• Continuous Purple Teaming: “Red Teaming for Success”

    by RSAC Contributor on April 25, 2017

    Leading image

    By Col. John Burger This session focused on the need for continuous testing and followed with a discussion on testing approaches, best practices, and lessons learned from the collective group. The participants provided a great mix of both commercial and government industries. Commercial sectors represented included energy, automotive, retail, financial and automotive. Government entities represented included several military services (U.S. Navy, U.S. Marine Corps and U.S. Army) and a few…

  • AppSec Testing: An Often Overlooked Component of DevOps

    by Tony Kontzer on April 25, 2017

    No matter how much companies learn about the vulnerability of their applications, or how many people are urging them to address those vulnerabilities during development, they still don't seem get the message. Despite the fact that just about every DevOps and AppSec vendor is waxing poetic about the importance of AppSec testing, and independent studies are predicting huge growth for the market, …

  • J. Paul Reed on The Intersection of Release Engineering and Rugged DevOps

    by Mark Miller on April 24, 2017

    This is a review of J. Paul Reed’s’ session at DevOps Connect: DevSecOps at RSAC 2017 Vacuums: Good for cleaning carpets. Not great for teams who need to collaborate. DevOps without collaboration cannot succeed. I’ll guarantee that. In fact, collaboration is fundamental to the cultural changes required for successful DevOps evolutions. Gone are the days of development developing in a vacuum and…

  • Incident Response in the Public Cloud

    by RSAC Contributor on April 21, 2017

    By Alex Maestretti Description: We held a session to discuss the unique challenges of conducting incident response in the public cloud. We had a great mix of attendees at the P2P session on Incident Response in the public cloud, including practitioners from cloud native companies as well as those from mature organizations just starting to move out of the datacenter. We started the conversation with…

  • Leveraging DevOps for AppSec in Retail

    by Ed Moyle on April 20, 2017

    Application development is in a period of transition; it seems everyone is moving to faster-cycle development paradigms like DevOps and Agile while new release and deployment paradigms like application containers (Docker), platform as a service (PaaS) and microservices simultaneously gain traction. That change is happening everywhere, but in a retail context, there are special considerations that…

  • Wearables: Security of Things

    by RSAC Contributor on April 19, 2017

    By Marc Bown In this session, we discussed wearable security, taking into account considerations and constraints unique to wearables and IoT devices. In this session, we used Fitbit’s architecture and experience to frame a discussion around wearable security challenges and best practices. We explored threats that wearable devices face and considered how the unique constraints of wearable devices…

  • Security Sourcing: Peers Discuss What Functions to Outsource at RSAC 2017

    by RSAC Contributor on April 18, 2017

    By Kevin Fuller The Peer2Peer session "To Source or Not to Source. Is That Really the Question?" was very well-attended by security leaders across many verticals, offering a range of experience with regards to sourcing their security programs. Attendees shared what functions they have outsourced to a trusted third party, how they came to those decisions, and what their experience was in those…

  • Retailing Another Threat Landscape Story

    by Dan Holden on April 17, 2017

    It’s no secret to anyone that retail has suffered its share of breaches over the last few years. To some, our industry became a cautionary tale, and to others, our headlines underscored the simple truth that a breach can happen to any company. While the fervent media coverage has somewhat died down, a retailer’s day-to-day offense and defense is in continual evolution according to the ebbs and…

  • Strategies on Surviving DDoS Attacks

    by RSAC Contributor on April 14, 2017

    By Amol Sarwate Recap on DDoS attack strategies at RSA Conference USA 2017 peer-to-peer session At RSA Conference this year I had the opportunity to host a peer-to-peer session on how to survive IoT botnet-based DDoS attacks, and exchange ideas with some of the brightest minds in the security world. In this blog I am sharing some of the ideas that surfaced during that discussion. We kicked off the…

  • John Willis on Breaking Bad Equilibrium in DevOps

    by Mark Miller on April 13, 2017

    This is a review of John Willis’ session at DevOps Connect: DevSecOps at RSAC 2017 Definition: Equilibrium - when all competing influences in a system are balanced. In everyday life, we often refer to it as balance - achieving a work-life balance, balancing risk and reward or debt and income. However we say it, achieving equilibrium is key to success in your personal and professional life. …

  • Metric Madness: Measuring Success

    by RSAC Contributor on April 12, 2017

    By Tyler Reguly Metrics for Managing and Understanding Patch Fatigue was ultimately a conversation on how businesses can measure success in their Vulnerability and Patch Management strategies. This year, at RSAC 2017, I hosted a Peer-2-Peer session on Metrics for Managing and Understanding Patch Fatigue. I saw this as an extension of my RSAC 2015 P2P on vulnerability and risk scoring. In 2015, I had…

Are you interested in contributing to the RSA Conference blog?  Download our 2017 Editorial Calendar for more info. 

This document was retrieved from on Tue, 25 Apr 2017 16:28:55 -0400.
© 2017 EMC Corporation. All rights reserved.