Hi [[ session.user.profile.firstName ]]

The Role of Security Champion in DevOps

Organizations need Security Champions to help foster security best practices to ensure a security-supportive culture. During this webinar the CSA/SAFECode DevSecOps Working Group wants to share how to build a group of security champions and the characteristics they possess.

During the session we will discuss:
- The Definition of a Security Champion
- Why are Security Champions Needed
- How Security Champions help teams in the organization
- How should an organization go about building a SC Program Strategy?

Joins us as we explore Security Champions and all it entails
Recorded Feb 20 2019 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Kenneth Peeples, Principal Consultant, Red Hat & John Martin, Security Program Manager, Boeing
Presentation preview: The Role of Security Champion in DevOps

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Software Defined Perimeter Architecture Guide Recorded: Oct 1 2019 18 mins
    Jason Garbis
    SDP combines well-proven technical and architectural components to protect networked applications and infrastructure, more efficiently and effectively than with traditional network security tools.
    This document serves to explain SDP, educate readers on its benefits, and encourage its adoption.
  • Application Containers and Microservices: Challenges and Best Practices Recorded: Aug 9 2019 15 mins
    Anil Karmel, Application Containers and Microservices Working Group Co-Chair, CSA & Co-Founder and CEO, C2 Labs
    Application containers and a microservices architecture are being used to design, develop and deploy applications leveraging agile software development approaches such as Development Operations. Security must be embedded into these software development approaches. CSA has recently released two documents that outline the challenges and best practices in securing application containers and microservices to provide guidance on the engineering of trustworthy secure systems through the lens of the Developer, Operator and Architect.

    In this webinar, Anil Karmel, co-chair for the CSA Application Containers and Microservices Working group will cover....
    - define application containers and microservices
    - background on the research and development of the artifacts
    - container security challenges and best practices
    - microservices challenges and best practices
    - overview of the document contents
  • Beyond Cryptocurrency: Blockchain and DLT Use Cases Recorded: Aug 7 2019 7 mins
    Hillary Baron, Program Manager and Research Analyst, CSA
    Thanks to the rise in popularity of Bitcoin cryptocurrency, the innovative technologies of Blockchain and other systems of distributed ledger technology (DLT) have proven their ability to increase security of data during transactions and provide immutable long-term data storage. This document provides several use cases for this DLT technology outside of cryptocurrencies. In this webinar, CSA Research Analyst, Hillary Baron, will provide an overview of the recently released documentation of relevant DLT and blockchain use cases document including...
    - background and explanation of why the document is importance
    - an overview of the document
    - the differences between v1 and v2
    - future research on blockchain/DLT
  • Hackers, Cybercriminals, or Employees - Who Poses the Biggest Threat to the Org? Recorded: Jul 16 2019 58 mins
    Jon-Michael Brook, Principal: Security, Cloud & Privacy at Guide Holdings LLC
    The Top Threats Working Group from the Cloud Security Alliance produces annual research on the biggest risks to cloud environments. The recent Top Threats: Deep Dive publication examines nine recent case study examples of Treacherous Twelve in action. In this webinar, Jon-Michael will cover...
    - The Treacherous Twelve in action – where they fit within the NIST Cyber Risk Framework
    - The Deep Dive case studies and how they may benefit your budget justifications
    - Using the Deep Dive for tabletop compliance exercises
  • Reaching for the STAR (Part 4): CSA GDPR Code of Conduct Recorded: Jul 16 2019 28 mins
    Daniele Catteddu, CTO at CSA & Paolo Balboni PhD., Lawyer and Founding Partner of ICT Legal Consulting
    In this series, “Reaching for the STAR”, we will provide you with insight into the STAR foundation, and how it has evolved into a framework that provides a flexible, incremental and multi-layered cloud provider system that is being recognized as the international certifiable harmonized GRC solution according to CSA’s industry leading security guidance and control objectives. The focus for this particular webinar will be on CSA's GDPR Code of Conduct.

    The CSA Code of Conduct for GDPR Compliance aims to provide CSPs and cloud consumers a solution for GDPR Compliance and to provide transparency guidelines regarding the level of data protection offered by the CSP. In this webinar, you will learn about
    - Changes caused by GDPR
    - Goals, scope, and structure CSA's GDPR Code of Conduct
    - Levels attestation of the Code of Conducts
  • IoT Threats and Vulnerabilities Recorded: Jun 12 2019 44 mins
    Brian Russell, IoT Chair at CSA and Founder of TrustThink & Alon Levin, VP Product Management at VDOO
    The year 2018 saw increased adoption of consumer and enterprise IoT. These IoT products were faced with multiple IoT attack variants: Wicked, OMG Mirai, ADB.Miner, DoubleDoor, Hide 'N Seek and even a Mirai-Variant IoT Botnet used to target the Financial Sector. The major attack in 2018 was VPNFilter, infecting over a half a million devices from a wide range of known vendors. In 2016, an attack of similar magnitude by the infamous Mirai, was major news and caused havoc on the Internet. Today, while such an attack is relatively big, it is not uncommon or unexpected.

    Alon Levin and Brian Russell will examine why many of the new attacks are more advanced compared to what we've seen previously. They will explore today's new attack types and their impacts on emerging IoT technologies. They will discuss the impact of these new sophisticated attack techniques on emerging technologies including autonomous transportation, smart buildings, and collaborative robotics.
  • Reaching for the STAR (Part 2) - Which level is right for me? Recorded: May 24 2019 26 mins
    John DiMaria, Assurance Investigatory Fellow & Alain Pannetrat Senior Researcher and STARwatch Product Manager at CSA
    While CSA STAR is an acronym for Security Trust Assurance and Risk the annotation of STAR runs much deeper. Reaching for the level of STAR is about not limiting how far we can go in achieving the ultimate in transparency, assurance and trust. Not accepting that this higher level of transparency, assurance and trust comes with a higher cost. On the contrary, cost should decrease as security increases.

    The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. They increase the level of assurance by turning their scars into STAR. It’s about reducing complexity, which equals reduced cost, decreased risk and increased security.

    In this series of “Reaching for the STAR”, we will provide you with insight into the STAR foundation, and how it has evolved into a framework that provides a flexible, incremental and multi-layered cloud provider system that is being recognized as the international certifiable harmonized GRC solution according to CSA’s industry leading security guidance and control objectives.

    Learning objectives:
    - Detailed breakdown of the STAR Levels, objective behind each level and decision tree on best practice approach to making the right choice.
  • Reaching for the STAR (Part 1) - Structure, Levels, Purpose and Benefits Recorded: May 22 2019 24 mins
    John DiMaria, Assurance Investigatory Fellow, CSA
    While CSA STAR is an acronym for Security Trust Assurance and Risk the annotation of STAR runs much deeper. Reaching for the level of STAR is about not limiting how far we can go in achieving the ultimate in transparency, assurance and trust. Not accepting that this higher level of transparency, assurance and trust comes with a higher cost. On the contrary, cost should decrease as security increases.

    The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. They increase the level of assurance by turning their scars into STAR. It’s about reducing complexity, which equals reduced cost, decreased risk and increased security.

    In this series of “Reaching for the STAR”, we will provide you with insight into the STAR foundation, and how it has evolved into a framework that provides a flexible, incremental and multi-layered cloud provider system that is being recognized as the international certifiable harmonized GRC solution according to CSA’s industry leading security guidance and control objectives.
    Learning objectives:
    - Market update and trends
    - STAR Program history, breakdown and levels
    - STAR Registry
  • Reaching for the STAR (Part 3) - Multi-Party Recognition Framework Program Recorded: May 16 2019 33 mins
    John DiMaria, Assurance Investigatory Fellow, & Damir Savanovic, Senior Innovation Analyst at CSA
    While CSA STAR is an acronym for Security Trust Assurance and Risk the annotation of STAR runs much deeper. Reaching for the level of STAR is about not limiting how far we can go in achieving the ultimate in transparency, assurance and trust. Not accepting that this higher level of transparency, assurance and trust comes with a higher cost. On the contrary, cost should decrease as security increases.

    The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. They increase the level of assurance by turning their scars into STAR. It’s about reducing complexity, which equals reduced cost, decreased risk and increased security.

    In this series of “Reaching for the STAR”, we will provide you with insight into the STAR foundation, and how it has evolved into a framework that provides a flexible, incremental and multi-layered cloud provider system that is being recognized as the international certifiable harmonized GRC solution according to CSA’s industry leading security guidance and control objectives.

    Learning objectives:
    - Challenges of Certifications Proliferation
    - Key Certification Scheme Components, Methodology and Life Cycle
    - Multiparty Recognition Criteria, Principles and Criteria
  • Build Fast, Secure Well: Automate DevSecOps and Secure Your Cloud Recorded: May 7 2019 50 mins
    Vikram Varakantam, Sr. Director of Product at Lacework
    Automation is key aspect of success in cloud adoption, it can help build faster and deliver continuously at scale. However, it can also make managing security a challenge it not planned well. A strong partnership between DevOps and security - focused on baseline safe configurations and hygiene - can lead to faster innovation and better security.

    Join us for a live webinar with Vikram Varakantam, Sr. Director of Product at Lacework on how cloud security and DevOps teams can come together to forge a more unified DevSecOps model, including:
    ● Fitting security INTO your infrastructure, not IN FRONT of it
    ● Visibility into Use of your Cloud accounts: Securing the cornerstone of your cloud security posture
    ● Operational Configuration Baseline: Baseline your cloud configuration and usage, avoid unintended access that causes serious data leaks
    ● Entity configuration: How best to manage the thousands of entities that are ephemeral and can be a potential risk vector if not used appropriately
  • The Role of Security Champion in DevOps Recorded: Feb 20 2019 47 mins
    Kenneth Peeples, Principal Consultant, Red Hat & John Martin, Security Program Manager, Boeing
    Organizations need Security Champions to help foster security best practices to ensure a security-supportive culture. During this webinar the CSA/SAFECode DevSecOps Working Group wants to share how to build a group of security champions and the characteristics they possess.

    During the session we will discuss:
    - The Definition of a Security Champion
    - Why are Security Champions Needed
    - How Security Champions help teams in the organization
    - How should an organization go about building a SC Program Strategy?

    Joins us as we explore Security Champions and all it entails
  • Zero-Trust and Securely Deploying Medical Devices Recorded: Feb 15 2019 55 mins
    Chris Frenz, AVP of Information Security and Infrastructure at Interfaith Medical Center
    The healthcare sector has been routinely described as lax with the implementation and enforcement of information security controls. In recent years this issue has been highlighted by the numerous attacks targeting healthcare facilities and their devices. Because of this many older devices that remain functional but unpatched have become a liability. This risk goes beyond just a breach vector, it can directly impact human life and give new meaning to the term Denial of Service…
    - What if that infusion pump’s dosage was illegitimately changed or the pacemaker programming made malicious?
    - What if Brickerbot took out a surgical robot or a heart monitor at a critical time?

    In this webinar, Chris Frenz, VP of Information Security and Infrastructure at Interfaith Medical Center, will discuss...
    - OWASP Secure Medical Device Deployment Standard v2
    - Methods to securely deploy medical devices
    - Preventing the compromise of medical devices and mitigating the damage
  • IoT Security: Building Security in from the Start Recorded: Oct 11 2018 64 mins
    Madjid Nakhjiri of Samsung, Aaron Guzman of Aon, and Tal Zarfati of VDOO
    Hear from IoT security experts to get your team on the right track. We’ll discuss:
    - Why is it important to start with a secure hardware foundation for IoT products?
    - What hardware and software security features should you look for in a secure platform?
    - How is penetration testing an IoT product different from traditional IT systems?
    - What lessons can be learned from IoT product penetration testing?
    - What role can automated security analysis play in the product security lifecycle?
    - What can a product team do today to get them on the road to security-by-design?
Exploring the latest research from CSA.
Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Role of Security Champion in DevOps
  • Live at: Feb 20 2019 6:00 pm
  • Presented by: Kenneth Peeples, Principal Consultant, Red Hat & John Martin, Security Program Manager, Boeing
  • From:
Your email has been sent.
or close