Risk Based Security, FIRST & San Juan – What A Combination!

Every year Risk Based Security attends and presents at a variety of industry events, with the FIRST annual conference being one of our favorites.  For those unfamiliar with FIRST, it is a close-knit community of incident response professionals with a long tradition of members working collaboratively on special interest topics and sharing information with the larger security community.

This year, Risk Based Security’s CISO Jake Kouns has been selected to present two sessions at FIRST’s June conference in San Juan. “The annual FIRST conference is one that we look forward to attending and sharing our research every year.  ” said Kouns. “The FIRST community being so diverse, is a great place to share and get amazing feedback on handling security issues. “ he added.

The initial session on the schedule, titled OSS Security: That’s Real Mature Of You! teams up Kouns with Christine Gadsby of BlackBerry. The two will be speaking on open source software (OSS) and the significant challenges it creates for practically every company – not just software developers. OSS and third party libraries have been embraced as efficient and inexpensive tools for building products. They are readily available, free to use and presumably contain fewer vulnerabilities since the code is open for review. But are they more curse than blessing? The session will dive into the very real risks of using OSS, including the challenges of proper vulnerability mitigation and the true costs of these “free” tools. More than just theory, Ms. Gadsby will be providing case studies highlighting relevant BlackBerry experience with OSS and will introduce a customized OSS Maturity Model, useful for walking through the maturity stages for in-house software development.

The session will be on Monday June 12th from 2pm to 3:30 in the Auditorium.

The second talk, These Aren’t The IR Processes You’re Looking For, focuses on the role of cyber insurance and the impacts both good and bad on incident response. There has been much speculation around whether cyber insurance can be a force for driving better security practices. So far there is little evidence cyber insurance is changing how organizations manage their security risk – but there is plenty of evidence of cyber insurance is influencing incident response processes. That means responders need to understand the basic requirements of these policies in order to maximize their benefits. The session will take a closer look at those requirements as well as the intersection between the IR and claim handling processes.

Look for this presentation on Tuesday, June 13 from 4pm – 4:30 in San Geronimo B.

If you’re planning to be in Puerto Rico this year, we’d welcome the opportunity to get together and say hello. Come spend some time at the RBS suite or join us at our cocktail reception at the Blue Martini Lounge. If you would like to attend the event please sign up and we will be in touch with details.  

We hope to see you there!