SlideShare uma empresa Scribd logo

Security Program Development for the Hipster Company

Priyanka Aash
Priyanka Aash

Cloud services have evolved and can now replace nearly every facet of traditional infrastructure. This movement has enabled rapid scale while introducing a considerable element of risk. This session will discuss a framework for getting started building a security program in an organization that is built purely on cloud services, covering the contradictions and opportunities of that business model. (Source: RSA USA 2016-San Francisco)

Tecnologia
1 de 33
Baixar para ler offline
SESSION ID: #RSAC Robert Wood Security Program Development  for the Hipster Company CSV‐R02 Head of Security Nuna @robertwood50
#RSAC whoami 2 Head of Security at Nuna Health Former Principal Consultant at Cigital Background focused in red teaming/alternative analysis
#RSAC Our Focus Today 3
#RSAC Example Company Setting 4 AcmeBill is building a hip new financial portfolio  management/monitoring tool on AWS, subject to PCI compliance Using Google Apps, Slack, Todoist and Box to run the rest of the  business Compliance and security relevant data Primarily in AWS with the product Sometimes employees need to share, use, chat, display sensitive data using  Google and Slack You’re in charge of managing the risk around data and it’s potential  unauthorized use or disclosure
#RSAC Assumptions 5 DevOps (or similar) culture  Fail fast and fail small Heavy reliance on automation Openness and collaborative culture Early stages of security program development
#RSAC Agenda Today 6 Who should be thinking about these issues? Compliance considerations Security considerations Practical steps for getting started
#RSAC Who Should Care 7 Executive team Engineering lead(s) Security/compliance team(s)
#RSAC Tackling Cloud Compliance
#RSAC Why/When Does This Matter? 9 Need to consider these factors when: A product you’re building will be built on top of cloud services A cloud service you’re using will handle data that is subject to  compliance requirements Risk ends up being shared between you and your provider More of a partnership than a transactional purchase
#RSAC Cloud Ownership Model 10
#RSAC Pivoting to Security
#RSAC Increased Access 12
#RSAC 13
#RSAC Attacker Economics 14
#RSAC 15
#RSAC What are the Real Goals? 16 Not possible to secure everything  Set and refine OKRs specific to security and compliance: Objective: manage risk to an acceptable level based on threat profile Key result: reduce all critical vulnerabilities in Internet‐facing services from  10X per 10kloc to 2X per 10kloc Objective: level up visibility with centralized logging Key result: all product and associated infrastructure logs should be captured  by centralized log manager along with operational cloud services.
#RSAC Security Touchpoints
#RSAC Security Touchpoints 18 Heavy weight (infrequent) touch points: Security requirements Static analysis Penetration testing Full blown red teaming Incident response We can break each of these into leaner approaches Each of these still have a place in bigger picture, but can’t be done as  frequently
#RSAC Security Requirements (Short Term) 19 Feature‐by‐feature security requirements (including abuse and  misuse cases) can be time consuming to generate and hard to  track Instead generate a set of specifications that: Identify what the system should NEVER allow Engineers can review functional software requirements against  this list to determine compatibility
#RSAC Security Requirements (Long Term) 20 Look to consolidate development environment and build security  controls at the framework/library level The goal is to make the adoption of security requirements as  easy as possible for engineers: Transparent Convention Service layer
#RSAC Static Analysis 21 Measure and set goals around code coverage Improve over time with security focused linters within CI/CD: Insecure API usage Insecure crypto usage Vulnerable dependencies
#RSAC Penetration Testing 22 Shift away from a standalone test with written report Shift towards continuous models Bug bounties Vulnerability scanners run constantly with developer‐centric  feedback loops (e.g. JIRA tickets) Translate true positives into CI/CD regression tests Train QA to utilize subset of security tools and interpret the results
#RSAC Red and Blue Teaming 23 Responding to major attacks (data breaches) needs to be an  organization‐wide effort Simulate susceptibility and response efforts through collaborative  table tops: Security team can profile adversaries and introduce doomsday scenarios  down to everyday security issues Get representatives from many teams involved Increases awareness and highlights cross‐team thought processes  Leverage previous incidents and associated root causes to help drive  potential focus areas
#RSAC Let’s Start Building
#RSAC Three Measurement Axes 25 Depth  Quick scan vs. really deep analysis (manual or otherwise) on a single thing? Breadth How many parts of the business (how many apps, IP’s, etc. are covered)? Knowledge share How many people know how to do this? How many people receive the results?
#RSAC Managing Risk 26 Spending on a security activity should have an impact on risk: Protect Detect Respond Recover Transfer
#RSAC AcmeBill Applied 27 Compliance relevant data stored in AWS, Google Apps and Slack Are those vendors PCI compliant for what they control? Translate lean security touch points through DevOps practices to  build the product on AWS  Collect logs from all services to ensure that PCI data isn’t being  used outside of defined boundaries  Table top to test assumptions
#RSAC Applied Learning
#RSAC Next Week 29 As a security team start to meet, plan, code, and learn in the  open within your company Start meeting with the engineering leads to lay groundwork for  collaborative efforts on longer term initiatives Write down the 3‐5 things that scare you most about working in  security at your company  This is good doomsday scenario material for later
#RSAC 3 Months Out 30 Set 3‐5 OKRs for your security program, shoot for quarterly or halves Document and circulate a handful of secure requirements for products  and the business as a whole Collectively identify and implement several starter metrics to track and  display (security + engineering) such as: Your company top 10 vulnerabilities Time to remediate vulnerabilities (by risk) Critical vulnerabilities known per 10kloc  Implement automated security tests/checks in small pieces at a time
#RSAC 6 Months Out 31 Run a table top exercise to stress test the progress made thus far Document the results and the necessary TODOs that come out of  the activity From your company top 10, select a class of vulnerability to  attempt to eradicate through library/framework/service  engineering Measure progress on OKRs
#RSAC Questions? 32 Robert Wood bob@nuna.com @robertwood50
#RSAC Some Reference Materials 33 http://www.slideshare.net/zanelackey/building‐a‐modern‐security‐ engineering‐organization http://www.bishopfox.com/blog/2015/03/beyond‐security‐ requirements‐secure‐requirements/ http://www.slideshare.net/michael_coates/shape‐developer‐ firstsecurity http://www.slideshare.net/StephendeVries2/continuous‐security‐ testing‐with‐devops https://www.owasp.org/images/e/e3/DefenderEconomics.pdf

Recomendados

CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Priyanka Aash
 
Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and Response
Priyanka Aash
 
Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security Architecture
Priyanka Aash
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security Architectures
Priyanka Aash
 
Crypto 101: Encryption, Codebreaking, SSL and Bitcoin
Crypto 101: Encryption, Codebreaking, SSL and BitcoinCrypto 101: Encryption, Codebreaking, SSL and Bitcoin
Crypto 101: Encryption, Codebreaking, SSL and Bitcoin
Priyanka Aash
 
Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”
Priyanka Aash
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos Testing
Priyanka Aash
 

Recomendados

CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash
 
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security HeadachesAspirin as a Service: Using the Cloud to Cure Security Headaches
Aspirin as a Service: Using the Cloud to Cure Security Headaches
Priyanka Aash
 
Cloud Breach – Preparation and Response
Cloud Breach – Preparation and ResponseCloud Breach – Preparation and Response
Cloud Breach – Preparation and Response
Priyanka Aash
 
Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security Architecture
Priyanka Aash
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security Architectures
Priyanka Aash
 
Crypto 101: Encryption, Codebreaking, SSL and Bitcoin
Crypto 101: Encryption, Codebreaking, SSL and BitcoinCrypto 101: Encryption, Codebreaking, SSL and Bitcoin
Crypto 101: Encryption, Codebreaking, SSL and Bitcoin
Priyanka Aash
 
Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”Corpsec: “What Happened to Corpses A and B?”
Corpsec: “What Happened to Corpses A and B?”
Priyanka Aash
 
ChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos TestingChaoSlingr: Introducing Security-Based Chaos Testing
ChaoSlingr: Introducing Security-Based Chaos Testing
Priyanka Aash
 
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Priyanka Aash
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security Program
Priyanka Aash
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of Things
Priyanka Aash
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
Priyanka Aash
 
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
Humans and Data Don’t Mix: Best Practices to Secure Your CloudHumans and Data Don’t Mix: Best Practices to Secure Your Cloud
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
Priyanka Aash
 
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondOffice 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Priyanka Aash
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
Priyanka Aash
 
Rise of the Hacking Machines
Rise of the Hacking MachinesRise of the Hacking Machines
Rise of the Hacking Machines
Priyanka Aash
 
Realities of Data Security
Realities of Data SecurityRealities of Data Security
Realities of Data Security
Priyanka Aash
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud Security
Scott Carlson
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without Firewalls
Priyanka Aash
 
Azure for Auditors
Azure for AuditorsAzure for Auditors
Azure for Auditors
Teri Radichel
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
e-Xpert Solutions SA
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or die
Priyanka Aash
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
Priyanka Aash
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases
Netskope
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
Priyanka Aash
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
e-Xpert Solutions SA
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
Within 10-years-autonomous-vehicles-will-change-every-ciso s-job
Within 10-years-autonomous-vehicles-will-change-every-ciso s-jobWithin 10-years-autonomous-vehicles-will-change-every-ciso s-job
Within 10-years-autonomous-vehicles-will-change-every-ciso s-job
DESMOND YUEN
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
Shannon Lietz
 

Mais conteúdo relacionado

Mais procurados

Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Priyanka Aash
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of Things
Priyanka Aash
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
Priyanka Aash
 

Mais procurados (20)

Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-RiskStop Translating, Start Defending: Common Language for Managing Cyber-Risk
Stop Translating, Start Defending: Common Language for Managing Cyber-Risk
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security Program
 
Identity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of ThingsIdentity-Based Security and Privacy for the Internet of Things
Identity-Based Security and Privacy for the Internet of Things
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
 
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
Humans and Data Don’t Mix: Best Practices to Secure Your CloudHumans and Data Don’t Mix: Best Practices to Secure Your Cloud
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
 
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondOffice 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
 
Rise of the Hacking Machines
Rise of the Hacking MachinesRise of the Hacking Machines
Rise of the Hacking Machines
 
Realities of Data Security
Realities of Data SecurityRealities of Data Security
Realities of Data Security
 
RSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud SecurityRSA 2015 Realities of Private Cloud Security
RSA 2015 Realities of Private Cloud Security
 
How Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without FirewallsHow Google Protects Its Corporate Security Perimeter without Firewalls
How Google Protects Its Corporate Security Perimeter without Firewalls
 
Azure for Auditors
Azure for AuditorsAzure for Auditors
Azure for Auditors
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or die
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases
 
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)SACON - Threat Hunting Workshop (Shomiron Das Gupta)
SACON - Threat Hunting Workshop (Shomiron Das Gupta)
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint2018 06 Presentation Cloudguard IaaS de Checkpoint
2018 06 Presentation Cloudguard IaaS de Checkpoint
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Within 10-years-autonomous-vehicles-will-change-every-ciso s-job
Within 10-years-autonomous-vehicles-will-change-every-ciso s-jobWithin 10-years-autonomous-vehicles-will-change-every-ciso s-job
Within 10-years-autonomous-vehicles-will-change-every-ciso s-job
 

Semelhante a Security Program Development for the Hipster Company

Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
Amazon Web Services
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
Stefan Streichsbier
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
devopsdaysaustin
 
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
akquinet enterprise solutions GmbH
 

Semelhante a Security Program Development for the Hipster Company (20)

Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Embedding Security in IT Projects
Embedding Security in IT ProjectsEmbedding Security in IT Projects
Embedding Security in IT Projects
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
DevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docxDevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docx
 
The Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxThe Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docx
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptxSecurity Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
Security Operations Cloud vs On Prem ISC2 Bangalore SlideShare.pptx
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 
Rapid Threat Modeling Techniques
Rapid Threat Modeling TechniquesRapid Threat Modeling Techniques
Rapid Threat Modeling Techniques
 
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
 

Mais de Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

Mais de Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Último

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Security Program Development for the Hipster Company