CISO 360 Dinner Roundtable:
How Are We Reducing Our Security Team’s Workload Through Automation?
Thursday 17 October 2024 | 17:30-21:30
Princess Ida and Patience Room
The Savoy | London
Processes like detecting, prioritising, fixing and explaining security vulnerabilities in software have long been manual and inefficient. Relations between security and developer teams have long been fraught with tensions. Today AI architectures can contextualise complex security data to automate these processes.
We are delighted to invite you to share strategies and tactics with fellow CISOs on both the challenges and opportunities inherent in secure software development while you enjoy the private dining setting at London’s iconic Savoy Hotel!
How can we as CISOs get the best out of software engineers? What tools support self-management and how do we remove the tension from devops and security once and for all? What role can AI play in this?
Key talking points include:
- How does your Product Security team currently work? Does your security team triage vulnerabilities before they reach developers?
- How do you maintain trust with developers?
- What strategies can you use to motivate developers to fix vulnerabilities?
- How do you scale security across a large organization?
- What experiments have you ran to use GenAI within your security team? How does this relate to company-wide AI initiatives?
- How are we using open-source resources and generative AI to identify, prioritise, and rectify security flaws?
Kindly sponsored by Nullify and hosted by Pulse Conferences, we look forward to your contributions to the discussion on how organisations are detecting, triaging, and fixing potential security issues!
We hope that you can join security peers for what promises to be a dynamic discussion held under The Chatham House Rule, as well as top culinary experiences and great company at The Savoy London.
Yours sincerely,
Team Pulse
Pulse Conferences
Practicalities
- Conducted under The Chatham House Rule.
- Co-chaired by a leading Chief Information Security Officer and the Co-Founder from exciting start-up, Nullify.
- Pulse Conferences is your Master of Ceremonies.
- There is no cost to attend. Places around the table are limited.
Sponsored by
Hosted by
About Nullify
Help your team reduce stress. You know your Product Security team is stressed out. Here are their responsibilities:
- Know the Product inside and out. All the codebases, how development is done, all the new features that are being released.
- Enforce security policies. Engineering security fix SLAs, secure coding standards.
- Security testing using a standard. OWASP, NIST, OSSTM.
- Securing the SDLC – threat modelling, manual code review, penetration testing, security sign-off, bug bounty, ongoing training.
- Building a great security culture & champions – organizing security education events, answering developer questions, and keeping your executive sponsor happy.
That is a lot of work. It is also why most good security engineers will end up at FAANG getting paid 400k a year, because those are the only places that can pay them enough to justify the long working hours and hostility from the engineers. Can you help your team reduce their areas of responsibility so they can focus more on the people aspects of security?
With Nullify, you can.
Nullify is an AI Product Security Engineer that helps your organization stay above the security poverty line. We replace application security testing, application security posture management, and automated remediation solutions so that your team can spend less time triaging vulnerabilities and more time cultivating a security culture.
Nullify uses AI to reverse api paths out of your code, and uses these to map repositories to hostnames defined in your Cloudfront distributions. These mappings are represented as edges between nodes in the Nullify Knowledge Graph which the AI investigation agents use to reason about the business risk of findings at a level that Snyk or Semgrep are unable to due to their lack of runtime context of the application. This also allows the Nullify Risk Insights Copilot to answer questions like “where do my applications have public endpoints exposing sensitive data?” and “where are my unauthenticated API endpoints?” Lastly, Nullify’s Pentesting AI Agent is able traverse these hosts and test them for authorisation, authentication and logic based bugs like a human pentester would – emulating an inside-out pentest by using the application’s code as context while it perform dynamic testing of the web app.
Discussion co-steered by:
Fellow CISO – to be announced
Tony Mao, Co-Founder, Nullify
Timings
17:30-18:30 Guests arrive to a welcome drinks reception
18:30-21:15 Discussion and 3 course dinner
21:15-21:30 Conclusions
PRINCESS IDA & PATIENCE ROOM
The Savoy London
Looking across Embankment Gardens towards the River Thames and with an excellent view of the iconic Westminster Bridge, this gracious Edwardian-style private dining room in London can be configured in a variety of layouts, making it ideally suited for small to medium sized lunches or receptions, a cocktail party or private afternoon tea, and formal or informal dining occasions. Princess Ida & Patience can be combined with the adjacent private room Pinafore, via a connecting door, if greater floorspace is necessary.
Named after the eighth and sixth Savoy Operas, Princess Ida & Patience started life as two of the original private rooms when The Savoy opened in 1889, but the dividing wall was removed in 1935. After several decades of modern redecoration, a major restoration in the late 1990s drew inspiration from original archive photographs of both rooms dated 1906, and the room now reflects its delightful Edwardian heritage.