Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP,...

Overview

Be Aware, Be Secure.

Culture of Security

About Me

Professional

• Manager, PreSales for Financial Services @ Qlik

• Build an east coast territory @ Interana

Personal

• Married

• First time home owner in Westfield, NJ

• Love to LEARN!

Director

Advanced Solution Architect

Pluralsight

Agenda for Culture of Security

• Why is this important?

• Where did I get these best practices?

• 8 Best Practices

• How Can Pluralsight help

• How do you get started?

A Changing Landscape

Technology leaders are implementing digital strategy

to:

● Engage with Customers

● Empower their Employees

● Optimize their Operations

● Transform Products and Services

People

Digital Transformation

Cloud

Process

Devices

People are the linchpin of the transformational process

Best Practices from Industry Experts

Troy HuntOWASP & Microsoft Security

Industry Thought Leader

Dr. Jarred DeMottHacker Security, Exploits

Christopher ReesCASP, Cryptography, Security

Tim MorganCryptanalysis, Forensics,

Penetration Testing

Kevin HenryInfoSec, Auditing

Security-Centric Culture Best Practices


Unify Security and Development

Teams


Understand Your Audience

Software Developer QA Specialists Doctor

Secure Coding Training

Ethical Hacking Training

End User Security Awareness Training

Ro

leN

eed

s


Show, Don’t Tell

Wiresharkmetasploit


Learn by Example


Create Security Champions

InfoSec

SoftwareEngineers

Business

IT SupportIT Ops


Make a Security a Quality Metric

IT Support

• # of Servers & Workstation missing OS & App patches

• # of infections/Re-images tickets• # of Security Event tickets• # of Security Request tickets

Software Engineers

• # of Security Vulnerability found in bugs• # of QA Test coverage for vulnerabilities


Run an Internal Bug Bounty

Set the scope of security assessment and engage crowd

Vulnerabilities are submitted, prioritized and reported

Use performance model to incentive results


Drive a Security-centric Culture from the Top

CEO CFOCTO


Unify Security and Development

Teams

Understand Your Audience

Show, Don’t Tell Learn by Example

Create Security Champions

Make a Security a Quality Metric

Run an Internal Bug Bounty

Drive a Security-centric Culture from the Top

World Class Authors Personalization at Scale

Theoretical + Practical = Mastery

Actionable Analytics

World Class Content

Transcender

Mentoring

Interactive Labs

Projects

Personalize Home

Iris

Curated Paths &

Channels

Social Discovery

6,500+ courses

1200+ authors

Agile / Directed

Discovery

See progress of

groups over time

Connect learning with

skill improvements

Track progress of your

objective

How can Pluralsight help?

265

How do you get started?

• Identify your Security Champions

• Segment their role and have them help build the training program needed

• Start with existing bugs in the backlog that needs to be fixed

• Learn more:

Creating a Security Centric Culture

Ethical Hacking: Understanding Ethical Hacking

The Information Security Big Picture

https://app.pluralsight.com/library/courses/security-culture-creating/recommended-courses

https://app.pluralsight.com/library/courses/ethical-hacking-understanding/table-of-contents

https://app.pluralsight.com/library/courses/information-security-big-picture/table-of-contents

QUESTIONS

Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP,...

Documents

Transcript of Culture of Security - WSTA · 2020. 1. 6. · Hacker Security, Exploits Christopher Rees CASP,...