• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

  • Secure360 TC
  • Keynotes
  • FAQs
  • 2021 Sponsors

Security Science: Flaws, Patches, Vulns & Breaches

This talk will draw from multiple research projects we’ve done across a spectrum of security domains from weaknesses in software development, to patching strategies and defensive measures, and finally data breaches. We’ll start with an examination of software development, and dive into how organizations fix flaws, what can contribute to security debt, and how proactive developers can reduce the density of flaws in their apps. Then we’ll follow vulnerabilities in products as we move on to enterprise vulnerability management. We’ll show how to create objective measures of vulnerability remediation performance and highlight practices of high performing orgs. We’ll then look at what we can learn about the risk surface of an organization from outside measurement. We’ll tackle whether cloud deployment is more secure than on-prem (it depends, but in interesting ways). Finally, we’ll investigate data breaches, and show that even if your network isn’t breached, the impact of a partner’s breach could be just as devastating. All the results in this talk are grounded in real world data, derived from organizations facing daily security challenges.

Key learning points:
  • Scanning applications for flaws frequently during development reduces security debt.
  • Setting vulnerability remediation deadlines increases patching velocity.
  • Increasing cloud deployment can reduce security issues, to a point.
  • Third party relationships are as important as your own security.

About Benjamin Edwards

Dr. Benjamin Edwards is a Senior Data Scientist at the Cyentia Institute. He received his Ph.D. from the University of New Mexico with a research focus that blended the fields of security, data science, and complex systems. His work has lead to a better understanding of global attack trends, the effects of security interventions, and even nation state cybersecurity policy. Before joining the Cyentia Institute he worked at IBM Research, where he worked in applying advanced machine learning techniques to solve real world security problems and shaped the next generation of analytical security models. At Cyentia, Dr. Edwards advances knowledge of security risk, vulnerability management, secure software development, and data breaches through rigorous analysis and visualization of unique data sets.

About Jay Jacobs

Jay Jacobs is a co-founder and chief data scientist at Cyentia Institute, a research firm dedicated to advancing the state of information security knowledge and practice through data-driven research. Jacobs also hosts the Cyentia Podcast and is the co-author of Data-Driven Security, a book covering data analysis and visualizations for information security.

Primary Sidebar

Details

Tuesday May 5, 2020
10:00 AM - 11:00 AM
Track 1
Level: Intermediate

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.