Articles,
Blogs, and Interviews
1/23/2012 “How Mobile Cloud Will Make Security Priority
#1” http://esj.com/articles/2012/01/23/mobile-cloud-priority-1.aspx
2/29/2012 Video Interview
“Getting Back to Security Basics” http://www.bankinfosecurity.com/rsa-conference-2012-video-interviews#static_page_popup_0
4/12/2012 “Cloud Security
Requires all Hands on Deck” https://blog.cloudsecurityalliance.org/2012/04/12/cloud-security-requires-all-hands-on-deck/
4/13/2012 “Cloud Security Requires all Hands on Deck”
10/8/2012 “The Challenges of Securing Enterprises in a
BYOD World”
10/16/2012 “National Cyber Security Awareness Month” https://community.qualys.com/blogs/securitylabs/2012/10/16/national-cyber-security-awareness-month
12/20/2012
“Be Prepared: 4 Steps to Better Data Disaster Planning” http://www.forbes.com/sites/ciocentral/2012/12/20/be-prepared-4-steps-to-better-data-disaster-planning/
1/28/2013 “Data Privacy Day 2013: Tips for Digital Citizens” https://community.qualys.com/blogs/securitylabs/2013/01/28/data-privacy-day-2013-tips-for-digital-citizens
6/10/2013 “Don’t Let a Disaster Leave Your Data Out in
the Cold” https://blog.cloudsecurityalliance.org/2013/06/10/dont-let-a-disaster-leave-your-data-out-in-the-cold/
6/25/2013
“BYOD to Drive Data to the Cloud”: http://insights.wired.com/profiles/blogs/byod-to-drive-data-to-the-cloud?xg_source=activity
7/30/2013 http://securitywatch.pcmag.com/hacking/314250-how-not-to-get-hacked-at-black-hat-and-defcon
10/1/2013
“October is National Cyber Security Awareness Month” https://community.qualys.com/blogs/securitylabs/2013/10/01/october-is-national-cyber-security-awareness-month
10/20/2013
KES Magazine “SOP fur APTs ohne FUD”
12/27/2013 “Security Hackers got you Scared, Focus on
Fundamentals, not hype” http://thenextweb.com/author/andrewwild/
1/9/2014 http://www.darkreading.com/risk/top-5-it-risk-management-resolutions-for-2014/d/d-id/1141153?
Conference
Presentations and Panel Discussions
National Cybersecurity Awareness Month
Launch Event, 10/7/2011
Panel
Discussion “Looking Forward on Cybersecurity”
Cowen and Company 40th
Annual Technology, Media and Telecommunication Conference, New York City,
5/30/2012
Panel
Discussion: Mission Critical Infrastructure Software
Gartner Security and Risk Management
Summit, National Harbor, MD 6/12/2012
Panel Discussion: Are You Already Compromised? If So, How Do You
Know?
In light of recent data breaches, c-level
executives are asking themselves the questions: Have I already been
compromised? How do we know if confidential data has already been breached?
Where do we begin, and what should be considered in this process? Join this
session featuring a panel of CISOs from leading global enterprises to get their
perspective on these important questions. The panelists will answer your
questions and share their views on best practices, tools and solutions to put
in place to help prevent attacks, and how to become proactive about detecting
data breaches.
8th Annual IT Security Automation Conference,
Baltimore, MD Conference 10/3/12
Automating
the 20 Critical Controls with a Full Life Cycle Security and Compliance Program
Qualys Security Conference,
Las Vegas, NV 10/25/2012
Panel Discussion: Are You Already Compromised? If So, How Do You
Know?
In light of recent data breaches, c-level
executives are asking themselves the questions: Have I already been
compromised? How do we know if confidential data has already been breached?
Where do we begin, and what should be considered in this process? Join this
session featuring a panel of CISOs from leading global enterprises to get their
perspective on these important questions. The panelists will answer your
questions and share their views on best practices, tools and solutions to put
in place to help prevent attacks, and how to become proactive about detecting
data breaches.
Cloud Security Alliance Congress,
Orlando FL, 11/8/2012
Vulnerability
Management in the Cloud
Vulnerability
management is a key component of a strong information security program. While vulnerability management is well
understood, virtualization and cloud computing bring about sweeping changes to
many areas, including vulnerability management.
This session discusses the changes and challenges of vulnerability
management in virtual and cloud environments, including keeping accurate
configuration data in dynamic and static environments, networking inside
virtual and cloud environments, using IP addresses in vulnerability
assessments, keeping templates/images secure and updated, and virtual
introspection.
Cloud Security Alliance Summit, RSA
Conference 2/25/2013
Panel Discussion:
“Managing Enterprise Global Security in an era of Hybrid Cloud and Smart
Mobile”
Enterprises today have mixed environments of public
& private clouds, as well as legacy systems. These systems are accessed by
both external and internal resources, using managed PC desktops as well as new
BYOD smart mobile devices. In this panel, we will discuss key risks of the
global enterprise, managing complex international legal issues, achieving
compliance and developing security architectures that support agile enterprise
needs.
RSA Conference, San Francisco 2/26/2013
Automating the 20 Critical
Controls (SPO1-T19)
The CSIS 20 critical controls are known for driving effective
security programs across government agencies and establishing guidelines for
security professionals to ensure the confidentiality, integrity and availability
of information technology assets. This session will discuss best practices for
automation of these controls to drastically lower costs while enabling more
successful implementations.
CSO 40 Confab, Atlanta GA,
4/2/2013
Vulnerability Management for the Cloud
Vulnerability management is a critical security
control, and while it's generally well understood, cloud computing — and
particularly infrastructure-as-a-service -- brings about sweeping changes that
impact and organization's vulnerability management. Specifically, cloud
environments can be extremely dynamic with machines powered up and down
frequently, added and removed quickly, and some remaining down for weeks or
months — all of which can result in an outdated, stale configuration, and inaccurate
vulnerability management information. As well, traditional vulnerability
assessment relies upon the IP address of an asset, or a network block of
addresses, while IP addresses in IaaS cloud are dynamic, often from shared
network blocks. Finally, cloud environments offer the ability to discover
important information about an asset through the cloud management system,
without accessing the asset directly. Join us as we explore these
challenges and opportunities for vulnerability management.
Cloud Connect, San Jose, CA 5/5/2013
It is clear that companies need to re-evaluate their security
strategy with cyber attacks on the rise - even against large corporations with
advanced IT security programs in place. Network perimeters are changing all the
time with mobile devices and cloud services, and the problem grows more
complex. The goal we all must strive for is to effectively protect information
at the data level itself and streamline patching and mitigation processes. With
cloud computing, we have an opportunity to automate key processes and provide
continuous, better and invisible protection, while reducing the cost of
securing such an infrastructure and applications as the costs can be
distributed across thousands, even millions, of users. This session will
discuss ways to proactively protect against cyberthreats leveraging a newer, more
scalable security model that builds security into the fabric of cloud
computing, while providing a continuous view of the security and compliance
posture of current infrastructures and applications
Cloud Security
Alliance Congress, Orlando FL, 12/4/2013
Panel Discussion:
Challenges to Cloud Computing: A
Cloud Provider’s Viewpoint
As much as cloud consumers discuss the challenges in adopting cloud
computing, and an industry around helping enterprise move to the cloud, little
is heard from the cloud providers about the challenges the face in offering
cloud services. In this panel, attendees
will hear directly the challenges they faced by cloud providers and how their
use of industry technology, audit and certification standards, guidance from
organizations such as the Cloud Security Alliance, and customer feedback helps
them design services that meet the needs of the consumer. The panelists will also share their insights
into what challenges may come
up in the future and how they might impact cloud consumers.
Gartner Security and Risk Management
Summit, National Harbor, MD, 6/24/2014
Panel
Discussion: Strategies to Ban Avoidable
Open Source Risk
Today, 90% of the typical application is assembled
with open source components. Unfortunately, components with known
vulnerabilities continue to be used long after fixes are released. Why? Join us
to hear new results of a four-year study on application security practices
related to open source development. A panel of senior application security
practitioners will explore what’s working and what’s not to eradicate the use
of vulnerable components, maintain an application bill-of-materials, and
implement developer-friendly governance.
Webinars
9/14/2011
Evaluation Criteria for Security as a Service Solutions
In today’s business world, the questions you
ask IT suppliers of all types are essentially similar. What changes with
Security-as-a-Service are the answers you get, and more importantly, the
answers you need. In this session, we will look at the main evaluation areas,
how to interpret responses, and the emphasis and weighting factors.
https://secure.brighttalk.com/webcast/288/33763
9/6/2012 Vulnerability Management in the Cloud
Vulnerability management is a key component of
a strong information security program. And that's making sure that with
everything you're doing – in the cloud, on the desktop, browsers and server
environments – you can reduce the vulnerabilities so that no matter what threats
are out there, they are less likely to be successful. While vulnerability
management is well understood, virtualization and cloud computing bring about
sweeping changes to many areas including vulnerability management. This webcast
will provide insight and solutions for effective vulnerability management in
the cloud.
https://www.brighttalk.com/webcast/188/53197
4/17/2013 Automating the 20 Critical Controls
The CSIS 20 critical controls are known for
driving effective security programs across government agencies, establishing
guidelines for security professionals to ensure the confidentiality, integrity
and availability of information technology assets. This session will discuss
best practices for automation of these controls to drastically lower costs
while enabling more successful implementations.
http://www.rsaconference.com/videos/45/automating-the-20-critical-controls
8/15/2013 The Threat of Malware, Hackers and Hacktivists - Defend Yourself
A majority of data breaches can be traced back
to easily avoidable root causes: known vulnerabilities, overly open network
access, default and weak passwords, and other configuration mistakes. In this
webinar, Wolfgang Kandek, CTO at Qualys and Andrew Wild, CSO at Qualys, will
present you with the data and procedures needed to fix the situation and harden
your network and workstations to withstand the current deluge of client side
attacks.
https://www.brighttalk.com/webcast/288/81915
https://www.brighttalk.com/webcast/288/81915
No comments:
Post a Comment