SlideShare una empresa de Scribd logo

Top 7 Strategies for Overcoming IT Talent Shortages

Cenzic
Cenzic

Top 7 Strategies for Overcoming IT Talent Shortages Learn from Cenzic's Chris Harget as he describes the top strategies for maximizing security effectiveness of current staff and resources. Specifically, you'll learn: - Symptoms you are short-handed - Key indicators for which strategy will maximize value from existing staff and resources - Creative tips for convincing your organization to make changes The current market environment makes finding, training and retaining the right IT employees challenging. Challenges or not, you can gain the skills to protect your organization from excessive security risk. This presentation is a great place to start.

Tecnología
1 de 28
Descargar para leer sin conexión
Cenzic Live! Webinar: Top 7 Strategies For Overcoming IT Security Talent Shortages Chris Harget Product Marketing 1
Agenda  Symptoms  Strategies  Finding The Win 2 Cenzic, Inc. - Confidential, All Rights Reserved.
Symptoms Of IT Security Talent Shortage 3
Know The Signs  Incomplete picture of security posture  Backlog of untested applications  Slow remediation when app vulnerabilities discovered  Things done wrong/done twice  Too many long shifts  Open reqs, hiring freezes, “irreplaceable” departures  No vulnerability monitoring of production apps  Data Breeches 4 Cenzic, Inc. - Confidential, All Rights Reserved.
The Need Is Significant Source: Cenzic Application Vulnerability Trends Report 2013 5 Cenzic, Inc. - Confidential, All Rights Reserved.
Mobile App Vulnerability Types - 2012 Source: Cenzic Application Vulnerability Trends Report 2013 6 Cenzic, Inc. - Confidential, All Rights Reserved.
Benchmarks For IT Security Staffing… …Are Really Hard To Come By.  How many security analysts/100 apps?  That depends on; – Size of apps – Depth of scan desired – Coding practices – Scanning frequency – Quality of scanning tools – Division of labor with QA/Dev/Production/GRC 7 Cenzic, Inc. - Confidential, All Rights Reserved.
Know Your Specific Shortage  Not enough bodies  Not enough time  Not enough skills  Not enough tools 8 Cenzic, Inc. - Confidential, All Rights Reserved.
Strategies For Overcoming IT Security Talent Shortage 7.2 9
Bodies: Finding/Hiring/Renting  Job titles include; – Application Security Analyst/Architect – Penetration Tester – Application Security Engineer/Tester/Specialist – Ethical Hacker  If you can’t hire locally, consider managed services – May be easier/faster than getting increased headcount – Helps jump-start process 10 Cenzic, Inc. - Confidential, All Rights Reserved.
Time: Prioritize, Specialize, Automate  Prioritize – Are you mitigating the biggest risks first?  Specialize – What tasks are best done by your team? – e.g., Remediation, Management, – What tasks can be offloaded? – e.g., Dev trains app traversals or Managed Service runs scans  Automate – Leverage Enterprise-grade tools 11 Cenzic, Inc. - Confidential, All Rights Reserved.
Talent/Skills: Train, Borrow, Rent  Train – How to scan, coding best practices, how to manage  Borrow – Get Developers for app training & Remediation – Get QA for re-running scans  Rent – Managed Services can augment specialized tasks 12 Cenzic, Inc. - Confidential, All Rights Reserved.
Tools: Quality and Quantity  Quality – More accurate scanners improve security and save time – Quantified app risk scores enable optimal risk mitigation – Enterprise dashboard shows total risk and trends  Quantity – Web-based app-training tool goes everywhere needed – Having enough seats for each Analyst, Developer, QA, GRC, and Executive leverages whole organization 13 Cenzic, Inc. - Confidential, All Rights Reserved.
Top 7 Strategies 1. Hire 2. Prioritize 3. Specialize 4. Automate 5. Train 6. Borrow 7. Rent 8. Quality/Quantity 14 Cenzic, Inc. - Confidential, All Rights Reserved.
Finding The Win 15
Justifying Resources  Non-technical people need non-technical explanations – Keep it simple – Use cost-benefit for budget – Use relative-risk for reallocating people  Quantified risk is easier to understand – E.g., Cenzic’s HARM™ scores  Bonus: Watch “Top 10 Ways To Win Budget for Application Security” https://info.cenzic.com/webinar-security-budget.html 16 Cenzic, Inc. - Confidential, All Rights Reserved.
Making the Case Simply…  Hackers use hidden Application commands to steal data and damage web sites.  Gartner Group says 75% of attacks now target the Web Application Layer  Scanning tools and App Security experts help efficiently find and patch these vulnerabilities. 17 Cenzic, Inc. - Confidential, All Rights Reserved.
Detects Web & Mobile App Vulnerabilities  Easy-to-use Software, DIY Cloud, or Managed Service  Accurate behavior-based Scanning protects – 500,000+ online applications – $Trillion+ of commerce  Delivers best continuous real-world Risk Management 18 Cenzic, Inc. - Confidential, All Rights Reserved.
Tools  Cenzic Enterprise – Unified console – Web-based app-configuring makes it easier/more affordable for people all over your enterprise to contribute – E.g., Developers can define traversals of their own apps 19 Cenzic, Inc. - Confidential, All Rights Reserved.
Application Vulnerability Monitoring In Production .Identify Risk = + Mitigate Risk =  One-click virtual patching via tight integration with leading Web Application Firewalls 20 Cenzic, Inc. - Confidential, All Rights Reserved.
Managed Services Offerings – At-a-glance Bronze Silver Industry BestPractices for Brochureware sites Phishing Light input validation Data Security Session management OWASP compliance PCI compliance Business logic testing Application logic testing Manual penetration testing - Confidential, All Rights Reserved. 21 Cenzic, Inc. X Gold Platinum Industry BestPractices for forms and login protected sites Compliance for sites with user data X X Comprehensive scans for Mission critical applications x x X X X X X X x x X X x X X x x x x
Compliance in a Hurry  Who? – A Health Maintenance Organization  Need? – Deep scan of a new application on a tight development schedule to ensure compliance.  Solution? – Cenzic PS performed Manual Penetration testing along with the comprehensive vulnerability scanning to provide a very thorough scan which could suffice for any compliance or audit need. 22 Cenzic, Inc. - Confidential, All Rights Reserved.
Rapid OnBoarding of New Apps  Who? – A Fortune-100 Banking and Services company  Need? – Quickly begin scanning 110 applications  Solution? – Cenzic PS did Custom Onboarding Engagement, training each app traversal so that the Bank’s IT Security Analysts could then run scans themselves using Cenzic Enterprise software.  Result? – Met their timeline needs, and kept the scanning results in-house, per their corporate policy. 23 Cenzic, Inc. - Confidential, All Rights Reserved.
Methodology Assessment With Developers  Who? – Global NGO with thousands of web sites  Need? – Methodology Assessment of their security posture, and real-world training of their Developers  Solution? – Cenzic PS did a 3-day engagement with their App Developers. – Reviewed 10 most common vulnerabilities, found examples in their production apps. – Cenzic PS demonstrated on a Live Demo site how a hacker could exploit those specific types of vulnerabilities – Reviewed coding best practices to completely eliminate said vulnerabilities. 24 Cenzic, Inc. - Confidential, All Rights Reserved.
Vulnerability Scanning a Mobile App  Who? – High technology company with a mobile application that accessed sensitive customer data  Need? – Vulnerability Scan a mobile app that can not be traditionally traversed with a spider.  Solution? – Cenzic Mobile Scan service performed a dynamic analysis by placing a proxy in line to the mobile app, which allowed technicians to replay various attacks and coupled it with a thorough forensic analysis of the application on the device to identify vulnerabilities that exposed customer data. 25 Cenzic, Inc. - Confidential, All Rights Reserved.
Fitting Strategy to Your Need 1. Hire 2. Prioritize 3. Specialize 4. Automate 5. Train 6. Borrow 7. Rent 8. Quality/Quantity 26 Cenzic, Inc. - Confidential, All Rights Reserved.
Cenzic Can Help  Train your people  Give them better gear  Have someone else carry the baton 27 Cenzic, Inc. - Confidential, All Rights Reserved.
Questions? request@cenzic.com or 1.866-4-Cenzic Blog: https://blog.cenzic.com www.cenzic.com | 1-866-4-CENZIC (1-866-423-6942)

Recomendados

How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...Virtual Forge
 
How the U.S. Department of Defense Secures Its Custom ABAP Code
How the U.S. Department of Defense Secures Its Custom ABAP CodeHow the U.S. Department of Defense Secures Its Custom ABAP Code
How the U.S. Department of Defense Secures Its Custom ABAP CodeVirtual Forge
 
Information Visualization: Analyzing and Presenting Data
Information Visualization: Analyzing and Presenting DataInformation Visualization: Analyzing and Presenting Data
Information Visualization: Analyzing and Presenting DataAndrew Vande Moere
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityChristian Heilmann
 
Continuous Monitoring for Web Application Security
Continuous Monitoring for Web Application SecurityContinuous Monitoring for Web Application Security
Continuous Monitoring for Web Application SecurityCenzic
 
How to Overcome the 5 Barriers to Production App Security Testing
How to Overcome the 5 Barriers to Production App Security TestingHow to Overcome the 5 Barriers to Production App Security Testing
How to Overcome the 5 Barriers to Production App Security TestingCenzic
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
 
Ians cenzic webinar
Ians cenzic webinarIans cenzic webinar
Ians cenzic webinarCenzic
 

Recomendados

How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...Virtual Forge
 
How the U.S. Department of Defense Secures Its Custom ABAP Code
How the U.S. Department of Defense Secures Its Custom ABAP CodeHow the U.S. Department of Defense Secures Its Custom ABAP Code
How the U.S. Department of Defense Secures Its Custom ABAP CodeVirtual Forge
 
Information Visualization: Analyzing and Presenting Data
Information Visualization: Analyzing and Presenting DataInformation Visualization: Analyzing and Presenting Data
Information Visualization: Analyzing and Presenting DataAndrew Vande Moere
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityChristian Heilmann
 
Continuous Monitoring for Web Application Security
Continuous Monitoring for Web Application SecurityContinuous Monitoring for Web Application Security
Continuous Monitoring for Web Application SecurityCenzic
 
How to Overcome the 5 Barriers to Production App Security Testing
How to Overcome the 5 Barriers to Production App Security TestingHow to Overcome the 5 Barriers to Production App Security Testing
How to Overcome the 5 Barriers to Production App Security TestingCenzic
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
 
Ians cenzic webinar
Ians cenzic webinarIans cenzic webinar
Ians cenzic webinarCenzic
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Más contenido relacionado

Último

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Último (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

Destacado

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Destacado (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Top 7 Strategies for Overcoming IT Talent Shortages

  • 1. Cenzic Live! Webinar: Top 7 Strategies For Overcoming IT Security Talent Shortages Chris Harget Product Marketing 1
  • 2. Agenda  Symptoms  Strategies  Finding The Win 2 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 3. Symptoms Of IT Security Talent Shortage 3
  • 4. Know The Signs  Incomplete picture of security posture  Backlog of untested applications  Slow remediation when app vulnerabilities discovered  Things done wrong/done twice  Too many long shifts  Open reqs, hiring freezes, “irreplaceable” departures  No vulnerability monitoring of production apps  Data Breeches 4 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 5. The Need Is Significant Source: Cenzic Application Vulnerability Trends Report 2013 5 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 6. Mobile App Vulnerability Types - 2012 Source: Cenzic Application Vulnerability Trends Report 2013 6 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 7. Benchmarks For IT Security Staffing… …Are Really Hard To Come By.  How many security analysts/100 apps?  That depends on; – Size of apps – Depth of scan desired – Coding practices – Scanning frequency – Quality of scanning tools – Division of labor with QA/Dev/Production/GRC 7 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 8. Know Your Specific Shortage  Not enough bodies  Not enough time  Not enough skills  Not enough tools 8 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 9. Strategies For Overcoming IT Security Talent Shortage 7.2 9
  • 10. Bodies: Finding/Hiring/Renting  Job titles include; – Application Security Analyst/Architect – Penetration Tester – Application Security Engineer/Tester/Specialist – Ethical Hacker  If you can’t hire locally, consider managed services – May be easier/faster than getting increased headcount – Helps jump-start process 10 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 11. Time: Prioritize, Specialize, Automate  Prioritize – Are you mitigating the biggest risks first?  Specialize – What tasks are best done by your team? – e.g., Remediation, Management, – What tasks can be offloaded? – e.g., Dev trains app traversals or Managed Service runs scans  Automate – Leverage Enterprise-grade tools 11 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 12. Talent/Skills: Train, Borrow, Rent  Train – How to scan, coding best practices, how to manage  Borrow – Get Developers for app training & Remediation – Get QA for re-running scans  Rent – Managed Services can augment specialized tasks 12 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 13. Tools: Quality and Quantity  Quality – More accurate scanners improve security and save time – Quantified app risk scores enable optimal risk mitigation – Enterprise dashboard shows total risk and trends  Quantity – Web-based app-training tool goes everywhere needed – Having enough seats for each Analyst, Developer, QA, GRC, and Executive leverages whole organization 13 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 14. Top 7 Strategies 1. Hire 2. Prioritize 3. Specialize 4. Automate 5. Train 6. Borrow 7. Rent 8. Quality/Quantity 14 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 16. Justifying Resources  Non-technical people need non-technical explanations – Keep it simple – Use cost-benefit for budget – Use relative-risk for reallocating people  Quantified risk is easier to understand – E.g., Cenzic’s HARM™ scores  Bonus: Watch “Top 10 Ways To Win Budget for Application Security” https://info.cenzic.com/webinar-security-budget.html 16 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 17. Making the Case Simply…  Hackers use hidden Application commands to steal data and damage web sites.  Gartner Group says 75% of attacks now target the Web Application Layer  Scanning tools and App Security experts help efficiently find and patch these vulnerabilities. 17 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 18. Detects Web & Mobile App Vulnerabilities  Easy-to-use Software, DIY Cloud, or Managed Service  Accurate behavior-based Scanning protects – 500,000+ online applications – $Trillion+ of commerce  Delivers best continuous real-world Risk Management 18 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 19. Tools  Cenzic Enterprise – Unified console – Web-based app-configuring makes it easier/more affordable for people all over your enterprise to contribute – E.g., Developers can define traversals of their own apps 19 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 20. Application Vulnerability Monitoring In Production .Identify Risk = + Mitigate Risk =  One-click virtual patching via tight integration with leading Web Application Firewalls 20 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 21. Managed Services Offerings – At-a-glance Bronze Silver Industry BestPractices for Brochureware sites Phishing Light input validation Data Security Session management OWASP compliance PCI compliance Business logic testing Application logic testing Manual penetration testing - Confidential, All Rights Reserved. 21 Cenzic, Inc. X Gold Platinum Industry BestPractices for forms and login protected sites Compliance for sites with user data X X Comprehensive scans for Mission critical applications x x X X X X X X x x X X x X X x x x x
  • 22. Compliance in a Hurry  Who? – A Health Maintenance Organization  Need? – Deep scan of a new application on a tight development schedule to ensure compliance.  Solution? – Cenzic PS performed Manual Penetration testing along with the comprehensive vulnerability scanning to provide a very thorough scan which could suffice for any compliance or audit need. 22 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 23. Rapid OnBoarding of New Apps  Who? – A Fortune-100 Banking and Services company  Need? – Quickly begin scanning 110 applications  Solution? – Cenzic PS did Custom Onboarding Engagement, training each app traversal so that the Bank’s IT Security Analysts could then run scans themselves using Cenzic Enterprise software.  Result? – Met their timeline needs, and kept the scanning results in-house, per their corporate policy. 23 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 24. Methodology Assessment With Developers  Who? – Global NGO with thousands of web sites  Need? – Methodology Assessment of their security posture, and real-world training of their Developers  Solution? – Cenzic PS did a 3-day engagement with their App Developers. – Reviewed 10 most common vulnerabilities, found examples in their production apps. – Cenzic PS demonstrated on a Live Demo site how a hacker could exploit those specific types of vulnerabilities – Reviewed coding best practices to completely eliminate said vulnerabilities. 24 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 25. Vulnerability Scanning a Mobile App  Who? – High technology company with a mobile application that accessed sensitive customer data  Need? – Vulnerability Scan a mobile app that can not be traditionally traversed with a spider.  Solution? – Cenzic Mobile Scan service performed a dynamic analysis by placing a proxy in line to the mobile app, which allowed technicians to replay various attacks and coupled it with a thorough forensic analysis of the application on the device to identify vulnerabilities that exposed customer data. 25 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 26. Fitting Strategy to Your Need 1. Hire 2. Prioritize 3. Specialize 4. Automate 5. Train 6. Borrow 7. Rent 8. Quality/Quantity 26 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 27. Cenzic Can Help  Train your people  Give them better gear  Have someone else carry the baton 27 Cenzic, Inc. - Confidential, All Rights Reserved.
  • 28. Questions? request@cenzic.com or 1.866-4-Cenzic Blog: https://blog.cenzic.com www.cenzic.com | 1-866-4-CENZIC (1-866-423-6942)