Conference:  Defcon 31

Authors: Jen Easterly Director, Cybersecurity and Infrastructure Security Agency, Scott Shapiro Author, , Yale Law School Professor

2023-08-01

Fancy Bear, Dynamic Panda and Charming Kitten – we live in a time where we are constantly under attack without even knowing it. CISA Director Jen Easterly and Yale Law School Professor Scott Shapiro, author of “Fancy Bear Goes Phishing: The Dark History of the Information Age In Five Extraordinary Hacks” discuss how best to understand the challenge of information security; what we can learn from looking back; and how the decisions we make today to prioritize security by design will shape our future.

Conference:  Black Hat Asia 2023

Authors: Xiaosheng Tan

2023-05-11

Data has been regarded as the fifth factor of production, and data security is ranked a high priority by governments across the world. In China, data security-related legislation such as the "Data Security Law" and "Personal Information Protection Law" have been promulgated and have were put into effect in 2022. The number of data security projects also increased rapidly. The government, finance, telecommunications, energy, education, healthcare, and other industries have different regulatory requirements for data security and their strategies for data security are quite different.The biggest challenge facing data security is that data security technologies, products, solutions, and service capabilities are far behind regulatory and customer requirements. Some companies have made meaningful explorations in data security products and solutions, such as privacy enhanced computing, transparent encrypt/decrypt, zero trust in data security, etc.

Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Guillaume Sauvage de Saint Marc

2023-04-20

Open Clarity is an open source suite effort that aims at addressing the entire cloud security and application security stack, and making it practical and usable for developers, cloud architects, and security teams alike.

• Security is key for modern apps
• Application security needs to be approached across the entire stack and software supply chain
• Scanners are essential but need to be deployed and orchestrated at scale
• Good dashboards and UI are necessary to convey a clear and convincing picture of application security posture
• Open Clarity is an open source suite effort that aims at addressing the entire cloud security and application security stack
• VM Clarity is a new project that offers VM agentless scanning at scale
• More open source tools are needed to address the totality of the application security picture

Conference:  Cloud Native SecurityCon North America 2022

Authors: Tobin Feldman-FItzthum, Mikko Ylinen

2022-10-25

Typical data protection ensures data is encrypted while in transit and at rest. Confidential computing (CC) adds data protection while data is in use, in memory, enabling end-to-end protection. Highly regulated industries such as finance and health care are driving the market for CC. Cloud service providers are adding CC capabilities in their offerings. In parallel the open-source cloud native ecosystem is seeing more new projects and start-ups building upon CC. For instance, the CNCF recently accepted the sandbox project Confidential Containers with active participation from different hardware and software vendors and CSPs. In this workshop we will talk about CC in cloud native. We will start by giving an overview of CC and a detailed introduction to the Confidential Containers project and its building blocks. Next, we walk the audience through detailed steps to get the Confidential Containers environment set up. Finally, we want to leave some time for interactive discussion with the audience about cloud native use cases and CC.

Conference:  OWASP 20th Anniversary Event

Authors: Himanshu Dwivedi

2021-09-24

Abstract:This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button (lines of code in python code :). Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data.

Conference:  OWASP 20th Anniversary Event

Authors: Caroline Wong

2021-09-24

The presentation discusses the challenges of implementing effective security metrics and proposes a model for measuring security that focuses on protecting value.

• Security metrics are difficult to implement due to oversimplification or information overload
• Effective security metrics should focus on protecting value
• The shift towards valuing digital assets makes cybersecurity more important
• The speaker shares an anecdote about implementing security metrics at eBay
• The speaker offers a LinkedIn Learning course on security metrics