remediation.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Why Security Must Be Part of the Software Life Cycle
  • Live at: Jul 31 2019 5:00 pm
  • Presented by: Michael Osterman, Principal Analyst, Osterman Research
  • From:
Your email has been sent.
or close