All Articles

Embedded Systems Security: Building a More Secure Device

Here's an overview of the presentation: What are common embedded systems?; What issues do they face?; Recommendations for securing embedded systems

Speakers

Randall Brooks ( @randallsbrooks )

Transforming Security: Containers, Virtualization and Softwarization

This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally

Estimating Development Security Maturity in About an Hour

The session describes a simple method of estimating a development team’s security maturity, i.e. how well they make a secure software product, by looking at five key factors. The factors and

Understanding the “Why” in Enterprise Application Security Strategy

The Hershey Company initiated a strategic initiative to identify all of the truly critical IT assets that enable the company’s continued success. The evaluation confirmed the import

DevSecOps in Baby Steps

Here's an overview of the presentation: Getting to DevOps; DevOps to DevSecOps; Planning your Epics & Sprints; Use Cases & Example

Speakers 

Hart Rossman ( @HartDanger )

Detailed Presentation:

Open-Source Security Management and Vulnerability Impact Assessment

Re-usage of Open Source Software (OSS) has increased in commercial software development by orders of magnitude. This presentation will show how OSS vulnerabilities can be managed at

Agile Security—Field of Dreams

PayPal started its Waterfall to Agile transformation journey two years ago. That meant that the software security program had to morph as well. The Field of Dreams question of “if you build it, will they come?” was no

Introducing a Security Program to Large Scale Legacy Products

A discussion of the real-world work and challenges to introduce and maintain a comprehensive security program to a large and complex set of legacy storage products. This includes developi

Embedded Systems Security: Building a More Secure Device

Here's an overview of the presentation: What are common embedded systems?; What issues do they face?; Recommendations for securing embedded systems

Speakers

Randall Brooks ( @randallsbrooks )

IOCs Are Dead—Long Live IOCs!

Indicators of Compromise were meant to solve the failures of signature-based detection tools. Yet today’s array of IOC standards, feeds and products haven’t impeded attackers, and most intel is shared in flat lists of h

Bridging the Gap Between Threat Intelligence and Risk Management

Here's an overview of the presentation: Bridging Risk & IR in Verizon's DBIR; Building Understanding; Finding Common Ground; Bridging the Gap; Crossing the Divide

Speakers

Wade Baker

STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015

Amid privacy concerns and after a decade-long battle, the U.S. Cybersecurity Information Sharing Act (CISA) of 2015 was passed. Critics claim CISA is a surveillance bill

Dreaming of IoCs Adding Time Context to Threat Intelligence

Find an interesting Intelligence Framework followed by a good undertanding of logstash & logstash filtering, tardis, kibana reporting etc.

Speakers

Travis Smith ( @MrTrav )

Detailed Pres

The Measure of Success:Security Metrics to Tell Your Story

Information Security as a problem is rather complex and it gets more difficult in terms of quantification. This presentation helps us with some metrics that will help us make security more u

The Newest Element of Risk Metrics: Social Media

In order to identify, measure and track the risk exposure that different elements of social media have on an organization, organizations require a threat metric framework to evaluate a network’s curre

Building an Effective Supply Chain Security Program

We’ve realized that the supply chain in most organizations is a potential weak spot for security controls and awareness. The time has come to shore up our approaches to supply chain management, inc

Bridging the Gap Between Threat Intelligence and Risk Management

Here's an overview of the presentation: Bridging Risk & IR in Verizon's DBIR; Building Understanding; Finding Common Ground; Bridging the Gap; Crossing the Divide

Speakers

Wade Baker 

Integrating Cybersecurity into Supply Chain Risk Management

Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This

Are You Thinking about IT Outsourcing? Top Reasons, Risks and Rewards

There is more to outsourcing than just the bottom line and running lean. Any organization embarking on this journey needs to (1) clearly identify and articulate the compelling nar

Adjusting Your Security Controls: It’s the New Normal

Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time