1. Security Trends In Modern Application Development – Chris Wysopal – BH20 #4
DevSecOps has moved security front and center in modern development. Yet security and development teams are driven by different metrics, making it challenging to align on objectives. The move to microservices-driven architecture and the use of containers and serverless has shifted the dynamics of how developers build, test, and deploy code.
This segment is sponsored by Veracode.
Visit https://www.veracode.com/ to learn more about them!
To view the full report by Veracode and Enterprise Strategy Group publishing on August 11, go to www.veracode.com and follow Veracode on Twitter at @Veracode.
Chris Wysopal is Chief Technology Officer and co-founder at Veracode. He oversees technology strategy and information security. Prior to co-founding Veracode in 2006, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software. Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.
2. Hiding Process Memory Via Anti-Forensic Techniques – Frank Block – BH20 #4
Malware authors constantly search for new ways of hiding their activity/content from the eyes of the analysts. In order to help the malware authors in their constant struggle ;-), we introduce three novel methods that prevent malicious user space memory from appearing in analysis tools and additionally making the memory inaccessible from a security analysts perspective on both, Windows and Linux. We are, however, also covering different approaches for detecting the hidden memory and releasing various Volatility 3 and Rekall plugins. The last piece of our release are PoC implementations for all subversion techniques for Windows and Linux, and an upgraded version for one of the subversion techniques, which is controllable with a C&C server.
Frank Block is a security researcher working for ERNW Research GmbH with more than 10 years of experience, and an external PhD student at the University of Erlangen-Nuremberg (Department Informatik) with a focus on memory forensics. His main fields of interest are incident analysis and penetration testing. When not involved in customer projects, he enjoys doing research in all kinds of areas and usually presents the results at conferences such as DFRWS USA, Black Hat USA/EU and Troopers.
3. How We Can Effectively Solve For Human Risk In Our Organizations – Masha Sedova – BH20 #4
What is Human risk? With WFH being present, has human risk increased? Can you solve human risk with technology? As part of your Blackhat talk, what trends have you unconvered that could help CISO's identify areas of greatest human risk?
See how Elevate Security can solve for human risk in your organization and if you missed it, you'll find our Blackhat presentation available for download. https://www.elevatesecurity.com/
Masha Sedova is an award winning people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral science to transform employees into security superhumans.
4. deepwatch Lens Score – Corey Bodzin – BH20 #4
deepwatch Lens Score - The first SecOps maturity benchmarking and planning app. Answers CISO Questions: How mature is my Security Program? How do I compare to my peers? What one thing should I do next?
This segment is sponsored by deepwatch.
Visit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free!
At deepwatch Corey Bodzin is accountable for driving the company’s product vision and strategy from a services organization based around commercial solutions to a product driven organization with services built around its own intellectual property. Before joining deepwatch, Corey spent the last 15 years creating products at cybersecurity companies like ExtraHop, Tenable, RSA, and Qualys. Prior to that he was a user of the products as leader of security teams at Wells Fargo, Charles Schwab, and Lucent. He is a cybersecurity veteran with 25+ years’ experience in driving thoughtful cybersecurity, risk management, and regulatory compliance for industries as diverse as energy, pharmaceuticals and financial services.
5. Cyber Threat Intelligence – Brian Kime – BH20 #4
Cyber threat intelligence has had trouble demonstrating relevance and ROI for most organizations. Brian Kime from Forrester discusses his research on current cyber threat intelligence trends and helps us understand what to expect, from both services and tools, over the next two years.
Brian is a senior analyst at Forrester serving security and risk professionals. He covers cyber threat intelligence, vulnerability risk management, and industrial control system security. In this role, Brian helps organizations identify, assess, and prioritize cyber and physical threats; prepare for emerging attack vectors; and reduce cyber risk in enterprise IT and operational technology (OT) environments.
6. Threat Hunting Incident Response w/ Google Cloud & Tanium – Anton Chuvakin, Matt Hastings – BH20 #4
Matt and Anton will discuss the new integration between Tanium and Chronicle, designed for distributed IT in a remote-work world. The two will explore some of the unique challenges that security teams are facing in light of this change. They will also provide details on the new integrations, which combines comprehensive endpoint telemetry from Tanium with Chronicle’s cloud-scale analytics to inform threat hunting and investigations with one year of recorded endpoint activity.
This is just the beginning of the partnership between Google Cloud and Tanium. Check out the blog post on Tanium's website to learn more about the future of the partnership and what it means for security.
This segment is sponsored by Tanium.
Visit https://securityweekly.com/tanium to learn more about them!
Dr. Anton Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. Anton was, until recently, a Research Vice President and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team. Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books “Security Warrior”, “Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management” and “PCI Compliance, Third Edition: Understand and Implement Effective PCI Data Security Standard Compliance” (book website) and a contributor to “Know Your Enemy II”, “Information Security Management Handbook” and other books.
Matt Hastings is a Senior Director of Product at Tanium. He has over a decade of experience in incident response, forensic analysis, and penetration testing with companies including Madiant (FireEye), where he worked with Fortune 500 companies, government agencies, and global organizations to investigate and respond to incidents and implement security controls. Matt also regularly lectures on incident response and forensic analysis for corporate groups and security conferences, including: Black Hat USA, Black Hat Asia, DerbyCon, DEFCON, BruCON, CounterMeasure, and BSides.
7. Summarizing the BlackHat Threat Intelligence Report – Matthew Gardiner – BH20 #4
Matthew Gardiner, Principal Security Strategist, from Mimecast will provide and overview of Mimecast and the results of their Threat Intelligence Report, BlackHat USA Edition, August 2020.
This segment is sponsored by Mimecast.
Visit https://securityweekly.com/mimecastbh to learn more about them!
Matthew Gardiner is Principal Security Strategist at Mimecast and is currently focused on email security, phishing, malware, and cloud security. With more than 15 years focused in security, Matthew’s expertise in various roles includes threat detection & response, network monitoring, SIEM, endpoint threat detection, threat intelligence, identity & access management, Web access management, identity federation, cloud security, and IT compliance at RSA, Netegrity, and CA Technologies. Previously he was President and a member of the board of trustees of the security industry non-profit, the Kantara Initiative. Matthew has a BS in Electrical Engineering from the University of Pennsylvania and an SM in Management from MIT’s Sloan School of Management.
8. Challenges Configuring Your Home Network for Remote Workers – BH20 #4
Paul Asadoorian and Matt Alderman discuss the challenges of remote work and how to setup your home network. This discussion will lead to a number of technical segments on future shows to help individuals setup a more secure network at home.
Taemin Park is a 5th year PhD student advised by Professor Michael Franz at University of California, Irvine. Before joining University of California, he worked three and a half years at Korea Telecom Institute of Convergence Technology for building secure authentication systems and security outsourcing services. He received a BS from Hanyang University and MS from Seoul National University.