NOTE: See https://www.slideshare.net/DinisCruz/dinis-cruz-cv-ciso-and-transformation-agent-v12 for the latest version of my CV
Presentation with CV for Dinis Cruz
Created on 12 aug 2019
Dinis Cruz (CV) - CISO and Transformation Agent v1.2Dinis Cruz
Here is my CV (this format is much easier to consume than documents)
You can reach me on LinkedIn (https://www.linkedin.com/in/diniscruz/) , twitter (https://twitter.com/diniscruz) or email (dinis.cruz@owasp.org)
Created on 30 Oct 2019
CISO Application presentation - Babylon health securityDinis Cruz
This is the presentation that I created while applying for the CISO position at Babylon Health (note that I ended up taking up the CISO role at Revolut)
Making fact based decisions and 4 board decisions (Oct 2019)Dinis Cruz
The document discusses using data science and visualization techniques to connect security data sources and policies to risks and vulnerabilities in a graph database. This allows creating fact-based security decisions and risk dashboards. Workflows can then automate security incident handling and scale the approach. The approach aims to prevent crises rather than just incidents and make organizations safe rather than just secure.
The document discusses how serverless technologies can help security teams scale their operations through automated workflows. It advocates that security teams adopt serverless approaches to build workflows that are event-driven and leverage services like AWS Lambda, Azure Functions, and Google Cloud Functions. By taking a serverless approach, security activities like incident response, threat modeling, and risk analysis can be automated and scaled more easily. The document also discusses using technologies like Jira, Slack, property graphs and Jupyter notebooks to capture security data and build automated workflows and dashboards.
The benefits of police and industry investigation - NPCC ConferenceDinis Cruz
The document discusses the benefits of collaboration between police and industry on security issues. It notes that organizations with a history of attacks have more budget and focus on security, while those without see it as more of a marketing exercise. The key areas of security, automation, data science, and cloud services are mapped. Building relationships and sharing knowledge is emphasized over buying or outsourcing. Thinking in graphs, APIs, data science, and transparency are presented as important modern approaches to security.
Using OWASP Security Bot (OSBot) to make Fact Based Security DecisionsDinis Cruz
OSBot is a security bot that can help automate security tasks and decisions using data. It can generate graphs of data from tools like Jira to help understand security issues and their relationships. It uses a serverless architecture with components like Jira, Elastic, Slack, and Jupyter notebooks. The bot can create schemas to map real world data, generate workflows, and link together related information like policies, vulnerabilities, and risks for context-specific security projects. This allows for fact-based security decisions and global dashboards. Presentations and the code for OSBot are available to learn more.
Using Wardley Maps to Understand Security's Landscape and StrategyDinis Cruz
This document provides an overview of Wardley Maps, which are used to understand an organization's security landscape and strategy. It describes how to create Wardley Maps by starting with user needs, adding capabilities, and mapping evolution over time. Various examples are given of mapping security topics like threat landscapes, compliance, and cyber attacks. Community resources for collaborating and learning more about Wardley Mapping are also provided.
Dinis Cruz (CV) - CISO and Transformation Agent v1.2Dinis Cruz
Here is my CV (this format is much easier to consume than documents)
You can reach me on LinkedIn (https://www.linkedin.com/in/diniscruz/) , twitter (https://twitter.com/diniscruz) or email (dinis.cruz@owasp.org)
Created on 30 Oct 2019
CISO Application presentation - Babylon health securityDinis Cruz
This is the presentation that I created while applying for the CISO position at Babylon Health (note that I ended up taking up the CISO role at Revolut)
Making fact based decisions and 4 board decisions (Oct 2019)Dinis Cruz
The document discusses using data science and visualization techniques to connect security data sources and policies to risks and vulnerabilities in a graph database. This allows creating fact-based security decisions and risk dashboards. Workflows can then automate security incident handling and scale the approach. The approach aims to prevent crises rather than just incidents and make organizations safe rather than just secure.
The document discusses how serverless technologies can help security teams scale their operations through automated workflows. It advocates that security teams adopt serverless approaches to build workflows that are event-driven and leverage services like AWS Lambda, Azure Functions, and Google Cloud Functions. By taking a serverless approach, security activities like incident response, threat modeling, and risk analysis can be automated and scaled more easily. The document also discusses using technologies like Jira, Slack, property graphs and Jupyter notebooks to capture security data and build automated workflows and dashboards.
The benefits of police and industry investigation - NPCC ConferenceDinis Cruz
The document discusses the benefits of collaboration between police and industry on security issues. It notes that organizations with a history of attacks have more budget and focus on security, while those without see it as more of a marketing exercise. The key areas of security, automation, data science, and cloud services are mapped. Building relationships and sharing knowledge is emphasized over buying or outsourcing. Thinking in graphs, APIs, data science, and transparency are presented as important modern approaches to security.
Using OWASP Security Bot (OSBot) to make Fact Based Security DecisionsDinis Cruz
OSBot is a security bot that can help automate security tasks and decisions using data. It can generate graphs of data from tools like Jira to help understand security issues and their relationships. It uses a serverless architecture with components like Jira, Elastic, Slack, and Jupyter notebooks. The bot can create schemas to map real world data, generate workflows, and link together related information like policies, vulnerabilities, and risks for context-specific security projects. This allows for fact-based security decisions and global dashboards. Presentations and the code for OSBot are available to learn more.
Using Wardley Maps to Understand Security's Landscape and StrategyDinis Cruz
This document provides an overview of Wardley Maps, which are used to understand an organization's security landscape and strategy. It describes how to create Wardley Maps by starting with user needs, adding capabilities, and mapping evolution over time. Various examples are given of mapping security topics like threat landscapes, compliance, and cyber attacks. Community resources for collaborating and learning more about Wardley Mapping are also provided.
By 2025, millennials are projected to make up 75% of the total workforce. Organizations have been adapting their processes, policies and environments to match the millennial culture, but are they truly prepared to handle millennial technology practices? Michael Crouse – Forcepoint VP, Insider Threat explains.
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
Balancing productivity and security has been an age old challenge for IT. Nowadays, tight budgets and a shortage of skilled security personnel are further complicating the security equation at a time when mobile workers and cloud applications require effective defenses beyond traditional perimeters. Fortunately, there are new perspectives and best practices to help Government IT security leaders secure systems and users everywhere, with the same level of mission-critical protection that Federal networks require.
Security Insights for Mission-Critical NetworksForcepoint LLC
Networks are at the heart of the most critical missions. In environments where network availability and increased comprehensive security seem to be at odds, what are the options? Learn why traditional firewall solutions have been replaced with next gen technologies that mitigate the management burden while offering even more robust security and protection.
Cloudy with a Chance of...Visibility, Accountability & SecurityForcepoint LLC
Cloud adoption is driving value into businesses like never before. Trying to manage security and compliance in the use of cloud platforms and applications can be challenging, with visibility being "cloudy" at best. That situation can drive stress and frustration into already overworked security teams. In this session Doug Copley will explain how the latest cloud security platforms can be the foglight to improve visibility and information risk management while enabling organizations to safely adopt those transformative technologies that will advance the mission of the organization.
State of Cybersecurity in 2018 - Our Top PredictionsComodo SSL Store
2017 is about to end. We must accept the truth that the year 2017 was full of phishing scams, ransomware and more data breaches that we can count. We're going to see more attacks with increasing reliance on digital technologies. We have collected our predictions in this slide share.
Original Article published-
https://comodosslstore.com/blog/predicting-cyber-security-threats-2018.html
Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed.
2017 was a busy year for hackers who used new, ingenious attack vectors and methods such as fileless malware to hold organizations ransom and steal their sensitive data. These threats are almost certain to continue in 2018 and, along with them, there will be even bigger challenges as larger, more advanced cyberattacks target what was previously considered safe havens -- well-guarded critical infrastructure, public clouds, block chains and more. What’s in Store for 2018?
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Kenneth de Brucq
This document discusses the need for a holistic and connected approach to security. It summarizes that current security approaches are siloed and fragmented, leaving gaps that bad actors can exploit. Dell proposes delivering security solutions that work together across an entire organization from the network to endpoints to data and applications. This holistic vision aims to manage risk, costs, and IT investments while improving services, compliance, and the ability to adopt new technologies. Dell claims its connected security approach and portfolio of solutions can better protect organizations and enable the business.
An Inside-Out Approach to Security in Financial ServicesForcepoint LLC
This presentation addresses the following:
- Key challenges in Financial Services
- Requirements for Building an Insider Threat Program
- The Forcepoint Approach
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...MarketingArrowECS_CZ
The document discusses how Forcepoint can help organizations comply with the General Data Protection Regulation (GDPR). It summarizes that Forcepoint provides solutions to help with three key requirements of GDPR: inventorying personal data, mapping and controlling personal data flows, and being prepared to timely respond to data incidents. The document provides examples of Forcepoint products that address each of these requirements.
AxCrypt has over 15 years established itself as one of the strongest brands in the file encryption industry. With over 10 million users, we have proven that our service works and is appreciated. Since we launched our commercial version of AxCrypt May 2016 we already been appointed "The world's best encryption software" of the prestigious PC Magazine and received over 150 000 new users. Now we need to bring in capital to expand our team and build business solutions for B2B customers that we have many inquiries from.
Ask CIOs what’s keeping them up at night, and you’ll hear recurring themes:
“OUR CYBERSECURITY RISK PROFILE GIVES ME NIGHTMARES.”
“EVERYONE’S ASKING ABOUT HIRING DEV TALENT, BUT I DON’T KNOW HOW I’LL RETAIN THE GOOD PEOPLE I HAVE.”
“THE BUSINESS WANTS APPS FASTER. THEY’D FREAK OUT IF THEY KNEW WHAT’S HAPPENING BEHIND THE CURTAIN.”
It’s because digital is a curveball for many IT functions. Everyone wants data for their digital initiative du jour: transitioning apps to the cloud, mobilizing existing apps, or that AI/ML initiative. And that creates headaches, like the risk of non-production data breaches, IT talent burnout fulfilling data requests, and project delays from spinning wheels setting up environments
GDPR aneb jak umí Veritas pomoci být v souladu s tímto nařízenímMarketingArrowECS_CZ
The document discusses the challenges of complying with the EU's new General Data Protection Regulation (GDPR) which takes effect in May 2018. It outlines Veritas' framework and tools to help organizations uncover personal data, make it searchable, minimize and control it, protect it from loss or damage, and ensure continual compliance. Veritas provides solutions like Data Insight, Enterprise Vault, NetBackup, and Access to help companies address the key challenges of getting a handle on their data, allowing people to be forgotten, and protecting the data that is kept in accordance with GDPR requirements.
Security challenges in a multi cloud environmentEyal Estrin
This document discusses security challenges in multi-cloud environments. It begins with an introduction to multi-cloud strategies and reasons for adopting a multi-cloud approach. Key challenges include knowledge gaps, cost management, deployment difficulties, and vendor lock-in. Regarding security, the top threats are discussed such as data breaches, weak identity management, insecure APIs, and vulnerabilities. Solutions proposed to mitigate these challenges include centralized security tools, identity federation, access management, and embedding security practices in development processes. Overall, the document advocates for a multi-cloud strategy, training, automation, and integrating security across cloud platforms.
Cloud Security Alliance UK presentation for Cloud World Forum 2015 in London. What companies should do to make correct decision when considering cloud solutions.
Protecting Digital Economy through Vulnerability Coordination CenterGirindro Pringgo Digdo
The document summarizes a presentation given by Girindro Pringgo Digdo from the State Cyber and Cryptography Agency on protecting the digital economy through a vulnerability coordination center. It discusses challenges like increasing ease of use of technology, expanded network environments, decreasing skills needed for exploits, and cybersecurity skills gaps. It also outlines three steps for vulnerability coordination: preparation before incidents, isolating and monitoring during incidents, and lessons learned and improved defenses after incidents. The presentation concludes with discussing available bounty programs and references to hacker invitation programs and cybersecurity frameworks.
The document discusses Cisco's secure, intelligent platform for digital business. It highlights Cisco's focus on reinventing the network through intent-based networking, embracing a multicloud world, unlocking the power of data, improving the human experience, and ensuring security is foundational. The platform is designed to deliver insights and intelligence across network, security, data center, applications, IoT, and clouds.
This document provides an introduction and overview of NoSQL databases. It discusses topics including what NoSQL is, how it differs from SQL databases, the CAP theorem, examples of the NoSQL ecosystem, use cases for NoSQL, and approaches to hybrid database designs. The document aims to explain key concepts about NoSQL beyond it just being a buzzword and demonstrates how big data is now common across many domains, from social media to healthcare.
This document summarizes a presentation by Paul Smith from Red Hat about building a future based on open source technology. It discusses Red Hat's mission to be a catalyst for customers, contributors and partners to create better technology through open source methods. It also introduces Red Hat's Global Transformation Office, which works with customers to implement practices from books like The Phoenix Project and The DevOps Handbook. Finally, it discusses Red Hat's vision for an open hybrid cloud platform.
VMware held a leadership summit in 2017 to discuss challenges facing public sector IT leaders and opportunities to modernize government IT. The document outlines 5 myths about IT strategies and how VMware's portfolio of solutions can help address issues around bi-modal IT, hybrid cloud strategies, cybersecurity, mobile experiences, and container proliferation. VMware aims to help customers conquer silos across compute, storage, applications and clouds through virtualization, software-defined data center technologies, and cross-cloud architectures.
This document summarizes Cisco's Partner Summit 2017, focusing on enabling a multicloud world. It introduces Cisco's new multicloud portfolio and offerings to help partners design, migrate, manage, and secure customer workloads across public and private clouds. Key speakers discuss opportunities in multicloud consulting, managed services, and software integration. Cisco and Google announce an open hybrid cloud solution integrating Google Cloud Platform with Cisco infrastructure software.
DCD Internet covers the full “mud to cloud” infrastructure stack and eco-system in the internet-facing, web-scale, third-platform, cloud data center.
Driven by all-things 3rd Platform and Web 3.0 – IoT, cloud, mobile, and big data/analytics – the conference program focuses on the movement toward the full-stack – physical and logical. Industry experts will uncover the impact of these next-generation IT foundation technologies and the role of the application optimized software defined infrastructure of SDDC, SDN, cloud, open-source, and hyperconvergence among others.
Hear from visionary thought-leaders and innovators leading the way toward the true “digital enterprise” in the ZettaByte era and discover how to drive costs out of the IT and data center infrastructure, reduce risk, and quicken time-to-market agility and pace.
Do not miss this chance to gain high-value perspectives and learn about the tools and techniques that will accelerate your smart
data center and cloud infrastructure and operations strategy.
By 2025, millennials are projected to make up 75% of the total workforce. Organizations have been adapting their processes, policies and environments to match the millennial culture, but are they truly prepared to handle millennial technology practices? Michael Crouse – Forcepoint VP, Insider Threat explains.
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
Balancing productivity and security has been an age old challenge for IT. Nowadays, tight budgets and a shortage of skilled security personnel are further complicating the security equation at a time when mobile workers and cloud applications require effective defenses beyond traditional perimeters. Fortunately, there are new perspectives and best practices to help Government IT security leaders secure systems and users everywhere, with the same level of mission-critical protection that Federal networks require.
Security Insights for Mission-Critical NetworksForcepoint LLC
Networks are at the heart of the most critical missions. In environments where network availability and increased comprehensive security seem to be at odds, what are the options? Learn why traditional firewall solutions have been replaced with next gen technologies that mitigate the management burden while offering even more robust security and protection.
Cloudy with a Chance of...Visibility, Accountability & SecurityForcepoint LLC
Cloud adoption is driving value into businesses like never before. Trying to manage security and compliance in the use of cloud platforms and applications can be challenging, with visibility being "cloudy" at best. That situation can drive stress and frustration into already overworked security teams. In this session Doug Copley will explain how the latest cloud security platforms can be the foglight to improve visibility and information risk management while enabling organizations to safely adopt those transformative technologies that will advance the mission of the organization.
State of Cybersecurity in 2018 - Our Top PredictionsComodo SSL Store
2017 is about to end. We must accept the truth that the year 2017 was full of phishing scams, ransomware and more data breaches that we can count. We're going to see more attacks with increasing reliance on digital technologies. We have collected our predictions in this slide share.
Original Article published-
https://comodosslstore.com/blog/predicting-cyber-security-threats-2018.html
Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed.
2017 was a busy year for hackers who used new, ingenious attack vectors and methods such as fileless malware to hold organizations ransom and steal their sensitive data. These threats are almost certain to continue in 2018 and, along with them, there will be even bigger challenges as larger, more advanced cyberattacks target what was previously considered safe havens -- well-guarded critical infrastructure, public clouds, block chains and more. What’s in Store for 2018?
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Kenneth de Brucq
This document discusses the need for a holistic and connected approach to security. It summarizes that current security approaches are siloed and fragmented, leaving gaps that bad actors can exploit. Dell proposes delivering security solutions that work together across an entire organization from the network to endpoints to data and applications. This holistic vision aims to manage risk, costs, and IT investments while improving services, compliance, and the ability to adopt new technologies. Dell claims its connected security approach and portfolio of solutions can better protect organizations and enable the business.
An Inside-Out Approach to Security in Financial ServicesForcepoint LLC
This presentation addresses the following:
- Key challenges in Financial Services
- Requirements for Building an Insider Threat Program
- The Forcepoint Approach
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...MarketingArrowECS_CZ
The document discusses how Forcepoint can help organizations comply with the General Data Protection Regulation (GDPR). It summarizes that Forcepoint provides solutions to help with three key requirements of GDPR: inventorying personal data, mapping and controlling personal data flows, and being prepared to timely respond to data incidents. The document provides examples of Forcepoint products that address each of these requirements.
AxCrypt has over 15 years established itself as one of the strongest brands in the file encryption industry. With over 10 million users, we have proven that our service works and is appreciated. Since we launched our commercial version of AxCrypt May 2016 we already been appointed "The world's best encryption software" of the prestigious PC Magazine and received over 150 000 new users. Now we need to bring in capital to expand our team and build business solutions for B2B customers that we have many inquiries from.
Ask CIOs what’s keeping them up at night, and you’ll hear recurring themes:
“OUR CYBERSECURITY RISK PROFILE GIVES ME NIGHTMARES.”
“EVERYONE’S ASKING ABOUT HIRING DEV TALENT, BUT I DON’T KNOW HOW I’LL RETAIN THE GOOD PEOPLE I HAVE.”
“THE BUSINESS WANTS APPS FASTER. THEY’D FREAK OUT IF THEY KNEW WHAT’S HAPPENING BEHIND THE CURTAIN.”
It’s because digital is a curveball for many IT functions. Everyone wants data for their digital initiative du jour: transitioning apps to the cloud, mobilizing existing apps, or that AI/ML initiative. And that creates headaches, like the risk of non-production data breaches, IT talent burnout fulfilling data requests, and project delays from spinning wheels setting up environments
GDPR aneb jak umí Veritas pomoci být v souladu s tímto nařízenímMarketingArrowECS_CZ
The document discusses the challenges of complying with the EU's new General Data Protection Regulation (GDPR) which takes effect in May 2018. It outlines Veritas' framework and tools to help organizations uncover personal data, make it searchable, minimize and control it, protect it from loss or damage, and ensure continual compliance. Veritas provides solutions like Data Insight, Enterprise Vault, NetBackup, and Access to help companies address the key challenges of getting a handle on their data, allowing people to be forgotten, and protecting the data that is kept in accordance with GDPR requirements.
Security challenges in a multi cloud environmentEyal Estrin
This document discusses security challenges in multi-cloud environments. It begins with an introduction to multi-cloud strategies and reasons for adopting a multi-cloud approach. Key challenges include knowledge gaps, cost management, deployment difficulties, and vendor lock-in. Regarding security, the top threats are discussed such as data breaches, weak identity management, insecure APIs, and vulnerabilities. Solutions proposed to mitigate these challenges include centralized security tools, identity federation, access management, and embedding security practices in development processes. Overall, the document advocates for a multi-cloud strategy, training, automation, and integrating security across cloud platforms.
Cloud Security Alliance UK presentation for Cloud World Forum 2015 in London. What companies should do to make correct decision when considering cloud solutions.
Protecting Digital Economy through Vulnerability Coordination CenterGirindro Pringgo Digdo
The document summarizes a presentation given by Girindro Pringgo Digdo from the State Cyber and Cryptography Agency on protecting the digital economy through a vulnerability coordination center. It discusses challenges like increasing ease of use of technology, expanded network environments, decreasing skills needed for exploits, and cybersecurity skills gaps. It also outlines three steps for vulnerability coordination: preparation before incidents, isolating and monitoring during incidents, and lessons learned and improved defenses after incidents. The presentation concludes with discussing available bounty programs and references to hacker invitation programs and cybersecurity frameworks.
The document discusses Cisco's secure, intelligent platform for digital business. It highlights Cisco's focus on reinventing the network through intent-based networking, embracing a multicloud world, unlocking the power of data, improving the human experience, and ensuring security is foundational. The platform is designed to deliver insights and intelligence across network, security, data center, applications, IoT, and clouds.
This document provides an introduction and overview of NoSQL databases. It discusses topics including what NoSQL is, how it differs from SQL databases, the CAP theorem, examples of the NoSQL ecosystem, use cases for NoSQL, and approaches to hybrid database designs. The document aims to explain key concepts about NoSQL beyond it just being a buzzword and demonstrates how big data is now common across many domains, from social media to healthcare.
This document summarizes a presentation by Paul Smith from Red Hat about building a future based on open source technology. It discusses Red Hat's mission to be a catalyst for customers, contributors and partners to create better technology through open source methods. It also introduces Red Hat's Global Transformation Office, which works with customers to implement practices from books like The Phoenix Project and The DevOps Handbook. Finally, it discusses Red Hat's vision for an open hybrid cloud platform.
VMware held a leadership summit in 2017 to discuss challenges facing public sector IT leaders and opportunities to modernize government IT. The document outlines 5 myths about IT strategies and how VMware's portfolio of solutions can help address issues around bi-modal IT, hybrid cloud strategies, cybersecurity, mobile experiences, and container proliferation. VMware aims to help customers conquer silos across compute, storage, applications and clouds through virtualization, software-defined data center technologies, and cross-cloud architectures.
This document summarizes Cisco's Partner Summit 2017, focusing on enabling a multicloud world. It introduces Cisco's new multicloud portfolio and offerings to help partners design, migrate, manage, and secure customer workloads across public and private clouds. Key speakers discuss opportunities in multicloud consulting, managed services, and software integration. Cisco and Google announce an open hybrid cloud solution integrating Google Cloud Platform with Cisco infrastructure software.
DCD Internet covers the full “mud to cloud” infrastructure stack and eco-system in the internet-facing, web-scale, third-platform, cloud data center.
Driven by all-things 3rd Platform and Web 3.0 – IoT, cloud, mobile, and big data/analytics – the conference program focuses on the movement toward the full-stack – physical and logical. Industry experts will uncover the impact of these next-generation IT foundation technologies and the role of the application optimized software defined infrastructure of SDDC, SDN, cloud, open-source, and hyperconvergence among others.
Hear from visionary thought-leaders and innovators leading the way toward the true “digital enterprise” in the ZettaByte era and discover how to drive costs out of the IT and data center infrastructure, reduce risk, and quicken time-to-market agility and pace.
Do not miss this chance to gain high-value perspectives and learn about the tools and techniques that will accelerate your smart
data center and cloud infrastructure and operations strategy.
This document proposes several technology industry events to be hosted by GigaOM in 2013, including Structure:Data in March, paidContent in April, Structure in June, Structure:Europe in September, Mobilize in October, and RoadMap in November. The proposal provides details on the audience sizes, topics, participants, and sponsorship opportunities for each event. Sponsorship rates range from $12,000 to $85,000 and provide benefits such as speaking opportunities, advertisements, attendee lists, and tickets.
GIDS is not just a summit—it's a platform that brings together over 5,000 of your peers, over 150 talks by independent and industry experts, and the world's leading product, service and consulting companies, talent and employer brands, all under one roof. It's an opportunity to delve deeper, to gain insights that go beyond the written word, and to stay abreast with the latest developments in Software Engineering, Architecture, AI and Data Engineering, DevOps, Tech Leadership.
This document proposes sponsorship opportunities for Aspera at several GigaOM technology events in 2013. It outlines six industry leading events that bring together executives from various sectors to discuss emerging technologies. Sponsorship rates range from $12,000-$85,000 and include benefits like speaking opportunities, advertisements, and access to attendees. The proposed packages for Aspera include sponsoring multiple events at discounted rates, with a grand total of [AMOUNT].
From AutoCAD to web design, these professional certificates from the College of Continuing and Professional Education at Kennesaw State University will help you reach your tech training goals.
Developers Driving DevOps at Scale: 5 Keys to SuccessDevOps.com
As DevOps adoption matures in organizations, DevOps teams are leading the charge for enabling enterprises to scale their DevOps efforts to support increasingly complex application delivery requirements.
Tooling and processes that might have worked for more simple use cases often fail when applied across large-scale software delivery -- needing to support ALL teams, GEOs, point-tools, applications, processes, regulatory requirements, environments, and more.
How do you improve developer productivity and release velocity, without sacrificing governance, security, and org efficiency?
How do you streamline your processes and organizational alignment, without sacrificing flexibility and freedom of choice?
How do you support thousands of developers, applications and pipelines - both legacy and cloud-native - without getting buried in plugins/tools/spaghetti-scripts hell?
Join guest speaker Charles Betz, lead DevOps analyst at Forrester Research, and Loreli Cadapan, Sr. Director Product Management at JFrog, as they share architectural patterns, best practices and proven tips for scaling DevOps in the enterprise.
This document provides an agenda and overview for IBM's Cloud Tour 2016 Discover track. The agenda includes lightning talks on various cloud topics, followed by roundtable discussions and demos in the afternoon. Six IBM experts are listed as tour guides to lead sessions on hybrid cloud journeys, evolving data centers, securing hybrid clouds, innovating with speed and agility, emerging technologies, and IBM's cloud brokerage platform. The document provides brief biographies for each expert and summaries of their session topics.
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
Every organization is looking to differentiate needs to create unique and compelling digital experiences for both external and internal customers. And yet, building these experiences is difficult and slow due to the complexity that comes from integrating existing systems, building new services, and managing new APIs. Piecing together the development and operation technologies you need — including Kubernetes, Docker, and service meshes — takes time and requires dedicated expertise to manage.
Choreo is a Digital Platform as a Service for delivering new digital experiences optionally pre-integrated with Ethos Identity. Choreo enables you to shift your focus from operations back to development by abstracting away the complexity of cloud-native infrastructure so you can create new integrations, services, and APIs in hours or days instead of weeks or months.
Explore how Choreo can make your digital development and operations fast, simple, and secure.
O futuro das empresas passa pelas constantes transformações digitais e, para isso, é fundamental manter aplicações que atendam às exigências dos clientes e, sobretudo, seguras. Nesse cenário, nasceu o conceito de DevSecOps, descrevendo um conjunto de práticas para integração entre as equipes de desenvolvimento de software. Nesta palestra, entenderemos mais sobre conceitos e como aplicar DevSecOps na prática. Provocaremos discussões “saudáveis” sobre o modelo tradicional de desenvolvimento e este modelo ágil que está trazendo uma grande mudança de paradigma na construção de aplicações.
This document contains a presentation about DevSecOps given by Diego Cardoso from GFT. The presentation discusses how security has traditionally been separated from development and operations in the software development lifecycle. It then outlines how DevSecOps aims to integrate security from the beginning through practices like shifting security left to earlier phases, establishing a security mindset across teams, and implementing security testing tools and processes that allow for rapid yet secure delivery. Trends discussed include the growing DevSecOps landscape and focus on topics like cloud security and compliance with data protection regulations like LGPD.
Upskilling: Adapting Humans At The Speed of DevOpsDevOps.com
The Software Delivery Leadership Forum (SDLF) is a series of open, online and interactive discussions focused on topics related to Agile, DevOps and Continuous Delivery.
On Episode 2, we’ll discuss The Humans of DevOps. Our featured speaker will kick us off with a thirty minute presentation to review their recently published Upskilling research report with an emphasis on data collected in the European market. We’ll discuss the implications this data has on hiring, managing, and growing high performing teams.
This will be followed by a live moderated forum discussion. Audience questions will be fielded by an expanded panel of thought leaders and practitioners, each of whom bring their own unique perspective and insights to the discussion.
Platform Strategy to Deliver Digital Experiences on AzureWSO2
This slide deck introduces Choreo, a cloud native internal developer platform by Microsoft independent software vendor (ISV) Partner, WSO2. It enables your developers to create, deploy, and run new digital components like APIs, microservices, and integrations in serverless mode on any Kubernetes cluster with built-in DevSecOps.
Recording: https://wso2.com/choreo/resources/webinar/platform-strategy-to-deliver-digital-experiences-on-azure/
The document provides information about Google Developer Student Clubs (GDSC) at IINTM and invites students to join. It introduces the leads and core team of GDSC IINTM. It outlines the benefits of joining including learning opportunities, networking, and skills development. Students are encouraged to participate in events and connect with the community. The document highlights some upcoming events and encourages students to ask questions.
presented at Web Unleashed 2019
For more info see https://fitc.ca/event/webu19/
Kevin Daly RBC Ventures
Every developer has faced the difficult choice of deciding what tech stack they should use for a new project. Should you use the latest tech or something that everyone knows? Which framework is the best for your team? To survive your tech stack, developers must make trade-offs with developing on new tech stacks and the ability to maintain and scale their applications.
In this presentation, you’ll learn how to evaluate your tech stack and understand the pros and cons of using bleeding edge technology. Using his past experiences, Kevin will also share his lessons learned and how his team tackles managing their tech stack today.
Meetup - DevSecOps: Colocando segurança na esteira
Material apresentado no 12º Meetup do Scrum-Aplicado - 18/09/2019 às 19hrs.
O futuro das empresas passa pelas constantes transformações digitais e, para isso,
é fundamental manter aplicações que atendam às exigências dos clientes e, sobretudo, seguras.
Nesse cenário, nasceu o conceito de DevSecOps, descrevendo um conjunto de práticas
para integração entre as equipes de desenvolvimento de software.
Nesta palestra, entenderemos mais sobre conceitos e como aplicar DevSecOps na prática.
Provocaremos discussões “saudáveis” sobre o modelo tradicional de desenvolvimento
e este modelo ágil que está trazendo uma grande mudança de paradigma na construção de aplicações.
The CHIPS Alliance is a Linux Foundation project that develops open source hardware specifications, implementations, verification tools, and IP blocks. It aims to lower the costs of hardware development through collaboration and shared resources. Members include companies and organizations working on CPUs, interconnects, I/O, machine learning accelerators, and more. The CHIPS Alliance uses Apache 2.0 licensing to encourage IP contribution and participation while allowing commercial use of outputs. It provides a neutral environment for hardware collaboration across companies and countries.
The document provides an agenda for the #IBMCloudTour16 event, which includes lightning talks on various cloud topics, roundtable discussions, and demos of emerging cloud technologies. The event aims to help attendees map their hybrid cloud journey, evolve their data centers, secure hybrid clouds, innovate with speed and agility, and learn about emerging technologies like blockchain, Watson for cybersecurity, and IBM cloud brokerage solutions. Various IBM experts will lead the sessions and be available for consultation at an Expert Bar.
Similar to (OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6 (20)
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)Dinis Cruz
The document discusses using threat models and Wardley maps as a case study for the Glasswall Proxy product. It introduces the Glasswall workflow and architecture, then shifts to discussing threat models and improving an initial threat model diagram. The document suggests threat models are works of art and moves the example threat model to the PlantUML diagramming language. It explores if threat models are maps, refers to Simon Wardley's definition of maps, and how mapping can help decide what to build, buy, or outsource based on maturity and risk.
Glasswall - Safety and Integrity Through Trusted FilesDinis Cruz
The document discusses cybersecurity threats facing organizations and how traditional antivirus solutions are often unable to stop advanced malware. It introduces Glasswall's Content Disarm and Reconstruction (CDR) technology, which regenerates files to remove risks like malware while preserving file contents. CDR analyzes files at the visual, functional, and structural layers to sanitize them according to policy. This allows Glasswall to stay ahead of evolving threats unlike antivirus solutions.
Glasswall - How to Prevent, Detect and React to Ransomware incidentsDinis Cruz
The document provides guidance on how to prevent, detect, and react to ransomware incidents. For detection, it recommends techniques to gain advantage over malicious behavior during an attack, including reducing the blast radius through network segmentation, blocking propagation and detonation with endpoint protection, reducing payloads activated through user education, and preparing and rehearsing response with incident response playbooks. It also stresses the importance of incident response, situational awareness, and using incidents to improve security capabilities.
GSBot Commands (Slack Bot used to access Jira data)Dinis Cruz
Here is an introduction to the Slack Bot we created at Photobox Group Security
This bot is based on the OWASP Security Bot project (https://github.com/owasp-sbot)
OSBot - Data transformation workflow (from GSheet to Jupyter)Dinis Cruz
Example of workflows created by the OWASP SBot (Security Bot)
https://github.com/owasp-sbot
See also https://www.slideshare.net/DinisCruz/osbot-jira-data-import-from-gsheet-to-jira-via-jupyter-v09
Jira schemas - Open Security Summit (Working Session 21th May 2019)Dinis Cruz
The document discusses using Jira to map an organization's security landscape. It describes how Photobox has created issue types and links in Jira to represent different security program elements. Examples are provided of how issues, projects, risks, roles, assets, services, and people can be linked to build the security framework in Jira.
Template for "Sharing anonymised risk theme dashboards v0.8"Dinis Cruz
This document discusses sharing anonymized risk dashboards to visualize an organization's risk posture. It prompts the reader to anonymously share a risk dashboard for a past or current business by listing risk themes in six risk areas and scoring each area's risk level. Dashboards allow risk landscapes to be easily communicated over time and help understand the risk impact of decisions. The reader is instructed to anonymously provide industry, business size, revenue, and security team size details to populate an example dashboard.
The document discusses the OWASP Open Security Summits, which are conferences that have been held since 2008. They provide a place for OWASP leaders to meet, collaborate, and build relationships. The summits feature working sessions on security topics and have resulted in the incubation of future OWASP leaders. In 2018, the name was changed to the Open Security Summit. The document requests that OWASP sponsor attendance at the 2019 summit by buying tickets for OWASP leaders, as they have done in previous years.
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...Dinis Cruz
This document discusses creating a graph-based security organization. It outlines security's objectives like allowing business operations while managing risk. Security is a driver of change and sits at the center of organizational data. The only effective way to manage and understand this relational data is as a graph. The presenter's organization refactored their risk workflow and JIRA implementation to represent data as a graph stored in a queryable database. They use tools like ELK, Slack bots, and plantUML diagrams to visualize and interact with the security graph. This empower's data-driven security decisions and risk management. The presenter provides examples of risk dashboards and encourages collaboration to further develop these graph-based approaches.
Open security summit 2019 owasp london 25th febDinis Cruz
The document advertises the Open Security Summit 2019 conference happening in London from June 3-7. It will bring together security experts, developers, users, government agencies and vendors to collaborate on solving hard security problems. Participants will have the opportunity to engage in working sessions from 8am to 2am focused on 12 tracks, including outcomes from last year's summit. Individuals can purchase tickets, seek sponsorship, or have their company sponsor the event. The goal is to create a collaborative environment for maximum productivity and synergies between attendees.
Owasp summit 2019 - OWASP London 25th febDinis Cruz
This document does not contain any substantive content to summarize. It appears to be blank or contain only formatting characters with no meaningful text. In 3 sentences or less, a summary cannot be provided as there is no information within the given document to summarize.
Evolving challenges for modern enterprise architectures in the age of APIsDinis Cruz
As presented at https://www.prnewswire.com/news-releases/forum-systems-and-infosecurity-magazine-to-host-api-security-best-practices-briefing-and-ai-workshop-300709787.html on 20 Sep 2018
How to not fail at security data analytics (by CxOSidekick)Dinis Cruz
1. The document discusses the challenges of obtaining security-related data from different sources and transporting it to a central platform for analysis. It addresses questions about data volume, collection methods, filtering and formatting.
2. Setting up a security data pipeline involves determining what data to collect from various host systems, networks, and applications. Data must then be forwarded from collectors to a central platform while managing bandwidth, latency, and failures.
3. Collecting the right security-related data is vital for detecting threats and being able to investigate incidents. The document argues for collecting most available data by default and filtering out exceptions, rather than only collecting predefined types of data.
This document discusses how graphs can be used as a framework for problem solving and provides examples of how many different domains can be modeled as graphs, including security threat models, ideas, source code, Git repositories, the web, and Jira workflows. It also discusses how the speaker's company uses Neo4j and Jira as graph databases to model security projects and incidents.
The document announces the Open Security Summit 2018 to be held in London from June 4th to 8th. It will follow the 2017 edition of the summit and focus on collaboration around open security at a rate of 16 times per day for 5 days. The summit website is https://open-security-summit.org.
Using security to drive chaos engineering - April 2018Dinis Cruz
Presentation I delivered at ISSA UK "Application Security - London Chapter Meeting" https://www.eventbrite.co.uk/e/application-security-london-chapter-meeting-tickets-42284085839
Using security to drive chaos engineeringDinis Cruz
This document discusses chaos engineering and how it relates to security testing. Some key points:
- Chaos engineering involves experimenting on systems by introducing variables like server crashes or network failures to test how systems respond to turbulent conditions. This helps build confidence in systems' availability.
- Security testing can be viewed as a form of chaos engineering, as security tests intentionally introduce "changes" like vulnerabilities to verify systems' security and resilience.
- To test systems effectively, experiments should be run continuously in production environments and introduce real-world events while minimizing impact. This helps validate that systems can withstand attacks and changes in production.
- Properties of resilient, secure systems include availability, ability to handle failures, validating all
Scaling security in a cloud environment v0.5 (Sep 2017)Dinis Cruz
This document summarizes a presentation on scaling security in cloud environments. The key points are:
1. Testing and automation are essential for scaling security in the cloud. All aspects of the cloud environment, from provisioning to deployment to scaling, need to be tested.
2. Performance tests should be run daily, including during high-volume periods, to test the behavior of the system under different loads. Quality assurance tests can serve as good performance tests when executed in random order.
3. Automated scaling is a powerful feature of the cloud but autoscaling rules and behaviors also need to be tested to ensure they work as expected under different conditions.
Improving the quality of Cyber Security Hires via Pre-Interview Challenges Dinis Cruz
Slides for presentation delivered at OWASP London Chapter Jan 2018 meeting about the recruitment workflow that we have implemented for https://pbx-group-security.com/
Creating a Graph Based Security Organisation - DevSecCon KeynoteDinis Cruz
This document discusses graphs and how viewing problems, organizations, and other complex systems through a "graph lens" can provide insights. It provides examples of how many common applications and data structures can be modeled as graphs, such as threat models, source code, workflows, and social networks. It also discusses how the presenter's organization uses Jira and Confluence to map their security programs, projects, risks and tasks as a graph to help manage their work. Maintaining these "graph databases" through linking and structuring information is important for effectiveness.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfflufftailshop
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
2. @DinisCruz
Rare combination of
management
experience
with
deep technical
skills
CISO
Board Member
Dir. Advanced Tech
Project leader
and main
developer
CTO
Can code in:
Python, C#, Coffeescript,
Javascript, Bash, Java,
Groovy, Go, C++, PHP,
Ruby, Swift, SQL, Perl,
Clipper, Assembly (m68k and
x86), Delphi, Pascal and
Basic
5. @DinisCruz
Created OWASP Summit* event.
Motivated 100+ Security professionals to collaborate together, and
release knowledge/code under Open Source (or Creative Commons)
* now called Open Security Summit