SlideShare a Scribd company logo

A SecDevOps Approach to Responding to Future Vulnerabilities

Download as PPTX, PDF
M
Max Justice

A SecDevOps approach is recommended for organizations developing technical solutions to better respond to future vulnerabilities and threats. This involves baking security into the entire software development lifecycle from development through operations on premises, in the cloud, and hybrid environments. Implementing innovative programming techniques and platforms like cloud-native tools can help mature an organization's security defenses and adjust to new threats.

Technology
1 of 15
A Recommendation for Innovative Solutions in Software Development When Responding to Future Vulnerabilities and Threats 6 June 2021
mjusti99@peraton.com Welcome Max Justice CEO, Maximum Justice Cybersecurity MBA, CISSP, PMP, ITIL Foundations, Lean 6σ blackbelt, Blockchain Expert …. Ph.D Student, Northcentral University TIM-8340 v3: Secure Software Development Dr. Brian Holbert 6 June 2021 m.justice5408@o365.ncu.edu Max.justice@nasa.gov 2 max@maximumjusticecybersecurity.com
Agenda Objective - A Recommendation for a SecDevOps Approach When Responding to Future Vulnerabilities and Threats 4 Your Why - It’s All About Mitigating Risks to Vulnerabilities &Threats 5 Who Needs SecDevOps - Organizational Description 6 Where’s the Beef - New Threats and Vulnerabilities to Your Organization 7 The Value Add - Adjusting & Responding to the New Threats & Vulnerabilities 8 A Maturity Model - Maturing Your Security Defenses with SecDevOps 9 Innovation Starts Here - New Programing Techniques for Secure & Improved S/W Development 10 On-Prem, the Cloud & Hybrid – New & Innovative Platforms for Secure & Improved S/W Development 11 We Are Go for Liftoff - Implementing New Programing and Platforms in SecDevOps 12 Conclusion / Take Away 13 References 15 3
A Recommendation for a SecDevOps Approach When Responding to Future Vulnerabilities and Threats A SecDevOps Approach Any Organization Which Builds / Implements Technical Solutions The Capabilities and Responses for Dealing With Future Vulnerabilities and Threats On Prem, in the Cloud, and in Hybrid Solutions Through Out the Organization’s SSDLC To Avoid Loss of Life, Production, Operations and Delivery Baking in Security into the Development & Operational Processes 4
It’s All About Mitigating Risks to Vulnerabilities &Threats Ask 3 Questions to Understand Why Your Organization Should Use Secure Software Development (DevSecOps) Methodology 5 We Need to Ask 3 Questions 1) Are we on target to reduce our Risk? 2) Do we understand mitigating our Risk is the highest priority? 3) Have we implemented most cost-effective Risk Mitigation Solution?
Organizational Description Understand Who Needs to Use A DevSecOps Methodology 6 The Organizational Profile Develops or Operates Technical Solutions Needs the Solution to Provide Confidentiality, Available and Have Integrity - While Being Scaleable, Reliable, Secure, Fast, Responsive, and Fault-Tolerant Requires Continuous Integration / Continuous Delivery Ref: Samant, D. (2020) A User’s Guide to DevSecOps Success. Technology & Innovation. Business 2 Community. Retrieved from https://www.business2community.com/cloud-computing/a-users-guide-to-devsecops-success-02300986
New Threats and Vulnerabilities to Your Organization Threats & Vulnerabilities Organizations are Facing? 7 Social Engineering Ransomware DDoS Attacks MitM Third Party Software & The Supply Chain Cloud, On-Prem & Hybrid Computing Who Are They - Internal Threat, Malicious Insider, State-sponsored ATP, Terrorist, Industrial Spies/Espionage, Organized Crime, Hackers, Hacktivist What Are They – AI / ML, Code, Bad Actors, Internal Threat Cassetto, O. (2019). 21 Top Cyber Security Threats and How Threat Intelligence Can Help. Information Security. Exabeam. Retrieved from https://www.exabeam.com/information-security/cyber-security-threat/#21 Graphic curtesy of Ref: Sherwin Wulf, L. (2021). Leveraging Research to Elevate Brand Awareness & Generate Leads. Market Connections. Retrieved from http://www.marketconnectionsinc.com/managing-the-unpredictable-human-element-of-cybersecurity-2/
Adjusting & Responding to the New Threats & Vulnerabilities How Your Organization Can Adjust to New Threats & Vulnerabilities 8 SecDevOps – Managing and Implementing Secure Development and Operation Activities Leverage Industry Controls – NIST, CIS, OWASP, MITRE Threat Intelligence – Anti-malware programs comparing code to a database of previously detected signatures Good Cyber-hygiene – Train, Practice, Test, Policy SIEM & Monitoring Tools - data collection and analysis solutions SOAR (Gartner, 2017) - a category of cybersecurity solutions. - Security orchestration, automation, and response Cassetto, O. (2019). 21 Top Cyber Security Threats and How Threat Intelligence Can Help. Information Security. Exabeam. Retrieved from https://www.exabeam.com/information-security/cyber-security-threat/#21 Neiva, C., Lawson, C., Bussa, T. & Sadowski, G. (2017) Innovation Insight for Security Orchestration, Automation and Response. Gartner Research. Gartner. Retrieved from https://www.gartner.com/en/documents/3834578/innovation-insight-for-security-orchestration-automation
Maturing Your Security Defenses with SecDevOps 9 Strengthening Your Security Defenses Build Deploy Educate & Guide Culture & Organization Processes Monitoring Logging Hardening Patch Management Dynamic Apps Static Apps Test-Intensity Consolidation App Testing Dynamic Infrastructure Static Infrastructure Pagel, T. (2021) DSOMM: OWASP DevSecOps Maturity Model. OWASP. Retrieved from https://owasp.org/www-project-devsecops-maturity-model/
Innovative Programing Techniques for Improved S/W Development 10 New Programing Techniques for Improved S/W Development? There are many type of Programing Techniques This SecDevOps Model is the Recommended Innovation to Programing Lemasov, E. (2021). DiatomEnterprises: Full-Service Development Company. Diatom Enterprises. Retrieved from https://diatomenterprises.com/our-process/ Based on The DoD Software Lifecycle Model DoD Cyber Exchange (2021). DevSecOps. DoD Cyber Exchange. Defense Information Systems Agency (DISA). Retrieved from https://public.cyber.mil/devsecops/
Innovative Platforms for Secure & Improved S/W Development 11 New & Innovative Platforms for Secure & Improved S/W Development? Cloud-Native DevSecOps tools and the Data they Generate Data-Backed Support for the Automation of Container Scanning Support for Advanced DevSecOps Automation DevOps to DevSecOps Transformation DevSecOps to NoOps Transformation Kelly, W. (2021). 5 Reasons AI and ML are the Future of DevSecOps. Anchore. Retrieved from https://anchore.com/blog/5-reasons-ai-and-ml-are-the-future-of-devsecops/ Low Code No Code Agile DevOps SecDevOps NoOps
Implementing New Programing and Platforms in SecDevOps 12 Where Your Organization Can Implement New Programing and Platforms in SecDevOps The Cloud – AWS, Google, MS Azure, Oracle, SAP, IBM, and many others Apps – Clutch, AppFutura, Behance, Facebook, LinkedIn, Phabricator, Techreviewer, Decoded, AllAboutApps, and to many to list Devices – Android, Mac, MS, Intel, AMD, IBM and many others
There is always a risk with change; changing culture, systems and processes. Don’t loose understanding what it’s all about. It’s about Good is practiced by all and implemented by Leadership Understanding You Future Vulnerabilities and Threats Win/Win/Win If we are to improve trust in the system, it is imperative using sound and timely tools, techniques and analysis Conclusion / Take Away 13
I look forward to talking to you again in the future Next time, bring friends 14
Aryal, M. (2016). Cyber War On Cyber Security Threats, Data Breaches. Security. ICT Frame. Retrieved from https://ictframe.com/cyber-war-on-cyber-security-threats-data-breaches/ Cassetto, O. (2019). 21 Top Cyber Security Threats and How Threat Intelligence Can Help. Information Security. Exabeam. Retrieved from https://www.exabeam.com/information- security/cyber-security-threat/#21 Cole, E. (2021). #63: The Top Cybersecurity Trends and Predictions for 2021. Life of a CISO. Secure Anchor Consulting. Retrieved from https://secure-anchor.com/podcast/ Divitec. (2021). Software Development. Divitec. Retrieved from http://divitec.org/wp-content/uploads/2018/08/34eb35_9e7aa43363764f7c97431ea29c0c064amv2.png DoD Cyber Exchange (2021). DevSecOps. DoD Cyber Exchange. Defense Information Systems Agency (DISA). Retrieved from https://public.cyber.mil/devsecops/ Kelly, W. (2021). 5 Reasons AI and ML are the Future of DevSecOps. Anchore. Retrieved from https://anchore.com/blog/5-reasons-ai-and-ml-are-the-future-of-devsecops/ Lemasov, E. (2021). DiatomEnterprises: Full-Service Development Company. Diatom Enterprises. Retrieved from https://diatomenterprises.com/our-process/ Neiva, C., Lawson, C., Bussa, T. & Sadowski, G. (2017) Innovation Insight for Security Orchestration, Automation and Response. Gartner Research. Gartner. Retrieved from https://www.gartner.com/en/documents/3834578/innovation-insight-for-security-orchestration-automation Pagel, T. (2021) DSOMM: OWASP DevSecOps Maturity Model. OWASP. Retrieved from https://owasp.org/www-project-devsecops-maturity-model/ Samant, D. (2020) A User’s Guide to DevSecOps Success. Technology & Innovation. Business 2 Community. Retrieved from https://www.business2community.com/cloud-computing/a- users-guide-to-devsecops-success-02300986 Sherwin Wulf, L. (2021). Leveraging Research to Elevate Brand Awareness & Generate Leads. Market Connections. Retrieved from http://www.marketconnectionsinc.com/managing-the- unpredictable-human-element-of-cybersecurity-2/ References 15

Recommended

McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...Mighty Guides, Inc.
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for EndpointMighty Guides, Inc.
 
Carbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityCarbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityMighty Guides, Inc.
 

Recommended

McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...Mighty Guides, Inc.
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for EndpointMighty Guides, Inc.
 
Carbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityCarbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityMighty Guides, Inc.
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security CanvasRobert Greiner
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Mighty Guides, Inc.
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuBGA Cyber Security
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
Journey to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisJourney to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisAggregage
 
The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report Bricata, Inc.
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?Aaron Clark-Ginsberg
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber riskG Prachi
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Cyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdfCyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdfMitch Cardoza, SPHR, Workforce Solutions Exec.
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceS-RM Risk and Intelligence Consulting
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
16231
1623116231
16231James Grant
 
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEnterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdfJose R
 
The 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providersThe 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providersInsights success media and technology pvt ltd
 

More Related Content

What's hot

7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 DefenderMighty Guides, Inc.
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security CanvasRobert Greiner
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Mighty Guides, Inc.
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuBGA Cyber Security
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
Journey to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisJourney to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisAggregage
 
The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report Bricata, Inc.
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber riskG Prachi
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEnterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
 

What's hot (20)

7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security Canvas
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
Journey to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisJourney to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a Crisis
 
The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber risk
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
Cyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdfCyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdf
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
16231
1623116231
16231
 
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEnterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
 

Similar to A SecDevOps Approach to Responding to Future Vulnerabilities

4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdfJose R
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Matthew Rosenquist
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxdamilolasunmola
 
Level Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects SuccessfullyLevel Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects SuccessfullyKaali Dass PMP, PhD.
 
Ms think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMs think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMicrosoft India
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!Tammy Clark
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017Maurice Dawson
 
6212020 Originality Reporthttpsucumberlands.blackboar.docx
6212020 Originality Reporthttpsucumberlands.blackboar.docx6212020 Originality Reporthttpsucumberlands.blackboar.docx
6212020 Originality Reporthttpsucumberlands.blackboar.docxBHANU281672
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...South Tyrol Free Software Conference
 

Similar to A SecDevOps Approach to Responding to Future Vulnerabilities (20)

4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
 
The 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providersThe 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providers
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
 
Implementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptxImplementing cybersecurity best practices and new technology ppt (1).pptx
Implementing cybersecurity best practices and new technology ppt (1).pptx
 
Level Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects SuccessfullyLevel Up Your Skills to Lead IT Projects Successfully
Level Up Your Skills to Lead IT Projects Successfully
 
Ms think-tank-coffee-table-book
Ms think-tank-coffee-table-bookMs think-tank-coffee-table-book
Ms think-tank-coffee-table-book
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
 
6212020 Originality Reporthttpsucumberlands.blackboar.docx
6212020 Originality Reporthttpsucumberlands.blackboar.docx6212020 Originality Reporthttpsucumberlands.blackboar.docx
6212020 Originality Reporthttpsucumberlands.blackboar.docx
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
 
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
SFSCON23 - Carlo Falciola - Opensource to help increase organizations Cyberse...
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
GITA March 2015 Newsletter
GITA March 2015 NewsletterGITA March 2015 Newsletter
GITA March 2015 Newsletter
 
Dr. Charles Pak
Dr. Charles PakDr. Charles Pak
Dr. Charles Pak
 

More from Max Justice

A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
A Professional Journey - Chip Justice CISSP
A Professional Journey - Chip Justice CISSPA Professional Journey - Chip Justice CISSP
A Professional Journey - Chip Justice CISSPMax Justice
 
An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...Max Justice
 
Are you kicking ass
Are you kicking assAre you kicking ass
Are you kicking assMax Justice
 
ACC Credential_Certificate
ACC Credential_CertificateACC Credential_Certificate
ACC Credential_CertificateMax Justice
 
Communicating and Managing Risks at NGA
Communicating and Managing Risks at NGACommunicating and Managing Risks at NGA
Communicating and Managing Risks at NGAMax Justice
 
Inside Out - the lego story
Inside Out - the lego storyInside Out - the lego story
Inside Out - the lego storyMax Justice
 

More from Max Justice (7)

A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a ciso
 
A Professional Journey - Chip Justice CISSP
A Professional Journey - Chip Justice CISSPA Professional Journey - Chip Justice CISSP
A Professional Journey - Chip Justice CISSP
 
An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...
 
Are you kicking ass
Are you kicking assAre you kicking ass
Are you kicking ass
 
ACC Credential_Certificate
ACC Credential_CertificateACC Credential_Certificate
ACC Credential_Certificate
 
Communicating and Managing Risks at NGA
Communicating and Managing Risks at NGACommunicating and Managing Risks at NGA
Communicating and Managing Risks at NGA
 
Inside Out - the lego story
Inside Out - the lego storyInside Out - the lego story
Inside Out - the lego story
 

Recently uploaded

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

A SecDevOps Approach to Responding to Future Vulnerabilities

  • 1. A Recommendation for Innovative Solutions in Software Development When Responding to Future Vulnerabilities and Threats 6 June 2021
  • 2. mjusti99@peraton.com Welcome Max Justice CEO, Maximum Justice Cybersecurity MBA, CISSP, PMP, ITIL Foundations, Lean 6σ blackbelt, Blockchain Expert …. Ph.D Student, Northcentral University TIM-8340 v3: Secure Software Development Dr. Brian Holbert 6 June 2021 m.justice5408@o365.ncu.edu Max.justice@nasa.gov 2 max@maximumjusticecybersecurity.com
  • 3. Agenda Objective - A Recommendation for a SecDevOps Approach When Responding to Future Vulnerabilities and Threats 4 Your Why - It’s All About Mitigating Risks to Vulnerabilities &Threats 5 Who Needs SecDevOps - Organizational Description 6 Where’s the Beef - New Threats and Vulnerabilities to Your Organization 7 The Value Add - Adjusting & Responding to the New Threats & Vulnerabilities 8 A Maturity Model - Maturing Your Security Defenses with SecDevOps 9 Innovation Starts Here - New Programing Techniques for Secure & Improved S/W Development 10 On-Prem, the Cloud & Hybrid – New & Innovative Platforms for Secure & Improved S/W Development 11 We Are Go for Liftoff - Implementing New Programing and Platforms in SecDevOps 12 Conclusion / Take Away 13 References 15 3
  • 4. A Recommendation for a SecDevOps Approach When Responding to Future Vulnerabilities and Threats A SecDevOps Approach Any Organization Which Builds / Implements Technical Solutions The Capabilities and Responses for Dealing With Future Vulnerabilities and Threats On Prem, in the Cloud, and in Hybrid Solutions Through Out the Organization’s SSDLC To Avoid Loss of Life, Production, Operations and Delivery Baking in Security into the Development & Operational Processes 4
  • 5. It’s All About Mitigating Risks to Vulnerabilities &Threats Ask 3 Questions to Understand Why Your Organization Should Use Secure Software Development (DevSecOps) Methodology 5 We Need to Ask 3 Questions 1) Are we on target to reduce our Risk? 2) Do we understand mitigating our Risk is the highest priority? 3) Have we implemented most cost-effective Risk Mitigation Solution?
  • 6. Organizational Description Understand Who Needs to Use A DevSecOps Methodology 6 The Organizational Profile Develops or Operates Technical Solutions Needs the Solution to Provide Confidentiality, Available and Have Integrity - While Being Scaleable, Reliable, Secure, Fast, Responsive, and Fault-Tolerant Requires Continuous Integration / Continuous Delivery Ref: Samant, D. (2020) A User’s Guide to DevSecOps Success. Technology & Innovation. Business 2 Community. Retrieved from https://www.business2community.com/cloud-computing/a-users-guide-to-devsecops-success-02300986
  • 7. New Threats and Vulnerabilities to Your Organization Threats & Vulnerabilities Organizations are Facing? 7 Social Engineering Ransomware DDoS Attacks MitM Third Party Software & The Supply Chain Cloud, On-Prem & Hybrid Computing Who Are They - Internal Threat, Malicious Insider, State-sponsored ATP, Terrorist, Industrial Spies/Espionage, Organized Crime, Hackers, Hacktivist What Are They – AI / ML, Code, Bad Actors, Internal Threat Cassetto, O. (2019). 21 Top Cyber Security Threats and How Threat Intelligence Can Help. Information Security. Exabeam. Retrieved from https://www.exabeam.com/information-security/cyber-security-threat/#21 Graphic curtesy of Ref: Sherwin Wulf, L. (2021). Leveraging Research to Elevate Brand Awareness & Generate Leads. Market Connections. Retrieved from http://www.marketconnectionsinc.com/managing-the-unpredictable-human-element-of-cybersecurity-2/
  • 8. Adjusting & Responding to the New Threats & Vulnerabilities How Your Organization Can Adjust to New Threats & Vulnerabilities 8 SecDevOps – Managing and Implementing Secure Development and Operation Activities Leverage Industry Controls – NIST, CIS, OWASP, MITRE Threat Intelligence – Anti-malware programs comparing code to a database of previously detected signatures Good Cyber-hygiene – Train, Practice, Test, Policy SIEM & Monitoring Tools - data collection and analysis solutions SOAR (Gartner, 2017) - a category of cybersecurity solutions. - Security orchestration, automation, and response Cassetto, O. (2019). 21 Top Cyber Security Threats and How Threat Intelligence Can Help. Information Security. Exabeam. Retrieved from https://www.exabeam.com/information-security/cyber-security-threat/#21 Neiva, C., Lawson, C., Bussa, T. & Sadowski, G. (2017) Innovation Insight for Security Orchestration, Automation and Response. Gartner Research. Gartner. Retrieved from https://www.gartner.com/en/documents/3834578/innovation-insight-for-security-orchestration-automation
  • 9. Maturing Your Security Defenses with SecDevOps 9 Strengthening Your Security Defenses Build Deploy Educate & Guide Culture & Organization Processes Monitoring Logging Hardening Patch Management Dynamic Apps Static Apps Test-Intensity Consolidation App Testing Dynamic Infrastructure Static Infrastructure Pagel, T. (2021) DSOMM: OWASP DevSecOps Maturity Model. OWASP. Retrieved from https://owasp.org/www-project-devsecops-maturity-model/
  • 10. Innovative Programing Techniques for Improved S/W Development 10 New Programing Techniques for Improved S/W Development? There are many type of Programing Techniques This SecDevOps Model is the Recommended Innovation to Programing Lemasov, E. (2021). DiatomEnterprises: Full-Service Development Company. Diatom Enterprises. Retrieved from https://diatomenterprises.com/our-process/ Based on The DoD Software Lifecycle Model DoD Cyber Exchange (2021). DevSecOps. DoD Cyber Exchange. Defense Information Systems Agency (DISA). Retrieved from https://public.cyber.mil/devsecops/
  • 11. Innovative Platforms for Secure & Improved S/W Development 11 New & Innovative Platforms for Secure & Improved S/W Development? Cloud-Native DevSecOps tools and the Data they Generate Data-Backed Support for the Automation of Container Scanning Support for Advanced DevSecOps Automation DevOps to DevSecOps Transformation DevSecOps to NoOps Transformation Kelly, W. (2021). 5 Reasons AI and ML are the Future of DevSecOps. Anchore. Retrieved from https://anchore.com/blog/5-reasons-ai-and-ml-are-the-future-of-devsecops/ Low Code No Code Agile DevOps SecDevOps NoOps
  • 12. Implementing New Programing and Platforms in SecDevOps 12 Where Your Organization Can Implement New Programing and Platforms in SecDevOps The Cloud – AWS, Google, MS Azure, Oracle, SAP, IBM, and many others Apps – Clutch, AppFutura, Behance, Facebook, LinkedIn, Phabricator, Techreviewer, Decoded, AllAboutApps, and to many to list Devices – Android, Mac, MS, Intel, AMD, IBM and many others
  • 13. There is always a risk with change; changing culture, systems and processes. Don’t loose understanding what it’s all about. It’s about Good is practiced by all and implemented by Leadership Understanding You Future Vulnerabilities and Threats Win/Win/Win If we are to improve trust in the system, it is imperative using sound and timely tools, techniques and analysis Conclusion / Take Away 13
  • 14. I look forward to talking to you again in the future Next time, bring friends 14
  • 15. Aryal, M. (2016). Cyber War On Cyber Security Threats, Data Breaches. Security. ICT Frame. Retrieved from https://ictframe.com/cyber-war-on-cyber-security-threats-data-breaches/ Cassetto, O. (2019). 21 Top Cyber Security Threats and How Threat Intelligence Can Help. Information Security. Exabeam. Retrieved from https://www.exabeam.com/information- security/cyber-security-threat/#21 Cole, E. (2021). #63: The Top Cybersecurity Trends and Predictions for 2021. Life of a CISO. Secure Anchor Consulting. Retrieved from https://secure-anchor.com/podcast/ Divitec. (2021). Software Development. Divitec. Retrieved from http://divitec.org/wp-content/uploads/2018/08/34eb35_9e7aa43363764f7c97431ea29c0c064amv2.png DoD Cyber Exchange (2021). DevSecOps. DoD Cyber Exchange. Defense Information Systems Agency (DISA). Retrieved from https://public.cyber.mil/devsecops/ Kelly, W. (2021). 5 Reasons AI and ML are the Future of DevSecOps. Anchore. Retrieved from https://anchore.com/blog/5-reasons-ai-and-ml-are-the-future-of-devsecops/ Lemasov, E. (2021). DiatomEnterprises: Full-Service Development Company. Diatom Enterprises. Retrieved from https://diatomenterprises.com/our-process/ Neiva, C., Lawson, C., Bussa, T. & Sadowski, G. (2017) Innovation Insight for Security Orchestration, Automation and Response. Gartner Research. Gartner. Retrieved from https://www.gartner.com/en/documents/3834578/innovation-insight-for-security-orchestration-automation Pagel, T. (2021) DSOMM: OWASP DevSecOps Maturity Model. OWASP. Retrieved from https://owasp.org/www-project-devsecops-maturity-model/ Samant, D. (2020) A User’s Guide to DevSecOps Success. Technology & Innovation. Business 2 Community. Retrieved from https://www.business2community.com/cloud-computing/a- users-guide-to-devsecops-success-02300986 Sherwin Wulf, L. (2021). Leveraging Research to Elevate Brand Awareness & Generate Leads. Market Connections. Retrieved from http://www.marketconnectionsinc.com/managing-the- unpredictable-human-element-of-cybersecurity-2/ References 15

Editor's Notes

  1. This presentation was created for organizations looking for a way to reduce their risks by establishing and preforming secure software development by implementing innovative solutions when responding to future vulnerabilities and threats Audience: Dr. Brian Holbert, Northcentral University
  2. Today’s Agenda Not only are we going to cover this slide quicker than the Domino’s delivery person, we are going to cruse through this presentation in under 30 minutes or less, or it’s free. A Recommendation for a SecDevOps Approach When Responding to Future Vulnerabilities and Threats It’s All About Mitigating Risks to Vulnerabilities &Threats Organizational Description New Threats and Vulnerabilities to Your Organization Adjusting & Responding to the New Threats & Vulnerabilities Why Your Organization Needs SecDevOps Maturing Your Security Defenses with SecDevOps New Programing Techniques for Secure & Improved S/W Development New Platforms for Secure & Improved S/W Development Implementing New Programing and Platforms in DevSecOps Conclusion / Take Away References Dominos Pizza Car image curtesy of Bloomberg. https://www.bloomberg.com/features/2017-dominos-pizza-empire/
  3. Today we are going to cover the who, what, where, when, why and how organizations need to implement a security software development methodology in order to effectively respond to future vulnerabilities and threats. Who - Any Organization Which Builds / Implements Technical Solutions What - The Capabilities and Responses for Dealing With Future Vulnerabilities and Threats Where - On Prem, in the Cloud, and in Hybrid Solutions When - Through Out the Organization’s Secure Software Delivery Lifecyle Why - To Avoid Loss of Life, Production, Operations and Delivery How – by Baking in Security into the Development & Operational Processes
  4. Its very important for the organization to understand their why, It’s All About Mitigating Risks to Vulnerabilities &Threats. To understand the why, organizations need to Ask 3 Questions to Understand Why Your Organization Should Use Secure Software Development (DevSecOps) Methodology Are we on target to reduce our Risk? Do we understand mitigating our Risk is the highest priority? Have we implemented most cost-effective Risk Mitigation Solution? Ref: Cole, E. (2021). #63: The Top Cybersecurity Trends and Predictions for 2021. Life of a CISO. Secure Anchor Consulting. Retrieved from https://secure-anchor.com/podcast/
  5. The Organizational Profile Develops or Operates Technical Solutions Needs the Solution to Provide Confidentiality, Available and Have Integrity - While Being Scaleable, Reliable, Secure, Fast, Responsive, and Fault-Tolerant Requires Continuous Integration / Continuous Delivery shifting gears from an organization’s existing processes to a DevSecOps model of design and deployment can be daunting Start by getting to grips with what has changed. One of the most apparent differences is that with CI/CD, security checks and policy-driven privacy rules need to be now integrated into the coding pipeline and other tools. This is why you’ll often hear people talking about “baking in” security into the DevOps process (to result in DevSecOps). Automation levels will be far higher than previously, which will enable much greater speed and agility. The surface attack area will need to be re-examined too, and different tools deployed to protect against a new threat landscape. Different approaches currently exist for managing complexity and providing end-to-end visibility. The approach your organization opts for will depend on several factors, including its size, skills, and resource availability. Ref: Samant, D. (2020) A User’s Guide to DevSecOps Success. Technology & Innovation. Business 2 Community. Retrieved from https://www.business2community.com/cloud-computing/a-users-guide-to-devsecops-success-02300986
  6. Social Engineering – Phishing, Spear Phishing, Whaling, Homographic Ransomware – Malware, Spyware, Drive-by Downloads DDoS Attacks – Botnets, Smurf Attack, Trojan, (Wiper) Malware, TCP Syn Flood MitM – Session Hijacking, Replay Attack, IP Spoofing, Eavesdropping Third Party Software & The Supply Chain – Rogue software Cloud, On-Prem & Hybrid Computing – Internal Threat, Password Attack, Spoofing Who Are They - Internal Threat, Malicious Insider, State-sponsored ATP, Terrorist, Industrial Spies/Espionage, Organized Crime, Hackers, Hacktivist What Are They – AI / ML, Code, Bad Actors Cassetto, O. (2019). 21 Top Cyber Security Threats and How Threat Intelligence Can Help. Information Security. Exabeam. Retrieved from https://www.exabeam.com/information-security/cyber-security-threat/#21 Graphic curtesy of Ref: Sherwin Wulf, L. (2021). Leveraging Research to Elevate Brand Awareness & Generate Leads. Market Connections. Retrieved from http://www.marketconnectionsinc.com/managing-the-unpredictable-human-element-of-cybersecurity-2/
  7. The Value Add - How An Organization Can Adjust to New Threats & Vulnerabilities SecDevOps – Managing and Implementing Secure Development and Operation Activities Leverage Industry Controls – NIST, CIS, OWASP, MITRE Threat Intelligence – Anti-malware programs comparing code to a database of previously detected signatures Good Cyber-hygiene – Train, Practice, Test, Policy – 100% asset/inventory management 100% patching ensuring no critical data is on external facing systems use two or multifactor authentication Ref: Cole, E. (2021). #63: The Top Cybersecurity Trends and Predictions for 2021. Life of a CISO. Secure Anchor Consulting. Retrieved from https://secure-anchor.com/podcast/ SIEM & Monitoring Tools - data collection and analysis solutions SOAR (Gartner, 2017) - a category of cybersecurity solutions. - Security orchestration, automation, and response Cassetto, O. (2019). 21 Top Cyber Security Threats and How Threat Intelligence Can Help. Information Security. Exabeam. Retrieved from https://www.exabeam.com/information-security/cyber-security-threat/#21 Neiva, C., Lawson, C., Bussa, T. & Sadowski, G. (2017) Innovation Insight for Security Orchestration, Automation and Response. Gartner Research. Gartner. Retrieved from https://www.gartner.com/en/documents/3834578/innovation-insight-for-security-orchestration-automation Image courtesy of Aryal, M. (2016). Cyber War On Cyber Security Threats, Data Breaches. Security. ICT Frame. Retrieved from https://ictframe.com/cyber-war-on-cyber-security-threats-data-breaches/
  8. The OWASP DevSec Ops Maturity Model Build Deploy Educate & Guide Culture & Organization Processes Monitoring Logging Hardening Patch Management Dynamic Apps Static Apps Test-Intensity Consolidation App Testing Dynamic Infrastructure Static Infrastructure Pagel, T. (2021) DSOMM: OWASP DevSecOps Maturity Model. OWASP. Retrieved from lhttps://owasp.org/www-project-devsecops-maturity-model/
  9. Based on The DoD Software Lifecycle Model DoD Cyber Exchange (2021). DevSecOps. DoD Cyber Exchange. Defense Information Systems Agency (DISA). Retrieved from https://public.cyber.mil/devsecops/ SecDevOps Model Courtesy of Lemasov, E. (2021). DiatomEnterprises: Full-Service Development Company. Diatom Enterprises. Retrieved from https://diatomenterprises.com/our-process/
  10. Cloud-Native DevSecOps tools and the Data they Generate As enterprises rely more on cloud-native platforms for their SecDevOps toolchains, they also need to put the tools, frameworks, and processes to make the best use of the backend data that their platforms generate. Artificial intelligence and machine learning will enable DevSecOps teams to get their data under management faster while making it actionable for technology and business stakeholders alike. There’s also the prospect that AI and machine learning offer DevOps teams a different view of development tasks and enable organizations to create a new set of metrics Wins and losses in the cloud-native application market may very well be decided by which development teams and independent software vendors (ISVs) turn their data into actionable intelligence. Creating actionable intelligence gives their stakeholders and developers views into what their developers and sysadmins are doing right security and operations wise. 2. Data-Backed Support for the Automation of Container Scanning As the automation of container scanning becomes a standard requirement for commercial and public sector enterprises, so will the requirements to capture and analyze the security data and the software bill of materials (SBOM) that come with containers advancing through your toolchains. The DevSecOps teams of the future are going to require next-generation tools to capture and analyze the data that comes from the automation of vulnerability scanning of containers in their DevSecOps toolchains. AI and ML support for container vulnerability scanning offer a delicate balance of autonomy and speed to help capture and communicate incident and trends data for analysis and action by developers and security teams. 3. Support for Advanced DevSecOps Automation It’s a safe assumption that automation is only going to mature and advance in the future with no stopping. It’s quite possible that AI and ML will take on the repetitive legwork that powers some operations tasks such as software management and some other rote management tasks that fill up the schedules of present-day operations teams. While AI and ML won’t completely replace their operations teams, these technologies may certainly shape the future of operations team duties. While there’s always the fear that automation may replace human workers, the reality is going to be closer to ops teams becoming more about automation management. 4. DevOps to DevSecOps Transformation The SolarWinds, Colonial Pipeline, Equifax, Experian and other breaches are the perfect examples why organizations must transform from DevOps to DevSecOps to protect their toolchains and software supply chain. Not to mention, cloud migrations by commercial and government enterprises are going to require better analytics over development and operational data their teams and projects currently produce for on-premise applications. 5. DevSecOps to NoOps Transformation Beyond DevSecOps lies NoOps, a state where an enterprise automates so much that they no longer need an operations team, While the NoOps trend has been around for the past ten years, it still ranks as a forward-looking trend for the average enterprise. However, there are lessons you can learn now from NoOps in how it conceptualizes the future of operations automation that you can start applying to your DevOps and DevSecOps pipelines, even today. Kelly, W. (2021). 5 Reasons AI and ML are the Future of DevSecOps. Anchore. Retrieved from https://anchore.com/blog/5-reasons-ai-and-ml-are-the-future-of-devsecops/ Image Courtesy of Divitec. (2021). Software Development. Divitec. Retrieved from http://divitec.org/wp-content/uploads/2018/08/34eb35_9e7aa43363764f7c97431ea29c0c064amv2.png
  11. There is a plethora of platforms where an Organization Can Implement New Programing and Platforms in SecDevOps The Cloud – AWS, Google, MS Azure, Oracle, SAP, IBM, and many others Apps – Clutch, AppFutura, Behance, Facebook, LinkedIn, Phabricator, Techreviewer, Decoded, AllAboutApps, and to many to list Devices – Android, Mac, MS, Intel, AMD, IBM and many others Image Courtesy of Divitec. (2021). Software Development. Divitec. Retrieved from http://divitec.org/wp-content/uploads/2018/08/34eb35_9e7aa43363764f7c97431ea29c0c064amv2.png
  12. My contribution to you: A thoughtful consideration of the ideas and concepts presented through new thoughts and insights relating directly to the Establishment of SecDevOps methodology in your organization Win – Buy Understanding and taking the proactive actions and mitigating your risks by implementing defensive and protective measures and helping your staff, stakeholders and customer practice the right amount of cyberhygene because cybersecurity is everyone’s responsibilities We must remember, what gets measured gets measured. What gets measured can be improved. Measure your ability to practice good cyber-hygiene or the basics of good cybersecurity (Cole, 2021) 100% asset/inventory management 100% patching ensuring no critical data is on external facing systems use two or multifactor authentication