SECURITY OBSERVABILITY SUMMIT

    SEE MORE OF WHAT MATTERS

    WATCH ON DEMAND

    ONE INSPIRING KEYNOTE
    TWO COMPREHENSIVE BREAKOUTS
    NINE EYE-OPENING SESSIONS

    KEYNOTE

    gene.headshot

    GENE KIM

    Best Selling Author, Researcher, and Award-Winning CTO

    KEYNOTE | DevOps, Security, and Observability: The Five Ideals

    Too often, efforts to integrate DevOps and security are hamstrung by the lack of observability. Legacy application security simply does not observe the routes software executes and securing and protecting software becomes a guessing game. Discover what five ideals are crucial for organizations to pivot to application security with observability at its center.

    DEDICATED SESSION

    dedicated_tanya_janca

    TANYA JANCA

    Founder and CEO at We Hack Purple Academy

    SESSION | SECURITY METRICS THAT MATTER

    Outnumbered AppSec professionals will never have enough time, money, and resources to implement and manage every layer of defense you feel is needed. This means you must work smarter. Learn which metrics truly matter and which “vanity” metrics you can safely ignore, enabling you to work most effectively in securing and protecting applications.

    BREAKOUT SESSIONS

    FIND ALL RECORDING AVAILABLE ON-DEMAND

    Willliams_Jeff_High Res 2 (square small)

    Jeff Williams

    CTO and Co-Founder at Contrast Security

    SESSION | Software Observability Made Easy: The Java Observability Toolkit

    The new open-source Java Observability Toolkit (JOT) project from OpenO11y.org enables you to ask almost any question of your software and to get answers—all without any programming. Use predefined agents created by the OpenO11y community or create your own in a simple YAML format. Learn how to leverage the JOT project, how to get involved, and what the future of the JOT project looks like.

    breakout_derek_weeks

    Derek E. Weeks

    VP at Sonatype and Co-Founder of All Day DevOps

    SESSION | Speed Is “King” for Application Security: Lessons from Top and Bottom Performers

    Once an open-source component has been infected, hundreds to millions of unsuspecting developers become an “army” working for the cyber criminals. It takes a mere second for these exploits to produce returns. This session will examine software release and upgrade data and security hygiene practices across 24,000 development teams to pinpoint what top and bottom performs in AppSec are doing to secure their use of open source.

    breakout_david_zendzian

    David Zendzian

    Executive Technical Advisor, Security & Compliance at VMWARE TANZU

    Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eius mod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

    breakout_steve_white

    Steve White

    Executive Technical Advisor, Security & Compliance, VMWARE TANZU

    Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eius mod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

    SESSION | Application Life Cycle in a Containerized World

    Nearly half of organizations indicate they have delayed moving an application into production due to security concerns about their container. This interactive presentation will examine these dynamics and draw upon real-world examples of how VMware customers have overcome container security challenges and adopted modern application architectures.

    Breakout 1 Continue

    LarryMaccherone-Comcast1017

    Larry Maccherone

    Distinguished Engineer, DevSecOps Transformation at Comcast

    SESSION | DevSecOps Transformation at Scale at Comcast

    Security teams believe that policy enforcement is their biggest lever. But it rarely moves the needle and creates a tense relationship between security and development teams. Attend this session to get a step-by-step framework for a full DevSecOps cultural transformation that is adaptable for any industry, maturity, or environment and discover how Comcast is using it to build trust between security and development teams.

    SESSION | SECURITY METRICS THAT MATTER

    Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do consequat.

    breakout_ann_johnson

    Ann Johnson

    Corporate VP of Security, Compliance, Identity Business Development at Microsoft

    SESSION | New Security Paradigms Shape Software Observability

    Security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences. Discover the trending security paradigms that are influencing security observability and shaping the future of cybersecurity.

    breakout_craig_goodwin

    Craig Goodwin

    CHIEF PRODUCT & STRATEGY OFFICER AT CYVATAR | ­FORMER CHIEF TRUST AND RISK OFFICER AT FUJITSU

    SESSION | Seeing Is Believing: Building a Demonstrable Security Program with Observability

    While security metrics are valuable, the concept of observability helps security leaders to drive improvements in overall security performance, manage incident resolution better, and build repeatable action plans to remediate and eventually prevent incidents. Learn how you can use observability to build a comprehensive security program—from questions on how to get started to examples of observability in action.

    breakout_aaron_rinehart

    Aaron Rinehart

    CTO and Co-Founder at Verica

    SESSION | DevSecOps and Security Chaos Engineering

    Security-focused Chaos Engineering injects security turbulent conditions or faults into an application to determine the conditions by which it will fail so that developers can fix it before it is exploited. Discover how to use Chaos Engineering to develop a learning culture in DevSecOps and how to practically apply it to enhance application performance, resilience, and security.

    George Gerchow 2

    GEORGE GERCHOW

    CISO at Sumo Logic

    SESSION | Using Observability to Build the Modern Security Operations Center

    Continuous security intelligence and effective risk management is powered by observability. Yet, the emergence of digital innovations such as microservices and the CI/CD pipeline and explosion in APIs enabling disparate cloud infrastructures creates significant challenges. This session will uncover the key observability ingredients required to build and operate a modern security operations center.

    SESSION | SECURITY METRICS THAT MATTER

    Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do consequat.

    WATCH ALL SESSIONS ON DEMAND

    Fill out form below to gain access to all summit videos.

     

    form_t-shirt

    Contrast Security is the world's leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.