How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
If you’re implementing Office 365, Box, Salesforce, Google Apps – or virtually any SaaS application – and concerned about balancing security, compliance, and privacy, this is a session you can’t afford to miss. Join Bob Gilbert, Netskope’s Chief Evangelist and the author of the popular white paper, No Tradeoffs: Cloud Security and Privacy Don’t Need to Be at Odds: How Netskope Supports Privacy by Design, for a lively and interactive session featuring:
Cloud security best practices for business & IT leaders
Overcoming the shadow IT "chicken or egg" compliance dilemma
Dr. Cavoukian's Privacy by Design framework, how it applies to SaaS and how Cloud Access Security Brokers can help
Real-world case studies for balancing security and privacy in cloud security
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
Modern elastic cloud infrastructure is fundamentally breaking traditional security approaches. Public cloud has no natural perimeter and network segmentation leaving individual cloud servers exposed. In private cloud, malicious East-West traffic inside the network is a serious threat. As new workloads are added and retired dynamically, change control is difficult, and updating granular firewall rules and security policies becomes a risky, manual process. Join us and learn the 6 Critical Criteria to secure your public, private or hybrid cloud – on-demand, anywhere, at any scale.
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
The IT world seems to be exploding with certifications, with new ones being offered practically every month. How does one chose from all of the options available, and are they worth it?
This session discusses the plethora of Governance, Risk, Compliance, Security and Technology related certifications being offered today. What are the benefits, and which are the most highly valued? Most importantly, which ones are right for you? Can one get too many certifications, and what’s the balance?
Practical tips and recommendations are offered to help the person who decides on attaining certifications. Including, how to select the best certifications, how to plan a roadmap for achieving them, and successfully completing the plan they set out.
Lastly, the benefits of certifications are discussed, and how to maximize their value.
Read how Synoptek has proven to be an excellent partner for the companies looking to minimize security risk levels and has helped them take preventive and protective measures.
Main points covered:
- the case for adopting a model -driven approach: the drivers & benefits of integrating security into EA models;
- the techniques / design patterns for expressing security within ArchiMate's notational & grammar constraints;
- a short demonstration of how these models can be used in practice
Presenter:
Steven is an independent consultant with 25+ years in IT. Based in Brussels, where he has undertaken major assignments for clients in the public sector, agencies, finance, telecoms and utilities and also lends his support to local cyber-security initiatives. Much of his work in recent years has been in the field of developing tools, processes and models to support security analysis.
Steven holds numerous security, architecture and privacy certifications including SABSA Chartered Practitioner and ArchiMate 3.0.
Date: August 28, 2019
Recorded webinar: https://www.youtube.com/watch?v=Bt1xRZQ5T58&t=3s
Securing and automating your application infrastructure meetup 23112021 blior mazor
Stay safe, grab your favorite food and join us virtually for our upcoming "Securing and Automating your application infrastructure" meetup to hear about the vast changes modern application deployment, application security in containers, ways to find vulnerabilities in your code and how to protect your application infrastructure.
User management - the next-gen of authentication meetup 27012022lior mazor
Authentication is evolving. Customers are expecting much more from the user management experience in applications they are using today. Join us virtually for our upcoming "User Management - the next-gen of Authentication" meetup to learn about the secrets of building user management the right way, the secure way.
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
If you’re implementing Office 365, Box, Salesforce, Google Apps – or virtually any SaaS application – and concerned about balancing security, compliance, and privacy, this is a session you can’t afford to miss. Join Bob Gilbert, Netskope’s Chief Evangelist and the author of the popular white paper, No Tradeoffs: Cloud Security and Privacy Don’t Need to Be at Odds: How Netskope Supports Privacy by Design, for a lively and interactive session featuring:
Cloud security best practices for business & IT leaders
Overcoming the shadow IT "chicken or egg" compliance dilemma
Dr. Cavoukian's Privacy by Design framework, how it applies to SaaS and how Cloud Access Security Brokers can help
Real-world case studies for balancing security and privacy in cloud security
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
Modern elastic cloud infrastructure is fundamentally breaking traditional security approaches. Public cloud has no natural perimeter and network segmentation leaving individual cloud servers exposed. In private cloud, malicious East-West traffic inside the network is a serious threat. As new workloads are added and retired dynamically, change control is difficult, and updating granular firewall rules and security policies becomes a risky, manual process. Join us and learn the 6 Critical Criteria to secure your public, private or hybrid cloud – on-demand, anywhere, at any scale.
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
The IT world seems to be exploding with certifications, with new ones being offered practically every month. How does one chose from all of the options available, and are they worth it?
This session discusses the plethora of Governance, Risk, Compliance, Security and Technology related certifications being offered today. What are the benefits, and which are the most highly valued? Most importantly, which ones are right for you? Can one get too many certifications, and what’s the balance?
Practical tips and recommendations are offered to help the person who decides on attaining certifications. Including, how to select the best certifications, how to plan a roadmap for achieving them, and successfully completing the plan they set out.
Lastly, the benefits of certifications are discussed, and how to maximize their value.
Read how Synoptek has proven to be an excellent partner for the companies looking to minimize security risk levels and has helped them take preventive and protective measures.
Main points covered:
- the case for adopting a model -driven approach: the drivers & benefits of integrating security into EA models;
- the techniques / design patterns for expressing security within ArchiMate's notational & grammar constraints;
- a short demonstration of how these models can be used in practice
Presenter:
Steven is an independent consultant with 25+ years in IT. Based in Brussels, where he has undertaken major assignments for clients in the public sector, agencies, finance, telecoms and utilities and also lends his support to local cyber-security initiatives. Much of his work in recent years has been in the field of developing tools, processes and models to support security analysis.
Steven holds numerous security, architecture and privacy certifications including SABSA Chartered Practitioner and ArchiMate 3.0.
Date: August 28, 2019
Recorded webinar: https://www.youtube.com/watch?v=Bt1xRZQ5T58&t=3s
Securing and automating your application infrastructure meetup 23112021 blior mazor
Stay safe, grab your favorite food and join us virtually for our upcoming "Securing and Automating your application infrastructure" meetup to hear about the vast changes modern application deployment, application security in containers, ways to find vulnerabilities in your code and how to protect your application infrastructure.
User management - the next-gen of authentication meetup 27012022lior mazor
Authentication is evolving. Customers are expecting much more from the user management experience in applications they are using today. Join us virtually for our upcoming "User Management - the next-gen of Authentication" meetup to learn about the secrets of building user management the right way, the secure way.
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
Despite the meteoric rise of cloud based applications and services, as well as its subsequent adoption by a significant number of enterprises, security still remains a major concern for many organizations. The elephant in the room is the misconception that the cloud is less secure than on-premise capabilities. Gartner eloquently describes this as “more of a trust issue than based on any reasonable analysis of actual security capabilities”.
A recent global study by BT revealed that 76% of large organizations cited security as their main concern for using cloud-based services. 49% admitted being “very” or “extremely anxious” about the security complications of these services. However according to Gartner, the reality is “most breaches continue to involve on-premises data center environments”
Where do you stand on this issue?
In this talk. we will debunk the top myths of cloud security, including:
Myth 1: We don’t really use the cloud
Myth 2: I lose control of my data when it goes to the cloud
Myth 3: Cloud is less secure than on-premise solutions
Myth 4: I’m at the mercy of cloud vendors for patching
Myth 5: Appliances provide greater control over
scalability/performance
Myth 6: Cloud security is more difficult to manage
Myth 7: Cloud resources are more exposed to attack
Myth 8: Multi-Tenant Clouds Expose Privacy Concerns
Myth 9: Cloud vendors lack transparency
Myth 9: Cloud vendors lack transparency
Myth 10: Appliances are more reliable than the cloud
Reddix Group - Quantum AI - PresentationJoe Reddix
Although AI/ML has made rapid progress over the past decade, it has not yet overcome technological limitations. With the unique features of quantum computing, obstacles to achieve AGI (Artificial General Intelligence) can be eliminated. Quantum computing can be used for the rapid training of machine learning models and to create optimized algorithms. This is what we call Master Systems Integration (MSI).
An optimized and stable AI provided by quantum computing can complete years of analysis in a short time and lead to advances in technology. Neuromorphic cognitive models, adaptive machine learning, or reasoning under uncertainty are some fundamental challenges of today’s AI. Quantum AI (Q-AI) is one of the most likely solutions for next-generation AI and is where our teams of SMEs excel
IT Service & Asset Management Better TogetherIvanti
Service-desk tickets. Lost laptops. End-user complaints. Too often IT teams get stuck being reactive rather than proactive. But what if you could do more than simply react?
In this webinar you’ll gain the insights you need to solve business problems proactively with IT Service (ITSM) and IT Asset Management (ITAM) working together.
Our panel of speakers discussed real-world use cases where combining ITSM and ITAM processes, data and insights can be part of an overall plan to maximize operational efficiencies and improve service delivery, while also optimizing compliance and cost.
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24
As zero trust moves higher up on the CISOs security agenda we’re hosting a webinar to discuss the pros and cons of adopting this new approach and how it can impact your team’s ability to remain agile, whilst protecting your business.
As a recent study demonstrates, 34% of security breaches involved insiders in 2019 meaning CISOs are becoming more likely to consider zero trust and it should come as no surprise that many organizations are now eager to adopt a zero-trust security policy.
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24
There’s a gap between the hacker’s view and the defender’s view of an attack. The defender strives to break down the complex whole to simple components that can be assessed individually while the hacker thrives on complexity and sees opportunities in the white space between assessments.
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
Interested to sell more security training?
What's covered in the slide deck:
- IT Security Trends
- Overview of CISSP, CISM and CRISC
- Market Potential
- Positioning Security Frameworks
- Relation of CISSP, CISM and CRISC to ISO 27001
- The Need for IT Security Training
What are the latest trends in Information Security training landscape? How to position these well-known certifications of ISC2’s CISSP, ISACA’s CISM and CRISC successfully? How do they relate to the established information security governance standard of ISO 27001.
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
ControlCase discusses the following:
•What is “One Audit” for multiple assessments
•Current Research
•Zero Trust Principles for IT security
•Remote Assessment Methodology
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
In January, the FDA has draft recommendations for medical device security after the sale. Among other things, the recommendations tell manufacturers how to evaluate security risks, how to build a program for coordinated vulnerability disclosure program, and how to intake vulnerability reports from researchers. While the security of medical devices is especially important given the potential consequences, we can learn from the FDA recommendations regardless of our industry. Any recommendations adopted by the FDA for medical devices are likely to be implemented across other verticals for their IoT devices as well. Whether you manufacture, purchase, integrate, implement, or generally try to run away from IoT devices, there’s plenty to take away from this session while learning about the future of IoT device security.
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
The magnitude of the migration effort to the Cloud, the complexity of both customized apps and Cloud environments, and the requirement for ongoing app-level monitoring suggests the need for what Gartner calls a “programmable security infrastructure capable of supporting security policy ‘toolchains’.”
Cyber attackers are better funded, more focused, and more successful than ever. Making matters worse, defenders have more IT territory to protect, including public cloud, virtual infrastructure, mobile, Internet of Things, and an expanding list of users, applications, and data. An evolution in security strategies is underway; shifting from a preventive approach to one that is more balanced across prevention, monitoring, and response. In this session, we delve into key innovations that enable a more effective defense and how RSA’s NetWitness suite is delivering many of these innovations.
EMC XtremIO and EMC Isilon scale-out architectures make them an ideal fit to handle the demanding Splunk requirements around intensive workloads. EMC brings the same enterprise-class data services to Splunk that earned them best of breed status across the board in area such Scale-Out NAS storage, data protection, compliance and performance tiering.
For any organization managed security services play an important role in enhancing the security posture, alerting against top vulnerabilities along with rapid and anywhere deployment.
Whether you're a huge enterprise or a small start-up, you can't escape global digitalization. As digital technologies like machine-2-machine communication, device-2-device telematics, connected cars, and the Internet of Things become more integral in today’s world, more threats will appear as hackers use new ways to exploit weaknesses in your organization and products.
During SoftServe’s free security webinar, Nazar Tymoshyk will explore the reasons why recent victims of digital attacks couldn’t withstand a threat to their security and share how you can build secure and compliant software with the help of security experts. A real-life case study will demonstrate how SoftServe assessed and mitigated security threats for a top organization.
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
Despite the meteoric rise of cloud based applications and services, as well as its subsequent adoption by a significant number of enterprises, security still remains a major concern for many organizations. The elephant in the room is the misconception that the cloud is less secure than on-premise capabilities. Gartner eloquently describes this as “more of a trust issue than based on any reasonable analysis of actual security capabilities”.
A recent global study by BT revealed that 76% of large organizations cited security as their main concern for using cloud-based services. 49% admitted being “very” or “extremely anxious” about the security complications of these services. However according to Gartner, the reality is “most breaches continue to involve on-premises data center environments”
Where do you stand on this issue?
In this talk. we will debunk the top myths of cloud security, including:
Myth 1: We don’t really use the cloud
Myth 2: I lose control of my data when it goes to the cloud
Myth 3: Cloud is less secure than on-premise solutions
Myth 4: I’m at the mercy of cloud vendors for patching
Myth 5: Appliances provide greater control over
scalability/performance
Myth 6: Cloud security is more difficult to manage
Myth 7: Cloud resources are more exposed to attack
Myth 8: Multi-Tenant Clouds Expose Privacy Concerns
Myth 9: Cloud vendors lack transparency
Myth 9: Cloud vendors lack transparency
Myth 10: Appliances are more reliable than the cloud
Reddix Group - Quantum AI - PresentationJoe Reddix
Although AI/ML has made rapid progress over the past decade, it has not yet overcome technological limitations. With the unique features of quantum computing, obstacles to achieve AGI (Artificial General Intelligence) can be eliminated. Quantum computing can be used for the rapid training of machine learning models and to create optimized algorithms. This is what we call Master Systems Integration (MSI).
An optimized and stable AI provided by quantum computing can complete years of analysis in a short time and lead to advances in technology. Neuromorphic cognitive models, adaptive machine learning, or reasoning under uncertainty are some fundamental challenges of today’s AI. Quantum AI (Q-AI) is one of the most likely solutions for next-generation AI and is where our teams of SMEs excel
IT Service & Asset Management Better TogetherIvanti
Service-desk tickets. Lost laptops. End-user complaints. Too often IT teams get stuck being reactive rather than proactive. But what if you could do more than simply react?
In this webinar you’ll gain the insights you need to solve business problems proactively with IT Service (ITSM) and IT Asset Management (ITAM) working together.
Our panel of speakers discussed real-world use cases where combining ITSM and ITAM processes, data and insights can be part of an overall plan to maximize operational efficiencies and improve service delivery, while also optimizing compliance and cost.
Outpost24 webinar - Implications when migrating to a Zero Trust modelOutpost24
As zero trust moves higher up on the CISOs security agenda we’re hosting a webinar to discuss the pros and cons of adopting this new approach and how it can impact your team’s ability to remain agile, whilst protecting your business.
As a recent study demonstrates, 34% of security breaches involved insiders in 2019 meaning CISOs are becoming more likely to consider zero trust and it should come as no surprise that many organizations are now eager to adopt a zero-trust security policy.
Outpost24 webinar: Risk-based approach to security assessmentsOutpost24
There’s a gap between the hacker’s view and the defender’s view of an attack. The defender strives to break down the complex whole to simple components that can be assessed individually while the hacker thrives on complexity and sees opportunities in the white space between assessments.
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
Interested to sell more security training?
What's covered in the slide deck:
- IT Security Trends
- Overview of CISSP, CISM and CRISC
- Market Potential
- Positioning Security Frameworks
- Relation of CISSP, CISM and CRISC to ISO 27001
- The Need for IT Security Training
What are the latest trends in Information Security training landscape? How to position these well-known certifications of ISC2’s CISSP, ISACA’s CISM and CRISC successfully? How do they relate to the established information security governance standard of ISO 27001.
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
ControlCase discusses the following:
•What is “One Audit” for multiple assessments
•Current Research
•Zero Trust Principles for IT security
•Remote Assessment Methodology
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
In January, the FDA has draft recommendations for medical device security after the sale. Among other things, the recommendations tell manufacturers how to evaluate security risks, how to build a program for coordinated vulnerability disclosure program, and how to intake vulnerability reports from researchers. While the security of medical devices is especially important given the potential consequences, we can learn from the FDA recommendations regardless of our industry. Any recommendations adopted by the FDA for medical devices are likely to be implemented across other verticals for their IoT devices as well. Whether you manufacture, purchase, integrate, implement, or generally try to run away from IoT devices, there’s plenty to take away from this session while learning about the future of IoT device security.
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
The magnitude of the migration effort to the Cloud, the complexity of both customized apps and Cloud environments, and the requirement for ongoing app-level monitoring suggests the need for what Gartner calls a “programmable security infrastructure capable of supporting security policy ‘toolchains’.”
Cyber attackers are better funded, more focused, and more successful than ever. Making matters worse, defenders have more IT territory to protect, including public cloud, virtual infrastructure, mobile, Internet of Things, and an expanding list of users, applications, and data. An evolution in security strategies is underway; shifting from a preventive approach to one that is more balanced across prevention, monitoring, and response. In this session, we delve into key innovations that enable a more effective defense and how RSA’s NetWitness suite is delivering many of these innovations.
EMC XtremIO and EMC Isilon scale-out architectures make them an ideal fit to handle the demanding Splunk requirements around intensive workloads. EMC brings the same enterprise-class data services to Splunk that earned them best of breed status across the board in area such Scale-Out NAS storage, data protection, compliance and performance tiering.
For any organization managed security services play an important role in enhancing the security posture, alerting against top vulnerabilities along with rapid and anywhere deployment.
Whether you're a huge enterprise or a small start-up, you can't escape global digitalization. As digital technologies like machine-2-machine communication, device-2-device telematics, connected cars, and the Internet of Things become more integral in today’s world, more threats will appear as hackers use new ways to exploit weaknesses in your organization and products.
During SoftServe’s free security webinar, Nazar Tymoshyk will explore the reasons why recent victims of digital attacks couldn’t withstand a threat to their security and share how you can build secure and compliant software with the help of security experts. A real-life case study will demonstrate how SoftServe assessed and mitigated security threats for a top organization.
DevSecOps - It can change your life (cycle)Qualitest
QualiTest explains how a secured DevOps (DevSecOps) delivery process can be achieved using automated code scan, enabling significant shift left of issues detection and minimizing the time to fix. Whether you are considering DevSecOps, on the path, or already there, this slide is for you.
For more information, please visit www.QualiTestGroup.com
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
Overview of the QA/Testing process followed by input from the Synerzip team.
Stay tuned for our insightful upcoming webinars that you might be interested in at https://www.synerzip.com/webinars/
In the ever-evolving, fast-paced Agile development world, application security has not scaled well. Incorporating application security and testing into the current development process is difficult, leading to incomplete tooling or unorthodox stoppages due to the required manual security assessments. Development teams are working with a backlog of stories—stories that are typically focused on features and functionality instead of security. Traditionally, security was viewed as a prevention of progress, but there are ways to incorporate security activities without hindering development. There are many types of security activities you can bake into your current development lifecycles—tooling, assessments, stories, scrums, iterative reviews, repo and bug tracking integrations—every organization has a unique solution and there are positives and negatives to each of them. In this slide deck, we go through the various solutions to help build security into the development process.
I Love APIs 2015: Scaling Mobile-focused Microservices at VerizonApigee | Google Cloud
I Love APIs 2015
Vidhya Narayanan, Verizon
Chris Webster, Verizon
https://www.go90.com/learn
Vidhya Narayanan, Director of Engineering, and Christopher Webster, Associate Fellow, Verizon, discuss how Verizon created and launched a mobile-first over the top video platform using over 100 microservices. This session at I Love APIs 2015 covered the architecture for deployment and management of microservices, the technologies used to address scale, availability, and security issues and the pitfalls encountered along the way.
Neev uses a scrum based Agile Development methodology, a proven Extended Delivery Center model of engagement - all designed to ensure high quality, timely deliverables.
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
Waterfall is based on the concept of sequential software development—from conception to ongoing maintenance—where each of the many steps flowed logically into the next.
Join this webinar presentation to learn:
- Why DevOps cannot effectively work in waterfall
- How to use DevOps tools to optimize processes in either development or operations through automation
We will also discuss what is needed to support full DevOps
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice.
Level: 200
Speaker: Nick Brandaleone - Solutions Architect, AWS
Using Amazon Inspector to Discover Potential Security Issues - AWS Online Tec...Amazon Web Services
Learning Objectives:
- Conducting security assessments to validate the security configurations of your Amazon EC2 environment
- Learn about new features in Amazon Inspector
- Understand Inspector findings that identify potential security issues of various severity
DevSecOps is a new way to deliver security as part of the Software Supply Chain. It supports a built-in process and faster security feedback loop for DevOps teams.
Comparing Legacy and Modern e-commerce solutionsMike Ensor
As a result of fantastic growth, the software industry has undergone the next step in "solution evolution" over the past 5 years. Enablement tools like Docker, AWS/GCE/Azure, OSS visibility/availability and architecture structures such as distributed computation, microservices, event sourcing and reactive solutions have brought forth more robust and scaleable solutions. The platforms of the past have either kept up with the trends and become more nimble and lean, or have fallen off to the side and become relics of the past.
This deck discusses the differences between large monolithic e-commerce platforms versus more modern, lean e-commerce frameworks and why architectural structures are important when selecting a platform to increase the likelihood of future proofing your solution.
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
Security testing is an important part of any security development life-cycle (SDLC) and, thus, should be a part of any software development life-cycle.
We will present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools. We explain the motivation behind it, how we enable global development teams to implement the strategy, across different SDLCs and report on our experiences.
Mike Spaulding - Building an Application Security Programcentralohioissa
Application Security in many organizations is a simply a 'wish list' item, but with some staff and some training, AppSec can be a reality, even for a small organization. This talk will discuss the best practices, strategies and tactics, and resource planning to build an internal AppSec function - enterprise to 'mom & pop' operations will all benefit from this talk.
Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
Corporate cybercrime is usually blamed on outsiders, but sometimes, your employees can represent the biggest threat to your organization’s IT security. In this presentation, Kaspersky Lab’s Mark Villinski, will provide practical advice for educating your employees about cybersecurity. Attend to learn:
• How to create efficient and effective security policies
• Overview and statistics of the current threat landscape
• The importance of keeping your employees updated about the latest threats and scams
• Security solutions that can help keep your systems updated and protected
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts.
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?”
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?
By 2014, medical facilities nationwide implemented Electronic Health Records (EHR) as mandated by congress. Today, most of these systems are still using shared kiosk Windows accounts. This talk explores the risks of shared accounts, and alternatives that can provide much greater security and accountability, while maintaining ease of access.
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray.
This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
Many security research reports show that phishing is significant contributing factor to data breaches. Verizon data breach investigations report (DBIR) shows that attackers used phishing as their entry point in two third of the security incidents, especially in cyber espionage category. Although the phenomenon of phishing is nothing new, the attackers are enhancing their techniques and using phishing more effectively.
The good news is that understanding the phishing attack chain helps in stopping these attacks, break the phishing chain, and avert a data breach. This session is to understand different phases of phishing attacks and developing a comprehensive strategy to manage risk associated with these attacks.
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
For the past several years, software-defined networking (SDN) has been a popular buzz word in the networking industry. In many ways, networking has always been defined by software. Software is pervasive within all of the technology that impacts our lives and networking is no different. However, networks have been constrained by the way software has been configured, delivered and managed—literally within a box, updated monolithically, managed through command lines that are reminiscent to the days of minicomputers and DOS in the 1980’s. Well, almost.
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...centralohioissa
We call it security awareness training, but all we ever give our employees is regurgitated knowledge. Their passwords suck, public wifi is bad, and email is deceiving. Mix in some yearly reviews of policies and procedures and you have the perfect recipe for an employee who stopped listening hours ago. You don't truly learn something until you understand "why" and that comes when employees are engaged and motivated. This is my take on how to engage through gaming and why it works.
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
IT Security Initiatives create strategic and operational value to all enterprises; however, many IT professionals do not know how to economically quantify and forecast the benefits of IT security. Additionally, the new digital business ecosystem is resulting in rapid business cycles, which require faster speed and agility in all IT areas and IT services. The new ecosystem, largely caused by the Internet-of-Things, mobility and the Cloud, create a challenge for selecting and prioritizing IT security tools and projects. This session will present an overview of principles, models, trends and best practices, which can have been adopted by individuals and organizations to get right IT security initiatives approved.
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
What is Threat Intelligence? It's more than raw source feeds and technical information.
If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence.
We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
Say incident response to 10 people and odds are you'll get 10 different opinions on how to do it right. When evaluating tools and procedures for enterprise Incident Response it's helpful to understand how to approach this in a way that will cause the adversary maximum pain. This talk will review the essential requirements for IR tools and procedures in a vendor / tool neutral approach. Find out the right questions to ask and the strategies to make sure you get the most out of your incident response team.
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...centralohioissa
Securing an enterprise is never easy, especially if the organizations culture and orthodoxy does not accept change easily. Covering lessons learned from the perspective of an information security practitioner who has spent her career building security programs, we will look at the lessons learned on challenges and opportunities associated with implementing an information security program, addressing technical, security and business risks.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Leading Change strategies and insights for effective change management pdf 1.pdf
Ofer Maor - Security Automation in the SDLC - Real World Cases
1. Security Automation in Agile SDLC
Real World Cases
Ofer Maor
Director of Security Strategy, Synopsys
Central Ohio Security Summit, March 2016
2. Speaker
• Security Strategy at Synopsys
• Founder of Seeker / Pioneer of IAST
• Hacker at Heart
• Longtime OWASPer
• Over 20 Years in Cybersecurity
• Avid Photographer
Yes, Agile can bite…
3. Too Much
Data Security by
Developers
Short Cycles Rapid Delivery
Prioritizing
Risk
Understanding
the Pain
The Agile Security Challenge™
6. Case I
Background
Insurance Company
Agile Maturity: In Transition
Automation Maturity: Starting
AppSec Maturity: Medium
• Insurance Company. Home grown apps
• ~15 different systems (Customer/Agent/Internal)
• Varying level of agile maturity & transformation
• CI-Only to Full-Agile
• Focus on new systems
7. Case I
Challenges
Insurance Company
Agile Maturity: In Transition
Automation Maturity: Starting
AppSec Maturity: Medium
• Limited security background for developers, no existing process
• Different “Agile Maturity” – No one process fits all
• Insufficient test automation (coverage)
• Limited security resources
• Strong regulatory requirements
• Various technologies (.Net, Java, Legacy MF, more…)
8. Case I
Process
Insurance Company
Agile Maturity: In Transition
Automation Maturity: Starting
AppSec Maturity: Medium
• Creating strong cooperation (R&D/DevOps/Security)
• Security visibility into R&D bugs
• Weekly approval committee
• R&D Training (Basic!)
• Risk Policy (adapting risks, “High” only blocks)
• Multiple output channels (tickets, reports, etc.)
9. Case I
Existing CI/DevOps
Insurance Company
Agile Maturity: In Transition
Automation Maturity: Starting
AppSec Maturity: Medium
• CI – Jenkins. Pulls code from Java/.NET Repositories
• Ticket Tracking – HP QC
• Static Analysis (mainly for quality). Not integrated into the process
• Artifacts deployed to test env (permanent – static)
• Test automation – basic (in progress)
• Functionality testing – mostly manual
10. Case I
Security Automation
Insurance Company
Agile Maturity: In Transition
Automation Maturity: Starting
AppSec Maturity: Medium
• Integrate to launch from CI
• Integration with both automated (speed) and manual testing (coverage)
• Multiple Outputs:
• Jenkins Integration – “High” breaks build (response + HTML data)
• QC Integration – Bug Tracking and Remediation
• PDF Report – for auditing and committee review
13. Case II
Background
UK Retailer
Agile Maturity: High
Automation Maturity: High
AppSec Maturity: Low
• UK Retailer with eCommerce Platform
• Single Platform, 5 “Flavors” (Customer facing)
• “Run of the mill” Agile Shop:
• Scrum based
• 3-Weeks long sprints. Strict enforcement
• Strong automation
14. Case II
Challenges
• Response to an incident
• Minimal existing security
• No security background for developers.
• Limited security resources
• No existing process between security & R&D
• Very strict 3 weeks sprints
UK Retailer
Agile Maturity: High
Automation Maturity: High
AppSec Maturity: Low
15. Case II
Process
• Process driven by R&D, with security supervision
• Security “Workflow” created, testing once a week
• Week 1 & 2 to identify vulnerabilities in new code
• Week 3 test provides verification
• Breaking (Medium or higher) on verification – feature pushed out of version
• Weekly reports (PDF) to security group for auditing
UK Retailer
Agile Maturity: High
Automation Maturity: High
AppSec Maturity: Low
16. Case II
Existing CI/DevOps
• CI – Jenkins.
• Ticket Tracking – JIRA
• All testing environment is done in cloud (Amazon)
• Dynamic orchestration of test env – new environments every week (4 servers/instance)
• Automated deployment of build artifacts alongside testing framework (Selenium)
• Daily execution of test automation (functionality)
UK Retailer
Agile Maturity: High
Automation Maturity: High
AppSec Maturity: Low
17. Case II
Security Automation
• Dedicated security environment
• Adaption of orchestration scripts (for deploying security testing software)
• Integration with Selenium
• Weekly orchestration test environment and execution of tests
• Tests integrated into CI – HTML reports for Jenkins viewing.
• PDF Reports for processing and audit
UK Retailer
Agile Maturity: High
Automation Maturity: High
AppSec Maturity: Low
21. Case III
Background
eCommerce Giant
Agile Maturity: Very High
Automation Maturity: Very High
AppSec Maturity: Very High
• In Top 10 largest eCommerce sites
• Following a long, cross-organization “Agile Transformation” process
• Highly advanced Agile/DevOps process
• Modular site with multiple front-end and back-end components
• Hundreds of engineers (Dev, QA, DevOps, etc.)
• Heavy investment in security – already using various tools
22. Case III
Challenges
• Introduction of security automation in QA/DevOps
• Multiple components for multiple teams
• Extremely dynamic testing environments (dynamically orchestrated and changing)
• Home-Grown DevOps – Cloud, CI, Testing, Orchestration, etc.
• Highly Agile/Rapid environment – Continuous Delivery with daily artifacts
• Security cannot be involved in the daily process
eCommerce Giant
Agile Maturity: Very High
Automation Maturity: Very High
AppSec Maturity: Very High
23. Case III
Process
• Process initiated by the security group, with DevOps cooperation
• QA/DevOps training on process (rather than security)
• Security tests to run as part as other testing, on a daily basis
• Prioritization policy – “Medium” or higher blocks. “Low” scheduled for next version.
• Verification Metrics – Usage of another tool in production – must return clean.
• Security group supervises the process and has visibility to reports.
eCommerce Giant
Agile Maturity: Very High
Automation Maturity: Very High
AppSec Maturity: Very High
24. Case III
Existing CI/DevOps
• Homegrown CI/Orchestration/Cloud
• Ticket Tracking - JIRA
• Daily builds creation
• Daily creation of cloud environments with various server roles and elastic scaling
• Daily orchestration of latest builds and latest test automation versions
• Hybrid Automation – Selenium for web/front-end, Homegrown for WS
eCommerce Giant
Agile Maturity: Very High
Automation Maturity: Very High
AppSec Maturity: Very High
25. Case III
Security Automation
• Orchestration adapted to deploy security testing software as part of existing testing env
• Full CI integration
• All existing automation directed to integrate with security testing
• Security tests run daily
• Full JIRA bug tracking integration – with automated delivery per team
• Running of additional blackbox scanner on production for reverification
eCommerce Giant
Agile Maturity: Very High
Automation Maturity: Very High
AppSec Maturity: Very High
