Black Hat 2019: Best sessions for SecOps

Yet again, it’s that time of year when the InfoSec community swarms to Las Vegas. It’s the 22nd annual Black Hat USA Conference. Anyone with a thirst for all things cybersecurity is guaranteed six full days of training courses, demos, briefings, and of course, plenty of opportunities for social networking.

We took some time to read through the sessions to find a few worthy of sinking your teeth into. Check them out!

  1. Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
    Wednesday, August 7 | 11:15 a.m. – 12:05 p.m.
    We live in an age where social media is the leading medium for many of us to stay connected, entertained and informed. But today’s varying social media platforms also position their magnitude of daily users as sitting targets for adversaries to implant malware, manipulate behavior and even sway public opinion. Social media malware has the potential to shape itself in myriad forms to target victims relative to its level of sophistication and potential foothold. Employing practical, secure approaches for understanding these tactics and techniques will hopefully provide professionals across the board the knowledge to help starve this clandestine enterprise.
  2. I’m Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy

    Wednesday, August 7 | 1:30 – 2:20 p.m

    The breadcrumbs we leave behind daily as we navigate throughout the digital world offer plenty of opportunities to construct profiles of our online personas. These products of our online human actions are known as behavioral identifiers, or “human side channels.” The three human side channels that will be highlighted in this talk are forensic linguistics, behavioral signatures, and cultural references. The discussion promises to explore how each of these can be used for offensive and defensive measures, as well as how the human factor can be deployed actively to aid in incident response, triage, remediation and perhaps even prevention.

  3. Controlled Chaos: The Inevitable Marriage of DevOps & Security
    Wednesday, August 7 | 4:00 – 4:50 p.m.

    Unfortunately, today’s model of security that has been serving most businesses was not built for velocity and will not sustain the acceleration of today’s cloud-centric world. In order to scale, security solutions must be lightweight, buoyant, agile and extensible. Breaking down the traditional silos and building a collaborative space to drive innovation will result in success from the outset. The marriage of security operations (SecOps) and DevOps bolsters an emerging mentality—one where innovation occurs not only from inside of an organization but from the outside as well. This mindset grants DevOps and security to build common ground, aiding in the alignment of security goals thus creating a straightforward path to agility and keeping up with the rapid pace of doing business.
  4. DevSecOps : What, Why and How
    Thursday, August 8 | 11:00 – 11:50 a.m.
    Building and facilitating a culture with continuous collaboration between engineers and security forces is becoming the new philosophy. DevSecOps is a mindset of integrating best practices for organizational security within a solid framework. Bolstering the what, the why and the how of DevSecOps will catapult innovative solutions for complex problems and software development processes. Working in today’s continuous delivery pipeline is forcing organizations across the board to rethink antiquated security models ultimately bridging the chasm between information technology and security. It’s time for the siloed mindset to be put to rest, increase communication between teams, and shoulder responsibilities throughout the entire institution.

*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Rebekah Wilke. Read the original post at: