Silsbee - Interface Seattle 2015 - Cybersecurity

7
Meet and Exceed Your Cybersecurity Goals Kenneth Silsbee, MS Interface Seattle

Transcript of Silsbee - Interface Seattle 2015 - Cybersecurity

Page 1: Silsbee - Interface Seattle 2015 - Cybersecurity

Meet and Exceed Your Cybersecurity GoalsKenneth Silsbee, MS

Interface Seattle

Page 2: Silsbee - Interface Seattle 2015 - Cybersecurity

Kenneth Silsbee, MS 

Kenneth has over 25 years in Information Technology with 7 years as a software consultant and experience contributing to two start-up companies. He has built 3 software development security programs for leading industry companies. He holds a Master’s Degree in Computer Systems and has been an adjunct faculty for undergraduate and graduate studies in information technology and security.

‣ Interface Seattle — Meet and exceed your cybersecurity goals

Kenneth is founder and Principal Consultant, Yeoman Security Consulting.Kenneth is also Senior Information Risk Manager, Xerox Corporation

Page 3: Silsbee - Interface Seattle 2015 - Cybersecurity

‣ Interface Seattle — Meet and exceed your cybersecurity goals

Trend: Security Outside The Company‣ Automation and security tools now a

must‣ Web Application Firewalls (WAF),

Vulnerability Scans, Penetration Testing

‣ Vendors to Extend Company Security‣ Cloud Hosting, Operations, Code

Development‣ Domestic AND Foreign Laws Apply

Page 4: Silsbee - Interface Seattle 2015 - Cybersecurity

‣ Interface Seattle — Meet and exceed your cybersecurity goals

Trend: Demand for Security Assurances‣ Security Assurances Beyond Just

Network and Privacy (ie encryption)‣ Contracts Must Follow Customer Policies

and Standards‣ Security Addendums Now Common‣ RFPs/RFQs with Security Sections‣ HITRUST (HIPAA), ISO-2700x, Training

Page 5: Silsbee - Interface Seattle 2015 - Cybersecurity

‣ Interface Seattle — Meet and exceed your cybersecurity goals

Security Training and Guidance Are Key‣With 1.2M Security Job Gap by 2020, Leveraging Knowledge Key

‣Customers Requiring Employee Security Training

‣Secure Coding that Includes Vendors‣Building Corporate Security Communities

‣Brown Bags, Bulletins, Mentors, etc.

Page 6: Silsbee - Interface Seattle 2015 - Cybersecurity

‣ Interface Seattle — Meet and exceed your cybersecurity goals

Secure Software is a Multiple Facet Approach‣Bought or Built, Security Reflects YOU‣A Security Development Lifecycle (SDL) Process is Key‣Triage Risk, Track Flaws, Business Buy-in

‣Scan Tools Help, But Are Not Perfect‣Training to Recognize Flaws and Fixes‣Support Documents

Page 7: Silsbee - Interface Seattle 2015 - Cybersecurity

‣ Interface Seattle — Meet and exceed your cybersecurity goals

Tips For Success‣Treat Vendors Same as Your Own‣Focus on Process, Standards, Training‣Tools Are Quick Win - Need People Skills‣Build Partnerships with IT and Business‣Define Security as Differentiator not Cost