Rock Stars of Cybersecurity

Governments worldwide are looking to secure not only their environments but also critical infrastructures and the private-sector supply chains that keep government domains operating. Peter Allor, Cyber Security Strategist at IBM, discusses how security professionals can lead businesses to a more focused approach for securing these entities via risk-management processes for business operations. Moving IT away from traditional best-of-breed point product approaches, this non-regulatory approach differs from traditional compliance checklists and helps focus on the strategy of the business.

Strengthening the cyber ecosystem?s security and resilience requires a way to reduce the number of vulnerabilities as well as to automatically mitigate attack methodologies. Peter Fonash, CTO of the US Department of Homeland Security (DHS), describes DHS?s role in cybersecurity, summarizes existing programs to improve cybersecurity, discusses cybersecurity challenges, and presents initiatives to meet those challenges. The cybersecurity community has been forming a general consensus that defenses must be more automated, less reactive, more distributed, and better informed. Various ongoing activities are aimed at enabling automated collective action to strengthen the cyber ecosystem?s resilience and security in the face of advanced threats. These activities support a range of automated collective actions, including the sharing of indicators and information, the selection of courses of action, and the coordination of responses.

Learn important lessons in scaling software security touchpoints, and making them work efficiently and effectively in a global software security initiative. Gary McGraw, CTO at Cigital, focuses on the top three touchpoints?code review with a static analysis tool, architectural risk analysis, and penetration testing?discussing the tools, technologies, people, and processes for each. He addresses the issues head on, using examples from the 70+ Building Security in Maturity Model (BSIMM) firms and many years of real-world experience. (Firms in the BSIMM include Adobe, Aon, Bank of America, Box, Capital One, , EMC, Fannie Mae, Fidelity, Google, Intel, Intuit, JPMorgan Chase & Co., Microsoft, Nokia Siemens Networks, Qualcomm, Rackspace, Salesforce, Sallie Mae, SAP, Sony Mobile, Symantec, Telecom Italia, Thomson Reuters, Visa, VMware, and Wells Fargo.)

Sarath Geethakumar, Senior Director of Global Information Security at VISA, explores how to build security into applications to ensure better, more reliable and scalable solutions. Rapid technology changes are forcing payment systems and solutions to constantly evolve. With global mobile adoption now at 91 percent, interconnected consumer devices and applications must perform faster and handle increasingly more complex and critical functionalities. This evolution not only paves the way for new and improved solutions, it also makes them lucrative and easy targets for attackers. Security as a development afterthought is not a scalable or secure approach for this rapidly evolving ecosystem. Building security into development methodologies ensures that even the weakest links can be secured in a timely and cost-effective manner.

Hardly a day goes by without yet another report of a security breach or cyberattack. They?re increasing in frequency, ferocity, and stealth, and they can result in significant loss of revenues and reputation for organizations and even destabilize governments. Brett Wahlin, Chief Information Security Officer at HP, deconstructs the current security paradigm vis-a-vis today's business risk-centric environments, articulates the precept of a predictive behavior-based capability, and rounds it off with in-use discussion of HP's security solutions.

The problems that have created the need for increased cybersecurity have often been compared to a chronic illness that continuously mutates as it plagues businesses and consumers alike. And like chronic illnesses of all kinds, the question of focusing on prevention or cure looms large in the debate about what to do about cybersecurity. This panel discusses what those two very different routes mean, as well as what consumers, businesses, Internet providers, and government and nongovernment agencies need to do to provide appropriate levels of safety and security at home and at work. Panelists: Joshua Greenbaum (moderator), Enterprise Applications Consulting; Tim Helming, DomainTools; Gus Hunt, CIA; Will Hurley, Chaotic Moon Studios; David Rockvam, Entrust