Name: Ed TALKS: Scaling AppSec – Getting Tools to Perform
Start: 2022-06-29T17:00:00Z
End: 2022-06-29T17:01:00.000Z
Location: BrightTALK
Rating: 4.7

Bureau Veritas Cybersecurity is your expert partner in cybersecurity. We help organizations identify risks, strengthen defenses and comply with cybersecurity standards and regulations. Our services cover people, processes and technology, ranging from awareness training and social engineering to security advice, compliance and penetration testing.  We operate across IT, OT and IoT environments, supporting both digital systems and connected products. With over 300 cybersecurity professionals worldwide, we combine deep technical expertise with a global presence.  Bureau Veritas Cybersecurity is part of the Bureau Veritas Group, a global leader in testing, inspection and certification.  

Healthcare Cybersecurity: Protecting Patients, Systems & Data
Cyber threats in healthcare are growing more severe, with real-world impacts on patient safety, operational continuity, and data integrity. This session examines today’s most urgent risks—and offers practical, expert-backed solutions.

Featured Experts
Esmond Kane is CISO at Advarra and a veteran cybersecurity executive with over 20 years of experience in healthcare, research, and education. He has led security programs at Harvard, Mass General Brigham, and Steward Health Care, and serves on advisory boards helping organizations manage cyber risk.

Joseph Davis, Customer Security Officer at Microsoft, brings 30+ years of experience spanning medicine, entrepreneurship, and cybersecurity leadership. He advises healthcare leaders on secure cloud adoption, AI governance, and compliance, drawing from past CISO roles at Covidien and Sensata.

Frank Sinatra, CISO and VP of IT at University Hospital, has 25+ years of experience in healthcare, insurance, and professional services. He leads cybersecurity strategy and compliance efforts and is a Certified Information Security Manager with deep expertise in security architecture and cloud governance.

Topics We’ll Cover
- Ransomware: How attacks disrupt care, delay treatment, and expose patient data
- IoMT Vulnerabilities: Securing connected devices lacking modern protections
- Compliance vs. Security: Bridging the gap between evolving threats and outdated frameworks like HIPAA
- Supply Chain Risks: Preventing cascade failures from third-party breaches
- OT Threats: Addressing cyber risks that affect physical systems and patient safety
- Join us for a critical discussion on strengthening healthcare’s cyber resilience—and protecting those who rely on it most.

EdTalks - Securing Healthcare - The Cyber Threats Putting Patient Safety at Risk

Most organizations only start thinking about the security of their Industrial Control Systems (ICS) after a compromise or government mandate, but this reactive approach often leads to costly operational disruptions and potential equipment damage, even injuries or fatalities. This webinar will explore the critical need for proactive security measures to protect ICS environments. Securing ICS environments is particularly challenging as these systems are critical to round-the-clock operations and cannot be easily taken offline for patching, updating, or upgrading. This webinar is designed for security professionals and industrial controls experts who want to learn how to effectively threat model and secure their ICS environments, rather than waiting until a compromise occurs.

Attendees will learn the following:
- Overview of a simple ICS network architecture
- Threat modeling an ICS environment
- Teams involved in ICS environment operations and security
- Implementing security measures to mitigate and capture ICS environment intrusions
- Aligning security controls with the IEC 62443 industrial cybersecurity standards

Meet the Speaker
Josue Alvarez-DeGolia is a Security Engineer at Bureau Veritas Cybersecurity (formerly Security Innovation), where he conducts application security assessments, secure code reviews, and network vulnerability simulations. A U.S. Navy veteran and former submarine nuclear operator, Josue brings a systems-thinking mindset shaped by experience in military operations, power generation, investment banking, and business consulting. His cybersecurity work spans AWS security, ICS/SCADA penetration testing, and hardware threat modeling. He was part of the winning team at the DEF CON 32 ICS CTF, and combines technical depth with business acumen to help clients protect complex, high-risk systems.

Threat Modeling Essentials: A Strategic Approach to Mitigating ICS Cyber Risks

Most organizations only start thinking about the security of their large language models (LLMs) once the model is already developed and deployed. However, this reactive approach often leads to costly retrofitting, unexpected vulnerabilities, and missed opportunities to build security in from the ground up.

This webinar takes a different approach, guiding security professionals and LLM developers on how to address security concerns at every stage of the LLM development lifecycle. Rather than waiting until the end, we will explore the security implications and best practices for securing LLMs during the critical phases of project inception, data curation, model architecture, training at scale, evaluation, post-improvements, and API integration.

By adopting a proactive security mindset, attendees will learn how to:
• Align security assessments with the intended use cases and model requirements during the scoping phase
• Mitigate risks like data poisoning, backdooring, and adversarial prompting throughout the development process
• Ensure training stability and model integrity through techniques like checkpointing, weight decay, and gradient clipping
• Evaluate LLM performance while preventing manipulation of benchmark datasets and evaluators
• Implement access controls, data leakage prevention, and other security measures during fine-tuning and API integration

Attendees will leave this webinar with a comprehensive understanding of how to weave security into every step of the LLM lifecycle, empowering them to build more secure and trustworthy AI systems from the start. This proactive approach is crucial for organizations looking to stay ahead of evolving security threats and deliver LLM-powered solutions with confidence.

Securing the LLM Development Lifecycle: A Proactive Approach

"We run annual e-learnings and phishing simulations twice a year, yet employees still click...” Or: “We had 15% fewer clicks this year—proof that our awareness materials work... right?”

Security awareness alone isn’t enough. If you truly want to reduce human risk, you need to go deeper—into human behavior, decision-making, and psychology.
Join us for an eye-opening session on how to design security awareness, behavior, and culture programs that actually change behavior—not just check the box. We’ll explore how psychological principles can help move from passive awareness to active prevention.

In this webinar, you’ll learn:
- Why many well-intentioned phishing simulations fall short—and what to do differently?
- How psychological resistance keeps employees from preventing physical unauthorized access—and how to create engagement?

Whether you're a security leader, awareness program manager, or behavior change enthusiast, this session will give you fresh tools to rethink how you drive secure behavior in your organization.

About The Speaker

After researching the psychological impact of ransomware attacks, Lucas developed a strong focus on behavior change within information and cybersecurity. He has designed and implemented security awareness, behavior, and culture programs across various sectors.

Lucas takes a behavioral approach to human risk—recognizing that effective security interventions are never one-size-fits-all. His work ranges from custom target group programs to launching multimedia campaigns using behavior change techniques and providing live training sessions. In addition, Lucas has extensive hands-on experience with social engineering—ranging from email and voice phishing to a strong focus on physical social engineering. He believes human risk management is still in its early stages and strongly advocates for tailored, user-centered strategies.

Human Risk Management: From Fatigue to Engagement

Join us for the upcoming webinar, "Golden Rules for Industrial Cybersecurity: Assessment & Asset Protection," featuring cybersecurity expert Anna Prudnikova. This session will cover key principles of industrial cybersecurity, including frameworks such as IEC 62443 and NIST CSF, as well as the importance of asset visibility and risk-based assessments. The discussion will address common challenges, such as bridging the gap between compliance and actual security and overcoming implementation hurdles in industrial environments. Attendees will gain insights into best practices for risk assessment, mitigation strategies, and a structured approach to cybersecurity compliance.

In addition, we will examine real-world OT cyber-physical incidents in the U.S., such as 2021 Colonial Pipeline attack, which highlighted vulnerabilities in industrial control systems and the impact of ransomware on critical infrastructure. The session will conclude with an interactive Q&A and case studies showcasing successful security strategies.

This webinar is ideal for industrial cybersecurity professionals, compliance officers, and asset managers looking to strengthen their cybersecurity posture and learn from real-world incidents.

Golden Rules for Industrial Cybersecurity

Join us for this EdTALKS, where industry leaders will dissect the security challenges of IIoT, share real-world insights, and explore strategies to balance innovation with risk management.

What You’ll Learn:
• Key vulnerabilities in industrial supply chains and IIoT ecosystems
• Best practices for securing digital energy technologies
• The role of SBOMs (Software Bill of Materials) in mitigating cyber threats
• Strategies for improving resilience across critical infrastructure

Panelists:

Cassie Crossley
VP Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.” She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, and data privacy.

Emma Stewart
Director, Center for Securing Digital Energy Technology, Idaho National Laboratory
With over 15 years in power systems and cybersecurity for critical infrastructure, Emma leads efforts in cyber-physical resilience for emerging energy technologies, ensuring responsible cloud usage and digital transformation.

Josh Corman
An Executive in Residence for Public Safety & Resilience at the Institute for Security and Technology (IST), where he leads a new initiative on the resilience of lifeline basic human needs: water and wastewater, emergency medical care and hospital services, food supply chains, and power. Josh founded I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, director of the Atlantic Council’s Cyber Statecraft Initiative, and in leadership roles at PTC, Sonatype, Akamai, IBM, and the 451 Group.

EdTALKS - Cybersecurity in Industrial IoT (IIoT) – Navigating the  Modernization Paradox

As organizations accelerate cloud adoption, cyber threats targeting cloud environments are evolving at an alarming pace. In Cloud Security Threats 2025, Security Innovation’s Cloud Center of Excellence Lead, Rohitanshu Singh, provides a deep dive into the latest threats, vulnerabilities, and defensive strategies that will define cloud security in the coming year.
This session begins by analyzing key cloud adoption trends, focusing on the shift toward multi-cloud and hybrid environments. We’ll examine real-world breaches—such as the Snowflake attack—to uncover how adversaries exploit misconfigurations, weak identity controls, and emerging attack techniques to compromise cloud assets.

Attendees will gain insights into the top cloud security threats of 2025, including:
- API security risks and supply chain vulnerabilities
- IAM misconfigurations and privilege escalation tactics
- Ransomware-as-a-Service and AI-driven attack methodologies
- Insider threats and mismanaged cloud workloads

Through interactive discussions and security simulations, participants will learn how to mitigate these threats using Zero Trust security models, AI-powered threat detection, and best practices for securing cloud workloads.
The webinar concludes with expert predictions on the future of cloud security, regulatory shifts, and a strategic roadmap to enhance cloud resilience.

Rohitanshu has been working in information security for over a decade, accumulating deep expertise in securing
multi-cloud environments across a plethora of industries and technology stacks. He leads our Cloud Center of
Excellence, which conducts ongoing research on emerging cloud threats, attacks, and deployment strategies.

Join us to stay ahead of emerging cloud threats and fortify your organization’s cloud security posture for 2025 and beyond.
Register now to secure your spot!

Cloud Security Threats 2025

The rapid rise of IoT devices has transformed industries but also exposed critical security vulnerabilities. To address these risks, the U.S. government introduced the US Trust Mark, a voluntary certification aimed at enhancing IoT security and building consumer trust.

Join this webinar to explore:
• The key security requirements of the US Trust Mark
• How certification helps IoT manufacturers stand out and gain consumer confidence
• The challenges and opportunities in implementing the Trust Mark

Meet the Experts:
Grace Burkard, Director of Operations, ioXt Alliance
Grace leads ioXt’s global efforts in establishing standardized security requirements for IoT devices. She collaborates with key stakeholders, regulatory bodies, and industry leaders to drive adoption of best security practices. With a passion for privacy and compliance, she plays a pivotal role in improving transparency and trust in the connected device ecosystem.

Michael Beine, Business Unit Manager, Bureau Veritas
With over 20 years in the Testing, Inspection, and Certification (TIC) industry, Michael specializes in cybersecurity for IoT and industrial automation. He has developed testing frameworks for connected devices and serves as a cybersecurity auditor under the IEC 62443 standard. His expertise spans wireless technologies, networked systems, and regulatory compliance in global markets. 

Geoffrey Vaughan, Director, Security Engineering, Security Innovation
Geoff leads Security Innovation’s IoT Center of Excellence, researching emerging threats in connected systems. His team develops tools and methodologies to assess vulnerabilities in embedded devices, web and mobile applications, and communication protocols. A frequent speaker at global conferences, he translates complex security risks into actionable strategies for businesses and developers.

The US Trust Mark: Using Cybersecurity to Differentiate your IoT products

In the wake of high-profile cyberattacks in 2024, such as those targeting the NHS, CrowdStrike, and 23andMe, organizations are reevaluating their preparedness for full-scale cyber crises. A recent survey revealed that 74% of CISOs plan to increase budgets for crisis simulation exercises in 2025, highlighting the critical need for realistic, hands-on crisis management training.

Our upcoming webinar, "Where Cybersecurity Crisis Management Meets Incident Response," addresses this pressing concern by offering insights into integrating technical responses with strategic crisis frameworks. You'll gain practical knowledge to enhance your organization's resilience against sophisticated cyber threats.

Meet the Speaker: Luke Fletcher
Principal Consultant & Team Lead, International Crisis Management & Incident Response
With over 15 years of global experience in crisis management, operational resilience, and business continuity, Luke has dedicated much of his career to leading crisis management at Direct Line Group, a major financial services firm. He also has deep expertise in the industrial sector, helping organizations design and implement crisis management procedures and cybersecurity crisis exercises.

Luke specializes in building internal crisis response capabilities, facilitating scenario-based training, and ensuring organizations are prepared for high-profile cybersecurity incidents. His insights will equip you with actionable strategies to enhance your crisis readiness.

What You’ll Learn:
✔ How to transition from reactive cyber incident response to proactive crisis management
✔ Best practices for aligning cybersecurity teams with leadership for coordinated decision-making
✔ How to integrate proven crisis management frameworks into your cyber response strategy
✔ Real-world case studies showcasing effective (and ineffective) crisis responses
✔ Practical steps to strengthen resilience, minimize impact, and maintain business continuity

Where Cybersecurity Crisis Management Meets Incident Response

In this webinar on AI Cyber Risks, Ralph Moonen, a principal security consultant at Secure, provides a comprehensive overview of the cybersecurity risks associated with artificial intelligence (AI). The presentation begins by defining AI and explaining its underlying technologies, such as neural networks, before delving into the specific risks AI poses, including data leakage, reputational damage, and the potential for AI to generate harmful or misleading outputs. Monaghan also discusses how threat actors are leveraging AI for malicious purposes, such as social engineering and developing exploits. The talk covers best practices for mitigating these risks, including threat modeling, testing AI models, and implementing AI usage policies. Additionally, Monaghan highlights the importance of understanding prompt injections and how AI systems can be manipulated. The webinar concludes with a discussion on global regulations and ethical guidelines for AI, emphasizing the need for robust security measures as AI continues to evolve.

AI Cyber Risks

In a rapidly evolving digital landscape, cybersecurity has emerged as a critical domain, demanding skilled professionals to safeguard sensitive information and combat cyber threats. Recently, we had the privilege of delving into the insightful review of Ed Adams’ book, ‘See Yourself in Cyber: Security Careers Beyond Hacking.’

This engaging discussion not only explored the challenges and opportunities within the cybersecurity industry but also provided valuable insights into the evolving nature of cybersecurity careers and strategies for success. Join us as we recap the highlights, from breaking misconceptions to promoting diversity and inclusion, and discover how individuals can thrive in this dynamic and ever-changing field.

Inside the Pages of "See Yourself in Cyber": An Author Q&A with Ed Adams

Software continues to run the modern enterprise, and while it has the potential to drive innovation it can also introduce vulnerability. Rapid release cycles often prioritize features over security and hackers are adapting their tactics to target distributed software applications that are increasingly accessible.

Security teams can’t single-handedly address this dynamic threatscape, so organizations must rethink how to strengthen security resiliency. Software teams are on the front lines in preventing vulnerabilities, but to build resilient applications they need to be equipped with security awareness and intimate knowledge of architecture, integration points, and deployment environments.

Topics covered include:

- Root causes of prominent software-borne breaches
- Taking inventory of teams (and going beyond developers)
- Building essential awareness - security principles, attack vectors, and threats
- Being early to the (3rd) party – mitigating API, open-source, and cloud risk

Building Security from Within: Empowering Software Teams for Cyber Resilience

Baking security into applications earlier in the software development lifecycle has become the mantra of the enterprise today, with software development and security teams working closely together to ensure more secure coding throughout the development process to ensure safer and more secure applications. But what about mobile apps?

In this webinar, experts will discuss strategies to integrate security tasks across all phases of the mobile app development lifecycle: design, development, and regular testing, with the goal of finding and fixing vulnerabilities or issues efficiently in the dev process. You will also get advice on how to employ tools and practices to support your dev and security teams in this new generation of collaboration for more secure software development for your organization's mobile apps.

- Explore what a “shift left” requires of both development and security teams
- Get advice on how to put security first without stifling software innovation
- Find out about the emerging role of AI in DevSecOps

Presented live by featured speakers Dr. Jason Clark and Dinesh Shetty, Moderated by Becky Bracken.

DevSecOps for Mobile App Development

Modern software development demands a balance between speed, efficiency, and security. DevOps, the fusion of development and operations, aims to achieve this balance by optimizing the software development process for rapid delivery. While the successful integration of security practices empowers organizations to ensure systems remain resilient, many companies have been reluctant to move to DevSecOps, fearing it will be complex and time-consuming.

In this webinar, we explore best practices for seamlessly integrating security into DevOps to ensure that software development doesn't compromise security in its quest for speed.

Join us as we discuss:
- Driving collaboration between Development and Operations
- Customized Policies & Governance for awareness and adherence
- Managing Third-party risk
- Eliminating Bottlenecks
- Upleveling Skills to Empower Teams
- Leveraging risk-based assessments and threat modeling to guide the DevSecOps process

Still Developing Software the Old Way? Best Practices for Migrating to DevSecOps

When it comes to keeping technical audiences apprised of security challenges, success is all about relevance and interest. Simulation training and tying training to a learner’s job function are emerging as some of the most effective ways to help learners retain knowledge. By utilizing hands-on training methods that immerse users into the technical environment they encounter daily, one can enumerate security risks in a context that is both familiar and engaging. This talk discusses methods to create engagement, lasting behavior change, and, dare we say, enjoyment for your technical workers.

Join us for a webinar with The Training Industry, where your host, Ed Adams, author and CEO of Security Innovation, and Michael Hendrickson, former vice president of technology and development products at Skillsoft, will discuss what thought leaders are saying about growing threats and the importance of good cybersecurity hygiene, as well as the most effective training methods for technical audiences in 2024. Skip the guesswork and get ahead with up-to-date methods and insights — you’ll be glad you did.

Our interactive webinar will provide you with valuable insights on:

- The Power of Relevance in Security Training: Discover why tailoring cybersecurity training to an individual’s job function leads to better knowledge retention.
- Engagement Through Simulation Training: Learn about the effectiveness of immersive, hands-on simulation training for technical audiences.
- Creating Lasting Behavior Change: Explore methods to engage technical teams in cybersecurity hygiene, resulting in lasting behavior change and enhanced security.
- Industry Insights and Trends for 2024: Gain knowledge on growing security threats and the most effective and up-to-date training methodologies for 2024.

Training Techies on Security: It’s Not Rocket Science!

DevOps is often characterized as a mindset shift, but that undermines the critical cogs that actually make it work - the people, technology, and processes.

Ed TALKS: Movers & Shakers in DevSecOps

On top of the usual threats inherent to IT networks, applications, and cloud services, the complexity of medical devices creates a massive and distributed attack surface. Compounding the challenge are long-life expectancy and third-party dependency.

Attend this panel to hear healthcare security experts discuss the anatomy of medical devices, how to design them with human safety in mind, and how to make a shared security responsibility model a reality.

Specific topics include:

• The Prescription - security measures the FDA and others are demanding
• The Skeleton - the rickety infrastructure healthcare runs on
• The Brains - is SaMD (Software as a Medical Device) the new world norm?
• The DNA - what Software Bill of Materials (SBOMs) tell us about risk
• The Immune System - why traditional IT defenses struggle to protect patients
• The X-Rays - the need for new surveillance techniques

Ed TALKS Modernizing Medical Device Security: A New Perspective on Old Practices

While traditional assessment techniques like pen testing and scanning are effective at catching issues before software is deployed, they are simply not scalable given today’s accelerated releases. To release software with confidence, organizations need to address their core issue – people & process gaps.   

This webcast will demonstrate how implementing core security activities into your SDLC and augmenting with role-specific training will yield more self-defending software. Topics include:

- Today’s software security landscape and challenges
- Breaking the Find & Fix hamster wheel
- Fusing activities (the what) and skills (the how) to amplify risk reduction

People & Processes: The Yin and the Yang of Software Security

Join Mathieu Gorge, CEO of Vigitrust, and three esteemed co-authors for an Ed Talks to discuss the best-selling book "The Cyber Elephant in the Boardroom" - a real-world playbook for cybersecurity approaches and accountability. This dynamic panel will explore how businesses have adapted to an increasingly digital landscape, why cloud security is critical for application safety today, tips for incorporating robust protection into any coding process and delve into the implications of potential cyber risk at boardroom levels.

The Panelists:

Mathieu Gorge, an internationally acclaimed cybersecurity expert, is the founder and CEO of VigiTrust, a risk management company. With his prolific work in this field recognized by Forbes - authoring 'The Cyber Elephant In The Boardroom' - he's set to release his second book due out summer of 2023!

Cathy C. Smith is a leading authority in the DX space, pushing boundaries and driving innovation through her experience with major global organizations such as Deutsche Bank and Dell. She is the founder of Women in Tech NJ & NY. Her book "How to Become a Digital Leader" provides insights on leading organizations into emerging technologies that remain future-proofed for success.

Nick Vigier is a highly esteemed cybersecurity expert with extensive knowledge and experience in the field. He has been a CIO or CISO at many successful companies, including Talend, Sony, and Gemini. His vast knowledge makes him the go-to expert for media outlets looking to understand the ever-changing security landscape.

Ed Adams is a leading software quality and security authority, offering over two decades of expertise. As President & CEO of Security Innovation, creator & host of 'Ed TALKS' and board member for Cyversity – he's established himself as an industry thought leader with invaluable insights to share.

Ed TALKS: The Cyber Elephant in the Boardroom

Overwhelmed by this year's industry predictions? Take back your time and avoid forecast fatigue as our industry experts have combed through the top reports to uncover essential insights and shed light on the best, and the worst, Cloud Security predictions for 2023.

Join our three industry experts as they de-bunk some of the top predictions and offer their own. Featuring research from the Cloud Security Alliance, our diverse panel of published authors will provide a deeper understanding of what to focus on for this year – including bonus “dark horses”!

The ‘Can’t Miss’ Panel:

Shira Rubinoff: A top cybersecurity influencer with 20,000+ LinkedIn followers; an entrepreneur, executive, board member, and advocate for women in cyber.   

John Yeoh: The VP of Research at the world’s leading organization dedicated to defining best practices to help secure cloud computing environments.

Matthew Rosenquist: A trusted, respected CISO highly sought after as a conference keynote speaker, strategic advisor, and educator.

Ed TALKS: Keep Your Head in the Cloud | The Uncensored Security Forecast

In recent years the cybersecurity industry enjoyed high valuations, rapid growth, and the creation of many ‘unicorns.’ However, the industry has also had its fair share of overhyped expense/debt-laden companies. Cybersecurity investors have pumped the brakes with a global economic slowdown and generational inflation. Path-to-profitability has quickly become a paramount metric, once de-prioritized for growth, often despite massive losses.

This Ed TALKS will feature diverse perspectives from a cybersecurity investment banker, entrepreneur/executive, and venture capitalist.  Attend to hear how today’s technology and investment trends are changing the way we operate in cybersecurity and get expert advice on:

• Challenges of running a VC/PE-backed cybersecurity company
• Valuation calibration and investment appetite
• Metrics to watch closely, stress, or de-emphasize
• ‘Red herrings’ cyber leaders need to avoid chasing

Ed TALKS: Cybersecurity M&A – True Tales From All Sides

The modern enterprise is highly dependent on the cloud and software-driven systems. To protect them, teams need relatable training that reflects the technologies they work with. Otherwise, they’ll tune it out.  

Recent Ponemon Institute research shows that realistic simulation training tied to a specific job function is the most effective way to prepare teams for the battles they’ll face. By utilizing hands-on training in a familiar environment, teams can enumerate security risks in a native context. 

Come learn the strategies of three security & technology leaders to up level skills of various  audiences, create engagement, and drive lasting behavior change.

Ed TALKS: How to Train IT Teams for Security

Data security is always top-of-mind for cybersecurity executives; however, emerging technology and attack developments will pose new risk to the data we try to secure.

Come hear how 3 leaders approach dynamic threats of the 20's, including:

• Tech Temperature – Hot or cold? 
- Artificial Intelligence 
- 5G: too dense and fast for its own good? 
- Applied Crypto: Blockchain, NFTs, and de-centralized trust
- Quantum computing

• Intrinsic Dependencies
- Cloud: expansion or evaporation?
- Passwords, authentication, biometrics 

• Changing Attack Landscape

Ed TALKS: Keeping Secrets – The Future Threats to Data are Here

Got D&I on your mind? You should.

It’s a scientific fact that diverse teams make better decisions, operate more profitably, and are more innovative problem solvers. The cybersecurity talent shortage is a crisis, yet the diversity gap is stark with women and minorities, and we haven’t figured out how to cultivate this talented pool.

Find out how it’s done – from experts who have succeeded and have dedicated themselves to the cause.

Featuring fresh research from The Ponemon Institute, this panel will discuss the state of D&I in cybersecurity, including:

• Trends and other data that highlight disparity
• What roadblocks (still) exist and strategies to blast them out of the way
• Where and how to find untapped talent and how
• How globally recognized organizations have successfully built D&I programs

Hope you can join us as we band together to advance D&I in cybersecurity.

Ed TALKS: Diversity & Inclusion in Cybersecurity – Reaping the Rewards

2022 kicks off on the heels of Log4j and other soft spots of our technology underbelly. These warts on our security playbooks highlight the importance of supply chain and software diligence. Join 3 security experts as they discuss Ed’s thoughts on 2022 and what industry analysts predicted (right and wrong).

• Third-Party Breaches - increased attacks on both the vendors’ products and the enterprise ecosystem, driving the need for Software Bills of Materials (SBOMs).

• Cloud & API Risk - both will be used much more than they are understood from a security perspective, leading to a “dark cloud” of misconfigurations and data leaks.

• Evolving Responsibilities, Org Charts and Titles - knowledge continues to be pushed into technical teams, whilst security and risk-based decisions move closer towards the Board of Directors.

Security’s Three-Ring Circus: Cloud, Supply Chain, and Staff

Organizations are increasingly relying on microservices to modernize and scale in today’s distributed tech ecosystem. Microservices facilitate continuous delivery and deployment by offering loose coupling through modularity, fault isolation, and resiliency. However, the resulting distributed systems are often complex, with large attack surfaces, making traditional security assessments difficult.  

To maintain consistent security levels, teams need to standardize practices and recalibrate assessment techniques. Come learn how industry experts from product security, engineering, and product management integrate risk-based approaches to their software pipeline to release software more confidently.  

Topics include: 

- Security as a Service: Arming teams with pre-secured libraries, assessment templates, security guidance, and hardened frameworks
- Rapid Risk Assessments: Evolving beyond monolithic SAST/DAST scans towards rapid component analysis
- Modern Vulnerability Management: Optimizing classification systems based on component criticality, business impact potential, and mitigating controls

Ed TALKS: Securing Microservices in Today’s Fast, Feature-Driven SDLC

To meet the demand for feature-rich software, companies rely on emerging technologies and rapid release cycles.  However, they often lack confidence in their teams to build and deploy it securely.  Leaders need a playbook that goes beyond just training developers on secure coding and reflects how teams want to learn.   

Join this Ed TALKS to hear how three professionals have up-leveled skills at Intuit, Microsoft, and Atlassian and gain insight from benchmark data from Security Innovation’s own expansive user base.

Ed TALKS: Security Upskilling Software Teams

The enterprise of things (EoT) encompasses all the "things" that get pulled into an enterprise's infrastructure. Not just IoT but also operational technology, office endpoints, WFH devices, and more. The 2020 rush to work-from-home, the proliferation of 5G, and an increased dependency on personal devices are burdening  IT with a more diverse attack surface and devices that don't conform to corporate standards. 

Leaders need to adjust their cyber-risk-mitigation playbooks. Come listen to three industry experts discuss this hostile ecosystem and the defenses they've put in place to adapt.

Topics include: 
- Securing the software that runs the Enterprise of Things
- Managing risk in corporate networks where IP is no longer isolated
- Evolving techniques in attack surface management and threat modeling
- Practical tips for minimizing IoT data leaks and adopting zero trust
- Managing device decay and non-standard configurations

Are IoT & BYOD dead? Why today we live with the Enterprise of Things

Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend.  This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.    

Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach.  This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.

Steal the Attackers Playbook with Purple Teams

Attitudes toward privacy have an amazingly broad spectrum.  Laws like CCPA and GDPR are forcing organizations to build privacy programs, but their robustness varies significantly based on geography, industry, and consumer views. Counter forces of IT Security, Data Breaches, and IoT put privacy at risk every day.  Come listen to 3 industry experts discuss privacy in the context of today’s digital world. They will discuss the organizational impacts of privacy, compliance drivers, and the difference between data security and data privacy.  

Topics include: 
 • Impacts of emerging technologies (5G, Artificial Intelligence, etc.) on privacy programs
 • How the WFH movement has changed corporate privacy and security strategies
 • Findings from the recent study "Privacy and Security in a Digital World” by The Ponemon Institute
 • The battle between security and privacy (corporate, law enforcement, compliance, personal) 
 • Practical tips on how to protect both privacy and data security

Ed TALKS: Privacy in a Gossipy, Digital World

High-performing InfoSec programs are critical to protecting sensitive data, securing systems, and maintaining compliance. However, organizations continuously struggle with the “how are we doing?” question.

Attend our next Ed Talk to learn how to identify key metrics and implement measurement vehicles to understand your real security posture.

* Benchmarking: What do you measure? And against what?

* Analysis Paralysis: What to do with the results and avoiding misleading and distracting data

* Metric Traps: Red flags versus red herrings

Are we there, yet? Measuring effectiveness of InfoSec programs

Edna Conway (Microsoft) & Octavia Howell (Equifax) join us for an exclusive panel on avoiding supply chain burns. Supply chain risk is not going away, especially not software updates that fuels the IT-dependent enterprise. The SolarWinds hack has sowed doubts about the fidelity and security of 3rd-party tech.  Despite significant damage, some organizations successfully thwarted the attacks despite using the vulnerable SolarWinds Orion appliance – how did they do it and what can we learn from it.

This Ed TALK brings respected cybersecurity and supply chain experts together to discuss what companies that build and use technology can do to protect themselves in this increasingly partner dependent world.

Topics include:
Knowing your ingredients – SBOMs (software bill of materials)
I spy  – can we detect or prevent “tainted” software updates
Walking the walk –  let’s talk effective defense-in-depth, incidence response, network segmentation, and “zero-trust”
Avoiding the recency trap – risk rating threats to avoid knee-jerk reactions  
Robots to the rescue – can AI be the solution to real-time threat intelligence?

Ed TALKS: SolariGate – Avoiding Supply Chain Burns

Software teams regularly deal with rapid release cycles, dozens of technologies, and relentless threats. They generally want to incorporate security ways but are often unsure how (or why.) 

Regardless of the development process, there are common security activities and tools that need to be assimilated.  In this edition of Ed TALKS, a panel of three industry experts provide practical tips on improving maturity and making security a natural part of software development.   

Topics include:
- Practical automation throughout development and delivery
- How to motivate your team to care about security
- Assessing and benchmarking your SDLC maturity
- Not so fast: Activities to automate or skip at your own risk 

Our panelists include:
Sasha Rosenbaum: Product Manager, GitHub
Throughout her career, Sasha has worked in development, operations, consulting, and cloud architecture. Sasha is an organizer of DevOpsDays Chicago, a chair of DeliveryConf, and a published author.

Sebastien Deleersnyder: Founder, Toren
Sebastien is the project leader for the OWASP SAMM maturity framework. He is a well-known instructor and threat modeling advocate.  Earlier in his career, he served as a security architect for large telcos, banks, and logistics firms.
 
Dinis Cruz: CTO and CISO, Glasswall
Dinis is a well-known software security leader. He served on the OWASP board of directors for six years, has trained thousands of people globally, and has written books on cybersecurity and modern software development.

Ed TALKS: Fast-Tracking Software Assurance, Making Security Part of Software Dev

The payment ecosystem is a complex one that is exposed from multiple points: Data interception, identify theft, and other attacks primarily target insecure software, APIs, and communication protocols that are difficult to lock down. 

To secure data within the payment infrastructure retailers, software providers, financial institutions, and device manufacturers need to implement risk-based practices.  Come hear three industry experts - Kara Gunderson (CITGO) and Ira Winkler (author, "You Can Stop Stupid"), Phil Agcaoili (Ponemon Institute Fellows) - discuss how to do this in a practical manner.

Topics include:

• Biggest threats and common attack vectors
• Dealing with POS (point of sale) systems
• End to End encryption – is it even possible?
• Managing software updates
• Passing with A’s: Authentication, Authorization & Access

Ed TALKS: Paying it Forward – Securing Technology in the Payment Ecosystem

The use of cloud services and infrastructure continues to skyrocket. Meanwhile, the proliferation of turn-key SaaS solutions makes it compelling for enterprises to use cloud-based software.  Organizations are spinning up servers and databases in minutes, moving their applications to take advantage of CSP scalability, and mistakenly assuming they are immediately more secure. 

There’s no doubt the cloud can deliver on the promises of improved scalability, availability, and security; however, consumers need to do their part. Come listen to 3 experts debate data and software security in the cloud. Topics include:

• Key considerations - new skills, migration challenges, compliance implications
• Unwanted surprises - misconfigurations, application rewrites, open data buckets
• Attack vectors  - how they impact data flow and storage models
• Sunnier days -  must-do’s for securing cloud software

Ed TALKS: Cloudy at the Breach – Your Software, Your Data, Your Loss

With the proliferation of COTS, Open Source Software, libraries, frameworks, APIs, and other components, modern software is increasingly assembled instead of coded from scratch. While this shift helps deliver feature-rich solutions and interoperability, it also introduces risk and data security challenges.

To manage 3rd-party risks, new assessment and mitigation techniques are needed. Fixing the code is often impossible, pen testing can be limiting, and patching still leaves you exposed.     

Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals, including:

JOHN MASSERINI
Global CISO, Millicom (Tigo) Telecommunications
An industry-recognized leader, John has decades of experience providing Information Security services to multinational organizations in diverse verticals. He is a prolific author and speaker and previously served as CISO for MIAX Options Exchange and Dow Jones.  

CHARISSE CASTAGNOLI
General Counsel & Manager,  Instapay Flexible LLC
Charisse has over 30 years of experience in the IT industry.   She combines her technology expertise with security and legal skills to help organizations meet their security and compliance needs.  She is an adjunct Professor of Law at John Marshall Law School.    

FRED PINKETT
Product Director, Absorb Software
Fred is a technology expert with 20+ years of experience in the SaaS, Cloud, and cybersecurity fields.   Throughout his career, he has worked closely with engineering and marketing teams to bring high-quality and secure products to the market.

Join us the hear these experts debate the following topics:
- Conducting software composition analysis (SCA) 
- Assessing threats and impacts
- Risk-rating your inventory
- Selecting the right controls

Ed TALKS: It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb

Principle-based approaches have long been at the core of “traditional” engineering disciplines. However, when it comes to building software and IT systems, best practices around encryption, access control, and authorization are often lackluster. The ability to understand and apply security concepts is essential to protecting today’s digital business.

Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals whose collective experience spans Fortune 500 technology, financial services, and medical device industries. 

JOSHUA CORMAN
Founder of I Am the Cavalry (dot org). His approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. 

UMA CHANDRASHEKHAR
Leader of the Global Information Product Security function at Alcon. She holds several patents in information security, privacy, and reliability and was an invited council member of the U.S. Federal Communications Commission’s Security, Reliability, and Interoperability Council (CSRIC).

MARK MERKOW
CISSP, CISM, CSSLP. A prolific author and advocate for building security into the SDLC with software-quality and security activities, tools, processes, and education. 

Topics to be discussed:

* Why and for whom are security principles important? 
* Have principles become a lost art form, or did they never really take off?
* What is the most underutilized principle? Does it vary based on tech stack and deployment?

FREE GIVEAWAY
We'll also be raffling off three copies of Mark Merkow's latest book "Secure, Resilient, and Agile Software Development" during the webinar.

Ed TALKS: Back to Basics: The Imp. of Security Principles in Technical Roles

Ed TALKS

Modern application design and the continued adoption of DevOps expand the scope of automated security testing and push tools to the limit. Simultaneously, complex platforms like IoT and Blockchain require more specialized tools and skills.

With software applications being more assembled than coded, and cloud CI/CD accelerating release, it’s time to sunset some legacy tools and consider new ones.

Come hear how product and application security professionals plan to scale software securely in 2022.

• The traditionalists: SAST, DAST, IAST
• Replacement players: SCA, API & container security, etc.
• New Kids on the Block: IaC, cloud native, fuzz
• Limitations, pitfalls, and best practices

Ed TALKS: Scaling AppSec – Getting Tools to Perform

Application Security

Application Delivery

Scaling

DevOps

Application Development

Application Lifecycle Management

CICD

Software Development

IoT Security

Cloud Native

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Ed TALKS: Scaling AppSec – Getting Tools to Perform

Presented by

About this talk

Bureau Veritas Cybersecurity