Get unparalleled cyber security training from real-world practitioners in Miami. Save $300 today!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Case Study: See How Aruba Networks Uses Bug Bounties to Discover Vulnerabilities, Faster

  • Thursday, July 14th, 2016 at 11:00 AM EDT (15:00:00 UTC)
  • John Pescatore, Leif Dreizler, and Jon Green
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Bugcrowd

You can now attend the webcast using your mobile device!

Overview

Today's IT threats demand a more active role in detecting and responding to sophisticated attacks. Defenders can no longer simply press "scan" or hire a penetration test shop to protect their applications. That's where a crowd of bug hunters steps in, possessing the collective creative power to mimic bad hacker behavior in the wild.

Today, innovative companies are bringing thousands of good hackers to the fight, evening the odds and finding bugs before the bad guys do.

One of those companies leveraging the power of the crowd is Aruba, a Hewlett Packard Enterprise company. Last year, Aruba launched a private bug bounty program for its enterprise-grade Wi-Fi solution on Bugcrowd's CrowdControl platform. Since then, the initiative has led to the discovery and resolution of a number of vulnerabilities in Aruba's solutions, including its ClearPass Policy Manager.

John Pescatore will lead the discussion during this webinar, you will hear from Aruba's Senior Director of Security Architecture Jon Green on the drivers behind the Aruba bug bounty program, the process the program follows, and the ROI Aruba has seen from it to date.

Attendees will have the opportunity to see a short demo of Bugcrowd's crowdsourced testing platform Crowdcontrol.

What you will learn:
  • First-hand account of how bug hunters assess a target
  • Details on how Aruba leverages its bug bounty program to enhance the security of its networking solutions
  • Where bug bounties fit into the lifecycle of securing software
  • ROI of the modern bug bounty program

Speaker Bios

John Pescatore

John Pescatore (moderator) is the director emerging security trends for the SANS Institute. A former vice president and distinguished analyst at Gartner, Pescatore has over 30 years of experience in computer, network and information security. Prior to joining Gartner, he was senior consultant for Entrust Technologies and Trusted Information Systems and a security engineer for the U.S. Secret Service and the National Security Agency.


Leif Dreizler

As a Senior Security Engineer at Bugcrowd, Leif Dreizler works to build the internal security program and customize and security testing solutions for Bugcrowd clients. Prior to Bugcrowd, Leif spent over two years as a Senior Application Security Engineer at Redspin, performing application security assessments. He also served as the Application Security Team Lead, interfacing with clients at the engineering and sales level.


Jon Green

Jon Green, CISSP serves as CTO for Aruba Networks Government Solutions (part of Hewlett Packard Enterprise) and is responsible for ensuring that Arubaís enterprise mobility solutions meet the security and deployment requirements of government customers worldwide. Jon joined Aruba in 2003 and helped it grow from a small startup to todayís position as a leading provider of network mobility solutions. Prior to Aruba, Jon held technical, marketing, and sales positions with Foundry Networks, Atrica, Nortel Networks, and Bay Networks. Jon holds a B.S. in Information Security from Western Governorís University and a M.S. in Computer Science with a concentration in Information Security from James Madison University. When not playing with technology, he enjoys flying airplanes, learning to play the banjo, and cooking competition barbecue.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.