Hi [[ session.user.profile.firstName ]]

Executive’s Guide to DevSecOps

DevOps brings the potential of faster time to market and higher quality software applications.  But to accelerate adoption or realize its full benefit, organizations need to adapt to the policy, staff, and technology changes that inherently accompany it.   

Join us for an educational webinar that examines DevOps from an implementation and risk perspective and how to minimize organizational impact.

Topics include:
* What’s the difference? DevOps vs. other development approaches
* Third-party risk:  COTS, open source, and cloud
* Implications of accelerated development and automation 
* Making room for DevOps: organizational changes
Recorded Apr 22 2020 50 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ed Adams, President and CEO, Security Innovation
Presentation preview: Executive’s Guide to DevSecOps

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • EdTALK: Paying it Forward – Securing Technology in the Payment Ecosystem Recorded: Nov 19 2020 63 mins
    Ed Adams-Security Innovation, Kara Gunderson-CITGO, Ira Winkler-Skyline Technology, Phil Agcaoili-Ponemon Institute Fellows
    The payment ecosystem is a complex one that is exposed from multiple points: Data interception, identify theft, and other attacks primarily target insecure software, APIs, and communication protocols that are difficult to lock down.

    To secure data within the payment infrastructure retailers, software providers, financial institutions, and device manufacturers need to implement risk-based practices. Come hear three industry experts - Kara Gunderson (CITGO) and Ira Winkler (author, "You Can Stop Stupid"), Phil Agcaoili (Ponemon Institute Fellows) - discuss how to do this in a practical manner.

    Topics include:

    • Biggest threats and common attack vectors
    • Dealing with POS (point of sale) systems
    • End to End encryption – is it even possible?
    • Managing software updates
    • Passing with A’s: Authentication, Authorization & Access
  • Email Security in the Age of Remote Work Recorded: Oct 15 2020 61 mins
    Jo Peterson, Clarify 360; Dr Richard Ford, Cyren; Geoff Vaughan, Security Innovation & Mariana Pereira, Darktrace
    There are an estimated 1.5 billion people working remotely due to COVID-19 and email is one of the ways businesses are communicating and staying connected with customers, employers and vendors. Ransomware, phishing and email exploits are continuing to rise. According to Security Magazine, over 96% of all security attacks begin with an email.

    Today’s panel will focus on:
    - the current state of email security and tools,
    - best practices for email safety, resilience planning, brand protection and thoughts on training
  • Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps Recorded: Oct 14 2020 63 mins
    Joe Basirico, SVP of Engineering at Security Innovation
    This talk will help you, as a decision maker or architect, to understand the risks of migrating a thick client or traditional web application to the modern web. In this talk I’ll give you tools and techniques to make the migration to the modern web painless and secure so you can mitigate common pitfalls without having to make the mistakes first. I’ll be doing demos, and telling lots of stories throughout.

    Making some good architectural decisions up front can help you:

    - Minimize the risk of data breach
    - Protect your user’s privacy
    - Make security choices easy the easy default for your developers
    - Understand the cloud security model
    - Create defaults, policies, wrappers, and guidance for developers
    - Detect when developers have bypassed security controls
  • Cyber Attack Trends & Threat Forecast for 2021 Recorded: Oct 12 2020 60 mins
    Eric Adams, Kyriba; Roland Dobbins, NETSCOUT; Ed Adams, Security Innovation;Jeff Foresman, Digital Hands;Bryson Bort, SCYTHE
    So far, 2020 has been a challenging year for everyone. COVID-19 and the push for a more remote workforce have left many organizations vulnerable to the risk of a cyber attack. With IT and security teams struggling with the challenges created by remote access attackers are rushing in to capitalize on the chaotic environments created by the pandemic. 

    Application security is becoming increasingly important. According to the Verizon 2020 DBIR, there has been an increase in cyber attacks on web applications, both in terms of percentage and in the raw number of breaches.

    So, what else is on the horizon for 2021?

    Join this panel of security experts and industry leaders to learn more about:
    - The COVID-19 impact on organizations and trends in recent cyber attacks
    - Phishing, ransomware, DDoS and other cyber threats
    - Why web applications are a top target for attackers
    - Lessons from the front-lines and recommendations for dealing with a cyber attack
    - What organizations need to prepare for in 2021
    - How best to enable teams and secure the enterprise
  • Cloudy at the Breach: Your Software, Your Data, Your Loss Recorded: Oct 6 2020 61 mins
    Panelists: Satish Janardhanan, Accenture; Nazira Carlage, Salesforce.com; and Vlad Joanovic, Microsoft
    The use of cloud services and infrastructure continues to skyrocket. Meanwhile, the proliferation of turn-key SaaS solutions makes it compelling for enterprises to use cloud-based software. Organizations are spinning up servers and databases in minutes, moving their applications to take advantage of CSP scalability, and mistakenly assuming they are immediately more secure.

    There’s no doubt the cloud can deliver on the promises of improved scalability, availability, and security; however, consumers need to do their part. Come listen to 3 experts debate data and software security in the cloud. Topics include:
    • Key considerations - new skills, migration challenges, compliance implications
    • Unwanted surprises - misconfigurations, application rewrites, open data buckets
    • Attack vectors - how they impact data flow and storage models
    • Sunnier days - must-do’s for securing cloud software
  • It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb Recorded: Sep 1 2020 60 mins
    Ed Adams, CEO, Security Innovation
    With the proliferation of COTS, Open Source Software, libraries, frameworks, APIs, and other components, modern software is increasingly assembled instead of coded from scratch. While this shift helps deliver feature-rich solutions and interoperability, it also introduces risk and data security challenges.

    To manage 3rd-party risks, new assessment and mitigation techniques are needed. Fixing the code is often impossible, pen testing can be limiting, and patching still leaves you exposed.     

    Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals, including:

    Global CISO, Millicom (Tigo) Telecommunications
    An industry-recognized leader, John has decades of experience providing Information Security services to multinational organizations in diverse verticals. He is a prolific author and speaker and previously served as CISO for MIAX Options Exchange and Dow Jones.

    General Counsel & Manager, Instapay Flexible LLC
    Charisse has over 30 years of experience in the IT industry. She combines her technology expertise with security and legal skills to help organizations meet their security and compliance needs. She is an adjunct Professor of Law at John Marshall Law School.

    Product Director, Absorb Software
    Fred is a technology expert with 20+ years of experience in the SaaS, Cloud, and cybersecurity fields. Throughout his career, he has worked closely with engineering and marketing teams to bring high-quality and secure products to the market.

    Join us the hear these experts debate the following topics:
    - Conducting software composition analysis (SCA)
    - Assessing threats and impacts
    - Risk-rating your inventory
    - Selecting the right controls
  • Back to Basics: The importance of security principles in technical roles Recorded: Jul 16 2020 63 mins
    Ed Adams, CEO, Security Innovation
    Principle-based approaches have long been at the core of “traditional” engineering disciplines. However, when it comes to building software and IT systems, best practices around encryption, access control, and authorization are often lackluster. The ability to understand and apply security concepts is essential to protecting today’s digital business.

    Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals whose collective experience spans Fortune 500 technology, financial services, and medical device industries.

    Founder of I Am the Cavalry (dot org). His approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security.

    Leader of the Global Information Product Security function at Alcon. She holds several patents in information security, privacy, and reliability and was an invited council member of the U.S. Federal Communications Commission’s Security, Reliability, and Interoperability Council (CSRIC).

    CISSP, CISM, CSSLP. A prolific author and advocate for building security into the SDLC with software-quality and security activities, tools, processes, and education.

    Topics to be discussed:

    * Why and for whom are security principles important?
    * Have principles become a lost art form, or did they never really take off?
    * What is the most underutilized principle? Does it vary based on tech stack and deployment?

    We'll also be raffling off three copies of Mark Merkow's latest book "Secure, Resilient, and Agile Software Development" during the webinar.
  • The PCI Secure Software Life Cycle Standard (SLC) Recorded: Jun 3 2020 60 mins
    Kevin Poniatowski, Principal Security Instructor
    Securing payment software, transactions and data

    The PCI SLC outlines security requirements and assessment procedures to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data. It provides payment software vendors with nine control objectives that set the stage for secure and repeatable development. These controls are very likely to become requirements for all in the future.

    Join this webcast to understand how to:

    • Identify and mitigate common threats and vulnerabilities defined in the PCI Secure SLC standard
    • Build an environment for secure software development, change control, and management
    • Improve communications for secure deployment, configuration and software updates
    • Document and demonstrate evidence of compliance to validate your practices
  • How to Develop, Test & Maintain Secure Systems (While Being PCI Compliant) Recorded: May 20 2020 62 mins
    Kevin Poniatowski, Principal Security Engineer & Trainer
    To ensure critical data can only be accessed by authorized personnel, it is paramount to integrate security best practices during development. It’s equally important to protect deployed systems, especially in CI/CD (continuous integration and deployment) and DevOps environments.

    Attend this webcast to learn techniques to define, design, develop, test, and maintain secure systems. Particular focus will be paid to software-dependent systems.

    Topics include:
    • Identifying and risk-rating common vulnerabilities
    • Applying practices such as least privilege, input/output sanitation, and system hardening
    • Implementing test techniques for system components, COTS, and custom software
  • Protect Sensitive Data (and be PCI Compliant, too!) Recorded: May 7 2020 59 mins
    Kevin Poniatowski, Principal Security Instructor
    Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.

    Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.

    Topics covered:

    • Properly protecting stored cardholder data - encryption, hashing, masking and truncation

    • Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security

    • How to identify and mitigate missing encryption
  • Most Dangerous Security Gaps That Enterprises Should Avoid (During WFH) Recorded: May 7 2020 63 mins
    Ed Adams, CEO and President, Security Innovation and Bikash Barai, Co-founder, FireCompass
    Our security practices need to evolve to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent - attack that which yields maximum results - and that is usually something used by a very very large number of users.

    Key Points To Be Discussed:
    New attack techniques hackers are using targeting WFH
    How to handle decentralisation of IT and technology decisions
    Application risks as enterprises pivot to online/new business model(s)
    New risks in the Cloud due to Shadow IT
    Security risks due to uninformed employees & their home infrastructure
    How to handle Misconfigurations & Third-party risks
    How to build a robust breach response and recovery program?
  • Executive’s Guide to DevSecOps Recorded: Apr 22 2020 50 mins
    Ed Adams, President and CEO, Security Innovation
    DevOps brings the potential of faster time to market and higher quality software applications.  But to accelerate adoption or realize its full benefit, organizations need to adapt to the policy, staff, and technology changes that inherently accompany it.   

    Join us for an educational webinar that examines DevOps from an implementation and risk perspective and how to minimize organizational impact.

    Topics include:
    * What’s the difference? DevOps vs. other development approaches
    * Third-party risk:  COTS, open source, and cloud
    * Implications of accelerated development and automation 
    * Making room for DevOps: organizational changes
  • Securing the Third-Party Software Supply Chain Recorded: Mar 12 2020 45 mins
    Ed Adams, President and CEO, Security Innovation
    Today, a significant percentage of all software is assembled from open-source software and COTS. Akin to a baker who didn’t grow their ingredients, how well do development teams know their ingredients and the inherent risk they carry?

    This webinar provides an understanding of how to “shift left” in a DevOps SDLC by conducting early stage scrutiny to better manage software risk. Topics include:

    •Choosing components wisely to reduce attack surface
    •Ongoing threat modeling
    •Cloud configuration and deployment review
    •Procurement strategies and contracting tools
    •Mitigating weaknesses in supply chain elements
  • Securing the Modern Enterprise: Software Total Risk Management (SToRM) Framework Recorded: Feb 20 2020 55 mins
    Ed Adams, President and CEO, Security Innovation
    The proliferation and complexity of software-enabled systems have amplified risk for many organizations. Conventional approaches to software security don’t work, typically encompassing no more running vulnerability scanning. Executives need a better way to understand which products, systems, and teams are putting their enterprise at most risk – and deploy appropriate action plans.

    SToRM represents a new approach for enterprises to more effectively assess and protect software-dependent IT systems. Change your approach – evolve from a vulnerability focused approached to risk-based one. Learn pragmatic steps to ensure you’re mitigating the most risk with limited resources, time, and budget.

    Topics include:

    • Why traditional approaches aren’t working
    • How to identify risks at the business workflow and IT system levels
    • Techniques to calibrate assessment and mitigation efforts
  • Aligning Application Security & Compliance Recorded: Jan 21 2020 49 mins
    Ed Adams, President and CEO, Security Innovation
    Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.

    This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:

    * Consolidating security and compliance controls
    * Creating application security standards for development and operations teams
    * Identifying and remediating gaps between current practices and industry accepted "best practices”
  • How to Hijack a Pizza Delivery Robot with Injection Flaws Recorded: Dec 17 2019 64 mins
    Joe Basirico, VP of Services at Security Innovation
    Welcome to the lighter side of the software security world!

    We’ll explain complex topics like injection flaws, configuration errors, and parameter tampering with real-world analogies, like breaking into your house through your shed, or sneaking into a Coldplay concert using a reflective yellow vest, a walkie talkie toy, and your bravado. If you’ve ever struggled to remember exactly how these issues work or struggled to explain them to someone outside of the security field, this presentation will help (and probably make you laugh).

    Topics covered include:
    - Injection Flaws
    - XSS
    - SQL Injection
    - Broken Authentication
    - Privilege Escalation
    - Information Disclosure
    - Parameter Tampering
    - Configuration Errors

    This webinar is ideal for anyone who wants to understand core Application Security concepts so they can apply risk mitigation strategies with better context.
  • How an Attacker "Audits" Your Software Applications Recorded: Nov 19 2019 63 mins
    Joe Basirico, VP of Services at Security Innovation
    Software runs today’s business; however, security implications are often misunderstood, creating significant organizational risk. Poorly configured servers, 3rd-party software, and continuous release cycles put additional pressure on already stressed teams.

    Hackers no longer just exploit vulnerabilities in code -- faulty cloud deployments, weak database structures, and business logic problems are also easy targets for attackers. To reduce risk, you’ve got to audit your system in the same way an attacker would.

    This presentation demonstrates how attackers compromise the modern enterprise. For each attack demonstrated, mitigation practices will be discussed. WARNING: software will be harmed during this presentation. Viewer discretion advised.

    Topics include:

    - The modern technology stack
    - Easy pickings – hacking demonstrations!!
    - Auditing software-based systems:
    o Standards and policies
    o System updates and patching
    o Data leakage/exfiltration
    o Identity & access management
    o System logs and tracking
    o Tamper protections and detection
    o Authentication and access controls
  • Assessing System Risk the Smart Way Recorded: Oct 16 2019 61 mins
    Ed Adams, President and CEO, Security Innovation
    Information systems in the digital age are complex and expansive, with attack vectors coming in from every angle. This makes analyzing risk challenging, but more critical than ever.

    Attend this webcast to better understand the dynamics of modern IT systems, security controls that protect them, and best practices for adherence to today’s GRC requirements.

    Topics include:
    · Threats, vulnerabilities, weaknesses – why their difference matters
    · How vulnerability scanning can help (and hinder) your efforts
    · Security engineering and the system development lifecycle
    · High impact activities - application risk rating and threat modeling
  • Slashing Cloud Risk: 3 Must-Do's Recorded: Sep 25 2019 55 mins
    Joe Basirico, SVP of Engineering at Security Innovation
    The cloud is a cost-effective way to provide maximum accessibility for your customers. However, organizations often fail to optimize and configure it properly for their environment, leaving them inadvertently exposed.

    Attend this webcast to learn proven techniques that reduce cloud risk, including:

    • Building applications to leverage automation and built-in cloud controls
    • Securing access control and key management
    • Ensuring essential services are running, reachable, and securely hardened
  • A Fresh, New Look for the CMD+CTRL Cyber Range Recorded: Sep 10 2019 35 mins
    Lisa Parcella, VP of Product and Marketing and Elizabeth Xu, CMD+CTRL Product Manager
    After running 300+ customer, community and industry events, Security Innovation has received some great feedback to further enhance our award-winning CMD+CTRL Cyber Range. We’ve taken that feedback and made some major improvements to our newly released CMD+CTRL user interface.

    In this live webinar, we will unveil the new and improved CMD+CTRL platform, showcasing how it provides players with an improved learning environment, and administrators now have maximum control over in-house events.

    The new CMD+CTRL experience includes:
    * Enhanced Gamification Experience
    * Seamless Event Switching
    * Dedicated Player Report Card
    * Admin All-in-One mode
    * Instant Event Setup
    * Event Specific Dashboards

    Join us for a first look at all of the new features our CMD+CTRL Cyber Range has to offer.

    Register today to save your seat!
Securing software in the connected world
In today's connected world, software runs everything - from smart phones to banking applications, cars to home security systems, even refrigerators, garage doors and other every day devices are "connected." Software is everywhere – and unfortunately, it provides the largest attack surface for hackers. We are a cybersecurity company leveraging our deep knowledge of software security to create relevant products and services.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Executive’s Guide to DevSecOps
  • Live at: Apr 22 2020 6:00 pm
  • Presented by: Ed Adams, President and CEO, Security Innovation
  • From:
Your email has been sent.
or close