�ݺ�ߣshows by User: centralohioissa

�ݺ�ߣshows by User: centralohioissa / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: centralohioissa / Tue, 19 Apr 2016 23:21:06 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: centralohioissa Mike Spaulding - Building an Application Security Program /slideshow/mike-spaulding-building-an-application-security-program/61117952 spauldingmike-buildinganappsecteamextendedcut-160419232107
Application Security in many organizations is a simply a 'wish list' item, but with some staff and some training, AppSec can be a reality, even for a small organization. This talk will discuss the best practices, strategies and tactics, and resource planning to build an internal AppSec function - enterprise to 'mom & pop' operations will all benefit from this talk.]]>
Application Security in many organizations is a simply a 'wish list' item, but with some staff and some training, AppSec can be a reality, even for a small organization. This talk will discuss the best practices, strategies and tactics, and resource planning to build an internal AppSec function - enterprise to 'mom & pop' operations will all benefit from this talk.]]> Tue, 19 Apr 2016 23:21:06 GMT /slideshow/mike-spaulding-building-an-application-security-program/61117952 centralohioissa@slideshare.net(centralohioissa) Mike Spaulding - Building an Application Security Program centralohioissa Application Security in many organizations is a simply a 'wish list' item, but with some staff and some training, AppSec can be a reality, even for a small organization. This talk will discuss the best practices, strategies and tactics, and resource planning to build an internal AppSec function - enterprise to 'mom & pop' operations will all benefit from this talk. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/spauldingmike-buildinganappsecteamextendedcut-160419232107-thumbnail.jpg?width=120&height=120&fit=bounds" /> Application Security in many organizations is a simply a 'wish list' item, but with some staff and some training, AppSec can be a reality, even for a small organization. This talk will discuss the best practices, strategies and tactics, and resource planning to build an internal AppSec function - enterprise to 'mom & pop' operations will all benefit from this talk.

Mike Spaulding - Building an Application Security Program from centralohioissa

]]> 1088 7 https://cdn.slidesharecdn.com/ss_thumbnails/spauldingmike-buildinganappsecteamextendedcut-160419232107-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Jake Williams - Navigating the FDA Recommendations on Medical Device Security - and how they will shape the future of all IoT /slideshow/jake-williams-navigating-the-fda-recommendations-on-medical-device-security-and-how-they-will-shape-the-future-of-all-iot/61101948 williamsjake-coissa-fda-iot-ebm-160419155826
In January, the FDA has draft recommendations for medical device security after the sale. Among other things, the recommendations tell manufacturers how to evaluate security risks, how to build a program for coordinated vulnerability disclosure program, and how to intake vulnerability reports from researchers. While the security of medical devices is especially important given the potential consequences, we can learn from the FDA recommendations regardless of our industry. Any recommendations adopted by the FDA for medical devices are likely to be implemented across other verticals for their IoT devices as well. Whether you manufacture, purchase, integrate, implement, or generally try to run away from IoT devices, there’s plenty to take away from this session while learning about the future of IoT device security.]]>
In January, the FDA has draft recommendations for medical device security after the sale. Among other things, the recommendations tell manufacturers how to evaluate security risks, how to build a program for coordinated vulnerability disclosure program, and how to intake vulnerability reports from researchers. While the security of medical devices is especially important given the potential consequences, we can learn from the FDA recommendations regardless of our industry. Any recommendations adopted by the FDA for medical devices are likely to be implemented across other verticals for their IoT devices as well. Whether you manufacture, purchase, integrate, implement, or generally try to run away from IoT devices, there’s plenty to take away from this session while learning about the future of IoT device security.]]> Tue, 19 Apr 2016 15:58:26 GMT /slideshow/jake-williams-navigating-the-fda-recommendations-on-medical-device-security-and-how-they-will-shape-the-future-of-all-iot/61101948 centralohioissa@slideshare.net(centralohioissa) Jake Williams - Navigating the FDA Recommendations on Medical Device Security - and how they will shape the future of all IoT centralohioissa In January, the FDA has draft recommendations for medical device security after the sale. Among other things, the recommendations tell manufacturers how to evaluate security risks, how to build a program for coordinated vulnerability disclosure program, and how to intake vulnerability reports from researchers. While the security of medical devices is especially important given the potential consequences, we can learn from the FDA recommendations regardless of our industry. Any recommendations adopted by the FDA for medical devices are likely to be implemented across other verticals for their IoT devices as well. Whether you manufacture, purchase, integrate, implement, or generally try to run away from IoT devices, there’s plenty to take away from this session while learning about the future of IoT device security. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/williamsjake-coissa-fda-iot-ebm-160419155826-thumbnail.jpg?width=120&height=120&fit=bounds" /> In January, the FDA has draft recommendations for medical device security after the sale. Among other things, the recommendations tell manufacturers how to evaluate security risks, how to build a program for coordinated vulnerability disclosure program, and how to intake vulnerability reports from researchers. While the security of medical devices is especially important given the potential consequences, we can learn from the FDA recommendations regardless of our industry. Any recommendations adopted by the FDA for medical devices are likely to be implemented across other verticals for their IoT devices as well. Whether you manufacture, purchase, integrate, implement, or generally try to run away from IoT devices, there’s plenty to take away from this session while learning about the future of IoT device security.

Jake Williams - Navigating the FDA Recommendations on Medical Device Security - and how they will shape the future of all IoT from centralohioissa

]]> 1259 6 https://cdn.slidesharecdn.com/ss_thumbnails/williamsjake-coissa-fda-iot-ebm-160419155826-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Bob West - Educating the Board of Directors /slideshow/bob-west-educating-the-board-of-directors/61101932 westbob-centralohioissa160317-160419155813
Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.]]>
Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.]]> Tue, 19 Apr 2016 15:58:13 GMT /slideshow/bob-west-educating-the-board-of-directors/61101932 centralohioissa@slideshare.net(centralohioissa) Bob West - Educating the Board of Directors centralohioissa Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/westbob-centralohioissa160317-160419155813-thumbnail.jpg?width=120&height=120&fit=bounds" /> Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.

Bob West - Educating the Board of Directors from centralohioissa

]]> 956 4 https://cdn.slidesharecdn.com/ss_thumbnails/westbob-centralohioissa160317-160419155813-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity /slideshow/mark-villinski-top-10-tips-for-educating-employees-about-cybersecurity/61101800 villinskimark-centralohioissaconferencemarch2016-160419155539
Corporate cybercrime is usually blamed on outsiders, but sometimes, your employees can represent the biggest threat to your organization’s IT security. In this presentation, Kaspersky Lab’s Mark Villinski, will provide practical advice for educating your employees about cybersecurity. Attend to learn: • How to create efficient and effective security policies • Overview and statistics of the current threat landscape • The importance of keeping your employees updated about the latest threats and scams • Security solutions that can help keep your systems updated and protected]]>
Corporate cybercrime is usually blamed on outsiders, but sometimes, your employees can represent the biggest threat to your organization’s IT security. In this presentation, Kaspersky Lab’s Mark Villinski, will provide practical advice for educating your employees about cybersecurity. Attend to learn: • How to create efficient and effective security policies • Overview and statistics of the current threat landscape • The importance of keeping your employees updated about the latest threats and scams • Security solutions that can help keep your systems updated and protected]]> Tue, 19 Apr 2016 15:55:39 GMT /slideshow/mark-villinski-top-10-tips-for-educating-employees-about-cybersecurity/61101800 centralohioissa@slideshare.net(centralohioissa) Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity centralohioissa Corporate cybercrime is usually blamed on outsiders, but sometimes, your employees can represent the biggest threat to your organization’s IT security. In this presentation, Kaspersky Lab’s Mark Villinski, will provide practical advice for educating your employees about cybersecurity. Attend to learn: • How to create efficient and effective security policies • Overview and statistics of the current threat landscape • The importance of keeping your employees updated about the latest threats and scams • Security solutions that can help keep your systems updated and protected <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/villinskimark-centralohioissaconferencemarch2016-160419155539-thumbnail.jpg?width=120&height=120&fit=bounds" /> Corporate cybercrime is usually blamed on outsiders, but sometimes, your employees can represent the biggest threat to your organization’s IT security. In this presentation, Kaspersky Lab’s Mark Villinski, will provide practical advice for educating your employees about cybersecurity. Attend to learn: • How to create efficient and effective security policies • Overview and statistics of the current threat landscape • The importance of keeping your employees updated about the latest threats and scams • Security solutions that can help keep your systems updated and protected

Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity from centralohioissa

]]> 849 9 https://cdn.slidesharecdn.com/ss_thumbnails/villinskimark-centralohioissaconferencemarch2016-160419155539-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems /centralohioissa/valerie-thomas-all-your-door-belong-to-me-attacking-physical-access-systems valeriethomasissacmh-final-160419155125
Attacking Physical Access Systems]]>
Attacking Physical Access Systems]]> Tue, 19 Apr 2016 15:51:24 GMT /centralohioissa/valerie-thomas-all-your-door-belong-to-me-attacking-physical-access-systems centralohioissa@slideshare.net(centralohioissa) Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems centralohioissa Attacking Physical Access Systems <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/valeriethomasissacmh-final-160419155125-thumbnail.jpg?width=120&height=120&fit=bounds" /> Attacking Physical Access Systems

Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems from centralohioissa

]]> 2225 9 https://cdn.slidesharecdn.com/ss_thumbnails/valeriethomasissacmh-final-160419155125-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016 /slideshow/dino-tsibouris-mehmet-munur-legal-perspective-on-data-security-for-2016/61101516 tsibourisprivacyanddatasecuritypresentation20160330-160419155006
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.]]>
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.]]> Tue, 19 Apr 2016 15:50:06 GMT /slideshow/dino-tsibouris-mehmet-munur-legal-perspective-on-data-security-for-2016/61101516 centralohioissa@slideshare.net(centralohioissa) Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016 centralohioissa Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/tsibourisprivacyanddatasecuritypresentation20160330-160419155006-thumbnail.jpg?width=120&height=120&fit=bounds" /> Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.

Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016 from centralohioissa

]]> 647 6 https://cdn.slidesharecdn.com/ss_thumbnails/tsibourisprivacyanddatasecuritypresentation20160330-160419155006-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Jeffrey Sweet - Third Party Risk Governance - Why? and How? /slideshow/jeffrey-sweet-third-party-risk-governance-why-and-how/61101465 sweet-thirdpartyriskgovernancecentralohioissav2-160419154910
In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts.]]>
In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts.]]> Tue, 19 Apr 2016 15:49:10 GMT /slideshow/jeffrey-sweet-third-party-risk-governance-why-and-how/61101465 centralohioissa@slideshare.net(centralohioissa) Jeffrey Sweet - Third Party Risk Governance - Why? and How? centralohioissa In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sweet-thirdpartyriskgovernancecentralohioissav2-160419154910-thumbnail.jpg?width=120&height=120&fit=bounds" /> In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts.

Jeffrey Sweet - Third Party Risk Governance - Why? and How? from centralohioissa

]]> 791 5 https://cdn.slidesharecdn.com/ss_thumbnails/sweet-thirdpartyriskgovernancecentralohioissav2-160419154910-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Controls You Want) One approach to reduce risk /slideshow/steven-keil-byodawscyw-bring-your-own-device-and-whatever-security-controls-you-want-one-approach-to-reduce-risk/61101212 stevenkeilbyodwyoscpresentationkeil-160419154410
A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization.]]>
A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization.]]> Tue, 19 Apr 2016 15:44:10 GMT /slideshow/steven-keil-byodawscyw-bring-your-own-device-and-whatever-security-controls-you-want-one-approach-to-reduce-risk/61101212 centralohioissa@slideshare.net(centralohioissa) Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Controls You Want) One approach to reduce risk centralohioissa A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/stevenkeilbyodwyoscpresentationkeil-160419154410-thumbnail.jpg?width=120&height=120&fit=bounds" /> A method to define minimum controls, policies, and procedures to apply to devices not controlled by the organization.

Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Controls You Want) One approach to reduce risk from centralohioissa

]]> 914 6 https://cdn.slidesharecdn.com/ss_thumbnails/stevenkeilbyodwyoscpresentationkeil-160419154410-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Tre Smith - From Decision to Implementation: Who's On First? /slideshow/tre-smith-from-decision-to-implementation-whos-on-first/61065620 smithtre-riskmanagementfinal-160418223349
This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?”]]>
This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?”]]> Mon, 18 Apr 2016 22:33:49 GMT /slideshow/tre-smith-from-decision-to-implementation-whos-on-first/61065620 centralohioissa@slideshare.net(centralohioissa) Tre Smith - From Decision to Implementation: Who's On First? centralohioissa This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?” <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/smithtre-riskmanagementfinal-160418223349-thumbnail.jpg?width=120&height=120&fit=bounds" /> This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?”

Tre Smith - From Decision to Implementation: Who's On First? from centralohioissa

]]> 812 4 https://cdn.slidesharecdn.com/ss_thumbnails/smithtre-riskmanagementfinal-160418223349-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War /slideshow/gary-sheehan-winning-a-battle-doesnt-mean-we-are-winning-the-war/61065488 sheehangary-arewewinningcentralohioinfosec1-160418222811
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?]]>
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?]]> Mon, 18 Apr 2016 22:28:11 GMT /slideshow/gary-sheehan-winning-a-battle-doesnt-mean-we-are-winning-the-war/61065488 centralohioissa@slideshare.net(centralohioissa) Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War centralohioissa In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war? <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sheehangary-arewewinningcentralohioinfosec1-160418222811-thumbnail.jpg?width=120&height=120&fit=bounds" /> In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?

Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War from centralohioissa

]]> 777 5 https://cdn.slidesharecdn.com/ss_thumbnails/sheehangary-arewewinningcentralohioinfosec1-160418222811-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Sean Whalen - How to Hack a Hospital /slideshow/sean-whalen-how-to-hack-a-hospital/61065478 seanwhalenhowhackahospital-160418222737
By 2014, medical facilities nationwide implemented Electronic Health Records (EHR) as mandated by congress. Today, most of these systems are still using shared kiosk Windows accounts. This talk explores the risks of shared accounts, and alternatives that can provide much greater security and accountability, while maintaining ease of access.]]>
By 2014, medical facilities nationwide implemented Electronic Health Records (EHR) as mandated by congress. Today, most of these systems are still using shared kiosk Windows accounts. This talk explores the risks of shared accounts, and alternatives that can provide much greater security and accountability, while maintaining ease of access.]]> Mon, 18 Apr 2016 22:27:37 GMT /slideshow/sean-whalen-how-to-hack-a-hospital/61065478 centralohioissa@slideshare.net(centralohioissa) Sean Whalen - How to Hack a Hospital centralohioissa By 2014, medical facilities nationwide implemented Electronic Health Records (EHR) as mandated by congress. Today, most of these systems are still using shared kiosk Windows accounts. This talk explores the risks of shared accounts, and alternatives that can provide much greater security and accountability, while maintaining ease of access. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/seanwhalenhowhackahospital-160418222737-thumbnail.jpg?width=120&height=120&fit=bounds" /> By 2014, medical facilities nationwide implemented Electronic Health Records (EHR) as mandated by congress. Today, most of these systems are still using shared kiosk Windows accounts. This talk explores the risks of shared accounts, and alternatives that can provide much greater security and accountability, while maintaining ease of access.

Sean Whalen - How to Hack a Hospital from centralohioissa

]]> 679 4 https://cdn.slidesharecdn.com/ss_thumbnails/seanwhalenhowhackahospital-160418222737-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Robert Hurlbut - Threat Modeling for Secure Software Design /slideshow/robert-hurlbut-threat-modeling-for-secure-software-design/61065468 robert-hurlbut-centralohinfosecsummit-threat-modeling-for-securesoftwaredesign-03292016-160418222723
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.]]>
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.]]> Mon, 18 Apr 2016 22:27:23 GMT /slideshow/robert-hurlbut-threat-modeling-for-secure-software-design/61065468 centralohioissa@slideshare.net(centralohioissa) Robert Hurlbut - Threat Modeling for Secure Software Design centralohioissa Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/robert-hurlbut-centralohinfosecsummit-threat-modeling-for-securesoftwaredesign-03292016-160418222723-thumbnail.jpg?width=120&height=120&fit=bounds" /> Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.

Robert Hurlbut - Threat Modeling for Secure Software Design from centralohioissa

]]> 1359 8 https://cdn.slidesharecdn.com/ss_thumbnails/robert-hurlbut-centralohinfosecsummit-threat-modeling-for-securesoftwaredesign-03292016-160418222723-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad that it can't get worse" /centralohioissa/harry-regan-disaster-recovery-and-business-continuity-its-never-so-bad-that-it-cant-get-worse reganharry-itsneversobadv4-160418222700
Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray. This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.]]>
Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray. This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.]]> Mon, 18 Apr 2016 22:27:00 GMT /centralohioissa/harry-regan-disaster-recovery-and-business-continuity-its-never-so-bad-that-it-cant-get-worse centralohioissa@slideshare.net(centralohioissa) Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad that it can't get worse" centralohioissa Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray. This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/reganharry-itsneversobadv4-160418222700-thumbnail.jpg?width=120&height=120&fit=bounds" /> Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray. This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.

Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad that it can't get worse" from centralohioissa

]]> 702 15 https://cdn.slidesharecdn.com/ss_thumbnails/reganharry-itsneversobadv4-160418222700-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Rafeeq Rehman - Breaking the Phishing Attack Chain /slideshow/rafeeq-rehman-breaking-the-phishing-attack-chain/61065452 rafeeqrehmanbreakingphishingchainissasubmitted-160418222638
Many security research reports show that phishing is significant contributing factor to data breaches. Verizon data breach investigations report (DBIR) shows that attackers used phishing as their entry point in two third of the security incidents, especially in cyber espionage category. Although the phenomenon of phishing is nothing new, the attackers are enhancing their techniques and using phishing more effectively. The good news is that understanding the phishing attack chain helps in stopping these attacks, break the phishing chain, and avert a data breach. This session is to understand different phases of phishing attacks and developing a comprehensive strategy to manage risk associated with these attacks.]]>
Many security research reports show that phishing is significant contributing factor to data breaches. Verizon data breach investigations report (DBIR) shows that attackers used phishing as their entry point in two third of the security incidents, especially in cyber espionage category. Although the phenomenon of phishing is nothing new, the attackers are enhancing their techniques and using phishing more effectively. The good news is that understanding the phishing attack chain helps in stopping these attacks, break the phishing chain, and avert a data breach. This session is to understand different phases of phishing attacks and developing a comprehensive strategy to manage risk associated with these attacks.]]> Mon, 18 Apr 2016 22:26:38 GMT /slideshow/rafeeq-rehman-breaking-the-phishing-attack-chain/61065452 centralohioissa@slideshare.net(centralohioissa) Rafeeq Rehman - Breaking the Phishing Attack Chain centralohioissa Many security research reports show that phishing is significant contributing factor to data breaches. Verizon data breach investigations report (DBIR) shows that attackers used phishing as their entry point in two third of the security incidents, especially in cyber espionage category. Although the phenomenon of phishing is nothing new, the attackers are enhancing their techniques and using phishing more effectively. The good news is that understanding the phishing attack chain helps in stopping these attacks, break the phishing chain, and avert a data breach. This session is to understand different phases of phishing attacks and developing a comprehensive strategy to manage risk associated with these attacks. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/rafeeqrehmanbreakingphishingchainissasubmitted-160418222638-thumbnail.jpg?width=120&height=120&fit=bounds" /> Many security research reports show that phishing is significant contributing factor to data breaches. Verizon data breach investigations report (DBIR) shows that attackers used phishing as their entry point in two third of the security incidents, especially in cyber espionage category. Although the phenomenon of phishing is nothing new, the attackers are enhancing their techniques and using phishing more effectively. The good news is that understanding the phishing attack chain helps in stopping these attacks, break the phishing chain, and avert a data breach. This session is to understand different phases of phishing attacks and developing a comprehensive strategy to manage risk associated with these attacks.

Rafeeq Rehman - Breaking the Phishing Attack Chain from centralohioissa

]]> 845 4 https://cdn.slidesharecdn.com/ss_thumbnails/rafeeqrehmanbreakingphishingchainissasubmitted-160418222638-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN /slideshow/oliver-schuermann-integrated-software-in-networking-the-mystery-of-sdn/61065446 oliverschuermannissasdsnpresentation1-160418222630
For the past several years, software-defined networking (SDN) has been a popular buzz word in the networking industry. In many ways, networking has always been defined by software. Software is pervasive within all of the technology that impacts our lives and networking is no different. However, networks have been constrained by the way software has been configured, delivered and managed—literally within a box, updated monolithically, managed through command lines that are reminiscent to the days of minicomputers and DOS in the 1980’s. Well, almost.]]>
For the past several years, software-defined networking (SDN) has been a popular buzz word in the networking industry. In many ways, networking has always been defined by software. Software is pervasive within all of the technology that impacts our lives and networking is no different. However, networks have been constrained by the way software has been configured, delivered and managed—literally within a box, updated monolithically, managed through command lines that are reminiscent to the days of minicomputers and DOS in the 1980’s. Well, almost.]]> Mon, 18 Apr 2016 22:26:30 GMT /slideshow/oliver-schuermann-integrated-software-in-networking-the-mystery-of-sdn/61065446 centralohioissa@slideshare.net(centralohioissa) Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN centralohioissa For the past several years, software-defined networking (SDN) has been a popular buzz word in the networking industry. In many ways, networking has always been defined by software. Software is pervasive within all of the technology that impacts our lives and networking is no different. However, networks have been constrained by the way software has been configured, delivered and managed—literally within a box, updated monolithically, managed through command lines that are reminiscent to the days of minicomputers and DOS in the 1980’s. Well, almost. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/oliverschuermannissasdsnpresentation1-160418222630-thumbnail.jpg?width=120&height=120&fit=bounds" /> For the past several years, software-defined networking (SDN) has been a popular buzz word in the networking industry. In many ways, networking has always been defined by software. Software is pervasive within all of the technology that impacts our lives and networking is no different. However, networks have been constrained by the way software has been configured, delivered and managed—literally within a box, updated monolithically, managed through command lines that are reminiscent to the days of minicomputers and DOS in the 1980’s. Well, almost.

Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN from centralohioissa

]]> 960 4 https://cdn.slidesharecdn.com/ss_thumbnails/oliverschuermannissasdsnpresentation1-160418222630-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Jack Nichelson - Information Security Metrics - Practical Security Metrics /slideshow/jack-nichelson-information-security-metrics-practical-security-metrics/61065440 nichelsonjack-informationsecuritymetrics-practicalstepstosecuritymeasurement-160418222609
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.]]>
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.]]> Mon, 18 Apr 2016 22:26:09 GMT /slideshow/jack-nichelson-information-security-metrics-practical-security-metrics/61065440 centralohioissa@slideshare.net(centralohioissa) Jack Nichelson - Information Security Metrics - Practical Security Metrics centralohioissa So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/nichelsonjack-informationsecuritymetrics-practicalstepstosecuritymeasurement-160418222609-thumbnail.jpg?width=120&height=120&fit=bounds" /> So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.

Jack Nichelson - Information Security Metrics - Practical Security Metrics from centralohioissa

]]> 1286 7 https://cdn.slidesharecdn.com/ss_thumbnails/nichelsonjack-informationsecuritymetrics-practicalstepstosecuritymeasurement-160418222609-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure /slideshow/michael-woolard-gamify-awareness-training-failure-to-engage-is-failure-to-secure/61065396 michaelwoolardwoolard-engagingsecurityawareness-160418222349
We call it security awareness training, but all we ever give our employees is regurgitated knowledge. Their passwords suck, public wifi is bad, and email is deceiving. Mix in some yearly reviews of policies and procedures and you have the perfect recipe for an employee who stopped listening hours ago. You don't truly learn something until you understand "why" and that comes when employees are engaged and motivated. This is my take on how to engage through gaming and why it works.]]>
We call it security awareness training, but all we ever give our employees is regurgitated knowledge. Their passwords suck, public wifi is bad, and email is deceiving. Mix in some yearly reviews of policies and procedures and you have the perfect recipe for an employee who stopped listening hours ago. You don't truly learn something until you understand "why" and that comes when employees are engaged and motivated. This is my take on how to engage through gaming and why it works.]]> Mon, 18 Apr 2016 22:23:49 GMT /slideshow/michael-woolard-gamify-awareness-training-failure-to-engage-is-failure-to-secure/61065396 centralohioissa@slideshare.net(centralohioissa) Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure centralohioissa We call it security awareness training, but all we ever give our employees is regurgitated knowledge. Their passwords suck, public wifi is bad, and email is deceiving. Mix in some yearly reviews of policies and procedures and you have the perfect recipe for an employee who stopped listening hours ago. You don't truly learn something until you understand "why" and that comes when employees are engaged and motivated. This is my take on how to engage through gaming and why it works. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/michaelwoolardwoolard-engagingsecurityawareness-160418222349-thumbnail.jpg?width=120&height=120&fit=bounds" /> We call it security awareness training, but all we ever give our employees is regurgitated knowledge. Their passwords suck, public wifi is bad, and email is deceiving. Mix in some yearly reviews of policies and procedures and you have the perfect recipe for an employee who stopped listening hours ago. You don't truly learn something until you understand "why" and that comes when employees are engaged and motivated. This is my take on how to engage through gaming and why it works.

Michael Woolard - Gamify Awareness Training: Failure to engage is failure to secure from centralohioissa

]]> 801 4 https://cdn.slidesharecdn.com/ss_thumbnails/michaelwoolardwoolard-engagingsecurityawareness-160418222349-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Ruben Melendez - Economically Justifying IT Security Initiatives /slideshow/ruben-melendez-economically-justifying-it-security-initiatives/61065316 melendezruben-enteprisevaluecreationanditsecurity0-160418222030
IT Security Initiatives create strategic and operational value to all enterprises; however, many IT professionals do not know how to economically quantify and forecast the benefits of IT security. Additionally, the new digital business ecosystem is resulting in rapid business cycles, which require faster speed and agility in all IT areas and IT services. The new ecosystem, largely caused by the Internet-of-Things, mobility and the Cloud, create a challenge for selecting and prioritizing IT security tools and projects. This session will present an overview of principles, models, trends and best practices, which can have been adopted by individuals and organizations to get right IT security initiatives approved.]]>
IT Security Initiatives create strategic and operational value to all enterprises; however, many IT professionals do not know how to economically quantify and forecast the benefits of IT security. Additionally, the new digital business ecosystem is resulting in rapid business cycles, which require faster speed and agility in all IT areas and IT services. The new ecosystem, largely caused by the Internet-of-Things, mobility and the Cloud, create a challenge for selecting and prioritizing IT security tools and projects. This session will present an overview of principles, models, trends and best practices, which can have been adopted by individuals and organizations to get right IT security initiatives approved.]]> Mon, 18 Apr 2016 22:20:30 GMT /slideshow/ruben-melendez-economically-justifying-it-security-initiatives/61065316 centralohioissa@slideshare.net(centralohioissa) Ruben Melendez - Economically Justifying IT Security Initiatives centralohioissa IT Security Initiatives create strategic and operational value to all enterprises; however, many IT professionals do not know how to economically quantify and forecast the benefits of IT security. Additionally, the new digital business ecosystem is resulting in rapid business cycles, which require faster speed and agility in all IT areas and IT services. The new ecosystem, largely caused by the Internet-of-Things, mobility and the Cloud, create a challenge for selecting and prioritizing IT security tools and projects. This session will present an overview of principles, models, trends and best practices, which can have been adopted by individuals and organizations to get right IT security initiatives approved. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/melendezruben-enteprisevaluecreationanditsecurity0-160418222030-thumbnail.jpg?width=120&height=120&fit=bounds" /> IT Security Initiatives create strategic and operational value to all enterprises; however, many IT professionals do not know how to economically quantify and forecast the benefits of IT security. Additionally, the new digital business ecosystem is resulting in rapid business cycles, which require faster speed and agility in all IT areas and IT services. The new ecosystem, largely caused by the Internet-of-Things, mobility and the Cloud, create a challenge for selecting and prioritizing IT security tools and projects. This session will present an overview of principles, models, trends and best practices, which can have been adopted by individuals and organizations to get right IT security initiatives approved.

Ruben Melendez - Economically Justifying IT Security Initiatives from centralohioissa

]]> 830 5 https://cdn.slidesharecdn.com/ss_thumbnails/melendezruben-enteprisevaluecreationanditsecurity0-160418222030-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Ed McCabe - Putting the Intelligence back in Threat Intelligence /slideshow/ed-mccabe-putting-the-intelligence-back-in-threat-intelligence/61065315 mccabeed-puttingtheintelligencebackinthreatintelv1-160418222029
What is Threat Intelligence? It's more than raw source feeds and technical information. If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence. We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.]]>
What is Threat Intelligence? It's more than raw source feeds and technical information. If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence. We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.]]> Mon, 18 Apr 2016 22:20:28 GMT /slideshow/ed-mccabe-putting-the-intelligence-back-in-threat-intelligence/61065315 centralohioissa@slideshare.net(centralohioissa) Ed McCabe - Putting the Intelligence back in Threat Intelligence centralohioissa What is Threat Intelligence? It's more than raw source feeds and technical information. If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence. We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/mccabeed-puttingtheintelligencebackinthreatintelv1-160418222029-thumbnail.jpg?width=120&height=120&fit=bounds" /> What is Threat Intelligence? It's more than raw source feeds and technical information. If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence. We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.

Ed McCabe - Putting the Intelligence back in Threat Intelligence from centralohioissa

]]> 1294 6 https://cdn.slidesharecdn.com/ss_thumbnails/mccabeed-puttingtheintelligencebackinthreatintelv1-160418222029-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Ofer Maor - Security Automation in the SDLC - Real World Cases /slideshow/ofer-maor-security-automation-in-the-sdlc-real-world-cases/61065203 maorofer-agilesec-ohiosummit-160418221633
How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.]]>
How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.]]> Mon, 18 Apr 2016 22:16:32 GMT /slideshow/ofer-maor-security-automation-in-the-sdlc-real-world-cases/61065203 centralohioissa@slideshare.net(centralohioissa) Ofer Maor - Security Automation in the SDLC - Real World Cases centralohioissa How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/maorofer-agilesec-ohiosummit-160418221633-thumbnail.jpg?width=120&height=120&fit=bounds" /> How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.

Ofer Maor - Security Automation in the SDLC - Real World Cases from centralohioissa

]]> 675 4 https://cdn.slidesharecdn.com/ss_thumbnails/maorofer-agilesec-ohiosummit-160418221633-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://public.slidesharecdn.com/v2/images/profile-picture.png https://cdn.slidesharecdn.com/ss_thumbnails/spauldingmike-buildinganappsecteamextendedcut-160419232107-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/mike-spaulding-building-an-application-security-program/61117952 Mike Spaulding - Build... https://cdn.slidesharecdn.com/ss_thumbnails/williamsjake-coissa-fda-iot-ebm-160419155826-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/jake-williams-navigating-the-fda-recommendations-on-medical-device-security-and-how-they-will-shape-the-future-of-all-iot/61101948 Jake Williams - Naviga... https://cdn.slidesharecdn.com/ss_thumbnails/westbob-centralohioissa160317-160419155813-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/bob-west-educating-the-board-of-directors/61101932 Bob West - Educating t...