Countdown to The Dept. of Know Live!: a web app and API security speaker series that goes beyond fear mongering
Whether you’re attending a cybersecurity conference or reading an industry publication, there’s one emotion that tends to get played up over and over again: fear.
In the application security world, fear mongering runs rampant. There’s so much hyperbole that it feels like one wrong move, and it’s all over — whether “it” is your company’s success and public standing or your career in security. It’s important to be aware of the risks, but we should also be able to talk about the realities of security with decidedly less doom and gloom.
That’s why we created The Dept. of Know Live!, a virtual speaker series designed to make you think differently about web app and API security. In each episode, Bea Hughes, Staff Security Engineer at PagerDuty, and Kelly Shortridge, Senior Principal Product Technologist at Fastly, will host a 15-minute conversation with a security and modern tech leader, followed by a live Q&A.
We know many of the current narratives around security are disempowering and leave you feeling stuck, so this is our way of helping you go from the “department of no” to the department that’s viewed as instrumental in driving business forward. Our hope is that these candid, fun (and maybe a little unexpected) talks will challenge the status quo and inspire you to imagine a new, better way of doing security.
A new episode airs every Thursday in March at noon PT/3 p.m. ET. Here’s what to expect:
March 3: “What is success in modern security and how can we champion it?” with Rinki Sethi, former VP and CISO of Twitter
The security industry is constantly evolving, so defining what it means to be successful can be like nailing down a shadow. Still, it’s a question worth considering. Rinki will share her thoughts on how the definition of success in modern security has evolved and how to ensure security initiatives are championed beyond lip service at the highest levels within your organization. She’ll break down how to measure security success by its ability to be a business enabler, what data to bring teams to demonstrate risk, and what she’s learned by changing the culture around security in past roles.
March 10: “How to make security an enabler of innovation” with Sounil Yu, CISO and Head of Research of JupiterOne
If you’re in security, chances are you’ve heard of the CIA triad, a model for prioritizing security programs based on upholding the confidentiality, integrity, and availability of your organization’s assets. Sounil will join us to share why he believes this old way of looking at security through the lens of reducing vulnerabilities and threats is actually counterproductive to business enablement and innovation. He’s created the DIE triad, a framework for designing systems to be distributed, immutable, and ephemeral that allows us to focus more on reducing impact. We’ll discuss how this new way of looking at security empowers us to move from a risk reduction mindset to one of innovation, and how to champion these principles within your organization.
March 17: “Building more modern applications means building secure ones” with Omar, Staff Security Engineer at Betterment
There are a lot of things not working well when it comes to building modern applications securely, and Omar will be discussing them with us on The Dept. of Know Live! He’ll share his thoughts on security UX, how we can build tools that make the secure way the easy way, and how performing user research can help security engineers make better decisions before they jump to saying no. He’ll also provide some interesting case studies for programs he’s built that have successfully baked in security, and tell us why he likens security engineering to designing IKEA furniture.
March 24: “How security falls short of developer expectations” with Ellen Körbes, Senior Product Line Manager at VMware Tanzu Kubernetes
Ellen has years under their belt focusing on developer experience, which makes their thoughts on security particularly useful if you want to design programs that will actually be used by the people you want to use them. They’ll cover what developers expect of security, where we’re failing to measure up, and how their ideal vision for dev tooling security looks. Join us on March 24 to learn why security practitioners should actually love the fact that developers want them to “go away.”
March 31: “Why we can’t ignore asset management’s role in security” with Daniel Miessler, Founder of Unsupervised Learning and Head of Vulnerability Management and App Sec at a large financial services company
Daniel believes that asset management is on track to be one of the key markers of business maturity and stability. The problem is that if you’re busy putting out fires, asset management becomes the last thing on your list of priorities. So how do we go about securing buy-in? Daniel will discuss how to design an asset management program that’s comprehensive yet realistic, what incentive levers to pull to get the people at the top on board, and where he envisions asset management fitting into the cyberinsurance equation.
Learn more about the series and register here. The first 300 attendees will also receive a special gift that includes a signed copy of Sounil’s new book, The Cyber Defense Matrix: An Essential Guide for Navigating the Cybersecurity Landscape. We’ll see you there!