SlideShare a Scribd company logo

Contrast security’s influencers channel 1 live nation

Download as PPTX, PDF
David Neville
David Neville
TechnologyNews & Politics
1 of 27
CONTRAST SECURITY’S INFLUENCERS CHANNEL Episode One: Jonathan Chow and Neeta Manier Live Nation Entertainment
JEFF WILLIAMS “What’s the one thing that deeply bothers you about the way people practice application security today?
NEETA MANIER “…for me, it’s that we’re finding vulnerabilities that existed 10 years ago…we’re still not getting good at fixing [them].”
JONATHAN CHOW “I’ve been involved in part of an applications program here for 12 years now, and we’re still having developers creating the same flaws…so I think the education piece is what’s missing. We’ve got to stop making the same mistakes.”
JEFF WILLIAMS “I couldn’t agree more…I wrote the first version of the OWASP Top Ten in 2002, and it’s essentially the same stuff in there still after 12 years. It’s really not changing, so that’s a bit of a failure for the security industry.”
JEFF “How do you stay on top of your portfolio of applications, the developers writing new code, and new vulnerabilities coming out?”
JONATHAN “It’s almost a job unto itself….I try and maintain good relationships with our business partners…because in some cases they’ll go outside approved IT folks to get it done cheaper, faster, better. And that’s a primary driver for rogue work happening.”
NEETA “We’ve just hired what we call ‘Business Security Leaders’ so they’re our liaison….we’re just trying to make [security] more visible in those areas….we’re trying to empower the teams to do that better themselves.”
JEFF “Interesting. I like that. I’ve been studying the ways that industrial factories monitor their complex systems….What I’m wondering…It sounds like what you’re doing is like a human instrumentation where you’re gathering data through relationships with various teams.”
NEETA “I think it’s really important…scanning technology…and it’s important for that to be well integrated into the tools we already use. Any SDLC process, whether you’re doing QA or builds, trying to inject security into those particular tools is going to be important for any instrumentation.”
JONATHAN
JEFF
JEFF WILLIAMS “How do you feel about your visibility into the apps and other systems that you run?...What do you do to fill in the gaps and make it look up-to- date?”
JONATHAN “What Neeta said earlier was not enough bandwidth. It’s true for every IT security shop that I’ve ever talked to or been a part of….You’re always going to be overwhelmed. You’re always going to be outnumbered.”
JEFF “That strikes me as exactly what needs to happen…the security experts really need to get out of the way and enable the development teams to do these things for themselves with automation and guidance and training.”
NEETA “I remember working at GE and having that- you’d have such a long time between when an application requirement came out and when it was released…at an agile environment, if you’re not there then you miss it and it’s kind of harder now to have that position.”
JONATHAN “It’s actually the worst of all worlds if you miss it because…you either slow them down and they won’t come back, or you interrupt their process and they see you as incompetent….We risk becoming the proverbial dinosaur where we don’t have a place in the new world.”
JEFF “Do you feel that’s the only pressure on security groups? The move to Agile and DevOps kinds of organizations? Or are there other things that are changing the way people do security or security information?”
NEETA “I think there’s also a positive change. I think that application security is a pretty hot topic now, more than it was years ago, it’s more visible. We joke that we use security breaches as our leverage to convince teams to do more.”
JEFF “I know we’ve broken out of the echo chamber when my mom calls and says, “What’s going on with this HeartBleed thing?”
JEFF “I want to know: what are the key metrics that you want to know so you can sleep at night?”
JONATHAN “A raw number of flaws in applications is a key metric for me.”
JONATHAN “I would love to get down to the point where I can go to a specific developer and say, “You know, you’ve been making cross-site scripting errors since 2006. You’ve made it January here, you made it in March here, you made it in October here, I need to teach you something.”
JONATHAN “If we can get to that point where the developers and development teams and outsourced development shops can accept the fact that security teams are here to make them better at their jobs…then I think it will gain more momentum.”
NEETA “I think that any metrics that help us understand the progress, trending metrics, from point A to point B…I think that’s been really helpful for us to say to a team, ‘Congratulations!’”
NEETA “On the educational side, vulnerabilities by technology so we can figure out, ‘What should we be training our teams on?’”
JEFF WILLIAMS WITH JONATHAN CHOW AND NEETA MANIER

Recommended

Security Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentSecurity Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentContrast Security
 
Trusted Software Alliance
Trusted Software AllianceTrusted Software Alliance
Trusted Software AllianceEndUserSharePoint
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeContrast Security
 
Fortify technology
Fortify technologyFortify technology
Fortify technologyImad Nom de famille
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...Kevin Fealey
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 
Ensure Software Security already during development
Ensure Software Security already during developmentEnsure Software Security already during development
Ensure Software Security already during developmentIT Weekend
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community
 

Recommended

Security Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentSecurity Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentContrast Security
 
Trusted Software Alliance
Trusted Software AllianceTrusted Software Alliance
Trusted Software AllianceEndUserSharePoint
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeContrast Security
 
Fortify technology
Fortify technologyFortify technology
Fortify technologyImad Nom de famille
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...Kevin Fealey
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 
Ensure Software Security already during development
Ensure Software Security already during developmentEnsure Software Security already during development
Ensure Software Security already during developmentIT Weekend
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community
 
Episode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSEpisode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSContrast Security
 
A Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaA Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaCerebrum Infotech
 
DevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDana Gardner
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfTravisMcPeak1
 
Episode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comEpisode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comContrast Security
 
Desktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceDesktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceCitrix
 
Desktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookDesktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookCitrix
 
From DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysFrom DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysOri Pekelman
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 
When Things Go Bump in the Night
When Things Go Bump in the NightWhen Things Go Bump in the Night
When Things Go Bump in the Nightahamilton55
 
Software Engineering Paper
Software Engineering PaperSoftware Engineering Paper
Software Engineering PaperLana Sorrels
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
KontikiMillennialGuide3
KontikiMillennialGuide3KontikiMillennialGuide3
KontikiMillennialGuide3Christine Kent
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure codeDJ Schleen
 
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...adamdeja
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfVisalThach1
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfVisalThach1
 
Adoption of online videos in organizations
Adoption of online videos in organizationsAdoption of online videos in organizations
Adoption of online videos in organizationsChristian Ruf
 
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Dana Gardner
 
You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012jadedsecurity
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

More Related Content

Similar to Contrast security’s influencers channel 1 live nation

Episode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSEpisode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSContrast Security
 
A Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaA Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaCerebrum Infotech
 
DevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDana Gardner
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfTravisMcPeak1
 
Episode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comEpisode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comContrast Security
 
Desktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceDesktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceCitrix
 
Desktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookDesktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookCitrix
 
From DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysFrom DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysOri Pekelman
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 
When Things Go Bump in the Night
When Things Go Bump in the NightWhen Things Go Bump in the Night
When Things Go Bump in the Nightahamilton55
 
Software Engineering Paper
Software Engineering PaperSoftware Engineering Paper
Software Engineering PaperLana Sorrels
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
KontikiMillennialGuide3
KontikiMillennialGuide3KontikiMillennialGuide3
KontikiMillennialGuide3Christine Kent
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure codeDJ Schleen
 
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...adamdeja
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfVisalThach1
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfVisalThach1
 
Adoption of online videos in organizations
Adoption of online videos in organizationsAdoption of online videos in organizations
Adoption of online videos in organizationsChristian Ruf
 
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Dana Gardner
 
You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012jadedsecurity
 

Similar to Contrast security’s influencers channel 1 live nation (20)

Episode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSEpisode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNS
 
A Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaA Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann Mulonda
 
DevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in Heaven
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdf
 
Episode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comEpisode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.com
 
Desktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceDesktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their advice
 
Desktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookDesktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBook
 
From DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysFrom DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed Apidays
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
 
When Things Go Bump in the Night
When Things Go Bump in the NightWhen Things Go Bump in the Night
When Things Go Bump in the Night
 
Software Engineering Paper
Software Engineering PaperSoftware Engineering Paper
Software Engineering Paper
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applications
 
KontikiMillennialGuide3
KontikiMillennialGuide3KontikiMillennialGuide3
KontikiMillennialGuide3
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure code
 
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdf
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdf
 
Adoption of online videos in organizations
Adoption of online videos in organizationsAdoption of online videos in organizations
Adoption of online videos in organizations
 
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
 
You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012
 

Recently uploaded

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 

Contrast security’s influencers channel 1 live nation

  • 1. CONTRAST SECURITY’S INFLUENCERS CHANNEL Episode One: Jonathan Chow and Neeta Manier Live Nation Entertainment
  • 2. JEFF WILLIAMS “What’s the one thing that deeply bothers you about the way people practice application security today?
  • 3. NEETA MANIER “…for me, it’s that we’re finding vulnerabilities that existed 10 years ago…we’re still not getting good at fixing [them].”
  • 4. JONATHAN CHOW “I’ve been involved in part of an applications program here for 12 years now, and we’re still having developers creating the same flaws…so I think the education piece is what’s missing. We’ve got to stop making the same mistakes.”
  • 5. JEFF WILLIAMS “I couldn’t agree more…I wrote the first version of the OWASP Top Ten in 2002, and it’s essentially the same stuff in there still after 12 years. It’s really not changing, so that’s a bit of a failure for the security industry.”
  • 6. JEFF “How do you stay on top of your portfolio of applications, the developers writing new code, and new vulnerabilities coming out?”
  • 7. JONATHAN “It’s almost a job unto itself….I try and maintain good relationships with our business partners…because in some cases they’ll go outside approved IT folks to get it done cheaper, faster, better. And that’s a primary driver for rogue work happening.”
  • 8. NEETA “We’ve just hired what we call ‘Business Security Leaders’ so they’re our liaison….we’re just trying to make [security] more visible in those areas….we’re trying to empower the teams to do that better themselves.”
  • 9. JEFF “Interesting. I like that. I’ve been studying the ways that industrial factories monitor their complex systems….What I’m wondering…It sounds like what you’re doing is like a human instrumentation where you’re gathering data through relationships with various teams.”
  • 10. NEETA “I think it’s really important…scanning technology…and it’s important for that to be well integrated into the tools we already use. Any SDLC process, whether you’re doing QA or builds, trying to inject security into those particular tools is going to be important for any instrumentation.”
  • 12. JEFF
  • 13. JEFF WILLIAMS “How do you feel about your visibility into the apps and other systems that you run?...What do you do to fill in the gaps and make it look up-to- date?”
  • 14. JONATHAN “What Neeta said earlier was not enough bandwidth. It’s true for every IT security shop that I’ve ever talked to or been a part of….You’re always going to be overwhelmed. You’re always going to be outnumbered.”
  • 15. JEFF “That strikes me as exactly what needs to happen…the security experts really need to get out of the way and enable the development teams to do these things for themselves with automation and guidance and training.”
  • 16. NEETA “I remember working at GE and having that- you’d have such a long time between when an application requirement came out and when it was released…at an agile environment, if you’re not there then you miss it and it’s kind of harder now to have that position.”
  • 17. JONATHAN “It’s actually the worst of all worlds if you miss it because…you either slow them down and they won’t come back, or you interrupt their process and they see you as incompetent….We risk becoming the proverbial dinosaur where we don’t have a place in the new world.”
  • 18. JEFF “Do you feel that’s the only pressure on security groups? The move to Agile and DevOps kinds of organizations? Or are there other things that are changing the way people do security or security information?”
  • 19. NEETA “I think there’s also a positive change. I think that application security is a pretty hot topic now, more than it was years ago, it’s more visible. We joke that we use security breaches as our leverage to convince teams to do more.”
  • 20. JEFF “I know we’ve broken out of the echo chamber when my mom calls and says, “What’s going on with this HeartBleed thing?”
  • 21. JEFF “I want to know: what are the key metrics that you want to know so you can sleep at night?”
  • 22. JONATHAN “A raw number of flaws in applications is a key metric for me.”
  • 23. JONATHAN “I would love to get down to the point where I can go to a specific developer and say, “You know, you’ve been making cross-site scripting errors since 2006. You’ve made it January here, you made it in March here, you made it in October here, I need to teach you something.”
  • 24. JONATHAN “If we can get to that point where the developers and development teams and outsourced development shops can accept the fact that security teams are here to make them better at their jobs…then I think it will gain more momentum.”
  • 25. NEETA “I think that any metrics that help us understand the progress, trending metrics, from point A to point B…I think that’s been really helpful for us to say to a team, ‘Congratulations!’”
  • 26. NEETA “On the educational side, vulnerabilities by technology so we can figure out, ‘What should we be training our teams on?’”