Name: Ed TALKS: It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb
Start: 2020-09-01T18:00:00Z
End: 2020-09-01T18:00:59.000Z
Location: BrightTALK
Rating: 4.3

Security Innovation is an authority on software security and helps organizations build and deploy more secure software.  Global technology vendors and enterprise IT organizations such as Microsoft, IBM, FedEx, ING, Symantec, Coca-Cola and GE rely on our expertise to understand the security risks in their software systems and facilitate the software and process change necessary to mitigate them. 

Security Innovation specializes in software security, an area where traditional “information security” and “business” consultants tend to struggle. We have been analyzing application vulnerabilities and risk for almost a decade and were one of the first providers of software risk solutions to Fortune 500 firms. Our unrivaled proficiency in technical analysis, coupled with sound knowledge of business processes, results in world-class solutions that bridge the gap between application security holes and risk management optimization.

In a rapidly evolving digital landscape, cybersecurity has emerged as a critical domain, demanding skilled professionals to safeguard sensitive information and combat cyber threats. Recently, we had the privilege of delving into the insightful review of Ed Adams’ book, ‘See Yourself in Cyber: Security Careers Beyond Hacking.’

This engaging discussion not only explored the challenges and opportunities within the cybersecurity industry but also provided valuable insights into the evolving nature of cybersecurity careers and strategies for success. Join us as we recap the highlights, from breaking misconceptions to promoting diversity and inclusion, and discover how individuals can thrive in this dynamic and ever-changing field.

Inside the Pages of "See Yourself in Cyber": An Author Q&A with Ed Adams

Software continues to run the modern enterprise, and while it has the potential to drive innovation it can also introduce vulnerability. Rapid release cycles often prioritize features over security and hackers are adapting their tactics to target distributed software applications that are increasingly accessible.

Security teams can’t single-handedly address this dynamic threatscape, so organizations must rethink how to strengthen security resiliency. Software teams are on the front lines in preventing vulnerabilities, but to build resilient applications they need to be equipped with security awareness and intimate knowledge of architecture, integration points, and deployment environments.

Topics covered include:

- Root causes of prominent software-borne breaches
- Taking inventory of teams (and going beyond developers)
- Building essential awareness - security principles, attack vectors, and threats
- Being early to the (3rd) party – mitigating API, open-source, and cloud risk

Building Security from Within: Empowering Software Teams for Cyber Resilience

Baking security into applications earlier in the software development lifecycle has become the mantra of the enterprise today, with software development and security teams working closely together to ensure more secure coding throughout the development process to ensure safer and more secure applications. But what about mobile apps?

In this webinar, experts will discuss strategies to integrate security tasks across all phases of the mobile app development lifecycle: design, development, and regular testing, with the goal of finding and fixing vulnerabilities or issues efficiently in the dev process. You will also get advice on how to employ tools and practices to support your dev and security teams in this new generation of collaboration for more secure software development for your organization's mobile apps.

- Explore what a “shift left” requires of both development and security teams
- Get advice on how to put security first without stifling software innovation
- Find out about the emerging role of AI in DevSecOps

Presented live by featured speakers Dr. Jason Clark and Dinesh Shetty, Moderated by Becky Bracken.

DevSecOps for Mobile App Development

Modern software development demands a balance between speed, efficiency, and security. DevOps, the fusion of development and operations, aims to achieve this balance by optimizing the software development process for rapid delivery. While the successful integration of security practices empowers organizations to ensure systems remain resilient, many companies have been reluctant to move to DevSecOps, fearing it will be complex and time-consuming.

In this webinar, we explore best practices for seamlessly integrating security into DevOps to ensure that software development doesn't compromise security in its quest for speed.

Join us as we discuss:
- Driving collaboration between Development and Operations
- Customized Policies & Governance for awareness and adherence
- Managing Third-party risk
- Eliminating Bottlenecks
- Upleveling Skills to Empower Teams
- Leveraging risk-based assessments and threat modeling to guide the DevSecOps process

Still Developing Software the Old Way? Best Practices for Migrating to DevSecOps

When it comes to keeping technical audiences apprised of security challenges, success is all about relevance and interest. Simulation training and tying training to a learner’s job function are emerging as some of the most effective ways to help learners retain knowledge. By utilizing hands-on training methods that immerse users into the technical environment they encounter daily, one can enumerate security risks in a context that is both familiar and engaging. This talk discusses methods to create engagement, lasting behavior change, and, dare we say, enjoyment for your technical workers.

Join us for a webinar with The Training Industry, where your host, Ed Adams, author and CEO of Security Innovation, and Michael Hendrickson, former vice president of technology and development products at Skillsoft, will discuss what thought leaders are saying about growing threats and the importance of good cybersecurity hygiene, as well as the most effective training methods for technical audiences in 2024. Skip the guesswork and get ahead with up-to-date methods and insights — you’ll be glad you did.

Our interactive webinar will provide you with valuable insights on:

- The Power of Relevance in Security Training: Discover why tailoring cybersecurity training to an individual’s job function leads to better knowledge retention.
- Engagement Through Simulation Training: Learn about the effectiveness of immersive, hands-on simulation training for technical audiences.
- Creating Lasting Behavior Change: Explore methods to engage technical teams in cybersecurity hygiene, resulting in lasting behavior change and enhanced security.
- Industry Insights and Trends for 2024: Gain knowledge on growing security threats and the most effective and up-to-date training methodologies for 2024.

Training Techies on Security: It’s Not Rocket Science!

DevOps is often characterized as a mindset shift, but that undermines the critical cogs that actually make it work - the people, technology, and processes.

Ed TALKS: Movers & Shakers in DevSecOps

On top of the usual threats inherent to IT networks, applications, and cloud services, the complexity of medical devices creates a massive and distributed attack surface. Compounding the challenge are long-life expectancy and third-party dependency.

Attend this panel to hear healthcare security experts discuss the anatomy of medical devices, how to design them with human safety in mind, and how to make a shared security responsibility model a reality.

Specific topics include:

• The Prescription - security measures the FDA and others are demanding
• The Skeleton - the rickety infrastructure healthcare runs on
• The Brains - is SaMD (Software as a Medical Device) the new world norm?
• The DNA - what Software Bill of Materials (SBOMs) tell us about risk
• The Immune System - why traditional IT defenses struggle to protect patients
• The X-Rays - the need for new surveillance techniques

Ed TALKS Modernizing Medical Device Security: A New Perspective on Old Practices

While traditional assessment techniques like pen testing and scanning are effective at catching issues before software is deployed, they are simply not scalable given today’s accelerated releases. To release software with confidence, organizations need to address their core issue – people & process gaps.   

This webcast will demonstrate how implementing core security activities into your SDLC and augmenting with role-specific training will yield more self-defending software. Topics include:

- Today’s software security landscape and challenges
- Breaking the Find & Fix hamster wheel
- Fusing activities (the what) and skills (the how) to amplify risk reduction

People & Processes: The Yin and the Yang of Software Security

Are you ready to take your team's software security skills to the next level while having a ton of FUN? Look no further than our newest CMD+CTRL Cyber Range – Shadow Health!

Shadow Health is a gamified, fully-functional health management portal where unwitting patients log in to set appointments, view prescriptions and visit summaries, and more. Since you are already familiar with how a portal like this works, your challenge is to dive right in to identify weak spots in the software across multiple attack surfaces, exploit them, and take out the bad guys behind this nefarious site.

This strangely “unhealthy” cyber range goes one step further than our previous ranges with 14 challenge categories that require diverse skill sets and expertise from multiple areas of the software organization to solve them. While this range doesn’t require any special “hacking tools,” this is considered an intermediate-level range and is a perfect follow up to any one of our Core ranges - particularly Shadow Bank, Shred, Account All or InstaFriends.

Join us on Wednesday, June 14th at 11:00 AM EST to learn how Shadow Health can enhance your team's application security skills by providing real-world experience - from combating threats to identifying and exploiting weak spots. Whether you're a current customer or considering investing in CMD+CTRL training, this webinar is a must-attend event. We'll even include a short demonstration of Shadow Health in action!

Don't wait! Sign up now to take the first step toward a more secure future for your organization.

Introducing Shadow Health, the Game-Changing Cyber Range

As the notorious cybersecurity skills gap widens, organizations look for effective ways to up-level competency across diverse roles and abilities. However, they need help understanding whom to train, the most effective methods, and how to sustain a security culture.    
 
In this webcast, Security Innovation’s adult learning expert will put Dr. Ponemon on the “hot seat” and press for insight into key findings of his most recent research on cybersecurity training benchmarks. She’ll then discuss the power of simulation training and how organizations have used it to change security behavior.
 
Topics include:
 
• Training & Organizational Maturity – Adopting more best practices increases an organization’s security effectiveness score (SES).
• Highest Impact Activities – Learn about realistic simulation, role-based content, and measuring ability.
• Simulation Training in Business Environments – How it’s different from gamification and builds skills other modes can’t.

About the Presenters:

Dr. Larry Ponemon is a legend in cybersecurity and privacy research. His think-tank, The Ponemon Institute, is a frequently cited and globally recognized source for independent security analysis. Security Magazine named him one of the “Most Influential People for Security.” Dr. Ponemon has held tenured faculty positions and published numerous articles and educational books.
 
Amy Severson, Dir. Customer Success, Security Innovation, manages a team that works closely with globally recognized brands to ensure their cybersecurity training programs are sticky, measurable, and successful. She has extensive experience up-leveling skills for thousands of Software & IT engineers at companies like Microsoft, Accenture, McKesson, Staples, Tesco, Target, and others. Amy has expertise and passion in immersion learning, and she earned her M.A. in Education & Human Development, Educational Technology Leadership from George Washington University.

Making Security Skills Stick – Findings from Ponemon Research

Join Mathieu Gorge, CEO of Vigitrust, and three esteemed co-authors for an Ed Talks to discuss the best-selling book "The Cyber Elephant in the Boardroom" - a real-world playbook for cybersecurity approaches and accountability. This dynamic panel will explore how businesses have adapted to an increasingly digital landscape, why cloud security is critical for application safety today, tips for incorporating robust protection into any coding process and delve into the implications of potential cyber risk at boardroom levels.

The Panelists:

Mathieu Gorge, an internationally acclaimed cybersecurity expert, is the founder and CEO of VigiTrust, a risk management company. With his prolific work in this field recognized by Forbes - authoring 'The Cyber Elephant In The Boardroom' - he's set to release his second book due out summer of 2023!

Cathy C. Smith is a leading authority in the DX space, pushing boundaries and driving innovation through her experience with major global organizations such as Deutsche Bank and Dell. She is the founder of Women in Tech NJ & NY. Her book "How to Become a Digital Leader" provides insights on leading organizations into emerging technologies that remain future-proofed for success.

Nick Vigier is a highly esteemed cybersecurity expert with extensive knowledge and experience in the field. He has been a CIO or CISO at many successful companies, including Talend, Sony, and Gemini. His vast knowledge makes him the go-to expert for media outlets looking to understand the ever-changing security landscape.

Ed Adams is a leading software quality and security authority, offering over two decades of expertise. As President & CEO of Security Innovation, creator & host of 'Ed TALKS' and board member for Cyversity – he's established himself as an industry thought leader with invaluable insights to share.

Ed TALKS: The Cyber Elephant in the Boardroom

Overwhelmed by this year's industry predictions? Take back your time and avoid forecast fatigue as our industry experts have combed through the top reports to uncover essential insights and shed light on the best, and the worst, Cloud Security predictions for 2023.

Join our three industry experts as they de-bunk some of the top predictions and offer their own. Featuring research from the Cloud Security Alliance, our diverse panel of published authors will provide a deeper understanding of what to focus on for this year – including bonus “dark horses”!

The ‘Can’t Miss’ Panel:

Shira Rubinoff: A top cybersecurity influencer with 20,000+ LinkedIn followers; an entrepreneur, executive, board member, and advocate for women in cyber.   

John Yeoh: The VP of Research at the world’s leading organization dedicated to defining best practices to help secure cloud computing environments.

Matthew Rosenquist: A trusted, respected CISO highly sought after as a conference keynote speaker, strategic advisor, and educator.

Ed TALKS: Keep Your Head in the Cloud | The Uncensored Security Forecast

Culminating over 20 years of proven, industry-leading software security expertise, we've introduced the Security Innovation Cyber Skills Competency (SI-CSC) certification program. This program is designed to recognize and distinguish employees as having demonstrated high-level software security competencies that are modern and relevant to today's security-minded software creators.

In this webinar, Senior Director of Product Marketing Fred Pinkett will explain some of the existing certification programs (and their limitations), who should get certified (and why), and how the SI-CSC certification fits into a more comprehensive application security training program.

Introducing: Security Innovation Cyber Skills Competency (SI-CSC) Certifications

Many organizations are “shifting left” to introduce security earlier in the software development lifecycle (SDLC). The benefits are more secure software, lower risk, and more efficient software delivery. This means training developers and other roles in the process on the skills and knowledge they need to shift left. This webinar will discuss what training is needed and how to deliver it.

Shifting Software Security Training Left

In recent years the cybersecurity industry enjoyed high valuations, rapid growth, and the creation of many ‘unicorns.’ However, the industry has also had its fair share of overhyped expense/debt-laden companies. Cybersecurity investors have pumped the brakes with a global economic slowdown and generational inflation. Path-to-profitability has quickly become a paramount metric, once de-prioritized for growth, often despite massive losses.

This Ed TALKS will feature diverse perspectives from a cybersecurity investment banker, entrepreneur/executive, and venture capitalist.  Attend to hear how today’s technology and investment trends are changing the way we operate in cybersecurity and get expert advice on:

• Challenges of running a VC/PE-backed cybersecurity company
• Valuation calibration and investment appetite
• Metrics to watch closely, stress, or de-emphasize
• ‘Red herrings’ cyber leaders need to avoid chasing

Ed TALKS: Cybersecurity M&A – True Tales From All Sides

Addressing software security requires more than just the ‘secure code training’ approach that many organizations use and vendors sell. This webinar will help you understand why you need to go beyond the code to keep your organization’s software secure, and how to do it.

How ‘Secure Code Training’ Leaves Organizations Vulnerable & What To Do About It

Modern application design and the continued adoption of DevOps expand the scope of automated security testing and push tools to the limit. Simultaneously, complex platforms like IoT and Blockchain require more specialized tools and skills.

With software applications being more assembled than coded, and cloud CI/CD accelerating release, it’s time to sunset some legacy tools and consider new ones.

Come hear how product and application security professionals plan to scale software securely in 2022.

• The traditionalists: SAST, DAST, IAST
• Replacement players: SCA, API & container security, etc.
• New Kids on the Block: IaC, cloud native, fuzz
• Limitations, pitfalls, and best practices

Ed TALKS: Scaling AppSec – Getting Tools to Perform

Your team's first exposure to new threats should happen on OUR platform - not yours. With new CMD+CTRL Labs, your teams will build skills through hands-on exposure to modern threats. They'll learn to identify and mitigate vulnerabilities, gain new techniques to defend against attacks, and learn to write safer code - all on a single, easy-to-use training platform. 

Please join us to learn:

• Why first exposure is important to you
• How Labs transform new concepts into tangible skills
• How Labs help to modernize and up-skill your teams
• You'll also see a demonstration of two new lab types – Skill Labs and Learn Labs

CMD+CTRL Labs: A Bridge to Better, More Secure Software

Ed TALKS: How to Train IT Teams for Security

Ed TALKS: Keeping Secrets – The Future Threats to Data are Here

Ed TALKS: Diversity & Inclusion in Cybersecurity – Reaping the Rewards

Security’s Three-Ring Circus: Cloud, Supply Chain, and Staff

Ed TALKS: Securing Microservices in Today’s Fast, Feature-Driven SDLC

Ed TALKS: Security Upskilling Software Teams

Are IoT & BYOD dead? Why today we live with the Enterprise of Things

Steal the Attackers Playbook with Purple Teams

Ed TALKS: Privacy in a Gossipy, Digital World

Are we there, yet? Measuring effectiveness of InfoSec programs

Ed TALKS: SolariGate – Avoiding Supply Chain Burns

Ed TALKS: Fast-Tracking Software Assurance, Making Security Part of Software Dev

Ed TALKS: Paying it Forward – Securing Technology in the Payment Ecosystem

Ed TALKS: Cloudy at the Breach – Your Software, Your Data, Your Loss

Ed TALKS: Back to Basics: The Imp. of Security Principles in Technical Roles

Ed TALKS

With the proliferation of COTS, Open Source Software, libraries, frameworks, APIs, and other components, modern software is increasingly assembled instead of coded from scratch. While this shift helps deliver feature-rich solutions and interoperability, it also introduces risk and data security challenges.

To manage 3rd-party risks, new assessment and mitigation techniques are needed. Fixing the code is often impossible, pen testing can be limiting, and patching still leaves you exposed.     

Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals, including:

JOHN MASSERINI
Global CISO, Millicom (Tigo) Telecommunications
An industry-recognized leader, John has decades of experience providing Information Security services to multinational organizations in diverse verticals. He is a prolific author and speaker and previously served as CISO for MIAX Options Exchange and Dow Jones.  

CHARISSE CASTAGNOLI
General Counsel & Manager,  Instapay Flexible LLC
Charisse has over 30 years of experience in the IT industry.   She combines her technology expertise with security and legal skills to help organizations meet their security and compliance needs.  She is an adjunct Professor of Law at John Marshall Law School.    

FRED PINKETT
Product Director, Absorb Software
Fred is a technology expert with 20+ years of experience in the SaaS, Cloud, and cybersecurity fields.   Throughout his career, he has worked closely with engineering and marketing teams to bring high-quality and secure products to the market.

Join us the hear these experts debate the following topics:
- Conducting software composition analysis (SCA) 
- Assessing threats and impacts
- Risk-rating your inventory
- Selecting the right controls

Ed TALKS: It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb

COTS

Cloud

Cloud Security

Application Security

Threat Management

Supply Chain

Attack Vectors

SDLC

AppSec

Cloud Applications

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Ed TALKS: It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb

Presented by

About this talk

More from this channel