Your SlideShare is downloading. ×
0
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Top 7 Strategies for Overcoming IT Talent Shortages
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Top 7 Strategies for Overcoming IT Talent Shortages

225

Published on

Top 7 Strategies for Overcoming IT Talent Shortages …

Top 7 Strategies for Overcoming IT Talent Shortages

Learn from Cenzic's Chris Harget as he describes the top strategies for maximizing security effectiveness of current staff and resources. Specifically, you'll learn:

- Symptoms you are short-handed
- Key indicators for which strategy will maximize value from existing staff and resources
- Creative tips for convincing your organization to make changes

The current market environment makes finding, training and retaining the right IT employees challenging. Challenges or not, you can gain the skills to protect your organization from excessive security risk. This presentation is a great place to start.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
225
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cenzic Live! Webinar: Top 7 Strategies For Overcoming IT Security Talent Shortages Chris Harget Product Marketing 1
  • 2. Agenda  Symptoms  Strategies  Finding The Win 2 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 3. Symptoms Of IT Security Talent Shortage 3
  • 4. Know The Signs  Incomplete picture of security posture  Backlog of untested applications  Slow remediation when app vulnerabilities discovered  Things done wrong/done twice  Too many long shifts  Open reqs, hiring freezes, “irreplaceable” departures  No vulnerability monitoring of production apps  Data Breeches 4 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 5. The Need Is Significant Source: Cenzic Application Vulnerability Trends Report 2013 5 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 6. Mobile App Vulnerability Types - 2012 Source: Cenzic Application Vulnerability Trends Report 2013 6 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 7. Benchmarks For IT Security Staffing… …Are Really Hard To Come By.  How many security analysts/100 apps?  That depends on; – Size of apps – Depth of scan desired – Coding practices – Scanning frequency – Quality of scanning tools – Division of labor with QA/Dev/Production/GRC 7 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 8. Know Your Specific Shortage  Not enough bodies  Not enough time  Not enough skills  Not enough tools 8 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 9. Strategies For Overcoming IT Security Talent Shortage 7.2 9
  • 10. Bodies: Finding/Hiring/Renting  Job titles include; – Application Security Analyst/Architect – Penetration Tester – Application Security Engineer/Tester/Specialist – Ethical Hacker  If you can’t hire locally, consider managed services – May be easier/faster than getting increased headcount – Helps jump-start process 10 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 11. Time: Prioritize, Specialize, Automate  Prioritize – Are you mitigating the biggest risks first?  Specialize – What tasks are best done by your team? – e.g., Remediation, Management, – What tasks can be offloaded? – e.g., Dev trains app traversals or Managed Service runs scans  Automate – Leverage Enterprise-grade tools 11 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 12. Talent/Skills: Train, Borrow, Rent  Train – How to scan, coding best practices, how to manage  Borrow – Get Developers for app training & Remediation – Get QA for re-running scans  Rent – Managed Services can augment specialized tasks 12 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 13. Tools: Quality and Quantity  Quality – More accurate scanners improve security and save time – Quantified app risk scores enable optimal risk mitigation – Enterprise dashboard shows total risk and trends  Quantity – Web-based app-training tool goes everywhere needed – Having enough seats for each Analyst, Developer, QA, GRC, and Executive leverages whole organization 13 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 14. Top 7 Strategies 1. Hire 2. Prioritize 3. Specialize 4. Automate 5. Train 6. Borrow 7. Rent 8. Quality/Quantity 14 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 15. Finding The Win 15
  • 16. Justifying Resources  Non-technical people need non-technical explanations – Keep it simple – Use cost-benefit for budget – Use relative-risk for reallocating people  Quantified risk is easier to understand – E.g., Cenzic’s HARM™ scores  Bonus: Watch “Top 10 Ways To Win Budget for Application Security” https://info.cenzic.com/webinar-security-budget.html 16 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 17. Making the Case Simply…  Hackers use hidden Application commands to steal data and damage web sites.  Gartner Group says 75% of attacks now target the Web Application Layer  Scanning tools and App Security experts help efficiently find and patch these vulnerabilities. 17 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 18. Detects Web & Mobile App Vulnerabilities  Easy-to-use Software, DIY Cloud, or Managed Service  Accurate behavior-based Scanning protects – 500,000+ online applications – $Trillion+ of commerce  Delivers best continuous real-world Risk Management 18 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 19. Tools  Cenzic Enterprise – Unified console – Web-based app-configuring makes it easier/more affordable for people all over your enterprise to contribute – E.g., Developers can define traversals of their own apps 19 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 20. Application Vulnerability Monitoring In Production .Identify Risk = + Mitigate Risk =  One-click virtual patching via tight integration with leading Web Application Firewalls 20 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 21. Managed Services Offerings – At-a-glance Bronze Silver Industry BestPractices for Brochureware sites Phishing Light input validation Data Security Session management OWASP compliance PCI compliance Business logic testing Application logic testing Manual penetration testing - Confidential, All Rights Reserved. 21 Cenzic, Inc. X Gold Platinum Industry BestPractices for forms and login protected sites Compliance for sites with user data X X Comprehensive scans for Mission critical applications x x X X X X X X x x X X x X X x x x x
  • 22. Compliance in a Hurry  Who? – A Health Maintenance Organization  Need? – Deep scan of a new application on a tight development schedule to ensure compliance.  Solution? – Cenzic PS performed Manual Penetration testing along with the comprehensive vulnerability scanning to provide a very thorough scan which could suffice for any compliance or audit need. 22 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 23. Rapid OnBoarding of New Apps  Who? – A Fortune-100 Banking and Services company  Need? – Quickly begin scanning 110 applications  Solution? – Cenzic PS did Custom Onboarding Engagement, training each app traversal so that the Bank’s IT Security Analysts could then run scans themselves using Cenzic Enterprise software.  Result? – Met their timeline needs, and kept the scanning results in-house, per their corporate policy. 23 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 24. Methodology Assessment With Developers  Who? – Global NGO with thousands of web sites  Need? – Methodology Assessment of their security posture, and real-world training of their Developers  Solution? – Cenzic PS did a 3-day engagement with their App Developers. – Reviewed 10 most common vulnerabilities, found examples in their production apps. – Cenzic PS demonstrated on a Live Demo site how a hacker could exploit those specific types of vulnerabilities – Reviewed coding best practices to completely eliminate said vulnerabilities. 24 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 25. Vulnerability Scanning a Mobile App  Who? – High technology company with a mobile application that accessed sensitive customer data  Need? – Vulnerability Scan a mobile app that can not be traditionally traversed with a spider.  Solution? – Cenzic Mobile Scan service performed a dynamic analysis by placing a proxy in line to the mobile app, which allowed technicians to replay various attacks and coupled it with a thorough forensic analysis of the application on the device to identify vulnerabilities that exposed customer data. 25 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 26. Fitting Strategy to Your Need 1. Hire 2. Prioritize 3. Specialize 4. Automate 5. Train 6. Borrow 7. Rent 8. Quality/Quantity 26 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 27. Cenzic Can Help  Train your people  Give them better gear  Have someone else carry the baton 27 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 28. Questions? request@cenzic.com or 1.866-4-Cenzic Blog: https://blog.cenzic.com www.cenzic.com | 1-866-4-CENZIC (1-866-423-6942)

×