SlideShare a Scribd company logo

Contrast security’s influencers channel 1 live nation

Download as PPTX, PDF
David Neville
David Neville
TechnologyNews & Politics
1 of 27
CONTRAST SECURITY’S INFLUENCERS CHANNEL Episode One: Jonathan Chow and Neeta Manier Live Nation Entertainment
JEFF WILLIAMS “What’s the one thing that deeply bothers you about the way people practice application security today?
NEETA MANIER “…for me, it’s that we’re finding vulnerabilities that existed 10 years ago…we’re still not getting good at fixing [them].”
JONATHAN CHOW “I’ve been involved in part of an applications program here for 12 years now, and we’re still having developers creating the same flaws…so I think the education piece is what’s missing. We’ve got to stop making the same mistakes.”
JEFF WILLIAMS “I couldn’t agree more…I wrote the first version of the OWASP Top Ten in 2002, and it’s essentially the same stuff in there still after 12 years. It’s really not changing, so that’s a bit of a failure for the security industry.”
JEFF “How do you stay on top of your portfolio of applications, the developers writing new code, and new vulnerabilities coming out?”
JONATHAN “It’s almost a job unto itself….I try and maintain good relationships with our business partners…because in some cases they’ll go outside approved IT folks to get it done cheaper, faster, better. And that’s a primary driver for rogue work happening.”
NEETA “We’ve just hired what we call ‘Business Security Leaders’ so they’re our liaison….we’re just trying to make [security] more visible in those areas….we’re trying to empower the teams to do that better themselves.”
JEFF “Interesting. I like that. I’ve been studying the ways that industrial factories monitor their complex systems….What I’m wondering…It sounds like what you’re doing is like a human instrumentation where you’re gathering data through relationships with various teams.”
NEETA “I think it’s really important…scanning technology…and it’s important for that to be well integrated into the tools we already use. Any SDLC process, whether you’re doing QA or builds, trying to inject security into those particular tools is going to be important for any instrumentation.”
JONATHAN
JEFF
JEFF WILLIAMS “How do you feel about your visibility into the apps and other systems that you run?...What do you do to fill in the gaps and make it look up-to- date?”
JONATHAN “What Neeta said earlier was not enough bandwidth. It’s true for every IT security shop that I’ve ever talked to or been a part of….You’re always going to be overwhelmed. You’re always going to be outnumbered.”
JEFF “That strikes me as exactly what needs to happen…the security experts really need to get out of the way and enable the development teams to do these things for themselves with automation and guidance and training.”
NEETA “I remember working at GE and having that- you’d have such a long time between when an application requirement came out and when it was released…at an agile environment, if you’re not there then you miss it and it’s kind of harder now to have that position.”
JONATHAN “It’s actually the worst of all worlds if you miss it because…you either slow them down and they won’t come back, or you interrupt their process and they see you as incompetent….We risk becoming the proverbial dinosaur where we don’t have a place in the new world.”
JEFF “Do you feel that’s the only pressure on security groups? The move to Agile and DevOps kinds of organizations? Or are there other things that are changing the way people do security or security information?”
NEETA “I think there’s also a positive change. I think that application security is a pretty hot topic now, more than it was years ago, it’s more visible. We joke that we use security breaches as our leverage to convince teams to do more.”
JEFF “I know we’ve broken out of the echo chamber when my mom calls and says, “What’s going on with this HeartBleed thing?”
JEFF “I want to know: what are the key metrics that you want to know so you can sleep at night?”
JONATHAN “A raw number of flaws in applications is a key metric for me.”
JONATHAN “I would love to get down to the point where I can go to a specific developer and say, “You know, you’ve been making cross-site scripting errors since 2006. You’ve made it January here, you made it in March here, you made it in October here, I need to teach you something.”
JONATHAN “If we can get to that point where the developers and development teams and outsourced development shops can accept the fact that security teams are here to make them better at their jobs…then I think it will gain more momentum.”
NEETA “I think that any metrics that help us understand the progress, trending metrics, from point A to point B…I think that’s been really helpful for us to say to a team, ‘Congratulations!’”
NEETA “On the educational side, vulnerabilities by technology so we can figure out, ‘What should we be training our teams on?’”
JEFF WILLIAMS WITH JONATHAN CHOW AND NEETA MANIER

Recommended

Security Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentSecurity Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentContrast Security
 
Trusted Software Alliance
Trusted Software AllianceTrusted Software Alliance
Trusted Software AllianceEndUserSharePoint
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeContrast Security
 
Fortify technology
Fortify technologyFortify technology
Fortify technologyImad Nom de famille
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...Kevin Fealey
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 
Ensure Software Security already during development
Ensure Software Security already during developmentEnsure Software Security already during development
Ensure Software Security already during developmentIT Weekend
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community
 

Recommended

Security Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentSecurity Influencer's Channel Episode One: Live Nation Entertainment
Security Influencer's Channel Episode One: Live Nation EntertainmentContrast Security
 
Trusted Software Alliance
Trusted Software AllianceTrusted Software Alliance
Trusted Software AllianceEndUserSharePoint
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeContrast Security
 
Fortify technology
Fortify technologyFortify technology
Fortify technologyImad Nom de famille
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...Kevin Fealey
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 
Ensure Software Security already during development
Ensure Software Security already during developmentEnsure Software Security already during development
Ensure Software Security already during developmentIT Weekend
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community
 
Episode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSEpisode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSContrast Security
 
A Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaA Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaCerebrum Infotech
 
DevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDana Gardner
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfTravisMcPeak1
 
Episode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comEpisode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comContrast Security
 
Desktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookDesktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookCitrix
 
Desktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceDesktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceCitrix
 
From DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysFrom DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysOri Pekelman
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 
When Things Go Bump in the Night
When Things Go Bump in the NightWhen Things Go Bump in the Night
When Things Go Bump in the Nightahamilton55
 
Software Engineering Paper
Software Engineering PaperSoftware Engineering Paper
Software Engineering PaperLana Sorrels
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
KontikiMillennialGuide3
KontikiMillennialGuide3KontikiMillennialGuide3
KontikiMillennialGuide3Christine Kent
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure codeDJ Schleen
 
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...adamdeja
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfVisalThach1
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfVisalThach1
 
Adoption of online videos in organizations
Adoption of online videos in organizationsAdoption of online videos in organizations
Adoption of online videos in organizationsChristian Ruf
 
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Dana Gardner
 
You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012jadedsecurity
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

More Related Content

Similar to Contrast security’s influencers channel 1 live nation

Episode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSEpisode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSContrast Security
 
A Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaA Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaCerebrum Infotech
 
DevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDana Gardner
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfTravisMcPeak1
 
Episode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comEpisode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comContrast Security
 
Desktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookDesktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookCitrix
 
Desktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceDesktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceCitrix
 
From DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysFrom DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysOri Pekelman
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...Dana Gardner
 
When Things Go Bump in the Night
When Things Go Bump in the NightWhen Things Go Bump in the Night
When Things Go Bump in the Nightahamilton55
 
Software Engineering Paper
Software Engineering PaperSoftware Engineering Paper
Software Engineering PaperLana Sorrels
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsMagno Logan
 
KontikiMillennialGuide3
KontikiMillennialGuide3KontikiMillennialGuide3
KontikiMillennialGuide3Christine Kent
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure codeDJ Schleen
 
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...adamdeja
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfVisalThach1
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfVisalThach1
 
Adoption of online videos in organizations
Adoption of online videos in organizationsAdoption of online videos in organizations
Adoption of online videos in organizationsChristian Ruf
 
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Dana Gardner
 
You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012jadedsecurity
 

Similar to Contrast security’s influencers channel 1 live nation (20)

Episode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNSEpisode 3: Andrew Hay of OpenDNS
Episode 3: Andrew Hay of OpenDNS
 
A Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann MulondaA Tech Talks About DevOps Solution With Yann Mulonda
A Tech Talks About DevOps Solution With Yann Mulonda
 
DevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in HeavenDevOps and Security, a Match Made in Heaven
DevOps and Security, a Match Made in Heaven
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdf
 
Episode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.comEpisode 5 Justin Somaini of Box.com
Episode 5 Justin Somaini of Box.com
 
Desktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBookDesktop Virtualization Deployment Insights eBook
Desktop Virtualization Deployment Insights eBook
 
Desktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their adviceDesktop Virtualization Deployment Insights - 6 IT experts share their advice
Desktop Virtualization Deployment Insights - 6 IT experts share their advice
 
From DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed ApidaysFrom DevOps to NoOps how not to get Equifaxed Apidays
From DevOps to NoOps how not to get Equifaxed Apidays
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
 
When Things Go Bump in the Night
When Things Go Bump in the NightWhen Things Go Bump in the Night
When Things Go Bump in the Night
 
Software Engineering Paper
Software Engineering PaperSoftware Engineering Paper
Software Engineering Paper
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applications
 
KontikiMillennialGuide3
KontikiMillennialGuide3KontikiMillennialGuide3
KontikiMillennialGuide3
 
Why happier developers create more secure code
Why happier developers create more secure codeWhy happier developers create more secure code
Why happier developers create more secure code
 
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdf
 
IT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdfIT SPOTLIGHT - Ken M.pdf
IT SPOTLIGHT - Ken M.pdf
 
Adoption of online videos in organizations
Adoption of online videos in organizationsAdoption of online videos in organizations
Adoption of online videos in organizations
 
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...
 
You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012You Can't Buy Security - DerbyCon 2012
You Can't Buy Security - DerbyCon 2012
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Contrast security’s influencers channel 1 live nation

  • 1. CONTRAST SECURITY’S INFLUENCERS CHANNEL Episode One: Jonathan Chow and Neeta Manier Live Nation Entertainment
  • 2. JEFF WILLIAMS “What’s the one thing that deeply bothers you about the way people practice application security today?
  • 3. NEETA MANIER “…for me, it’s that we’re finding vulnerabilities that existed 10 years ago…we’re still not getting good at fixing [them].”
  • 4. JONATHAN CHOW “I’ve been involved in part of an applications program here for 12 years now, and we’re still having developers creating the same flaws…so I think the education piece is what’s missing. We’ve got to stop making the same mistakes.”
  • 5. JEFF WILLIAMS “I couldn’t agree more…I wrote the first version of the OWASP Top Ten in 2002, and it’s essentially the same stuff in there still after 12 years. It’s really not changing, so that’s a bit of a failure for the security industry.”
  • 6. JEFF “How do you stay on top of your portfolio of applications, the developers writing new code, and new vulnerabilities coming out?”
  • 7. JONATHAN “It’s almost a job unto itself….I try and maintain good relationships with our business partners…because in some cases they’ll go outside approved IT folks to get it done cheaper, faster, better. And that’s a primary driver for rogue work happening.”
  • 8. NEETA “We’ve just hired what we call ‘Business Security Leaders’ so they’re our liaison….we’re just trying to make [security] more visible in those areas….we’re trying to empower the teams to do that better themselves.”
  • 9. JEFF “Interesting. I like that. I’ve been studying the ways that industrial factories monitor their complex systems….What I’m wondering…It sounds like what you’re doing is like a human instrumentation where you’re gathering data through relationships with various teams.”
  • 10. NEETA “I think it’s really important…scanning technology…and it’s important for that to be well integrated into the tools we already use. Any SDLC process, whether you’re doing QA or builds, trying to inject security into those particular tools is going to be important for any instrumentation.”
  • 12. JEFF
  • 13. JEFF WILLIAMS “How do you feel about your visibility into the apps and other systems that you run?...What do you do to fill in the gaps and make it look up-to- date?”
  • 14. JONATHAN “What Neeta said earlier was not enough bandwidth. It’s true for every IT security shop that I’ve ever talked to or been a part of….You’re always going to be overwhelmed. You’re always going to be outnumbered.”
  • 15. JEFF “That strikes me as exactly what needs to happen…the security experts really need to get out of the way and enable the development teams to do these things for themselves with automation and guidance and training.”
  • 16. NEETA “I remember working at GE and having that- you’d have such a long time between when an application requirement came out and when it was released…at an agile environment, if you’re not there then you miss it and it’s kind of harder now to have that position.”
  • 17. JONATHAN “It’s actually the worst of all worlds if you miss it because…you either slow them down and they won’t come back, or you interrupt their process and they see you as incompetent….We risk becoming the proverbial dinosaur where we don’t have a place in the new world.”
  • 18. JEFF “Do you feel that’s the only pressure on security groups? The move to Agile and DevOps kinds of organizations? Or are there other things that are changing the way people do security or security information?”
  • 19. NEETA “I think there’s also a positive change. I think that application security is a pretty hot topic now, more than it was years ago, it’s more visible. We joke that we use security breaches as our leverage to convince teams to do more.”
  • 20. JEFF “I know we’ve broken out of the echo chamber when my mom calls and says, “What’s going on with this HeartBleed thing?”
  • 21. JEFF “I want to know: what are the key metrics that you want to know so you can sleep at night?”
  • 22. JONATHAN “A raw number of flaws in applications is a key metric for me.”
  • 23. JONATHAN “I would love to get down to the point where I can go to a specific developer and say, “You know, you’ve been making cross-site scripting errors since 2006. You’ve made it January here, you made it in March here, you made it in October here, I need to teach you something.”
  • 24. JONATHAN “If we can get to that point where the developers and development teams and outsourced development shops can accept the fact that security teams are here to make them better at their jobs…then I think it will gain more momentum.”
  • 25. NEETA “I think that any metrics that help us understand the progress, trending metrics, from point A to point B…I think that’s been really helpful for us to say to a team, ‘Congratulations!’”
  • 26. NEETA “On the educational side, vulnerabilities by technology so we can figure out, ‘What should we be training our teams on?’”