Greetings, everyone! Whether it's morning, afternoon, or evening for you, I'm thrilled to welcome you to today's panel discussion on a topic that's gaining momentum in the cybersecurity realm: External Attack Surface Management (EASM). My name is Paul Delloo, and I have the privilege of serving as the Senior Vice President of Sales and Business Development Partnerships at Fire Compass. Today's session, organized by the CISO Platform, delves into why industry analysts like Gartner are emphasizing the importance of EASM, a term that's bound to become a mainstay in our industry's lexicon. Throughout our discussion, esteemed cybersecurity leaders will provide invaluable insights into common use cases, comparisons with existing frameworks, and effective strategies for EASM implementation.
Here is the verbatim discussion:
hello everybody good morning good afternoon and good evening I think we have folks from every every part of the of the planet which is great um my name is Paul delloo I'm the senior Vice President of Sales and business development business Partnerships here at fire Compass um I have the distinct honor today of Hosting uh what I I hope and I know will be a very informative and interactive panel um with some very talented uh cyber security leaders um this session just so let everybody know has been organized by the siso platform uh topic for our discussion today why is the gardener group uh talking about external attack surface management a new acronym that we're all going to start to see we don't have enough acronyms in our business right our industry so called easm so our panelists will give you some critical insights common use cases talk a little bit about some comparisons and and contrast with a lot of the different types of uh of of again Gardener and Industry Forester and Industry acronyms that we see out there as it relates to the concept of of a tech surface Recon and and and surface management as well as exploitation and continuous testing um and talk a little bit how it relates to the miter Tech framework uh this SE session today will be a precursor to the 13th annual ciso platform Summit which will uh which will take place next week on I believe June the 2D and 3 so it's a little little little teaser um in advance of the sessions uh that we'll all be a part of next week um we're going to touch upon understanding a little bit about this um especially in where we are in our our up crazy little upside down world that we're all living in today um understand a little B more about the external attx surface management use cases the use of esm effective strategies that are being deployed by industry leading organizations both from a direct end user perspective as well as partner perspective um and how testing external perimeters uh can validate what can and cannot be discovered so I like to use the term unknown unknowns um and that's an area that easm is really focusing on and uh we're seeing some very very interesting and very positive results um so without further Ado let me introduce the the members of our panel I will go one by one and let them talk about themselves because I what I what I say will not do them Justice in their in their exploits in their past um Ed Ed Adams like to introduce you uh to say a little few lines about yourself sir hello thank you Paul welcome everyone uh I am Ed Adams I'm the president and CEO of security innovation an organization that specializes in software security I'm also a research fellow for The pomon Institute and I am a leader and board member for the international Consortium of minority cyber Security Professionals otherwise known as icmcp happy to be on this pannel thank you ed thanks very much appreciate it.
Highlights:
Understanding EASM:
- Addressing the emergence of EASM and its significance in modern cybersecurity practices.
- Exploring its relevance amidst the evolving threat landscape and increasing digital complexities.
Introducing the Panelists:
- Ed Adams: President and CEO of Security Innovation, renowned for expertise in software security and contributions to industry initiatives like the International Consortium of Minority Cyber Security Professionals (ICMCP).
Key Discussion Points:
- Use Cases: Unveiling common scenarios where EASM proves instrumental in mitigating risks and bolstering organizational security.
- Strategies and Comparisons: Analyzing effective strategies deployed by industry leaders, juxtaposed with existing frameworks like the MITRE ATT&CK framework.
- Role in Continuous Testing: Exploring how EASM facilitates continuous testing and validation of external perimeters, uncovering 'unknown unknowns.'
Teaser for CISO Platform Summit:
- Previewing insights to be further explored at the upcoming 13th Annual CISO Platform Summit on June 2nd and 3rd.
As we embark on this journey into the realm of EASM, guided by the expertise of our esteemed panelists, we anticipate gaining a deeper understanding of its implications for modern cybersecurity. From use cases to effective strategies and beyond, today's discussion promises to equip us with actionable insights to navigate the complexities of securing external attack surfaces in our ever-evolving digital landscape. Thank you for joining us, and let's delve into the world of EASM together.
Speakers:
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.
https://www.linkedin.com/in/edadamsboston
Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.
https://www.linkedin.com/in/pauldibello11
Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.
https://www.linkedin.com/in/tejasshroff
Comments