Breaking Out of the Silo
Julian DeFronzo, Justin Pagano at BSides Boston 2016
Information Security teams are trying to manage increasingly complex IT and cloud environments at their organizations while also keeping pace with an ever-changing threat landscape. At the same time, there's a well-documented issue of unfilled security positions around the world.
For many teams this has inevitably led to security control gaps, operational failures, and, overall, insufficient security across virtually all industries.
A critical and necessary part of the solution to this problem for any organization is broad automation of disparate technologies and processes across the entire InfoSec lifecycle (protect to detect to remediate). There are a number of potential benefits of automating to this extent: more maintainable, auditable, maturable, predictable, and effective security programs.
In this presentation and the Q&A, the speakers will cover:
1. InfoSec programs' current state of affairs with fragmented, siloed automation
2. Strategy for approaching broad security automation
3. Examples of broad automation, including some at Rapid7 (current and future state)
Julian DeFronzo is a Security Engineer at Rapid7 with a diverse background in network security monitoring, incident response, and data analysis. He loves building microservices and playing with data. He is an avid runner and a BBQ enthusiast.
Justin Pagano, Information Security Lead at Rapid7, is a tall guy who loves dogs. He's also very passionate about InfoSec, science, grammar, and Oxford commas.
For many teams this has inevitably led to security control gaps, operational failures, and, overall, insufficient security across virtually all industries.
A critical and necessary part of the solution to this problem for any organization is broad automation of disparate technologies and processes across the entire InfoSec lifecycle (protect to detect to remediate). There are a number of potential benefits of automating to this extent: more maintainable, auditable, maturable, predictable, and effective security programs.
In this presentation and the Q&A, the speakers will cover:
1. InfoSec programs' current state of affairs with fragmented, siloed automation
2. Strategy for approaching broad security automation
3. Examples of broad automation, including some at Rapid7 (current and future state)
Julian DeFronzo is a Security Engineer at Rapid7 with a diverse background in network security monitoring, incident response, and data analysis. He loves building microservices and playing with data. He is an avid runner and a BBQ enthusiast.
Justin Pagano, Information Security Lead at Rapid7, is a tall guy who loves dogs. He's also very passionate about InfoSec, science, grammar, and Oxford commas.