Name: Are we there, yet? Measuring effectiveness of InfoSec programs
Start: 2021-03-25T16:00:00Z
End: 2021-03-25T16:59:31.000Z
Location: BrightTALK

In today's connected world, software runs everything - from smart phones to banking applications, cars to home security systems, even refrigerators, garage doors and other every day devices are "connected." Software is everywhere – and unfortunately, it provides the largest attack surface for hackers.  We are a cybersecurity company leveraging our deep knowledge of software security to create relevant products and services.

Modern application design and the continued adoption of DevOps expand the scope of automated security testing and push tools to the limit. Simultaneously, complex platforms like IoT and Blockchain require more specialized tools and skills.

With software applications being more assembled than coded, and cloud CI/CD accelerating release, it’s time to sunset some legacy tools and consider new ones.

Come hear how product and application security professionals plan to scale software securely in 2022.

• The traditionalists: SAST, DAST, IAST
• Replacement players: SCA, API & container security, etc.
• New Kids on the Block: IaC, cloud native, fuzz
• Limitations, pitfalls, and best practices

Ed TALKS: Scaling AppSec – Getting Tools to Perform

Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend.  This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.    

Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach.  This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.

Steal the Attackers Playbook with Purple Teams

Leveraging a real-world Banking Web site to demonstrate MITRE Att&cks, see firsthand how hackers exploit the OWASP Top Ten and other vulnerabilities to break into applications and systems - and learn defensive techniques that can help to immobilize them.

Defending Against Live MITRE ATT&CKs

The new CMD+CTRL Base Camp training modernizes and up-skills the cybersecurity talent of your entire organization – not just those nearest to the code. Please Join Fred Pinkett, Sr Director of Product Management at Security Innovation for a sneak peek of CMD+CTRL Base Camp: A completely new learning system that blends courses, labs and cyber ranges into a single individualized streamlined learning experience.

Meet the New CMD+CTRL Base Camp: Training that Goes Beyond the Code

Leveraging a real-world Banking Web site to demonstrate MITRE Attacks, see firsthand how hackers exploit the OWASP Top Ten and other vulnerabilities to break into applications and systems - and learn defensive techniques that can help to immobilize them.

To reduce application security risk, organizations must provide training to their software teams on how to build, deploy and operate applications more securely. There is a myriad of options and training modalities to consider. Attend this webinar, and you will learn what you need to consider to build an application security training program that will be engaging, enjoyable, and effective.

The What, How, and Why of Software Security Training

Data security is always top-of-mind for cybersecurity executives; however, emerging technology and attack developments will pose new risk to the data we try to secure.

Come hear how 3 leaders approach dynamic threats of the 20's, including:

• Tech Temperature – Hot or cold? 
- Artificial Intelligence 
- 5G: too dense and fast for its own good? 
- Applied Crypto: Blockchain, NFTs, and de-centralized trust
- Quantum computing

• Intrinsic Dependencies
- Cloud: expansion or evaporation?
- Passwords, authentication, biometrics 

• Changing Attack Landscape

Ed TALKS: Keeping Secrets – The Future Threats to Data are Here

While Threat Modeling is an incredibly useful process in determining the level of risk associated with an application, it can also be an intimidating process. In this webinar, Kevin will be performing a short threat model of a feature in one of our CMD+CTRL applications known as Shadowbank. This demonstration will guide new Threat Modeling practitioners into bypassing some of the difficulties Kevin experienced when creating threat models years ago. It will also give those new to the process an understanding of how Threat Modeling can be a beneficial addition to their SDLC.

We'll cover topics such as:
- Enumerating Assets, Roles, and Inputs
- Finding the Correct Scope of the Threat Model
- Enumerating Threats
- Quantifying Risk & Prioritizing Fixes

30-Minute Threat Model

Got D&I on your mind? You should.

It’s a scientific fact that diverse teams make better decisions, operate more profitably, and are more innovative problem solvers. The cybersecurity talent shortage is a crisis, yet the diversity gap is stark with women and minorities, and we haven’t figured out how to cultivate this talented pool.

Find out how it’s done – from experts who have succeeded and have dedicated themselves to the cause.

Featuring fresh research from The Ponemon Institute, this panel will discuss the state of D&I in cybersecurity, including:

• Trends and other data that highlight disparity
• What roadblocks (still) exist and strategies to blast them out of the way
• Where and how to find untapped talent and how
• How globally recognized organizations have successfully built D&I programs

Hope you can join us as we band together to advance D&I in cybersecurity.

Ed TALKS: Diversity & Inclusion in Cybersecurity – Reaping the Rewards

2022 kicks off on the heels of Log4j and other soft spots of our technology underbelly. These warts on our security playbooks highlight the importance of supply chain and software diligence. Join 3 security experts as they discuss Ed’s thoughts on 2022 and what industry analysts predicted (right and wrong).

• Third-Party Breaches - increased attacks on both the vendors’ products and the enterprise ecosystem, driving the need for Software Bills of Materials (SBOMs).

• Cloud & API Risk - both will be used much more than they are understood from a security perspective, leading to a “dark cloud” of misconfigurations and data leaks.

• Evolving Responsibilities, Org Charts and Titles - knowledge continues to be pushed into technical teams, whilst security and risk-based decisions move closer towards the Board of Directors.

Security’s Three-Ring Circus: Cloud, Supply Chain, and Staff

Join us as we dive deep into three common vulnerabilities found in the cloud:

* Improper identify & access management - It's harder than you think!
* Failure to use Multi-Factor Authentication - Credential stuffing is still a real problem
* Improper sensitive information storage - Data Security is *crucial*

Plus we'll give a live look at the real-world effects of these vulnerabilities using our cloud-focused cyber range.

Cloud Application Authentication and Access Control Vulnerabilities

High-performing InfoSec programs are critical to protecting sensitive data, securing systems, and maintaining compliance. However, organizations continuously struggle with the “how are we doing?” question.

Attend our next Ed Talk to learn how to identify key metrics and implement measurement vehicles to understand your real security posture.

* Benchmarking: What do you measure? And against what?

* Analysis Paralysis: What to do with the results and avoiding misleading and distracting data

* Metric Traps: Red flags versus red herrings

Are we there, yet? Measuring effectiveness of InfoSec programs

Information Security

Cyber Defence

Application Security

Security Awareness

Secure Cloud

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Are we there, yet? Measuring effectiveness of InfoSec programs

Presented by

About this talk

More from this channel