Name: Update Your Application Security Strategy
Start: 2022-08-18T15:00:00Z
End: 2022-08-18T15:01:00.000Z
Location: BrightTALK
Rating: 4

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Identity governance and administration (IGA) programs are critical for managing enterprise security and compliance, yet many organizations face persistent challenges. Operational inefficiencies, reliance on manual processes, and the growing complexity of managing diverse applications and identities often hinder success. As the digital landscape evolves, the stakes are higher than ever for enterprises to modernize their IGA strategies.

This session explores the latest research from Omdia, revealing how leading organizations are addressing these challenges. From leveraging AI agents to automating workflows, discover actionable insights that can transform your IGA program into a driver of business value. Whether you’re refining an existing initiative or planning a new one, this session will equip you with the tools and strategies to stay ahead in 2026.

Join Todd Thiemann, Principal Analyst at Omdia, to uncover what’s working, what’s not, and where the future of IGA is headed.

Takeaways:
- Strategies for integrating more applications while controlling costs.
- Insights into rationalizing workforce identity security tool portfolios.
- The role of AI agents in combating deepfakes and enhancing automation.
- Best practices for governing non-human identities (NHIs) and AI agents.
- Key trends shaping the future of enterprise IGA programs.

Elevating Enterprise IGA Programs for the Future

The rapid growth of digital identities, evolving compliance demands and advanced cyber threats have made identity governance and administration (IGA) a critical priority for modern enterprises. Without a structured governance framework, organizations risk operational inefficiencies, data breaches and reputational harm. Issues like access sprawl and privilege misuse are no longer just IT concerns—they are pressing business challenges.

This session will explore how businesses can implement effective IGA strategies to manage identities, ensure compliance and mitigate risks. Learn how to align tools, policies and processes into a cohesive framework that supports enterprise-wide governance. Discover actionable steps to build a compelling business case, standardize global implementation and achieve quick wins that drive executive buy-in.

Join Vincent Amanyi, Founder of Boleaum Inc. to gain practical insights and proven strategies for enabling IGA success at scale.

Key Takeaways:
- Build a persuasive business case to secure board-level approval for IGA initiatives.
- Define a scalable implementation model for geographically dispersed organizations.
- Benchmark and strengthen your organization’s IGA foundation.
- Discover quick-win strategies to accelerate IGA adoption and demonstrate ROI.

Mastering Identity Governance: Strategies for Enterprise Success in 2026

Identity and access management is at a crossroads. Reliant on passwords and centralized directories, traditional IAM can’t meet the demands of today’s distributed infrastructures and increasingly sophisticated cyber threats. As businesses expand their digital presence, they need adaptable, privacy-preserving solutions to safeguard their assets and ensure seamless operations across ecosystems. But implementing these approaches isn’t without its challenges. 

Modern IAM offers transformative opportunities through decentralized identity models and blockchain-enabled verifiable credentials. These replace static identifiers with cryptographically signed proofs, allowing organizations to achieve tamper-proof identity verification, transparent lifecycle management and enhanced privacy. These new solutions align with zero trust principles, paving the way for trust-minimized environments that prioritize security and user control.

Join Yeghisabet Alaverdyan, Senior Researcher and Associate Professor at IIAP MESCSA RA, to share her insights on how the latest IAM strategies are redefining identity management for the modern age.

Takeaways:
- Discover why traditional IAM systems are not suited to modern infrastructures.
- Learn how decentralized identity models enhance security, privacy and user autonomy.
- Understand the role of blockchain in verifiable credentials and tamper-proof identity management.
- Explore how emerging IAM protocols align with zero trust principles. Gain actionable insights to future-proof your organization’s identity strategy.

Modern IAM: Decentralized Solutions for Evolving Threats

Organizations excel at documenting incidents but fail catastrophically at remembering them. Between audits, hard-won lessons evaporate, cultural knowledge resets to zero and enterprises find themselves vulnerable to the same predictable risks that should have been eliminated months ago.

This session reframes security culture as a living control system where organizational memory becomes your strongest defense. Discover how to transform retrospectives into measurable feedback loops, quantify learning as risk reduction and embed institutional knowledge into governance frameworks that create compounding resilience rather than cyclical vulnerability.

Join Oksana Denesiuk, Senior Product Manager at Kaiser Permanente and ISSA Advisory Board Member, to explore proven methodologies for building unbreakable organizational memory.

Key Takeaways: 
- Track how lessons learned translate into behavioral change and improved security posture. 
- Build lasting organizational memory through structured post-incident processes that strengthen defenses over time.
- Measure how well your organization learns from incidents and translate that into reduced security risks.
- Transform retrospectives into measurable feedback loops that prevent incident recurrence. 
- Embed organizational knowledge into leadership and accountability models for sustained cultural transformation.

Transform Security Culture into Measurable Organizational Memory

As organizations embrace AI systems and hybrid workforces, traditional security cultures focused only on human awareness can no longer address today’s complex risks. AI operates at machine speed, influencing decisions and actions in ways that demand a more integrated approach to managing security. Without a culture that accounts for both human and AI behaviors, organizations risk blind spots that could undermine trust, governance, and resilience.

Security culture needs to become a shared model where leadership, governance and incentives guide both human decisions and the design, training and accountability of AI systems. By viewing AI actions as part of the risk landscape and aligning human and machine behaviors with business goals, security leaders can transform culture into a measurable control and a strategic advantage in an AI-driven world.

Join Sandra Estok, CEO & Founder of Way2Protect, to uncover practical strategies for managing security behaviors, bridging human and AI risks, and effectively communicating with executives and boards.

Key Takeaways
- Understand how security culture must evolve to address both human and AI-driven behaviors.
- Learn to treat AI actions as part of the organization’s risk surface.
- Explore practical methods to measure security behaviors in hybrid work environments.
- Discover how leadership decisions shape human conduct and AI system outcomes.
- Gain techniques to communicate human and AI risks to boards in clear business terms.

Evolving Security Culture: Aligning Human and AI Risks for Business Resilience

Since technology cannot keep us completely protected, organizations must embrace a culture of cybersecurity to build true resilience. This cultural transformation is essential to safeguard against risks and ensure readiness to respond effectively when incidents occur.

This session explores how leading organizations are embedding cybersecurity into their values, attitudes, and practices. By fostering a culture of resilience, businesses can strengthen their ability to anticipate, adapt to, and recover from cyber threats. Learn why every manager has a pivotal role in shaping this culture and how to implement strategies that drive lasting change.

Join Dr. Keri Pearlson, Principal Research Scientist at MIT Sloan School of Management, to explore actionable steps for building a culture of cybersecurity that protects your organization and empowers your workforce.

Takeaways:
- Understand cyber resilience thinking and how it differs from traditional protection strategies.
- Discover key mechanisms for fostering an effective cybersecurity culture.
- Gain actionable insights for managers to enhance resilience at work and home.
- Learn from real-world examples of organizations successfully embedding cybersecurity into their culture.

Building Cyber Resilience Through Culture in 2026

Mergers and acquisitions create exponential cyber risk exposure, yet many organizations lack quantified risk frameworks to guide critical business decisions. As cyber threats evolve and regulatory scrutiny intensifies, executives need concrete data to balance growth opportunities against security investments.

Traditional risk assessments fail during rapid organizational change. This session reveals proven methodologies for translating cyber vulnerabilities into financial impact metrics that drive boardroom decisions. Learn to build communication frameworks that align security investments with business objectives while maintaining stakeholder confidence throughout complex organizational transitions.

Join Vincent Amanyi, Founder of Boleaum Inc, to explore actionable strategies for enterprise cyber risk quantification and communication.

Key Takeaways: 
- Develop risk appetite frameworks that identify, prioritize, and absorb organizational risks with minimal business disruption. 
- Master cyber risk quantification techniques that assign tangible dollar values to security threats across all business levels.
- Build structured communication models to effectively convey cyber risk criticality to diverse stakeholder groups. 
- Implement scalable cybersecurity benchmarking practices for growing organizations. 
- Create boardroom-ready risk reports that support strategic decision-making during M&A activities.

Quantify Cyber Risk Impact for Strategic M&A Growth

Breaches have become a daily reality. Dark web activities and emerging threat vectors outpace traditional defenses, creating blind spots that adversaries readily exploit. Without early warning systems, businesses remain vulnerable to sophisticated attacks that could have been prevented.

Effective Cyber Threat Intelligence (CTI) transforms raw intelligence into actionable insights that enable proactive defense strategies. This session demonstrates how to operationalize intelligence, map adversary tactics to business risks, and implement early warning systems that prevent breaches before they occur. Learn to distinguish signal from noise and convert threat intelligence into measurable risk reduction metrics that resonate with executive leadership.

Leverage Cyber Threat Intelligence for Proactive Risk Mitigation

Open-source software drives enterprise innovation, but unmanaged vulnerabilities create operational risks and regulatory exposure. As cyber threats evolve and compliance frameworks tighten, executives face mounting pressure to balance innovation speed with robust security governance.

Traditional approaches to OSS security often create friction between development teams and security requirements, leading to shadow IT practices and increased exposure. This session presents proven frameworks for integrating security into OSS workflows while maintaining developer productivity and meeting emerging regulatory demands like the EU Cyber Resilience Act.

Join Yesenia Yser, Security Engineer and Open-Source Advocate, to explore enterprise-grade strategies for OSS risk management.



Key Takeaways: 

Implement governance frameworks that protect OSS dependencies without slowing development
Create shared accountability between security, procurement, and engineering teams
Apply SLSA, SBOM, and OpenSSF standards to build enterprise-wide security trust
Balance regulatory requirements with collaborative open source community practices 
Turn OSS security management into a strategic business differentiator

Securing Open-Source Dependencies at Enterprise Scale

The current data security and privacy protection landscape is awash with tools, acronyms, buzzwords that promise to make data breaches and privacy incidents a thing of the past. Yet hotel chains, healthcare providers, banks, department stores and even governments constantly fall victim to data breaches, ransomware or nation-state attacks. 

The plain truth is that tools are only as good as the people that use them and the processes that go with it. Two thousand years ago, the Roman empire had better military tools than the nations they conquered. Yet through time, the Romans fell to the barbarians and are merely remembered through their ruins. Likewise, companies with the latest and most buzzworthy technology implemented still manage to fall victim to attacks. 

In this presentation, industry thought leader Ralph Villanueva will tap into over 15 years’ experience of data security and privacy protection to show why ultimately, the people behind the tools and the processes they use matter more in securing your organization’s data. 

Key Takeaways:
 - How to best deploy tools in the most cost-effective way to optimize benefits.
 - How to best deploy tools to mitigate data security risks from internal and external threats. 
 - The importance of a balanced and holistic approach to data security that equally considers people, processes and technology.

Tools are Nothing: Why People and Process Matter More in Data Security and Privacy

Data security has entered a new era, one defined by AI-powered threats, expanding cloud ecosystems, and evolving global privacy regulations. 

This session presented by TD Bank's Pankul Chitrav explores the critical shifts reshaping how organisations must protect sensitive information in a boundaryless digital world. We will break down the top risks, the essential capabilities of modern security architectures, and the must-have tools for protecting data across endpoints, cloud platforms, and AI workflows. From zero trust to automated posture management and advanced data discovery, you’ll learn what’s required to stay ahead of adversaries and maintain compliance. Whether you’re modernising your security program or building one from the ground up, this talk equips you with the insights needed to create a future-ready data protection strategy for 2025 and beyond.

Future-Ready Data Protection: Securing Modern Data Ecosystems in an AI-Driven World

Cyberattacks are continuing at pace and we're regularly hearing of new data breaches. But who is responsible for ensuring the security of personal data? 

Traditional data protection approaches are failing against modern attack vectors. Organizations need future-ready strategies that go beyond compliance checkboxes to create resilient security frameworks. In this session, we'll explore the current risks to personal data & privacy and delve into the range of models that can be used to protect your organizations critical assets.

This webinar will take you through examples of recent data breaches, identifying the challenges being experienced, learning from what went wrong and how best organizations can plan for the future. Such planning will investigate current good practice, adding some “steroids” to them such that organizations can hopefully stay in front of the next “breach”!

Steve Yates – Chairman of the Resilience Association, will share frontline experience about critical data assets security and protection of user privacy.  

Key Takeaways:

- Be aware of the challenges being experienced in the protection of data security & privacy;
- Understand how best to plan your data resources and capacity to meet tomorrow’s defense;
- Discover the core organizational elements needed for the establishment of a strategic, tactical and operational solution

Strengthen Data Security Strategy for Tomorrow's Resilience Defense

AWS infrastructure offers robust native security mechanisms, but the shared responsibility model places critical configuration burdens on app owners. This creates gaps that attackers can actively exploit through misconfigurations, privilege escalation, and cross-service vulnerabilities which can compromise entire cloud deployments.

Security automation emerges as an essential defense strategy for threat modeling, enabling businesses to enforce security best practices from deployment through ongoing operations. Automated security controls provide continuous monitoring, real-time threat detection, and optimized remediation across AWS services. This ensures a consistent security posture while reducing human error and response times.

Join Ernesto Marquez, Founder and Project Director at Concurrency Labs, to explore proven AWS security automation strategies for threat mitigation.

Key Takeaways: 

- Implement automated security controls that enforce best practices across AWS services 
- Deploy continuous monitoring and real-time threat detection for multicloud environments 
- Configure automated remediation workflows for common security vulnerabilities 
- Integrate AWS security automation tools into comprehensive threat modeling frameworks 
- Establish governance policies that maintain security consistency across cloud deployments

Deploy Automated AWS Defenses for Threat Prevention

As cloud supply chain attacks escalate in sophistication, traditional SBOMs alone prove insufficient for comprehensive security. While SBOMs provide valuable component inventories, they lack runtime verification capabilities—creating a critical blind spot that malicious actors increasingly exploit. This gap between static analysis and runtime behavior represents one of the most significant vulnerabilities in modern cloud environments.

The "Bill of Behavior" (BoB) approach addresses this challenge by providing vendor-supplied profiles of expected runtime behaviors. Generated using eBPF technology, BoBs codify legitimate syscalls, file access patterns and network communications. This enables immediate anomaly detection without custom rule creation, allowing organizations to verify software integrity throughout the supply chain and during execution, dramatically reducing the attack surface while simplifying security operations.

Join Dr. Constanze Roedig, Key Researcher at SBA-Research and Founder of Fusioncore.ai, to discover how this emerging standard complements existing SBOM frameworks to create verifiable trust in your cloud ecosystem.

Key Takeaways:
- Understand how Software Bills of Behavior (SBoBs) create verifiable trust between vendors and clients
- Learn practical implementation strategies using existing OCI distribution standards
- Discover how BoBs significantly reduce attack surfaces across both runtime and supply chain vectors
- Explore immediate benefits of receiving vendor-supplied behavior profiles with software packages
- Discover how CNCF Kubescape allows anomaly detection out of the box

Beyond SBOMs: Runtime Verification for Bulletproof Cloud Supply Chains

Organizations are rapidly adopting AI technologies without fully understanding the security implications. This is creating unprecedented vulnerabilities in cloud environments. In turn, with AI accessible to all stakeholders, the human factor has become the weakest link in cybersecurity defense strategies.

This session addresses critical considerations for IT and cybersecurity leaders to balance business innovation with risk management. Learn how to establish ethical AI frameworks, implement proper access controls, and build awareness programs that protect your organization while enabling AI adoption.

Join Kathleen Mullin, vCISO and Consultant, to explore practical strategies for securing AI in cloud environments while maintaining business agility.

Key takeaways:

• Define clear RACI matrices for AI business risk ownership and accountability 
• Assess whether AI solutions truly meet business requirements vs. alternative approaches
• Establish data governance and access controls specifically for cloud-based AI systems 
• Develop comprehensive AI awareness programs for organizational stakeholders 
• Evaluate current and future cloud AI risks within your security framework

Considerations: Securing the Cloud And In Specific AI

As organizations accelerate cloud adoption, sophisticated security technologies often create a false sense of protection while the most significant threats emerge from within. Human behaviour continues to be the weakest link in cloud security, not due to malicious intent, but through everyday mistakes that inadvertently expose critical systems.

When they create friction, security measures designed to protect can inadvertently increase risk as users will find shortcuts to achieve their legitimate objectives. This session explores the psychology behind user decision-making and reveals how threat actors exploit human nature to bypass cloud defenses, turning legitimate business processes into attack vectors.

Join Simon Ratcliffe, independent management & technology consultant, to discover practical strategies for human-centered cloud security.

Key Takeaways:

- Identify psychological triggers that make users vulnerable to cloud-based attacks 
- Recognize how security friction drives risky user behaviors and workarounds
- Design user-centric security that reduces human error without compromising protection 
- Develop indicators to detect insider threats before they escalate 
- Build security awareness programs that create lasting behavioral change

Securing the Human Element: Why People Remain Cloud Security's Top Vulnerability in 2025

Insider threats are one of the most challenging security risks in multicloud environments, where authorized users can exploit fragmented access controls and limited visibility across platforms. When organizations lack comprehensive oversight of user activities, data flows and privilege escalation paths, the risk posed by human error and malicious insiders is much greater.



Multicloud architectures amplify insider threat risks through inconsistent identity management, scattered audit trails, and complex permission structures that create blind spots for security teams. Strategic threat modeling designed around insider risks enables organizations to map user access patterns, identify privilege abuse scenarios, and implement behavioral monitoring across all cloud platforms before incidents occur.



Join Sandeep Tripathi, IT Solutions Designer at Daimler Truck AG, to discover systematic approaches for detecting and preventing insider threats in complex multicloud environments.



Key Takeaways: 

- Identify insider risk scenarios across cloud platforms using threat modelling frameworks
- Implement comprehensive user behavior analytics and cross-cloud activity monitoring
- Limit insider threat impact and lateral movement using zero-trust access controls.
- Develop incident response protocols for insider-driven security breaches
- Create governance frameworks for managing privileged access in multicloud environments

Mitigate Insider Threats in Multicloud Through Strategic Modeling

Every minute your cloud infrastructure grows, it creates new entry points for potential attacks. As organizations rush to embrace cloud innovations, they're unknowingly building digital labyrinths where traditional security measures fall short.

Cloud security threats are often perceived as purely technical challenges, but the human factor remains one of the most significant and underestimated risks. Misconfigurations, weak passwords, phishing attacks, and inadequate training open doors to breaches even in sophisticated environments. Employees inadvertently expose sensitive data through social engineering, while administrators overlook crucial updates. Insider threats pose significant risks when cloud systems are accessible from anywhere.

Join Jyotirmayee Pradeep Kumar, Vice President of Cloud DevOps at a leading global bank, to explore human factors in cloud security threats.

Key Takeaways: 
- Human error as the leading cause of cloud security breaches 
- Phishing attacks and social engineering threat vectors 
- Managing insider threats in distributed cloud environments 
- Essential security awareness training and culture development 
- Zero Trust architecture implementation strategies

Managing Human Risk in Cloud Security Operations

Ransomware has plagued a wide range of organizations for several years and instead of getting better it’s getting worse. On the surface it appears the controls organizations are deploying aren’t working. But more correctly, organizations are failing to deploy the right controls. Attend this session to learn how to stop ransomware and all the *wares. You will leave this session with a manageable list of actionable steps to secure your environment and ensure your organization vaults above the cybersecurity poverty line!


About the speakers:

Jon Villanti is the Chief Information Security Officer for Allegiance Bank, a 600-employee, $7.1-billion community bank headquartered in Houston. Jon is responsible for the strategic direction and alignment of the bank’s Information Security Program. He is a former instructor for the SANS Technical Institute, teaching courses on information security, cyber warfare and hacker tactics. Lieutenant Colonel Villanti (Ret) honorably served the United States Air Force for 29 years as a member of the Intelligence Community, F-16 pilot and Cyberspace Operations Officer. Jon holds a B.S. in Business Administration from the University of Vermont and a number of cybersecurity certifications.

Andres Ruz is Chief Information Security Officer at 5 Factor Technology and has over 20 years of global experience in IT and information security. He has an MBA in MIS, a Bachelor’s in computer science and eight certificates in information technology management and information security. He is the founder of the Houston Banking Information Sharing and Analysis Organization (ISAO), where he collaborates with leaders in this sector, helping each other to better protect their companies. He is also the part of the Board of Directors and Sector Chief for the Telecommunications Cross Sector Council (CSC) of the InfraGard with the FBI.

Defeating Ransomware: Security Controls That May Surprise You

NOW AVAILABLE ON-DEMAND

The 2022 SonicWall Cyber Threat Report revealed more than 20,000 Common Vulnerabilities and Exposures (CVEs) were published in 2021, the first time in history that the number of CVEs has passed the 20,000 mark. The most serious of these vulnerabilities, those scored above nine on the 10-point scale, become entry points for cybercriminals, and attackers are increasingly utilizing this means of entry to deploy ransomware and steal data. 

Watch now to hear our expert cover:
- Exploited threat vectors and what to look out for
- Critical zero-days used to wreak havoc on businesses and governments
- Actionable insights for you and your organization

The Year of Zero Days – Defending Against the Million Dollar Threat

Application Security for Billions: Lessons Learned from Securing Web Apps and APIs at Internet Scale

Whenever you hear people talking about web and application security, you’ll often learn about the latest way to make sure you’re not ingesting user supplied input the wrong way, or how to write secure code to prevent cross site scripting, etc. 

But, have you ever wondered what it’s like to secure business critical websites, and the ever-evolving growth of API’s and bespoke applications that are developed every day across thousands of websites in dozens of countries around the world?

In this webinar, Tony Lauro, Akamai’s Security Technology and Strategy Director, will cover:
- What defenders are doing at scale to defend the evolving threats targeting websites 
- Methods for cutting out the noise of benign, but annoying vulnerability verification requests
- Best practices for managing large scale security configurations
- Some of the ways that defenders are winning against these unimaginable odds, as well as how attackers are targeting these very same applications hoping to bypass security by obscuring their attack techniques

Lessons Learned from Securing Web Apps and APIs at Internet Scale

Tune into this webinar to discover the basics of threat intelligence and how to acquire it. We will also dive into cyber maturity -- what it means and how to best measure it -- as well as the five best steps to improve cyber resiliency. Attendees will also learn the dire consequences that come with deprioritizing cybersecurity in the organization so they can ensure they don't fall victim to a breach.
 
Audience takeaways:
•         The value of threat intelligence for organizational security.
•         Measuring your cyber maturity.
•         Steps to improve your cyber resilience.
•         Turn threat intelligence into business intelligence.

Life's a Breach: Understand Threat Intelligence, Cyber Maturity and Resiliency

During this exclusive fireside chat, moderated by Jo Peterson, Sonali Shah, will look to address the following topics:

- Are unsecure applications just plain easy targets maybe even easier than email?
- What are the top 3 application security challenges organizations face today?
- Why web applications will continue to be a main vector for external attacks 
- With Open source continuing to grow, what can organizations do to put themselves in a better position in 2023.

Fireside Chat with Invicti and Clarify360 on Application Security

The pandemic rapidly accelerated digital transformation for organizations around the world. Now that the pandemic is behind us, new risks and new threats have emerged in the wake of such rapid and uncontrolled change. This talk will cover what threats to expect for the rest of this year and early next and what can organizations do today to start to get ahead of what’s coming at them.

About the speaker:

John Bambenek is the President and Chief Forensic Examiner for Bambenek Consulting. He began his career 20 years ago at Ernst & Young as a Project Manager and Senior Consultant providing IT architecture services to top Fortune 500 Firms. He has worked in both the public and private sector providing consulting to financial services providers. He is a published author and has contributed to IT security courses and certification exams covering subjects such as penetration testing, reverse engineering malware, forensics and network security. He has participated in many incident investigations spanning the globe including the DNC breach and election-related hacking during the 2016 US Presidential campaign. He has appeared in as an expert in the New York Times, Washington Post and was once on The Daily Show with Jon Stewart.

The Post-Pandemic Threat Landscape

Customers tell the best stories. This is an adventure story set in the world of AppSec told by
GuidePoint Security’s rockstar AppSec customers like The Motley Fool + Insight Global. Their live talk will cover trending AppSec topics + peeking into the future. A genuine discussion about their triumphs + challenges they encounter every day working as an industry leader in Application Security.

You’ll get to know our remarkable AppSec customers through their comments around the
following thought-provoking topics + more:

• Shifting Left: How far left do you shift and what does that truly mean?
• Quality code is secure code. Why AppSec isn’t so special.
• The future of API protection

Spend an hour with our customers. We bet you’ll find a lot in common.

True Tales from AppSec Customers

Unlike monolithic applications of the past, where coding was all in the same language, an average cloud-native application can have anything from 50-5,000 different components. The problem is, any one of those could be rife with vulnerabilities that present an expanding attack surface. Although organizations use an abundance of AST tools to test their code, they all lack results correlation, and that missing piece distorts their view of their overall security risks.

Checkmarx recognizes the inefficiency of trying to manually correlate results from the many siloed testing solutions, and the deficiency of alternate solutions that merely aggregate results. It led us to develop Checkmarx Fusion to provide advanced correlation in modern application development environments.

In this webinar, join Stephen Gates, senior solution specialist, and Miki Sharon, senior product manager, Checkmarx, for a deep dive on Checkmarx Fusion and Checkmarx One AST Platform.

    Learn which AppSec testing approaches don’t fit well in modern development environments
    See the new functionality Checkmarx Fusion brings to the software development industry
    Understand the main use cases of Checkmarx Fusion and Checkmarx One and what’s included
    View live demonstrations of both solutions in action, performed by our subject matter experts
    After this webinar, you’ll fully understand why your AppSec testing approach is flawed.

Without Correlation, Your AppSec Testing Approach Needs an Update

Application Developers are increasing taking the “DevSecOps” ethos to heart. They are realizing that security is not just something that gets bolted onto apps or around networks. Instead, security needs to be built into the applications that they create. While many have turned to SAST solutions to identify vulnerabilities such as Log4Shell in Log4J, others rightfully wonder how to protect the code that they write themselves, code that – by definition – contains working examples of how to penetrate the security perimeter that their InfoSec colleagues have put in place.

This webinar shows:

* How threat actors reverse engineer applications
* How a “Protection Blueprint” secures applications
* What unobfuscated and disassembled machine code looks like to a threat actor
* How obfuscated machine code makes the threat actor’s job more difficult
* What anti-tamper measures do to prevent reverse engineering of applications

How to Build a Blueprint for Secure Software

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This silo-filled, tension-laced situation, coupled with short deadlines and pressure from management, often leads to stress, anxiety and less-than-ideal reactions from developers and security people alike. This session will explain how job insecurities can be brought out by IT leadership decisions, and how this can lead to real-life vulnerabilities in software. This is not a talk about “feelings;” this is a talk about creating programs, governance and policies that ensure security throughout the entire SDLC.

No more laying blame and pointing fingers, it’s time to put our egos aside and focus on building high-quality software that is secure. Application security expert Tanya Janca will explore the cause and effect of insecurities and other behavioral influencers and present several detailed and specific solutions that can be implemented at your own place of work, immediately.


About the speaker:

Tanya Janca, also known as SheHacksPurple, is the best-selling author of Alice and Bob Learn Application Security. She is the Director of Developer Relations and Community at Bright Security, as well as the founder of We Hack Purple, an online learning community that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over 25 years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and “securing all the things.” She is an award-winning public speaker, active blogger and streamer, and has delivered hundreds of talks on six continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.

Why Can't We Make Secure Software?

Every 39 seconds, someone in the world gets hit with a cyberattack. When this happens, backup remains the last line of defense to protect most applications and data. How vulnerable is your backup environment? Join this presentation to learn about comprehensive security measures every company needs in place to secure a clean, current backup so you can recover when hackers breach your back door. We will also share one company’s recent ransomware attack experience, including the impact of security measures and the lessons learned.

Talking points:

The three common threat pillars
Key areas for implementing comprehensive backup security
Back from the brink: case study of a customer cyberattack

Eliminate Ransomware Risks With the Right Backup Strategy

Malicious actors exploit human nature to get what they want.  Technology can help, but it is not going to stop everything. Once a malicious actor is in direct communication with someone in your organization, there is little that your technology can do. This talk covers the fundamental reasons for the necessity of a security awareness program in every organization and provides a model of what it should look like. 

Key takeaways include:

--The properties of a good security awareness program

--Security-aware policy

--The limits and value of technical solutions as they pertain to social engineering attacks


About the speaker:
Joseph Carrigan is a Software Engineer with over 17 years of software development experience in a broad range of fields including computer and software security, microcontroller development, data migration, data integration, data warehousing and network communication. He has a B.S. (’99) in Computer and Information Science from The University of Maryland, University College and an M.S. (’08) in Computer Science from Capitol College.

Social Engineering and Security Awareness

Attack surfaces are expanding, spurred on by the continuous release of new digital services and business transformation. In this session, you will learn why it’s time to implement an attack resistance management strategy to find unknown risks missed by automated tools, then unlock the security expertise of ethical hackers to identify critical gaps and prioritize fixes for your exploitable assets.

About the Speaker:
Sean Ryan is a Sr. Principal, Product Marketing Manager at HackerOne, where he helps organizations to identify the gaps in their security posture and improve their attack resistance. Prior to joining HackerOne, Sean worked for a prominent industry analyst firm covering identity security, and before that he led the market & competitive intelligence practice for a Fortune 500 IT infrastructure and security software provider.

Build Resistance to Attacks by Unlocking the Value of Ethical Hackers

Let’s take a moment to consider your Enterprise Security Program.  Is it healthy and functional?  Do you have the right people and processes?  How are you layering security controls to be most successful?  In this session we will discuss the components and management framework that result in a successful Enterprise Security Program.  You can expect to learn:

How do the most successful organizations structure their security controls?
What are the enterprise strongholds that attackers are actively exploiting?
What are some quick wins you can perform to get C-level buy in for furthering your Security Program?

Building a Robust Enterprise Security Program

Measuring the impact of security operations in reducing risk can be incredibly difficult. This challenge is compounded when poor metrics, that do not meaningfully reflect the work done by security teams, mask systemic problems. This is something we must get right to justify ever-growing investments in defensive teams, tools, and process. 

In this webinar, discover some commonly accepted security metrics that rarely tell a complete or compelling story and why they fall short. With that, attendees will learn better ways to identify high-quality metrics that tell a better (and more honest) story.
 
Attendees will leave the session with an understanding of:
• What makes a metric useful in defense operations;
• Commonly used security metrics and how they hide the truth; 
• An approach to picking compelling, comprehensive security metrics.

Your Security Metrics Are Lying (And What To Do About It)

Covid has seen the SME adopt technology at a fast and furious pace -- but at what cost? With this adoption comes an increase in cybersecurity risks. Cybercriminals have acquired newer and better techniques, but their SME targets have yet to recognize the need for an Enterprise Security Management framework to establish and sustain security for critical infrastructure.

Join BCyber’s Co-Founder & CEO Karen Stephens as she unlocks the mysteries of Enterprise Security Management in 2022 for the SME. Today, through the lens of an SME, you will gain an introductory understanding of:
• What Enterprise Security Management is;
• Why it is important; 
• Practical steps on how you can start your journey.

A Road Less Traveled: Learning the Value of SME Enterprise Security Management

Cyberattackers are not showing any signs of slowing down -- in fact, cyberattacks are worsening. Several factors are responsible for that with some being directly linked to the global pandemic – thanks, COVID! Infosec teams must change their security practices to address the challenges of today and the future. In this conversation among experts, you will gain insights to help you keep your organization secure in an evolving threat landscape. 

Learn how can you limit the impact of future ransomware and supply chain attacks, how you can differentiate cloud security solutions, and more.

Moderated by:
Melinda Marks, Senior Analyst, ESG

Featuring:
Matt Hathaway, Chief Strategy & Marketing Officer, TrueFort

Limiting the Impact of Future Ransomware Threats

Securing your network against bad actors requires visibility to detect and respond to the inevitable attacks on your organization. You can’t stop what you can’t see! The good news is you have the data you need in your network data. The bad news is that you may not be using that data to identify and mitigate cyberattacks. 

Join us in this webinar to learn the innovative ways that Advanced Network Detection and Response, based on scalable deep packet inspection from your network, will help your organization achieve comprehensive security protection with:

• Always on, real-time detection of network activity to halt attackers in their tracks

• Visibility into your dynamic attack surface and its traffic

• Lateral movement tracking of attack to respond and mitigate quickly

• Unlimited historical perspective of attack

Leverage Network Data To Minimize Your Cybersecurity Risk

Timely remediation: It’s critical to responding to active threats in an environment. Knowing when (and when not) to apply automation is equally important. Given the speed at which threat actors can progress through the attack lifecycle, configuring automated remediation steps can go a long way. Hear how Expel approaches incident response and puts auto-remediation into practice.

The steps to sensible auto-remediation

Threats like malware and denial-of-service attacks have been around since the earliest days of the internet, and the cybersecurity industry has created generations of threat detection and response tools to identify and remediate them. As security threats continue to evolve and advance, the tools to identify and stop them need to evolve as well.

This panel of security experts will explore how security teams can shift form using reactive to proactive measures, utilizing a host of emerging tools and technologies. Join us to learn about:

--Endpoint-focused technologies such as XDR
--AI's role in reshaping threat detection
--Threat detection and intelligence services
--Security observability tools that improve breach detection
--Using tools within a zero-trust framework to limit vulnerabilities

Panelists:
Steve Cobb, CISO at One Source Communications
Dave Stufflebeam, Principal Sales Engineer at Digital.ai

It's Time to Modernize Threat Detection

Threat detection has become an important consideration for entities of all sizes and verticals. What originally began as logging and security-centric alerting by point products has morphed into a multi-million dollar industry of threat detection and response solutions and services. Offerings are comprised of vendor-agnostic log collection, analytics and correlation capabilities, threat intelligence feeds, and other tools geared towards reducing mean time to detect and respond. 

In this session, we’ll review the evolution of log collection and discuss the major components of today’s detection services and solutions. Viewers who are debating whether to outsource their detection and investigation needs or build their own SOC teams and manage their own solution will come away with much food for thought.

Understand Threat Detection and Response Solutions and Services

Organisations have never been more connected or vulnerable. Threats evolve at rapid pace and cybersecurity has failed to keep up. 
Proactive and preventive cybersecurity measures have previously been little more than an aspiration. No more! Machine learning and artificial intelligence allows us to stop cyberthreats in their tracks.

Join Jonathan Jackson – Director Sales Engineering, from the BlackBerry Cybersecurity team in APAC to learn:
- The current cybersecurity trends 
- What’s changed?
- How you can apply prevention-first security to your own organisation to combat cyber threats.

It’s time to outsmart and outlast modern cyber threats.

The Evolution of Prevention-First Cybersecurity

Organizations face a constant barrage of cyber threats that could lead to business disruption, intellectual property theft, and reputation damage. But preventing such attacks has become increasingly challenging due to business factors like supporting the remote worker population, connecting IT to third-party partners, and developing new types of applications for digital transformation. 

How can CISOs balance the need for aggressive IT initiatives for business enablement while managing and mitigating cyber risk? ESG Senior Principal Analyst and Fellow, Jon Oltsik, will discuss best practices for cyber-threat and breach prevention that can protect and support the business.

Outwit Attackers with a Proactive Cybersecurity Plan

Combating Cyber Threats & Breach Prevention 2022

Once considered an afterthought in software design, in today's cloud-native, app-centric world, application security must be top of mind. Widespread applications usage over distributed and public networks invites a variety of potential threats. Frequent testing and adherence to application security best practices can limit the possibility of unauthorized code being used to steal, share or modify sensitive user information.

This panel of experts will discuss the importance of a comprehensive application security program that incorporates best practices, threat identification and security testing.

Join us to learn about:

--Potential application threats
--Program requirements for app security
--Implementing app security standards
--Using DevSecOps initiatives to improve security
--Application security testing methods

Moderator:
Jo Peterson VP, Cloud & Security Services at Clarify360 

Panelists:
Stan Lowe, CISO of Synchronoss Technologies
Matt Decapua, Application Security Architect for Travel + Leisure
Daniel Shugrue, Lead Product Marketer at Digital.ai

Update Your Application Security Strategy

IT Security

Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Update Your Application Security Strategy

Presented by

About this talk

Information Security