Name: Not All Risks are Equal - Why Context Matters in Cloud Security
Start: 2021-11-08T19:30:00Z
End: 2021-11-08T19:30:29.000Z
Location: BrightTALK

Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely. More than 800 organizations rely on Cobalt for their pentesting program needs. Customers include MuleSoft, GoDaddy, Verifone, HubSpot, PaloAlto, Cengage, Pendo, Axel Springer, and Credit Karma. To learn more about Cobalt, please visit http://cobalt.io. 

Watch as security and development leaders interact in an open discussion on the State of Pentesting 2022 Report. This discussion is led by Cobalt’s Sr. Director of Delivery, Jay Paz, and Cobalt's Director of Engineering, CX, Nick Terkay. In The State of Pentesting 2022 Report, we studied data from 2,380 pentests and surveyed 602 cybersecurity and software development professionals. The report focuses on issues and stats relevant to both the security and development teams.

Expect to Learn About:
-The impact talent shortages have on security and development programs
-What's causing slower responses to critical vulnerabilities
-How vulnerabilities are more likely to slip past undetected
-How talent shortages are straining collaboration between security and development departments

So Much to Do, Never Enough Bandwidth: A Tale of Two Tech Directors

An all-too-common belief is that to move fast you must sacrifice security. It’s a dangerous assumption, based on the misguided belief that cyber criminals are focused on larger, “juicier” targets. The Kaseya ransomware attack proved that any organization can be a victim – regardless of size or maturity.

This conversation between Cobalt CSO Caroline Wong, Abrigo Senior Manager of Security Operations Jeremy Herr, and Debbie Christofferson will debunk the myth that security and speed do not mix. 

Scaling companies often prize innovation above all else, and bolt security on as an afterthought. Remote work adds further pressure to build a comprehensive security strategy. But how do you build in proactive, preventative measures when you’re strapped for money, talent, and guidance? The fireside chat will discuss:
• Why testing is critical, and automation alone isn’t good enough. 
• Which practices really work with today’s modern software development cycles 
• What “security at scale” really means, and practical tips to achieve it.

Modern Security with PtaaS: Move Fast and Don’t Break Things

This candid conversation is led by Caroline Wong featuring panelists This candid conversation is led by Caroline Wong featuring panelists Leif Dreizler, Reet Kaur, Kim Jones, and Robert Wood covering common struggles and tasks today’s security leaders face, such as hiring, retaining, and growing security talent in a competitive recruiting landscape, how to prioritize (and manage) the day-to-day workload while roles are open, and how to enable security teams to be more agile and efficient in the face of an ever-evolving digital landscape.

Expect to Learn About:
-Hiring, retaining, and growing security talent in a competitive recruiting landscape
-How to prioritize (and manage) the day-to-day workload while roles are open
-How to enable security teams to be more agile and efficient in the face of an ever-evolving digital landscape. covering common struggles and tasks today’s security leaders face, such as hiring, retaining, and growing security talent in a competitive recruiting landscape, how to prioritize (and manage) the day-to-day workload while roles are open, and how to enable security teams to be more agile and efficient in the face of an ever-evolving digital landscape.

Expect to Learn About:
-Hiring, retaining, and growing security talent in a competitive recruiting landscape
-How to prioritize (and manage) the day-to-day workload while roles are open
-How to enable security teams to be more agile and efficient in the face of an ever-evolving digital landscape.

The Security Leadership Gap: What We Need for Today's Organizations

Are you preparing to get in the ring and fight for your 2022 security budget? Watch the Winning the Security Budget Fight: How to Get Funding Every Time webinar on-demand. This discussion with security experts will ensure you are ready to knock out your upcoming budget battle!
 
Expect to Learn More About:
-How to knock out negotiations on your must-have budget items
-The right moves to increase budget and get buy-in on new initiatives
-Techniques to spar in difficult conversations... and more!

Winning the Security Budget Fight Webinar

Time. We all have it and always need more of it. When it comes to cybersecurity, there is a time discrepancy between the time available to an assessment team and the time available to the attackers. One way to level the hourglass is to pair cyber asset visibility with pentesting so that your team can adapt and respond more quickly.

Expect to Learn About:
-How to better understand your current maturity level and security posture
-Why and when penetration testing is critical for your security journey
-What companies should prioritize on their information security journey for pentesting

Pair Cyber Asset Visibility with Pentesting to Fight the Clock Against Hackers

Is your pentesting program worth it? We recently published an impactful ROI of Modern Pentesting Report to delve into this question and prove the value of Pentest as a Service (PtaaS) vs. traditional consulting engagements. 

To continue the discussion, we invited one of the key contributors to our research, Conor Sherman, VP of Security at ezCater to join our very own CISO, Andrew Obadiaru to discuss the key report findings that validate the value of PtaaS for ezCater and make pentesting more effective for engineers. 

According to the report, business advantages of PtaaS include:
Being able to afford almost twice as many pentests with the same budget.
Improving security by starting remediation on issues much sooner.
Integrating pentesting into agile and DevOps application development processes.
Enabling pentesting to be more responsive to short notice requests.

ROI of Modern Pentesting: How ezCater Found Real-World Savings with PtaaS

Cobalt’s Chief Strategy Officer interviews cybersecurity powerhouse Tony Spinelli, who has spent the better part of his 25+ year career developing next gen technology and pioneering methods to secure the public cloud.

SecTalks Keynote Session

In this lightning talk, Patrick Murray, Chief Product Officer at Tugboat Logic, shares expert tips that will help you off-load your team, avoid audit delays and ensure you are always compliant.

Top Infosec Practices for Continuous Compliance

Hear from current CISOs as they discuss the demands and challenges of their roles, in a profession where the only constant is change. The global pandemic has complicated things even more, resulting in a highly remote workforce, shifts in business models (including the rapid rollout of digital services), multiple new cyber threats, and an overall climate of uncertainty.

Day in the Life of a CISO: Cybersecurity in the Age of COVID

David Spark will be joined by Health Partners CISO Mike Eggleston for a new, live episode of the CISO Series/Vendor Security Relationship Podcast. Think of it like as couples therapy for security practitioners. In this episode, David will challenge Mark and listeners to critique, share true stories, and reveal in hypothetical scenarios, “what would you do?"

CISO Series: Vendor Security Relationship Podcast Live Recording

“So how will security level up this year?” This is a question every security leader faces, regardless if they work at a growing startup or a long established organization. Having a clear answer amid unprecedented uncertainty, cost pressures and customer expectations can truly be a heroic feat. In this session, Cobalt’s own CISO will draw upon his years of experience managing infosec programs at eBay, Workday, Amazon, and Cisco, among others. He’ll be joined by Henning Christiansen, CISO at Axel Springer, to provide additional perspective from security professionals “in the trenches.”

CISOs Assemble: Shaping a Security Strategy

This panel takes you inside the mind of a pentester. We’ve gathered some of the top members of the Cobalt Core (our closed community of skilled pentester talent from around the world) in order to pick their brains and surface key learnings gleaned from years of testing. Attendees will learn what makes a pentester tick, insider strategies for getting the most out of your pentest engagement, and insight on go-to vulnerabilities.

Pentester Panel: Lessons from the Frontlines

The military offers a sterling example of leadership in crisis situations. When a breach happens, pressure escalates and split decisions determine survival or disaster. No one can be fully prepared for the unknown, but there are methods to build up resilience in both ourselves and our teams. What better group to turn to for advice than security leaders who have worked on the front lines of risk and uncertainty?

Building Resilience in Infosec: Lessons Learned From Military Experience

Welcome to SaaStock Sessions: 6 Steps to Building a Pentest Program for SOC 2 Compliance

SOC 2’s COSO Principle 16 requires companies to select, develop, and perform ongoing and/or separate evaluations to test their security controls. Pentesting is an effective solution to this point, because it uncovers complex and chained exploits your scanners might have missed. What’s more, pentests can be standardized and linked into a formal program that systematically stress tests your systems monthly, quarterly, or as often as you need.


But how do you set up a pentest program for SOC 2 compliance? That’s the question we’ve raised to Alex Jones, Information Security Manager at Cobalt, and Rory McEntee — Director of Application Security at SpringCM, a DocuSign company. In this webinar, you can expect to learn more from them about:


● The value of a pentest program, particularly in achieving SOC 2 compliance;
● How to set one up, from picking the right assets to deciding on how often to test;
● How a pentest program can help you prepare for SOC 2 audits;

We'll finish up with a 20 minute networking session, just jump into the networking area to get automatically matched with another attendee at random, for a short speed-networking chat.

SaaStock Sessions: 6 Steps to Building a Pentest Program for SOC 2 Compliance

Learn which findings came up most frequently from 1600+ pentests and how teams can respond to them. Jay Paz, Director of Pentest Operations and Research at Cobalt, and Robert Kugler, Manager of Research at Cobalt, will explore the most widespread vulnerabilities identified in the report and the setbacks that keep teams from preventing them.

Expect to Learn More About:
-How the most common vulnerabilities manifest in different applications
-What their business impact could be
-How to effectively fix these issues
-What teams can do to prevent them earlier in the SDLC

Webinar: The State of Pentesting Report

Becoming ISO 27001 compliant is a by-product of a solid security program. However, the journey to get there can be grueling. Is your team prepared?
While establishing such a program can be challenging, it doesn’t have to be. We're teaming up with Tugboat Logic for a webinar on how to prepare for and maintain ISO 27001 by scaling your security program with an automated approach.

How to Stay Audit Ready & Bolster Your ISO 27001 Compliance Readiness

If the past year has taught us anything, it's that what we put on paper doesn't always pan out. Cybersecurity professionals know that a security strategy can quickly turn into projects with many twists, turns, roadblocks and surprises. We’ve invited two seasoned CISOs to get their take on how to navigate the challenges of making things happen in the day-to-day of this fast-paced industry, and how to build in flexibility for the unknown surprises along the way.

Expect answers to questions like:

-Can you plan an effective security strategy for the unknown?
-What parts of planning do you have to get right to reduce issues during execution?
-What tips have served you well in your career to stay on top of disruptions?
-How do you keep your team motivated when blockers just keep coming?

How to Build in Flexibility to Create a More Effective Security Strategy

The promise of adding new security tools and capabilities to your security operations efforts is more intelligence to make better, more well informed decisions with, but do they deliver on that promise? If your SOC team receives hundreds of "high priority" alerts every day should they even trust in that risk score? An overwhelming number of alerts desensitizes the very people tasked with responding to them, leading to missed or ignored alerts or delayed responses. In this session we will discuss our best strategies in the fight against alert fatigue and how to rebuild trust in security intelligence.

Not All Risks are Equal - Why Context Matters in Cloud Security

CISO

Cloud Security

Cyber Attacks

Cyber Security

Information Security

Penetration Testing

Pentesting

PtaaS

Security as a Service

Security Strategy

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Not All Risks are Equal - Why Context Matters in Cloud Security

Presented by

About this talk

Cobalt