After the Data Breach: Stolen Credentials

When usernames and passwords are compromised in a data breach, the consequences extend far beyond the victim organization due to rampant password reuse. For this reason, NIST recently recommended that organizations check users’ credentials against a set of known compromised passwords. However, by patroning dark web forums and paying for spilled credentials, enterprises indirectly support the criminal ecosystem. Furthermore, attackers often don’t publicly post stolen data until months or years after the breach, if at all. Is there a better way to follow NIST guidelines and protect users from account takeover? Join Justin Richer, co-author of NIST Digital Identity Guidelines 800-63B, and Gautam Agarwal, Shape's Senior Director of Product Management, for a lively discussion on NIST’s password recommendations and how best to prevent account takeover fraud at your organization.
Watch Now

Spotlight

The Security Navigator reflects first and foremost the reality of the conflictual nature of cyber warfare. It mirrors the disinhibition of threat actors motivated by state strategies or hacktivism as well as criminal opportunities. In this environment, espionage, sabotage, disinformation and extortion are becoming increasingly i

OTHER ON-DEMAND WEBINARS

Introduction to Kubernetes Security

Aqua

Kubernetes is fundamentally a complex system with lots of different potential attack vectors aimed at data theft, currency mining and other threats. Liz Rice, a renowned technology evangelist, will take us through an overview of the current state of security-related features in Kubernetes, and offer directional starting points on how to secure Kubernetes components and the applications that run on top of these Kubernetes components. Brice Fernandes, software engineer and entrepreneur at Weaveworks, will then demonstrate how you can build a secure and reliable Kubernetes deployment pipeline with GitOps best practices, separating the responsibility between packaging software and releasing it to a production environment.
Watch Now

Draft and Develop: A Solution to the Cyber Security Skills Shortage

Security Boulevard

By 2019, the nonprofit group ISACA predicts a global shortage of two million cyber security professionals. Security can no longer work in a silo-- they now need to communicate across the business and balance the needs of multiple stakeholders from product line managers to ops teams. Outreach’s CISO, Martin Rues, knew finding a candidate with the combination of DevOps, Security and Cloud would be a time-consuming exercise with low yield. He decided to invest in his teams and create an apprenticeship program to “draft and develop” internal talent, and groom then into the Cloud SecOps role that we required. Join Martin on July 26th at 1pm EDT to learn how he developed the apprenticeship program to build internal cloud security talent.
Watch Now

Cloud Security Must: Ensuring Least Privilege

The principle of least privilege access – in which all human and machine identities should have only the permissions essential to perform their intended function – is a cloud security best practice promoted by cloud providers like Azure, GCP and leading industry frameworks like MITRE ATT&CK and Cloud Security Alliance’s Cloud Controls Matrix. In this webinar, attendees will learn about the risks of overly broad permissions and how to address them.
Watch Now

The Value of Diversity and Inclusion for Law Departments

The recent Thomson Reuters/Acritas 2019 State of the Corporate Law Department report found that gender-diverse teams achieved significantly higher performance ratings, mirroring earlier research on corporate boards and teams in general. Similar results have been shown for other categories of diversity. The facts are clear: diver
Watch Now

Spotlight

The Security Navigator reflects first and foremost the reality of the conflictual nature of cyber warfare. It mirrors the disinhibition of threat actors motivated by state strategies or hacktivism as well as criminal opportunities. In this environment, espionage, sabotage, disinformation and extortion are becoming increasingly i

resources