O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

O'Reilly Security Conference 2017 - New York, NY

Video Description

Security NYC 2017 provided a hype-free, lessons-learned examination of the sophisticated practices and cutting-edge techniques some of the world's best security professionals use to protect their networks, clouds, and data. Defining the speakers who presented at Security NYC 2017 as some of the "world's best" is not hype—it's the truth. The individuals chosen to speak were peer reviewed by a 40-person program committee consisting of in-the-trenches security practitioners working at companies like American Airlines, Microsoft, MedSec, White Ops, Endgame, Snyk, Fastly, Starbucks, Signal Sciences, VeraCode, and more. Containing 50+ hours of material, this video compilation provides a complete recording of each of the keynote speeches, tutorials, and technical sessions delivered by this esteemed group. A few of the conference's highlights are listed below.

  • Hear Ruchi Shah (Google) describe the 15 security issues that worry Google the most
  • Listen as Matt Stine (Pivotal) defines the three most critical principles of cloud-native security
  • Watch Jen Ellis (Rapid7) outline the crisis communication strategy to follow when systems are breached
  • Learn from the "Teachable Moments" sessions where security successes and failures are openly discussed
  • Discover how Alexandra Ulsh (Mapbox) launches and runs highly successful bug bounty programs
  • See Alex Pinto (Niddel) demo automated threat hunting techniques that incorporate analyst intuitions
  • Watch Jack Naglieri (Airbnb) survey the top techniques to build, deploy, and debug serverless security
  • Take in Michee Smith's (Google) analysis of the pluses and minuses of transparency reporting
  • Hear Jason Hoenich's (Habitu8) call for an industry shift to a better form of security awareness
  • Get tutorials on maximizing container security, automated assessment tools, and common threat defenses
  • See the winners of the 2017 O'Reilly Defender Awards and learn why they were chosen
  • Enjoy unlimited access to Security 2017 NYC's keynotes, tutorials, and technical sessions
  • View it all right here on Safari

Table of Contents

  1. Keynotes
    1. Great software is secure software. - Chris Wysopal (Veracode) 00:17:51
    2. The Dao of defense: Choosing battles based on the seven chakras of security - Katie Moussouris (Luta Security) 00:22:09
    3. Enterprise security: A new hope - Haroon Meer (Thinkst) 00:20:32
    4. Why cloud-native enterprise security matters (sponsored by Pivotal) - Matt Stine (Pivotal) 00:04:54
    5. Empowering through security - Fredrick Lee (Square) 00:25:03
    6. Building a culture of security at the New York Times - Runa Sandvik (New York Times) 00:20:06
    7. An infinite set of security tools - Window Snyder (Fastly ) 00:11:49
    8. 2017 O'Reilly Defender Awards - Rachel Roumeliotis (O'Reilly Media), Allison Miller (Google) 00:09:32
  2. Sponsored
    1. Autonomous cyberdefense: AI and the immune system approach (sponsored by Darktrace) - Justin Fier (Darktrace) 00:43:03
    2. The new security playbook: New regulations, new threats, and a data-centric approach (sponsored by Vera Security) - Prakash Linga (Vera Security) 00:35:12
    3. Effective security in zero-trust environments (sponsored by Duo Security) - Taylor McCaslin (Duo Security) 00:32:43
    4. Supercharge your SIEM with Cloudera - TJ Laher (Cloudera) 00:19:26
  3. Security usability
    1. Security by the numbers: Improving the security of online content through transparency reporting - Michee Smith (Google) 00:38:35
    2. Security + design * data science: A bot story - Bobby Filar (Endgame), Rich Seymour (Endgame) 00:38:25
    3. DevSec: Continuous compliance and security with InSpec - Christoph Hartmann (Chef Software), Dominik Richter (Chef Software) 00:33:28
    4. It's us, not them: Exploring the weakest links in security - Jessy Irwin (Jessysaurusrex) 00:39:21
    5. Shifting to security awareness 2.0 - Jason Hoenich (Habitu8) 00:38:27
    6. BeyondCorp: Beyond “fortress” security - Neal Mueller (Google), Max Saltonstall (Google Cloud, Office of the CTO) 00:39:43
  4. Bridging business and security
    1. Cyber-risk decision making: How boardrooms view digital threats - Yong-Gon Chon (Focal Point Data Risk), Wade Baker (Cyentia Institute) 00:46:37
    2. Enterprise SaaS startups: The business case for security - Kyle Randolph (Optimizely) 00:39:43
    3. Weathering the storm: The art of crisis communications - Jen Ellis (Rapid7) 00:39:34
    4. Strike back against legacy software vulnerabilities - Jay Kelath (Dow Jones) 00:36:07
    5. Embracing security as a culture: Users aren't the problem; they're remotely deployed sensors. - Chester Wisniewski (Sophos) 00:42:44
    6. Sensible Conversations about security - Jim Gumbley (ThoughtWorks) 00:38:36
    7. Top 15 things we wish every company had already done before acquisition - Ruchi Shah (Google), Michael Sinno (Google) 00:41:33
    8. She blinded me with science: Understanding misleading, manipulative, and deceptive cybersecurity - Josiah Dykstra (Department of Defense) 00:39:09
    9. A system dynamics approach to CNO modeling - Sara Mitchell (Carnegie Mellon University) 00:22:33
    10. Security and UX: Making the digital world safer, one experience at a time - Gwen Betts (Komand) 00:38:56
  5. Security analytics
    1. Malicious CDNs: Tracking botnets using open source SSL data - Thomas Mathew (Cisco Umbrella (OpenDNS)), Dhia Mahjoub (Cisco Umbrella (OpenDNS)) 00:47:34
    2. Inside the bad actor's studio - Julian Wong (DataVisor) 00:56:08
    3. Predicting exploitability with Amazon Machine Learning - Michael Roytman (Kenna Security) 00:36:13
    4. Contextualizing your Splunk logs - Quiessence Phillips (Barclays) 00:29:22
    5. Toward a threat-hunting automation maturity model - Alex Pinto (Niddel) 00:40:47
  6. Tools and processes
    1. Travel computing security: Old and new problems - Ryan Lackey (ResetSecurity) 00:41:43
    2. Symbolic execution for humans - Mark Mossberg (Trail of Bits) 00:38:35
    3. Going serverless: Security outside the box - Jack Naglieri (Airbnb), Austin Byers (Airbnb) 00:40:54
    4. Using security champions and automation to create an effective SPLC - Taylor Lobb (Adobe), Julia Knecht (Adobe) 00:41:02
    5. How to launch and run a successful bug bounty program: A security team perspective - Alexandra Ulsh (Mapbox) 00:38:31
    6. Zero-trust networking: Never trust, always verify - Harry Sverdlove (Edgewise Networks) 00:43:19
    7. Consensual software: Prioritizing user trust and safety - Danielle Leong (GitHub) 00:28:44
    8. The Razor's Edge - Cutting your TLS baggage - Jan Schaumann (The Internet) 00:36:44
  7. Teachable moments
    1. "Build me a world-class security program in three months" - Christie Terrill (Bishop Fox) 00:38:06
    2. Security and privacy: Together in good times and bad - Tom Cignarella (Adobe), Jennifer Ruehr (Adobe) 00:38:30
    3. Securing existing AWS infrastructure - Devina Dhawan (Etsy) 00:37:16
    4. Internal bug hunts: Squashing security bugs on a budget - Pieter Ockers (Adobe) 00:38:47
    5. Router security - Michael Horowitz (Self-Employed) 00:41:05
  8. Tutorials
    1. Applying container and Docker security - Ben Hall (Katacoda | Ocelot Uproar) - Part 1 1:01:54
    2. Applying container and Docker security - Ben Hall (Katacoda | Ocelot Uproar) - Part 2 00:58:26
    3. Web security analysis toolbox - Ido Safruti (PerimeterX), Amir Shaked (PerimeterX) - Part 1 00:58:57
    4. Web security analysis toolbox - Ido Safruti (PerimeterX), Amir Shaked (PerimeterX) - Part 2 1:00:27
    5. Web security analysis toolbox - Ido Safruti (PerimeterX), Amir Shaked (PerimeterX) - Part 3 00:54:37
    6. Finding the vulnerability first and fast - Kevin Poniatowski (Security Innovation) - Part 1 00:53:48
    7. Finding the vulnerability first and fast - Kevin Poniatowski (Security Innovation) - Part 2 00:45:38
    8. Secure coding practices and automated assessment tools - Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison) - Part 1 00:40:43
    9. Secure coding practices and automated assessment tools - Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison) - Part 2 00:45:58
    10. Secure coding practices and automated assessment tools - Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison) - Part 3 00:43:17
    11. Secure coding practices and automated assessment tools - Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison) - Part 4 00:47:58
    12. Reversing the kill chain: An actionable framework for defending against common threats - Amanda Berlin (NetWorks Group) - Part 1 00:54:36
    13. Reversing the kill chain: An actionable framework for defending against common threats - Amanda Berlin (NetWorks Group) - Part 2 00:59:14
    14. Reversing the kill chain: An actionable framework for defending against common threats - Amanda Berlin (NetWorks Group) - Part 3 00:47:34