Hi [[ session.user.profile.firstName ]]

Securing Microservices in Today’s Fast, Feature-Driven SDLC

Organizations are increasingly relying on microservices to modernize and scale in today’s distributed tech ecosystem. Microservices facilitate continuous delivery and deployment by offering loose coupling through modularity, fault isolation, and resiliency. However, the resulting distributed systems are often complex, with large attack surfaces, making traditional security assessments difficult.

To maintain consistent security levels, teams need to standardize practices and recalibrate assessment techniques. Come learn how industry experts from product security, engineering, and product management integrate risk-based approaches to their software pipeline to release software more confidently.

Topics include:

- Security as a Service: Arming teams with pre-secured libraries, assessment templates, security guidance, and hardened frameworks
- Rapid Risk Assessments: Evolving beyond monolithic SAST/DAST scans towards rapid component analysis
- Modern Vulnerability Management: Optimizing classification systems based on component criticality, business impact potential, and mitigating controls
Live online Dec 8 6:00 pm UTC
or after on demand 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ed Adams | Security Innovation; Claudia Dent | Everbridge; Mark Nesline | Imprivata; Trupti Shiralkar | Datadog
Presentation preview: Securing Microservices in Today’s Fast, Feature-Driven SDLC

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Protect Sensitive Data (and be PCI Compliant, too!) Dec 29 2021 6:00 pm UTC 59 mins
    Kevin Poniatowski, Principal Security Instructor
    Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.

    Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.

    Topics covered:

    • Properly protecting stored cardholder data - encryption, hashing, masking and truncation

    • Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security

    • How to identify and mitigate missing encryption
  • Protect Sensitive Data (and be PCI Compliant, too!) Dec 29 2021 7:30 am UTC 59 mins
    Kevin Poniatowski, Principal Security Instructor
    Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.

    Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.

    Topics covered:

    • Properly protecting stored cardholder data - encryption, hashing, masking and truncation

    • Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security

    • How to identify and mitigate missing encryption
  • The Primary Colors of Cybersecurity: Red, Blue and Purple Teams Dec 22 2021 6:00 pm UTC 59 mins
    Ed Adams, CEO at Security Innovation
    In the military world, Attack (Red) & Defend (Blue) Teams conduct internal “war games” to assess preparedness and resiliency. In the cybersecurity world, they work the same way; however, the joining of forces has produced a new color - purple.

    Typically, these colors existing in the domain of the InfoSec team. But what about teams that build and/or operate IT systems? They tend to be color blind — neither Red nor Blue nor Purple. There’s tremendous value in teaching build and operate teams attack and defend tactics - attend this talk to hear 3 experts explain why.
  • The Primary Colors of Cybersecurity: Red, Blue and Purple Teams Dec 22 2021 7:30 am UTC 59 mins
    Ed Adams, CEO at Security Innovation
    In the military world, Attack (Red) & Defend (Blue) Teams conduct internal “war games” to assess preparedness and resiliency. In the cybersecurity world, they work the same way; however, the joining of forces has produced a new color - purple.

    Typically, these colors existing in the domain of the InfoSec team. But what about teams that build and/or operate IT systems? They tend to be color blind — neither Red nor Blue nor Purple. There’s tremendous value in teaching build and operate teams attack and defend tactics - attend this talk to hear 3 experts explain why.
  • Cloud Application Authentication and Access Control Vulnerabilities Dec 16 2021 8:00 pm UTC 30 mins
    Fred Pinkett, Sr. Director Product Management | Brandon Cooper, Solutions Engineer
    Join us as we dive deep into three common vulnerabilities found in the cloud:

    * Improper identify & access management - It's harder than you think!
    * Failure to use Multi-Factor Authentication - Credential stuffing is still a real problem
    * Improper sensitive information storage - Data Security is *crucial*

    Plus we'll give a live look at the real-world effects of these vulnerabilities using our cloud-focused cyber range.
  • Steal the Attackers Playbook with Purple Teams Dec 9 2021 6:00 pm UTC 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Steal the Attackers Playbook with Purple Teams Dec 9 2021 7:30 am UTC 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Securing Microservices in Today’s Fast, Feature-Driven SDLC Dec 8 2021 6:00 pm UTC 60 mins
    Ed Adams | Security Innovation; Claudia Dent | Everbridge; Mark Nesline | Imprivata; Trupti Shiralkar | Datadog
    Organizations are increasingly relying on microservices to modernize and scale in today’s distributed tech ecosystem. Microservices facilitate continuous delivery and deployment by offering loose coupling through modularity, fault isolation, and resiliency. However, the resulting distributed systems are often complex, with large attack surfaces, making traditional security assessments difficult.

    To maintain consistent security levels, teams need to standardize practices and recalibrate assessment techniques. Come learn how industry experts from product security, engineering, and product management integrate risk-based approaches to their software pipeline to release software more confidently.

    Topics include:

    - Security as a Service: Arming teams with pre-secured libraries, assessment templates, security guidance, and hardened frameworks
    - Rapid Risk Assessments: Evolving beyond monolithic SAST/DAST scans towards rapid component analysis
    - Modern Vulnerability Management: Optimizing classification systems based on component criticality, business impact potential, and mitigating controls
  • Defending Against Live MITRE ATT&CKs Recorded: Nov 30 2021 36 mins
    Kevin Poniatowski, Principal Security Instructor at Security Innovation
    Leveraging a real-world Banking Web site to demonstrate MITRE Attacks, see firsthand how hackers exploit the OWASP Top Ten and other vulnerabilities to break into applications and systems - and learn defensive techniques that can help to immobilize them.
  • Defending Against Live MITRE ATT&CKs Recorded: Nov 30 2021 36 mins
    Kevin Poniatowski, Principal Security Instructor at Security Innovation
    Leveraging a real-world Banking Web site to demonstrate MITRE Attacks, see firsthand how hackers exploit the OWASP Top Ten and other vulnerabilities to break into applications and systems - and learn defensive techniques that can help to immobilize them.
  • Security Upskilling Software Teams: Insights from Microsoft, Atlassian & Intuit Recorded: Nov 24 2021 57 mins
    Ed Adams | Security Innovation; Alex DeDonker | Microsoft; Marisa Fagan | Atlassian; Kim Jones | Intuit
    To meet the demand for feature-rich software, companies rely on emerging technologies and rapid release cycles. However, they often lack confidence in their teams to build and deploy it securely. Leaders need a playbook that goes beyond just training developers on secure coding and reflects how teams want to learn.

    Join this Ed TALKS to hear how three professionals have up-leveled skills at Intuit, Microsoft, and Atlassian and gain insight from benchmark data from Security Innovation’s own expansive user base.
  • Security Upskilling Software Teams: Insights from Microsoft, Atlassian & Intuit Recorded: Nov 24 2021 57 mins
    Ed Adams | Security Innovation; Alex DeDonker | Microsoft; Marisa Fagan | Atlassian; Kim Jones | Intuit
    To meet the demand for feature-rich software, companies rely on emerging technologies and rapid release cycles. However, they often lack confidence in their teams to build and deploy it securely. Leaders need a playbook that goes beyond just training developers on secure coding and reflects how teams want to learn.

    Join this Ed TALKS to hear how three professionals have up-leveled skills at Intuit, Microsoft, and Atlassian and gain insight from benchmark data from Security Innovation’s own expansive user base.
  • Steal the Attackers Playbook with Purple Teams Recorded: Nov 17 2021 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Steal the Attackers Playbook with Purple Teams Recorded: Nov 17 2021 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Reducing Common Cloud Threats in a CI/CD World - A Live Look Recorded: Nov 16 2021 13 mins
    Brandon Cooper, Solutions Engineer, Security Innovation
    The cloud is a valuable enabler of Continuous Integration & Delivery (CI/CD); however, security is often overlooked or left behind completely in such a rapid process. With cloud attacks on the rise, teams need to up their defensive game. But how?

    Attend this session to learn about common cloud threats and mistakes teams often make – and why authentic hands-on, on-demand environments like cyber ranges bring vulnerabilities that are difficult to visualize to life.

    Plus, get a live look at three cloud threats using the InfiniCrate cyber range - a file storage solution built on AWS that reflects the risks of uninformed staff, such as misconfigurations, container flaws, and poor secret management.
  • Risk-Based Testing for IoT Systems Recorded: Nov 15 2021 48 mins
    Ed Adams, CEO of Security Innovation
    IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.

    This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis. 

    About the Speaker
    Ed Adams is a software quality and security expert with over 20 years of experience in the field. He served as a member of the Security Innovation Board of Directors since its inception in 2002 and took over as CEO in 2003. Ed is a Research Fellow at The Ponemon Institute, serves on the board of several IT security organizations, and was named a Privacy by Design Ambassador by the Information and Privacy Commissioner of Canada.
  • Defending Against Live MITRE ATT&CKs Recorded: Nov 12 2021 36 mins
    Kevin Poniatowski, Principal Security Instructor at Security Innovation
    Leveraging a real-world Banking Web site to demonstrate MITRE Attacks, see firsthand how hackers exploit the OWASP Top Ten and other vulnerabilities to break into applications and systems - and learn defensive techniques that can help to immobilize them.
  • Defending Against Live MITRE ATT&CKs Recorded: Nov 12 2021 36 mins
    Kevin Poniatowski, Principal Security Instructor at Security Innovation
    Leveraging a real-world Banking Web site to demonstrate MITRE Attacks, see firsthand how hackers exploit the OWASP Top Ten and other vulnerabilities to break into applications and systems - and learn defensive techniques that can help to immobilize them.
  • Reducing Common Cloud Threats in a CI/CD World Recorded: Nov 8 2021 13 mins
    Brandon Cooper, Solutions Engineer, Security Innovation
    The cloud is a valuable enabler of Continuous Integration & Delivery (CI/CD); however, security is often overlooked or left behind completely in such a rapid process. With cloud attacks on the rise, teams need to up their defensive game. But how?

    Attend this session to learn about common cloud threats and mistakes teams often make – and why cyber ranges bring vulnerabilities that are difficult to visualize to life.

    Plus, get a live look at three cloud threats using the InfiniCrate cyber range - a file storage solution built on AWS that reflects the risks of uninformed staff, such as misconfigurations, container flaws, and poor secret management.
  • Security Upskilling Software Teams: Insights from Microsoft, Atlassian & Intuit Recorded: Nov 3 2021 57 mins
    Ed Adams | Security Innovation; Alex DeDonker | Microsoft; Marisa Fagan | Atlassian; Kim Jones | Intuit
    To meet the demand for feature-rich software, companies rely on emerging technologies and rapid release cycles. However, they often lack confidence in their teams to build and deploy it securely. Leaders need a playbook that goes beyond just training developers on secure coding and reflects how teams want to learn.

    Join this Ed TALKS to hear how three professionals have up-leveled skills at Intuit, Microsoft, and Atlassian and gain insight from benchmark data from Security Innovation’s own expansive user base.
Securing software in the connected world
In today's connected world, software runs everything - from smart phones to banking applications, cars to home security systems, even refrigerators, garage doors and other every day devices are "connected." Software is everywhere – and unfortunately, it provides the largest attack surface for hackers. We are a cybersecurity company leveraging our deep knowledge of software security to create relevant products and services.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Securing Microservices in Today’s Fast, Feature-Driven SDLC
  • Live at: Dec 8 2021 6:00 pm
  • Presented by: Ed Adams | Security Innovation; Claudia Dent | Everbridge; Mark Nesline | Imprivata; Trupti Shiralkar | Datadog
  • From:
Your email has been sent.
or close