Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP,...
Transcript of Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP,...
![Page 1: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/1.jpg)
Overview
Be Aware, Be Secure.
Culture of Security
![Page 2: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/2.jpg)
About Me
Professional
• Manager, PreSales for Financial Services @ Qlik
• Build an east coast territory @ Interana
Personal
• Married
• First time home owner in Westfield, NJ
• Love to LEARN!
Director
Advanced Solution Architect
Pluralsight
![Page 3: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/3.jpg)
Agenda for Culture of Security
• Why is this important?
• Where did I get these best practices?
• 8 Best Practices
• How Can Pluralsight help
• How do you get started?
![Page 4: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/4.jpg)
A Changing Landscape
Technology leaders are implementing digital strategy
to:
● Engage with Customers
● Empower their Employees
● Optimize their Operations
● Transform Products and Services
People
Digital Transformation
Cloud
Process
Devices
People are the linchpin of the transformational process
![Page 5: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/5.jpg)
Best Practices from Industry Experts
Troy HuntOWASP & Microsoft Security
Industry Thought Leader
Dr. Jarred DeMottHacker Security, Exploits
Christopher ReesCASP, Cryptography, Security
Tim MorganCryptanalysis, Forensics,
Penetration Testing
Kevin HenryInfoSec, Auditing
![Page 6: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/6.jpg)
Security-Centric Culture Best Practices
![Page 7: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/7.jpg)
Security-Centric Culture Best Practices
Unify Security and Development
Teams
![Page 8: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/8.jpg)
Security-Centric Culture Best Practices
Understand Your Audience
Software Developer QA Specialists Doctor
Secure Coding Training
Ethical Hacking Training
End User Security Awareness Training
Ro
leN
eed
s
![Page 9: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/9.jpg)
Security-Centric Culture Best Practices
Show, Don’t Tell
Wiresharkmetasploit
![Page 10: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/10.jpg)
Security-Centric Culture Best Practices
Learn by Example
![Page 11: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/11.jpg)
Security-Centric Culture Best Practices
Create Security Champions
InfoSec
SoftwareEngineers
Business
IT SupportIT Ops
![Page 12: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/12.jpg)
Security-Centric Culture Best Practices
Make a Security a Quality Metric
IT Support
• # of Servers & Workstation missing OS & App patches
• # of infections/Re-images tickets• # of Security Event tickets• # of Security Request tickets
Software Engineers
• # of Security Vulnerability found in bugs• # of QA Test coverage for vulnerabilities
![Page 13: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/13.jpg)
Security-Centric Culture Best Practices
Run an Internal Bug Bounty
Set the scope of security assessment and engage crowd
Vulnerabilities are submitted, prioritized and reported
Use performance model to incentive results
![Page 14: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/14.jpg)
Security-Centric Culture Best Practices
Drive a Security-centric Culture from the Top
CEO CFOCTO
![Page 15: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/15.jpg)
Security-Centric Culture Best Practices
Unify Security and Development
Teams
Understand Your Audience
Show, Don’t Tell Learn by Example
Create Security Champions
Make a Security a Quality Metric
Run an Internal Bug Bounty
Drive a Security-centric Culture from the Top
![Page 16: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/16.jpg)
World Class Authors Personalization at Scale
Theoretical + Practical = Mastery
Actionable Analytics
World Class Content
Transcender
Mentoring
Interactive Labs
Projects
Personalize Home
Iris
Curated Paths &
Channels
Social Discovery
6,500+ courses
1200+ authors
Agile / Directed
Discovery
See progress of
groups over time
Connect learning with
skill improvements
Track progress of your
objective
How can Pluralsight help?
265
![Page 17: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/17.jpg)
How do you get started?
• Identify your Security Champions
• Segment their role and have them help build the training program needed
• Start with existing bugs in the backlog that needs to be fixed
• Learn more:
Creating a Security Centric Culture
Ethical Hacking: Understanding Ethical Hacking
The Information Security Big Picture
![Page 18: Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP, Cryptography, Security Tim Morgan Cryptanalysis, Forensics, Penetration Testing Kevin](https://reader035.fdocuments.in/reader035/viewer/2022062609/60ec4d3c167e510b461594c3/html5/thumbnails/18.jpg)
QUESTIONS