Research & Risk
Presented by Tyler Reguly & Craig Young from Tripwire
Tripwire’s cybersecurity experts are presenting an eight-part webinar series with ISACA aimed at helping you sharpen your expertise with some of the most important cybersecurity tools and processes that are presently shaping our industry.
Craig Young will be discussing the Tactics, Techniques, and Procedures (TTPs) of security research. Attendees will walk away with a better understanding of security research goals and how they are achieved. I will discuss at a high-level all of the prominent techniques used by security researchers and give examples of tools or procedures for employing these techniques.
Afterwards, Tyler will provide a half hour dive into risk and prioritization. We'll look at how low, medium high became 1-5. Then we'll look at how those opaque values were given insight and definition before being muted by standards like CVSS and Azure's healthy/unhealthy states. Finally, we'll quickly touch on human problems that prioritization looks to solve, like avoiding burnout from Patch Fatigue.
Tyler Reguly is the Manager of Security Research and Development with Tripwire. At Tripwire, Reguly is a key member of VERT, Vulnerability and Exposure Research Team, where he focuses on vulnerability metrics and detection. He has also lent his expertise on various projects, including reverse engineering and web application security. He has been involved in industry initiatives, such as CVSS-SIG and WASSEC and has spoken at various security events, including RSA, SecTOR, and OWASP Toronto. Additionally, he has contributed to the Computer Systems Technology curriculum at Fanshawe College in London, Ontario, by developing and teaching a number of security-related courses. He is also frequently quoted in industry trade press and is a prolific blogger.
Craig Young is a key member of the VERT team at Tripwire, and has many achievements/credentials related to security research. Young has coordinated disclosure of 150+ CVE. Not only has he been a regular speaker/instructor at several information security conferences, but he has been the winner of 2018 Pwnie Award for Best Cryptographic Attack and also won 1st Place at 2014 DEF CON SOHOpelessly Broken CTF (10 zero days!) He is also a twice Published Author in USENIX Security Symposium.
Join us on Thursday, May 20, 2021, for the third webinar of this series.
Register today—we look forward to seeing you there. 1 CPE will be awarded!