The Chief Financial Officer (CFO) plays a critical role in Enterprise Security - but rarely gets a direct glimpse at some of the challenges, and no-frills realities of the challenge of defending an enterprise. This talk provides 5 key take-aways for CFOs.
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
These are the talk slides from ISSA International - discussing the need to reboot Enterprise Security to facilitate better defensibility, more intelligent security, and better operational capabilities.
When it comes to intrusions and breaches, most security teams take a short-game view. This means that they look at events as discrete and individual and focus efforts on short-term goals. While not universally detrimental, this view does harm the overall security of an organization in the "long game”. Additionally, “active defense” has been hopelessly confused by marketing hype even though its meaning is powerful to security’s operational goals.
This talk focuses on how enterprise security defenders can adjust their mindset, refocus, and beat adversaries by leveraging active defense over the long game. The basis of this talk is the extensive research done in support of the threat intelligence solution blueprint, a comprehensive guide to understanding, architecting, operationalizing and maturing a threat intelligence program.
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
Security intelligence is only worthwhile if a relevant piece of information is obtained and analyzed in a timely manner and able to aide a rapid decision-making process to mitigate an imminent threat – this capability is part of the new school security approach of Detect, Respond, Resolve with greater efficiency and speed which all enterprises should be benefiting from.
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
The document discusses operationalizing security intelligence for mid-market companies. It defines security intelligence as the collective activities and artifacts that enable intelligence-driven security decisions. It outlines the key requirements for security intelligence as high-quality internal and external data, well-defined internal processes, qualified personnel, and integrated technology solutions. The goal is to help mid-market companies develop the capabilities to more effectively detect, respond to, and resolve security incidents.
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Jimmy Blake
Security Operations Centres are being built focused on technology and lack alignment with business, or the true risks organisations face. This presentation looks at trends in security operations and why it's important to Think Like a Bad Guy.
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
At the HP Software Performance Tour 2014 Pierpaolo Ali’, South Europe Sales Director - HP Enterprise Security Products, illustrated the 2014 vulnerability landscape in IT security.
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
Learn more about CrowdStrike Services. Request a free consultation on Proactive Response and Incident Response offerings: response.crowdstrike.com/services/
Security intelligence using big data presentation (engineering seminar)Marco Casassa Mont
An overview of R&D work in the space of cyber security, focusing on technologies and case studies in the space of cyber security, big data for security, predictive analytics and usage of security intelligence for better situational awareness
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
These are the talk slides from ISSA International - discussing the need to reboot Enterprise Security to facilitate better defensibility, more intelligent security, and better operational capabilities.
When it comes to intrusions and breaches, most security teams take a short-game view. This means that they look at events as discrete and individual and focus efforts on short-term goals. While not universally detrimental, this view does harm the overall security of an organization in the "long game”. Additionally, “active defense” has been hopelessly confused by marketing hype even though its meaning is powerful to security’s operational goals.
This talk focuses on how enterprise security defenders can adjust their mindset, refocus, and beat adversaries by leveraging active defense over the long game. The basis of this talk is the extensive research done in support of the threat intelligence solution blueprint, a comprehensive guide to understanding, architecting, operationalizing and maturing a threat intelligence program.
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
Security intelligence is only worthwhile if a relevant piece of information is obtained and analyzed in a timely manner and able to aide a rapid decision-making process to mitigate an imminent threat – this capability is part of the new school security approach of Detect, Respond, Resolve with greater efficiency and speed which all enterprises should be benefiting from.
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
The document discusses operationalizing security intelligence for mid-market companies. It defines security intelligence as the collective activities and artifacts that enable intelligence-driven security decisions. It outlines the key requirements for security intelligence as high-quality internal and external data, well-defined internal processes, qualified personnel, and integrated technology solutions. The goal is to help mid-market companies develop the capabilities to more effectively detect, respond to, and resolve security incidents.
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Jimmy Blake
Security Operations Centres are being built focused on technology and lack alignment with business, or the true risks organisations face. This presentation looks at trends in security operations and why it's important to Think Like a Bad Guy.
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
At the HP Software Performance Tour 2014 Pierpaolo Ali’, South Europe Sales Director - HP Enterprise Security Products, illustrated the 2014 vulnerability landscape in IT security.
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
Learn more about CrowdStrike Services. Request a free consultation on Proactive Response and Incident Response offerings: response.crowdstrike.com/services/
Security intelligence using big data presentation (engineering seminar)Marco Casassa Mont
An overview of R&D work in the space of cyber security, focusing on technologies and case studies in the space of cyber security, big data for security, predictive analytics and usage of security intelligence for better situational awareness
The document discusses how to build predictive models from noisy sensor data collected during oil and gas drilling operations. It notes that sensor data can be noisy, requiring data cleansing techniques to derive meaningful signals. It also discusses extracting relevant features from the cleansed sensor data and using those features to build predictive models, with the goal of predicting drilling failures and improving operations.
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
The document discusses using big data analytics to counter advanced cyber threats. It notes that traditional security information and event management (SIEM) systems have limitations in detecting advanced threats due to incomplete data collection and inflexible analytics. A big data solution collects data from all possible sources, including network, endpoint, mobile and cloud systems. It then applies analytics to identify anomalous patterns that may indicate advanced threat activity based on factors like unusual user behavior, network connections, or changes from normal baselines. This helps security teams more effectively detect threats that can evade traditional defenses and are difficult to identify with signature-based tools alone.
In today’s threat environment, adversaries are constantly profiling and attacking your corporate infrastructure to access and collect your intellectual property, proprietary data, and trade secrets. Now, more than ever, Threat Intelligence is increasingly important for organizations who want to proactively defend against advanced threat actors.
While many organizations today are collecting massive amount of threat intelligence, are they able to translate the information into an effective defense strategy?
View the slides now to learn about threat intelligence for operational purposes, including real-world demonstrations of how to consume intelligence and integrate it with existing security infrastructure.
Learn how to prioritize response by differentiating between commodity and targeted attacks and develop a defense that responds to specific methods used by advanced attackers.
This document summarizes a CrowdStrike webinar on detecting advanced malware-free intrusions. It describes three speakers from CrowdStrike - Dmitri Alperovitch, Chris Scott, and Adam Meyers. The webinar then discusses how adversaries like China and various state-sponsored and criminal groups are adapting their tactics to evade detection, and how security teams must also adapt detection methods to focus on real-time monitoring rather than indicators of compromise. The webinar includes a case study of detecting a webshell attack in near real-time using CrowdStrike Falcon Host and concludes with a demonstration of its endpoint protection capabilities.
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysSpark Summit
Spark is gaining popularity at Goldman Sachs for processing big data. It offers benefits over previous tools like MapReduce including faster processing speeds using in-memory computing. Spark also supports multiple programming languages and has capabilities for SQL, streaming, machine learning and graph processing. However, challenges remain around supporting Python and R beyond Scala and Java as well as integrating machine learning models into software development lifecycles.
A Day in the Life of a GDPR Breach - September 2017: France Splunk
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Splunk's own Mathieu Dessus and Elizabeth Davies explore the future scenario.
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
The document introduces CrowdStrike speakers George Kurtz, Georg Wicherski, and Alex Radocea. It then discusses the evolution of threats from commercial remote access tools (RATs) to targeted RATs and advanced threats. Examples of commercial RATs like FlexiSPY and targeted RATs like LuckyCat are analyzed. The feasibility of developing exploits and native Android RATs is also explored.
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
The document discusses the need for a balanced approach to endpoint security that includes both prevention and detection. It argues that relying solely on prevention is not sufficient, as attacks will always get through, requiring detection capabilities to identify breaches. Likewise, detection alone is insufficient, as preventing attacks upfront reduces workload. The document outlines the key components needed to properly unify next-generation antivirus and endpoint detection and response, including complete visibility of endpoint activity, large-scale analysis capacity, and the ability to derive insights and indicators of attack from collected data. An integrated approach is advocated that allows prevention and detection to strengthen one another.
Business continuity strategy to combat coronavirus (covid 19) - innova global...www.securitysystems.best
Business Continuity Strategy to Combat Coronavirus (COVID-19)
nformation Technologies to combat work disruptions and changes as companies react to growing health concerns - Coronavirus (COVID-19) - Practical and tested solutions -Telecommuting - Teleworking
Learn how HP Fortify On Demand is leveraging Fortify Runtime Protection to protect our own cloud services. See tips and techniques learned from deploying Runtime Protection in the real world, and learn how you can leverage the same technology in your environment without compromising performance or uptime. You’ll come away with tips on deploying, managing, and integrating Fortify Runtime Protection so you can block attacks while providing your developers with line-of-code detail regarding how to close the holes.
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
This document outlines a 5-step approach to establishing a Software Security Assurance program:
1) Conduct an assessment of capabilities, resources, assets, and organization.
2) Develop a resource strategy and plan based on assessment.
3) Build intelligent processes that leverage existing processes and accommodate business needs.
4) Implement processes strategically and augment with automation technologies.
5) Continuously measure business impact and reassess goals as business priorities change.
The document is an announcement from Instituto Educativo Cambridge de Mexico about their nursery and pre-school programs for the 2010-2011 school year. It introduces a new educational approach based on Howard Gardner's Theory of Multiple Intelligences that recognizes each child's unique intellectual strengths and needs. The program aims to maximize each child's potential through individualized education in areas like language development, music, yoga, and computers science at their own pace in a bilingual English-Spanish environment.
Making Measurable Gains - Contextualizing 'Secure' in BusinessRafal Los
What does ‘secure’ mean? Many security professionals work in information security for a large portion of their careers without ever being able to contextualize what they contribute to the businesses they work for - a crying shame. Being able to make sense of all the security-related process changes, widgets, technology and testing is critical to not only being successful at changing the mindset and culture of your business - but to actually making a lasting long-term impression. The only way to do this is to find ways to add business-context to security metrics - creating pseudo-business/security KPIs. This talk focuses not on how to ‘hack’ but how to effectively protect… and to make it relevant to your business so that it matters.
Defying Logic - Business Logic Testing with AutomationRafal Los
It proposes a 3-phase framework: 1) Model valid business processes by monitoring normal user behavior. 2) Manipulate workflows by modifying states and transactions. 3) Analyze results to detect deviations from expected behavior, indicating potential logic defects. The goal is to overcome challenges of testing application logic, which is hard to define, domain-specific, and lacks consistent patterns. A demo is provided as a proof of concept for how such a framework could work. Contributions to further the research are welcomed.
Threat modeling the security of the enterpriseRafal Los
Many IT Security professionals simply do not understand "threat modeling" - or how an attack at component A can ultimately affect component B, C, and D ... this example-based (and very, very high-level) talk hopes to get you interested in threat modeling and understanding how things are connected - in orer to give you a chance to build your defenses.
"Translating Strategy to Measureable Actions... from PowerPoint to PracticeNidal Bitar
Be amongst 200+ senior executives who will particpate in "Translating Strategy to Measureable Actions... from PowerPoint to Practice on May 18th... for more info, please visit: www.translatingstrategy.scopi.org
Criminal Education: Lessons from the Criminals and Their MethodsHP Enterprise Italia
The document discusses lessons that can be learned from criminals and their hacking methods. It notes that a $45 million ATM heist was carried out in just hours but had been planned over many years. It also contains information on different types of adversaries like cybercriminals, nation-states, and hacktivists. The document advocates understanding the methods and operations of adversaries in order to better defend against attacks.
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Enterprise Italia
Frank Mong - VP & GM Security Solutions , Enterprise Security Products HP Software - at the HP EMEA Software Performance tour 2014 talked about security and cyber crime.
Adi and I explain our “mobile thinking” methods, we share insights from our HP Software projects and answer the question of “how can we fit an elephant into a refrigerator?”
How do you fund your security program?
Here are simple ways to get management buy-in
How do you enable the business?
Speak in terms of risk.
Show small wins
The document discusses predictions for the world in 2020, including increased global population and urbanization, the rise of developing world middle classes, increased use of technology and data, and changes in business and work environments. Key technology predictions are more application releases, greater use of big data and cognitive systems, smarter hardware and data centers, increased connectivity of people and devices, and reliance on cloud and mobile services. Workforce and workplace changes discussed include multi-generational workforces and virtual offices/teams. The presentation promotes HP's converged cloud, mobile, and security solutions to help clients lead in 2013 and 2020.
Software Security Assurance - Bruce JenkinsIT-oLogy
The document is a presentation by Bruce Jenkins from Hewlett-Packard on managing software security risks in the face of digital transformation. It discusses how software security has become increasingly challenging due to factors such as a growing number of applications, different development models, and developers not being trained in security. It emphasizes the importance of obtaining stakeholder alignment around a common security vision and goals tied to the organization's overall mission to create a strong foundation for managing security risks.
The document discusses how to build predictive models from noisy sensor data collected during oil and gas drilling operations. It notes that sensor data can be noisy, requiring data cleansing techniques to derive meaningful signals. It also discusses extracting relevant features from the cleansed sensor data and using those features to build predictive models, with the goal of predicting drilling failures and improving operations.
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
The document discusses using big data analytics to counter advanced cyber threats. It notes that traditional security information and event management (SIEM) systems have limitations in detecting advanced threats due to incomplete data collection and inflexible analytics. A big data solution collects data from all possible sources, including network, endpoint, mobile and cloud systems. It then applies analytics to identify anomalous patterns that may indicate advanced threat activity based on factors like unusual user behavior, network connections, or changes from normal baselines. This helps security teams more effectively detect threats that can evade traditional defenses and are difficult to identify with signature-based tools alone.
In today’s threat environment, adversaries are constantly profiling and attacking your corporate infrastructure to access and collect your intellectual property, proprietary data, and trade secrets. Now, more than ever, Threat Intelligence is increasingly important for organizations who want to proactively defend against advanced threat actors.
While many organizations today are collecting massive amount of threat intelligence, are they able to translate the information into an effective defense strategy?
View the slides now to learn about threat intelligence for operational purposes, including real-world demonstrations of how to consume intelligence and integrate it with existing security infrastructure.
Learn how to prioritize response by differentiating between commodity and targeted attacks and develop a defense that responds to specific methods used by advanced attackers.
This document summarizes a CrowdStrike webinar on detecting advanced malware-free intrusions. It describes three speakers from CrowdStrike - Dmitri Alperovitch, Chris Scott, and Adam Meyers. The webinar then discusses how adversaries like China and various state-sponsored and criminal groups are adapting their tactics to evade detection, and how security teams must also adapt detection methods to focus on real-time monitoring rather than indicators of compromise. The webinar includes a case study of detecting a webshell attack in near real-time using CrowdStrike Falcon Host and concludes with a demonstration of its endpoint protection capabilities.
How Spark is Making an Impact at Goldman Sachs by Vincent SaulysSpark Summit
Spark is gaining popularity at Goldman Sachs for processing big data. It offers benefits over previous tools like MapReduce including faster processing speeds using in-memory computing. Spark also supports multiple programming languages and has capabilities for SQL, streaming, machine learning and graph processing. However, challenges remain around supporting Python and R beyond Scala and Java as well as integrating machine learning models into software development lifecycles.
A Day in the Life of a GDPR Breach - September 2017: France Splunk
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Splunk's own Mathieu Dessus and Elizabeth Davies explore the future scenario.
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
The document introduces CrowdStrike speakers George Kurtz, Georg Wicherski, and Alex Radocea. It then discusses the evolution of threats from commercial remote access tools (RATs) to targeted RATs and advanced threats. Examples of commercial RATs like FlexiSPY and targeted RATs like LuckyCat are analyzed. The feasibility of developing exploits and native Android RATs is also explored.
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
The document discusses the need for a balanced approach to endpoint security that includes both prevention and detection. It argues that relying solely on prevention is not sufficient, as attacks will always get through, requiring detection capabilities to identify breaches. Likewise, detection alone is insufficient, as preventing attacks upfront reduces workload. The document outlines the key components needed to properly unify next-generation antivirus and endpoint detection and response, including complete visibility of endpoint activity, large-scale analysis capacity, and the ability to derive insights and indicators of attack from collected data. An integrated approach is advocated that allows prevention and detection to strengthen one another.
Business continuity strategy to combat coronavirus (covid 19) - innova global...www.securitysystems.best
Business Continuity Strategy to Combat Coronavirus (COVID-19)
nformation Technologies to combat work disruptions and changes as companies react to growing health concerns - Coronavirus (COVID-19) - Practical and tested solutions -Telecommuting - Teleworking
Learn how HP Fortify On Demand is leveraging Fortify Runtime Protection to protect our own cloud services. See tips and techniques learned from deploying Runtime Protection in the real world, and learn how you can leverage the same technology in your environment without compromising performance or uptime. You’ll come away with tips on deploying, managing, and integrating Fortify Runtime Protection so you can block attacks while providing your developers with line-of-code detail regarding how to close the holes.
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
This document outlines a 5-step approach to establishing a Software Security Assurance program:
1) Conduct an assessment of capabilities, resources, assets, and organization.
2) Develop a resource strategy and plan based on assessment.
3) Build intelligent processes that leverage existing processes and accommodate business needs.
4) Implement processes strategically and augment with automation technologies.
5) Continuously measure business impact and reassess goals as business priorities change.
The document is an announcement from Instituto Educativo Cambridge de Mexico about their nursery and pre-school programs for the 2010-2011 school year. It introduces a new educational approach based on Howard Gardner's Theory of Multiple Intelligences that recognizes each child's unique intellectual strengths and needs. The program aims to maximize each child's potential through individualized education in areas like language development, music, yoga, and computers science at their own pace in a bilingual English-Spanish environment.
Making Measurable Gains - Contextualizing 'Secure' in BusinessRafal Los
What does ‘secure’ mean? Many security professionals work in information security for a large portion of their careers without ever being able to contextualize what they contribute to the businesses they work for - a crying shame. Being able to make sense of all the security-related process changes, widgets, technology and testing is critical to not only being successful at changing the mindset and culture of your business - but to actually making a lasting long-term impression. The only way to do this is to find ways to add business-context to security metrics - creating pseudo-business/security KPIs. This talk focuses not on how to ‘hack’ but how to effectively protect… and to make it relevant to your business so that it matters.
Defying Logic - Business Logic Testing with AutomationRafal Los
It proposes a 3-phase framework: 1) Model valid business processes by monitoring normal user behavior. 2) Manipulate workflows by modifying states and transactions. 3) Analyze results to detect deviations from expected behavior, indicating potential logic defects. The goal is to overcome challenges of testing application logic, which is hard to define, domain-specific, and lacks consistent patterns. A demo is provided as a proof of concept for how such a framework could work. Contributions to further the research are welcomed.
Threat modeling the security of the enterpriseRafal Los
Many IT Security professionals simply do not understand "threat modeling" - or how an attack at component A can ultimately affect component B, C, and D ... this example-based (and very, very high-level) talk hopes to get you interested in threat modeling and understanding how things are connected - in orer to give you a chance to build your defenses.
"Translating Strategy to Measureable Actions... from PowerPoint to PracticeNidal Bitar
Be amongst 200+ senior executives who will particpate in "Translating Strategy to Measureable Actions... from PowerPoint to Practice on May 18th... for more info, please visit: www.translatingstrategy.scopi.org
Criminal Education: Lessons from the Criminals and Their MethodsHP Enterprise Italia
The document discusses lessons that can be learned from criminals and their hacking methods. It notes that a $45 million ATM heist was carried out in just hours but had been planned over many years. It also contains information on different types of adversaries like cybercriminals, nation-states, and hacktivists. The document advocates understanding the methods and operations of adversaries in order to better defend against attacks.
HP Software Performance Tour 2014 - Stop Looking for the Silver Bullet, Start...HP Enterprise Italia
Frank Mong - VP & GM Security Solutions , Enterprise Security Products HP Software - at the HP EMEA Software Performance tour 2014 talked about security and cyber crime.
Adi and I explain our “mobile thinking” methods, we share insights from our HP Software projects and answer the question of “how can we fit an elephant into a refrigerator?”
How do you fund your security program?
Here are simple ways to get management buy-in
How do you enable the business?
Speak in terms of risk.
Show small wins
The document discusses predictions for the world in 2020, including increased global population and urbanization, the rise of developing world middle classes, increased use of technology and data, and changes in business and work environments. Key technology predictions are more application releases, greater use of big data and cognitive systems, smarter hardware and data centers, increased connectivity of people and devices, and reliance on cloud and mobile services. Workforce and workplace changes discussed include multi-generational workforces and virtual offices/teams. The presentation promotes HP's converged cloud, mobile, and security solutions to help clients lead in 2013 and 2020.
Software Security Assurance - Bruce JenkinsIT-oLogy
The document is a presentation by Bruce Jenkins from Hewlett-Packard on managing software security risks in the face of digital transformation. It discusses how software security has become increasingly challenging due to factors such as a growing number of applications, different development models, and developers not being trained in security. It emphasizes the importance of obtaining stakeholder alignment around a common security vision and goals tied to the organization's overall mission to create a strong foundation for managing security risks.
Humanizing the Talent Acquisition Lifestyle: HP Case StudyGlassdoor
Hear from Celinda Appleby, HP's Global Digital Media Program Manager, about humanizing the talent acquisition lifestyle during our Glassdoor Talent Warriors Roadshow!
HP: Delivering on the Promise of Hybrid CloudMelissa Luongo
This document discusses delivering on the promise of hybrid cloud. It is a presentation by HP and Accenture on how their partnership can help organizations transform to hybrid cloud models. The key points are:
- HP and Accenture have over 20 years of partnership experience in helping organizations transform their IT through cloud technologies.
- Their combined strengths - with Accenture providing cloud transformation expertise and HP focusing on private cloud technologies - allow them to reduce risks for clients while accelerating transformational outcomes.
- They take a holistic approach to cloud adoption, from prioritizing business targets, aligning cloud platforms, developing business cases, to tracking value realization - all with the goal of maximizing business value for the
HP Helion - Copaco Cloud Event 2015 (break-out 4)Copaco Nederland
HP Helion CloudSystem is the most complete, integrated, and open cloud solution on the market. Powered by OpenStack® technology and developed with an emphasis on automation and ease-of-use, HP Helion CloudSystem redefines how you build and manage cloud services.
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile DelécoleENSIBS
The document discusses the "seven agile sins" which include pride, envy, greed, lust, anger, gluttony, and sloth. It provides examples of how each of these sins can negatively impact agile practices if not properly managed. The document encourages readers to be mindful of these sins and how to avoid them when adopting and practicing agile methodologies.
Facilitating an agile, interative, user-centric approach to digital service creation
This session will reveal the results of our latest survey which looked at digital services and how government organisations are tackling the challenge of delivering world-class digital products that meet people’s needs.
In total, 272 individuals from 163 organisations completed the survey representing central government and associated agencies. One of the key findings was that as part of their digital strategy, the majority of organisations are embracing the government’s move towards agile.
In this session, we will highlight the HP software offerings that facilitate an agile, iterative, user-centric approach to tackling business problems.
Speakers:
Verity Greig, HP Software Sales Specialist & Consultant, Hewlett Packard
Mark Turner – HP Software PreSales, Hewlett Packard
The document discusses innovations for cities and services, noting that an inflection point in city-scale resource management is coming with the interconnected, sustainable and accessible infrastructure. It presents one view of the future which includes challenges and opportunities around integration across silos and domains, automation especially for service deployment and analytics, and scalability of data platforms, models and expertise.
The document discusses a study conducted by HP to determine how much its Software Channel and Alliance partners utilize social media, with a focus on LinkedIn, in order to understand the demand for an HP Software Channel & Alliance group on LinkedIn. The objective is stated as finding out how much HP Software Channel & Alliance partners use social media, predominantly LinkedIn. The document contains several copyright notices from Hewlett-Packard.
Vmware cio event barcelona 2014 - no buildsRussell Acton
Pivotal is a new company spun out of GE, EMC, and VMware to focus on applications, big data, and analytics. It has over 1,000 enterprise customers and $100M in funding from GE. Technology is changing industries by making systems cheaper and easier to change through approaches like Pivotal's platform-as-a-service, which provides applications, data, runtime and other services while reducing management needs. Leaders are now using data better than others to drive business growth.
This document discusses adapting incident response best practices from firefighting to cybersecurity incident response. It recommends establishing an incident command system (ICS) with roles like command, information officer, and sections to coordinate response. The ICS framework supports responding to diverse incidents in a scalable way with preparation, response, and recovery phases including after action reports.
Capgemini Commercial Insurance Risk Analytics Powered by HP HAVEnCapgemini
With Capgemini Commercial Insurance Risk Analytics powered by HP HAVEn Insurers can gain unprecedented access to information on individual risk factors for a more informed, faster risk assessment.
Why OpenStack matters and how you can get involvedMatthew Farina
The document discusses OpenStack, an open source cloud computing platform. It provides an overview of what OpenStack is, the types of services it offers (compute, storage, networking, etc.), how enterprises and governments are using it as an alternative to proprietary cloud platforms, and the growing job market for OpenStack skills. The presentation encourages developers to get involved by building applications for OpenStack, contributing code to OpenStack projects, or deploying their own OpenStack clouds.
The document discusses the "seven agile sins" - envy, pride, laziness, greed, gluttony, anger, and lust. For each sin, it provides examples of how that sin could manifest in an agile project, such as accepting a mission that is doomed to fail (envy), not having a sponsor (pride), just doing a redesign without real change (laziness), wanting to finish a project quickly without constraints (greed), being overly dogmatic without pragmatism (gluttony), not communicating or accepting criticism (anger), and only working with developers without including other roles like customers (lust). It encourages being conscious of these sins in agile work.
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynoteMassTLC
The document discusses strategies for businesses in a big data world. It explains that digitization and datafication have led to more data being created about thoughts, things, and activities. It emphasizes that strategy is about creating unique value in a unique way. The document outlines different ways that businesses can use data to either run their existing business or change and transform their business. It stresses the importance of building a big data strategy that focuses on data market share, proprietary data assets, and using data to generate more data.
Similar to 5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013 (20)
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
I've been in the field of "Cyber Security" in its many incarnations for about 25 years. In that time I've learned some lessons, some the hard way.
Here are my slides presented at BSides New Orleans in April 2024.
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
Preparedness for cyber security incidents - of all kinds - is formulaic. Unfortunately, many organizations don't follow these five principles, or don't take them seriously enough.
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityRafal Los
It might seem crazy, but as a parent you're more prepared than you think to be a cyber security professional and leader. Check this talk to see what I, with 8yr old twins, can tell you from my experiences.
From management, to leadership, to threat analysis and incident response - it's all related.
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)Rafal Los
The document discusses the history and evolution of vulnerability management over the decades from the 1990s to present. It outlines some unfortunate trends like overreliance on spreadsheets and a focus only on missing patches. The talk recommends taking a lifecycle approach to vulnerability management including identifying vulnerabilities across the entire attack surface, triaging findings, advising on mitigation or deferral, tracking to resolution, and reporting on progress and accountability. Prioritizing this lifecycle approach and moving beyond only patching is key to effectively managing increasing IT complexity.
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Rafal Los
Vulnerability Management is more than patching your systems. A programmatic approach to risk reduction is critical, but often under-performing. This talk provides insight on how to implement a functional program.
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Rafal Los
This document discusses cloud security from the perspectives of both cloud service consumers and providers. For consumers, it examines questions around the security of the cloud provider, assurances and transparency, resilience of services, and compliance. For providers, it considers how to deliver security across infrastructure, platform and software as a service models, provide assurance to customers, determine appropriate security measures, manage liabilities and risks, and address compliance needs. The document also notes challenges that are keeping some enterprises from fully adopting cloud services such as immature security models, migration difficulties, lack of transparency, absence of compliance mechanisms, and fear of vendor lock-in.
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
This is my talk from Security BSides Atlanta ... the talk discusses how the disconnect between security and business keeps getting wider, why, and what to do about it.
The Future of Software Security AssuranceRafal Los
This talk is from ISSA International 2011, reflecting a look out over the horizon of Software Security Assurance for the next 20 years. Fundamentally, we must be able to start with 1 question - "Can you trust your software?" ...and if you can't say "Yes!" for certain, it's time to start somewhere.
Ultimate Hack! Layers 8 & 9 of the OSI ModelRafal Los
The vast chasm between business and Information Security must be bridged. In this talk from AtlSecCon in Halifax (Mar 2011) I discuss how Information Security professionals can 'hack' the management and budget layers of their daily work to get things done more effectively.
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Rafal Los
This talk from the 2010 OWASP AppSec DC talk of the same title is all about better, more evolved web application security testing utilizing automation!
Oh No They Didn't! 7 Web App Security Stories (v1.0)Rafal Los
This is the first iteration of a talk that goes through some of the more ..."interesting" failures in web app security over the 2009-2010 assessment calendar.
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
This talk is geared towards QA Analysts who want to start to understand the mindset of the 'hacker', and start thinking about web application security testing concepts.
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Rafal Los
If you've ever wanted to know how a Software Security Assurance program can have a closer tie-in with a business-level conversation, this is the presentation you can't miss.
Sans Feb 2010 - When Web 2 0 Attacks v3.3Rafal Los
The document discusses security issues related to Web 2.0 technologies. It notes that Web 2.0 has increased the attack surface area by moving more logic to the client-side and allowing richer content. Various attacks are explored like clickjacking, cross-site scripting using social media sites, exploiting functionality in Flash applications, and manipulating client-side logic and data validations. Sensitive information may also be exposed. The document provides examples of real code vulnerabilities and demonstrates live decompiling of Flash to find vulnerabilities. It concludes with an example attack on MapQuest by inserting malicious code.
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsRafal Los
Do you know why your software testing strategy isn't finding many of the "really big" bugs hidden in the web-based software your company churns out? Find out now...
For those of you who missed it, this is my slide deck from SecTor 2009, "When Web 2.0 Attacks!" ... reference to Web 2.0, and many of the technologies that make up the mish-mash that makes today's web application landscape so impossible to secure.
This is the OWASP 2009 talk (from Canada and Chicago) that was given to some of the best crowds I've ever worked with... you know who you are!
I hope you enjoy.
Creating Practical Security Test-Cases for Web ApplicationsRafal Los
The document discusses negative testing techniques for web applications. It explains that negative testing involves finding unintended functions and manipulating code in unexpected ways to uncover security vulnerabilities. The testing process involves mapping application logic and data flows, using both manual and automated testing methods to input unexpected data and manipulate application control flows. Testers must understand the application thoroughly to identify potential weaknesses in how the application handles unexpected inputs or flows.
From InfoSec World 2009, Josh Abraham (of Rapid7) and I did a talk on owning the browser and why it's completely a broken concept... if you loved the presentation here are the slides!
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.