Hi [[ session.user.profile.firstName ]]

Protect Sensitive Data (and be PCI Compliant, too!)

Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.

Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.

Topics covered:

• Properly protecting stored cardholder data - encryption, hashing, masking and truncation

• Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security

• How to identify and mitigate missing encryption
Recorded May 7 2020 59 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Kevin Poniatowski, Principal Security Instructor
Presentation preview: Protect Sensitive Data (and be PCI Compliant, too!)

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Are we there, yet? Measuring effectiveness of InfoSec programs Mar 25 2021 4:00 pm UTC 60 mins
    Ed Adams, Security Innovation | Florence Mottay, Ahold Delhaize | Sherron Burgess, BCD Travel | Sandra Dunn, Blue Cross Idaho
    High-performing InfoSec programs are critical to protecting sensitive data, securing systems, and maintaining compliance. However, organizations continuously struggle with the “how are we doing?” question.

    Attend our next EdTalk to learn how to implement key metrics and measurement vehicles to better understand your real security posture.

    Types of Metrics: Implementation, effectiveness, impact
    How do information security investments help further institutional mission and goals?
    What do you measure? And against what?
    Benchmarking: compare vs. other orgs and/or a maturity scale?
    How do we know that we are secure enough?
    Tools to help gather and measure data
    Fool’s Gold/Analysis paralysis - data that is distracting or misleading
    Tapping into hot spots – non-obvious places where data is valuable
    What can I do with this data – ways visualize to present in an effective way
    Metrics traps: industry data breaches, total vulnerabilities
    CISOs metric dashboard – what do you use most regularly versus periodically
    Technical vs. process vs. staff risk
    What “trends” do you look out for?
    What are red herrings versus real red flags?
    Classifying data, asset value,
    Risk rating
    Technical metrics: attack surface, application risk rating, etc.
  • How Do I Increase Security Without Impacting Productivity? Mar 4 2021 9:00 am UTC 60 mins
    Seamus McLaughlin, Senior Solutions Consultant, LogMeIn | Ed Adams, CEO, Security Innovation Inc | Ray Espinoza, CISO, Cobalt
    Welcome to the first episode of The Security Series: Simplify, Secure, Strategise!

    Employee productivity is at the heart of LastPass’ security measures. Having to manually remember passwords and credentials can cause lockouts and resets, causing distractions and reducing working time. According to LastPass, 80% of data breaches can be traced to weak, reused and stolen credentials. Data breaches and poor password management can be detrimental to employee productivity, and is another example of how effective security measures can enhance the work of your employees.

    However, this is not to say that all security measures improve productivity. For example, adding overly complex security solutions can get in the way of employee productivity, and lots of security measures fail to meet user experience demands. Further, it is vital that security efforts are complementary across your organization, providing you with better insights into user behavior.

    How can you implement security strategies that aid employee productivity, rather than hindering it?

    In this session, we will discuss:
    - Securing VPNs, and keeping productivity up amongst remote employees
    - The benefits of an all in one authentication system, as well as a multi factor authentication system
    - How to implement flexible authentication, and what this can do for your security and productivity
  • Aligning Application Security & Compliance Recorded: Feb 26 2021 48 mins
    Ed Adams, President and CEO, Security Innovation
    Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data. However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance.

    This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls. Topics include:

    * Consolidating security and compliance controls
    * Creating application security standards for development and operations teams
    * Identifying and remediating gaps between current practices and industry accepted "best practices”
  • Avoiding Supply Chain Burns, featuring Edna Conway & Octavia Howell Recorded: Feb 24 2021 57 mins
    Ed Adams, Security Innovation | Edna Conway, Microsoft | Octavia Howell, Equifax | Zach Minneker, Security Innovation
    Edna Conway (Microsoft) & Octavia Howell (Equifax) join us for an exclusive panel on avoiding supply chain burns. Supply chain risk is not going away, especially not software updates that fuels the IT-dependent enterprise. The SolarWinds hack has sowed doubts about the fidelity and security of 3rd-party tech. Despite significant damage, some organizations successfully thwarted the attacks despite using the vulnerable SolarWinds Orion appliance – how did they do it and what can we learn from it.

    This Ed TALK brings respected cybersecurity and supply chain experts together to discuss what companies that build and use technology can do to protect themselves in this increasingly partner dependent world.

    Topics include:
    Knowing your ingredients – SBOMs (software bill of materials)
    I spy – can we detect or prevent “tainted” software updates
    Walking the walk – let’s talk effective defense-in-depth, incidence response, network segmentation, and “zero-trust”
    Avoiding the recency trap – risk rating threats to avoid knee-jerk reactions
    Robots to the rescue – can AI be the solution to real-time threat intelligence?
  • Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps Recorded: Feb 12 2021 62 mins
    Joe Basirico, SVP of Engineering at Security Innovation
    A replay of one of our most popular talks from the fall of 2020.

    This talk will help you, as a decision maker or architect, to understand the risks of migrating a thick client or traditional web application to the modern web. In this talk I’ll give you tools and techniques to make the migration to the modern web painless and secure so you can mitigate common pitfalls without having to make the mistakes first. I’ll be doing demos, and telling lots of stories throughout.

    Making some good architectural decisions up front can help you:

    - Minimize the risk of data breach
    - Protect your user’s privacy
    - Make security choices easy the easy default for your developers
    - Understand the cloud security model
    - Create defaults, policies, wrappers, and guidance for developers
    - Detect when developers have bypassed security controls
  • REPLAY: Fast-Tracking Software Assurance Recorded: Feb 4 2021 60 mins
    Ed Adams, Security Innovation | Sasha Rosenbaum, DevOps Days | Sebastien Deleersnyder, Toreon | Dinis Cruz, Glasswall
    Software teams regularly deal with rapid release cycles, dozens of technologies, and relentless threats. They generally want to incorporate security ways but are often unsure how (or why.)

    Regardless of the development process, there are common security activities and tools that need to be assimilated. In this edition of Ed TALKS, a panel of three industry experts provide practical tips on improving maturity and making security a natural part of software development.

    Topics include:
    - Practical automation throughout development and delivery
    - How to motivate your team to care about security
    - Assessing and benchmarking your SDLC maturity
    - Not so fast: Activities to automate or skip at your own risk

    Our panelists include:
    Sasha Rosenbaum: Product Manager, GitHub
    Throughout her career, Sasha has worked in development, operations, consulting, and cloud architecture. Sasha is an organizer of DevOpsDays Chicago, a chair of DeliveryConf, and a published author.

    Sebastien Deleersnyder: Founder, Toren
    Sebastien is the project leader for the OWASP SAMM maturity framework. He is a well-known instructor and threat modeling advocate. Earlier in his career, he served as a security architect for large telcos, banks, and logistics firms.

    Dinis Cruz: CTO and CISO, Glasswall
    Dinis is a well-known software security leader. He served on the OWASP board of directors for six years, has trained thousands of people globally, and has written books on cybersecurity and modern software development.
  • Training Techies on Security: It’s Not Rocket Science Recorded: Jan 29 2021 43 mins
    Lisa Parcella, VP of Training Products
    When it comes to getting technical audiences to buy into training, success is all about relevance and interest. If it doesn’t prepare them for the specific security battles they face, they’ll tune it out.

    Recent Ponemon research* shows that realistic simulation training and tying training to a learner’s job function are the most effective ways to build skills and improve an organization’s Security Effectiveness Score (SES). By utilizing hands-on training methods in a familiar technical environment, learners can enumerate security risks in a native context. More importantly, it’s the most effective way to measure staff risk and stockpile talent.

    This talk discusses methods to train technical audiences in order to create engagement, lasting behavior change, and, dare I say, enjoyment.
  • [Panel] Improving Email Security for the Remote Workforce Recorded: Jan 21 2021 60 mins
    Peter Jones; Rodrigo Araujo; Ed Adams and Benn Morris
    Despite the recent rise of workplace chat and instant messaging apps as a result of the pandemic and the shift to remote working, email continues to be the primary method of business communication for many organizations. Email is also still very commonly used by attackers. In fact, according to Verizon's Data Breach Investigations Report, around 96% of phishing attacks arrive by email. What can enterprises do to strengthen email security in 2021?

    Join this panel of security experts and industry leaders to learn more about:
    - New and persisting email security threats
    - What's at stake and what organizations can do to better protect their employees and data
    - Phishing fears and employee training in COVID times- Addressing business email compromise attacks- Best practices and solutions for protecting the enterprise from email-based threats
  • Training Techies on Security: It’s Not Rocket Science Recorded: Jan 19 2021 44 mins
    Lisa Parcella, VP of Training Products
    When it comes to getting technical audiences to buy into training, success is all about relevance and interest. If it doesn’t prepare them for the specific security battles they face, they’ll tune it out.

    Recent Ponemon research* shows that realistic simulation training and tying training to a learner’s job function are the most effective ways to build skills and improve an organization’s Security Effectiveness Score (SES). By utilizing hands-on training methods in a familiar technical environment, learners can enumerate security risks in a native context. More importantly, it’s the most effective way to measure staff risk and stockpile talent.

    This talk discusses methods to train technical audiences in order to create engagement, lasting behavior change, and, dare I say, enjoyment.
  • Fast-Tracking Software Assurance Recorded: Jan 13 2021 61 mins
    Ed Adams, Security Innovation | Sasha Rosenbaum, DevOps Days | Sebastien Deleersnyder, Toreon | Dinis Cruz, Glasswall
    Software teams regularly deal with rapid release cycles, dozens of technologies, and relentless threats. They generally want to incorporate security ways but are often unsure how (or why.)

    Regardless of the development process, there are common security activities and tools that need to be assimilated. In this edition of Ed TALKS, a panel of three industry experts provide practical tips on improving maturity and making security a natural part of software development.

    Topics include:
    - Practical automation throughout development and delivery
    - How to motivate your team to care about security
    - Assessing and benchmarking your SDLC maturity
    - Not so fast: Activities to automate or skip at your own risk

    Our panelists include:
    Sasha Rosenbaum: Product Manager, GitHub
    Throughout her career, Sasha has worked in development, operations, consulting, and cloud architecture. Sasha is an organizer of DevOpsDays Chicago, a chair of DeliveryConf, and a published author.

    Sebastien Deleersnyder: Founder, Toren
    Sebastien is the project leader for the OWASP SAMM maturity framework. He is a well-known instructor and threat modeling advocate. Earlier in his career, he served as a security architect for large telcos, banks, and logistics firms.

    Dinis Cruz: CTO and CISO, Glasswall
    Dinis is a well-known software security leader. He served on the OWASP board of directors for six years, has trained thousands of people globally, and has written books on cybersecurity and modern software development.
  • Blended Learning in 2020: An Optimistic View on Software Security Recorded: Dec 22 2020 42 mins
    Chad Holmes, Product Marketing Manager
    Software security education is a difficult challenge, particularly when coupled with an inability to attend conferences, participate in local chapter meetings, and interact with experienced mentors on a routine basis. Despite these challenges, new learners have quickly adapted and found success by coupling new Cyber Range technologies with proven Instructor Led and Computer Based Training (ILT, CBT) educational methods.

    Join us as our team recaps a year of advancements, lessons learned and future plans for software security training.
  • Software Security Trends 2021: What to start doing, keep doing & stop doing Recorded: Dec 15 2020 52 mins
    Ed Adams, CEO of Security Innovation
    Software runs our world and remains the target of countless attacks. Conversely, securing software continues to challenge too many organizations due to expansive stakeholders, complex tech stacks, and rapidly increasing adoption of 3rd-party code.

    New approaches are needed, from process improvements to assessment techniques to skills development. Join me as I examine trends I’ve seen in software security that may provide food for thought for those who want to reduce software risk pragmatically.

    - We need to start doing: Taking more threat-, risk-, and attack-based approaches
    - We need to keep doing: Shifting security left AND right, building security champions, and embracing Software Composition Analysis (SCA)
    - We need to stop doing: Making the same mistakes, underestimating how challenging (and different) the cloud is, and relying too much on SAST/DAST tools
  • EdTALK: Paying it Forward – Securing Technology in the Payment Ecosystem Recorded: Nov 19 2020 63 mins
    Ed Adams-Security Innovation, Kara Gunderson-CITGO, Ira Winkler-Skyline Technology, Phil Agcaoili-Ponemon Institute Fellows
    The payment ecosystem is a complex one that is exposed from multiple points: Data interception, identify theft, and other attacks primarily target insecure software, APIs, and communication protocols that are difficult to lock down.

    To secure data within the payment infrastructure retailers, software providers, financial institutions, and device manufacturers need to implement risk-based practices. Come hear three industry experts - Kara Gunderson (CITGO) and Ira Winkler (author, "You Can Stop Stupid"), Phil Agcaoili (Ponemon Institute Fellows) - discuss how to do this in a practical manner.

    Topics include:

    • Biggest threats and common attack vectors
    • Dealing with POS (point of sale) systems
    • End to End encryption – is it even possible?
    • Managing software updates
    • Passing with A’s: Authentication, Authorization & Access
  • Email Security in the Age of Remote Work Recorded: Oct 15 2020 61 mins
    Jo Peterson, Clarify 360; Dr Richard Ford, Cyren; Geoff Vaughan, Security Innovation & Mariana Pereira, Darktrace
    There are an estimated 1.5 billion people working remotely due to COVID-19 and email is one of the ways businesses are communicating and staying connected with customers, employers and vendors. Ransomware, phishing and email exploits are continuing to rise. According to Security Magazine, over 96% of all security attacks begin with an email.

    Today’s panel will focus on:
    - the current state of email security and tools,
    - best practices for email safety, resilience planning, brand protection and thoughts on training
  • Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps Recorded: Oct 14 2020 63 mins
    Joe Basirico, SVP of Engineering at Security Innovation
    This talk will help you, as a decision maker or architect, to understand the risks of migrating a thick client or traditional web application to the modern web. In this talk I’ll give you tools and techniques to make the migration to the modern web painless and secure so you can mitigate common pitfalls without having to make the mistakes first. I’ll be doing demos, and telling lots of stories throughout.

    Making some good architectural decisions up front can help you:

    - Minimize the risk of data breach
    - Protect your user’s privacy
    - Make security choices easy the easy default for your developers
    - Understand the cloud security model
    - Create defaults, policies, wrappers, and guidance for developers
    - Detect when developers have bypassed security controls
  • Cyber Attack Trends & Threat Forecast for 2021 Recorded: Oct 12 2020 60 mins
    Eric Adams, Kyriba; Roland Dobbins, NETSCOUT; Ed Adams, Security Innovation;Jeff Foresman, Digital Hands;Bryson Bort, SCYTHE
    So far, 2020 has been a challenging year for everyone. COVID-19 and the push for a more remote workforce have left many organizations vulnerable to the risk of a cyber attack. With IT and security teams struggling with the challenges created by remote access attackers are rushing in to capitalize on the chaotic environments created by the pandemic. 

    Application security is becoming increasingly important. According to the Verizon 2020 DBIR, there has been an increase in cyber attacks on web applications, both in terms of percentage and in the raw number of breaches.

    So, what else is on the horizon for 2021?

    Join this panel of security experts and industry leaders to learn more about:
    - The COVID-19 impact on organizations and trends in recent cyber attacks
    - Phishing, ransomware, DDoS and other cyber threats
    - Why web applications are a top target for attackers
    - Lessons from the front-lines and recommendations for dealing with a cyber attack
    - What organizations need to prepare for in 2021
    - How best to enable teams and secure the enterprise
  • Cloudy at the Breach: Your Software, Your Data, Your Loss Recorded: Oct 6 2020 61 mins
    Panelists: Satish Janardhanan, Accenture; Nazira Carlage, Salesforce.com; and Vlad Joanovic, Microsoft
    The use of cloud services and infrastructure continues to skyrocket. Meanwhile, the proliferation of turn-key SaaS solutions makes it compelling for enterprises to use cloud-based software. Organizations are spinning up servers and databases in minutes, moving their applications to take advantage of CSP scalability, and mistakenly assuming they are immediately more secure.

    There’s no doubt the cloud can deliver on the promises of improved scalability, availability, and security; however, consumers need to do their part. Come listen to 3 experts debate data and software security in the cloud. Topics include:
    • Key considerations - new skills, migration challenges, compliance implications
    • Unwanted surprises - misconfigurations, application rewrites, open data buckets
    • Attack vectors - how they impact data flow and storage models
    • Sunnier days - must-do’s for securing cloud software
  • It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb Recorded: Sep 1 2020 60 mins
    Ed Adams, CEO, Security Innovation
    With the proliferation of COTS, Open Source Software, libraries, frameworks, APIs, and other components, modern software is increasingly assembled instead of coded from scratch. While this shift helps deliver feature-rich solutions and interoperability, it also introduces risk and data security challenges.

    To manage 3rd-party risks, new assessment and mitigation techniques are needed. Fixing the code is often impossible, pen testing can be limiting, and patching still leaves you exposed.     

    Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals, including:

    JOHN MASSERINI
    Global CISO, Millicom (Tigo) Telecommunications
    An industry-recognized leader, John has decades of experience providing Information Security services to multinational organizations in diverse verticals. He is a prolific author and speaker and previously served as CISO for MIAX Options Exchange and Dow Jones.

    CHARISSE CASTAGNOLI
    General Counsel & Manager, Instapay Flexible LLC
    Charisse has over 30 years of experience in the IT industry. She combines her technology expertise with security and legal skills to help organizations meet their security and compliance needs. She is an adjunct Professor of Law at John Marshall Law School.

    FRED PINKETT
    Product Director, Absorb Software
    Fred is a technology expert with 20+ years of experience in the SaaS, Cloud, and cybersecurity fields. Throughout his career, he has worked closely with engineering and marketing teams to bring high-quality and secure products to the market.

    Join us the hear these experts debate the following topics:
    - Conducting software composition analysis (SCA)
    - Assessing threats and impacts
    - Risk-rating your inventory
    - Selecting the right controls
  • Back to Basics: The importance of security principles in technical roles Recorded: Jul 16 2020 63 mins
    Ed Adams, CEO, Security Innovation
    Principle-based approaches have long been at the core of “traditional” engineering disciplines. However, when it comes to building software and IT systems, best practices around encryption, access control, and authorization are often lackluster. The ability to understand and apply security concepts is essential to protecting today’s digital business.

    Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals whose collective experience spans Fortune 500 technology, financial services, and medical device industries.

    JOSHUA CORMAN
    Founder of I Am the Cavalry (dot org). His approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security.

    UMA CHANDRASHEKHAR
    Leader of the Global Information Product Security function at Alcon. She holds several patents in information security, privacy, and reliability and was an invited council member of the U.S. Federal Communications Commission’s Security, Reliability, and Interoperability Council (CSRIC).

    MARK MERKOW
    CISSP, CISM, CSSLP. A prolific author and advocate for building security into the SDLC with software-quality and security activities, tools, processes, and education.

    Topics to be discussed:

    * Why and for whom are security principles important?
    * Have principles become a lost art form, or did they never really take off?
    * What is the most underutilized principle? Does it vary based on tech stack and deployment?

    FREE GIVEAWAY
    We'll also be raffling off three copies of Mark Merkow's latest book "Secure, Resilient, and Agile Software Development" during the webinar.
  • The PCI Secure Software Life Cycle Standard (SLC) Recorded: Jun 3 2020 60 mins
    Kevin Poniatowski, Principal Security Instructor
    Securing payment software, transactions and data

    The PCI SLC outlines security requirements and assessment procedures to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data. It provides payment software vendors with nine control objectives that set the stage for secure and repeatable development. These controls are very likely to become requirements for all in the future.

    Join this webcast to understand how to:

    • Identify and mitigate common threats and vulnerabilities defined in the PCI Secure SLC standard
    • Build an environment for secure software development, change control, and management
    • Improve communications for secure deployment, configuration and software updates
    • Document and demonstrate evidence of compliance to validate your practices
Securing software in the connected world
In today's connected world, software runs everything - from smart phones to banking applications, cars to home security systems, even refrigerators, garage doors and other every day devices are "connected." Software is everywhere – and unfortunately, it provides the largest attack surface for hackers. We are a cybersecurity company leveraging our deep knowledge of software security to create relevant products and services.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Protect Sensitive Data (and be PCI Compliant, too!)
  • Live at: May 7 2020 6:00 pm
  • Presented by: Kevin Poniatowski, Principal Security Instructor
  • From:
Your email has been sent.
or close