Hi [[ session.user.profile.firstName ]]

Come See LetSee Cyber Range

Finding security experts is hard, but training emerging experts is becoming easier! Security Innovation’s CMD+CTRL Cyber Ranges feature intentionally vulnerable web and mobile applications that teach teams how applications are attacked by actively exploiting them, creating higher engagement and retention.

The CMD+CTRL Cyber Range suite includes several banking websites - you may have heard of ShadowBank, the original and most popular cyber range - as well as a back-office HR application, social media app , mobile fitness tracker app and our newest edition, LetSee!

LetSee is an online marketplace that lets users shop and sell a variety of hand-made and vintage goods. LetSee is also our first Single Page App (SPA) with a heavy focus on API vulnerabilities.

Come see LetSee along with our entire Cyber Range suite and get 24 hour access post-webinar to test your hacking skills with our newest application!
Recorded May 23 2019 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Lisa Parcella, VP of Product and Marketing and Brandon Cooper, Cyber Range Support Specialist
Presentation preview: Come See LetSee Cyber Range

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Connected Cars: What Could Possibly Go Wrong? May 16 2021 5:30 am UTC 55 mins
    Dr. Larry Ponemon of the Ponemon Institute and Ed Adams of Security Innovation
    Millions of cars with tens of millions of lines of code are already talking to servers and each other. According to the Ponemon Research Institute, 63% of manufacturers test less than half of the technologies in your car for vulnerabilities and only 33% train developers on secure coding methods.

    However, there is a new IT system going into cars that was built with security and privacy by design. This “Talking Cars” safety of life program, which is estimated to save 10,000 lives per year, is one of the few automotive technologies that is secure and private for drivers.

    This webinar discusses the trade-off between safety, privacy, and convenience. It will also examine the 10-year Privacy by Design system used in “Talking Cars” and how other technology projects can benefit from similar due diligence.

    Topics:
    • Connected cars – threats and attack surface
    • Review of the most current research on automotive IT security and privacy
    • Blueprint for excellence: Security & Privacy in the “Talking Cars” program

    Though basic knowledge of cybersecurity and privacy is helpful, this webinar is for anyone who wants to better understand connected car technology and how to design resilient IT systems. The speakers, Dr. Larry Ponemon and Ed Adams, are experts in their field and deliver this information-rich webinar.
  • Connected Cars: What Could Possibly Go Wrong? Recorded: May 14 2021 55 mins
    Dr. Larry Ponemon of the Ponemon Institute and Ed Adams of Security Innovation
    Millions of cars with tens of millions of lines of code are already talking to servers and each other. According to the Ponemon Research Institute, 63% of manufacturers test less than half of the technologies in your car for vulnerabilities and only 33% train developers on secure coding methods.

    However, there is a new IT system going into cars that was built with security and privacy by design. This “Talking Cars” safety of life program, which is estimated to save 10,000 lives per year, is one of the few automotive technologies that is secure and private for drivers.

    This webinar discusses the trade-off between safety, privacy, and convenience. It will also examine the 10-year Privacy by Design system used in “Talking Cars” and how other technology projects can benefit from similar due diligence.

    Topics:
    • Connected cars – threats and attack surface
    • Review of the most current research on automotive IT security and privacy
    • Blueprint for excellence: Security & Privacy in the “Talking Cars” program

    Though basic knowledge of cybersecurity and privacy is helpful, this webinar is for anyone who wants to better understand connected car technology and how to design resilient IT systems. The speakers, Dr. Larry Ponemon and Ed Adams, are experts in their field and deliver this information-rich webinar.
  • Privacy in a Gossipy, Digital World Recorded: May 13 2021 60 mins
    Ed Adams, Security Innovation | Elena Elkina, Aleada Consulting | Larry Ponemon, Ponemon Institute | Erika Fisher, Atlassian
    Attitudes toward privacy have an amazingly broad spectrum. Laws like CCPA and GDPR are forcing organizations to build privacy programs, but their robustness varies significantly based on geography, industry, and consumer views. Counter forces of IT Security, Data Breaches, and IoT put privacy at risk every day. Come listen to 3 industry experts discuss privacy in the context of today’s digital world. They will discuss the organizational impacts of privacy, compliance drivers, and the difference between data security and data privacy.

    Topics include:
    • Impacts of emerging technologies (5G, Artificial Intelligence, etc.) on privacy programs
    • How the WFH movement has changed corporate privacy and security strategies
    • Findings from the recent study "Privacy and Security in a Digital World” by The Ponemon Institute
    • The battle between security and privacy (corporate, law enforcement, compliance, personal)
    • Practical tips on how to protect both privacy and data security
  • 7 Sins of Cloud Security Recorded: May 4 2021 56 mins
    Ed Adams, CEO, Security Innovation
    The cloud offers near-instant scale and numerous security features that organizations can leverage; however, it’s not that way by default. Despite wide adoption of cloud services, many organizations remain unprepared and unknowingly expand their attack surface. Gartner predicts that by 2025, 99% of cloud security issues will be the customer’s fault.
  • Securing the Modern Enterprise: Software Total Risk Management (SToRM) Framework Recorded: Apr 29 2021 55 mins
    Ed Adams, President and CEO, Security Innovation
    The proliferation and complexity of software-enabled systems have amplified risk for many organizations. Conventional approaches to software security don’t work, typically encompassing no more running vulnerability scanning. Executives need a better way to understand which products, systems, and teams are putting their enterprise at most risk – and deploy appropriate action plans.

    SToRM represents a new approach for enterprises to more effectively assess and protect software-dependent IT systems. Change your approach – evolve from a vulnerability focused approached to risk-based one. Learn pragmatic steps to ensure you’re mitigating the most risk with limited resources, time, and budget.

    Topics include:

    • Why traditional approaches aren’t working
    • How to identify risks at the business workflow and IT system levels
    • Techniques to calibrate assessment and mitigation efforts
  • Executive’s Guide to DevSecOps Recorded: Apr 23 2021 50 mins
    Ed Adams, President and CEO, Security Innovation
    DevOps brings the potential of faster time to market and higher quality software applications.  But to accelerate adoption or realize its full benefit, organizations need to adapt to the policy, staff, and technology changes that inherently accompany it.   

    Join us for an educational webinar that examines DevOps from an implementation and risk perspective and how to minimize organizational impact.

    Topics include:
    * What’s the difference? DevOps vs. other development approaches
    * Third-party risk:  COTS, open source, and cloud
    * Implications of accelerated development and automation 
    * Making room for DevOps: organizational changes
  • Back to Basics: The importance of security principles in technical roles Recorded: Apr 21 2021 63 mins
    Ed Adams, CEO, Security Innovation
    Principle-based approaches have long been at the core of “traditional” engineering disciplines. However, when it comes to building software and IT systems, best practices around encryption, access control, and authorization are often lackluster. The ability to understand and apply security concepts is essential to protecting today’s digital business.

    Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals whose collective experience spans Fortune 500 technology, financial services, and medical device industries.

    JOSHUA CORMAN
    Founder of I Am the Cavalry (dot org). His approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security.

    UMA CHANDRASHEKHAR
    Leader of the Global Information Product Security function at Alcon. She holds several patents in information security, privacy, and reliability and was an invited council member of the U.S. Federal Communications Commission’s Security, Reliability, and Interoperability Council (CSRIC).

    MARK MERKOW
    CISSP, CISM, CSSLP. A prolific author and advocate for building security into the SDLC with software-quality and security activities, tools, processes, and education.

    Topics to be discussed:

    * Why and for whom are security principles important?
    * Have principles become a lost art form, or did they never really take off?
    * What is the most underutilized principle? Does it vary based on tech stack and deployment?

    FREE GIVEAWAY
    We'll also be raffling off three copies of Mark Merkow's latest book "Secure, Resilient, and Agile Software Development" during the webinar.
  • 7 Sins of Cloud Security Recorded: Apr 13 2021 56 mins
    Ed Adams, CEO, Security Innovation
    The cloud offers near-instant scale and numerous security features that organizations can leverage; however, it’s not that way by default. Despite wide adoption of cloud services, many organizations remain unprepared and unknowingly expand their attack surface. Gartner predicts that by 2025, 99% of cloud security issues will be the customer’s fault.
  • Assessing System Risk the Smart Way Recorded: Apr 8 2021 60 mins
    Ed Adams, President and CEO, Security Innovation
    Information systems in the digital age are complex and expansive, with attack vectors coming in from every angle. This makes analyzing risk challenging, but more critical than ever.

    Attend this webcast to better understand the dynamics of modern IT systems, security controls that protect them, and best practices for adherence to today’s GRC requirements.

    Topics include:
    · Threats, vulnerabilities, weaknesses – why their difference matters
    · How vulnerability scanning can help (and hinder) your efforts
    · Security engineering and the system development lifecycle
    · High impact activities - application risk rating and threat modeling
  • Threat Modeling – Locking the Door on Vulnerabilities Recorded: Apr 6 2021 62 mins
    Ed Adams, CEO by day, engineer at heart
    Did you lock the door before leaving your house this morning? If you did, you threat modeled without even realizing it. Threat modeling is identifying potential threats (house robbery) and implementing measures to mitigate the risk (locking your door).

    Protecting valuable assets, no matter if personal assets or business-related assets such as the software you are developing, threat modeling should become an instinctual and necessary part of your process.

    Our talk highlights how nearly 50% of security flaws can be mitigated through threat modeling. We help you prevent and mitigate risks by utilizing a reliable and hard-hitting analysis technique that can be applied to individual applications or across an entire portfolio. We show you how to effectively apply these techniques at the start of the design phase and throughout every phase of the development lifecycle so you can maximize the ROI of your security efforts.

    Topics covered include:
    • Threat Modeling 101
    • The propagating effect of poor design
    • Tabletop exercise – a world with and without threat modeling
    • Best practices and metrics for every stakeholder
  • Aligning Application Security & Compliance Recorded: Apr 6 2021 48 mins
    Ed Adams, President and CEO, Security Innovation
    Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.

    This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:

    * Consolidating security and compliance controls
    * Creating application security standards for development and operations teams
    * Identifying and remediating gaps between current practices and industry accepted "best practices”
  • Securing the Third-Party Software Supply Chain Recorded: Apr 2 2021 44 mins
    Ed Adams, President and CEO, Security Innovation
    Today, a significant percentage of all software is assembled from open-source software and COTS. Akin to a baker who didn’t grow their ingredients, how well do development teams know their ingredients and the inherent risk they carry?

    This webinar provides an understanding of how to “shift left” in a DevOps SDLC by conducting early stage scrutiny to better manage software risk. Topics include:

    •Choosing components wisely to reduce attack surface
    •Ongoing threat modeling
    •Cloud configuration and deployment review
    •Procurement strategies and contracting tools
    •Mitigating weaknesses in supply chain elements
  • Are we there, yet? Measuring effectiveness of InfoSec programs Recorded: Mar 25 2021 60 mins
    Ed Adams, Security Innovation | Florence Mottay, Ahold Delhaize | Sherron Burgess, BCD Travel | Sandra Dunn, Blue Cross Idaho
    High-performing InfoSec programs are critical to protecting sensitive data, securing systems, and maintaining compliance. However, organizations continuously struggle with the “how are we doing?” question.

    Attend our next Ed Talk to learn how to identify key metrics and implement measurement vehicles to understand your real security posture.

    * Benchmarking: What do you measure? And against what?

    * Analysis Paralysis: What to do with the results and avoiding misleading and distracting data

    * Metric Traps: Red flags versus red herrings
  • How an Attacker "Audits" Your Software Applications Recorded: Mar 19 2021 62 mins
    Joe Basirico, VP of Services at Security Innovation
    Software runs today’s business; however, security implications are often misunderstood, creating significant organizational risk. Poorly configured servers, 3rd-party software, and continuous release cycles put additional pressure on already stressed teams.

    Hackers no longer just exploit vulnerabilities in code -- faulty cloud deployments, weak database structures, and business logic problems are also easy targets for attackers. To reduce risk, you’ve got to audit your system in the same way an attacker would.

    This presentation demonstrates how attackers compromise the modern enterprise. For each attack demonstrated, mitigation practices will be discussed. WARNING: software will be harmed during this presentation. Viewer discretion advised.

    Topics include:

    - The modern technology stack
    - Easy pickings – hacking demonstrations!!
    - Auditing software-based systems:
    o Standards and policies
    o System updates and patching
    o Data leakage/exfiltration
    o Identity & access management
    o System logs and tracking
    o Tamper protections and detection
    o Authentication and access controls
  • Securing Applications in the Cloud Recorded: Mar 15 2021 53 mins
    Ed Adams, President & CEO at Security Innovation
    As organizations shift control of their infrastructure and data to the cloud, it is critical that they rethink their application security efforts. This can be accomplished by ensuring applications are designed to take advantage of built-in cloud security controls and configured properly in deployment.

    Attend this webcast to gain insight into the security nuances of the cloud platform and risk mitigation techniques. Topics include:
    • Common cloud threats and vulnerabilities
    • Exposing data with insufficient Authorization and Authentication
    • The danger of relying on untrusted components
    • Distributed Denial of Service (DDoS) and other application attacks
    • Securing APIs and other defensive measures
  • How to Hijack a Pizza Delivery Robot with Injection Flaws Recorded: Mar 11 2021 63 mins
    Joe Basirico, VP of Services at Security Innovation
    A replay of one of our most-viewed webinars from 2019.

    Welcome to the lighter side of the software security world!

    We’ll explain complex topics like injection flaws, configuration errors, and parameter tampering with real-world analogies, like breaking into your house through your shed, or sneaking into a Coldplay concert using a reflective yellow vest, a walkie talkie toy, and your bravado. If you’ve ever struggled to remember exactly how these issues work or struggled to explain them to someone outside of the security field, this presentation will help (and probably make you laugh).

    Topics covered include:
    - Injection Flaws
    - XSS
    - SQL Injection
    - Broken Authentication
    - Privilege Escalation
    - Information Disclosure
    - Parameter Tampering
    - Configuration Errors

    This webinar is ideal for anyone who wants to understand core Application Security concepts so they can apply risk mitigation strategies with better context.
  • Cloudy at the Breach: Your Software, Your Data, Your Loss Recorded: Mar 8 2021 60 mins
    Panelists: Satish Janardhanan, Accenture; Nazira Carlage, Salesforce.com; and Vlad Joanovic, Microsoft
    The use of cloud services and infrastructure continues to skyrocket. Meanwhile, the proliferation of turn-key SaaS solutions makes it compelling for enterprises to use cloud-based software. Organizations are spinning up servers and databases in minutes, moving their applications to take advantage of CSP scalability, and mistakenly assuming they are immediately more secure.

    There’s no doubt the cloud can deliver on the promises of improved scalability, availability, and security; however, consumers need to do their part. Come listen to 3 experts debate data and software security in the cloud. Topics include:
    • Key considerations - new skills, migration challenges, compliance implications
    • Unwanted surprises - misconfigurations, application rewrites, open data buckets
    • Attack vectors - how they impact data flow and storage models
    • Sunnier days - must-do’s for securing cloud software
  • How Do I Increase Security Without Impacting Productivity? Recorded: Mar 4 2021 44 mins
    Seamus McLaughlin, Senior Solutions Consultant, LogMeIn | Ed Adams, CEO, Security Innovation Inc | Ray Espinoza, CISO, Cobalt
    Welcome to the first episode of The Security Series: Simplify, Secure, Strategise!

    Employee productivity is at the heart of LastPass’ security measures. Having to manually remember passwords and credentials can cause lockouts and resets, causing distractions and reducing working time. According to LastPass, 80% of data breaches can be traced to weak, reused and stolen credentials. Data breaches and poor password management can be detrimental to employee productivity, and is another example of how effective security measures can enhance the work of your employees.

    However, this is not to say that all security measures improve productivity. For example, adding overly complex security solutions can get in the way of employee productivity, and lots of security measures fail to meet user experience demands. Further, it is vital that security efforts are complementary across your organization, providing you with better insights into user behavior.

    How can you implement security strategies that aid employee productivity, rather than hindering it?

    In this session, we will discuss:
    - Securing VPNs, and keeping productivity up amongst remote employees
    - The benefits of an all in one authentication system, as well as a multi factor authentication system
    - How to implement flexible authentication, and what this can do for your security and productivity
  • Aligning Application Security & Compliance Recorded: Feb 26 2021 48 mins
    Ed Adams, President and CEO, Security Innovation
    Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.

    This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:

    * Consolidating security and compliance controls
    * Creating application security standards for development and operations teams
    * Identifying and remediating gaps between current practices and industry accepted "best practices”
  • Avoiding Supply Chain Burns, featuring Edna Conway & Octavia Howell Recorded: Feb 24 2021 57 mins
    Ed Adams, Security Innovation | Edna Conway, Microsoft | Octavia Howell, Equifax | Zach Minneker, Security Innovation
    Edna Conway (Microsoft) & Octavia Howell (Equifax) join us for an exclusive panel on avoiding supply chain burns. Supply chain risk is not going away, especially not software updates that fuels the IT-dependent enterprise. The SolarWinds hack has sowed doubts about the fidelity and security of 3rd-party tech. Despite significant damage, some organizations successfully thwarted the attacks despite using the vulnerable SolarWinds Orion appliance – how did they do it and what can we learn from it.

    This Ed TALK brings respected cybersecurity and supply chain experts together to discuss what companies that build and use technology can do to protect themselves in this increasingly partner dependent world.

    Topics include:
    Knowing your ingredients – SBOMs (software bill of materials)
    I spy – can we detect or prevent “tainted” software updates
    Walking the walk – let’s talk effective defense-in-depth, incidence response, network segmentation, and “zero-trust”
    Avoiding the recency trap – risk rating threats to avoid knee-jerk reactions
    Robots to the rescue – can AI be the solution to real-time threat intelligence?
Securing software in the connected world
In today's connected world, software runs everything - from smart phones to banking applications, cars to home security systems, even refrigerators, garage doors and other every day devices are "connected." Software is everywhere – and unfortunately, it provides the largest attack surface for hackers. We are a cybersecurity company leveraging our deep knowledge of software security to create relevant products and services.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Come See LetSee Cyber Range
  • Live at: May 23 2019 6:00 pm
  • Presented by: Lisa Parcella, VP of Product and Marketing and Brandon Cooper, Cyber Range Support Specialist
  • From:
Your email has been sent.
or close