There has been a significant shift away from written papers and physical presence at conferences. This is now replaced by webinars some of which are freely available others are not. Likewise not all webinars are recorded in order to strongly encourage people to attend. Some of the recent webinars I have worked on are listed below and can be accessed at https://resources.securitycompass.com/webinars
Evolving Threat Modeling to Fit DevOps
In this webinar, we discuss strategies such as policy-driven development and business risk filtration, to scale our threat modeling approach and maximize the potential for automation.
Traditionally, we perform threat modeling using some type of predefined framework like STRIDE to make a data flow diagram and recommend mitigation. The challenge with this threat modeling approach is that it doesn’t fit easily in a fast-moving DevOps pipeline. For DevOps to work effectively, artifacts are considered to be a minimum viable product agreed upon for delivery. In the case of threat modeling, we need to fit into this rapid cadence that emphasizes scalability and is also lean. In this webinar, we will discuss strategies for closing the gap, such as policy-driven development and business risk filtration, to scale our threat modeling approach and maximize the potential for automation.
- Why is traditional threat modeling not good enough?
- How do you connect business risk with threat modeling?
- How do you scale your threat modeling approach?
Align Your Security Metrics Across Business and DevOps
This webinar was recorded with Altaz Valani, Vicky Hailey and Ruth G. Lennon. In this webinar, we walk through a use case of a mid-sized financial company that wants to align their security metrics with the business goals. We discuss how to think about relevant metrics and tie those metrics together at the business and technical levels. To sum up, we will address the challenges in rolling out such a program.
Make it Personal to Make it Happen
Who’s responsibility is security? DevSecOps has a mantra of making everyone accountable for security. We urge C-Suite to put greater funds into security and our security teams but we fail to make all our stakeholders aware of their responsibilities. DevSecOps is not solely responsible for security. They lead the way and put guardrails in place. In this talk the issue of ownership of the problem and moving towards a unified solution was discussed.