RSA Conference 2019: Don’t Miss These Dozen DevSecOps & AppSec SessionsPosted by Amy Schurr
Are you heading to the RSA Conference 2019 in San Francisco next week to meet with fellow cybersecurity professionals? You’ll want to build your agenda now because RSA recommends reserving a seat for your chosen sessions before the event.
The NowSecure team will be there all week. We’re excited to be co-sponsoring the official DevSecOps Day on Monday, March 4, to share best practices for integrating mobile app security into the DevOps pipeline. Please book a meeting with a member of our team to discuss your mobile application security and DevSecOps challenges.
This year’s RSA conference theme is ‘Better,’ which focuses on bringing about better cybersecurity solutions and ideas. We’re proud to support the theme by helping all organizations build security into their mobile dev pipeline across their Agile or DevOps programs. In fact, our NowSecure “False Positives S#ck” motto hits a real nerve as one of the biggest pain points that we can address.
To get the most out of your time at RSA, NowSecure suggests attending the following sessions oriented around mobile application security and DevSecOps.
Solving Our Cybersecurity Talent Shortage
Jim Gordon, Intel
Emily Heath, United Airlines
Alicia Jessip, TEKsystems
Elaine Marino, Equili
Carmen Marsh, Inteligenca
Vanessa Pegueros, DocuSign
Claudia Schabel, Schabel Solutions
Jennifer Stefens, IOActive
Selena Templeton, ITSPmagazine
Caroline Wong, Cobalt.io
Karen Worstell, W Risk Group
Monday, March 4, 8 a.m. – 12 p.m.
Cybersecurity departments face acute talent shortages at a time when security skills for problem solving, innovation and productivity are critical. Leaders and change agents conducting this seminar will impart advice for driving innovation with culture, inclusion, equity and diversity. For more insight into conquering the cybersecurity skills shortage, try these five tips.
Building Security In – DevSecOps
Noopor Davis, Comcast
Tuesday, March 5, 1 p.m. – 1:50 p.m.
Learn how Comcast employs a DevSecOps methodology focused on three main pillars: Automation, speed and team ownership of end-to-end product security lifecycle. Gain tips for making security easy and walk away understanding how and why to focus on DevOps teams. NowSecure appreciates the opportunity to hear how experts adopt DevSecOps. You can also find a few best practices on the topic in this blog post.
Mobile Security and the Post-Perimeter World: 10 Years of Mobile Threats
Apurva Kumar, Lookout
Michael Murray, Lookout
Tuesday, March 5, 2:20 p.m. – 3:10 p.m.
As smartphone and tablets have evolved over the last decade, so too has the attack landscape. Using a decade of data around mobile threats and vulnerabilities, this talk will show the trends and principles driving the future of risk management as it pertains to mobile. This is why organizations need to test the security of all the apps they build, buy and use.
CyBEER Ops Networking Reception & International Meet-Up
Tuesday, March 5 4:45 p.m. – 6:30 p.m.
One of the best things about attending a conference is getting an opportunity to network with your peers. Check out startups and mingle with old and new friends alike while imbibing local California craft beers and non-alcoholic beverages.
The Emerging Gray App Threat: Mobile Kids’ Apps Are the Gateway to Parents
Frances Dewing, Rubica
Wednesday, March 6, 1:10 to 1:40 p.m.
Mobile gaming apps aimed at specifically at children are creating a backdoor means of gaining access into a variety of devices. This sandbox session will detail how these apps are used to move data out of a user’s hands and into an attacker’s grasp. Our NowSecure Research team recently explored the risks in mobile kids apps you can read here.
Anatomy of an Enterprise Mobile Security Incident
Aaron Turner, Hotshot Technologies
Wednesday, March 6, 1:30 p.m. – 2:20 p.m.
Trying to convince others that mobile security matters? This cautionary tale of woe details how an organization suffered a tremendous loss of data due to mobile vulnerabilities and how the attackers pivoted from mobile to the enterprise’s core data stores and Office 365 services.
Increasing Usage of a Secure Development Lifecycle
Cassie Crossley, Schneider Electric
Wednesday, March 6, 2:50 p.m. – 3:40 p.m.
How do organizations that use a secure development lifecycle make it part of their DNA? This session will examine how to balance security with time to market and staying on schedule.
Stop That Release, There’s a Vulnerability!
Christine Gadsby, BlackBerry
Thursday, March 7, 9:20 a.m. – 10:10 a.m.
Software companies can have hundreds of apps in-market at any one time, all requiring support and security fixes with tight release timelines or no releases planned at all. Discover more about the security development lifecycle and how to prioritize software security fixes.
Run for Your Life – No Literally – Just Do It!
Lisa Green, IoT
Katie Curran, Blackline
Kat Fitzgerald, Zebra Technologies
Xena Olsen, Fortune 500 Financial Services
Thursday, March 7, 10:20 a.m. – 11 a.m.
This panel discussion will help attendees understand the dangers of embedded devices in our lives and how to defend ourselves against this new threat. Learn what manufacturers take into consideration when designing wearable devices and apps and steps you can take to protect yourself. Last year we wrote about the risks in the STRAVA app in this blog.
Securing Software in a DevOps World
Tanya Janca, Microsoft
Thursday, March 7, 12:40 p.m. – 1:30 p.m.
Securing software in a DevOps world is a new security challenge that requires new tactics and strategies. Discuss in a small group setting ideas for adding security to your pipeline and get a few tactics to kick things off.
Cover Your aaS with DevSecOps
Cindi Carter, Mede/Analytics
Yaron Levi, Blue Cross and Blue Shield of Kansas City
Thursday, March 7, 1:30 p.m. – 2:20 p.m.
If security struggled to keep up before, many fear that security will never catch up in the digital era.
Hear the presenters’ story about instilling security into the culture of 3,500 initially resistant developers and understand how to use Jedi mind tricks to incentivize them.
The Future of Data Protection: Adapting to the Privacy Imperative
J. Trevor Hughes, President and CEO, IAPP
Kalinda Raina, Senior Director, Head of Global Privacy, LinkedIn
Ruby Zefo, Chief Privacy Officer, Uber
Thursday, March 7 2:50 p.m. – 3:40 p.m.
As organizations grappled with complex ethical and competitive imperatives around privacy, high-profile incidents have prompted consumers to reconsider how much data they want to share with organizationes. These panelists will explore the future of privacy and who owns the new data currency and controls its flow and use.
Curious to learn more about how to shift left by integrating automated mobile appsec testing into the DevOps pipeline? Schedule a meeting with NowSecure experts to hear how our software and services speed the delivery of secure mobile apps. And don’t miss our table at DevSecOps Day at RSA on Monday to get your “False Positives S#ck” stickers!