Name: Threat Modeling – Locking the Door on Vulnerabilities
Start: 2018-05-09T18:00:00Z
End: 2018-05-09T18:01:02.000Z
Location: BrightTALK
Rating: 4.5

Security Innovation is an authority on software security and helps organizations build and deploy more secure software.  Global technology vendors and enterprise IT organizations such as Microsoft, IBM, FedEx, ING, Symantec, Coca-Cola and GE rely on our expertise to understand the security risks in their software systems and facilitate the software and process change necessary to mitigate them. 

Security Innovation specializes in software security, an area where traditional “information security” and “business” consultants tend to struggle. We have been analyzing application vulnerabilities and risk for almost a decade and were one of the first providers of software risk solutions to Fortune 500 firms. Our unrivaled proficiency in technical analysis, coupled with sound knowledge of business processes, results in world-class solutions that bridge the gap between application security holes and risk management optimization.

Baking security into applications earlier in the software development lifecycle has become the mantra of the enterprise today, with software development and security teams working closely together to ensure more secure coding throughout the development process to ensure safer and more secure applications. But what about mobile apps?

In this webinar, experts will discuss strategies to integrate security tasks across all phases of the mobile app development lifecycle: design, development, and regular testing, with the goal of finding and fixing vulnerabilities or issues efficiently in the dev process. You will also get advice on how to employ tools and practices to support your dev and security teams in this new generation of collaboration for more secure software development for your organization's mobile apps.

- Explore what a “shift left” requires of both development and security teams
- Get advice on how to put security first without stifling software innovation
- Find out about the emerging role of AI in DevSecOps

Presented live by featured speakers Dr. Jason Clark and Dinesh Shetty, Moderated by Becky Bracken.

DevSecOps for Mobile App Development

Software developers need effective training to reduce risk and maintain compliance. Simulation training and tying training to job function are among the most effective ways to help learners retain knowledge. The Base Camp training platform from Security Innovation combines micromodules, labs, and realistic application environments to build skills that stick. Explore the unique features of the Base Camp platform and learn how to level up your software security for every role and skill level across the software development lifecycle.

Join our senior project manager, Jose Lazu, and Brandon Cooper, solutions engineer, as they walk you through customizable journeys and pathways for tailored training, assessing employee skills, ordered access to assignments, and recognizing skill achievements with certificates of completion. Learn how Base Camp can help you upskill every role across your organization — not just those nearest to the code.

During this product demo, Jose and Brandon will provide insights on:
- Role-Based Training: Turnkey paths for all major roles and technologies.
- Multiple Modalities: Courses, hands-on labs, and realistic simulations increase engagement and ingrain new knowledge and behavior.
- Realistic Simulation: On-the-job scenarios, real technology, and real coding build contextual skills.
- Detailed Analytics: Baselining, assessments, and automated reports make it easy to track progress against key performance indicators

Demo: Level Up Your Software Security Training by Building Skills That Stick

Modern software development demands a balance between speed, efficiency, and security. DevOps, the fusion of development and operations, aims to achieve this balance by optimizing the software development process for rapid delivery. While the successful integration of security practices empowers organizations to ensure systems remain resilient, many companies have been reluctant to move to DevSecOps, fearing it will be complex and time-consuming.

In this webinar, we explore best practices for seamlessly integrating security into DevOps to ensure that software development doesn't compromise security in its quest for speed.

Join us as we discuss:
- Driving collaboration between Development and Operations
- Customized Policies & Governance for awareness and adherence
- Managing Third-party risk
- Eliminating Bottlenecks
- Upleveling Skills to Empower Teams
- Leveraging risk-based assessments and threat modeling to guide the DevSecOps process

Still Developing Software the Old Way? Best Practices for Migrating to DevSecOps

When it comes to keeping technical audiences apprised of security challenges, success is all about relevance and interest. Simulation training and tying training to a learner’s job function are emerging as some of the most effective ways to help learners retain knowledge. By utilizing hands-on training methods that immerse users into the technical environment they encounter daily, one can enumerate security risks in a context that is both familiar and engaging. This talk discusses methods to create engagement, lasting behavior change, and, dare we say, enjoyment for your technical workers.

Join us for a webinar with The Training Industry, where your host, Ed Adams, author and CEO of Security Innovation, and Michael Hendrickson, former vice president of technology and development products at Skillsoft, will discuss what thought leaders are saying about growing threats and the importance of good cybersecurity hygiene, as well as the most effective training methods for technical audiences in 2024. Skip the guesswork and get ahead with up-to-date methods and insights — you’ll be glad you did.

Our interactive webinar will provide you with valuable insights on:

- The Power of Relevance in Security Training: Discover why tailoring cybersecurity training to an individual’s job function leads to better knowledge retention.
- Engagement Through Simulation Training: Learn about the effectiveness of immersive, hands-on simulation training for technical audiences.
- Creating Lasting Behavior Change: Explore methods to engage technical teams in cybersecurity hygiene, resulting in lasting behavior change and enhanced security.
- Industry Insights and Trends for 2024: Gain knowledge on growing security threats and the most effective and up-to-date training methodologies for 2024.

Training Techies on Security: It’s Not Rocket Science!

DevOps is often characterized as a mindset shift, but that undermines the critical cogs that actually make it work - the people, technology, and processes.

Ed TALKS: Movers & Shakers in DevSecOps

Many organizations are “shifting left” to introduce security earlier in the software development lifecycle (SDLC). The benefits are more secure software, lower risk, and more efficient software delivery. This means training developers and other roles in the process on the skills and knowledge they need to shift left. This webinar will discuss what training is needed and how to deliver it.

Shifting Software Security Training Left

As the notorious cybersecurity skills gap widens, organizations look for effective ways to up-level competency across diverse roles and abilities. However, they need help understanding whom to train, the most effective methods, and how to sustain a security culture.    
 
In this webcast, Security Innovation’s adult learning expert will put Dr. Ponemon on the “hot seat” and press for insight into key findings of his most recent research on cybersecurity training benchmarks. She’ll then discuss the power of simulation training and how organizations have used it to change security behavior.
 
Topics include:
 
• Training & Organizational Maturity – Adopting more best practices increases an organization’s security effectiveness score (SES).
• Highest Impact Activities – Learn about realistic simulation, role-based content, and measuring ability.
• Simulation Training in Business Environments – How it’s different from gamification and builds skills other modes can’t.

About the Presenters:

Dr. Larry Ponemon is a legend in cybersecurity and privacy research. His think-tank, The Ponemon Institute, is a frequently cited and globally recognized source for independent security analysis. Security Magazine named him one of the “Most Influential People for Security.” Dr. Ponemon has held tenured faculty positions and published numerous articles and educational books.
 
Amy Severson, Dir. Customer Success, Security Innovation, manages a team that works closely with globally recognized brands to ensure their cybersecurity training programs are sticky, measurable, and successful. She has extensive experience up-leveling skills for thousands of Software & IT engineers at companies like Microsoft, Accenture, McKesson, Staples, Tesco, Target, and others. Amy has expertise and passion in immersion learning, and she earned her M.A. in Education & Human Development, Educational Technology Leadership from George Washington University.

Making Security Skills Stick – Findings from Ponemon Research

The modern enterprise is highly dependent on the cloud and software-driven systems. To protect them, teams need relatable training that reflects the technologies they work with. Otherwise, they’ll tune it out.  

Recent Ponemon Institute research shows that realistic simulation training tied to a specific job function is the most effective way to prepare teams for the battles they’ll face. By utilizing hands-on training in a familiar environment, teams can enumerate security risks in a native context. 

Come learn the strategies of three security & technology leaders to up level skills of various  audiences, create engagement, and drive lasting behavior change.

Ed TALKS: How to Train IT Teams for Security

On top of the usual threats inherent to IT networks, applications, and cloud services, the complexity of medical devices creates a massive and distributed attack surface. Compounding the challenge are long-life expectancy and third-party dependency.

Attend this panel to hear healthcare security experts discuss the anatomy of medical devices, how to design them with human safety in mind, and how to make a shared security responsibility model a reality.

Specific topics include:

• The Prescription - security measures the FDA and others are demanding
• The Skeleton - the rickety infrastructure healthcare runs on
• The Brains - is SaMD (Software as a Medical Device) the new world norm?
• The DNA - what Software Bill of Materials (SBOMs) tell us about risk
• The Immune System - why traditional IT defenses struggle to protect patients
• The X-Rays - the need for new surveillance techniques

Ed TALKS Modernizing Medical Device Security: A New Perspective on Old Practices

While traditional assessment techniques like pen testing and scanning are effective at catching issues before software is deployed, they are simply not scalable given today’s accelerated releases. To release software with confidence, organizations need to address their core issue – people & process gaps.   

This webcast will demonstrate how implementing core security activities into your SDLC and augmenting with role-specific training will yield more self-defending software. Topics include:

- Today’s software security landscape and challenges
- Breaking the Find & Fix hamster wheel
- Fusing activities (the what) and skills (the how) to amplify risk reduction

People & Processes: The Yin and the Yang of Software Security

Are you ready to take your team's software security skills to the next level while having a ton of FUN? Look no further than our newest CMD+CTRL Cyber Range – Shadow Health!

Shadow Health is a gamified, fully-functional health management portal where unwitting patients log in to set appointments, view prescriptions and visit summaries, and more. Since you are already familiar with how a portal like this works, your challenge is to dive right in to identify weak spots in the software across multiple attack surfaces, exploit them, and take out the bad guys behind this nefarious site.

This strangely “unhealthy” cyber range goes one step further than our previous ranges with 14 challenge categories that require diverse skill sets and expertise from multiple areas of the software organization to solve them. While this range doesn’t require any special “hacking tools,” this is considered an intermediate-level range and is a perfect follow up to any one of our Core ranges - particularly Shadow Bank, Shred, Account All or InstaFriends.

Join us on Wednesday, June 14th at 11:00 AM EST to learn how Shadow Health can enhance your team's application security skills by providing real-world experience - from combating threats to identifying and exploiting weak spots. Whether you're a current customer or considering investing in CMD+CTRL training, this webinar is a must-attend event. We'll even include a short demonstration of Shadow Health in action!

Don't wait! Sign up now to take the first step toward a more secure future for your organization.

Introducing Shadow Health, the Game-Changing Cyber Range

Addressing software security requires more than just the ‘secure code training’ approach that many organizations use and vendors sell. This webinar will help you understand why you need to go beyond the code to keep your organization’s software secure, and how to do it.

Creating A Complete Software Security Training Program: Going Beyond the Code

Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data.  However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance. 

This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls.  Topics include:

* Consolidating security and compliance controls 
* Creating application security standards for development and operations teams
* Identifying and remediating gaps between current practices and industry accepted "best practices”

Aligning Application Security & Compliance

Modern application design and the continued adoption of DevOps expand the scope of automated security testing and push tools to the limit. Simultaneously, complex platforms like IoT and Blockchain require more specialized tools and skills.

With software applications being more assembled than coded, and cloud CI/CD accelerating release, it’s time to sunset some legacy tools and consider new ones.

Come hear how product and application security professionals plan to scale software securely in 2022.

• The traditionalists: SAST, DAST, IAST
• Replacement players: SCA, API & container security, etc.
• New Kids on the Block: IaC, cloud native, fuzz
• Limitations, pitfalls, and best practices

Ed TALKS: Scaling AppSec – Getting Tools to Perform

Did you lock the door before leaving your house this morning?  If you did, you threat modeled without even realizing it. Threat modeling is identifying potential threats (house robbery) and implementing measures to mitigate the risk (locking your door). 

Protecting valuable assets, no matter if personal assets or business-related assets such as the software you are developing, threat modeling should become an instinctual and necessary part of your process.

Our talk highlights how nearly 50% of security flaws can be mitigated through threat modeling. We help you prevent and mitigate risks by utilizing a reliable and hard-hitting analysis technique that can be applied to individual applications or across an entire portfolio. We show you how to effectively apply these techniques at the start of the design phase and throughout every phase of the development lifecycle so you can maximize the ROI of your security efforts. 

Topics covered include:
    • Threat Modeling 101
    • The propagating effect of poor design
    • Tabletop exercise – a world with and without threat modeling
    • Best practices and metrics for every stakeholder

Threat Modeling – Locking the Door on Vulnerabilities

Application Security

Threat Management

Mitigation

Security

Best Practice

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Threat Modeling – Locking the Door on Vulnerabilities

Presented by

About this talk

More from this channel