On April 28, SafeBreach held its first-ever Validate Summit at Levi’s Stadium—home of the San Francisco 49ers and recognized as the world’s most high-tech stadium—in Santa Clara, California. This in-person event brought together top cybersecurity leaders and innovators to discuss the changing requirements to build and optimize a proactive security organization.
Cybersecurity is often defined by defensive actions, but recent disruption has prompted organizations to reapproach their strategies. A shift to the offensive line can help security leaders achieve this, and at Validate 2022, we explored the key tools, approaches, and frameworks to make this possible.
Validate 2022: Replay & Takeaways
SafeBreach CEO and co-founder Guy Bejerano kicked off the day’s packed agenda with a rousing welcome to our connected community and a call to arms for us to be better together. Srinivas Tummalapenta, distinguished engineer and CTO of IBM Security Services, followed with his unique perspective on preventing business disruption in our ever-transforming digital world. He outlined a two-pronged approach enterprises can take through the threat management lifecycle to improve resiliency, focusing on the importance of preparing detection and protection technologies along with reliable analytics and an analyst support engine.
Next, David Spark, producer, managing editor, and co-host of the CISO Series, led an interactive session focused on the challenges modern security organizations face today, including the staggering statistic that 54% of security professionals will look to leave their job within 12 months.
Attendees took to the mic to share how their security operations center (SOC) teams are feeling the pressure of ever-increasing responsibilities, relentless noise and false positives, and a barrage of difficult-to-answer questions about their organization’s level of preparedness. But it wasn’t all bad news—attendees also shared the steps they are taking to help relieve SOC burnout and stress, including:
- Creating opportunities for team members to express their needs and showing progress on addressing them
- Providing more modern technology—like breach and attack simulation (BAS) and other automated tools—to help reduce their workload
- Engaging team members with educational and career development opportunities so they see a path forward within the organization
- Ensuring leadership plays an active role in showing appreciation for SOC team efforts
Spark lit the fuse for a fireside chat focused on zero trust and BAS between Martin Walter, senior director of product management at Zscaler, and SafeBreach CTO and co-founder Itzik Kotler. They explored how BAS helps organizations improve security posture by providing a comprehensive view of the entire security ecosystem along with an understanding of how to better optimize security tools. They also discussed how BAS-generated data can help drive better security and detection at any stage of the kill chain and that being able to automate responses is imperative as the threats themselves are becoming more and more automated.
Lou Fiorello, VP and GM of security products at ServiceNow, followed with a discussion on cyber resilience and the threats, challenges, and opportunities he sees security teams facing today. He shared how SafeBreach and ServiceNow are working together to create enhanced solutions for greater control visibility, security effectiveness, risk-based vulnerability management, and advanced security posture management
Rounding out the morning sessions, we were honored to have the Andrews—Andrew Douglas, managing director of cyber risk services, and Andrew Rafla, principal of cyber risk services—of Deloitte take the stage for a lively conversation around going on the offense with adversarial simulation and how BAS has become a key part of their attack surface management lifecycle, helping them:
- Evaluate technology-purchasing decisions
- Access threats from a zero trust perspective
- Clearly identify gaps with empirical data
- Test security posture in a way that’s predictable, safe, and scalable
- Allow red teams to focus on higher-gain activities, rather than basic testing
- Share easily consumable results with executive stakeholders
Our afternoon began with a product roadmap presentation from Yotam Ben Ezra, SafeBreach’s chief product officer, where he unveiled our latest platform enhancement to help security operations scale red-team attack scenarios across their entire enterprise in a no-code/low-code environment. This was followed by breakout labs with SafeBreach’s product managers and maestros Shira Akov and Eliazer Sikuriansky, who demonstrated these latest capabilities for eager participants.
Next, Kasey Cross, senior product marketing manager of Palo Alto Networks, shared how to validate your defenses with MITRE ATT&CK. She detailed how the SafeBreach and Cortex XSOAR integration enables closed-loop automated breach remediation, giving users the ability to discover security gaps in real time, remediate and validate risks, and maximize the value of existing security controls.
And going out with a bang, we were treated to a dynamic panel discussion moderated by Richard Stiennon, research analyst and author of the forthcoming Security Yearbook 2022, on building resilience and other forward-looking industry trends with Jimmy Sanders, VP of information security of Netflix; Ashley Baich, security consulting senior analyst of Accenture; and our own CISO, Avi Avivi.
While the group agreed that resilience looks different to every organization—depending on their focus (e.g., ensuring data privacy vs. preventing service disruption), their technology stack, and their customers—one thing remains the same: it’s about more than just tech. People and processes also play a critical role in resiliency, and forward-thinking organizations are finding ways to inject resilient practices into all three areas.
To wrap it up right, we toasted a successful day of leading-edge security sessions with a networking reception and wine tasting at the stadium’s state-of-the-art 49ers Museum. A good time for all—football fans and the indifferent alike.
Security Is a Team Sport
After two years of virtual events, it was exhilarating to gather in person once again for Validate 2022. This summit marked the next critical play in SafeBreach’s game plan to foster a formidable cybersecurity community and elevate enterprise security programs from defense to offense.
A gigantic thank-you goes out to our wonderful attendees and speakers for helping us set the bar high with this inaugural event. And special props to the behind-the-scenes SafeBreachers who made it all happen.
Stay tuned for more valuable insights coming out of this event, and watch for details to emerge later this year about how you can attend Validate 2023.