SlideShare a Scribd company logo
1 of 21
Can Security and Agility 
Co-Exist? 
Arizona Technology Summit 2014 
Scott Carlson – PayPal – September 17, 2014 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
26 
CURRENCIES SUPPORTED 
152M 
ACTIVE REGISTERED ACCOUNTS 
203 
MARKETS OFFER PAYPAL 
80 
LOCALIZED MARKETING SITES 
GLOBALLY 
EUROPEAN UNION 
EURO 
AUSTRALIAN 
DOLLAR 
CANADIAN 
DOLLAR 
NEW ZEALAND 
DOLLAR 
HUNGARIAN 
FORINT 
MALAYSIAN 
RINGGIT 
UNITED KINGDOM 
POUNDS STERLING 
HONG KONG 
DOLLAR 
UNITED STATES 
DOLLAR 
TAIWAN 
NEW DOLLAR 
CHINESE 
RMB 
SWEDISH 
KRONA 
SINGAPORE 
DOLLAR 
PHILIPPINE 
PESO 
BRAZILIAN 
REAL 
RUSSIAN 
RUBLE 
NORWEGIAN 
KRONE 
JAPANESE 
YEN 
MEXICAN 
PESO 
TURKISH 
LIRA 
SWISS 
FRANC 
CZECH 
KORUNA 
ISRAELI 
NEW SHEKEL 
DANISH 
KRONE 
THAI 
BAHT 
POLISH 
ZLOTY
Q2 2014 Results 
$1.95B 
Revenue 
152M 
Tot2a0l% YoY 
850M 
Total 
$Transactions 
55B 
$40.4B Merchant Services Payment 
$14.7B 
Volume 35% YoY 
Active 
Accounts 
Net Total 
PVoalyummeent 29% YoY 
Marketplaces Payment 
Volume
Compliant with PCI-DSS 2.0 Standards 
Compliant with local country regulations 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 
4 
Compliance Statement: http://www.visa.com/splisting/viewSPDetail.do?coName=PayPal
secure In safe custody or keeping 
assured; sure; certain; free from or 
not exposed to danger or harm; safe. 
agile quick and well-coordinated in 
movement; marked by an ability to 
think quickly; intellectual acuity 
http://www.dictionary.com 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 5
@ http://xkcd.com used with permission under Creative commons License 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 6
secure 
In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 
7 
prevent Be patched, be compliant, be 
hardened, be layered, don’t let data 
leave your network 
detect Log it all; parse it all; sesame street 
logic; leave no stone unturned 
respond Quarantine; active defense; mitigate; high 
priority patches; bug fixes; block ports; kill 
data streams; sever connections
@ http://xkcd.com used with permission under Creative commons License 
“Cyber Attack” 
http://www.digitalattackmap.com 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 8
“Cyber Attack” 
http://www.digitalattackmap.com 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 9
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 10
http://hackmageddon.com/2014/07/07/june-2014-cyber-attacks-statistics/ 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 11
http://www.geekherocomic.com used with permission under Creative commons License 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 12
agile 
quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 
13 
wash Consider everything dirty; examine it; 
spray the bad parts; clean it; use 
machines to do the dirty work 
rinse Run traffic over it; verify assumptions; 
send it back to the wash if needed; 
deliver to customer; use it yourself 
repeat Check you work; check new versions; talk 
to new people; find all of the new and 
exciting ways people are doing things
http://www.lynnecazaly.com - used with permission 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 14
@ http://xkcd.com used with permission under Creative commons License 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 15
Compliant 
≠ 
Secure 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 16
Agile 
≠ 
Risky 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 17
Secure is not 
a permanent 
state 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 18
Security can not work 
effectively unless you 
have Agility 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 19
debate… decide…deliver 
secure 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 20
For more information, please contact: 
Scott Carlson 
@relaxed137 
sccarlson@paypal.com 
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

More Related Content

Similar to Can Security & Agility Co-Exist

PayPal couchbase 2014
PayPal couchbase 2014PayPal couchbase 2014
PayPal couchbase 2014Anil Madan
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitTripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitRippleshot
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleAgile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleENSIBS
 
Building Saas for the Enterprise
Building Saas for the EnterpriseBuilding Saas for the Enterprise
Building Saas for the EnterpriseBeau Christensen
 
Omnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish itOmnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish itParadyszPMDigital
 
Spillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdfSpillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdfIvoDeGroot2
 
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014ArabNet ME
 
Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]SAP Ariba
 
Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]SAP Ariba
 
Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]SAP Ariba
 
Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]SAP Ariba
 
Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]SAP Ariba
 
Collusion Detection using Spark on YARN
Collusion Detection using Spark on YARNCollusion Detection using Spark on YARN
Collusion Detection using Spark on YARNDataWorks Summit
 
Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...CA Technologies
 
Don't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound SpamDon't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound SpamCyren, Inc
 
Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]SAP Ariba
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseCyren, Inc
 
PayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris MiliotisPayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris MiliotisAtcom SA
 

Similar to Can Security & Agility Co-Exist (20)

PayPal couchbase 2014
PayPal couchbase 2014PayPal couchbase 2014
PayPal couchbase 2014
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
 
Les 7 péchés agiles
Les 7 péchés agilesLes 7 péchés agiles
Les 7 péchés agiles
 
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitTripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleAgile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
 
Building Saas for the Enterprise
Building Saas for the EnterpriseBuilding Saas for the Enterprise
Building Saas for the Enterprise
 
Omnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish itOmnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish it
 
Spillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdfSpillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdf
 
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
 
Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]
 
Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]
 
Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]
 
Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]
 
Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]
 
Collusion Detection using Spark on YARN
Collusion Detection using Spark on YARNCollusion Detection using Spark on YARN
Collusion Detection using Spark on YARN
 
Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...
 
Don't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound SpamDon't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound Spam
 
Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
 
PayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris MiliotisPayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris Miliotis
 

More from Scott Carlson

What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?Scott Carlson
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?Scott Carlson
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016 Scott Carlson
 
Trust But Control: Managing Privileges without killing productivity
Trust But Control:  Managing Privileges without killing productivityTrust But Control:  Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityScott Carlson
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityScott Carlson
 
RSA 2016 Realities of Data Security
RSA 2016 Realities of Data SecurityRSA 2016 Realities of Data Security
RSA 2016 Realities of Data SecurityScott Carlson
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant?  OpenStack SecurityWill Your Cloud Be Compliant?  OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityScott Carlson
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterInterop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterScott Carlson
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
HP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo GroupHP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo GroupScott Carlson
 
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Scott Carlson
 
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesMcAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesScott Carlson
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Scott Carlson
 
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013Scott Carlson
 

More from Scott Carlson (15)

What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016
 
Trust But Control: Managing Privileges without killing productivity
Trust But Control:  Managing Privileges without killing productivityTrust But Control:  Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivity
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud Security
 
RSA 2016 Realities of Data Security
RSA 2016 Realities of Data SecurityRSA 2016 Realities of Data Security
RSA 2016 Realities of Data Security
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant?  OpenStack SecurityWill Your Cloud Be Compliant?  OpenStack Security
Will Your Cloud Be Compliant? OpenStack Security
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterInterop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
 
HP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo GroupHP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo Group
 
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
 
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesMcAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
 
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
 

Recently uploaded

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Can Security & Agility Co-Exist

  • 1. Can Security and Agility Co-Exist? Arizona Technology Summit 2014 Scott Carlson – PayPal – September 17, 2014 © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
  • 2. 26 CURRENCIES SUPPORTED 152M ACTIVE REGISTERED ACCOUNTS 203 MARKETS OFFER PAYPAL 80 LOCALIZED MARKETING SITES GLOBALLY EUROPEAN UNION EURO AUSTRALIAN DOLLAR CANADIAN DOLLAR NEW ZEALAND DOLLAR HUNGARIAN FORINT MALAYSIAN RINGGIT UNITED KINGDOM POUNDS STERLING HONG KONG DOLLAR UNITED STATES DOLLAR TAIWAN NEW DOLLAR CHINESE RMB SWEDISH KRONA SINGAPORE DOLLAR PHILIPPINE PESO BRAZILIAN REAL RUSSIAN RUBLE NORWEGIAN KRONE JAPANESE YEN MEXICAN PESO TURKISH LIRA SWISS FRANC CZECH KORUNA ISRAELI NEW SHEKEL DANISH KRONE THAI BAHT POLISH ZLOTY
  • 3. Q2 2014 Results $1.95B Revenue 152M Tot2a0l% YoY 850M Total $Transactions 55B $40.4B Merchant Services Payment $14.7B Volume 35% YoY Active Accounts Net Total PVoalyummeent 29% YoY Marketplaces Payment Volume
  • 4. Compliant with PCI-DSS 2.0 Standards Compliant with local country regulations © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 4 Compliance Statement: http://www.visa.com/splisting/viewSPDetail.do?coName=PayPal
  • 5. secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity http://www.dictionary.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 5
  • 6. @ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 6
  • 7. secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 7 prevent Be patched, be compliant, be hardened, be layered, don’t let data leave your network detect Log it all; parse it all; sesame street logic; leave no stone unturned respond Quarantine; active defense; mitigate; high priority patches; bug fixes; block ports; kill data streams; sever connections
  • 8. @ http://xkcd.com used with permission under Creative commons License “Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 8
  • 9. “Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 9
  • 10. © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 10
  • 11. http://hackmageddon.com/2014/07/07/june-2014-cyber-attacks-statistics/ © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 11
  • 12. http://www.geekherocomic.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 12
  • 13. agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 13 wash Consider everything dirty; examine it; spray the bad parts; clean it; use machines to do the dirty work rinse Run traffic over it; verify assumptions; send it back to the wash if needed; deliver to customer; use it yourself repeat Check you work; check new versions; talk to new people; find all of the new and exciting ways people are doing things
  • 14. http://www.lynnecazaly.com - used with permission © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 14
  • 15. @ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 15
  • 16. Compliant ≠ Secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 16
  • 17. Agile ≠ Risky © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 17
  • 18. Secure is not a permanent state © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 18
  • 19. Security can not work effectively unless you have Agility © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 19
  • 20. debate… decide…deliver secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 20
  • 21. For more information, please contact: Scott Carlson @relaxed137 sccarlson@paypal.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

Editor's Notes

  1. PayPal is a world leader in payments With 203 markets and 26 currencies, we must think globally, we must think about product, we must think about our customers Any part of any of these countries could have an ongoing security issue at any time That matters to us That matters to any global company That should matter to you This is not a local economy, the internet is not local And if you have an internet presence you need to care that everything Is connected across the world
  2. Talk for a few minutes about the transactions, merchants, accounts What does it mean to have transactions impacted What should it mean to have more accounts 8.5 million transactions impacted if 1% have a problem 850,000 .1% 85,000 .01% 8,500 .001%
  3. PCI and local regulations drive much of our decision making This is a worldwide standard that drives a significant amount of security, compliance, and security Just because you are PCI compliant though, does not mean that you are protected against every threat PCI is a baseline, it is a starting point But it is not the final solution to solve every problem, in every situation, in every location
  4. Now to the Primary discussion today Can Security and Agility exist Break down the words Talk about the history of what secure meant In the security community it meant locked down tight, default deny, default entry, no access. Then go from there Not exposed to danger is a big one Agile use to be the antithesis of historic security Agile you need think quick, decide quick,
  5. Building things with ultimate security might not protect you in all situations