Redefining CyberSecurity

In this conversation, we explore the overall process for creating a culture where applications are secured from the beginning on through to monitoring and response:Which teams are involvedHow do secure products get defined from the beginning (PRDs, architecture, design, planning, etc.)How do they communicate/collaborate (tools/techniques)Tips and tricks to streamline processes, reduce human workload (aka automation)How to define and demonstrate success____________________________GuestsKristy WestphalVP Security Operations at HealthEquity and Adjunct Professor at Arizona State University [@ASU]On LinkedIn | https://www.linkedin.com/in/kmwestphalGiora EngelCEO & Co-Founder at Neosec [@neosec_com]On LinkedIn | https://www.linkedin.com/in/giorae/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebImperva: https://itspm.ag/imperva277117988Asgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vc____________________________ResourcesOWASP API Security Project: https://owasp.org/www-project-api-security/OWASP Top 10: https://owasp.org/www-project-top-ten/White Paper | Scorched Earth: Hacking Banks And Cryptocurrency Exchanges Through Their APIs: https://knightgroup.app.box.com/s/mlmoa5vtw1ktqo8vcwcqtbex70mtvpo0API Security Fundamentals 2022: https://www.neosec.com/api-security____________________________Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/application-and-api-security-sometimes-we-see-the-risk-sometimes-its-hidden-inside-an-api-redefining-cybersecurity-with-sean-martinTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Tradition arrives again as we hit the road to Las Vegas to cover the biggest and most important hacker conference in the world: Black Hat. Celebrating its 25th (silver) anniversary, there is a lot to celebrate and absorb from this year's hybrid conference in Las Vegas and online. Join us as we connect with Black Hat General Manager, Steve Wylie, to get the latest on what everyone can expect this year.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestSteve WylieVice President, Cybersecurity Market at Informa Tech [@InformaTechHQ] and General Manager at Black Hat [@BlackHatEvents]On LinkedIn | https://www.linkedin.com/in/swylie650/On Twitter | https://twitter.com/swylie650____________________________This Episode’s SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________Resources____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22spTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

As we continue this 2nd part of the conversation, we immediately kick things off with Gremlins and quickly move into real-world scenarios where bad bots wreak havoc by enabling high-speed abuse, misuse, and attacks on websites, mobile apps, and APIs. Businesses cannot overlook the impact of malicious bot activity as it is contributing to more account compromise, higher infrastructure and support costs, customer churn, skewed marketing analytics, and degraded online services.The implications of account takeover (ATO) are also extensive, where successful attacks can lock customers out of their account, while fraudsters gain access to sensitive information that can be stolen and abused. For businesses, ATO contributes to revenue loss, risk of non-compliance with data privacy regulations, and tarnished reputations.How can organizations — actually, the people in them that keep the business running — distinguish between real, authentic traffic versus something that's being driven by a bot? That's exactly what we talk about.We hope you enjoy this Part 2 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.About the 2022 Imperva Bad Bot ReportLeveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.Bot attacks are often the first indicator of fraudulent activity online, whether it’s validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.Note: This story contains promotional content. Learn more.GuestRyan WindhamVP of Application Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/rwindham/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Bad Bot Report 2022: https://itspm.ag/impervwurdWant the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here: https://www.itspmagazine.com/their-stories/the-good-the-bad-and-the-ugly-the-bad-bot-report-2021-an-imperva-storyBe sure to listen to Part 2 of this conversation here: https://itspmagazine.com/their-stories/how-bots-fake-human-behavior-to-conduct-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

We pack a lot into this conversation, looking at what to learn, how to learn, and who to learn from, getting a fantastic overview of the conference from many angles and positions.*Threat intelligence**Development processes**Cyber security M&A market**Sales**Marketing messaging**Cyber law**Standards*Tune in to this conversation as we wrap up our coverage of RSA Conference 2022. Be sure to listen to all of the conversation we had before, during, and after the event.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 as well.____________________________GuestEward DriehuisFounder at 3Eyes Security and Chairman at CSIRT.globalOn LinkedIn | https://www.linkedin.com/in/ewarddriehuis/On Twitter | https://twitter.com/e3huis____________________________This Episode’s SponsorsHITRUST: 👉 https://itspm.ag/itsphitwebCrowdSec: 👉 https://itspm.ag/crowdsec-b1vpBlue Lava: 👉 https://itspm.ag/blue-lava-w2qsBlackCloak 👉 https://itspm.ag/itspbcwebAppViewX  👉 https://itspm.ag/appviewx-cbyeCheckmarx  👉 https://itspm.ag/checkmarx-i9o5____________________________ResourcesLinkedIn post summing up the discussion points: https://www.linkedin.com/posts/ewarddriehuis_this-is-going-to-be-a-long-post-on-my-lessons-activity-6941702693895725056-H1YALearn more about RSA Conference 2022: https://itspm.ag/rsac-b8ef76____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageBe sure to catch all of the conversations for the Black Hat and DEF CON conferences in Las Vegas: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?👉 https://itspm.ag/bhdc22sp

SecAura is an amateur YouTuber whose post I came across caught my attention. SecAura creates free educational videos for ethical hacking and does so while going the extra mile to hand-craft many of the animations used in the videos. All of this is done outside of the  9-5 job SecAura has as a penetration tester. Realizing that the technical subjects needed diagrams and that these elements were a core part of the videos being created, SecAura decided to hand-craft the animations for each of the subjects being prepared, teaching himself all that was required to do so while constantly trying to improve with each video released.SecAura aims to have every video released be at the top of its game in terms of teaching someone who knows very little about a subject and getting them to a great foundational and applicable position just from watching his videos. He also hopes to extend the community and help to create the next generation of cybersecurity professionals by providing them with real, practical skills, backed by the theory!About SecAura [from Twitter]By day I work as a pentester, and in the evening, I compete in CTFs/cyber things. I have always loved teaching, and wanted to give back to the cyber community the best I can, so I made my YouTube Channel.It was a treat speaking with SecAura, learning about the creativity, passion, and production that goes into the making each of these videos, and how they can be used by those looking to enter the field of information security, preparing for a job interview, looking to grow their skills as they aspire to take on new roles or perhaps even get promoted at their job.So many uses cases — lots of great content — all from a super cool human.____________________________GuestSecAuraEthical Hacking Content CreatorOn Twitter | https://twitter.com/secaura_On LinkedIn | https://www.linkedin.com/in/sec-aura-57736422a/On YouTube | https://www.youtube.com/channel/UCx89Lz24SEPZpExl6OfQ0Gg____________________________This Episode’s SponsorsAsgardeo by WSO2: https://itspm.ag/asgardeo-by-wso2-u8vcImperva: https://itspm.ag/imperva277117988____________________________ResourcesMore information about SecAura: https://twitter.com/secaura_/status/1518241710412808192The new SQLi video discussed during the conversation: UNLEASH THE POWER OF SQL INJECTION | A beginners guide: https://www.youtube.com/watch?v=_Y4MpvB6o7sVIDEO: Web Fundamentals for Cyber Security | HTTP for Hackers | 0x01 (Animated): https://www.youtube.com/watch?v=ro-5AjgoPc4____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

A new year and a new Bad Bot Report from Imperva. How is it looking? Well, this year, we see an increase in the sophistication level of bad bots compared to last year, with advanced bad bots accounting for 25.9% of all bad bot traffic in 2021, compared to 16.7% in 2020. In addition, evasive bad bots are on the rise, no industry is immune, and Account Takeover attacks are more prevalent than ever.The good news is that not all bots are Superbad — they go from Simple to Moderate, Advanced, and, Evasive — and we are getting better at finding them.During our conversation this year, we take a quick look back in time to last year's report to see what some of the changes are. Sadly, the team at Imperva is seeing more of the advanced bots we discussed during this conversation. Unfortunately, their ability to emulate human behavior makes them much more difficult to detect.What's driving a lot of this rise in bad bots? More and more services are moving online.We hope you enjoy this Part 1 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.About the 2022 Imperva Bad Bot ReportLeveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.Bot attacks are often the first indicator of fraudulent activity online, whether it’s validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.Note: This story contains promotional content. Learn more.GuestRyan WindhamVP of Application Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/rwindham/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Bad Bot Report 2022: https://itspm.ag/impervwurdWant the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here: https://www.itspmagazine.com/their-stories/the-good-the-bad-and-the-ugly-the-bad-bot-report-2021-an-imperva-storyBe sure to listen to Part 2 of this conversation here: https://itspmagazine.com/their-stories/how-bots-fake-human-behavior-to-conduct-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The venture market in cybersecurity continues to shift as the economy ebbs and flows throughout the world. However, when you have a good idea, it still gets the attention of the users and the investors, even if that means starting at the bottom and working your way up.Join us for a live stream conversation with CrowdSec CEO, Philippe Humeau, as we take a quick look back at what we experienced during RSA Conference and spend some time talking through what is coming up for the 10-person contingent from CrowdSec that is making the journey to Las Vegas, arriving from multiple countries, to bring their insights, expertise, and conversations to the Arsenal, vendor halls, speaking stages, and meeting rooms during Black Hat and DEF CON.This is a quick chat packed with a lot of energy, vision, and enthusiasm — tempered with a dose of reality and humility.It's about embracing "precious" without being "precious" — have a listen.Note: This story contains promotional content. Learn more.GuestPhilippe HumeauCEO at CrowdSec [@Crowd_Security]On Linkedin | https://www.linkedin.com/in/philippehumeau/On Twitter | https://twitter.com/philippe_humeau____________________________Be sure to visit CrowdSec at https://itspm.ag/crowdsec-b1vp to learn more about their offering.On Linkedin 👉https://www.linkedin.com/company/crowdsec/On Twitter 👉https://twitter.com/Crowd_SecurityFree access to the CrowdSec console: https://itspm.ag/crowdsec-6b7321Watch the video here: https://itspmagazine.com/their-stories/from-france-to-colorado-to-las-vegas-founders-journey-to-make-the-world-of-information-security-better-through-information-sharing-a-crowdsec-story-with-ceo-philippe-humeauTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageFor more Black Hat and DEF CON Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyAre you interested in telling your story in connection with Black Hat and/or DEF CON Conference by sponsoring our coverage?👉 https://itspm.ag/bhdc22sp

The founder's journey can directly impact what a company focuses on and why. In this Asgardeo by WSO2 story, you'll get to hear how their work is making the world a better place through software.Starting a business built on the premise of offering open-source software wasn't something IBM wanted to do a couple of decades ago. That didn't stop WSO2's founder and CEO, Sanjiva Weerawarana, from taking his mission in life and turning it into an operational reality for his company, creating and helping foundations and non-profits in Sri Lanka and around the world along the way.It was this initial desire to do good that continues to thrive in everything that WSO2 does - including the launch of their app authentication as a service division, Asgardeo, a customer identity, and access management (CIAM) offering which helps developers implement secure authentication flows to apps or websites in a few simple steps.Developers don't have to be identity experts. They don't even have to write identity-specific code. They modify the code already in the web page or mobile app by cutting and pasting the bits of code, templates, and workflows that Asgardeo provides.The use cases are many - both directly a part of a single application and as part of other services where identity is built in.Please tune in to hear WSO2's origin story, the creation of Asgardeo and the value it brings to the developer community, and the multiple case studies that our guest from Asgardeo, Michael Bunyard, brings to life during this conversation.Note: This story contains promotional content. Learn more.GuestMichael BunyardVice President and Head of Marketing, IAM at WSO2 [@wso2] Asgardeo [@asgardeo]On Linkedin | https://www.linkedin.com/in/michaelbunyard/On Twitter | https://twitter.com/mickeydbResourcesLearn more about WSO2 Asgardeo and their offering: https://itspm.ag/asgardeo-by-wso2-u8vcCreate seamless login experiences for your application in minutes: https://itspm.ag/asgardmn1xAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity

For our next Chats On The Road for RSA Conference 2022, we talk about security program transformation through the successful development and implementation of security framework and program management.About the RSAC 2022 Session, The Zoom Effect: A Framework for Security Program Transformation:“When companies experience rapid growth, information security organizations must adapt to meet business needs. Establishing a robust framework can help these teams communicate and gain executive support for their program. This session will outline a framework to help transform and scale an information security program and share key learnings that can be applied to other programs.”Tune in and be sure to join us for more from RSA Conference USA 2022!____________________________GuestsHeather CeylanHead of Security Standards, Compliance, and Customer Assurance at Zoom [@Zoom]On LinkedIn | https://www.linkedin.com/in/heatherceylan/Ariel ChavanHead of Security Product and Program Management at Zoom [@Zoom]On LinkedIn | https://www.linkedin.com/in/ariel-c-ab445a50/____________________________This Episode’s SponsorsHITRUST: 👉 https://itspm.ag/itsphitwebCrowdSec: 👉 https://itspm.ag/crowdsec-b1vpBlue Lava: 👉 https://itspm.ag/blue-lava-w2qsBlackCloak 👉 https://itspm.ag/itspbcwebAppViewX  👉 https://itspm.ag/appviewx-cbyeCheckmarx  👉 https://itspm.ag/checkmarx-i9o5____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76RSAC Session | The Zoom Effect: A Framework for Security Program Transformation: https://www.rsaconference.com/USA/agenda/session/The%20Zoom%20Effect%20A%20Framework%20for%20Security%20Program%20Transformation____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp

On the surface, building an information security program may appear as is in its name, a single program. However, in reality, there are countless elements — sub-programs and adjacent programs, if you will — that comprise a comprehensive information security program.In this conversation, we explore the overarching program, of course, including:Who owns the programHow to secure funding for the programHow to define and measure successHow to communicate progress, accomplishments, failures, and challengesCommon best practices for a programBut, we will also look at all (or, as many as we can) of the sub-programs or adjacent programs that support the main InfoSec program. Things like network security, DevSecOps, risk management, data protection, regulatory compliance, and incident response — just to name a few.Join us for this conversation and bring your questions about how best to plan, prioritize, budget, staff, and implement a successful information security program.It's time to explore reality.____________________________GuestsMari GallowayCEO and a founding board member for the Women's Society of Cyberjutsu (WSC) [@womenCyberjutsu]On LinkedIn | https://www.linkedin.com/in/themarigalloway/On Twitter | https://twitter.com/marigallowayJames LeslieCIO at Cambridge Housing Authority [@CambHousing]On LinkedIn | https://www.linkedin.com/in/jameseleslie/Cambridge Housing Authority | https://www.cambridge-housing.org____________________________This Episode’s SponsorsHITRUST: 👉 https://itspm.ag/itsphitwebCrowdSec: 👉 https://itspm.ag/crowdsec-b1vpBlue Lava: 👉 https://itspm.ag/blue-lava-w2qsBlackCloak 👉 https://itspm.ag/itspbcwebAppViewX  👉 https://itspm.ag/appviewx-cbyeCheckmarx  👉 https://itspm.ag/checkmarx-i9o5____________________________ResourcesWatch Live on YouTube: https://www.youtube.com/watch?v=mg6aeYIDNQwLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsac-b8ef76____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2022-rsac-san-francisco-usa-cybersecurity-event-coverageTo see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorshipsAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?👉 https://itspm.ag/rsac22sp