Back to qualys.com

Countdown to Black Hat: Top 10 Sessions to Attend — #1

Black Hat USA 2019 offers a packed and impressive lineup of research briefings and hands-on training courses for the 19,000-plus security pros expected to attend this year’s event.

The training sessions provide both offensive and defensive skills that security pros can use to tackle critical threats affecting applications, IoT systems, cloud services, and more. Meanwhile, the briefing sessions feature cutting-edge research on the latest infosec risks and trends. All sessions are led by expert trainers and researchers.

To help attendees decide which sessions to choose, we’ve selected ten that we think will be particularly relevant and valuable for Qualys customers, and we’ll highlight one each week here on our blog. Here’s our first recommendation: Advanced Cloud Security And Applied Devsecops.

This highly technical course delves deep into practical cloud security and applied DevSecOps for enterprise-scale cloud deployments, and focuses on IaaS and PaaS.

“Real-world cloud security is most definitely not business as usual. The fundamental abstraction and automation used to build cloud platforms upends much of how we implement security. The same principles may apply, but how they apply is dramatically different, especially at enterprise scale,” reads the course abstract.

The instructor is Rich Mogull, CEO of infosec research and advisory firm Securosis. A former research vice president on Gartner’s security team, Mogull has 20 years of experience in infosec, physical security, and risk management. He currently specializes in cloud and DevOps security.

The two-day course is intended for technical security professionals wanting to expand their hands-on knowledge of cloud and DevOps security at enterprise scale. These are the course’s main takeaways:

  • Building enterprise-scale secure cloud architectures
  • Implementing and managing enterprise security at cloud scale
  • Leveraging DevSecOps and automation to build more secure applications and run security operations at the speed of cloud

Why we’re recommending it

In pursuit of digital transformation benefits, organizations are aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, Google Cloud, and Microsoft’s Azure. Teams tasked with securing these new environments quickly find out that a different approach is required to successfully protect them from cloud-specific threats.

For example, it can be difficult to adapt and map on-premises security controls and processes to public clouds. Organizations also may lack the know-how, processes and tools needed to secure public clouds. And yet they must protect their data and assets on these platforms.

Another challenge is when security teams are called upon to embed security tools and processes transparently into DevOps CI/CD (continuous integration and delivery) pipelines on their public clouds, so that security and compliance tasks are automated throughout the software lifecycle.

Consequently, getting up to speed on how to protect public cloud deployments and how to secure DevOps pipelines is becoming critical for enterprise security teams. That’s why we believe this course would be a worthwhile one to attend.

Qualys at Black Hat USA 2019

A Diamond Sponsor, Qualys will again have a major presence at Black Hat USA 2019, which runs from Aug. 3-8 at the Mandalay Bay in Las Vegas. We’ll be there explaining how we can help organizations protect their hybrid IT environments without slowing down their organizations’ digital transformation.

We invite you to stop by our booth (#204), enjoy a cup of coffee from our Nespresso bar, and chat with our product managers and technical account managers. We’ll raffle hi-tech prizes and give out tote bags after each presentation, including:

  • Exclusive product previews, including of our new Threat Detection and Response Platform
  • Best practices presentations from leading enterprises
  • An overview of how Qualys Cloud Platform, our end-to-end security and compliance solution, gives you a real-time, holistic view of your threat landscape, and comprehensive capabilities for attack prevention and incident response

If you’re interested in real-world examples of DevOps and public-cloud security, you might find these two case studies interesting:

Capital One: Building Security Into DevOps

Ancestry: On the Vanguard of DevOps Security

Leave a Reply