Abstract image of a woman sitting on books and studying on a laptop

Can Security & Agility Co-Exist

Download as PPTX, PDF
Scott Carlson, profile picture
Scott Carlson

The document discusses the coexistence of security and agility in the context of PayPal's operations, emphasizing the importance of both in handling transactions efficiently and securely. It presents key financial metrics from Q2 2014 and outlines compliance with regulations and security measures. Additionally, it highlights the necessity for agile responses to cyber threats while ensuring ongoing security practices.

Technology
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Can Security and Agility Co-Exist? Arizona Technology Summit 2014 Scott Carlson – PayPal – September 17, 2014 © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
26 CURRENCIES SUPPORTED 152M ACTIVE REGISTERED ACCOUNTS 203 MARKETS OFFER PAYPAL 80 LOCALIZED MARKETING SITES GLOBALLY EUROPEAN UNION EURO AUSTRALIAN DOLLAR CANADIAN DOLLAR NEW ZEALAND DOLLAR HUNGARIAN FORINT MALAYSIAN RINGGIT UNITED KINGDOM POUNDS STERLING HONG KONG DOLLAR UNITED STATES DOLLAR TAIWAN NEW DOLLAR CHINESE RMB SWEDISH KRONA SINGAPORE DOLLAR PHILIPPINE PESO BRAZILIAN REAL RUSSIAN RUBLE NORWEGIAN KRONE JAPANESE YEN MEXICAN PESO TURKISH LIRA SWISS FRANC CZECH KORUNA ISRAELI NEW SHEKEL DANISH KRONE THAI BAHT POLISH ZLOTY
Q2 2014 Results $1.95B Revenue 152M Tot2a0l% YoY 850M Total $Transactions 55B $40.4B Merchant Services Payment $14.7B Volume 35% YoY Active Accounts Net Total PVoalyummeent 29% YoY Marketplaces Payment Volume
Compliant with PCI-DSS 2.0 Standards Compliant with local country regulations © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 4 Compliance Statement: http://www.visa.com/splisting/viewSPDetail.do?coName=PayPal
secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity http://www.dictionary.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 5
@ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 6
secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 7 prevent Be patched, be compliant, be hardened, be layered, don’t let data leave your network detect Log it all; parse it all; sesame street logic; leave no stone unturned respond Quarantine; active defense; mitigate; high priority patches; bug fixes; block ports; kill data streams; sever connections
@ http://xkcd.com used with permission under Creative commons License “Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 8
“Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 9
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 10
http://hackmageddon.com/2014/07/07/june-2014-cyber-attacks-statistics/ © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 11
http://www.geekherocomic.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 12
agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 13 wash Consider everything dirty; examine it; spray the bad parts; clean it; use machines to do the dirty work rinse Run traffic over it; verify assumptions; send it back to the wash if needed; deliver to customer; use it yourself repeat Check you work; check new versions; talk to new people; find all of the new and exciting ways people are doing things
http://www.lynnecazaly.com - used with permission © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 14
@ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 15
Compliant ≠ Secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 16
Agile ≠ Risky © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 17
Secure is not a permanent state © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 18
Security can not work effectively unless you have Agility © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 19
debate… decide…deliver secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 20
For more information, please contact: Scott Carlson @relaxed137 sccarlson@paypal.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

More Related Content

PPTX
Information Security - is it everyone's job?
Brian A. Johnson
 
PDF
Privacy e recupero crediti il vademecum
at MicroFocus Italy ❖✔
 
PPT
Marketing Planning Tutorial
DWS Associates
 
PDF
Mobile Is Eating the World (2016)
a16z
 
PDF
Crowdfunding with PayPal
Alberto López Martín
 
PDF
PayPal vision executing in Greece- Ganna Yevtushenko
Atcom SA
 
PDF
Webinar: Is your web security broken? - 10 things you need to know
Cyren, Inc
 
PDF
Webinar: Insights from Cyren's 2016 cyberthreat report
Cyren, Inc
 
Information Security - is it everyone's job?
Brian A. Johnson
 
Privacy e recupero crediti il vademecum
at MicroFocus Italy ❖✔
 
Marketing Planning Tutorial
DWS Associates
 
Mobile Is Eating the World (2016)
a16z
 
Crowdfunding with PayPal
Alberto López Martín
 
PayPal vision executing in Greece- Ganna Yevtushenko
Atcom SA
 
Webinar: Is your web security broken? - 10 things you need to know
Cyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Cyren, Inc
 

Similar to Can Security & Agility Co-Exist (20)

PPTX
PayPal couchbase 2014
Anil Madan
 
PDF
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Cyren, Inc
 
PDF
Les 7 péchés agiles
Virgile Delécolle
 
PPTX
Tripwire Retail Cyberthreat Summit
Rippleshot
 
PDF
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
ENSIBS
 
PPTX
Building Saas for the Enterprise
Beau Christensen
 
PPTX
Omnichannel Marketing: What it means and how to accomplish it
ParadyszPMDigital
 
PDF
Spillways-Pitchdeck-v14_230410_221158.pdf
IvoDeGroot2
 
PDF
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
ArabNet ME
 
PDF
Executive Welcome with CMO Tim Minahan [San Mateo]
SAP Ariba
 
PDF
Executive Welcome with VP Alex Saric [Amsterdam]
SAP Ariba
 
PDF
Executive Welcome with VP Alex Saric [Paris]
SAP Ariba
 
PDF
Executive Welcome with CMO Tim Minahan [Chicago]
SAP Ariba
 
PDF
Executive Welcome with CMO Tim Minahan [New York City]
SAP Ariba
 
PPTX
Collusion Detection using Spark on YARN
DataWorks Summit
 
PDF
Continuous Delivery - The ING Story: Improving time to market with DevOps and...
CA Technologies
 
PPTX
Don't Risk the Blacklist - Stop Outbound Spam
Cyren, Inc
 
PDF
Executive Welcome with CMO Tim Minahan [Boston]
SAP Ariba
 
PDF
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Cyren, Inc
 
PDF
PayPal benefits for sellers- Dimitris Miliotis
Atcom SA
 
PayPal couchbase 2014
Anil Madan
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Cyren, Inc
 
Les 7 péchés agiles
Virgile Delécolle
 
Tripwire Retail Cyberthreat Summit
Rippleshot
 
Agile Tour Paris 2014 : Les 7 Péchés Agiles, Virgile Delécole
ENSIBS
 
Building Saas for the Enterprise
Beau Christensen
 
Omnichannel Marketing: What it means and how to accomplish it
ParadyszPMDigital
 
Spillways-Pitchdeck-v14_230410_221158.pdf
IvoDeGroot2
 
From E-commerce to Omni-channel by PayPal - ArabNet Digital Summit 2014
ArabNet ME
 
Executive Welcome with CMO Tim Minahan [San Mateo]
SAP Ariba
 
Executive Welcome with VP Alex Saric [Amsterdam]
SAP Ariba
 
Executive Welcome with VP Alex Saric [Paris]
SAP Ariba
 
Executive Welcome with CMO Tim Minahan [Chicago]
SAP Ariba
 
Executive Welcome with CMO Tim Minahan [New York City]
SAP Ariba
 
Collusion Detection using Spark on YARN
DataWorks Summit
 
Continuous Delivery - The ING Story: Improving time to market with DevOps and...
CA Technologies
 
Don't Risk the Blacklist - Stop Outbound Spam
Cyren, Inc
 
Executive Welcome with CMO Tim Minahan [Boston]
SAP Ariba
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Cyren, Inc
 
PayPal benefits for sellers- Dimitris Miliotis
Atcom SA
 
Ad

More from Scott Carlson (15)

PDF
What are Blockchain & Tokens and are they useful ?
Scott Carlson
 
PPTX
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
Scott Carlson
 
PPTX
Just Trust Everyone and We Will Be Fine, Right?
Scott Carlson
 
PPTX
DCD Converged Brazil 2016
Scott Carlson
 
PPTX
Trust But Control: Managing Privileges without killing productivity
Scott Carlson
 
PDF
RSA 2015 Realities of Private Cloud Security
Scott Carlson
 
PDF
RSA 2016 Realities of Data Security
Scott Carlson
 
PPTX
Will Your Cloud Be Compliant? OpenStack Security
Scott Carlson
 
PPTX
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Scott Carlson
 
PPTX
You Can't Correlate what you don't have - ArcSight Protect 2011
Scott Carlson
 
PDF
HP Enterprise Security Customer Case Study - Apollo Group
Scott Carlson
 
PDF
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Scott Carlson
 
PDF
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
Scott Carlson
 
PPTX
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Scott Carlson
 
PPTX
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
Scott Carlson
 
What are Blockchain & Tokens and are they useful ?
Scott Carlson
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
Scott Carlson
 
Just Trust Everyone and We Will Be Fine, Right?
Scott Carlson
 
DCD Converged Brazil 2016
Scott Carlson
 
Trust But Control: Managing Privileges without killing productivity
Scott Carlson
 
RSA 2015 Realities of Private Cloud Security
Scott Carlson
 
RSA 2016 Realities of Data Security
Scott Carlson
 
Will Your Cloud Be Compliant? OpenStack Security
Scott Carlson
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Scott Carlson
 
You Can't Correlate what you don't have - ArcSight Protect 2011
Scott Carlson
 
HP Enterprise Security Customer Case Study - Apollo Group
Scott Carlson
 
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Scott Carlson
 
McAfee Focus 2011 - Security in the Age of a Mobile Workforce and Mobile Devices
Scott Carlson
 
Marriage of Openstack with KVM and ESX at PayPal OpenStack Summit Hong Kong F...
Scott Carlson
 
High Availability OpenStack at PayPal - OpenStack Summit Fall Hong Kong 2013
Scott Carlson
 
Ad

Recently uploaded (20)

PDF
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PDF
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
Five Habits of High-Impact Board Members
OnBoard
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 

Can Security & Agility Co-Exist

  • 1. Can Security and Agility Co-Exist? Arizona Technology Summit 2014 Scott Carlson – PayPal – September 17, 2014 © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
  • 2. 26 CURRENCIES SUPPORTED 152M ACTIVE REGISTERED ACCOUNTS 203 MARKETS OFFER PAYPAL 80 LOCALIZED MARKETING SITES GLOBALLY EUROPEAN UNION EURO AUSTRALIAN DOLLAR CANADIAN DOLLAR NEW ZEALAND DOLLAR HUNGARIAN FORINT MALAYSIAN RINGGIT UNITED KINGDOM POUNDS STERLING HONG KONG DOLLAR UNITED STATES DOLLAR TAIWAN NEW DOLLAR CHINESE RMB SWEDISH KRONA SINGAPORE DOLLAR PHILIPPINE PESO BRAZILIAN REAL RUSSIAN RUBLE NORWEGIAN KRONE JAPANESE YEN MEXICAN PESO TURKISH LIRA SWISS FRANC CZECH KORUNA ISRAELI NEW SHEKEL DANISH KRONE THAI BAHT POLISH ZLOTY
  • 3. Q2 2014 Results $1.95B Revenue 152M Tot2a0l% YoY 850M Total $Transactions 55B $40.4B Merchant Services Payment $14.7B Volume 35% YoY Active Accounts Net Total PVoalyummeent 29% YoY Marketplaces Payment Volume
  • 4. Compliant with PCI-DSS 2.0 Standards Compliant with local country regulations © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 4 Compliance Statement: http://www.visa.com/splisting/viewSPDetail.do?coName=PayPal
  • 5. secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity http://www.dictionary.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 5
  • 6. @ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 6
  • 7. secure In safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe. © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 7 prevent Be patched, be compliant, be hardened, be layered, don’t let data leave your network detect Log it all; parse it all; sesame street logic; leave no stone unturned respond Quarantine; active defense; mitigate; high priority patches; bug fixes; block ports; kill data streams; sever connections
  • 8. @ http://xkcd.com used with permission under Creative commons License “Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 8
  • 9. “Cyber Attack” http://www.digitalattackmap.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 9
  • 10. © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 10
  • 11. http://hackmageddon.com/2014/07/07/june-2014-cyber-attacks-statistics/ © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 11
  • 12. http://www.geekherocomic.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 12
  • 13. agile quick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 13 wash Consider everything dirty; examine it; spray the bad parts; clean it; use machines to do the dirty work rinse Run traffic over it; verify assumptions; send it back to the wash if needed; deliver to customer; use it yourself repeat Check you work; check new versions; talk to new people; find all of the new and exciting ways people are doing things
  • 14. http://www.lynnecazaly.com - used with permission © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 14
  • 15. @ http://xkcd.com used with permission under Creative commons License © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 15
  • 16. Compliant ≠ Secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 16
  • 17. Agile ≠ Risky © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 17
  • 18. Secure is not a permanent state © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 18
  • 19. Security can not work effectively unless you have Agility © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 19
  • 20. debate… decide…deliver secure © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 20
  • 21. For more information, please contact: Scott Carlson @relaxed137 sccarlson@paypal.com © 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

Editor's Notes

  • #3: PayPal is a world leader in payments With 203 markets and 26 currencies, we must think globally, we must think about product, we must think about our customers Any part of any of these countries could have an ongoing security issue at any time That matters to us That matters to any global company That should matter to you This is not a local economy, the internet is not local And if you have an internet presence you need to care that everything Is connected across the world
  • #4: Talk for a few minutes about the transactions, merchants, accounts What does it mean to have transactions impacted What should it mean to have more accounts 8.5 million transactions impacted if 1% have a problem 850,000 .1% 85,000 .01% 8,500 .001%
  • #5: PCI and local regulations drive much of our decision making This is a worldwide standard that drives a significant amount of security, compliance, and security Just because you are PCI compliant though, does not mean that you are protected against every threat PCI is a baseline, it is a starting point But it is not the final solution to solve every problem, in every situation, in every location
  • #6: Now to the Primary discussion today Can Security and Agility exist Break down the words Talk about the history of what secure meant In the security community it meant locked down tight, default deny, default entry, no access. Then go from there Not exposed to danger is a big one Agile use to be the antithesis of historic security Agile you need think quick, decide quick,
  • #7: Building things with ultimate security might not protect you in all situations