This session will bring together experts from the SDLC to discuss, debate & agree on how to make a better widget.
Agenda- Networking- Threat Modeling- OWASP Top 10 2017
Research: Are-You-Trading-Stocks Securelyhttps://ioactive.com/wp-content/uploads/2018/08/Are-You-Trading-Stocks-Securely-Exposing-Security-Flaws-in-Trading-Technologies.pdf
Speaker #1===============Tony UcedaVlez is the founder & CEO of VerSprite - a global security consulting firm based in Atlanta, GA. He is also the author of Wiley's Risk Centric Threat Modeling, a book endorsed by the late Cyber Security Coordinator for the White House, Howard Schmidt. The book has been used in universities & enterprises world wide as a means to apply a risk centric approach to application threat modeling. Tony has spoken at numerous OWASP, ISACA, ASIS, ISC2, ISSA, BSides conferences across four continents on the topics of cloud security, risk management, threat modeling, secure-SDLC implementation. He also has provided global training to both development groups & company executives who need to understand the impact of security programs to products & business services. Tony's 25 years of IT/IS experience began with hands-on operations in the areas of system administration, network engineering, software development. Tony serves as interim CISO for various startups & global, mid-size organization & is responsible for the overall build out of these security programs.
Cooking w/ PASTA
*A Practical Walk Thru of Risk Centric Threat Modeling*
Protect what matters & learn how to incorporate a broad range of security practices within a risk centric approach to threat modeling. DAST, SAST, pen testing, threat intelligence harvesting, security hardening, architecture reviews & more have a place within a risk centric threat modeling approach. Well walk through steps of the PASTA methodology as applied to a e-commerce web application in order to exemplify the approach, its benefits, & how to best apply within your security programs & during your respective S-SDLC approach.
Speaker #2Archie Agarwal, CISSP Founder, CEO, & Chief Technical Architect
With more than 20 years of real-world experience in threat & risk analysis, Archie has been instrumental in successfully implementing secure software development processes at a number of Fortune 1000 companies to minimize their exposure to cyber threats & mitigate risks. Prior to founding ThreatModeler, he was the Director of Education Services at WhiteHat Security.
ThreatModeler Session Abstract:
Introduction to Threat ModelingExercise - Threat Modeling AppSec & Cloud ArchitecturesWorking Session with ThreatModelerThreat Modeling Driven DevSecOps
Learn how to drive security by designUnderstand roles & responsibilities in a Threat Modeling processGet Hands-on experience operationalizing threat modeling
InfoSec + Red TeamersAWS Cloud Architects/DevOpsApplication ArchitectsCloud Testers/Application TestersCompliance, Privacy, Data Governance
If your company would like to be a sponsor for this meeting please contact us at (212) 220-3963