• InfoSec World Conference 2020 - Summer Fowler - BSW #170

    As the Co-Chair of the Leadership Board for InfoSec World Conference in Orlando, FL this June 2020, Summer will discuss how this is an excellent opportunity for Executive, Management, and Technical teams to attend a conference together to learn more about both the business of cyber security and the latest in technical capabilities.
  • Where the Law Thinks Your Data Lives - Steve Black - BSW #166

    What data compliance regulations apply to a Las Vegas hospital with California patients? One major compliance fine can lead to a big financial hit and a complete loss of customer trust, so understanding ‘where your data lives’ and how the law shifts based on the location of data collection, storage and transfer is paramount. With no overarching federal data law, each state can (and does) require different duties from organizations that collect and keep data. A big challenge for compliance teams is figuring out which state (or states) claim your data. Unfortunately, the legal world of intangible data property is complicated and sometimes even contradictory. I will also preview my InfoSec World 2020 session – Cyberlaw Year in Review.
  • Connected devices security - Dorit Naparstek - PSW #643

    Hacks performed on connected & IoT devices, such as routers, security cameras, smart meters, etc. are increasingly common, and revealing major vulnerabilities in existing security measure. This vicious cycle of hack & patch can be broken by adopting a new approach that introduces the role of flash memory in securing devices.
  • SHAKEN/STIR and PKI - Mark Cooper

    How SHAKEN/STIR and PKI will end the global robocall problem Link to an article Mark wrote for Dark Reading: https://www.darkreading.com/endpoint/… Link to landing page with more info:
  • InfoSec World Workshop: DevSecOps and Cultural Transformation - Dan Petit

    Dan discusses his upcoming 2-day workshop at InfoSec World. The workshop is a “deep survey” into all things DevSecOps.
  • Zero to Sixty: Making Security Programmatic and Cultural - David Sherry, Tara Schaufler - BSW #163

    Our presentation in Orlando will be the rapid cultural change of security on the Princeton campus.
  • The Unprotected Attack Surface of the Enterprise - John Loucaides

    Hackers are using firmware implants and backdoors to compromise enterprise security with attacks that are stealthy and persistent. It’s time for information security specialists to learn how to attack and defend enterprise infrastructure. John will provide a preview of his upcoming presentation at InfoSec World where he will demonstrate attacks on firmware that are invisible to traditional security platforms, and show how to detect and defend against them.
  • Security Orchestration Is Not About Tools - Wilson Bautista

    We interview Wilson Bautista is the Founder of Jun Cyber. Wilson will talk about leadership, DevOps and Secrity working together to provide security for the business, how does that work? Building secure culture, breaking down silos, communication between teams, security working in teams, IR teams talking, Threat intel teams, pen testers, and compliance.
  • The Rise of the Cyber Industrial Complex - Malcolm Harkins

    Malcolm Harkins is the Chief Security & Trust Officer at Cymatic. Malcolm will discuss the security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face. The lack of good economic incentives has turned the notion of Defense in Depth in to one of Expense in Depth where we continue to use outdated approaches to control for risks which results in needing to purchase other solutions to make up for the weakness of the solutions we bought that did not properly control for the risks.
  • Mitigating at Design Time - Shaun Lamb

    In this interview segment, Mike and John interview Shaun Lamb about strategies for how best to design applications so they are “secure by default” and have fewer incidents and vulnerabilities, How DevOps or DevSecOps positively changes the relationship between security and development/operations including: the application design process, security testing, and security education programs, and the security impact of applications moving to a microservices-based architecture running on Docker/Kubernetes and the role of an API Gateway.