The Defender's Advantage: A guide to activating cyber defense / Developing an Ap

NOTE: The following will be in effect and mandatory for this meeting venue.

• RSVPs will close at 11:59 PM PT on Monday, November 18th, so kindly submit your RSVP by then. Walk-ins will not be permitted.
• Google Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.
• If your first and last name do not appear in our admin view, we will contact you.
• Alternatively, feel free to reach out directly or email us at [email protected] to provide that information or any questions you may have regarding the event.

Parking
Park in the public garage structure next to the building. We will be providing paid tickets for exiting the garage.

Live Stream
Stream us live on Twitch: http://twitch.tv/owaspoc
Please change your RSVP to "No" if you can't make it and/or will join via livestream instead.

Talk 1
The Defender's Advantage: A guide to activating cyber defense
Organizations today face relentless cyberattacks that can compromise their critical assets. The Defender’s Advantage is the concept that organizations have the upper hand in defending against attacks on their own environments. The overview will guide you through understanding the threat landscape, detecting and investigating malicious activity, testing and validating the effectiveness of controls and operations, hunting for active threats. The book goes into detail about each of these concepts to help organizations take control and galvanize their defender’s advantage.

Speaker 1 Bio
Gursev Singh, Sr. Information Security Consultant at Google.

A seasoned cybersecurity professional with over 16 years of experience in the field. He has a strong track record of success, leading and managing cybersecurity projects for major customers.Gursev's expertise in cloud security (Google, AWS & Azure), SIEM, and data protection. His deep understanding of infrastructure security and cyber threat and vulnerability management further enhances his ability to analyze threats, identify vulnerabilities, and respond to security incidents.Currently, he's a Sr. Information Security Consultant at Google.

Talk 2
Developing an Application Security Champions Program
Application security focuses on a specific set of issues which incur risk. Software security in general may cover everything from IT to cloud to access, to authentication, etc. What we are addressing in this discussion is a security program designed to surface and mitigate risk found within applications.
Agenda

• Remote Code Execution – an infamous example
• The recurring cycle of scan, assess, mitigate
• Update, Update, Update!
• Ownership is essential

Speaker 2 Bio
Rich Newman, Technical Account Manager at Black Duck Software, Inc.

Rich was a developer for 13 years in the embedded space, primarily embedded C and assembly code. He then transitioned to field engineering for Wind River, Intel, Coverity and Synopsys for the past 26 years. The technologies he supported covered a wide range of embedded operating systems and tools, live patching, static analysis and security tools and services. He has an active CISSP certification.