Hi [[ session.user.profile.firstName ]]

Risk-Based Security Testing

Risk-based security is a popular concept, but what about applying it to penetration testing, reporting and remediation? Pete Wood and his team have been working on this concept. Blending threat and risk analysis with traditional penetration testing to produce techniques, results and guidance tailored to an individual organisation’s risk profile and attack surface. Learn more with case studies and real-world results.

Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio, and written many articles on a variety of security topics.
Recorded Jan 20 2015 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Peter Wood, CEO, First Base Technologies
Presentation preview: Risk-Based Security Testing

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Navigating the Chasm of SIAM-Managing Infrastructure in 2018 Nov 21 2017 3:00 pm UTC 60 mins
    Jeffrey Ritter
    Governments continue to try to regulate cyberspace, often with little effective impact. Security professionals struggle to design and operate infrastructure that will comply with rules written with Semantically Intentional Ambiguous Meaning (SIAM). Learn from the classrooms of one of the world's great universities the new methods for navigating those challenges and putting in place rules that are effective for managing infrastructure.
  • Stopping the Hack: Using Advanced Analytics to Detect and Respond to Attacks Nov 16 2017 4:00 pm UTC 60 mins
    Christopher Camejo, Director of Product Management for Threat Intelligence at NTT Security
    Getting hacked is now a matter of “when”, not “if. As a result, the ability to detect and respond to attacks before significant damage is done has become one of the most important issues in information security.

    A wide variety of tools and services are available with new technologies and capabilities being introduced regularly.

    We will take a look at the important considerations for organizations seeking to monitor their network security via in-house resources, commercial tools, and/or managed security services. This will include important factors that will dictate the cost and effectiveness of security monitoring efforts.

    About the Presenter:
    Christopher Camejo has more than 18 years of security experience, and has been with NTT Security for over 15 years with experience in the Security Operation Center, developing and supporting a managed email security service, and implementing security solutions before moving on to start the US ethical hacking team and GRC practices. He has coordinated and conducted numerous large-scale, multi-discipline penetration tests and PCI assessments for NTT Security’s global clients.

    As part of NTT Security’s threat intelligence capabilities, Chris follows the latest tactics and techniques of attackers, coordinates NTT Security’s vulnerability identification and disclosure activities, and helps educate NTT Security’s clients, clients from various other NTT operating companies, and the public on how to address strategic information security risks. He has presented at RSA Conference, Infosec World, the ISSA Conference, Computerworld Expo, and at United States Secret Service Electronic Crimes Task Force meetings.
  • 2018 - The New Targets and New Technologies Nov 15 2017 6:00 pm UTC 60 mins
    Ulf Mattsson, CTO Atlantic BT Security
    2018 is bringing new Threats & Technologies.
    Viewers will learn:
    • Case studies and Current trends in Cyber attacks
    • Security Metrics
    • Oversight of third parties
    • How to measure cybersecurity preparedness
    • Automated approaches to integrate Security into DevOps
  • How to Fix Cybersecurity - From Patching Leaks to Building Better Dams Nov 15 2017 4:00 pm UTC 60 mins
    Tatu Ylonen, Founder & SSH Fellow, SSH Communications Security, Inc.
    This talk will address how we need to develop and configure systems and software to eliminate common forms of malware and exploits. It is an engineering challenge that requires substantial change in tools and how we write applications and operating systems and how we design hardware. None of it is rocket science, but the pieces must be put together.

    Viewers will learn about:
    - Attack vectors and hidden risks
    - How to build better dams, rather than trying to patch every leak and crack

    Do we want our dams to be strong and safe, or is it more important to ensure that we can easily blow up the dams of any opponents, even if ours will break too? As a society increasingly living downstream of the dams, building better dams is a matter of survival.

    Presented by a 20+ year security pioneer and inventor of SSH (Secure Shell, the de facto standard for system administration) and the principal author of NIST IR 7966 (guidelines for managing SSH access).
  • Achieving Digital Trust: Turning New Threats into Customer Loyalty Nov 15 2017 3:00 pm UTC 45 mins
    Jeffrey Ritter
    Dynamic, volatile, innovative. Cloud security is all of these and more. How can cloud service vendors turn the constant parade of new threats into a continuing opportunity to increase customer loyalty? How can customers gain trust in their service vendors despite the parade? Learn how in this webcast.
  • Breaches, Threats and How to Improve Security in 2018 Nov 14 2017 4:00 pm UTC 60 mins
    Shimon Oren (Deep Instinct), Ted Harrington (ISE), Greg Foss (LogRhythm)
    2017 is not yet over and it's already the year of cyber attacks. From phishing, to hacks, to classified hacking tools leaked and the biggest ransomware attacks to date (Wannacry, NotPetya), security professionals across the world are looking to apply the lessons learned in 2017 for an improved cyber security next year.

    Join this live interactive Q&A panel with experts from the artificial intelligence, deep learning and IoT security space to learn about:
    - The biggest attack trends seen so far
    - Impact across industries
    - Threats on the horizon
    - Recommendations to better secure your data and company in 2018

    - Shimon Oren, Head of Cyber-Intelligence at Deep Instinct
    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Greg Foss, Global SecOps Manager at LogRhythm
  • Defending from Attack: Winning the Cyber Conflict Nov 14 2017 2:00 pm UTC 45 mins
    Griff James, Director, Damrod Analysis Ltd.
    Effective responses to modern IT risks requires a transition from cyber security to cyber defense. This presentation introduces analysis based on proven military tools to understand, assess, and defend against cyber-attack. See how Petya worked its way in, and how to defend against it. Take away valuable tools and frameworks to develop your defenses.


    Griff is trained as a Canadian Infantry Officer and is a graduate of the Johnson-Shoyama Graduate School of Public Policy. After a two-year stint as a Strategic Policy Analyst at the Treasury Board Secretariat in Ottawa, he moved to London where he completed a Master’s Degree at the LSE. Unable to find “real” work, he got into software development as a Scrum Master, leading the development of a web based application. This experience fostered an interest in cybersecurity, and Griff went on to a boutique start-up providing application security to Fortune 500 companies. Frustrated by the disconnect between technologies and poor analysis within cyber security, Griff founded cyber defense firm Damrod Analysis in 2017. He is London based, where he and his wife are expecting their first child shortly.
  • [Panel] Defending Against the Evolving Cyber Threat Landscape in 2018 Nov 14 2017 1:00 pm UTC 75 mins
    Amar Singh, Cyber Management Alliance; Panelists: TBA
    2017 was the year of cyber attacks and high profile data breaches. Discover what cyber security professionals should be focusing on in order to secure their organizations in 2018.

    This interactive Q&A panel will discuss:
    - The trends shaping the cyber threat landscape in 2018
    - Lessons from the biggest cyber events of the year
    - Recommendations for CISOs on securing the enterprise in an age of frequent and persistent attacks
    - The technological advancements in the fight against cyber criminals and the processes organizations need to have in place to enable their security teams

    - Amar Singh, Cyber Management Alliance
  • The 2018 Threatscape: Cyber clairvoyance and divination Nov 14 2017 11:00 am UTC 45 mins
    Peter Wood
    What have we learned from 2017's biggest breaches and how will we deal with 2018's emerging threats? Attempting to look both backward and forward over the cyber landscape, Peter Wood will review lessons learned and apply them to the evolving threatscape.
  • Hybridization: Solving for IT in the Digital Age Oct 26 2017 3:00 pm UTC 60 mins
    Lynda Stadtmueller (Frost & Sullivan), Jason Mendenhall (CB Technologies), John Cowan (6fusion), Evelyn de Souza (CSA)
    Technology is constantly evolving, and IT infrastructure and cloud are no exception. A rising number of enterprises are realizing it’s not a question of public OR private cloud, but rather a multi-cloud strategy that involves the best of both worlds.

    The next evolution of IT infrastructure is true hybridization-- scaling and workload enablement for the full-stack compute layer, creating an environment that allows for more informed decision making. This means decision makers have all relevant information to make cost-effective choices on where workloads go and how to efficiently control them. Hybridization is about gaining the full competitive advantage that comes from the IT infrastructure itself.

    Join this interactive Q&A panel and ask your cloud, hybridization and infrastructure questions.

    - Lynda Stadtmueller, VP of Cloud Services and Research, Frost and Sullivan

    - Jason Mendenhall, President of CB Technologies
    - John Cowan, CEO and Founder of 6fusion
    - Evelyn de Souza, Strategy Advisor to the Cloud Security Alliance
  • CPE Webinar: A Data Security Survival Guide in an Interconnected World Oct 25 2017 5:00 pm UTC 75 mins
    Rebecca Herold, The Privacy Professor; M P. Suby, Frost & Sullivan; Deral Heiland, Rapid7; Bharath Vasudevan, ForcePoint
    Attendees can earn 1 CPE credit on this session.

    As the number of internet-connected devices skyrockets into the billions, a data security strategy is an increasingly important part of any organization’s ability to manage and protect critical information. Enterprises are migrating to the cloud in droves, however, protecting data in the cloud remains a challenge as employees push to access cloud apps from any device, anywhere. In the last year alone, 1 in 3 organizations were hacked more than 5 times, and with the increased number of attacks the financial cost of security incidents is also rising.

    In many cases, breaches are caused by a combination of benevolent insiders, targeted attacks, and malicious insiders. For example, targeted attacks are often enabled inadvertently by well-meaning insiders who fail to comply with data or security policies, which can lead to a data breach. In this webinar, our panel will discuss major trends impacting cyber security – from the rising frequency of attacks and types of threats that organizations should be concerned about the most, and they will adress the risks, priorities, and capabilities that are top of mind for enterprises as they migrate to the cloud.
  • Seeing through the Clouds: How Visibility Reduces Security Failures Oct 25 2017 3:00 pm UTC 45 mins
    Dominic Vogel, Chief Security Strategist, Cyber.SC
    As organizations continue to ramp-up their migration to cloud-based environments, they will need to account for the associated security and control risks. There are hidden dangers and blind spots that arise through the use of virtualization technology in the data center. These hidden dangers and blind spots become more prevalent as business-critical applications are increasingly deployed on the public cloud. This is a problem considering that an organization’s operations are dependent on a cloud environment that inherently has a huge visibility gap.

    Many are now making the necessary changes to keep data secure in the cloud. This talk will focus on how to pragmatically accomplish cloud security through increased emphasis on cloud network visibility and cloud access security brokers. Enterprises that can properly implement appropriate cloud network visibility and cloud access security brokers will experience a third fewer security failures. Learn about practical steps and tools that you can use for accomplishing cloud security in your organization.
  • [Panel] Protecting Data in the Next Generation of the Cloud Oct 25 2017 10:00 am UTC 60 mins
    Amar Singh (Cyber Management Alliance); Klaus Gheri (Barracuda Networks), Daniele Catteddu (CSA)
    Cloud computing is an increasingly vital element of information security. It’s used to protect sensitive data; for identity and access management; for network security and to aid with incident response. However it’s not without it’s own set of risks and has been hit in the past with significant and newsworthy breaches.

    Join this interactive Q&A panel with top cloud and security experts as they discuss the future of the cloud and considerations to take for protecting sensitive data when it's held in the Cloud.

    - Amar Singh, Cyber Management Alliance

    - Daniele Catteddu, CTO, Cloud Security Alliance
    - Klaus Gheri, VP and GM, Network Security, Barracuda Networks
  • Cloud Security - Protection Against Evolving Data Security Threats Oct 24 2017 4:45 pm UTC 60 mins
    Ulf Mattsson, David Morris, Rich Morrell, Juanita Koilpillai
    Cloud Security- Protection Against Evolving Security Threats
    Cloud Security Protection is improving, but how can we protect against Evolving Security Threats? How can we win?
    In this session we will delve into some of the security risks associated with cloud environments and what can be done to protect your applications and data that reside in the cloud by utilizing a new technology known as Software Defined Perimeter (SDP) as well as encryption and tokenization.
  • Top Threats to Cloud Security in 2017 Oct 24 2017 3:00 pm UTC 75 mins
    Ted Harrington (ISE), Paula Greve (McAfee), Ken Hosac (Cradlepoint), Akhil Handa (Palo Alto Networks)
    With so many high-profile cyber attacks and breaches in the news, it is no wonder security is cited as the biggest concern of storing data in the cloud. The amount of critical data being sent to the cloud is on the rise. In fact, more than half of business-critical data is likely to reside there by 2019.

    Join this keynote panel of experts as they discuss:
    - The state of cloud storage and security in 2017
    - The biggest threats to data security in the cloud
    - How organizations are solving these security challenges

    - Ted Harrington, Executive Partner, Independent Security Evaluators
    - Paula Greve, ‎Principal Engineer, Data Science McAfee Labs
    - Ken Hosac, VP, Cradlepoint
    - Akhil Handa, EMEA Leader - Public Cloud Channel Partnerships, Palo Alto Networks
  • The Future of Cloud Security: Next Generation Threat-based Testing Oct 24 2017 10:00 am UTC 45 mins
    Peter Wood
    If your processing and data is in the cloud, how can you deliver assurance, compliance and governance? How do you find the flaws and soft spots that criminals will exploit? From browser to database, through human factors and end points, this presentation will take a threat-based approach to securing the cloud.
  • The PCI Dream Team on the Equifax Data Breach Recorded: Oct 4 2017 62 mins
    Ben Rothke (Nettitude) | David Mundhenk (Herjavec Group) | Arthur Cooper "Coop" (NuArx)
    Join the PCI Dream Team for another engaging and interactive Q&A session, this time on the recent Equifax data breach, in which the personal information of up to 143 million American consumers may have been exposed to cyber criminals.

    The smartest minds working with PCI DSS compliance will examine the breach in detail and discuss the following:
    - Effective data security and data handling
    - Patching, PCI and old unpatched vulnerabilities
    - Making incident response work
    - Effective outreach to impacted customers

    - David Mundhenk, CISSP, PCIP, QSA, Senior Security Consultant, Herjavec Group
    - Arthur Cooper "Coop", Senior Security Consultant - NuArx Inc.
    - Ben Rothke, Senior Security Consultant - Nettitude Ltd. (Moderator)
  • Equifax Breach Lessons: How to Stop the Next Breach - Or Slow it Down Recorded: Sep 29 2017 61 mins
    Rick Holand (Digital Shadows), Chris Sullivan (Core Security), Josh Shaul (Akamai), William Leichter (Virsec)
    What are the lessons learned from the recent slate of mega-breaches (Equifax, CIA, NSA)? How can we apply these lessons toward educating our workforce and strengthening our organizations' security posture?

    Join this interactive panel with cyber security experts to learn more about:
    - Why the Equifax data breach was inevitable
    - How to prepare against the next big one
    - How to detect breaches faster
    - The first 24 hours after a breach
    - The importance of employee security training
    - What CISOs can learn from this breach

    - Rick Holand, VP Strategy, Digital Shadows
    - Chris Sullivan, SVP, Chief Information Security Office, Core Security
    - Josh Shaul, VP of Product Management, Akamai

    - William Leichter, VP Marketing, VIrsec Security
  • Defending Against Cyber Crime Recorded: Sep 29 2017 46 mins
    Lisa Forte, Cyber Protection Officer, South West Police Cyber Crime Unit
    The South West Regional Cyber Crime Unit are involved in fighting cyber crime along with other national and international law enforcement agencies.

    As such they see certain traits, methodologies and vulnerabilities over and over again. Lisa Forte, the Cyber Protect Officer for the Unit, will be explaining how businesses should adapt their thinking to "see what the hackers see" to better defend themselves against the threat she sees every day.

    Lisa will also be talking about the importance of planning and war gaming out cyber attack scenarios. The businesses that have a plan are the businesses that survive to tell the tale. Lisa will be using real life cases that the Cyber Crime Unit have dealt with to highlight how quickly things can go wrong as well as providing some simple steps businesses can apply to reduce their vulnerability.

    Speaker bio:

    Lisa Forte is the Cyber Protection Officer for the South West Police Cyber Crime Unit. Her role involves helping businesses of all shapes and sizes defend against the ever growing cyber threat. Prior to working in the Cyber Crime Unit Lisa worked in intelligence for Counter Terrorism agencies in the UK.
  • Should I Pay or Should I Go (rebuild): Ransomware Survival for SMBs Recorded: Sep 28 2017 60 mins
    Dom Glavach (CyberSN), Michelle Drolet (Towerwall), Scott Zimmerman (CTC), Chris Olive (Thales)
    Is your business ready for a ransomware attack? Ransomware is malicious software that encrypts your computer files then demands payment in Bitcoin to recover access. This threat has grown from what was once considered a nuance to a threat which could put a company out of business. Attackers are targeting organizations of all sizes with typical ransom running between $500-$3500 and with the introduction of “Philadelphia,” a ransomware-as- a-service package has the potential to launch a new family of point-and- click ransomware attacks. McAfee Labs 2017 Predictions report cited the industry will see a reduction in volume and effectiveness of ransomware attacks by the end of 2017.

    McAfee’s prediction is based on new technologies, community involvement and law enforcement actions. All will have an impact on the evolving ransomware variants and the risk companies must evaluate. The bottom line is as long as it is profitable for attackers to launch ransomware attacks, actors will continue to do so and businesses must be prepared to defend, respond and ultimately answer the question, “Should I pay or rebuild?”

    This panel will focus on SMBs, discuss the trends, risk evaluations, best defense/detection practices and analyze the question of “Should I pay or rebuild”.

    - Dom Glavach, Chief Security Officer and Chief Security Strategist at Cyber Security Network (CyberSN)

    - Michelle Drolet, CEO and Co-founder, Towerwall
    - Chris Olive, Senior Channel Engineer, Thales e-Security
    - Scott Zimmerman, Principal Cybersecurity Engineer, Concurrent Technologies Corporation
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Risk-Based Security Testing
  • Live at: Jan 20 2015 1:00 pm
  • Presented by: Peter Wood, CEO, First Base Technologies
  • From:
Your email has been sent.
or close