RSA21 #2 | SC Media
Active Directory, Backup and recovery, Cloud security, Attack surface mgmt, Bug bounties, Blue team

RSA21 #2

May 18, 2021



Sponsored By


sponsor
Visit https://securityweekly.com/fortinet for more information!

“Behind the scenes of the cyber fight” – talking about the good on the defender side, taking down cyber criminal supply chains, partnerships, taking down ransomware gangs.

This segment is sponsored by Fortinet.

Visit https://securityweekly.com/fortinet to learn more about them!

Full Episode Show Notes

Behind the Scenes of the Cyber Fight

Guests

Derek Manky

Derek Manky – Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs

Experienced thought leader and innovator who has helped to build global collaborative frameworks in the cyber security industry. Strategist to global leaders/heads of state, private public sector relations, C-Suite consultant, threat intelligence expert on cybercrime.

Michael Daniel

Michael Daniel – President & CEO at Cyber Threat Alliance

@CyAlliancePrez

Michael leads the CTA team and oversees the organization’s operations. Prior to joining the CTA in February 2017, Michael served from June 2012 to January 2017 as Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council Staff. In this role, Michael led the development of national cybersecurity strategy and policy, and ensured that the US government effectively partnered with the private sector, non-governmental organizations, and other nations.

Hosts

Paul Asadoorian

Paul Asadoorian – Founder at Security Weekly

@securityweekly

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.



Security professionals must protect their organizations from the five shifts which will persist after the pandemic: 1) customers will demand safety and convenience; 2) brands will create hybrid experiences; 3) stakeholders will build the future of work; 4) smart firms will retire technical debt; and 5) resiliency will become a competitive asset. Each of those five shifts has profound implications for us, from the nuts-and-bolts of securing a much more remote and cross-border workforce, to the delicate dance required by the rampant growth of data protection and software supply chain nationalism among governments and regulators.

Segment Resources:
https://www.forrester.com/report/The+New+Unstable+Normal+How+COVID19+Will+Change+Business+And+Technology+Forever/-/E-RES161461?objectid=RES161461

Full Episode Show Notes

Adapt to the New, Unstable Normal: How to Secure the Roaring 2020s

Guests

Laura Koetzle

Laura Koetzle – Vice President, Group Research Director at Forrester Research

@lkoetzle

Laura Koetzle leads Forrester’s European Research organization. She previously led the security and risk and the infrastructure and operations research teams. As a Security and Risk Analyst, Koetzle researched operating system security, security architecture, network security, and security incident response, and she served as the Chairperson for Forrester’s inaugural Security Forum event. She is also a member of the Advisory Board and the Program Committee for RSA Conference. Koetzle’s work has enjoyed wide exposure in the media, including BusinessWeek, The Economist, The New York Times, and The Wall Street Journal. Koetzle has also appeared on CNN, CNBC, and Reuters Television, and she is a frequent speaker at information security and executive conferences.

Hosts

Matt Alderman

Matt Alderman – Executive Director at CyberRisk Alliance

@maldermania

Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.



Sponsored By


sponsor
Visit https://securityweekly.com/detectify for more information!

The development life cycle as we know it is rapidly changing, and today’s AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets – you need much more dynamic tools and ways of working.

We want to talk about why enterprises should move beyond the shift-left approach, how to approach testing in a more dynamic way, and how this supports a zero-trust model.

This segment is sponsored by Detectify.

Visit https://securityweekly.com/detectify to learn more about them!

Full Episode Show Notes

Why You Should Challenge Shift-Left Testing

Guests

Rickard Carlsson

Rickard Carlsson – Co-founder & CEO at Detectify

Entrepreneurial tech nerd Rickard Carlsson has grown Detectify from a group of ethical hackers with an idea on how to make the internet safer, to an international industry challenger of 140+ people. Rickard has a background in tech and management consulting, and has lived and worked in Sweden, India and the US.

Hosts

Paul Asadoorian

Paul Asadoorian – Founder at Security Weekly

@securityweekly

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.



Sponsored By


sponsor
Visit https://securityweekly.com/uptycs for more information!

Cloud security, the next frontier. How do we build resilient services in the cloud and secure them. Ganesh Pai, CEO at Uptycs, joins us to discuss a new perspective on cloud security resilience.

This segment is sponsored by Uptycs.

Visit https://securityweekly.com/uptycs to learn more about them!

Full Episode Show Notes

A New Perspective on Cloud Security Resilience

Guests

Ganesh Pai

Ganesh Pai – CEO & Founder at Uptycs

Ganesh Pai is Founder & CEO of Uptycs. He is a Boston-based entrepreneur and technologist (formerly Akamai, Verivue, NetDevices) and has been awarded multiple U.S. patents. Ganesh received a BE degree in electronics and communication engineering from Mangalore University and a MS in computer science from Temple University.

Hosts

Matt Alderman

Matt Alderman – Executive Director at CyberRisk Alliance

@maldermania

Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.



Sponsored By


sponsor
Visit https://securityweekly.com/gitlab for more information!

Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security.

In this interview, we will be talking about how transparency practices can lead to improved security. With transparency being one of our core values at GitLab, we will talk about the processes we have implemented to maintain our security stance while operating with the highest possible public transparency and how you can apply them to your enterprise to achieve increased security and transparency.

This segment is sponsored by GitLab.

Visit https://securityweekly.com/gitlab to learn more about them!

Full Episode Show Notes

Security Shouldn’t be a Secret. Why Transparency Matters

Guests

Wayne Haber

Wayne Haber – Director of Engineering at GitLab

@WayneHaber

Wayne Haber, CISSP is the director of engineering at GitLab for the threat management and growth departments. His teams focus on things including vulnerability management, Kubernetes container security, growth hacking, and engineering productivity. Wayne has more than 20+ years of experience in security and engineering. When not working, Wayne is a dedicated learner averaging one book a week.

Hosts

Matt Alderman

Matt Alderman – Executive Director at CyberRisk Alliance

@maldermania

Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.



A former Gartner analyst, Frank Catucci will share his thoughts on the latest application security trends that will impact the markets in 2021.

Full Episode Show Notes

Application Security Trends in 2021

Guests

Frank Catucci

Frank Catucci – Head of AppSec at DataRobot

@Gartner_inc

Frank Catucci is a global application security leader with over 15 years of diverse experience which grants him the unique ability to see and lead information and application security with a unique, complete and holistic approach. Frank is currently leading efforts within application security and devsecops with groundbreaking security research, techniques and completeness of vision, as a pioneer and leader of application security and devsecops advancement.

Hosts

Matt Alderman

Matt Alderman – Executive Director at CyberRisk Alliance

@maldermania

Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.



The cyber risk ratings market, comprised of companies providing a security rating based on what they can see of your external infrastructure is controversial. In my latest evaluative New Wave looking at this market, we identified a number of issues meaning this market is not ready for the prime time. I’ll discuss why that is and what this market has to do make itself useful and valuable to security teams.

Segment Resources:

https://go.forrester.com/blogs/announcing-the-cybersecurity-risk-ratings-new-wave-q1-2021/

Full Episode Show Notes

How Does the Cyber Risk Ratings Platform Market Need to Evolve?

Guests

Paul McKay

Paul McKay – Principal Analyst at Forrester Research

@PMcKayAnalyst

I am a principal analyst at Forrester based in London, UK. I cover cybersecurity risk ratings and quantification providers and European service providers in consulting and managed services. I work with European CISOs mainly on their strategic programs and priorities and work with my colleagues in the US on our CISO focused research.

Hosts

Adrian Sanabria

Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance

@sawaba

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.



Sponsored By


sponsor
Visit https://securityweekly.com/talasecurity for more information!

Data privacy and Web security teams are converging across enterprises and we are seeing more Privacy use cases like cookie banner consent and limiting data sharing (vendors like Facebook, Google etc. are capturing sensitive user data, accessing cameras, microphones, geolocation etc.) via security policies, under the security teams purview.

At Tala we offer a Privacy scan that gives enterprises a full view of which vendors have access to sensitive data and how this data is being shared. This in turn helps set the right security controls in place.

This segment is sponsored by Tala Security.

Visit https://securityweekly.com/talasecurity to learn more about them!

Full Episode Show Notes

The Convergence of Security and Privacy on the Web

Guests

Deepika Gajaria

Deepika Gajaria – VP of Product at Tala Security

Deepika is responsible for product strategy and delivery at Tala. Working closely with our customers, she drives product direction and shapes the product roadmap to address their core needs.

Prior to Tala, Deepika was part of Cisco Jasper where she led the launch of IoT smart city applications. Her career in Product Management began at EMC, in the New Product Introduction team, working on key initiatives across the Storage and the Data Protection divisions.

Deepika has held diverse roles in her career: her first job out of school was in Research and Development of high voltage particle accelerator technology used in cancer therapy machines.

Hosts

Matt Alderman

Matt Alderman – Executive Director at CyberRisk Alliance

@maldermania

Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.



Scott Crawford joins us to discuss some of the most frequent trends in the security industry today, including high profile incidents and their impact on the industry.

Full Episode Show Notes

451 Research: Overall Security Industry Trends

Guests

Scott Crawford

Scott Crawford – Research Director at 451 Research / S&P Global Market Intelligence

@s_crawford

Scott Crawford is an industry analyst and heads the Information Security team at 451 Research, a technology industry analyst firm now part of S&P Global Market Intelligence. He was the first information security officer for the Comprehensive Nuclear-Test-Ban Treaty organization in Vienna, Austria, and served as a senior strategist with IBM Security before joining 451.

Hosts

Adrian Sanabria

Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance

@sawaba

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

prestitial ad