Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Crowdsourced Cybersecurity
“Revitalizing Product Security at Zephyr Health”
2
Revitalizing Product Security at Zephyr Health
o Background to Zephyr Health’s Security Efforts
o Why Crowdsourced Securi...
3
Revitalizing Product Security at Zephyr Health
•  CISO of Zephyr Health since 2014
•  Responsible for strategic security...
4
Revitalizing Product Security at Zephyr Health
Zephyr Health + Security
•  Leading ‘insights-as-a service’ company harne...
5
Revitalizing Product Security at Zephyr Health
Bugcrowd Background
•  Started in 2012 by Casey Ellis (CEO) and Chris Rae...
6
Revitalizing Product Security at Zephyr Health
6
Bugcrowd Background
7
Revitalizing Product Security at Zephyr Health
Why Crowdsourced Security?
•  “We know we have bugs, we just need to find...
8
Revitalizing Product Security at Zephyr Health
Program Specs
•  Private vs. Public
•  What targets?
•  How many research...
9
Revitalizing Product Security at Zephyr Health
9
What’s next for bug bounties?
•  Move towards private programs
•  Use o...
10
Revitalizing Product Security at Zephyr Health
QUESTIONS?
10
Próxima SlideShare
Cargando en…5
×
Próximo SlideShare
How Portal Can Change Your Security Forever - Kati Rodzon at BSidesLV
Siguiente
Descargar para leer sin conexión y ver en pantalla completa.

Compartir

Revitalizing Product Securtiy at Zephyr Health

Descargar para leer sin conexión

Zephyr Health, a quickly growing company harnessing the power of global healthcare data, has spent the last year augmenting its’ product security efforts. With Bugcrowd’s help, they have transformed their development and overarching culture to prioritize security. Bugcrowd joins Zephyr Health’s CISO, Kim Green, to hear about how she came to understand and implement crowdsourced security testing within the organization.

  • Sé el primero en recomendar esto

Revitalizing Product Securtiy at Zephyr Health

  1. 1. Crowdsourced Cybersecurity “Revitalizing Product Security at Zephyr Health”
  2. 2. 2 Revitalizing Product Security at Zephyr Health o Background to Zephyr Health’s Security Efforts o Why Crowdsourced Security? o Starting Program with Bugcrowd o Results from the Program o Future of Crowdsourced Security Agenda
  3. 3. 3 Revitalizing Product Security at Zephyr Health •  CISO of Zephyr Health since 2014 •  Responsible for strategic security planning, corporate infosec ops, product security, risk & compliance •  25 years of experience in IT, data & product security, and compliance & risk management •  Experience in both private and public sectors •  On the security advisory boards for Authentic8 and Netswitch Kim Green @Kim1Green Speaker – Moderated by Chris Trainor
  4. 4. 4 Revitalizing Product Security at Zephyr Health Zephyr Health + Security •  Leading ‘insights-as-a service’ company harnessing the power of global healthcare data to address critical business and patient needs. •  Corporate Security very important in healthcare •  Started Product Security team in 2014 with Kim •  Since then have started many initiatives to require more secure coding practices •  Security team = Kim + Engineering Team •  Enter… Crowdsourced Security
  5. 5. 5 Revitalizing Product Security at Zephyr Health Bugcrowd Background •  Started in 2012 by Casey Ellis (CEO) and Chris Raethke (CTO) •  Based on the premise of the defenders dilemma •  Making internal bug bounty programs by Google, Etsy, Facebook, etc. available to everyone State of Bug Bounty Report 2015 •  19,300 researchers •  166 programs •  $724,014 paid out Download at http://bgcd.co/bcsbb2015  
  6. 6. 6 Revitalizing Product Security at Zephyr Health 6 Bugcrowd Background
  7. 7. 7 Revitalizing Product Security at Zephyr Health Why Crowdsourced Security? •  “We know we have bugs, we just need to find them” •  Motivating the Engineering Team to code securely •  Small team and budget, quick development cycle – great way to allocate budget smarter Why Bugcrowd?
  8. 8. 8 Revitalizing Product Security at Zephyr Health Program Specs •  Private vs. Public •  What targets? •  How many researchers? •  Management and Triage Results: •  How team responded •  Response time •  Learning experience •  Culture Change Setting up the Program
  9. 9. 9 Revitalizing Product Security at Zephyr Health 9 What’s next for bug bounties? •  Move towards private programs •  Use of bug bounties with product releases or updates •  Vendor relationships will be key
  10. 10. 10 Revitalizing Product Security at Zephyr Health QUESTIONS? 10

Zephyr Health, a quickly growing company harnessing the power of global healthcare data, has spent the last year augmenting its’ product security efforts. With Bugcrowd’s help, they have transformed their development and overarching culture to prioritize security. Bugcrowd joins Zephyr Health’s CISO, Kim Green, to hear about how she came to understand and implement crowdsourced security testing within the organization.

Vistas

Total de vistas

889

En Slideshare

0

De embebidos

0

Número de embebidos

4

Acciones

Descargas

10

Compartidos

0

Comentarios

0

Me gusta

0

×