Silsbee - Interface Seattle 2015 - Cybersecurity
7
Meet and Exceed Your Cybersecurity Goals Kenneth Silsbee, MS Interface Seattle
-
Upload
kenneth-silsbee-ms -
Category
Documents
-
view
173 -
download
0
Transcript of Silsbee - Interface Seattle 2015 - Cybersecurity
Meet and Exceed Your Cybersecurity GoalsKenneth Silsbee, MS
Interface Seattle
Kenneth Silsbee, MS
Kenneth has over 25 years in Information Technology with 7 years as a software consultant and experience contributing to two start-up companies. He has built 3 software development security programs for leading industry companies. He holds a Master’s Degree in Computer Systems and has been an adjunct faculty for undergraduate and graduate studies in information technology and security.
‣ Interface Seattle — Meet and exceed your cybersecurity goals
Kenneth is founder and Principal Consultant, Yeoman Security Consulting.Kenneth is also Senior Information Risk Manager, Xerox Corporation
‣ Interface Seattle — Meet and exceed your cybersecurity goals
Trend: Security Outside The Company‣ Automation and security tools now a
must‣ Web Application Firewalls (WAF),
Vulnerability Scans, Penetration Testing
‣ Vendors to Extend Company Security‣ Cloud Hosting, Operations, Code
Development‣ Domestic AND Foreign Laws Apply
‣ Interface Seattle — Meet and exceed your cybersecurity goals
Trend: Demand for Security Assurances‣ Security Assurances Beyond Just
Network and Privacy (ie encryption)‣ Contracts Must Follow Customer Policies
and Standards‣ Security Addendums Now Common‣ RFPs/RFQs with Security Sections‣ HITRUST (HIPAA), ISO-2700x, Training
‣ Interface Seattle — Meet and exceed your cybersecurity goals
Security Training and Guidance Are Key‣With 1.2M Security Job Gap by 2020, Leveraging Knowledge Key
‣Customers Requiring Employee Security Training
‣Secure Coding that Includes Vendors‣Building Corporate Security Communities
‣Brown Bags, Bulletins, Mentors, etc.
‣ Interface Seattle — Meet and exceed your cybersecurity goals
Secure Software is a Multiple Facet Approach‣Bought or Built, Security Reflects YOU‣A Security Development Lifecycle (SDL) Process is Key‣Triage Risk, Track Flaws, Business Buy-in
‣Scan Tools Help, But Are Not Perfect‣Training to Recognize Flaws and Fixes‣Support Documents
‣ Interface Seattle — Meet and exceed your cybersecurity goals
Tips For Success‣Treat Vendors Same as Your Own‣Focus on Process, Standards, Training‣Tools Are Quick Win - Need People Skills‣Build Partnerships with IT and Business‣Define Security as Differentiator not Cost
