Over the past 7 years Bugcrowd has had a front-row seat to watch hackers (and cybersecurity itself) go from scary, to relevant, to cool, to normal...
So, what now?
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
This document summarizes key topics from a presentation on cybersecurity issues and legal considerations, including:
1) Cyberattacks pose a significant and growing threat, with annual global costs of cybercrime estimated to rise from $3 trillion currently to $6 trillion by 2021. Data breaches continue to mount in size and frequency.
2) Responding to cyber incidents involves substantial costs beyond direct remediation, including brand impact, lost revenue, legal claims, and government fines. Companies are often under-resourced to address cybersecurity issues fully.
3) Bug bounty programs and security researchers can help companies identify vulnerabilities, but legal risks remain around disclosure of vulnerabilities to regulators or the public. Careful management
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceCasey Ellis
When most folks hear the word “hacker” their reaction is one of fear, but those responsible for cybersecurity are increasingly understanding the role of the “digital locksmiths” amongst us. In this talk, Casey Ellis will unpack the unlikely romance between trusted, good-faith computer hackers, and the people who build and defend software infrastructure. He’ll share insights on how this feedback loop between builders and breakers has broken out of the early-adopter technology bubble to create a more resilient Internet for more traditionally conservative industries, including those where ICS/SCADA make up the core of their business.
There will also be plenty of time for Q&A, so get your questions ready!
The first security technology bug bounty predated the Internet by over one hundred years: Alfred C Hobbs breaking an unbreakable lock at the Great Exhibition of 1851 for the princely sum of 200 Guineas. With the acceleration of technology adoption, unintended consequences, our adversaries, and the need to quickly understand how "unhackable" things really are, it's safe to say that things have escalated since then.
In 2021, there as many who benefit from engaging the good-faith hacker community as there are folks who find themselves lost in a mish-mash of term confusion, unclear expectations, and general reservations - in spite of the increasingly obvious truth that "it takes an army of allies to overcome an army of adversaries". This breakout is for both.
Casey John Ellis, the Founder, Chairman, and CTO of Bugcrowd, pioneer of the crowdsourced security as-a-service category, and co-founder of The Disclose.io Project will unpack the "family tree" of vulnerability disclosure, bug bounty, and crowdsourced security testing, frame up how we got here, and facilitate a discussion from the group about where it all goes next.
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...Casey Ellis
It has been 20 years since Rainforest Puppy released the RFPolicy responsible disclosure policy, 11 years since Google and Facebook brought the concept of bug bounty into the eye of the security industry, and 9 years since Bugcrowd pioneered the concept of inserting a platform in the process to facilitate conversations between builders and breakers in order to level the skill and resourcing playing field against our adversaries.
So, how’s it all going? Did it all turn out to be a “tech company” thing? What have the results, and the impact on cybersecurity defense been on more traditionally conservative industries, like financial services? What can the history of the relationship between helpful hackers and organizations tell us about what we’ll need for the future?
In this talk, Casey Ellis (Founder, Chairman, and CTO of Bugcrowd) will unpack some salient lessons after nearly 10 years building Bugcrowd.
Corncon 2021 - Inside the Unlikely RomanceCasey Ellis
It has been 20 years since Rainforest Puppy released the RFPolicy responsible disclosure policy, 11 years since Google and Facebook brought the concept of bug bounty into the eye of the security industry, and 9 years since Bugcrowd pioneered the concept of inserting a platform in the process to facilitate conversations between builders and breakers in order to level the skill and resourcing playing field against our adversaries.
So, how’s it all going? Did it all turn out to be a “tech company” thing? What have the results, and the impact on cybersecurity defense been on more traditionally conservative industries, like financial services? What can the history of the relationship between helpful hackers and organizations tell us about what we’ll need for the future?
In this talk, Casey Ellis (Founder, Chairman, and CTO of Bugcrowd) will unpack some salient lessons after nearly 10 years building Bugcrowd.
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMECasey Ellis
Just over 8 years ago bug bounty was a shiny security thing that crazy tech companies did sometimes, the concept of a digital locksmith hadn't been established in the consumer yet, and the Internet was generally a smaller and less politicized place. Casey Ellis decided it might be a good idea to "release the hounds" into the status quo, launching Bugcrowd and kicking off the crowdsourced security as a service market category, and it's safe to say that a fair bit has happened since. This keynote is for infosec practitioners and budding cybersecurity entrepreneurs, talking through what we've learned, what's changed, where I think it's all going next, and where we can position ourselves to continue making the Internet a more resilient place.
TechCrunch Early Stage 2020 - How to prioritize security at your startupCasey Ellis
Security is one of the most important things for a startup to focus on, but many struggle to dedicate time, resources, or budget to protect against something you never want to happen. How should startups prioritize security, and what do emerging companies need to know?
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
This document summarizes key topics from a presentation on cybersecurity issues and legal considerations, including:
1) Cyberattacks pose a significant and growing threat, with annual global costs of cybercrime estimated to rise from $3 trillion currently to $6 trillion by 2021. Data breaches continue to mount in size and frequency.
2) Responding to cyber incidents involves substantial costs beyond direct remediation, including brand impact, lost revenue, legal claims, and government fines. Companies are often under-resourced to address cybersecurity issues fully.
3) Bug bounty programs and security researchers can help companies identify vulnerabilities, but legal risks remain around disclosure of vulnerabilities to regulators or the public. Careful management
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceCasey Ellis
When most folks hear the word “hacker” their reaction is one of fear, but those responsible for cybersecurity are increasingly understanding the role of the “digital locksmiths” amongst us. In this talk, Casey Ellis will unpack the unlikely romance between trusted, good-faith computer hackers, and the people who build and defend software infrastructure. He’ll share insights on how this feedback loop between builders and breakers has broken out of the early-adopter technology bubble to create a more resilient Internet for more traditionally conservative industries, including those where ICS/SCADA make up the core of their business.
There will also be plenty of time for Q&A, so get your questions ready!
The first security technology bug bounty predated the Internet by over one hundred years: Alfred C Hobbs breaking an unbreakable lock at the Great Exhibition of 1851 for the princely sum of 200 Guineas. With the acceleration of technology adoption, unintended consequences, our adversaries, and the need to quickly understand how "unhackable" things really are, it's safe to say that things have escalated since then.
In 2021, there as many who benefit from engaging the good-faith hacker community as there are folks who find themselves lost in a mish-mash of term confusion, unclear expectations, and general reservations - in spite of the increasingly obvious truth that "it takes an army of allies to overcome an army of adversaries". This breakout is for both.
Casey John Ellis, the Founder, Chairman, and CTO of Bugcrowd, pioneer of the crowdsourced security as-a-service category, and co-founder of The Disclose.io Project will unpack the "family tree" of vulnerability disclosure, bug bounty, and crowdsourced security testing, frame up how we got here, and facilitate a discussion from the group about where it all goes next.
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...Casey Ellis
It has been 20 years since Rainforest Puppy released the RFPolicy responsible disclosure policy, 11 years since Google and Facebook brought the concept of bug bounty into the eye of the security industry, and 9 years since Bugcrowd pioneered the concept of inserting a platform in the process to facilitate conversations between builders and breakers in order to level the skill and resourcing playing field against our adversaries.
So, how’s it all going? Did it all turn out to be a “tech company” thing? What have the results, and the impact on cybersecurity defense been on more traditionally conservative industries, like financial services? What can the history of the relationship between helpful hackers and organizations tell us about what we’ll need for the future?
In this talk, Casey Ellis (Founder, Chairman, and CTO of Bugcrowd) will unpack some salient lessons after nearly 10 years building Bugcrowd.
Corncon 2021 - Inside the Unlikely RomanceCasey Ellis
It has been 20 years since Rainforest Puppy released the RFPolicy responsible disclosure policy, 11 years since Google and Facebook brought the concept of bug bounty into the eye of the security industry, and 9 years since Bugcrowd pioneered the concept of inserting a platform in the process to facilitate conversations between builders and breakers in order to level the skill and resourcing playing field against our adversaries.
So, how’s it all going? Did it all turn out to be a “tech company” thing? What have the results, and the impact on cybersecurity defense been on more traditionally conservative industries, like financial services? What can the history of the relationship between helpful hackers and organizations tell us about what we’ll need for the future?
In this talk, Casey Ellis (Founder, Chairman, and CTO of Bugcrowd) will unpack some salient lessons after nearly 10 years building Bugcrowd.
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMECasey Ellis
Just over 8 years ago bug bounty was a shiny security thing that crazy tech companies did sometimes, the concept of a digital locksmith hadn't been established in the consumer yet, and the Internet was generally a smaller and less politicized place. Casey Ellis decided it might be a good idea to "release the hounds" into the status quo, launching Bugcrowd and kicking off the crowdsourced security as a service market category, and it's safe to say that a fair bit has happened since. This keynote is for infosec practitioners and budding cybersecurity entrepreneurs, talking through what we've learned, what's changed, where I think it's all going next, and where we can position ourselves to continue making the Internet a more resilient place.
TechCrunch Early Stage 2020 - How to prioritize security at your startupCasey Ellis
Security is one of the most important things for a startup to focus on, but many struggle to dedicate time, resources, or budget to protect against something you never want to happen. How should startups prioritize security, and what do emerging companies need to know?
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
In this keynote I’ll run through the past/present/future of the vulnerability disclosure, and give a run-through of disclose.io: an open-source and vendor-agnostic initiative to make conversations between builders and breakers safe, standardized, and simple. I’ll close with a Call To Action for all participants with simple ways to help and get involved.
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
The document provides an overview of cloud proxy technology and cyber security. It discusses how proxies work by terminating connections between users and servers and inspecting transmitted objects. The document then shares several "real world" examples of how proxies can detect and prevent phishing attempts, malware infections, and other cyber threats by analyzing URLs, file downloads, and network traffic patterns. It emphasizes the importance of threat intelligence and how proxies use global intelligence networks to identify and block malicious activity in real-time.
David Willson, an attorney and cybersecurity expert, discusses the legality and ethics of "hacking back" in self-defense against cyber attacks. While some argue it could be considered self-defense of property, hacking back is generally illegal under the Computer Fraud and Abuse Act and risks escalating conflicts or impacting innocent third parties. Willson proposes embedding code in attacking bots to disable them upon connecting to the command and control server, but acknowledges legal issues with unauthorized access remain. The presentation explores arguments on both sides and raises questions about how laws could apply in scenarios of ongoing or imminent cyber attacks.
Professor John Walker provides information on cybersecurity threats. He has over 30 years of experience in infosecurity and cyber fields. Some key points from the document:
- Dependencies on internet and cloud have increased vulnerabilities globally as social, business, and government operations rely heavily on online connectivity.
- Criminals are succeeding financially from cybercrimes like fraud schemes while hacktivists remain active. Skills shortage is an issue.
- Emerging threats like advanced persistent threats can evade firewalls and antivirus. Mobile devices and BYOD trends have increased attack surfaces.
- Nation-state cyberattacks from countries like China and Russia are a concern. Cyber warfare and conflicts may escalate physical violence
PwC discusses key barriers to effective cyber security including cyber security being viewed as an IT issue rather than a business issue. Traditional organizational structures are also too slow to respond to cyber threats. PwC outlines a taxonomy of cyber attacks including financial crime, espionage, warfare, terrorism, and activism. The presentation recommends five steps for organizations to become cyber-ready: clarify cyber roles at senior levels, achieve situational awareness of cyber risks, create an internal cyber response team, invest in cyber skills, and take an active stance on cyber attacks. It also discusses insider threats and cross-border cyber law challenges.
This document provides information about cyber ethics and online safety. It discusses commonly accepted rules for online behavior, defines and discusses cyberbullying, and outlines steps to take if cyberbullying occurs. It also presents the "10 Commandments of Computer Ethics" and provides tips for safe online practices, including being cautious of sharing personal information, using secure websites, maintaining up-to-date security software, and adjusting privacy settings on social media accounts. The goal is to educate about maintaining ethical online conduct and protecting privacy and security in a digital world.
This document discusses research on the global network of corporate control. It finds that a small group of companies, mainly banks, control a large portion of the world's wealth. A "super-entity" of 147 tightly-knit companies control over 40% of the total wealth in the network. The high level of interconnection between these companies makes the global economy fragile, as the failure of one company could propagate through the system and cause widespread failures. The document also raises issues with India's Unique Identification (UID) system, arguing it could propagate fraud and make the banking system vulnerable if various responsibilities are not clearly defined.
LinkedIn to Your Network - The Social Engineering ThreatLancope, Inc.
By nature, humans are inclined to trust. Unfortunately, attackers are often successful in breaching large enterprises by targeting specific individuals and utilizing social engineering to obtain confidential information. Once an adversary is able to gain enough data through social media or other channels, they can pose as an authentic user with valid credentials, bypassing traditional security measures.
Join Lancope’s Joey Muniz, aka The Security Blogger, to hear about his successful, real-life experiments in using social engineering to easily compromise high-profile targets.
Learn about:
· The dangers of insider threats
·How attackers are leveraging social media to compromise targets
· Best practices for defending network interiors from attackers with authentic credentials
A presentation for the Blue Hat conference about what the privacy-friendly open source social network Diaspora can learn from Microsoft's experiences in security.
The document discusses technology policies for organizations in the era of Web 2.0. It notes that Web 2.0 enables collaboration through social networks, blogs, wikis, and other tools. While these tools provide opportunities, they also present legal risks, potential staff wasting time, loss of control, and network security issues that policies need to address. The document provides advice on creating policies that make interacting online easier and safer, including addressing official and unofficial sites, setting constructive boundaries, and reviewing existing policies on intellectual property, confidentiality, and transparency. It recommends that policies not start with banning and instead keep things simple, flexible, and realistic.
20160317 ARMA Wyoming Social Media Security ThreatsJesse Wilkins
This document summarizes Jesse Wilkins' presentation on social media security threats. It discusses how social media enables identity theft through oversharing of personal details. Hackers use social engineering like impersonation and malicious links/apps to access users' accounts. The presentation also covers how social media compromises privacy through posts containing sensitive personal or professional information, as well as content others share without permission.
Short presentation I made at the Commonwealth Telecommunications Organisation (CTO) Forum about the roots of the lack of trust on the Internet and how RPKI & DNSSEC are keys to regaining that trust.
The document outlines topics around programming social applications including human identity, social grouping, and social identity failures. It discusses foundations of identity including anonymous vs real users and identity sources. Social grouping concepts like tribalism, real-life vs online social graphs, and group types are examined. Challenges with social identity like impacts to personal safety and privacy from oversharing and data mining are also summarized.
Cyber is one of our areas that we also promote in Must HighTech Expo. We invite you to participate in our virtual exhibitions, on different high tech thematic and especially on cybersecurity.
Ethical Hacker
Hacking Essay
Ethical Issues In The Workplace Essay
Ethical Hacking From Legal Perspective
Ethical Hacking
Ethical Hacking
Essay on Ethical Computer Hacking
Ethical Hacking
The Pros And Cons Of Hacking
Ethical Hacking Essay
Presentation 'a web application security' challengeDinis Cruz
This document outlines a challenge to improve web application security in Portugal and elsewhere. It proposes focusing on treating application security with respect, viewing it as a business advantage and competitive differentiator. It suggests 12 actions for government and industry, such as allowing ethical hacking, publishing security reviews, and improving legal liability. It notes current disclosure laws prevent discussing known vulnerabilities and that "group think" promotes complacency. The document aims to increase awareness of security issues and motivate organizations to prioritize application security.
President Bill Clinton gave a speech declaring cyber attacks a serious threat and hackers a primary source of this threat. He claimed hackers have stolen information, raided bank accounts, run up credit card charges, and extorted money by threatening to unleash viruses. However, hackers argue there is little evidence of these acts and that insiders, criminals, or those with grudges are more likely culprits. Clinton's characterization of hackers is unfair and inaccurate according to their perspective. The speech also proposed allocating billions of dollars and potentially placing the military in charge of fighting cyber threats domestically, concerning civil liberties.
Social engineering is manipulating people into sharing confidential information through deception. It is easier than hacking technical systems. Common social engineering attacks include phishing emails, scam phone calls, and compromised websites. Over 60% of enterprises were victims of social engineering in 2016, resulting in losses of over $100 million in some cases. Raising awareness of social engineering tactics is key to preventing these attacks, which prey on human tendencies like curiosity, trust, and urgency. People should verify identities, be wary of unusual requests, and avoid clicking suspicious links or sharing private details.
Major security intrustions from businesses large and small, private and government, indicate that the Internet is far less secure than most realize. After reading this, you may want to reconsider how secure your private data and information really is.
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
In this keynote I’ll run through the past/present/future of the vulnerability disclosure, and give a run-through of disclose.io: an open-source and vendor-agnostic initiative to make conversations between builders and breakers safe, standardized, and simple. I’ll close with a Call To Action for all participants with simple ways to help and get involved.
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
The document provides an overview of cloud proxy technology and cyber security. It discusses how proxies work by terminating connections between users and servers and inspecting transmitted objects. The document then shares several "real world" examples of how proxies can detect and prevent phishing attempts, malware infections, and other cyber threats by analyzing URLs, file downloads, and network traffic patterns. It emphasizes the importance of threat intelligence and how proxies use global intelligence networks to identify and block malicious activity in real-time.
David Willson, an attorney and cybersecurity expert, discusses the legality and ethics of "hacking back" in self-defense against cyber attacks. While some argue it could be considered self-defense of property, hacking back is generally illegal under the Computer Fraud and Abuse Act and risks escalating conflicts or impacting innocent third parties. Willson proposes embedding code in attacking bots to disable them upon connecting to the command and control server, but acknowledges legal issues with unauthorized access remain. The presentation explores arguments on both sides and raises questions about how laws could apply in scenarios of ongoing or imminent cyber attacks.
Professor John Walker provides information on cybersecurity threats. He has over 30 years of experience in infosecurity and cyber fields. Some key points from the document:
- Dependencies on internet and cloud have increased vulnerabilities globally as social, business, and government operations rely heavily on online connectivity.
- Criminals are succeeding financially from cybercrimes like fraud schemes while hacktivists remain active. Skills shortage is an issue.
- Emerging threats like advanced persistent threats can evade firewalls and antivirus. Mobile devices and BYOD trends have increased attack surfaces.
- Nation-state cyberattacks from countries like China and Russia are a concern. Cyber warfare and conflicts may escalate physical violence
PwC discusses key barriers to effective cyber security including cyber security being viewed as an IT issue rather than a business issue. Traditional organizational structures are also too slow to respond to cyber threats. PwC outlines a taxonomy of cyber attacks including financial crime, espionage, warfare, terrorism, and activism. The presentation recommends five steps for organizations to become cyber-ready: clarify cyber roles at senior levels, achieve situational awareness of cyber risks, create an internal cyber response team, invest in cyber skills, and take an active stance on cyber attacks. It also discusses insider threats and cross-border cyber law challenges.
This document provides information about cyber ethics and online safety. It discusses commonly accepted rules for online behavior, defines and discusses cyberbullying, and outlines steps to take if cyberbullying occurs. It also presents the "10 Commandments of Computer Ethics" and provides tips for safe online practices, including being cautious of sharing personal information, using secure websites, maintaining up-to-date security software, and adjusting privacy settings on social media accounts. The goal is to educate about maintaining ethical online conduct and protecting privacy and security in a digital world.
This document discusses research on the global network of corporate control. It finds that a small group of companies, mainly banks, control a large portion of the world's wealth. A "super-entity" of 147 tightly-knit companies control over 40% of the total wealth in the network. The high level of interconnection between these companies makes the global economy fragile, as the failure of one company could propagate through the system and cause widespread failures. The document also raises issues with India's Unique Identification (UID) system, arguing it could propagate fraud and make the banking system vulnerable if various responsibilities are not clearly defined.
LinkedIn to Your Network - The Social Engineering ThreatLancope, Inc.
By nature, humans are inclined to trust. Unfortunately, attackers are often successful in breaching large enterprises by targeting specific individuals and utilizing social engineering to obtain confidential information. Once an adversary is able to gain enough data through social media or other channels, they can pose as an authentic user with valid credentials, bypassing traditional security measures.
Join Lancope’s Joey Muniz, aka The Security Blogger, to hear about his successful, real-life experiments in using social engineering to easily compromise high-profile targets.
Learn about:
· The dangers of insider threats
·How attackers are leveraging social media to compromise targets
· Best practices for defending network interiors from attackers with authentic credentials
A presentation for the Blue Hat conference about what the privacy-friendly open source social network Diaspora can learn from Microsoft's experiences in security.
The document discusses technology policies for organizations in the era of Web 2.0. It notes that Web 2.0 enables collaboration through social networks, blogs, wikis, and other tools. While these tools provide opportunities, they also present legal risks, potential staff wasting time, loss of control, and network security issues that policies need to address. The document provides advice on creating policies that make interacting online easier and safer, including addressing official and unofficial sites, setting constructive boundaries, and reviewing existing policies on intellectual property, confidentiality, and transparency. It recommends that policies not start with banning and instead keep things simple, flexible, and realistic.
20160317 ARMA Wyoming Social Media Security ThreatsJesse Wilkins
This document summarizes Jesse Wilkins' presentation on social media security threats. It discusses how social media enables identity theft through oversharing of personal details. Hackers use social engineering like impersonation and malicious links/apps to access users' accounts. The presentation also covers how social media compromises privacy through posts containing sensitive personal or professional information, as well as content others share without permission.
Short presentation I made at the Commonwealth Telecommunications Organisation (CTO) Forum about the roots of the lack of trust on the Internet and how RPKI & DNSSEC are keys to regaining that trust.
The document outlines topics around programming social applications including human identity, social grouping, and social identity failures. It discusses foundations of identity including anonymous vs real users and identity sources. Social grouping concepts like tribalism, real-life vs online social graphs, and group types are examined. Challenges with social identity like impacts to personal safety and privacy from oversharing and data mining are also summarized.
Cyber is one of our areas that we also promote in Must HighTech Expo. We invite you to participate in our virtual exhibitions, on different high tech thematic and especially on cybersecurity.
Ethical Hacker
Hacking Essay
Ethical Issues In The Workplace Essay
Ethical Hacking From Legal Perspective
Ethical Hacking
Ethical Hacking
Essay on Ethical Computer Hacking
Ethical Hacking
The Pros And Cons Of Hacking
Ethical Hacking Essay
Presentation 'a web application security' challengeDinis Cruz
This document outlines a challenge to improve web application security in Portugal and elsewhere. It proposes focusing on treating application security with respect, viewing it as a business advantage and competitive differentiator. It suggests 12 actions for government and industry, such as allowing ethical hacking, publishing security reviews, and improving legal liability. It notes current disclosure laws prevent discussing known vulnerabilities and that "group think" promotes complacency. The document aims to increase awareness of security issues and motivate organizations to prioritize application security.
President Bill Clinton gave a speech declaring cyber attacks a serious threat and hackers a primary source of this threat. He claimed hackers have stolen information, raided bank accounts, run up credit card charges, and extorted money by threatening to unleash viruses. However, hackers argue there is little evidence of these acts and that insiders, criminals, or those with grudges are more likely culprits. Clinton's characterization of hackers is unfair and inaccurate according to their perspective. The speech also proposed allocating billions of dollars and potentially placing the military in charge of fighting cyber threats domestically, concerning civil liberties.
Social engineering is manipulating people into sharing confidential information through deception. It is easier than hacking technical systems. Common social engineering attacks include phishing emails, scam phone calls, and compromised websites. Over 60% of enterprises were victims of social engineering in 2016, resulting in losses of over $100 million in some cases. Raising awareness of social engineering tactics is key to preventing these attacks, which prey on human tendencies like curiosity, trust, and urgency. People should verify identities, be wary of unusual requests, and avoid clicking suspicious links or sharing private details.
Major security intrustions from businesses large and small, private and government, indicate that the Internet is far less secure than most realize. After reading this, you may want to reconsider how secure your private data and information really is.
Large organizations are vulnerable to hackers for several reasons: there are many potential opportunities for hackers due to increased internet usage; hackers have financial and competitive motives; and hacking can be discreet and go undetected for long periods. Additionally, large companies often lack regular monitoring for threats and many individual employees have poor cybersecurity practices like using weak passwords.
The document discusses social engineering cyber attacks and how to spot them. It describes social engineering as a method used by cyber criminals to trick individuals into breaking security procedures by appealing to emotions like vanity, authority or greed. It provides examples of common social engineering tactics like baiting, phishing, pretexting, quid pro quo exchanges, and tailgating. It stresses that proper training of employees is needed to defend against social engineering since software/hardware solutions are not effective. The document promotes cybersecurity training services provided by ImageQuest that can help organizations improve awareness and protect against social engineering and other cyber threats.
Information Technology Security for Small Business (.docxMARRY7
Information Technology Security
for Small Business
(video script)
Descriptive Text for the Visually Impaired
August 11, 2009
By Joan Porter
Visual: Images related to computer and internet use and images symbolic of information
technology security and cyber crime.
Narration:
“No matter how well you protect your business your information is still very much at
risk and that puts your business at risk.
Visual: A computer keyboard and a cell phone.
Text: The words, “Names, Emails, Phone Numbers, Account Numbers, Files, Passwords,
User Ids, Payroll, Internet Transactions, Credit Card Numbers, Electronic Commerce and
Employee Databases” appear.
Narration:
“The dangers change and grow every day and the threats they pose to your business –
and others – can be devastating.”
Text: The words, “The best defense against these growing attacks?”appear.
Narration:
“The best defense against these growing attacks?”
Text: The words, “Information Technology Security for Small Business” and “It’s not
just good business. It’s essential business” appear.
Narration:
“Information Technology Security. It’s not just good business. It’s essential business.”
Visual: Scenes of employees working at computers and working in a variety of jobs at
different kinds of small businesses.
1
Narration:
“Today protecting your business’s information is just as critical as protecting every
other asset you have – your property, your employees and your products. It doesn’t
matter what kind of business you’re in or its size – whether you have one employee or
500. The fact is, your information is valuable and it’s at risk.”
Visual: Matthew Scholl, Group Manager, Security Management and Assurance
Computer Security Division, NIST on camera.
“It’s important that small businesses make IT security a top priority in order to protect
their businesses. They make other security decisions everyday.
They lock their doors, they have alarm systems, they have trusted employees working
behind the counters. They should exercise the same level of security and due diligence
to their IT space where they have just as much exposure.”
Visual: Richard Kissel, Information Security Analyst, Computer Security Division, NIST
on camera.
“Cyberspace is a dangerous place to be. We all are there because we have to be there
because that’s where technology forces us to go right now. And if you don’t understand
that climate and the things that are involved there then you can get into trouble really
quickly.”
Visual: Jane Boorman, Project Manager, Office of Entrepreneurship Education, U.S.
Small Business Administration on camera.
“There are some 26 million small businesses in this country and they all need
to pay attention to the dangers of cyber crime. It’s one of the greatest risks they face ...
Spam has significantly impacted the world through its role in cybercrime and data breaches. It is used primarily to disseminate malware through malicious emails and is a huge vector for cybercrime. Spammers financially benefit through money, reputation, and in some cases their lives. They utilize botnets, which are networks of infected internet devices, to carry out distributed denial-of-service (DDoS) attacks, send spam emails, and recruit more devices to expand their botnets. Antispam companies try to counter spammers but they are not always successful due to the evolving nature of spam and cybercrime.
Deepfakes – The Good, The Bad, And The UglyBernard Marr
The ability to create deepfakes has evolved rapidly, which brings both opportunities and threats. Here we look at the good, the bad, and the ugly of deepfakes in today's and tomorrow's world.
The document summarizes a presentation given to IT departments about common problems they face and ways to address them. It identifies that IT departments often develop a "blame culture" that causes stress. It then describes eight common personality types found in IT, such as the "empty suit" and "scary sys admin". Finally, it recommends actions like implementing a no-blame culture, providing career development through training, and prioritizing employee satisfaction over short-term skills needs.
Stalking a City for Fun and Frivolity" Defcon TalkE Hacking
This document discusses the development of a distributed sensor network called CreepyDOL that could track people in an urban area through passive wireless monitoring and analysis of leaked data from devices. The goal is to demonstrate how much information can be extracted without consent and to shape technology development to better protect privacy. CreepyDOL would use inexpensive hardware like Raspberry Pi boards placed in common objects to passively monitor WiFi traffic and device behaviors. While not actually deploying a full surveillance system, the author aims to educate about privacy risks and push for technical and cultural changes to limit unwarranted data collection and transmission. Concerns are also raised about government overreach in surveillance and prosecution of security researchers.
Similar to KEYNOTE: The Unlikely Romance: Part 2 - What Now? (15)
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionCasey Ellis
The document discusses the increasing adoption of crowdsourced security practices like vulnerability disclosure programs (VDP) and bug bounty programs within critical infrastructure sectors. It notes that while conservative sectors are slower to adopt these practices, regulatory pressure is accelerating their adoption. The document also observes that aging critical infrastructure organizations tend to have many publicly accessible initial access vectors, and that digital transformation compounds this issue. Finally, it discusses moving security practices from a "broke" to "woke" approach, emphasizing the human aspects of security rather than just technology.
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”Casey Ellis
Bugcrowd was founded at an inflection point in the history of the Internet and awareness of cybersecurity. A lot has changed since 2012 - to the cybersecurity industry, to the technology landscape, to the view of hackers as helpful and not just harmful, and - importantly - to the awareness of cybersecurity as "everyone's problem".
In 2023, we find ourselves at a similar inflection point for our space. This keynote unpacks the last 11 years as a predictor of what is next, and as an encouragement and roadmap for budding cybersecurity entrepreneurs and solutioneers.
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCasey Ellis
This deck goes through what Log4j is from ground-level concepts up, explains how Log4j works, how it is vulnerable, how the Log4shell exploit works, how to mitigate the risk and defend against exploitation, and some current observations through the Bugcrowd platform and predictions about what happens next.
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelCasey Ellis
Of all the problems the internet has, there seems to be one that rules them all: It doesn’t understand how to work with it’s immune system.
In this talk I’ll run through the past/present/future of the vulnerability disclosure, and give a run-through of disclose.io: an open-source and vendor-agnostic initiative to make conversations between builders and breakers safe, standardized, and simple. I’ll close with a Call To Action for all participants with simple ways to help and get involved.
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
This document summarizes a presentation on cybersecurity legal issues for companies. It discusses the growing costs and impacts of cyberattacks like data breaches and ransomware. Bug bounty programs that hire security researchers are presented as a way for companies to find vulnerabilities, but they may also increase legal obligations to notify breaches. The role of legal counsel in addressing these issues is examined, including maintaining technical competence. Elements of effective cybersecurity programs and incident response planning are outlined to help mitigate risks and consequences.
The document discusses the debate between full disclosure and proactive vulnerability disclosure. It defines full disclosure as publicly disclosing a vulnerability before notifying the vendor. The document argues that full disclosure is like an unavoidable aspect like death and taxes because parts of the internet will always be poor at proactive disclosure. It lists several reasons why full disclosure is considered bad, such as giving unsophisticated actors access to exploits, reinforcing negative stereotypes of hackers, and scaring people away from supporting proactive disclosure programs. The document concludes by arguing that hyping up low criticality vulnerabilities and clickbaity journalism can hurt the reputation and progress of the security community overall.
Webinar kym-casey-bug bounty tipping point webcast - po editsCasey Ellis
Our 2016 State of Bug Bounty Report announced that bug bounty programs adoption has increased 210% since 2013.
As more and more companies leverage the capabilities of the global researcher community to identify critical vulnerabilities, we must ask...has the bug bounty economy reached a tipping point?
Join Bugcrowd as we unpack the top trends in crowdsourced cybersecurity and review the key findings from The State of Bug Bounty Report 2016.
Webinar: https://www.brighttalk.com/webcast/14415/221275/the-bug-bounty-tipping-point-strength-in-numbers
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...Casey Ellis
Exploring the dynamics and relationship between the hacker community and the engineering coalface. Today’s cybersecurity battle is not a fair fight. The attackers — growing in numbers and sophistication — have overwhelmed the comparatively small pool of defenders. Add an engineering team that’s economically incentivized to ignore security, and you’re off to a bad start. This talk is story of what happens to engineers the first time some random kid 8,000 miles away hacks their stuff as a part of their bug bounty. It’s about its outsourcing the creation of the “oh shit” moment, and seeing your engineering team become a blue team. Why is this about pairing engineering teams with hackers specifically? Because it addresses a marked gap: people who build things for a living paired with people who break things for a living.
AppSecUSA - Your License for Bug Hunting SeasonCasey Ellis
Tweet Share
You don’t need a license for bug hunting season anymore. Bug bounty programs are becoming well established as a valuable tool in identifying vulnerabilities early. The Department of Defense has authorized its first bug bounty program, and many vendors are taking a fresh look. While the programs are highly effective, many questions remain about how to structure bug bounty programs to address the concerns that vendors and researchers have about controlling bug hunters, security and privacy, contractual issues with bug hunters, what happens if there is a rogue hacker in the crowd, and liability and compliance concerns. This presentation will cover the best practices for structuring effective bug bounty programs.
Video: https://www.youtube.com/watch?v=ziUUyA0-zwg
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESCasey Ellis
This document discusses bug bounty programs and their growing adoption. It addresses common objections to running bug bounty programs, such as them being too risky, expensive, or hard to manage. Data is presented showing bug bounties attract talented researchers who find critical issues quickly. Stories from companies highlight how bug bounties help expand security teams cost effectively. The document concludes by advising companies to align expectations, communicate openly, and pay bounty hunters fast and well to have healthy bug bounty relationships.
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesCasey Ellis
Our current approach to security assessment is inherently flawed; automation tools only find what they are programmed to find and penetration testing is extremely limited. Bug bounties build upon and improve upon these existing application security testing tools by harnessing the human creativity of the whitehat researcher community with a pay-for-results rewards model.
As a cyber security veteran, Casey will analyze the evolution of the application security industry over the past several years and address why the existing tools and practices are falling short. With data from hundreds of bug bounty programs, he will also show how bug bounties are bridging the gap between companies who need to find security flaws before they’re exploited, and the hackers at the table ready to help.
https://2017.conference.auscert.org.au/speaker/casey-ellis/
Enigma 2018 - Combining the Power of Builders and BreakersCasey Ellis
This document discusses bug bounty programs and crowdsourced security. It begins by introducing the founder and background of bug bounty programs. Then it discusses the problems they address like growing attack surfaces and skilled labor shortages. It outlines the current state of vulnerability disclosure programs, public and private bug bounties, and crowdsourced security. Case studies show bug bounties are effective at finding complex issues. Researchers tend to be educated with security experience. The future of these programs is seen as addressing consumer and legislative pressures. Tips are provided like starting small, aligning expectations, open communication, fast payment, and getting legal advice. It closes by calling for continued cooperation across stakeholders.
Welcome to the blue team! How building a better hacker accidentally built a b...Casey Ellis
Security practitioners know that the threats that face an organization are always active, and that while defenders need to get everything right, a good attacker only needs to get one thing right. That’s all well and good for security practitioners, but what about the rest of the company? How do you transform security from a rather inconvenient checklist, to a nascent awareness of the threat? How do you get those responsible for providing your attack surface to ‘actually care about whether it’s secure or not?
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
2. whoami
Founder/Chairman/CTO of Bugcrowd
20 years in infosec (Pentester > Solution Architect/Sales >
Entrepreneur)
Pioneered Crowdsourced Security as-a-Service
Proud Australian, husband, and father of two
Lives in San Francisco, California
$ sudo hack.sh $ sudo hustle.sh
7. Barnaby Jack
1977 - 2013
The guy who hacked the pacemakers (RIP)
“Sometimes you have to demo a threat to
spark a solution.”
“We’re not here to f**k spiders.”
8. Rear Admiral Grace Hopper
1906 - 1992
The woman who wrote the first compiler, found the
first bug, and broke most of the molds of computer
science.
“If it’s a good idea, go ahead and do it. It’s much
easier to apologize than it is to get permission.”
“You don’t manage people; you manage things. You
lead people.”
12. Connected vehicle security is top of mind for almost all automotive companies.
Automotive adoption of VDP and crowdsourcing outpaced all other verticals.
Autonomous vehicle security is on the same track.
Swatting XSS is considered table-steaks for ANY company.
A new generation of hardware hackers are tooling up.
Hacking is kinda cool now…
Dick Cheney fixed his pacemaker
Vulnerability disclosure added to FDA docs (Greetz to Suzanne Schwartz)
His methods were reused to reignite the medical security conversation in 2016
If you code in 2019, you can probably thank Grace for that.
13. A bit about Bugcrowd…
We take the latent potential of the white-hat community and
create a safe, effective, and continuous feedback loops with
people who build and deploy technology.
14. We’ve spent the last 7 years connecting
Pirates to the problems only they can solve.
Here’s what we’ve seen.
20. 2014 The year of the retail breach “Hacking happens to me”
2015 Ashley Madison, OPM, Healthcare “Hacking happens to me, and it hurts”
2016 DNC hacks, election interference “Hacking happens to my country”
2017 - 2018
Breaches Breaches Breaches Breaches
Breaches Breaches Breaches Breaches
Breaches Breaches Breaches Breaches
Breaches Breaches Breaches Breaches
“Software is eating the world, and bad guys are
eating the software”
21. If it’s repeated enough times at the dinner table,
it’ll make its way to the Board Room.
26. 2012 Bugcrowd launches Hackers are scary
“Can I meet everyone who
participates in my
program?”
2016
DOD Hack The
Pentagon program
Hackers are relevant
“It’s not a question of if, but
when and how we engage
the community”
2018
Peak cybersecurity
hype
Hackers are cool
“I’d like to pay $1M for a
missing cookie header to
get in Techcrunch please”
*s/hackers/infosec/g
**s/infosec/cybersecurity/g
37. disclose.io - Fixing the Internet’s Auto-Immune Problem
Started by Bugcrowd in 2016
Re-launched in 2018
- Open Source Disclosure Policy
Framework
- Safe Harbor logo recognition
- Public directory of adopters
- Legal standardization of
vulnerability disclosure language
- Safe Harbor for good-faith
hackers
- Rewarding proactive behavior on
the company