Hear it from the CISOs: Real-Life BAS Success Stories скачать в хорошем качестве

Hear it from the CISOs: Real-Life BAS Success Stories

CISO panel on Breach and Attack Simulation (BAS) with Jaime Rodriguez of Sutter Health and John Sapp, CISO at Texas Mutual Insurance, hosted by Picus Security. The discussion covers BAS as continuous validation in regulated environments, integrating threat intelligence with MITRE ATT&CK, building Splunk workflows, CTEM strategy and board-ready metrics, measuring time to detect and time to respond, and why preemptive security matters when time to exploit can be less than a day. The panel also explores AI in security validation, AI governance aligned with the NIST AI Risk Management Framework, mapping crown jewels, validating attack paths, and reporting true exposure and resilience. 00:00 Welcome and panel introductions Sutter Health and Texas Mutual Insurance with Picus Security 00:40 Why BAS as continuous validation in regulated environments 02:40 Measuring time to detect and time to respond with repeatable simulations 04:20 CTEM strategy linking attack surface management breach and attack simulation vulnerability management and risk 05:10 Mapping crown jewels and validating attack paths 06:25 Threat intelligence with MITRE ATT&CK and Splunk playbooks validation 07:40 Running simulations reviewing what failed and improving alerts 09:00 Board ready reporting exposure resilience and outcome metrics 10:30 Practical steps to start BAS lessons from the field 12:40 AI in security validation and governance alignment with the NIST AI Risk Management Framework and Texas responsible AI governance act 13:45 Final takeaways and close