SlideShare a Scribd company logo

Can Security & Agility Co-Exist

Download as PPTX, PDF
Scott Carlson
Scott Carlson

Can Security & Agility Co-Exist Presentation given at the 2014 Arizona Technology Summit by Scott Carlson, PayPal @relaxed137

Technology
1 of 21
Can Security and Agility Co-Exist? Arizona Technology Summit 2014 Scott Carlson – PayPal – September 17, 2014 © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
26 CURRENCIES SUPPORTED 152M ACTIVE REGISTERED ACCOUNTS 203 MARKETS OFFER PAYPAL 80 LOCALIZED MARKETING SITES GLOBALLY EUROPEAN UNION EURO AUSTRALIAN DOLLAR CANADIAN DOLLAR NEW ZEALAND DOLLAR HUNGARIAN FORINT MALAYSIAN RINGGIT UNITED KINGDOM POUNDS STERLING HONG KONG DOLLAR UNITED STATES DOLLAR TAIWAN NEW DOLLAR CHINESE RMB SWEDISH KRONA SINGAPORE DOLLAR PHILIPPINE PESO BRAZILIAN REAL RUSSIAN RUBLE NORWEGIAN KRONE JAPANESE YEN MEXICAN PESO TURKISH LIRA SWISS FRANC CZECH KORUNA ISRAELI NEW SHEKEL DANISH KRONE THAI BAHT POLISH ZLOTY
Q2 2014 Results $1.95B Revenue 152M Tot2a0l% YoY 850M Total $Transactions 55B $40.4B Merchant Services Payment $14.7B Volume 35% YoY Active Accounts Net Total PVoalyummeent 29% YoY Marketplaces Payment Volume
Compliant with PCI-DSS 2.0 Standards Compliant with local country regulations © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 4 Compliance Statement: http://www.visa.com/splisting/viewSPDetail.do?coName=PayPal
secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity http://www.dictionary.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 5
@ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 6
secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 7 prevent Be patched, be compliant, be hardened, be layered, don’t let data leave your network detect Log it all; parse it all; sesame street logic; leave no stone unturned respond Quarantine; active defense; mitigate; high priority patches; bug fixes; block ports; kill data streams; sever connections
@ http://xkcd.com used with permission under Creative commons License “Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 8
“Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 9
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 10
http://hackmageddon.com/2014/07/07/june-2014-cyber-attacks-statistics/ © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 11
http://www.geekherocomic.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 12
agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 13 wash Consider everything dirty; examine it; spray the bad parts; clean it; use machines to do the dirty work rinse Run traffic over it; verify assumptions; send it back to the wash if needed; deliver to customer; use it yourself repeat Check you work; check new versions; talk to new people; find all of the new and exciting ways people are doing things
http://www.lynnecazaly.com - used with permission © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 14
@ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 15
Compliant ≠ Secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 16
Agile ≠ Risky © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 17
Secure is not a permanent state © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 18
Security can not work effectively unless you have Agility © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 19
debate… decide…deliver secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 20
For more information, please contact: Scott Carlson @relaxed137 sccarlson@paypal.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

Recommended

Information Security - is it everyone's job?
Information Security - is it everyone's job? Information Security - is it everyone's job?
Information Security - is it everyone's job? Brian A. Johnson
 
Privacy e recupero crediti il vademecum
Privacy e recupero crediti il vademecumPrivacy e recupero crediti il vademecum
Privacy e recupero crediti il vademecumat MicroFocus Italy ❖✔
 
Marketing Planning Tutorial
Marketing Planning TutorialMarketing Planning Tutorial
Marketing Planning TutorialDWS Associates
 
Mobile Is Eating the World (2016)
Mobile Is Eating the World (2016)Mobile Is Eating the World (2016)
Mobile Is Eating the World (2016)a16z
 
Crowdfunding with PayPal
Crowdfunding with PayPalCrowdfunding with PayPal
Crowdfunding with PayPalAlberto López Martín
 
PayPal vision executing in Greece- Ganna Yevtushenko
PayPal vision executing in Greece- Ganna YevtushenkoPayPal vision executing in Greece- Ganna Yevtushenko
PayPal vision executing in Greece- Ganna YevtushenkoAtcom SA
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 

Recommended

Information Security - is it everyone's job?
Information Security - is it everyone's job? Information Security - is it everyone's job?
Information Security - is it everyone's job? Brian A. Johnson
 
Privacy e recupero crediti il vademecum
Privacy e recupero crediti il vademecumPrivacy e recupero crediti il vademecum
Privacy e recupero crediti il vademecumat MicroFocus Italy ❖✔
 
Marketing Planning Tutorial
Marketing Planning TutorialMarketing Planning Tutorial
Marketing Planning TutorialDWS Associates
 
Mobile Is Eating the World (2016)
Mobile Is Eating the World (2016)Mobile Is Eating the World (2016)
Mobile Is Eating the World (2016)a16z
 
Crowdfunding with PayPal
Crowdfunding with PayPalCrowdfunding with PayPal
Crowdfunding with PayPalAlberto López Martín
 
PayPal vision executing in Greece- Ganna Yevtushenko
PayPal vision executing in Greece- Ganna YevtushenkoPayPal vision executing in Greece- Ganna Yevtushenko
PayPal vision executing in Greece- Ganna YevtushenkoAtcom SA
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
PayPal couchbase 2014
PayPal couchbase 2014PayPal couchbase 2014
PayPal couchbase 2014Anil Madan
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
Les 7 péchés agiles
Les 7 péchés agilesLes 7 péchés agiles
Les 7 péchés agilesVirgile Delécolle
 
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitTripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitRippleshot
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleAgile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleENSIBS
 
Building Saas for the Enterprise
Building Saas for the EnterpriseBuilding Saas for the Enterprise
Building Saas for the EnterpriseBeau Christensen
 
Omnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish itOmnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish itParadyszPMDigital
 
Spillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdfSpillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdfIvoDeGroot2
 
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014ArabNet ME
 
Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]SAP Ariba
 
Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]SAP Ariba
 
Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]SAP Ariba
 
Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]SAP Ariba
 
Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]SAP Ariba
 
Collusion Detection using Spark on YARN
Collusion Detection using Spark on YARNCollusion Detection using Spark on YARN
Collusion Detection using Spark on YARNDataWorks Summit
 
Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...CA Technologies
 
Don't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound SpamDon't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound SpamCyren, Inc
 
Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]SAP Ariba
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseCyren, Inc
 
PayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris MiliotisPayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris MiliotisAtcom SA
 
What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?Scott Carlson
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?Scott Carlson
 

More Related Content

Similar to Can Security & Agility Co-Exist

PayPal couchbase 2014
PayPal couchbase 2014PayPal couchbase 2014
PayPal couchbase 2014Anil Madan
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitTripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitRippleshot
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleAgile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleENSIBS
 
Building Saas for the Enterprise
Building Saas for the EnterpriseBuilding Saas for the Enterprise
Building Saas for the EnterpriseBeau Christensen
 
Omnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish itOmnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish itParadyszPMDigital
 
Spillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdfSpillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdfIvoDeGroot2
 
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014ArabNet ME
 
Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]SAP Ariba
 
Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]SAP Ariba
 
Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]SAP Ariba
 
Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]SAP Ariba
 
Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]SAP Ariba
 
Collusion Detection using Spark on YARN
Collusion Detection using Spark on YARNCollusion Detection using Spark on YARN
Collusion Detection using Spark on YARNDataWorks Summit
 
Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...CA Technologies
 
Don't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound SpamDon't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound SpamCyren, Inc
 
Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]SAP Ariba
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseCyren, Inc
 
PayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris MiliotisPayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris MiliotisAtcom SA
 

Similar to Can Security & Agility Co-Exist (20)

PayPal couchbase 2014
PayPal couchbase 2014PayPal couchbase 2014
PayPal couchbase 2014
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
 
Les 7 péchés agiles
Les 7 péchés agilesLes 7 péchés agiles
Les 7 péchés agiles
 
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitTripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleAgile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
 
Building Saas for the Enterprise
Building Saas for the EnterpriseBuilding Saas for the Enterprise
Building Saas for the Enterprise
 
Omnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish itOmnichannel Marketing: What it means and how to accomplish it
Omnichannel Marketing: What it means and how to accomplish it
 
Spillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdfSpillways-Pitchdeck-v14_230410_221158.pdf
Spillways-Pitchdeck-v14_230410_221158.pdf
 
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
 
Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]Executive Welcome with CMO Tim Minahan [San Mateo]
Executive Welcome with CMO Tim Minahan [San Mateo]
 
Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]Executive Welcome with VP Alex Saric [Paris]
Executive Welcome with VP Alex Saric [Paris]
 
Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]Executive Welcome with VP Alex Saric [Amsterdam]
Executive Welcome with VP Alex Saric [Amsterdam]
 
Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]Executive Welcome with CMO Tim Minahan [Chicago]
Executive Welcome with CMO Tim Minahan [Chicago]
 
Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]Executive Welcome with CMO Tim Minahan [New York City]
Executive Welcome with CMO Tim Minahan [New York City]
 
Collusion Detection using Spark on YARN
Collusion Detection using Spark on YARNCollusion Detection using Spark on YARN
Collusion Detection using Spark on YARN
 
Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...Continuous Delivery - The ING Story: Improving time to market with DevOps and...
Continuous Delivery - The ING Story: Improving time to market with DevOps and...
 
Don't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound SpamDon't Risk the Blacklist - Stop Outbound Spam
Don't Risk the Blacklist - Stop Outbound Spam
 
Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]Executive Welcome with CMO Tim Minahan [Boston]
Executive Welcome with CMO Tim Minahan [Boston]
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
 
PayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris MiliotisPayPal benefits for sellers- Dimitris Miliotis
PayPal benefits for sellers- Dimitris Miliotis
 

More from Scott Carlson

What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?Scott Carlson
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?Scott Carlson
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016 Scott Carlson
 
Trust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityTrust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityScott Carlson
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityScott Carlson
 
RSA 2016 Realities of Data Security
RSA 2016 Realities of Data SecurityRSA 2016 Realities of Data Security
RSA 2016 Realities of Data SecurityScott Carlson
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityWill Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityScott Carlson
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterInterop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterScott Carlson
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
HP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo GroupHP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo GroupScott Carlson
 
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Scott Carlson
 
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesMcAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesScott Carlson
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Scott Carlson
 
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013Scott Carlson
 

More from Scott Carlson (15)

What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?What are Blockchain & Tokens and are they useful ?
What are Blockchain & Tokens and are they useful ?
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
DCD Converged Brazil 2016
DCD Converged Brazil 2016 DCD Converged Brazil 2016
DCD Converged Brazil 2016
 
Trust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityTrust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivity
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud Security
 
RSA 2016 Realities of Data Security
RSA 2016 Realities of Data SecurityRSA 2016 Realities of Data Security
RSA 2016 Realities of Data Security
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityWill Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack Security
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterInterop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
 
HP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo GroupHP Enterprise Security Customer Case Study - Apollo Group
HP Enterprise Security Customer Case Study - Apollo Group
 
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
 
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile DevicesMcAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
 
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 

Can Security & Agility Co-Exist

  • 1. Can Security and Agility Co-Exist? Arizona Technology Summit 2014 Scott Carlson – PayPal – September 17, 2014 © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
  • 2. 26 CURRENCIES SUPPORTED 152M ACTIVE REGISTERED ACCOUNTS 203 MARKETS OFFER PAYPAL 80 LOCALIZED MARKETING SITES GLOBALLY EUROPEAN UNION EURO AUSTRALIAN DOLLAR CANADIAN DOLLAR NEW ZEALAND DOLLAR HUNGARIAN FORINT MALAYSIAN RINGGIT UNITED KINGDOM POUNDS STERLING HONG KONG DOLLAR UNITED STATES DOLLAR TAIWAN NEW DOLLAR CHINESE RMB SWEDISH KRONA SINGAPORE DOLLAR PHILIPPINE PESO BRAZILIAN REAL RUSSIAN RUBLE NORWEGIAN KRONE JAPANESE YEN MEXICAN PESO TURKISH LIRA SWISS FRANC CZECH KORUNA ISRAELI NEW SHEKEL DANISH KRONE THAI BAHT POLISH ZLOTY
  • 3. Q2 2014 Results $1.95B Revenue 152M Tot2a0l% YoY 850M Total $Transactions 55B $40.4B Merchant Services Payment $14.7B Volume 35% YoY Active Accounts Net Total PVoalyummeent 29% YoY Marketplaces Payment Volume
  • 4. Compliant with PCI-DSS 2.0 Standards Compliant with local country regulations © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 4 Compliance Statement: http://www.visa.com/splisting/viewSPDetail.do?coName=PayPal
  • 5. secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity http://www.dictionary.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 5
  • 6. @ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 6
  • 7. secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 7 prevent Be patched, be compliant, be hardened, be layered, don’t let data leave your network detect Log it all; parse it all; sesame street logic; leave no stone unturned respond Quarantine; active defense; mitigate; high priority patches; bug fixes; block ports; kill data streams; sever connections
  • 8. @ http://xkcd.com used with permission under Creative commons License “Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 8
  • 9. “Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 9
  • 10. © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 10
  • 11. http://hackmageddon.com/2014/07/07/june-2014-cyber-attacks-statistics/ © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 11
  • 12. http://www.geekherocomic.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 12
  • 13. agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 13 wash Consider everything dirty; examine it; spray the bad parts; clean it; use machines to do the dirty work rinse Run traffic over it; verify assumptions; send it back to the wash if needed; deliver to customer; use it yourself repeat Check you work; check new versions; talk to new people; find all of the new and exciting ways people are doing things
  • 14. http://www.lynnecazaly.com - used with permission © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 14
  • 15. @ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 15
  • 16. Compliant ≠ Secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 16
  • 17. Agile ≠ Risky © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 17
  • 18. Secure is not a permanent state © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 18
  • 19. Security can not work effectively unless you have Agility © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 19
  • 20. debate… decide…deliver secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 20
  • 21. For more information, please contact: Scott Carlson @relaxed137 sccarlson@paypal.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

Editor's Notes

  1. PayPal is a world leader in payments With 203 markets and 26 currencies, we must think globally, we must think about product, we must think about our customers Any part of any of these countries could have an ongoing security issue at any time That matters to us That matters to any global company That should matter to you This is not a local economy, the internet is not local And if you have an internet presence you need to care that everything Is connected across the world
  2. Talk for a few minutes about the transactions, merchants, accounts What does it mean to have transactions impacted What should it mean to have more accounts 8.5 million transactions impacted if 1% have a problem 850,000 .1% 85,000 .01% 8,500 .001%
  3. PCI and local regulations drive much of our decision making This is a worldwide standard that drives a significant amount of security, compliance, and security Just because you are PCI compliant though, does not mean that you are protected against every threat PCI is a baseline, it is a starting point But it is not the final solution to solve every problem, in every situation, in every location
  4. Now to the Primary discussion today Can Security and Agility exist Break down the words Talk about the history of what secure meant In the security community it meant locked down tight, default deny, default entry, no access. Then go from there Not exposed to danger is a big one Agile use to be the antithesis of historic security Agile you need think quick, decide quick,
  5. Building things with ultimate security might not protect you in all situations