Name: Wanted Hacked or Patched: Bug Bounties for Third Party Open-Source libraries
Start: 2022-10-04T18:00:00Z
End: 2022-10-04T18:00:32.000Z
Location: BrightTALK
Rating: 0

The Executive Women's Forum on Information Security, Risk Management & Privacy is the largest member organization serving emerging leaders as well as the most prominent and influential female executives in the Information Security, Risk Management and Privacy industries.
Website: www.ewf-usa.com

Prior to Russia’s full-scale invasion of Ukraine on February 24, 2022, many observers expected that a Russian-led hybrid war would involve marrying cyber weapons, influence operations, and military force to swiftly overrun Ukrainian defenses. Now, nearly a year and a half after its full-scale invasion, Russia’s military has indeed wrought physical devastation in Ukraine but has not achieved its objectives—in part because Moscow’s parallel cyber and influence operations have largely failed. Join Microsoft threat intelligence experts, Fanta Orr, Rachel Chernaskey, and Loraine De La Fe, as they discuss what we learned from hybrid warfare thus far, including trends in cyber and influence operations, and what we can expect in this second year of conflict.

Truths about Hybrid Warfare in Ukraine: Trends in Cyber and Influence Operations

Having a roadmap to support your strategic vision is imperative to grow and mature your security organization, and it isn’t just a task for the larger security team. Functional units should also build roadmaps to help them align with the business, define goals and prioritize tasks. In this session, IANS Faculty Member Nicole Dove will provide guidance on creating and refreshing strategic roadmaps for functional teams. By the end of the session, attendees will be able to use the accompanying materials to create and implement your own strategic roadmap. Learn how to:  
• Overcome the disconnect between security and business leaders
• Use the components of a tried-and-true roadmap framework
• Align your goals with the priorities of your internal customers 
• Take steps that get results

Create a Strategic Roadmap for Functional Teams

Microsoft Security Response Center’s Stephanie Calabrese will introduce the incredible work being done across Microsoft Security by highlighting those making a difference. Join the interactive panel discussion where you’ll meet Wendy Zenone who leads and will let you in on one of the most unique cybersecurity training and awareness programs internally at Microsoft. You’ll hear from Aditi Shah and will get familiar with her contributions to the groundbreaking security research being conducted day in and day out at Microsoft. You’ll get to know Olivia Huegel who handles various investigations and threat hunting activities while creating detection controls and helping teams improve their detection capabilities. Lastly, you’ll find out more about the Microsoft Security Response Center as Partner Security Architect Abhilasha Bhargav-Spantzel joins the virtual stage. Don’t miss out and be there for Behind the Scenes with Microsoft Security Panel on October 6th.

Behind the Scenes with Microsoft Security Panel

With several privacy regulations introduced in the last couple of years internationally and within the US privacy has become a key area security professionals have to engage in. During this talk we will kick off with some grounding information on the two subject areas and how the lion share of implementation has fallen into the security space. We will discuss the areas of cyber security that can be leveraged to achieve privacy goals and the skills companies should look for in staffing privacy ops and implementation roles.

Cyber Security and Privacy: Exploring the convergence

Cyber GRC is at the intersection of Business, IT, Privacy and Cybersecurity. This presentation is meant to pique your interest whether you are interested in a GRC career or if you are growing and investing in your GRC capabilities. I will break down misconceptions and focus on the value to the business and the CISO.

Cybersecurity GRC in Practice

This presentation will focus on the Zero Trust Journey for Comcast.  My presentation will focus on: • The benefits of our collaborative approach.  We aligned a very large and diverse company to a common “north star” through the Pillars of xTrust.  • The effect of COVID in accelerating the program goals.  • The challenges of implementing Zero Trust at scale and the change management required to significantly shift How We Work.

Lessons Learned from a Zero Trust Journey

In the Fourth Industrial Revolution, where speed of technologies and products have no historical precedent, the risk to privacy and cybersecurity becomes greater. As we look to emerging technologies on the horizon as well as consider the accessibility challenges presented by today’s technology, privacy and security professionals alike need to rethink how their existing privacy-by-design approach can be enhanced by incorporating accessibility in all phases of development.

This discussion will introduce the concept of accessibility in this context and raise the argument that, without accessibility, no privacy or security program is delivering its full value to the business, its employees or its customers. Join this discussion to learn more about:
● How digital accessibility can improve privacy and security programs
● The basics of designing with accessibility in mind
● How innovative technologies power accessibility
● Key actions that privacy and security professionals can deploy immediately

Angie Max, Accessibility and Inclusive Design Lead, Governance, Privacy and Ethics  - PwC US
Ramona Pierson, Managing Director, Head of Product Innovation for Societal Change - PwC US
Moderated by: Jocelyn Aqua, Principal, PwC US

Accessibility by Design: A fresh approach to improve privacy and security

Want to change up and mature your information security awareness and training program? Looking to deliver more content with limited resources? Not sure where to start? In 2020, as we all adjusted our professional and personal lives to navigate the COVID-19 pandemic, it would have been easy to do less, but Target did more by creating immersive online experiences. Learn from two of Target's leaders about how they launched an in-house, university style training program to build skills across info security and increased national cyber security awareness month engagement by 300%.

Accelerating Security Culture & Learning

The new Executive Order moves quickly to address greater transparency and information sharing of cyber-attacks and breaches – what does this mean to you?



We will take a look at the forthcoming (draft of published) Executive Order on Cybersecurity from the White House.

Spurred by the Solar Winds cyberattack, the Administration determined the need to improve the speed and efficiency of for incident investigation and responses and improving the security of software services.
The EO proposes rapid and significant policy changes that will have broad implications for both public and private sectors.
 
Highlights of the order include: 
• Significant increases in authority and resources for the government to run/coordinate/standardize the security of civilian federal networks (e.g., incident response playbooks, endpoint detection and response, logging event data).
• Mandatory incident reporting to the federal government for every software and SaaS provider.
• Removal of Federal and Defense contractual barriers which prevent sharing of data related to event prevention, detection and response
• New requirements for software suppliers to attest to the security of their software development lifecycle.
• A swift increase in the pace of federal government agencies to transition to the cloud and adopt a zero-trust model.

Speakers: Lisa O'Connor, Managing Director, Global Cybersecurity Research and Development, Accenture
Kelly Bissell, Sr. Managing Director, Accenture Security
Ann Johnson, CVP Security, Compliance and Identity, Microsoft
Dr. Sezaneh Seymour, Senior Advisor to the Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology on the National Security Council

Executive Order  – what does this mean to you?

Fireside Chat with Abeer Abu Judeh

It is estimated that, in 2020, cloud services spending will reach $266.4 Billion and will surpass $1 Trillion in 2024. With limitless cloud services options such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), what are the legal considerations to keep in mind when developing your strategy to move your data and operations to the cloud.

Beyond Basic Legal Terms: what are the essential terms to consider when assessing your cloud agreement?
Data Storage: security, support, backups, e-discovery, migration and purging
Data Privacy: access and use of all data related to employees, products and clients
Risk: Liability, Indemnification, Insurance and Damages

Preparing for a Globalized Work Environment
Employee remote work policies
Confidentiality agreements

Enterprise Agreements and Their Impact on the Cloud Services Future
Diversity and inclusion
Corporate accountability

To learn about our speakers please check out our page:
https://www.ewf-usa.com/events/event_details.asp?legacy=1&id=1455823

Legal Considerations to Hosting Your Data and Operations in the Cloud

When GDPR enforcement went into effect in May of 2018, business changed forever. For months leading up, General Counsels, C-Suite executives, marketers, infosec, engineers and just about everyone in an organization had to look at their business through the lens of privacy, for some, truly for the first time. But GDPR was the first mile of a privacy marathon. In this session, join Veracode General Counsel Dawn Rogers as she talks about the lasting and evolving impact of privacy regulations on today’s global businesses – and why businesses must be more agile in their approach to better understanding and planning for privacy law changes.

The Everchanging World of Privacy: Tips from a GC on How to Navigate

Investing in diverse cybersecurity teams isn’t just the right thing to do, the future of cybersecurity depends on it. If we do not devalue group think, cybercriminals will continue to exploit our bias’ and we become weaker to our adversaries. Microsoft’s Ann Johnson, Corporate Vice President of SCI Business Development, Vasu Jakkal Corporate Vice President of SCI Marketing, Joy Chik, CVP, Identity and Edna Conway, VP Security, Risk, & Compliance, share steps organizations can take internally and externally, to help future proof against bias in the cybersecurity industry.

Future Proofing Against Bias in Tech

Learn from 3 leaders at a global medical device company and constitute 50% of leaders in our division. We come from a diverse background: biomedical engineering, law and communication. We want to share with the audience why diverse background is a strength in information security. Each one of us is actively engaged in mentoring the young female generation of information security workforce. You will gain useful tips on how to achieve your full potential in information security, risk management and privacy while not missing out in life.

Dana Megan-Rossi, Director, Information Security Threat & Vulnerability Management
Inhel Rekik, Sr Director, Information Security Engineering, BD
Nastassia Tamari, Incident Response Team Lead, Becton Dickinson

How to increase the number of women in information security, risk management and

Joyce Brocaglia, Founder, Executive Women's Forum and CEO of Alta Associates; CEO BoardSuited

2020 Executive Women's Forum Virtual Conference - Opening Keynote

Get perspectives from PwC cybersecurity professionals as they discuss PwC’s participation in the EWF Virtual Conference, diversity and inclusion commitments, and how PwC is effecting change and empowering women.

Sloane Menkes, PwC, Cybersecurity, Privacy and Forensics Principal
Bhavana Nathani, PwC, Cybersecurity, Privacy and Forensics Director 
Jane Allen, PwC, Cybersecurity, Privacy and Forensics Principal
Aparna Giridharadas, PwC, Cybersecurity, Privacy and Forensics Director
Lakshmi Yendapalli, Strategic Innovation & Technology Director, PwC

Cybersecurity is diverse. Your teams can be too.

Cali Pitchel Schmidt, Porter Novelli, Vice President Strategic Planning

The internet has fundamentally changed the relationship between brands and consumers. The consumer has access to more information than ever before, and this shift in power has broad implications for the way in which brands talk to the market, especially in times of crisis or reputation risk. There are two non-negotiable rules for incident response—tell the truth and take responsibility. Being prepared (and proactive) is key to successfully navigating an always-on communications culture—in good times and in bad.  In this session, we’ll cover how to operationalize the truth across your business before a crisis; the right time to think about reputation management; and how to communicate to your customers and the broader market in the case of an incident.

Incident Response & Truth In Advertising

Joyce Brocaglia. CEO, Alta Associates, CEO, BoardSuited, Founder, Executive Women's Forum gives opening remarks for the 2019 Executive Women's Forum on Information Security, Privacy & Risk Management

2019 EWF Opening Keynote

Open-source software components (OSCs) are used in commercial software development across a slew of industry sectors from communications to finance. Because anyone can create open-source projects, there are no baseline security standards or requirements across the ecosystem. The owners or maintainers of the project may not have the resources or expertise to offer any security guarantees. The onus of evaluating the security of OSCs then falls on the users, i.e. software developers and associated institutions. Yet, a company may use hundreds to thousands of OSCs within their application. A security analysis of all OSCs may not be practical. In this talk, we discuss a targeted open-source bug bounty initiative that offers OSC users a proactive approach towards investigating the security of relevant components by crowdsourcing the discovery of security vulnerabilities to external security researchers. All without breaking the bank . We illustrate the process with a case study of bug bounty for JavaScript OSCs used at Comcast. Overall, we conclude that these bounty programs are a cost-effective and low effort solution to the hidden security risk of OSCs.

Wanted Hacked or Patched: Bug Bounties for Third Party Open-Source libraries

Software Asset Management

Security Analysis

cybersecurity

Open-Source

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful learning and development insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge in the field.

Learning and Development

Human resources is intrinsically linked to business success and requires a thoughtful balance of a variety of complex issues. The human resources community on BrightTALK is made up of thousands of professionals in human resources exchanging human resources best practices and advice. Watch hundreds of on-demand webinars for immediate information or participate in upcoming live webinars and have your questions answered by respected HR thought leaders.

Human Resources

Leadership styles are continually evolving to incorporate new ways of thinking about employee satisfaction, motivation and performance. Find webinars and videos on the strategies, techniques and qualities that make an effective leader. By participating in this community you will gain insight into current leadership theories and how to optimize employee performance.

Leadership

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Wanted Hacked or Patched: Bug Bounties for Third Party Open-Source libraries

Presented by

About this talk

More from this channel