Name: ISSA International Series: DevOps/AppSec, The State of the World
Start: 2019-02-26T17:00:00Z
End: 2019-02-26T17:01:57.000Z
Location: BrightTALK
Rating: 5

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

GDPR became one of the first forcing functions to get teams to implement baseline engineering policies within their organization(s), but we continue to see organizations paying fines. Validating external claims made by organizations and helping to evolve policies requires a robust cultural shift. In this talk we'll discuss examples of privacy policy converted to engineering verification scenarios to help engineers or privacy champions embed privacy policy verification(s) within product cycles so policies stay current.

Privacy for the People by the People

Kick-off (or refresh) your mentorship journey with the ISSA Mentorship Program, designed for cybersecurity professionals looking to grow and connect in meaningful ways. Pete Schramm will share how an agile approach to mentorship can help you plan your career, build a Personal Board of Advisors (multiple mentors), and strengthen relationships beyond "just work." Learn what it truly means to be an effective mentor or mentee, how to use career mapping to guide your conversations, and how strong connections within your organization can reduce internal threats by fostering trust and collaboration. Invest in your career and community—this is mentorship redefined for cybersecurity professionals!

Creating & Managing an Effective Mentorship Program, Methods & Best Practices to Consider

This presentation will discuss how to ensure your company has AI policies and plans in place based on industry best practices and applicable regulations.  It will take into consideration the developing frameworks and other quickly evolving regulations. We will discuss the prioritization of ethical and legal use in AI software as well as how to work with relevant stakeholders to understand business considerations and risks.  We will also show how AI can present real opportunities for cybersecurity and why you shouldn’t be afraid to implement it.

A CISO Guide to AI and Privacy

Privacy and security are distinct yet equally important disciplines, each addressing unique challenges. This session will provide a brief overview of what privacy is, its key differences from security, and why these teams must work together. Through practical insights, you’ll learn how collaboration can strengthen compliance, reduce risks, and build trust across your organization.

Privacy & Security: Different But Equal and Why They Need to Work Together

According to recent research, a staggering 60% of breaches happen because of vulnerabilities that go unpatched—even when a fix is available. As the volume of vulnerabilities increases, capacity to address them hasn’t kept up, security teams are often overwhelmed and don’t know where to start. To address this gap, we need a better way to evaluate and prioritize vulnerabilities and the risks they pose to our organizations.
In this webinar, Justin Scarpaci, Technical Strategist at Sevco Security, will provide a framework for assessing risk to prioritize the most critical vulnerabilities for the most effective remediation. In this webinar, he’ll discuss:
  ● Why the first step is to understand where your security tools are – and aren’t – deployed
  ● The limitations around existing vulnerability scoring systems like CVSS
  ● How to better assess likelihood of exploit alongside org-specific intelligence like business impact provides a more complete risk assessment
  ● What signals can be used to determine vulnerability likelihood and business impact
Attendees will leave with practical approaches to apply within their organizations.

Close the Vulnerability Gap: Using Better Intelligence for Better Prioritization

Join us for an engaging session hosted by the ISSA International Apprenticeship, Internships, Mentorship (AIM) Comittee, where we dive into the latest insights from our recent infosec professional study. As the cybersecurity landscape intensifies, professionals face mounting challenges, from resource constraints and evolving skill requirements to balancing time and mitigating real threats. Our research highlights the shared pain points and needs of today’s cyber workforce. 

Guided by the AIM Program’s mission, this webinar will also highlight efforts to bolster the cybersecurity talent pipeline, providing access to quality apprenticeship, internship, and mentorship opportunities. Walk away with actionable data, connections, and a fresh perspective on shaping the future of the cybersecurity workforce.

Navigating Workforce Challenges: Perspectives and Insights of Information Security Professionals

In recent years privacy regulation has taken over the globe. Many companies have made changes to their websites and applications in order to comply with these laws, while at the same time neglecting the changing technical infrastructure upon which those systems are built.  In this session Cory will review the slate of changes imposed by browsers and operating systems in recent years which continue to impact existing architectures, and how those changes impact existing business processes.

Privacy is About More Than Just Regulation

Join us for an enlightening webinar as we explore the intricacies of embracing the Zero Trust Model, from theory to practice. Whether you're a novice or seasoned professional, this session will equip you with expert insights and actionable strategies for implementing Zero Trust principles effectively. Dive deep into understanding the Zero Trust Model and discover how it can revolutionize your cybersecurity approach. 
Join the session to learn how to:
• Understand the foundational principles of the Zero Trust Model and dispel common misconceptions.
• Learn strategic approaches to purchasing technology that align with Zero Trust objectives.
• Discover essential steps for crafting and implementing a robust Zero Trust plan.
• Gain insights into achieving major milestones early in your Zero Trust journey.

Unlocking Zero Trust: A Blueprint for Secure Operations

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Power utilities use a variety of Industrial Control Systems (ICS) to manage their operations which are structured into six independent but interconnected zones: Power Generation, High Voltage (HV) Transmission System Operation (TSO), Medium Voltage (MV) Distribution System operation (DSO), MV Distributed Generation, Low Voltage (LV) power delivery and LV Distributed Generation. Each of these zones includes electrical and mechanical assets, process controllers and communications, which perform local control within their zone and communicate with other zones. The power grid structure described here is in line with the deployment of the Smart Grid architecture, which also includes MV and LV distributed generation, and Industrial Internet of Things (IIoT).

Cyber-Secured Power Utility Operation

Sign up for this talk and ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

This session provides a strategic framework for navigating the complex and chaotic landscape of cybersecurity risks, emphasizing the need for resilience in the face of rising cyber threats. 

The presentation outlines key survival strategies, including developing "meta" systems, cultivating domain awareness, promoting risk awareness, and investing in contingencies and controls. It highlights the importance of establishing Risk Level Agreements™ and integrating business operations with security operations. 

The discussion covers essential topics such as governance, vulnerability management, and the concept of "Cyber Entropy™," focusing on how increasing complexity, dependencies, and external threats challenge cybersecurity efforts. The overall message encourages organizations to embrace risk, acknowledge conflict, and strategically plan for resilience through governance, risk management, and continuous system improvement.

Surviving the Sands of Cyber Entropy, Conflict, Risk and Resiliency

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

The CREF Navigator™ was developed as a web based relational tool distilling the complex concepts and relationships from NIST SP 800-160 Volume 2 (Rev 1) into useful cyber resiliency terms, tables, and relationship visualizations enabling architectural and engineering analysis. The tool contains a hover-over, clickable dictionary of cyber resiliency terms; customizable visualization of complex relationships to other frameworks; the ability to balance and prioritize cyber resiliency choices based on nodal analysis; and export and import capabilities from ATT&CK® Navigator for presentation and analysis. The tool also provides an excellent crash course reference and training tool for those uninitiated to cyber resiliency concepts that is available to the masses via the internet for free.

Demonstration of MITRE’s CREF

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Beyond the Basics: What Firefighting Can Teach Us About Cyber Resilience – Unveiling the IDRRA Framework for Dynamic Defense

What it means to be truly resilient—because in the world of cyber, as in firefighting, preparedness & adaptability are everything. When we think of cyber resilience, we often default to the basics: protect, detect, and respond. But true resilience goes beyond these elements. Just as firefighters don't just react to a fire but prepare, anticipate, and adapt their tactics based on an evolving understanding of the situation, organizations must rethink how they approach cyber resilience.

In this session, I will introduce the IDRRA Framework (Investigate, Declare, Respond, Recover, Adapt), a proprietary approach that borrows from the disciplined, dynamic, and proactive strategies of firefighting to better prepare for and respond to cyber threats. This framework challenges the conventional wisdom of cyber security, moving beyond static defense and response to embrace a more agile, adaptive, and holistic approach to cyber resilience.

Just as firefighting is a mix of preparation, swift response, and continuous adaptation, true cyber resilience requires a blend of technical excellence, operational agility, and cultural commitment. It’s time we stop seeing cyber resilience as a checkbox activity and start treating it as an ongoing operation—dynamic, complex, and ever-evolving.

Join me for this thought-provoking session where we will delve into the IDRRA framework, drawing parallels with firefighting to uncover the unspoken elements of CR that many organizations overlook. Let's explore how adopting this framework can transform your approach to security, turning your organization from a passive defender into a proactive, adaptive force in the face of cyber threats.

What Firefighting Can Teach Us About Cyber Resilience – Unveiling the IDRRA Framework for Dynamic Defense

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Resilience is the ability to remain viable amidst adversity and to be better for it. The world has come to realize incidents will happen. The key is to detect faster and to recover quicker. Malicious actors understand our technical defenses are strong, so they exploit the softer dimensions of people, process, and organization.

In this session, we will level-set the guiding principles of resilience while walking through national and international efforts, including legislation, regulations, and standards. After laying the foundation, the session will map out the core steps to achieve resilience while providing lessons learned and street knowledge so you can make informed decisions.

The President’s Council of Advisors on Science and Technology (PCAST) produced “Strategy for Cyber-Physical Resilience: Fortifying Our Critical Infrastructure for a Digital World.”

The EU enacted the Network and Information Security Directive (NIS2) to raise the level of resilience across the EU. The EU also passed the Digital Operational Resilience Act (DORA) to further bolster the financial services sector. Other nations like Canada have similar efforts.

The session will suggest tools and techniques to facilitate your journey along with metrics, statistics, and case studies to make informed decisions.

Featuring:
• Alex Sharpe: CEO, Sharpe llc
• Adam Isles: Principal, Chertoff Group
• Mark Orsi: CEO, GRF
• Gentry Lane: CEO, CTO & Founder, Nemesis Global
• Dr. Georgianna "George" Shea: CTO FDD and PCAST Member

Panel Discussion: The Report to the President on Resilience

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

This presentation dives into real-world experiences in responding to cybersecurity crises on a global scale and the critical steps for recovery. Drawing from over two decades in the field, Ashley Fairman will share key lessons learned from handling high-pressure cyber incidents across industries from DoD to Big Tech. 

From initial response to full recovery, this session will guide businesses through the process of managing cyber crises and rebuilding with resilience. Key topics will include incident management frameworks, stakeholder communication, regulatory considerations, and long-term recovery planning.

Cyber Crisis Response and Recovery: Lessons from the Field

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

The talk will address the diverse challenges encountered when implementing a comprehensive cyber resilience strategy at scale. These include aligning organizations at different levels of cybersecurity maturity, managing legacy systems, and addressing specific OT-related risks.

Real-World Insights into the Implementation of a Cyber Resilience Program for Industrial Organizations

In this webinar we will present key insights from the latest survey conducted by the Information Systems Security Association (ISSA), highlighting the current state of cyber resilience across various industries. 

This session will explore critical findings, including the effectiveness of cyber defense strategies, emerging challenges, and best practices for enhancing organizational resilience in the face of evolving threats. Attendees will gain a comprehensive understanding of how organizations are adapting to the complex cyber landscape, as well as a valuable benchmark for improving their cyber resilience posture.

ISSA Cyber Resilience Survey Results - 2024

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

Traditional Indicators of Compromise (IoCs) fall short in detecting advanced persistent threats, which are becoming increasingly sophisticated and evasive. The Indicators of Behavior (IoB) Subproject under the Open Cybersecurity Alliance (OCA) aims to overcome these limitations by shifting the focus from static artifacts like virus signatures to dynamic patterns of adversarial behaviors.

This talk will explore the IoB Subproject's efforts to standardize the representation of cyber adversary behaviors, enhance the sharing of behavioral patterns across organizations, and improve analytics for behavior-based threat detection. We’ll also discuss how IoB builds upon the widely adopted STIX2.1 framework, incorporating behavior-based indicators for better detection and mitigation of threats. Attendees will gain insights into the latest developments in threat detection methodologies, including actionable playbooks and workflows designed to streamline incident response processes.

Indicators of Behavior (IoB) for Advanced Cyber Threat Detection

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/6857/

The CRO is a Senior Executive responsible for creating a modern resilience capability. They not only anticipate, defend and adapt to threats by studying the global landscape and asking, "Could this happen to our company?", but also by determining the best strategy to prevent it, and more importantly, do so in a way that positions organizations to capitalize on disruption and uncertainty.

Featuring:
• David Young: Business Continuity and Organizational Resilience Leader, Panasonic Energy of North America
• Chika Okoli: GRC Consultant, Miratech

Making the Business Case for a Chief (Cyber) Resilience Officer

Over the past few years the focus has shifted from ‘does the code have vulnerabilities?’ to issues of ‘could the code have vulnerabilities?’.  Of course the later created the question – How would we know?  Now, just when we thought we understood things, we realize that we are changing again.  Not only is the code and its components are important, but so is the question of the development environment.  This webinar will go cover the state, changes, and new directions we are being faced with.

Moderator: 
James R. McQuiggan, Product & Solutions Security Officer, Service Americas Division, Siemens Gamesa Renewable Energy. 


Speakers:
Derek Weeks, Vice President, Sonatype
Matthew Small, Head of Solutions Architecture, Bitnami
James Rabon, Sr. Product Manager (SSC & Tools), Fortify
Bjoern Zinnsmeister, CEO and co-founder, Templarbit

ISSA International Series: DevOps/AppSec, The State of the World

DevOps

Application Security

Vulnerabilities

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

ISSA International Series: DevOps/AppSec, The State of the World

Presented by

About this talk

More from this channel