Topic 1: Supply chain security: How a large enterprise manages supplier and product risk
Brief: Thousands of vulnerabilities are announced every month. A product’s open source or third-party commercial libraries have vulnerabilities, but is that the only concern? What should a vendor be doing to secure their supply chain? This session describes how a very large OEM has structured more than 13 supply chain security initiatives including R&D security, secure development, SBOMs, vulnerability management, and 3rd party risk management.
Speaker Bio: Cassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware”. She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy. Ms. Crossley has designed frameworks and operating models for end-to-end security in software development lifecycles, third party risk management, cybersecurity governance, and cybersecurity initiatives. She is a member of the CISA SBOM working groups and presents frequently on the topic of SBOMs and Supply Chain Security. Ms. Crossley has an M.B.A. from California State University, Fresno, and her Bachelor of Science degree in Technical and Professional Communication with a specialization in Computer Science.
Topic 2: Privileged Access Management
Brief: Dynamic and contextual access is the foundation for building a Zero Trust architecture, but it takes work to get it right. It is challenging to create and manage access policies and controls that meet security and compliance requirements, and gathering evidence for audits can be a burden. But it doesn’t have to be that way. Learn how to implement fine-grained, just-in-time access that will satisfy security teams and help ensure that developers have quick and easy access to what they need when needed—and only for the required duration.
Speaker Bio: Co-founder / CTO, originally developed empathy for Operations as a founding and pager-carrying member of many operations and data teams. As an Executive, he has led Engineering and Product in high-throughput and high-stakes e-Commerce, financial, and AI products. Justin is the original author of strongDM's core protocol-aware proxy technology. To contact Justin, visit him on Twitter. StrongDM has been featured in Forbes, The New Stack, VentureBeat, DevOps.com, TechCrunch, and Fortune.