DevSecOps has been described as part strategy, part toolkit, part training and part cultural shift.
However, there’s no universal playbook on how to implement DevSecOps, and there can be conflict between DevOps prioritizing speed to market, functionality and revenue generation, versus SecOps striving to eliminate...
Today, transformation is continuous— with it comes an ever-expanding attack surface and a risk landscape that is more challenging than ever.
Integration & automation have never been more critical as organizations shift focus to scaling and innovating the business.
View this session as we discuss the following...
Security as Code is the methodology of codifying security and policy decisions and socializing them with other teams. When moving to a Security as Code model, there are a number of key benefits that are realized across the organization.
When you take on a Security as Code mentality, you are codifying collaboration...
Is your IoT dryer transferring 1GB+ of traffic daily? Does your Tesla phone home to the mothership? Is your employer monitoring you at home? Learn a quick, easy, free method for using a Raspberry Pi to gain visibility into your home network. We'll teach you to find out what your smart (and not-so-smart) devices are...
Many organizations struggle to understand how to approach application security program maturity. Caitlin Johanson and Dan Cornell of Coalfire share why AppSec maturity is important and offer strategies for how enterprises can evaluate their AppSec maturity levels and build a robust response.
Noname Security has released its new API Security Trends Report and - no surprise - API usage has grown exponentially. The bad news: So have API attacks by opportunistic adversaries. Karl Mattson of Noname discusses the report and some new ways of approaching API security.
The U.S. Department of Commerce is soliciting input on a Trump administration cybersecurity executive order that requires cloud providers to verify the identities of certain users - particularly cyber actors potentially operating abroad and leveraging U.S. cloud technologies.
With automotive standard ISO 21434 just around the corner, this tutorial focuses on how it will form a key protective component against the cyber threats facing automation software developers.
This convenient handbook for the Functional Safety Standard EN 50128:2011 - “Railway
applications - Communication, signaling and processing systems - Software for
railway control and protection systems" - is all you'll need to get "on board" with this standard.
Currently the systems included under EN 50128...
The global ‘State of Security 2021’ report recently published by Splunk and ESG Research presents insights and best practices from interviews with some of today’s most successful security leaders. This panel of experts will take a look at key report findings, and discuss the theory and practicality of best...
Have you noticed that there's a cultural gap between software developers and application security practitioners? This gap can challenge application security maturation within the Software Development Lifecycle (SDLC).
We'll examine how you can stimulate cultural change to mature your software development group,...
A bipartisan group of senators is circulating a draft of a federal breach notification bill that would require federal agencies, federal contractors and businesses that have oversight over critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery.
In this single 40 minute session, you will feel informed on the future of apps, clouds and infrastructure monitoring - and ready to tackle them. SREs, DevOps Team Leaders, ITOps Managers, Cloud Architects and anyone who has to modernize their toolsets to deal with the new business reality of “deliver better, deliver...
With the advent of CI/CD pipelines, supply chain attacks have become more prevalent – and as the recent SolarWinds breach has demonstrated, the impact of such breaches can be vast and rippling.
This eBook addresses questions raised by security leaders that want to better understand their organization’s...
A centralized log strategy has become an essential component in the administration of today’s complex IT environments.
Since log management data is central to the analysis of securing IT enterprise services, understanding operational
performance of IT infrastructure and applications, and key to meeting data...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.