Name: Securing a Lifetime of Learning with Pearson
Start: 2022-10-27T14:00:00Z
End: 2022-10-27T14:01:00.000Z
Location: BrightTALK

IriusRisk is the industry's leading threat modeling and secure design solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start - using its powerful threat modeling platform.

Whether teams are implementing threat modeling from scratch, or scaling up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws.

Threat modeling on a whiteboard is an effective way to visually break down and analyze the security of a system. In this workshop, Sebastien Deleersnyder, kindly explains how you can make your whiteboard efforts more beneficial with some great tips and advice.

Getting Started with Threat Modeling - Whiteboarding Workshop 1 of 4

So where do you start? Rolling out a threat modeling program can be daunting, but never fear. Broken down into six digestible sections we show you how to get started, Increase stakeholder buy-in, Scale usage across teams and demonstrate the success of rolling out your threat modeling program.

Getting started with Threat Modeling- Rolling out threat modeling  4 of 4

Diagramming is a familiar step in the Threat Modeling process but how can a tool help aid this process and why would you condenser using one?

In this workshop James Rabe (Senior Solutions Architect at IriusRisk) takes us through the move from manual diagramming to digital diagramming, walking us through the key steps, ease of use and time saving a diagramming tool can bring to your threat modeling process.

Getting started with Threat Modeling: Diagramming Workshop 2 of 4

Join Dr. Gary McGraw and Adam Shostack, two heavyweights of software security and threat modeling, as they go head to head explaining and debating the future of Machine Learning and threat modeling.

Tune in for an hour of discussion and debate on this controversial and thought-provoking topic!

Tune in to hear McGraw and Shostack’s views on:

- Whether machine learning is helpful or harmful to threat modeling?
- How threat modeling may evolve given machine learning progress.
- How companies are safely and effectively adding machine learning to their technology arsenals.
- What kinds of risks machine learning technology brings to bear.
- And, most importantly, when Adam Shostack will be replaced by a robot?

The implications of machine learning on threat modeling

In this edition of IriusRisk’s Threat Modeling Club Live! we discuss the importance of a commonly agreed set of terminology and measurement of cyber risk and how that can affect large-scale software development teams and Executive Boards alike.

A well-known and often hilarious party game - Whispers - basically involves communicating an idea, thought or phrase along a queue of people from one person to the next and then hearing the end result and how different it was from the original phrase - usually resulting in much hilarity and amusement!

But in the world of cyber security and risk misinterpretation of valuable information often leads to an underestimation of the real risk - particularly at CIO / CISO level when - as is quite often the case - a Common Vulnerability Scoring System (CVSS) is often misused to represent Threats. Perhaps it's time for a clearer definition of Cyber Risk and also a newer set of dimensions and metrics to consider?

Join Fraser Scott (VP of Product, IriusRisk) and Izar Tarandach - Principal Security Architect, Squarespace, and renowned author/contributor and Brook Schoenfield (Author and AppSec Diplomat) for what promises to be a great fireside discussion on the importance of building a common understanding and lexicography of Cyber Risk.

Presenters:
Fraser Scott - VP of Product, IriusRisk
Izar Tarandach - Principal Security Architect, Squarespace Inc.
Brook Schoenfield - Author

Elevating the Language of Cyber Risk and Avoiding the Whisper Syndrome

Threat Modeling is traditionally performed by security experts, but with the need to scale it across all of an organizations applications a new approach is needed. This panel will discuss the need for and the challenges of implementing a federated or decentralized approach to threat modeling.

Decentralized Threat Modeling Webinar

Join us for this interactive webinar as Shankar Chebrolu, Director of Security Architecture, Red Hat explores the latest updates with James Rabe, IriusRisk’s Customer Solutions Architect & Threat Modeling SME. James will be taking Shankar through a demonstration of these key new features and improvements showing how much easier it is to automate your Threat Modeling processes and ensure your software development is secure by design.

Learn how to:

- How to collaborate in real-time between architectural, development, security, and operational teams within your organization to edit diagrams and designs so that everyone is aware of changes and updates

- How to create and navigate around new Threat Modeling projects using the new powerful and intuitive user interface which is now a part of IriusRisk V4.3

Threat Modeling in 30 mins or less

In this webinar we discuss the importance of building skill sets and capabilities for Threat Modeling and how Community is an incredibly important aspect of that motion.

The past few years has seen Threat Modeling in the AppDev / AppSec / DevOps world evolve from being an artform practiced by few very skilled individuals leading the way into what is rapidly becoming a standardized and shared practical science undertaken by everyone involved in the Software Development Life Cycle (SDCL).  

The foundations for the skill sets needed to become a proficient Threat Modeling professional have started to be shared by the great work done by OWASP and the Threat Modeling Manifesto. But what are practical steps that we can all take in improving our knowledge and experience in this critical area?

Threat Modeling Community, Pathway to Threat Modeling

As many organizations accelerate their Cloud Modernization journey to ensure that they provide the best customer experience and compete with cloud-native market entrants, they’re adopting new tools and processes that allow them to scale rapidly and reduce duplication and resource requirements.

In this fireside chat we discuss how modern, collaborative and scalable threat modeling helps to bring together teams to accelerate cloud service deployment. We will discuss how Cloud orchestration tools such as AWS CloudFormation and HashiCorp Terraform allow rapid design and deployment strategies through techniques such as Infrastructure as Code (IaC), when used with tools such as IriusRisk, bring together Product Owners, Developers, AppSec and DevOps functions to understand and incorporate security more effectively while accelerating service development, deployment and reducing costs and complexity.

Accelerating and Securing Your Cloud Modernization Journey

Applications are open to join the newest, hottest club in town - the Threat Modeling Club. More prestigious than any other club you've ever come across. We may not have comfy sofas or old gents smoking cigars whilst sipping on their Scotch and soda....it's a whole lot more inclusive. Plus you get to hear valuable insights from Fraser 'zeroXten' Scott and Aaron Bedra.

What is the Open Threat Model

Which approach is better? Creating a threat model from first principles or using a tool?

In this edition of IriusRisk’s Threat Modeling Club Live! we meet with world-renowned threat modeling experts Adam Shostack and Stephen de Vries as they draw on their wealth of experience to discuss this in-depth, covering topics including:

- Why would you want to do manual threat modeling, when tooling exists?
- Why use tooling if your team is already capable of threat modeling?
- Challenges in rolling out a threat modeling program.

Getting Started with Threat Modeling:  Automated Tools vs Manual Methods 3 of 4

When it comes to operational security, a forward-facing approach is essential. Having a high-level yet comprehensive cybersecurity strategy is a great way to understand your attack surface and navigate risk. But how can you plan long-term when incidents are taking attention every day and technology and attacks continue to evolve?

Being forward facing means moving away from a reactive cybersecurity strategy towards a proactive plan. However, creating a 3-year plan is no easy feat. It takes continuous monitoring, agility, and the ability to plan for the unexpected.

In this episode of The (Security) Balancing Act, Diana Kelley and guests will discuss:
-  The benefits of a long-term cybersecurity strategy
-  Key considerations when building out a program or strategy
-  Balancing immediate and urgent tasks with long-term planning
-  Getting Board by-in for strategic goals
-  How to monitor your strategy to ensure it remains effective
-  The first step to building your 3-year plan
-  And much more!

How To Build a 3 Year Cybersecurity Program

In this month's IriusRisk Threat Modeling Club Live! we discuss how Pearson, one of the world’s most trusted and innovative online education and learning organizations, has adopted collaborative Threat Modeling across some of their online service portfolio using IriusRisk.

With over 20,000 employees delivering products and services in nearly 200 countries - all with the singular goal of helping people to achieve their potential through learning, Pearson faces both significant opportunities and challenges, particularly in securing key online educational applications.  Having already adopted a manual threat modeling process, Pearson were looking for three key improvements to help them build ‘secure-by-design’ products and services.

Join Jonny Tennyson (Head of Customer Success, IriusRisk) and Nick Vinson (Director of DevSecOps, Pearson) and Joe Bollen (Application Security Specialist, Pearson) in what promises to be a great fireside discussion around a real-world use case of automated Threat Modeling.

Securing a Lifetime of Learning with Pearson

IriusRisk

elearning

Online Communities

Threat Modeling

Threat Detection

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Securing a Lifetime of Learning with Pearson

Presented by

About this talk

IriusRisk