BlackHat 2024: Day 3: The evolution of vulnerability disclosure and more – BH24 #3
Bill Brenner and Paul Wagenseil talk about how Black Hat has matured since the old days when it comes to how vulnerabilities and exploits are unveiled.
Visit https://securityweekly.com/blackhat for all the CyberRisk Alliance coverage of Hacker Summer Camp!
AI, Automation & Low-Code – The Triple Threat for MSSPs – Brandon Potter – BH24 #3
ProCircular, is a security automaton power-user and AI early adopter. Hear from Swimlane customer, Brandon Potter, CTO at ProCircular, about how use of Swimlane, has helped his organization increase efficiency, improve security metrics and ultimately grow their customer base without increasing headcount.
Segment Resources: https://swimlane.com/case-study/procircular/ https://www.procircular.com/
This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanebh to learn more about them!
With over 20 years of experience in Information Technology, including 14 years in cybersecurity, Brandon Potter brings a wealth of knowledge and a dynamic approach to the industry. He excels at forging strong partnerships with clients, understanding their unique business objectives, and developing tailored cybersecurity strategies. Brandon’s ability to resonate with both executives and technical teams highlights his expertise in balancing budgets, personnel, compliance, and real-world security measures.
Currently serving as the CTO at ProCircular, Inc., Brandon leads a distinguished team of cybersecurity experts. Under his leadership, red, blue, and purple teams rigorously test and fortify organizational security from every angle. By aggressively tracking cybersecurity practices and emerging threats, he fosters continuous improvement in both his team and his approach, consistently delivering unmatched quality of service. Brandon’s commitment to fostering an environment of excellence solidifies his reputation as a leader in the cybersecurity industry.
Cyber Resilience and the C-Suite Navigating Innovation and Risk – Theresa Lanowitz – BH24 #3
While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level. The Accelerator found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs.
Understanding the C-suite’s business priorities is critical for shaping effective cybersecurity strategies. Identifying how these essential roles look at the business helps to ensure alignment among CIOs, CTOs, and CISOs, as well as the teams that report into them. It’s a key first step towards bolstering cyber defenses, especially with the CEO and Board support.
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluebh to learn more about cyber resilience and how to start the conversation in your organization!
Theresa Lanowitz is the Chief Cybersecurity Evangelist at LevelBlue.
Theresa is a globally respected leader known for her deep and diverse experience in cybersecurity.
WiCyS: Where the recruitment, retention, and advancement of women in cybersec HAPPENS – Lynn Dohm – BH24 #3
WiCyS works to provide unparalleled resources, training, mentorship, networking and job opportunities, and a vibrant international community; WiCyS empowers women to explore and excel in a field where their voices and talents have traditionally been underrepresented and unencouraged.
Resources: Website: wicys.org State of Inclusion Summary: https://www.wicys.org/initiatives/wicys-state-of-inclusion/
With over 25 years of organizational and leadership experience, Lynn is a prominent advocate for bridging the critical cybersecurity workforce gap through active involvement in grant-funded programs and nonprofits. Under her leadership, WiCyS has emerged as a leading example of how a collaborative multi-organizational approach can strengthen the cybersecurity workforce through initiatives, training programs, partnerships, and recruitment efforts. Passionate about leveraging diverse mindsets, skill sets and perspectives, Lynn has been recognized for her work in improving the recruitment, retention and advancement of women in cybersecurity.
AppSec Evolution: Navigating the Path to Maturity – Boaz Barzel – BH24 #3
As development cycles shorten and more responsibilities shift to developers, application security (AppSec) is rapidly evolving. Organizations are increasingly building mature programs that automate and enhance AppSec, moving beyond manual processes. In this discussion, we explore how organizations are adapting their AppSec practices, highlighting the challenges and milestones encountered along the way.
Key topics include the integration of security into the development lifecycle, the impact of emerging technologies, and strategies for fostering a security-first culture. Boaz Barzel shares his experiences and offers practical advice on overcoming common obstacles, ensuring that security measures keep pace with rapid technological advancements. This segment serves as a comprehensive guide for organizations striving to enhance their AppSec practices and continuously optimize their posture.
This segment is sponsored by OX Security. Visit https://securityweekly.com/oxbh to learn more about them!
Boaz Barzel is currently an Technical Evangelist and Director of Enablement at OX Security, a position he has held since April 2023. Prior to this, he led the Sales Enablement team at Cato Networks, where he built the function from scratch and significantly drove revenue growth. From 2011 to 2021, Boaz held various roles at Check Point Software Technologies, advancing from QA Engineer to QA Team Manager, and later becoming a Threat Prevention Solutions Expert and Cyber Security Products Expert/Architect. He began his career as a Combat Officer in the IDF’s Nachal Brigade. Boaz holds dual B.A. degrees in East Asian Studies and Sociology and Anthropology from Tel Aviv University and has numerous professional certifications from LinkedIn and Check Point Software Technologies.
The shift from risk to resilience – Justine Bone – BH24 #3
Justine joins us to discuss the shift from risk to resilience through evidence and how a resilience-first approach helps a risk management leaders. Additionally, she speaks to how "materiality" considerations allow cyber risk management alignment with business initiatives.
Kiwi/US experienced operational and executive leader, board director and advisor, technology and cybersecurity subject matter expert.
Justine is an active member of the cybersecurity community and serves as a subject matter expert on technical and non-technical security issues. She can evaluate and recommend security standards and solutions and has extensive experience using and evaluating security and IT technologies, including security assessment technologies, corporate IT systems, enterprise and product data management, network infrastructure, embedded systems/IoT, Cloud, SaaS and on-prem infrastructure.
The Code of Honor: Expert Insights on Cybersecurity Ethics – Ed Skoudis – BH24 #3
Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students.
Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1
2) Holiday Hack Challenge - sans.org/holidayhack
Ed Skoudis is a Faculty member at IANS Research and the founder of Counter Hack, a company focused on conducting ultra high-quality penetration tests and red team engagements to help organizations better manage their cyber risks. Ed is a SANS Fellow, author, and instructor who has trained over 20,000 cyber security professionals in the art of penetration testing and incident response. Ed is an expert witness who is often called in to analyze large-scale breaches.
Devo Launches New Capabilities to Improve Data Control & Automation, Reduce Costs – Rakesh Nair – BH24 #3
Devo, the security analytics company, recently launched data orchestration, a data analytics cloud, and security operations center (SOC) workflow enhancements. Enterprise security teams are struggling with growing data volumes—and they’re also up against headcount and budget constraints. These solutions offer security teams data control, cost optimizations, and efficient automation for better security outcomes.
Segment Resources: https://www.devo.com/defend-everything/
This segment is sponsored by Devo. Visit https://securityweekly.com/devobh to learn more about how Devo's new solutions can streamline your security operations.
Rakesh Nair is the Senior Vice President of Engineering and Product at Devo, where he oversees the company’s research and development efforts. With over 25 years of experience in cybersecurity, Rakesh brings a wealth of expertise to his role. He was the co-founder and CEO of Kognos, an autonomous cyber threat hunting platform that Devo acquired in 2022.
BlackHat 2024 Day 3 Wrap-Up: An increasingly diverse cybersecurity community – BH24 #3
Bill Brenner and Mandy Logan do their final wrap-up of Black Hat 2024. They unpack highlights from our executive interviews and discuss the growing push for diversity in the industry.
Visit https://securityweekly.com/blackhat for all the CyberRisk Alliance coverage of the events!