Hi [[ session.user.profile.firstName ]]

The Benefits of DevOps for Financial Services Organizations

Please join Checkmarx for a live webinar on the benefits of Devops for financial services organizations.

Today, financial service organizations build software dramatically different than just 10 years ago. New development models deliver software faster than ever before to meet changing consumer demands, maximize operational efficiency and drive digital transformation. It’s simply no longer an option to deliver software that hasn’t been tested for security throughout the development process. The risks are too great.
During this webinar, Checkmarx Global Director of Strategy, Matt Rose, will review specific steps financial organizations can take to address security in the software they create and how to build more secure applications at the start of the software development lifecycle (SDLC).
Recorded Sep 25 2019 40 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Matthew Rose, Director of Application Security Strategy
Presentation preview: The Benefits of DevOps for Financial Services Organizations

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Simplify the Automation of Application Security Testing Sep 1 2020 5:00 pm UTC 19 mins
    Ken McDonald, Principal Development Lead, Checkmarx Technical Services Team
    Simplifying the Secure SDLC

    The main goal of any application security testing program is to reduce enterprise risk without hindering software release cycles, which is best achieved through thoughtful planning and implementation of security testing automation. However, this often remains an obstacle for many organizations today.
    To address this issue, Checkmarx recently announced the availability of an orchestration module called CxFlow for the Checkmarx Software Security Platform that tightly integrates with application release orchestration and agile planning tools.
    Implementing CxFlow:
    • Enables automated scanning earlier in the code management process by integrating directly into source control management systems or CI/CD tools
    • Improves operational ‘flow’ of secure software development and delivers more actionable vulnerability findings
    • Allows organizations to improve the security of their software without interrupting developer workflows

    Join Ken McDonald as he walks through CxFlow, demonstrating how it offers end-to-end automation - from scanning to ticketing, seamless integration with the modern development ecosystem, and centralized management.
  • Simplify the Automation of Application Security Testing Aug 26 2020 11:00 am UTC 19 mins
    Ken McDonald, Principal Development Lead, Checkmarx Technical Services Team
    Simplifying the Secure SDLC

    The main goal of any application security testing program is to reduce enterprise risk without hindering software release cycles, which is best achieved through thoughtful planning and implementation of security testing automation. However, this often remains an obstacle for many organizations today.
    To address this issue, Checkmarx recently announced the availability of an orchestration module called CxFlow for the Checkmarx Software Security Platform that tightly integrates with application release orchestration and agile planning tools.
    Implementing CxFlow:
    • Enables automated scanning earlier in the code management process by integrating directly into source control management systems or CI/CD tools
    • Improves operational ‘flow’ of secure software development and delivers more actionable vulnerability findings
    • Allows organizations to improve the security of their software without interrupting developer workflows

    Join Ken McDonald as he walks through CxFlow, demonstrating how it offers end-to-end automation - from scanning to ticketing, seamless integration with the modern development ecosystem, and centralized management.
  • Simplify the Automation of Application Security Testing Aug 26 2020 6:00 am UTC 19 mins
    Ken McDonald, Principal Development Lead, Checkmarx Technical Services Team
    The main goal of any application security testing program is to reduce enterprise risk without hindering software release cycles, which is best achieved through thoughtful planning and implementation of security testing automation. However, this often remains an obstacle for many organizations today.
    To address this issue, Checkmarx recently announced the availability of an orchestration module called CxFlow for the Checkmarx Software Security Platform that tightly integrates with application release orchestration and agile planning tools.
    Implementing CxFlow:
    • Enables automated scanning earlier in the code management process by integrating directly into source control management systems or CI/CD tools
    • Improves operational ‘flow’ of secure software development and delivers more actionable vulnerability findings
    • Allows organizations to improve the security of their software without interrupting developer workflows

    Join Ken McDonald as he walks through CxFlow, demonstrating how it offers end-to-end automation - from scanning to ticketing, seamless integration with the modern development ecosystem, and centralized management.
  • AST for Securing DevOps Aug 19 2020 6:00 pm UTC 30 mins
    Matthew Rose, Director of Application Security Strategy
    Automation and DevOps have changed the way organizations deliver products. The shift towards DevOps made it pretty clear that companies are adopting this organizational model in order to facilitate a practice of automated software deployment. While the traditional idea of a “software release” dissolves away into a continuous cycle of service and delivery improvements, organizations find that their traditional application security solutions are having a hard time to adapt to the new process and security becomes an inhibitor to the complete process.

    In this session, you’ll learn how different organizations adopted security into their DevOps processes. What obstacles need to be addressed when introducing AppSec to DevOps and when should Sec be added to DevOps?

    Join us to:
    - Discover which obstacles should be expected and how to overcome them
    - Understand what functionality is key to enable real automation of your AppSec program
    - Explore the benefits of having security as part of your DevOps automation (what’s in it for me)?
  • Without the Fluff: SCA in the Real World Recorded: Aug 13 2020 46 mins
    Susan St. Clair, Technical Services Engineer at Checkmarx
    You already know half the story: your developers are using open source and software composition analysis (SCA) to find and fix associated vulnerabilities. Lack of visibility and remediation puts your software and your data at risk. But, to know the full story, you need to be able to visualize the experience of incorporating an SCA solution into your AppSec program. How does one secure software without complicating development workflows and causing implementation headaches? This is the difficult part of the story... cutting through the fluff to get real and honest insight.

    See what it’s like to:
    • Generate an accurate inventory of the open source libraries being used by your development teams
    • Automate analysis and inject security risk insight directly into your secure SDLC or CI/CD pipelines.
    • Clearly understand vulnerabilities in direct and transitive dependencies
    • Reduce the noise (false positives) in SCA results and prioritize remediation of actual risks
    • Perform SAST (static analysis) and SCA scans from your build pipeline and/or source code repo
  • Without the Fluff: SCA in the Real World Recorded: Aug 13 2020 46 mins
    Susan St. Clair, Technical Services Engineer at Checkmarx
    You already know half the story: your developers are using open source and software composition analysis (SCA) to find and fix associated vulnerabilities. Lack of visibility and remediation puts your software and your data at risk. But, to know the full story, you need to be able to visualize the experience of incorporating an SCA solution into your AppSec program. How does one secure software without complicating development workflows and causing implementation headaches? This is the difficult part of the story... cutting through the fluff to get real and honest insight.

    See what it’s like to:
    • Generate an accurate inventory of the open source libraries being used by your development teams
    • Automate analysis and inject security risk insight directly into your secure SDLC or CI/CD pipelines.
    • Clearly understand vulnerabilities in direct and transitive dependencies
    • Reduce the noise (false positives) in SCA results and prioritize remediation of actual risks
    • Perform SAST (static analysis) and SCA scans from your build pipeline and/or source code repo
  • Without the Fluff: SCA in the Real World Recorded: Jul 23 2020 47 mins
    Susan St. Clair, Technical Services Engineer at Checkmarx
    You already know half the story: your developers are using open source and software composition analysis (SCA) to find and fix associated vulnerabilities. Lack of visibility and remediation puts your software and your data at risk. But, to know the full story, you need to be able to visualize the experience of incorporating an SCA solution into your AppSec program. How does one secure software without complicating development workflows and causing implementation headaches? This is the difficult part of the story... cutting through the fluff to get real and honest insight.

    See what it’s like to:
    • Generate an accurate inventory of the open source libraries being used by your development teams
    • Automate analysis and inject security risk insight directly into your secure SDLC or CI/CD pipelines.
    • Clearly understand vulnerabilities in direct and transitive dependencies
    • Reduce the noise (false positives) in SCA results and prioritize remediation of actual risks
    • Perform SAST (static analysis) and SCA scans from your build pipeline and/or source code repo
  • An AppSec Awareness Program for Developers: The Critical Steps to Success Recorded: Jul 22 2020 60 mins
    James Hofsiss DLT; Kurt Risley Checkmarx, Stephen Gates Checkmarx
    Today, agencies are striving to improve their application security programs, while at the same time, not slowing down the development, delivery, and deployment of their software applications. Can a balance be achieved between security and an organization’s (or agency’s) daily business requirements? We know it’s possible.

    Application Security (AppSec) Awareness Programs that are specifically focused on the development community are vastly needed. The statistics demonstrate that without an agency-wide program, vulnerabilities will still make their way into your applications, making them ripe for exploitation.

    However, many agencies are still not sure where to get started, the milestones they need to achieve along the way, the KPIs they need to track, and how to measure the success or failure of their program. Considering this predicament, this educational video should help you achieve your AppSec goals.

    In this webinar, we will:
    • Explain the kinds of ad-hock programs that exist in many agencies today
    • Provide details of what a modern Awareness Program looks like
    • Discuss the four key areas that must be addressed before starting
    • Highlight the best way to organize your approach and setup
    • Emphasize how to kick-start and launch your Awareness Program
    • Clarify the assessment process and ways to continuously improve

    (ISC)², Inc. members will earn 1 Hour CPE credit by completing this webinar.
  • A Better Approach for Agencies to Put Security in DevOps Recorded: Jul 22 2020 60 mins
    Matthew Rose, Global Director Application Security Strategy, Checkmarx •Nick Sinai, Former US Deputy CTO, The White House •
    The recent shift towards DevOps makes it clear that Public agencies are moving forward with adopting this operational model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, agencies find that their conventional approaches to software security are having a difficult time adapting to this new approach, since security is often viewed as an inhibitor to this new model.

    Learn how different Public agencies are beginning to embed security into their DevOps initiatives and find out what barriers need to be addressed in order to effectively achieve what the industry calls: DevSecOps.

    Join us to:
    •Discover why AST solutions must be capable of being completely automated within the tooling that is already in use within DevOps.
    •Learn how to ensure vulnerabilities in custom code, open-source, and run-time risks are identified and remediated early in an automated fashion.
    •Explore the benefits of integrating automation into DevOps, resulting in improved quality, accuracy, security, and speed of delivered software.

    Speaker information:
    •Matthew Rose, Global Director Application Security Strategy, Checkmarx
    •Nick Sinai, Former US Deputy CTO, The White House
    •Rick Stewart, Chief Software Technologist, DLT
  • OWASP Testing Guide: La guía de seguridad en aplicaciones Web Recorded: Jul 8 2020 66 mins
    Vicente Aguilera Díaz - OWASP España Líder del capítulo; Miguel Tomico - Checkmarx Ingeniero de soluciones España
    El problema de la inseguridad en el software quizás sea el reto técnico más importante de nuestra era. El drástico aumento de las aplicaciones Web para usos comerciales, redes sociales, etc. simplemente ha multiplicado los requisitos para establecer un método robusto de escribir y securizar Internet, las aplicaciones web y nuestros datos.

    El Open Web Application Security Project (OWASP) está creando un mundo en el que el software inseguro es la anomalía, no la norma. La Guía de pruebas de OWASP tiene que desempeñar un papel importante en la resolución de este grave problema. Es de vital importancia que nuestro método para comprobar los problemas de seguridad en el software se base en los principios de la ingeniería y la ciencia. Necesitamos un método coherente, reproducible y definido para comprobar las aplicaciones Web. Un mundo sin unos estándares mínimos en materia de ingeniería y tecnología es un mundo caótico.

    Durante esta sesión web, Vicente Aguilera y Miguel Tomico, van a presentar los siguientes puntos:
    - OWASP Testing Project
    - Los principios de las pruebas
    - Explicación de las técnicas de las pruebas
    - Revisión del código fuente
    - La necesidad de adoptar un método equilibrado

    Sus panelistas para este seminario web es:
    - Vicente Aguilera Díaz - OWASP España Líder del capítulo
    - Miguel Tomico - Checkmarx Ingeniero de soluciones España
  • Checkmarx DevSec Awareness and Training Solution [Hebrew] Recorded: Jun 15 2020 27 mins
    Asaf Altagar Codebashing Product Manager
    *Webinar will be held in Hebrew.
    Companies are looking to implement DevOps, bringing development and security teams together to code applications faster securely. With this structure, the need, and the benefit of putting security in the hands of developers is clear. However, the reality is that 60% of developers do not trust the security level of their applications, because developers are often not given enough security support. In general, companies train developers in security once a year, or even once a quarter in the best of cases, and thus hope that their teams will have the same level as security specialists. This approach consisting mainly of ticking the box "training in secure development," is not sufficient to establish and grow a real culture of application security within the organization.

    Join us to find out how to build an AppSec awareness program that genuinely supports and trains developers to think and code security daily.
  • Removing the friction between Security, Developers and DevOps Recorded: Jun 9 2020 24 mins
    Nathan Leach, Solution Architect
    Developers, security professionals and DevOps teams often find themselves struggling between timely code delivery, secure code delivery and automation:
    - Developers are most commonly measured on the delivery speed and quality of their code, not on the security of their code.
    - Security professionals want to ensure that every piece of code is tested upon commit for security threats, without incremental cost and friction with developers and DevOps.
    - DevOps on the other hand care about the effectiveness of the release process and want to make sure nothing slows that down.

    In this webinar, Nathan Leach, Solution Architect at Checkmarx will walk you through how CxSAST allows companies to embed security into the software development lifecycle in a way that doesn’t disrupt developer’s work, doesn’t add any additional code reviews, and doesn't use any new tools.
  • Nuevo modelo de OWASP - SAMM Software Assurance Maturity Model Recorded: May 27 2020 61 mins
    Mateo Martinez - Krav Maga Hacking/OWASP Uruguay Krav Maga Hacking Director/OWASP Uruguay Chapter Founder; Ronen Riesenfeld
    Implementar seguridad en el ciclo de vida del desarrollo de software actual plantea desafíos nuevos que requieren de atención inmediata en materia de seguridad. Durante la conferencia se presentará un enfoque práctico sobre el modelo de madurez de seguridad en software de OWASP llamado SAMM (Software Assurance Maturity Model) en su versión actual que es la 2.0 y que mejora notablemente la visión para DevOps. El webinar ofrecerá una explicación de los puntos más importantes del modelo y su relación directa con actividades fundamentales de diseño, arquitectura, análisis estático (SAST), análisis dinámico de seguridad (DAST), y análisis interactivo (IAST). Los participantes obtendrán herramientas muy útiles para mejorar su nivel de madurez de seguridad en el desarrollo de software de sus organizaciones.

    Durante esta sesión web, Mateo Martinez e Ronen Risenfeld, van a presentar los siguientes puntos :

    - Hacking News
    - Prioridades e Regulaciones
    - OWASP SAMM e OWASP SAMM v2.0
    - Threat Modeling
    - Code Review, SAST, DAST, IAST
  • The Benefits of DevSecOps Recorded: May 26 2020 56 mins
    Yalin Arie - Checkmarx Sales Engineer; Eli Menashe - Checkmarx Regional Sales Manager
    When software is everywhere, security is everything.
    In 2020 alone, around 30 billion IOT devices are expected to be connected. In addition to the number of devices, there are over tens of thousands of builds a day from leading companies. With the number and breadth of connectivity growing exponentially around the world, integrating security into DevOps systems is more important than ever.

    In this webinar, Checkmarx top Sales Engineer, Yalin Arie, and Regional Sales Manager, Eli Menashe, take us to the next level by examining the many advantages and tools that security can offer from the start of development through to deployment and testing without waiting. They will also present the battle between the rapid DevOps development, go-to-market results, and the challenge of AppSec's notoriously slow and lengthy requirements.

    In this webinar we will cover the following topics:

    - What exactly are DevOps and DevSecOps?
    - Why security testing should be part of the DevOps process
    - How DevOps and security teams can work together smoothly
    - Dynamic solutions for vulnerability analysis during the integration tests
    - The future of DevOps and application security
  • 金融服务和应用安全 Recorded: May 15 2020 62 mins
    Tony Li Technical Manager
    为助力金融企业抵御网络安全风险与攻击,Checkmarx携手广东省粤港澳合作促进会金融专业委员会在这特殊时刻,通过线上直播为金融机构分享“安全风险应对策略”、“相关应用安全分享”、“安全风险分析与管理”等内容。

    Checkmarx中国区技术总监 李亭Tony Li 就《金融服务和应用安全》开讲。

    本次直播将为您分享:
    ☑ 与金融服务相关的应用安全
    ☑ 如何将安全植入攻击者最关注的对象?
    ☑ SDLC和DevSecOps环境中的安全性
    ☑ 安全性与DevOps的关键需求在哪些点会发生冲突?

    讲师李亭将从安全软件应用方面,针对金融服务机构,给予建设性的解决方案;并就目前敏捷运维方式下,存在的安全和集成问题,进行答疑解惑,帮助金融机构建立全面网络安全构架。

    更快的软件应用周期、DevOps的部署和开源代码的采用所带来的软件风险仍是新的未知因素。让我们一起守护企业的安全!
  • Six Steps to Embedding Security into DevOps Recorded: May 14 2020 30 mins
    Stephen Gates
    Learn how organizations are beginning to embed security into their DevOps initiatives and find out what barriers need to be addressed in order to effectively achieve what the industry calls: DevSecOps. 
    Join this session to learn:
    - The step that directly influences all other aspects of your DevSecOps initiatives
    - The benefits of integrating security automation into DevOps, resulting in improved quality, speed, and security
    - The most important topics that must be addressed when embedding security into DevOps
  • Formez vos développeurs à la sécurité applicative de manière ludique Recorded: Apr 30 2020 29 mins
    Grégory Domagala, France Sales Engineer
    "CodeBashing - Formez vos développeurs à la sécurité applicative de manière ludique"
    Veuillez vous joindre à nous pour ce webinaire Codebashing, Checkmarx AppSec Awareness Solution for DevOps. Grégory Domagala, ingénieur avant-vente France discutera:
    o Le besoin de sensibilisation à l’AppSec au-delà de la formation
    o Les bonnes pratiques dans la mise en place d’un programme de sensibilisation AppSec
    o [Démo] La solution de Checkmarx de sensibilisation à l’AppSec
  • Why Automation of AST Solutions is the Key to DevSecOps Recorded: Apr 22 2020 24 mins
    Matthew Rose, Director of Application Security Strategy
    Software development teams are often overloaded with security-related data, hindering delivery speeds and security integrity. In this session, learn the importance of application security testing solutions that leverage automation to produce high-quality findings and results, and how they help organizations achieve a true DevSecOps model by automating vulnerability detection and triage.
  • [Panel] Finding the Balance Between Manual and Automated Testing Recorded: Apr 22 2020 45 mins
    Eran Kinsbruner - Chief Evangelist, Perforce | Matt Rose, Global Director Application Security Strategy at Checkmarx
    Keeping up with customer expectations in the digital age and continuously releasing high-quality software is tough. While not a silver bullet, the answer to doing both well in 2020 increasingly lies in test automation.

    However, adopting test automation is not without its challenges, and it must be blended correctly with manual testing.

    Join this panel of testing experts as they discuss how to find the balance between manual and automated testing, including:

    - Where to introduce automated testing
    - Why it’s crucial that you establish a repeatable manual documented process prior to implementing any automation
    - How to scale automated testing


    Panelists include:

    - Eran Kinsbruner - Chief Evangelist at Perfecto by Perforce
    - Matt Rose, Global Director Application Security Strategy at Checkmarx
  • Simplifying the Secure SDLC Recorded: Apr 8 2020 20 mins
    Ken McDonald, Principal Development Lead, Checkmarx Technical Services Team
    Simplify the Automation of Application Security Testing

    The main goal of any application security testing program is to reduce enterprise risk without hindering software release cycles, which is best achieved through thoughtful planning and implementation of security testing automation. However, this often remains an obstacle for many organizations today.
    To address this issue, Checkmarx recently announced the availability of an orchestration module called CxFlow for the Checkmarx Software Security Platform that tightly integrates with application release orchestration and agile planning tools.
    Implementing CxFlow:
    • Enables automated scanning earlier in the code management process by integrating directly into source control management systems or CI/CD tools
    • Improves operational ‘flow’ of secure software development and delivers more actionable vulnerability findings
    • Allows organizations to improve the security of their software without interrupting developer workflows

    Join Ken McDonald as he walks through CxFlow, demonstrating how it offers end-to-end automation - from scanning to ticketing, seamless integration with the modern development ecosystem, and centralized management.
Manage Software Risk at the Speed of DevOps
Unify your application security into a single platform and release secure software, fast.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Benefits of DevOps for Financial Services Organizations
  • Live at: Sep 25 2019 3:00 pm
  • Presented by: Matthew Rose, Director of Application Security Strategy
  • From:
Your email has been sent.
or close