As threats evolve to more frequently target software vulnerabilities and the workforce becomes more mobile and reliant on software to fuel business, the challenge of protecting your critical infrastructure becomes increasingly more difficult. With nearly 80 percent of your business critical applications at risk, a holistic approach to application security is crucial. Join us for these unique events – which feature engaging keynotes and interactive discussions – to further examine the role of software security assurance within enterprises of all sizes, learn from your peers how they are addressing their most pressing challenges, and discover best practices for securing the applications that run your business.
Agenda
1:30pm - Registration
2:00pm - Welcoming Remarks
Marci McCarthy
CEO and President
T.E.N.
Biography
Serge Bertini
VP & GM, Canada
HP Enterprise Security
Biography
2:10pm - Keynote Address
Mark Graff
Founder and CEO
Tellagraff, LLC
ISE® Northeast Executive of the Year Award Winner 2014
Biography
Better Software Security Assurance with Confluence
Software can play a vital, active role in protecting an enterprise. Most — as today’s headlines tell us — does not. Why?
The secret to constructing software that actively safeguards sensitive data and business processes and contributes to intrusion detection/response is what Mark Graff calls “Confluence," the teaming of your company’s developers with its cyber defenders. Mr. Graff will illustrate how Confluence can be applied throughout the entire development lifecycle, including project inception, design, implementation, testing, deployment, operation, and maintenance. He will provide advice for information security and software development professionals as he describes the promise Confluent architecture holds for adaptive, self-healing network defense.
Detailed topics include:
- Overcoming common obstacles to collaboration between developers and IT security professionals
- Helping programmers design, write, deploy, and operate more secure software
- Helping network security engineers use application output more effectively
- Organizing a software security team before you’ve even created requirements
- Avoiding the unmanageable complexity and inherent flaws of layered security
- Implementing positive software design practices and identifying security defects in existing designs
- Teaming to improve code reviews, clarify attack scenarios associated with vulnerable code, and validate positive compliance
- Moving beyond pentesting toward more comprehensive security testing
- Integrating your new application with your existing security infrastructure
- “Ruggedizing” DevOps by adding infosec to the relationship between development and operations
- Protecting application security during maintenance
The talk is based on Mr. Graff’s best-selling 2014 book, Enterprise Software Security: A Confluence of Disciplines (Addison-Wesley; ISBN 978-0321604118).
2:55pm - Break
3:00pm - Executive Roundtables Co-Moderated by Leading Executive and Sponsor Thought Leaders
Alan Beveridge
Business Information Security Officer Canada, Office of the CISO
D+H Limited
Biography
Moving Beyond Penetration Testing for Repeatable Software Security Assurance
The dynamic threats of today are targeting the application layer and evolving at an alarming rate. Traditional penetration testing and source code reviews no longer give you the full picture. Teams must move beyond these tactics to a systematic, repeatable approach that integrates dynamic and application security testing to provide a cohesive view of an application’s vulnerabilities. Join this interactive roundtable discussion to learn more about implementing a repeatable, measurable Software Security Assurance (SSA) strategy.
Hartaj Nijjar
Senior Manager and Canadian National Practice Lead
Deloitte Enterprise Risk Services
Biography
Measuring and Reporting ROI and Business Value from an SSA Program
Securing and sustaining funding and resources for your Software Security Assurance program requires proven, quantifiable results. You understand the value for your business, but are you producing the metrics to support your success? Join this interactive roundtable discussion to learn best practices for measuring and reporting ROI and business value from your SSA program.
Stan Wisseman
Security Strategist
HP Enterprise Security
Biography
Why Collaboration is Key to Software Security Assurance
There are a lot of moving parts and teams that must work together seamlessly to reduce software risk. But, how do you get development, quality assurance, DevOPs and security at the table, and working in sync to ensure your software security assurance program’s success? Join this interactive roundtable discussion to share your biggest challenges and learn best practices for facilitating collaboration within your organization.