SlideShare a Scribd company logo

Episode 2 Bruce Brody of Cubic Cyber Solutions

Download as PPTX, PDF
Contrast Security
Contrast Security

In this episode, Jeff Williams interviews Bruce Brody of Cubic Solutions, a leading provider of specialized systems and services in the rapidly changing world of technology. They examine the relationship between federal cybersecurity rules and regulations, and how workforces can stay on top of educating their employees regarding the changing threatscape.

Technology
1 of 32
THE SECURITY INFLUENCER’S CHANNEL HOSTED BY JEFF WILLIAMS, CHIEF TECHNOLOGY OFFICER, CONTRAST SECURITY Episode Two: Bruce Brody, Cubic Cyber Solutions
JEFF WILLIAMS “How is application security different in the government sector versus the commercial sector?”
BRUCE BRODY “In the government sector, there’s a tremendous amount of interest in the security of an application when it comes to a variety of different operating environment…e.g. Classified vs Unclassified operating environments.”
BRUCE “If it’s going to be in a classified environment, then some very rigorous tests and evaluation need to occur before that application is approved…in unclassified environments, the application does have to withstand some scrutiny and some testing, but it’s not nearly as rigorous.”
JEFF WILLIAMS “I was under the impression that most applications had to get their code reviewed. Is that true for most application, or just a subset?”
BRUCE “Well, a subset operates specifically in very sensitive and classified environments. …an unclassified environment has to go through and Authority to Operate process…and that’s a little less scrutiny on the application and more on the system level performance.”
JEFF “Have you noticed a change in software development in government to more ad-hoc, DevOps-style software development?
BRUCE “Like all programs in government, the intent is there to move in that direction…there are some things going on with the Department of Homeland Security and across various agencies to put some good processes, some better processes, more agile processes in place. Those are moving along.”
JEFF “I’ve seen you’ve written that “there’s no longer any reasonable argument regarding whether or not continuous monitoring is the right move for federal departments and agencies. Why do you think continuous monitoring is so important?”
BRUCE “The government has long had an approach where periodic monitoring was okay [and] periodic scanning doesn’t give you the ability to take a look at a system that’s constantly changing and say if it’s as secure as when you originally authorized it to operate.”
BRUCE “You need to turn periodic into a continuous look at these systems, so that you know that the controls you have put in place to elevate the security level of the systems are continuously in place and operating accordingly.”
JEFF “If you want to actually do [application security] and keep things secure, you’ve got to be doing it continuously.”
BRUCE “It’s a 24/7, 365 kind of approach to security that will [cause] the overall security posture of the federal government to improve.”
JEFF “What about the expense of doing things continuously?”
BRUCE “Well, some people have argued that it takes a lot more money to do application security continuously. But if you do it right, continuous monitoring can actually save you money.”
BRUCE “You’re fixing things before they happen. You’re anticipating. You’re being proactive.”
JEFF “What do you think the effect of continuous security is on the culture of security within a large organization?”
BRUCE “Continuous monitoring puts you on proper footing when it comes to dealing with the risk management profile of an organization. … and when you’re operating on the continuous kind of mode, you’re operating in a mode that keeps everybody alert, awake, alive, and very well tuned-in to the kind of problems that need to be thwarted on a regular basis.”
JEFF “Let’s talk about enterprise-wide impacts on the cultural impact of continuous application security.”
BRUCE “The Department of Defense has actually put some fairly serious directives in place in terms of how to keep the workforce fresh and skilled. And those people who have specific cyber- security responsibilities must have a certain specific qualification.”
JEFF “Back [20 years ago] security was much more positive and driven from overall goals. In the last ten years, I think they’ve taken more of a negative approach to security, like, ‘We’ll pentest to find holes and then say something’s secure.’ How do you feel assurance has evolved?”
BRUCE “You’re right. Nowadays it seems to be about over-emphasizing problems. …the fact of the matter is, we have taken more of a serious kind of a danger approach to the problem these days.”
JEFF “Do you think we’ll every get back to the point when assurance is actually something people care about? I would say the only confidence we have in our systems, and particularly our software, is that they haven’t been hacked yet, which really is a weak assurance argument.”
BRUCE “At the corporate level, you’ll find that whether or not the board cares about security is kind of how it’s viewed across the corporate world. And that’s unfortunate, because very few board members haves security in their background unless it’s actually a security company.”
BRUCE “In the government, the only driver for being more secure is the last crisis that you had to deal with, and the heads that rolled in that crisis, and the processes and budget that was put in place as a result of that crisis.”
BRUCE “We’re always prepared to fight the war we just fought. We’re never prepared to fight the next war.”
JEFF “Yeah. That’s frustrating that we can’t see what’s coming, even in the face of staggering evidence of insecurity.”
JEFF “What are the key metrics you use to make sure you can sleep at night, particularly about your application security programs, but also as your program as a whole?”
BRUCE “What I want to know? I want to have the assurance that my business processes that I’m responsible for assuring, my mission that I’m responsible for delivering, that that mission has not been impeded or obstructed by something that I have some amount of control over.”
JEFF “Any final thoughts?”
BRUCE “We used to spend a lot of time on vulnerabilities, because we thought the more you reduced your vulnerabilities, the less of a target you became to the bad guys or to the threat. Nowadays, that problem has morphed into being threat aware. Threats are more dangerous and becoming more persistent.”
JEFF WILLIAMS WITH BRUCE BRODY

Recommended

Pdphe presso final
Pdphe presso finalPdphe presso final
Pdphe presso finalsamanthastalenberg
 
Secure Drupal, from start to finish (European Drupal Days 2015)
Secure Drupal, from start to finish (European Drupal Days 2015)Secure Drupal, from start to finish (European Drupal Days 2015)
Secure Drupal, from start to finish (European Drupal Days 2015)Eugenio Minardi
 
Hack and Tell - wtf is the core mobile divide
Hack and Tell - wtf is the core mobile divideHack and Tell - wtf is the core mobile divide
Hack and Tell - wtf is the core mobile dividePaul Blundell
 
Outsourcing Lab - Interview
Outsourcing Lab - Interview Outsourcing Lab - Interview
Outsourcing Lab - Interview Intertek35
 
Episode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comEpisode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comContrast Security
 
Technical university of ambato elemento uno
Technical university of ambato elemento unoTechnical university of ambato elemento uno
Technical university of ambato elemento unoCristian Xavi Valencia
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
 

Recommended

Pdphe presso final
Pdphe presso finalPdphe presso final
Pdphe presso finalsamanthastalenberg
 
Secure Drupal, from start to finish (European Drupal Days 2015)
Secure Drupal, from start to finish (European Drupal Days 2015)Secure Drupal, from start to finish (European Drupal Days 2015)
Secure Drupal, from start to finish (European Drupal Days 2015)Eugenio Minardi
 
Hack and Tell - wtf is the core mobile divide
Hack and Tell - wtf is the core mobile divideHack and Tell - wtf is the core mobile divide
Hack and Tell - wtf is the core mobile dividePaul Blundell
 
Outsourcing Lab - Interview
Outsourcing Lab - Interview Outsourcing Lab - Interview
Outsourcing Lab - Interview Intertek35
 
Episode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comEpisode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comContrast Security
 
Technical university of ambato elemento uno
Technical university of ambato elemento unoTechnical university of ambato elemento uno
Technical university of ambato elemento unoCristian Xavi Valencia
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008John Gilligan
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - HackersDendreon
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatChris Ross
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metricsAbhishek Sood
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeContrast Security
 
ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...Mighty Guides, Inc.
 
Contrast security’s influencers channel 1 live nation
Contrast security’s influencers channel 1 live nationContrast security’s influencers channel 1 live nation
Contrast security’s influencers channel 1 live nationDavid Neville
 
DevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDana Gardner
 
Coolest careers in Cyber Security
Coolest careers in Cyber SecurityCoolest careers in Cyber Security
Coolest careers in Cyber SecurityJasminaKadi1
 
Security integration Security Integ.docx
Security integration Security Integ.docxSecurity integration Security Integ.docx
Security integration Security Integ.docxkenjordan97598
 
Security Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentSecurity Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentContrast Security
 
Cybersecurity in 2016
Cybersecurity in 2016Cybersecurity in 2016
Cybersecurity in 2016Ben Finke
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Wendy Knox Everette
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity SurveyAdobe
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
Stepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceStepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceLarry McCraw
 
Safety Changer | QHSE solutions for professionals
Safety Changer | QHSE solutions for professionalsSafety Changer | QHSE solutions for professionals
Safety Changer | QHSE solutions for professionalsSafety Changer
 
GABRIEL_FINAL_RESEARCH_REPORT
GABRIEL_FINAL_RESEARCH_REPORTGABRIEL_FINAL_RESEARCH_REPORT
GABRIEL_FINAL_RESEARCH_REPORTGabriel Jr Matthew
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

More Related Content

Similar to Episode 2 Bruce Brody of Cubic Cyber Solutions

Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008John Gilligan
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - HackersDendreon
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatChris Ross
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metricsAbhishek Sood
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeContrast Security
 
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...Mighty Guides, Inc.
 
Contrast security’s influencers channel 1 live nation
Contrast security’s influencers channel 1 live nationContrast security’s influencers channel 1 live nation
Contrast security’s influencers channel 1 live nationDavid Neville
 
DevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDana Gardner
 
Coolest careers in Cyber Security
Coolest careers in Cyber SecurityCoolest careers in Cyber Security
Coolest careers in Cyber SecurityJasminaKadi1
 
Security integration Security Integ.docx
Security integration Security Integ.docxSecurity integration Security Integ.docx
Security integration Security Integ.docxkenjordan97598
 
Security Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentSecurity Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentContrast Security
 
Cybersecurity in 2016
Cybersecurity in 2016Cybersecurity in 2016
Cybersecurity in 2016Ben Finke
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Wendy Knox Everette
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity SurveyAdobe
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
Stepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceStepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceLarry McCraw
 
Safety Changer | QHSE solutions for professionals
Safety Changer | QHSE solutions for professionalsSafety Changer | QHSE solutions for professionals
Safety Changer | QHSE solutions for professionalsSafety Changer
 

Similar to Episode 2 Bruce Brody of Cubic Cyber Solutions (20)

Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - Hackers
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest Threat
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metrics
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of Sonatype
 
ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14
 
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
 
Contrast security’s influencers channel 1 live nation
Contrast security’s influencers channel 1 live nationContrast security’s influencers channel 1 live nation
Contrast security’s influencers channel 1 live nation
 
DevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in Heaven
 
Coolest careers in Cyber Security
Coolest careers in Cyber SecurityCoolest careers in Cyber Security
Coolest careers in Cyber Security
 
Security integration Security Integ.docx
Security integration Security Integ.docxSecurity integration Security Integ.docx
Security integration Security Integ.docx
 
Security Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentSecurity Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation Entertainment
 
Cybersecurity in 2016
Cybersecurity in 2016Cybersecurity in 2016
Cybersecurity in 2016
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
Stepping Up to Operational Safety Excellence
Stepping Up to Operational Safety ExcellenceStepping Up to Operational Safety Excellence
Stepping Up to Operational Safety Excellence
 
Safety Changer | QHSE solutions for professionals
Safety Changer | QHSE solutions for professionalsSafety Changer | QHSE solutions for professionals
Safety Changer | QHSE solutions for professionals
 
GABRIEL_FINAL_RESEARCH_REPORT
GABRIEL_FINAL_RESEARCH_REPORTGABRIEL_FINAL_RESEARCH_REPORT
GABRIEL_FINAL_RESEARCH_REPORT
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingSelcen Ozturkcan
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
 

Episode 2 Bruce Brody of Cubic Cyber Solutions

  • 1. THE SECURITY INFLUENCER’S CHANNEL HOSTED BY JEFF WILLIAMS, CHIEF TECHNOLOGY OFFICER, CONTRAST SECURITY Episode Two: Bruce Brody, Cubic Cyber Solutions
  • 2. JEFF WILLIAMS “How is application security different in the government sector versus the commercial sector?”
  • 3. BRUCE BRODY “In the government sector, there’s a tremendous amount of interest in the security of an application when it comes to a variety of different operating environment…e.g. Classified vs Unclassified operating environments.”
  • 4. BRUCE “If it’s going to be in a classified environment, then some very rigorous tests and evaluation need to occur before that application is approved…in unclassified environments, the application does have to withstand some scrutiny and some testing, but it’s not nearly as rigorous.”
  • 5. JEFF WILLIAMS “I was under the impression that most applications had to get their code reviewed. Is that true for most application, or just a subset?”
  • 6. BRUCE “Well, a subset operates specifically in very sensitive and classified environments. …an unclassified environment has to go through and Authority to Operate process…and that’s a little less scrutiny on the application and more on the system level performance.”
  • 7. JEFF “Have you noticed a change in software development in government to more ad-hoc, DevOps-style software development?
  • 8. BRUCE “Like all programs in government, the intent is there to move in that direction…there are some things going on with the Department of Homeland Security and across various agencies to put some good processes, some better processes, more agile processes in place. Those are moving along.”
  • 9. JEFF “I’ve seen you’ve written that “there’s no longer any reasonable argument regarding whether or not continuous monitoring is the right move for federal departments and agencies. Why do you think continuous monitoring is so important?”
  • 10. BRUCE “The government has long had an approach where periodic monitoring was okay [and] periodic scanning doesn’t give you the ability to take a look at a system that’s constantly changing and say if it’s as secure as when you originally authorized it to operate.”
  • 11. BRUCE “You need to turn periodic into a continuous look at these systems, so that you know that the controls you have put in place to elevate the security level of the systems are continuously in place and operating accordingly.”
  • 12. JEFF “If you want to actually do [application security] and keep things secure, you’ve got to be doing it continuously.”
  • 13. BRUCE “It’s a 24/7, 365 kind of approach to security that will [cause] the overall security posture of the federal government to improve.”
  • 14. JEFF “What about the expense of doing things continuously?”
  • 15. BRUCE “Well, some people have argued that it takes a lot more money to do application security continuously. But if you do it right, continuous monitoring can actually save you money.”
  • 16. BRUCE “You’re fixing things before they happen. You’re anticipating. You’re being proactive.”
  • 17. JEFF “What do you think the effect of continuous security is on the culture of security within a large organization?”
  • 18. BRUCE “Continuous monitoring puts you on proper footing when it comes to dealing with the risk management profile of an organization. … and when you’re operating on the continuous kind of mode, you’re operating in a mode that keeps everybody alert, awake, alive, and very well tuned-in to the kind of problems that need to be thwarted on a regular basis.”
  • 19. JEFF “Let’s talk about enterprise-wide impacts on the cultural impact of continuous application security.”
  • 20. BRUCE “The Department of Defense has actually put some fairly serious directives in place in terms of how to keep the workforce fresh and skilled. And those people who have specific cyber- security responsibilities must have a certain specific qualification.”
  • 21. JEFF “Back [20 years ago] security was much more positive and driven from overall goals. In the last ten years, I think they’ve taken more of a negative approach to security, like, ‘We’ll pentest to find holes and then say something’s secure.’ How do you feel assurance has evolved?”
  • 22. BRUCE “You’re right. Nowadays it seems to be about over-emphasizing problems. …the fact of the matter is, we have taken more of a serious kind of a danger approach to the problem these days.”
  • 23. JEFF “Do you think we’ll every get back to the point when assurance is actually something people care about? I would say the only confidence we have in our systems, and particularly our software, is that they haven’t been hacked yet, which really is a weak assurance argument.”
  • 24. BRUCE “At the corporate level, you’ll find that whether or not the board cares about security is kind of how it’s viewed across the corporate world. And that’s unfortunate, because very few board members haves security in their background unless it’s actually a security company.”
  • 25. BRUCE “In the government, the only driver for being more secure is the last crisis that you had to deal with, and the heads that rolled in that crisis, and the processes and budget that was put in place as a result of that crisis.”
  • 26. BRUCE “We’re always prepared to fight the war we just fought. We’re never prepared to fight the next war.”
  • 27. JEFF “Yeah. That’s frustrating that we can’t see what’s coming, even in the face of staggering evidence of insecurity.”
  • 28. JEFF “What are the key metrics you use to make sure you can sleep at night, particularly about your application security programs, but also as your program as a whole?”
  • 29. BRUCE “What I want to know? I want to have the assurance that my business processes that I’m responsible for assuring, my mission that I’m responsible for delivering, that that mission has not been impeded or obstructed by something that I have some amount of control over.”
  • 31. BRUCE “We used to spend a lot of time on vulnerabilities, because we thought the more you reduced your vulnerabilities, the less of a target you became to the bad guys or to the threat. Nowadays, that problem has morphed into being threat aware. Threats are more dangerous and becoming more persistent.”