Topic 1: SBOMs - what you need to know
Brief: There is increasing interest in having transparency in the open source software components in commercial off-the-shelf software. As a result of Solarwinds, Colonial Pipeline, and Log4j, companies are increasingly concerned to know what vulnerabilities are hidden in the software deployed in their environment. Gartner estimates that by 2025 at least 60% of orgs will mandate SBOM disclosures in purchase contracts, up from less than 5% in 2022. President Biden issued an executive order in May 2021 which requires software developers to provide Software Bill of Materials to government agencies upon request. The NTIA has developed guidelines on what should be included in an SBOM. Come to this session to learn more about the requirements and how SBOMs fit into a comprehensive secure software development framework.
Speaker Bio: Kate Wakefield is a cybersecurity and risk management professional with 22 years of experience implementing systems and processes to protect confidential information. Currently Kate is Director of Governance, Risk and Compliance at Infoblox, a global networking and security company She has worked in security and compliance positions at Seattle-based healthcare, telecommunications, and retail firms. Kate is passionate about privacy and information security, particularly the responsibility of companies to protect personally identifiable data while still using data to advance corporate goals. She holds an MPA, MLS, CISSP, CRISC and CIPT certifications. Kate is active in the Seattle InfoSec community previously leading CISSP study groups, serving on the board of ISSA Puget Sound Chapter, and chairing the Women in Information Security Puget Sound (WISPS) mentoring group.
Topic 2: Unraveling the challenges and risks of building a next-gen cloud-native SOC
Brief: Unraveling the challenges and risks of building a next-gen cloud-native SOC
Speaker Bio: Saggie Haim, Lead Solution Architect at CyberProof, has been instrumental at CyberProof in resolving complex issues and has played a crucial role in building some of the largest cloud-native Security Operations Center (SOC) platforms worldwide. Saggie's extensive knowledge and expertise in the field have earned him recognition as an Azure MVP, and he actively contributes to the Sentinel and Azure Data Explorer product teams by sharing his invaluable insights and feedback.