Sponsored by:. Introduction: Mark Lyons Senior Director of Business Development Procore...
-
Upload
elaine-walsh -
Category
Documents
-
view
222 -
download
0
Transcript of Sponsored by:. Introduction: Mark Lyons Senior Director of Business Development Procore...
Sponsored by:
Introduction:
Mark LyonsSenior Director of Business DevelopmentProcore Technologies, Inc.
Sponsored by:
This presentation will be recorded and available on-demand (copies of the PowerPoint are not available).
If you would like to ask questions during the presentation, use the chat window located on the bottom panel. We will be answering questions at the end of the presentations.
All the presenters email addresses will be provided to you at the end of the webinar.
?
Record
Sponsored by:
Sponsored by
Why Companies Choose Procore
Sponsored by
The #1 Most Widely Used Construction Management Software
• 1,300+ client accounts, 750,000+ users
• Used in over 92 countries
• 3X increase in engineering over the last 18 months
Sponsored by
Founded in 2003, Procore is a cloud-based construction project management SaaS provider headquartered in Santa Barbara, CA with multiple offices and US-based support.
Who We Are
Sponsored by
Over the last year and a half,
Procore has witnessed a
Procore has taken several steps to improve our products including securing $30M investment from ICONIQ Capital in 2015 and $16M in 2014 from Bessemer Venture Partners.
revenue growth per year since 2010 is a testament to the success of the solutions Procore continues to build.
increase in engineering by more than tripling our engineering headcount.
Recent Growth
Sponsored by
Procore Customers
OWNERS ENG/ARCH
GENERAL CONTRACTOR
COMMERCIAL GOVERNMENT HEALTHCARE RETAIL
COMMERCIAL INDUSTRIAL MULTI-FAMILY INFRASTRUCTURE RESIDENTIAL
SUB CONTRACTORS
Sponsored by
Our strong company culture attracts top talent, making Procore one of the top places to work in the area.
Moderator:
Tom SawyerDeputy EditorEngineering News-Record
Jason T. Burns Vice President, Chief Information Officer Hunter Roberts Construction Group
John JacobsSenior Vice President and Chief Information Officer JE Dunn Construction
Reed Loden Director of SecurityHackerOne
Jason T. Burns Vice President, Chief Information Officer Hunter Roberts Construction Group
Jason T. BurnsVice President, Chief Information Officer
Jason Burns is responsible for Hunter Roberts technology umbrella including core network infrastructure, project site infrastructure, and software and security management. Under Jason’s direction, the Technology department is dedicated to
working with internal and external business partners to align systems with Hunter Roberts’ global strategies. Jason is responsible for creating system, policies, and procedures that will support Hunter Roberts in the years to come, focusing on
efficient processes, systems, and tool sets that keep Hunter Roberts employees well informed. Jason has gained broad experience throughout his 16-year career in the construction industry. He has held a variety of positions in the field and back office, from subcontractor Laborer to Senior Financial Analyst for the nations largest builder. Jason’s Information
Technology, Accounting, and Operations experience allows him to create real-time solutions that brings value to all company. Jason is also widely recognized as an industry expert; he speaks about technology in the construction industry
frequently and is published regularly.
The moment you realize you are vulnerable
Tactile Vest Name badge
“Hacker”
Briefcase of doom The vest may be worse
Capture the flag in eight minutes from
turnstiles to the end users machine
SAY HELLO TO MY FIRST PHYSICAL THREAT
WHAT DID I LEARN?
1 Weakest Link?
2 Personal & Private Information
3 Banking
USB Control
IPS
Port Control Wireless
MDM
Malware / Viruses
Physical Access Control
802.1 XLEM
Two-Factor Authentication
WHAT DID I RESEARCH?
Research…
Low Cost BIG Gain Items
Proxy All Traffic on and Off network
99%99%DROP Malware/Adware in First Four Weeks
Week1 Week2 Week3 Week40
10
20
30
40
50
60
70
80
Incidents
Low Cost BIG Gain Items
File Review Email/Download
100%100%DROP Malware/Virus in first 4 weeks
Week1 Week2 Week3 Week40
2
4
6
8
10
12
14
Incidents
Low Cost BIG GAIN40%40%Less Help Desk Tickets
Great!!! Now you have all this security, now what?
1 Time
2 Knowledge Base
3 Attack Vectors Change Rate
4 Assets
John JacobsSenior Vice President and Chief Information Officer JE Dunn Construction
About JE DunnFounded in 1924 in Kansas City, Missouri
Expanded to 20 offices around the United StatesRanked 12th in the US for General Building Contractors (by ENR)
Family & employee owned
Industry Observations• Internet of Every(Things)• Threat Landscape• Collaboration Demands
Top Security Threats• Insider Misuse (unintentional data access)
• Crimeware/Ransomware (project data access)
• Theft/Loss (workstation theft)
• Web Application Attack (external user access)
• Phishing (financial target, corporate data access)
• Malware (internal efficiency degradation)
What are we doing?
• Define security standards – Corporate & Individual• Security Incident Event Monitoring & Management• Intrusion Detection/Prevention System• Firewall Upgrades• Vulnerability Management • Endpoint Security Remediation• Email Security• Intelligence Analysis
People, price, and period• Level of effort
• Resources (FTEs) • Capital
• How long it took• Planning• Execution
• Expected continuing effort• Resources• Capital
Early Wins
• “Rare Double” – During our firewall upgrade initiative, we increased our security capability while increasing our capacity and productivity.
• Security Analytics – Ignorance is very risky bliss. Analyzing events on our network has brought to light security issues to remediate as well as identified application misconfiguration that we could easily fix prior to them becoming a critical issue.
Case Study – Collaboration, and the effects on Risk and Response
• The Problem - HackingTeam Exploit-Kit Leak (July 5th, 2015)
• The Collaboration – Local FBI, InfraGard, and Threat Intelligence Exchange
• The Result – Within day(s), perimeter defended. Within hours, patches applied as available. Immediate, as intelligence is shared, we update our now existing defenses.
Take-AwaysNo matter the size of the organization, we have found that the following apply across all:
• Fundamentals• Executive Support• Perimeter Security• Data Classification • Corporate and End User Policy
• Operations• Security Monitoring• Incident Management• Security Operations
• Improvement• Security Awareness• Risk Management• Research and Development
Reed Loden Director of SecurityHackerOne
Professional Defender…
I am Reed -- security is what I do
• Director of Security at HackerOne
• Security expert, hacker, and developer
• Previously Lookout Mobile Security, Mozilla, Palantir…
43% of companies have experienced a data breach in the past year71% of security breaches target small businesses
What are criminals looking for?
Real Threats…
Ransomware
Real Threats…
Lax security posture
Real Threats…
Social Engineering Attacks
12 Steps to take today…
• Use a Password Managero 1Password, LastPass
• Always use 2-Factor Authenticationo Critical for VPN and cloud services
• Install/use Malware/Virus Protectiono Microsoft Security Essentials is free!
• Use Chrome or Firefox for Internet browsingo Disable / Use click-to-play for Java and Flash
12 Steps to take today…• Turn on Automatic Software Updates
o Includes OS, browsers, and various software suites such as Adobe and Microsoft Office
• Have a Mobile Devices Management Policyo Encrypted, passwords required, & ability to remote wipe
• Examine Sharing Settingso Who really needs access? Ensure not sharing with world.
• Secure Your Infrastructureo Use SSL/TLS, firewall, and maybe some form of IDS/IPS
• Be prepared for Social Engineering attackso Occur in both the physical and virtual worlds
• Have plans for dealing with an incident / breacho It will happen. Ensure you are prepared for it.
• Define an “off-boarding” processo Stick to it and keep updated; think about sub-contractors
• Switch to Card Readerso Locks are easy to pick; keys offer no accountability
12 Steps to take today…
Q & A
Sponsored by
“Since we started using Procore, over the last year we were able to increase our sales by over 60%. Without Procore we wouldn’t have been able to handle that amount of work.”
- Sylvia Lamas, Wells Construction
Project Management From Bidding to Closeout
Sponsored by
Be up and running in weeks, not months or years
Unlimited users, no per-user fees or seat licenses
Easy to learn, intuitive interface
"Procore ensures we never have to hire additional resources in the office for administrative purposes. That’s a testament to Procore’s ROI––I’m saving 2-3 salaries worth of money.”
- Geoff Bambini, Asturian Group
Unrivaled Time to Value
Sponsored by
Procore offers industry leading
mobile project management on
iOS and Android devices.
• Take photos• Approve RFIs• Close punch list items• Mark up drawings• Record meeting minutes• View schedules• Approve or reject submittals• And more!
The Power of Procore in the Palm of Your Hands
Sponsored by
Client Loyalty
Mark Lyons [email protected]
Tom Sawyer [email protected]
Jason T. Burns [email protected]
John Jacobs [email protected]
Reed Loden [email protected]
Sponsored by: