Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Overview
Be Aware, Be Secure.
Culture of Security
About Me
Professional
• Manager, PreSales for Financial Services @ Qlik
• Build an east coast territory @ Interana
Personal
• Married
• First time home owner in Westfield, NJ
• Love to LEARN!
Director
Advanced Solution Architect
Pluralsight
Agenda for Culture of Security
• Why is this important?
• Where did I get these best practices?
• 8 Best Practices
• How Can Pluralsight help
• How do you get started?
A Changing Landscape
Technology leaders are implementing digital strategy
to:
● Engage with Customers
● Empower their Employees
● Optimize their Operations
● Transform Products and Services
People
Digital Transformation
Cloud
Process
Devices
People are the linchpin of the transformational process
Best Practices from Industry Experts
Troy HuntOWASP & Microsoft Security
Industry Thought Leader
Dr. Jarred DeMottHacker Security, Exploits
Christopher ReesCASP, Cryptography, Security
Tim MorganCryptanalysis, Forensics,
Penetration Testing
Kevin HenryInfoSec, Auditing
Security-Centric Culture Best Practices
Security-Centric Culture Best Practices
Unify Security and Development
Teams
Security-Centric Culture Best Practices
Understand Your Audience
Software Developer QA Specialists Doctor
Secure Coding Training
Ethical Hacking Training
End User Security Awareness Training
Ro
leN
eed
s
Security-Centric Culture Best Practices
Show, Don’t Tell
Wiresharkmetasploit
Security-Centric Culture Best Practices
Learn by Example
Security-Centric Culture Best Practices
Create Security Champions
InfoSec
SoftwareEngineers
Business
IT SupportIT Ops
Security-Centric Culture Best Practices
Make a Security a Quality Metric
IT Support
• # of Servers & Workstation missing OS & App patches
• # of infections/Re-images tickets• # of Security Event tickets• # of Security Request tickets
Software Engineers
• # of Security Vulnerability found in bugs• # of QA Test coverage for vulnerabilities
Security-Centric Culture Best Practices
Run an Internal Bug Bounty
Set the scope of security assessment and engage crowd
Vulnerabilities are submitted, prioritized and reported
Use performance model to incentive results
Security-Centric Culture Best Practices
Drive a Security-centric Culture from the Top
CEO CFOCTO
Security-Centric Culture Best Practices
Unify Security and Development
Teams
Understand Your Audience
Show, Don’t Tell Learn by Example
Create Security Champions
Make a Security a Quality Metric
Run an Internal Bug Bounty
Drive a Security-centric Culture from the Top
World Class Authors Personalization at Scale
Theoretical + Practical = Mastery
Actionable Analytics
World Class Content
Transcender
Mentoring
Interactive Labs
Projects
Personalize Home
Iris
Curated Paths &
Channels
Social Discovery
6,500+ courses
1200+ authors
Agile / Directed
Discovery
See progress of
groups over time
Connect learning with
skill improvements
Track progress of your
objective
How can Pluralsight help?
265
How do you get started?
• Identify your Security Champions
• Segment their role and have them help build the training program needed
• Start with existing bugs in the backlog that needs to be fixed
• Learn more:
Creating a Security Centric Culture
Ethical Hacking: Understanding Ethical Hacking
The Information Security Big Picture
QUESTIONS