Equilibrium: The Product Security Conference
April 21, 2022 | Virtually 9:00 – 5:00 pm PST
The virtual event will bring together security and DevSecOps communities to explore the best methods for fast and secure threat modeling and secure coding.
During the main event on April 21, attendees will connect with like-minded individuals and uncover what it takes to build a strong product security fabric that enables trustable and secure products for today and tomorrow. Takeaways of the event will include:
- Discover breakthrough approaches to product security. Learn how to achieve true DevSecOps integration by empowering hardware, development and operations teams to drive security.
- Gain practical insights to build and strengthen your security posture. Learn to tie key security functions like risk management, compliance and data privacy into the design, development, testing, deployment, and maintenance phases of the Secure Product Life Cycle.
- Learn, share and connect with the DevSecOps community. Meet with peers, industry leaders and the wider DevSecOps community. Chat directly with attendees, join panel discussions or “meet” for a 1-1 coffee.
Security Compass is hosting a training session at Equilibrium from 12:00 – 1:00 pm PST.
Session Title: Closing the Security Gap in Learning
Abstract: Are security considerations first on your list… after you’ve learned everything else you need to get your project off the ground? Join the author of too many tech books, Matthew MacDonald, as he talks about ways to prioritize security thinking when learning new technologies.
Training Courses: Attending this session will give you complimentary access to 1 of 3 courses.
This course has been developed for DevOps and Systems Engineers who have some experience with Kubernetes and have completed Defending Containers as a prerequisite.
• Securing Images and the CI Pipeline
• Protecting the API Server
• Hardening Cluster Infrastructure
• Restricting Pods at Runtime
• Hardening the Virtual Network
OWASP Top 10 2021:
Students will learn the Top 10 threats as part of the OWASP Top 10 2021. This language agnostic course dives into concepts for web application threats, vulnerabilities and strategies to defend them. The OWASP top 10 list is an industry recognized list of vulnerabilities as dictated by the community, most recently in 2021.
• Broken Access Control
• Cryptographic Failures
• Insecure Design
• Security Misconfiguration
• Vulnerable and Outdated Components
• Identification and Authentication Failures
• Software and Data Integrity Failures
• Security Logging and Monitoring Failures
• Server-Side Request Forgery
This course has been developed for Python and Web Application developers. It covers Python 3
versions 3.8 and later.
• Securing the Python Environment
• Injection Attacks
• Common Web Vulnerabilities
ISC2 East Bay Chapter Members who provide evidence of attendance to firstname.lastname@example.org by April 29th will be listed for an additional CPE hour in April.
Reminder: All ISC2 members are responsible for and capable of posting their own CPE, however ISC2 East Bay will post for events where we are the sponsor, we have evidence of your attendance, and you have provided your full name, email and active ISC2 ID. In all other cases, attendees may report to their respective organizations and would require a receipt of hours in attendance.
Who Should Attend a free day of training at Equilibrium hosted by Security Compass?
Equilibrium brings together a mix of professionals interested in what’s next in information security, ranging from product development to the risk management side of the house. From security practitioners and technology leaders to software developers, there is much to discover and learn from the DevSecOps community at Equilibrium.
Please join us as we participate in the Equilibrium: The Product Security Conference, hosted by Security Compass. www.securitycompass.com/equilibrium on APRIL 21, 2022 | VIRTUAL | #EQ22 | 9 – 5 pm PST
Join DevSecOps leaders and professionals virtually at the 2022 Equilibrium Conference. Uncover what it takes to build a strong product security fabric that enables trustable and secure products for today and tomorrow.
Here’s the lineup, but please go to the website and get the most current details.
- 9:05 AM – 10:00 AM – Threat Modeling Panel Discussion; Simone Curzi – CyberSecurity Principal Consultant, Microsoft. Hasan Yasar – Technical Director, Carnegie Mellon University. Lotfi ben Othmane – Clinical Associate Professor, University of North Texas. Arun Prabhakar – Security Architect, Security Compass. Altaz Valani – Director of Insights Research, Security Compass
- 10:00 AM – 10:30 AM – Security By Design – Guiding Force for Securing the Foundation; Rohini Narasipur – Security Architect & Expert, Daimler TSS
- 10:30 AM – 11:00 AM – Lessons Learned About Product Security Leadership; Steve Lipner – Executive Director, SAFECode.org
- 11:00 AM – 12:00 PM – Data Governance & Classification Panel Discussion; Nick Deshpande – Senior Product Owner, Arctic Wolf. Kyle Lai – Founder and CISO, KLC Consulting.
- 12:00 PM – 1:00 PM – Training Session – Closing the Security Gap in Learning; Matthew MacDonald – TechAuthor, ProseTech
- 1:00 PM – 1:30 PM – SD Elements Product Demo; Adhiran Thirmal – Solutions Engineer, Security Compass & Eric Heitzman – Sales Director, Security Compass
- 1:30 PM – 2:00 PM – From Gates to Guidance: New Face of Product Security; Trupti Shiralkar – Engineering Manager, Datadog.
- 2:30 PM – 3:00 PM – Product Security: Know Your Vantage Points; Wayne Howell – Cybersecurity Product Manager, Apple.
- 3:00 PM – 4:00 PM – Security and Compliance in Software Product & Design; Rob Cuddy – Global Application Security Evangelist, HCL Technologies. Ayhan Tek – VP, Information Security, Cyber Electra. Robin Basham – CEO, CISO, EnterpriseGRC Solutions. Altaz Valani – Director of Insights Security, Security Compass
- 4:00 PM – 5:00 PM – Cisco’s Log4Shell Senate Testimony; Brad Arkin – SVP, Chief Security & Trust Officer, Cisco & Rohit Sethi – CEO, Security Compass