With the exponential growth and agility of development activities, it is imperative that development, security, and operations personnel work collectively to produce the highest quality of service with a strong focus on risk reduction. The 2023 DevSecOps Survey will examine several indicators of secure DevOps maturity retrospectively from the prior years' survey responses. As a part of the survey, we will analyze the accelerated nature of CI/C...

This program, from SANS and Sinclair Community College, in collaboration with the National Science Foundation (NSF), is designed to engage and empower underrepresented student groups, including women, Black, African American, Latino(a), Hispanic and Indigenous students, providing them with an opportunity to excel in cybersecurity education this summer and prepare them for future jobs. Sinclair hosts the program website: https://sinclairwfd.reg...

In the world of application security, the influx of alerts has reached overwhelming levels, making it increasingly challenging to effectively monitor and respond. This surge in alerts often leads to unresolved issues and persistent vulnerabilities. Are we sounding the alert too frequently? Is there a way to strike a balance between reducing the noise and maintaining robust security?In this webinar, we bring together industry experts to delve i...

When a cloud service provider (CSP) says they are using encryption, that's when you know you need to dig deeper into the details rather than succumb to the Jedi mind tricks of encryption. "You can trust us. We use encryption." We will cover BYOK -- what it actually is - and misconceptions, along with end-to-end encryption. Where do you use encryption? How do you perform encryption? How do you protect the keys throughout the key management life...

Everyone has alerts and everyone has different forms of intelligence they use to try and detect, research, and respond to a threat within their environment. As a security practitioner, you know the process and time involved to “connect the dots” between the intelligence available and what is in your environment is often time consuming and requires a good deal of knowledge to correlate. These are all the realities of the world we cu...

The cloud is considered the new frontier of technology, but it is no longer novel. The COVID-19 pandemic led companies to the cloud at a breakneck pace. Different organizations during this same period evolved from single-cloud organizations to multi-cloud organizations. The various cloud providers offer a wide variety of services that fit organizations' needs on a case-by-case basis. The multi-cloud environment introduces a new problem for Thr...

Join us for the 10th annual SANS Security Awareness: Managing Human Risk Summit to learn, connect, and share with thousands of fellow security awareness, behavior and culture professionals from around the world. For this year’s event you have the choice of attending live online or in-person*. The 2023 Summit will feature: In-depth Summit Talks - The industry's top practitioners will share their latest research, technologies, and case stu...

This workshop is a hands-on session focused on creating custom Nmap NSE scripts tailored for the CISA Known Exploited Vulnerabilities Catalog. In this 2-hour workshop, participants will learn essential NSE scripting skills, with a specific emphasis on detecting vulnerabilities listed in the catalog. The workshop begins with an introduction to Nmap and NSE scripting, highlighting their significance in identifying and addressing known vulnerabil...

Detection engineering has evolved into an art, contributing to the success rates of endpoint and network detection and response tooling capabilities. Used to effectively counter the increasing complexity of today’s cyber threat actors, high-fidelity detections can help an organization discover threats earlier, neutralizing them before further damage can occur. Not all detections are created equally, however, and neither are detection opp...

Successful phishing attacks on end users and system administrators continue to be the factor that enables nearly 80% of damaging security incidents. Many companies are spending on user awareness and education programs but find it is hard to sustain initial gains in phishing awareness, recognition, and resilience and are lacking the data needed to develop and track meaningful awareness metrics. During this SANS WhatWorks webcast, SANS Director...