Loading…
This event has ended. Visit the official site or create your own event on Sched.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Defender Track [clear filter]
Friday, October 23
 

10:00am CDT

Problems you'll face when building a software security program
I've been building software security programs for nearly a decade, and continue to observe the same challenges. Adding security into the dev process relies heavily on dev's own processes which can make implementing a software security program difficult. This talk will communicate common challenges when building a software security program, tips and tricks for addressing them, and expectations you'll need to improve the security of your company's software.

Watch  the Talk Video

Speakers
RA

Robert Auger

Manager - Application Security, Box Inc


Friday October 23, 2015 10:00am - 11:00am CDT
Gemalto Room Norris Conference Center, Austin
  Defender Track
  • Host Organization

11:00am CDT

It Takes a Village: Effective Collaboration in Security
All security professionals commit preventable workplace mistakes: We trust our intuition when impaired by cognitive bias, and we interpret the words and actions of others incorrectly, leading to ineffective communication. These mistakes lead to poor, inconsistent relationships with everyone involved in the development lifecycle. We can address them by understanding the behavior of others and by learning to architect objective decisions.

Speakers
avatar for Philip J Beyer

Philip J Beyer

Vice President, Security Engineering, Global Payments
Philip Beyer is the Vice President of Security Engineering for Global Payments Inc. (NYSE: GPN), a leading pure play payments technology company delivering innovative software and services globally. He leads the teams building solutions to protect customer and cardholder data.Mr... Read More →



Friday October 23, 2015 11:00am - 12:00pm CDT
Gemalto Room Norris Conference Center, Austin
  Defender Track

12:00pm CDT

Big Data, What's the Big Deal?
In the rush to reap the benefits from Big Data projects, organizations frequent forget the importance of securing and protecting their "Crown Jewels". From a security and privacy perspective, Big Data differs from traditional data and requires a different approach. At the same time, it shares many commonalities. Existing methodologies and preferred practices can easily be extended to support Big Data. This talk will describe how and why Big Data is different, the data security and privacy challenges, and a set of best practices and recommended technical controls that will help you to secure and protect your organization's Crown Jewels.

Speakers

Friday October 23, 2015 12:00pm - 1:00pm CDT
Gemalto Room Norris Conference Center, Austin
  Defender Track

1:00pm CDT

The Culture of Security
Security is comprised of people, process and technology. As security professionals we are naturally drawn to the new shiny thing. Yet, how important is the culture of security to the overall security posture of an organization. Is your industry a bigger target than others? Lets brainstorm together with a hot cup of java and share nuggets of security stories from our lives to see what works and what does not.

Speakers
avatar for Sammy Boss

Sammy Boss

Information Security, EA
Humbly considered a security thought leader across different industries like Entertainment, Finance, Healthcare and Insurance. Like to look at security from the business perspective. How can we adapt ourselves to the culture of the company to make security more effective? Preaching... Read More →


Friday October 23, 2015 1:00pm - 2:00pm CDT
Gemalto Room Norris Conference Center, Austin
  Defender Track

2:00pm CDT

Hack the Cloud Hack the Company: the Cloud Impact on Enterprise Security
iSEC Partners routinely carry out Attacker Modeled Penetration Tests that use any and all means possible to gain entry to a company. The goal is to test organizations against true-to-life attack and penetration activities that real attackers use in the breaches that make headline News (and the breaches that don't).
Organizations that use Cloud Services to provision an operating environment to support a product, or use Cloud Service Providers to outsource elements of traditional enterprise IT into the Cloud, can find those very aspects used against them in an attack. While the potential attack surface for a breach changes, in many ways the use of Cloud infrastructure can make it easier for an attacker to gain access to critical systems and data. In this session the speaker will describe methods of penetration used during recent tests, illustrating how Cloud Services are viable entry points that lead to significant compromises. The following areas will be discussed:
- Common mistakes in deploying Internet-facing Cloud infrastructure
- Replication and communication paths between Cloud and on-premises infrastructure
- Effective ways for attackers to gain access to the Cloud Service administration console
- How the use of Cloud Services is weakening enterprise IT security
- Methods for securing Cloud Services, closing vulnerabilities and protecting the company

Speakers
avatar for Kevin Dunn

Kevin Dunn

Senior Vice President for Consultancy, NCC Group
Kevin Dunn is Senior Vice President for Consultancy for NCC Group. Kevin has been a professional security consultant for over 15 years, working on diverse projects and challenging technologies for the world’s largest and most demanding companies. His current responsibilities include... Read More →


Friday October 23, 2015 2:00pm - 3:00pm CDT
Gemalto Room Norris Conference Center, Austin
  Defender Track

3:00pm CDT

Security Automation in the Agile SDLC - Real World Cases
How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments.

Speakers
OM

Ofer Maor

Director, Enterprise Solutions, Synopsys


Friday October 23, 2015 3:00pm - 4:00pm CDT
Gemalto Room Norris Conference Center, Austin
  Defender Track