Name: Ed TALKS: It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb
Start: 2020-09-01T18:00:00Z
End: 2020-09-01T18:00:59.000Z
Location: BrightTALK
Rating: 4.3

Bureau Veritas Cybersecurity is your expert partner in cybersecurity. We help organizations identify risks, strengthen defenses and comply with cybersecurity standards and regulations. Our services cover people, processes and technology, ranging from awareness training and social engineering to security advice, compliance and penetration testing.  We operate across IT, OT and IoT environments, supporting both digital systems and connected products. With over 300 cybersecurity professionals worldwide, we combine deep technical expertise with a global presence.  Bureau Veritas Cybersecurity is part of the Bureau Veritas Group, a global leader in testing, inspection and certification.  

The new EU Machinery Regulation (EU 2023/1230) brings a major shift: cybersecurity becomes a mandatory safety requirement for machinery placed on the EU market. Manufacturers, integrators, and machine builders must ensure their products are protected against cyber-induced hazards and be able to demonstrate compliance to maintain CE marking and market access. 

For many manufacturers, the challenge is clear: Which machines fall under scope? What does compliance actually require? And how do you prepare without adding unnecessary complexity or cost? 

In this webinar, our experts will break down what the regulation means for your organization and share practical guidance to help you prepare and stay compliant. 

We will cover:
-   What changes under the new Machinery Regulation and which machines fall in scope 
-   Key cybersecurity duties for manufacturers, including secure design, control, and alignment with CRA and IEC 62443 
-   Practical steps to prepare and how Bureau Veritas supports compliance end-to-end

How to Prepare for Cybersecurity in the Machinery Regulation

The European Union Aviation Safety Agency (EASA) has introduced the Part-IS regulation to strengthen the resilience of aviation organizations against the growing threat to information systems. 

The first compliance deadlines are approaching quickly: October 16, 2025, and February 22, 2026. 
Our experts invite you to join this session to review your regulatory obligations and prepare effectively. 

Agenda: 
- Cybersecurity context in the aviation sector 
- Applicability across domains 
- Overview of Part-IS requirements and expectations 
- Strategies for achieving compliance 
- Our support for your compliance journey 

During this webinar, our experts will share their insights, provide practical guidance, and answer your questions.

How to Prepare for EASA Part-IS: What Aviation Organizations Need to Know

WARUM DIESES WEBINAR?
Der Entwurf der Revision der ISO 9001 ist da - und damit viele Fragen:
Was hat sich geändert? Was bedeutet das für mein Unternehmen? Und vor allem: Wie setze ich das Ganze einfach und praxisnah um?
In unserem kompakten Webinar zeigen wir Ihnen, wie Sie die neuen Anforderungen Schritt für Schritt in ihrem Unternehmen integrierst - ohne Fachchinesisch, ohne Stress, dafür mit vielen Tipps aus der Praxis.

DIE AGENDA FÜR DAS WEBINAR:
- Einführung & Zielsetzung in die ISO 9001: 2026 Revision
- Was ist neu? Wesentliche Änderungen der Revision
- Schritt-für-Schritt: Umsetzung der Revision im Unternehmen
- Häufige Stolperfallen & wie man sie vermeidet
- Tools & Hilfsmittel für eine einfache Umsetzung
- Wie läuft die Zertifizierung nach ISO 9001:2026 ab?
- Q&A & Ausblick

In dieser Live-Session erläutert unser Experte, was die ISO 9001:2016 Revision für Ihre Organisation bedeutet. Bringen Sie Ihre Fragen mit – wir haben Zeit für eine interaktive Q&A-Runde eingeplant.

ZIELGRUPPE:
Qualitätsmanager, Auditoren, Produktionsleiter, Compliance-Verantwortliche, Unternehmensberater und alle, die mit der Einführung, Pflege oder Weiterentwicklung von Qualitätsmanagementsystemen nach ISO 9001 befasst sind.

ISO 9001 Revision leicht gemacht – Wie sich Unternehmen bereits jetzt vorbereiten können

As organizations accelerate their adoption of AI, many are integrating it deeply into their core operations. In our upcoming webinar, we explore the year 2028 through the story of Lair, a global manufacturing company that has embraced AI to boost efficiency and innovation. 

But their progress attracts the attention of Anti I-lite, a highly skilled cyber-criminal group specializing in AI manipulation. When they infiltrate Lair’s systems, the company faces a sophisticated attack that disrupts critical AI-driven processes and puts its crisis teams under pressure. 

Join us for this interactive and immersive session, where we demonstrate how secure-by-design AI integration and strong incident response capabilities can make all the difference. You’ll experience firsthand why building resilience is essential as AI becomes central to industrial operations.

AI Gone Wrong: A Crisis Simulation

Discover how Advanced Persistent Threats target operational technology through the lens of offensive security. This webinar deconstructs sophisticated attacks on industrial control systems and critical infrastructure from the attacker's perspective.
 
Drawing from red team experience, we'll examine the APT lifecycle and some real-world case studies. We'll understand how sophisticated adversaries approach OT targets, what techniques they employ at each stage of their operations, and most importantly how to build defensive capabilities that actually disrupt these attacks.

Targeting Operational Technology: A Red Team Perspective

Stehen Sie unter Druck, Vorschriften einzuhalten, wissen aber nicht, wo Sie mit der IEC 62443 anfangen sollen? Wenn Sie in OT, IT, Produktsicherheit, Fertigung oder speziell im kritischen Sektor tätig sind, ist dieses Webinar genau das Richtige für Sie. 

Nehmen Sie am Mittwoch, den 22. Oktober um 10:00 Uhr (CEST) am Live-Webinar von Bureau Veritas Cybersecurity teil, das von Experten geleitet wird. Wir entmystifizieren die IEC 62443 und geben Ihnen einen klaren Fahrplan zur Compliance mit praktischen Schritten, die Sie sofort umsetzen können. 

Die Cyber-Regularien wachsen rasant. Die IEC 62443 bietet einen Rahmen, um bis zu 80 % der globalen Anforderungen zu erfüllen. In diesem Webinar zeigen wir Ihnen, wie Sie daraus eine praxisorientierte Compliance-Strategie für Systeme, Branchen und Regionen entwickeln können. 

-   Wie ordnet sich die IEC 62443 in andere Vorschriften wie NIS2, CRA und RED ein? 
-   Wie können wir mit einer einzigen Norm globale Anforderungen erfüllen?
-   Mit welcher IEC 62443-Gruppe muss meine Organisation konform sein? 

In dieser 45-minütigen Live-Session werden Laura und Yashar erläutern, was die IEC 62443 für Ihre Organisation bedeutet. Bringen Sie Ihre Fragen mit, wir haben Zeit eingeplant, um sie live zu beantworten. 

Zielgruppe:
Hersteller von Produkten, Asset Owner, Systemintegratoren, Komponentenlieferanten und Wartungsdienstleister in Industrie und kritischer Infrastruktur. Ebenfalls ideal für OT- und IT-Sicherheitsfachleute, die an der Absicherung vernetzter Systeme und der Einhaltung von Vorschriften beteiligt sind. 

Wichtige Erkenntnisse: 
-   Ein klarer Fahrplan, um die IEC 62443 in Ihrer täglichen Arbeit und in Ihrer Organisation anzuwenden. 
-   Verständnis darüber, wie die IEC 62443 mit anderen Cybersicherheitsvorschriften übereinstimmt. 
-   Praxisbeispiele erfolgreicher Implementierungen in industriellen und kritischen Umgebungen.

Wie Sie mit IEC 62443 für industrielle Netzwerke, OT und kritische Systeme beginnen

Cyber regulations are growing fast. IEC 62443 offers one framework to meet up to 80% of global requirements. In this webinar, we’ll show you how to turn it into a practical compliance strategy across systems, sectors, and regions. 

Are you facing pressure to meet regulations but not sure where to start with IEC 62443? If you're in OT, product security, manufacturing, or specifically in the critical sector, this webinar is for you. Join Bureau Veritas Cybersecurity on Wednesday, October 7 at 15:00 CEST for a live, expert-led webinar. 
We’ll demystify IEC 62443 and give you a clear roadmap to compliance with practical steps you can use right away. 

-    How does IEC 62443 map to other regulations like NIS2, CRA, and RED? 
-    How can we use one standard to meet global requirements? 
-    Which IEC 62433 group does my organization need to comply with? 

During this live 45 min session, Anna Prudnikova and Carla Amorós will break down what IEC 62443 means for your organization. Bring your questions, we’ve set time aside to answer them live. 

INTENDED AUDIENCE
Product manufacturers, asset owners, system integrators, component suppliers, and maintenance providers working in industrial and critical infrastructure. It’s also ideal for OT and IT security professionals involved in securing connected systems and ensuring regulatory compliance. 

KEY TAKEAWAYS
-    Leave with a clear roadmap to apply IEC 62443 across your daily work and organization. 
-    Understand how IEC 62443 aligns with other cyber regulations. 
-    Discover real-world examples of successful implementation in industrial and critical environments. 

ABOUT THE SPEAKERS
Anna Prudnikova is the Director of Industrial Europe at Bureau Veritas Cybersecurity. 
Carla Amorós is the Communications Specialist at Bureau Veritas Cybersecurity.

How to start with IEC 62443 for industrial networks, OT, and critical systems

At this moment, late 2025, the most common AI application is still Chatbots like ChatGPT, Copilot, or some chatbot built for the needs of your company. Looking ahead we are seeing a rapid move toward Agentic AI systems with autonomous agents capable of making decisions and executing workflows. While this evolution promises efficiency and innovation, it also exposes organizations to compliance blind spots and resilience gaps that can undermine security and business value.

In this webinar, Jair Santanna, Principal Security Specialist at Bureau Veritas Cybersecurity, will explore how enterprises can navigate the transition from today’s generative AI to tomorrow’s agentic systems. They’ll discuss the hidden risks in scaling AI, the governance practices required to mitigate them, and the resilience frameworks that ensure safe adoption.

Participants will walk away with:
A clear view of current AI adoption (chatbots of all sorts of integrations) and the trajectory toward agentic AI.
Practical insights into avoiding compliance blind spots and resilience gaps.
A blueprint for embedding security and proving business value as AI adoption accelerates.
Join us to learn how to deploy AI safely, deliver measurable ROI, and prepare your organization for the agentic future.

Jair Santanna is an enthusiastic and passionate principal specialist on Artificial Intelligence and Cybersecurity (@Bureau Veritas Cybersecurity Europe), an assistant professor (@University of Twente), and an advisor on research and development (@Europol EC3). He is a practical, data-driven, and extremely curious person. He loves to spread the knowledge with the scientific community and with cybersecurity practitioners. He prepares his presentations thinking about you (the audience). Therefore, he promises to give an engaging, enthusiastic, and to-the-point presentation.

Beyond Chatbots: How to Deploy Agentic AI Securely

Is your software development process building in risk or resilience?

Cyberattacks increasingly exploit weaknesses embedded during the software development process. According to Gartner, by 2025, 70% of organizations will mandate secure software development practices in their procurement language, up from just 20% in 2021. And yet, many security leaders still lack clear visibility into where their SDLC (Software Development Lifecycle) is vulnerable or how to cost-effectively strengthen it.

In this essential webinar, Andrew Williams, Senior Security Engineer and SDLC Center of Excellence Lead at Bureau Veritas Cybersecurity, will guide you through the end-to-end journey of securing the SDLC from requirements gathering to post-deployment monitoring.

You’ll learn how to integrate security into every phase of the development lifecycle, why it’s a business-critical imperative, and how to prioritize your efforts for maximum ROI. The session will demystify common security gaps and provide realistic, budget-friendly solutions that teams can act on immediately.
We’ll answer key questions, including:
• What defines a “Secure SDLC” and why does it matter to the business?
• How can you pinpoint the highest risk gaps across your current SDLC?
• What are the most economical short-term fixes that move the needle?
Webinar Highlights
• Training: Why role-based secure coding education is the foundation of proactive defense.
• Requirements & Design: Embedding security into requirements engineering, threat modeling, and architecture reviews.
• Implementation & Testing: Selecting effective security tools, enabling peer review, and integrating DevSecOps practices into pipelines.
• Release & Post-Deployment: Establishing continuous monitoring and patching workflows that reduce your long-term risk surface.

Securing the SDLC: Is your software development process creating risk or building resilience?

Healthcare Cybersecurity: Protecting Patients, Systems & Data
Cyber threats in healthcare are growing more severe, with real-world impacts on patient safety, operational continuity, and data integrity. This session examines today’s most urgent risks—and offers practical, expert-backed solutions.

Featured Experts
Esmond Kane is CISO at Advarra and a veteran cybersecurity executive with over 20 years of experience in healthcare, research, and education. He has led security programs at Harvard, Mass General Brigham, and Steward Health Care, and serves on advisory boards helping organizations manage cyber risk.

Joseph Davis, Customer Security Officer at Microsoft, brings 30+ years of experience spanning medicine, entrepreneurship, and cybersecurity leadership. He advises healthcare leaders on secure cloud adoption, AI governance, and compliance, drawing from past CISO roles at Covidien and Sensata.

Scott Foote is a veteran cybersecurity and privacy executive with deep expertise in pharma, healthcare, biomedical research, and ePHI sharing, alongside broad experience across IT, IoT/IIoT, OT, and ICS/SCADA sectors. He has guided public pharma companies, biomedical research organizations, and healthcare providers in protecting critical research, clinical trials, manufacturing, and patient data while ensuring HIPAA and GDPR compliance. 

Topics We’ll Cover
- Ransomware: How attacks disrupt care, delay treatment, and expose patient data
- IoMT Vulnerabilities: Securing connected devices lacking modern protections
- Compliance vs. Security: Bridging the gap between evolving threats and outdated frameworks like HIPAA
- Supply Chain Risks: Preventing cascade failures from third-party breaches
- OT Threats: Addressing cyber risks that affect physical systems and patient safety
- Join us for a critical discussion on strengthening healthcare’s cyber resilience—and protecting those who rely on it most.

EdTalks - Securing Healthcare - The Cyber Threats Putting Patient Safety at Risk

From August 1, 2025, all radio-enabled products sold in the European market must comply with the cybersecurity requirements of Article 3.3 of the Radio Equipment Directive (RED). Yet many manufacturers still have critical questions about how to prepare.

- Is self-certification enough, or do I need a Notified Body?
- Is my product in scope?
- How much time should we budget for certification?

During this live session, Gaurav Raina, Jérôme Hamel, and Ramakrishnan Lakshmi Naryanan will answer these and other pressing questions. There will also be plenty of time for your own questions.

INTENDED AUDIENCE
This session is designed for IoT product manufacturers, Regulatory affairs professionals, CTOs, CISOs, and Compliance managers.

KEY TAKEAWAYS
- Learn the pros and cons of self-certification versus going through a Notified Body
- Understand which products are in scope of RED 3.3 and which are not
- Get clarity on realistic certification timelines and how to align them with development cycles
- See how the EN 18031 standard fits into the process
- Take away a concrete checklist to help you move forward confidently

ABOUT THE SPEAKERS
- Gaurav Raina is Senior Security Consultant at Bureau Veritas Cybersecurity Europe. He specializes in RED cybersecurity assessments and EN 18031 risk analysis. 

- Jérôme Hamel is Head of Cybersecurity Technical Governance, LCIE, Bureau Veritas CPS (RED Notified Body). He leads RED 3.3 assessments across IoT, medical, industrial, and automotive sectors. 

- Ramakrishnan Lakshmi Naryanan is Certification Specialist at Bureau Veritas Cybersecurity Europe. He specializes in embedded and hardware security and is an expert in RED functional testing.

Expert Q&A on RED 3.3 Cybersecurity requirements | For Product Manufacturers

Most organizations only start thinking about the security of their Industrial Control Systems (ICS) after a compromise or government mandate, but this reactive approach often leads to costly operational disruptions and potential equipment damage, even injuries or fatalities. This webinar will explore the critical need for proactive security measures to protect ICS environments. Securing ICS environments is particularly challenging as these systems are critical to round-the-clock operations and cannot be easily taken offline for patching, updating, or upgrading. This webinar is designed for security professionals and industrial controls experts who want to learn how to effectively threat model and secure their ICS environments, rather than waiting until a compromise occurs.

Attendees will learn the following:
- Overview of a simple ICS network architecture
- Threat modeling an ICS environment
- Teams involved in ICS environment operations and security
- Implementing security measures to mitigate and capture ICS environment intrusions
- Aligning security controls with the IEC 62443 industrial cybersecurity standards

Meet the Speaker
Josue Alvarez-DeGolia is a Security Engineer at Bureau Veritas Cybersecurity (formerly Security Innovation), where he conducts application security assessments, secure code reviews, and network vulnerability simulations. A U.S. Navy veteran and former submarine nuclear operator, Josue brings a systems-thinking mindset shaped by experience in military operations, power generation, investment banking, and business consulting. His cybersecurity work spans AWS security, ICS/SCADA penetration testing, and hardware threat modeling. He was part of the winning team at the DEF CON 32 ICS CTF, and combines technical depth with business acumen to help clients protect complex, high-risk systems.

Threat Modeling Essentials: A Strategic Approach to Mitigating ICS Cyber Risks

Most organizations only start thinking about the security of their large language models (LLMs) once the model is already developed and deployed. However, this reactive approach often leads to costly retrofitting, unexpected vulnerabilities, and missed opportunities to build security in from the ground up.

This webinar takes a different approach, guiding security professionals and LLM developers on how to address security concerns at every stage of the LLM development lifecycle. Rather than waiting until the end, we will explore the security implications and best practices for securing LLMs during the critical phases of project inception, data curation, model architecture, training at scale, evaluation, post-improvements, and API integration.

By adopting a proactive security mindset, attendees will learn how to:
• Align security assessments with the intended use cases and model requirements during the scoping phase
• Mitigate risks like data poisoning, backdooring, and adversarial prompting throughout the development process
• Ensure training stability and model integrity through techniques like checkpointing, weight decay, and gradient clipping
• Evaluate LLM performance while preventing manipulation of benchmark datasets and evaluators
• Implement access controls, data leakage prevention, and other security measures during fine-tuning and API integration

Attendees will leave this webinar with a comprehensive understanding of how to weave security into every step of the LLM lifecycle, empowering them to build more secure and trustworthy AI systems from the start. This proactive approach is crucial for organizations looking to stay ahead of evolving security threats and deliver LLM-powered solutions with confidence.

Securing the LLM Development Lifecycle: A Proactive Approach

"We run annual e-learnings and phishing simulations twice a year, yet employees still click...” Or: “We had 15% fewer clicks this year—proof that our awareness materials work... right?”

Security awareness alone isn’t enough. If you truly want to reduce human risk, you need to go deeper—into human behavior, decision-making, and psychology.
Join us for an eye-opening session on how to design security awareness, behavior, and culture programs that actually change behavior—not just check the box. We’ll explore how psychological principles can help move from passive awareness to active prevention.

In this webinar, you’ll learn:
- Why many well-intentioned phishing simulations fall short—and what to do differently?
- How psychological resistance keeps employees from preventing physical unauthorized access—and how to create engagement?

Whether you're a security leader, awareness program manager, or behavior change enthusiast, this session will give you fresh tools to rethink how you drive secure behavior in your organization.

About The Speaker

After researching the psychological impact of ransomware attacks, Lucas developed a strong focus on behavior change within information and cybersecurity. He has designed and implemented security awareness, behavior, and culture programs across various sectors.

Lucas takes a behavioral approach to human risk—recognizing that effective security interventions are never one-size-fits-all. His work ranges from custom target group programs to launching multimedia campaigns using behavior change techniques and providing live training sessions. In addition, Lucas has extensive hands-on experience with social engineering—ranging from email and voice phishing to a strong focus on physical social engineering. He believes human risk management is still in its early stages and strongly advocates for tailored, user-centered strategies.

Human Risk Management: From Fatigue to Engagement

Join us for the upcoming webinar, "Golden Rules for Industrial Cybersecurity: Assessment & Asset Protection," featuring cybersecurity expert Anna Prudnikova. This session will cover key principles of industrial cybersecurity, including frameworks such as IEC 62443 and NIST CSF, as well as the importance of asset visibility and risk-based assessments. The discussion will address common challenges, such as bridging the gap between compliance and actual security and overcoming implementation hurdles in industrial environments. Attendees will gain insights into best practices for risk assessment, mitigation strategies, and a structured approach to cybersecurity compliance.

In addition, we will examine real-world OT cyber-physical incidents in the U.S., such as 2021 Colonial Pipeline attack, which highlighted vulnerabilities in industrial control systems and the impact of ransomware on critical infrastructure. The session will conclude with an interactive Q&A and case studies showcasing successful security strategies.

This webinar is ideal for industrial cybersecurity professionals, compliance officers, and asset managers looking to strengthen their cybersecurity posture and learn from real-world incidents.

Golden Rules for Industrial Cybersecurity

Join us for this EdTALKS, where industry leaders will dissect the security challenges of IIoT, share real-world insights, and explore strategies to balance innovation with risk management.

What You’ll Learn:
• Key vulnerabilities in industrial supply chains and IIoT ecosystems
• Best practices for securing digital energy technologies
• The role of SBOMs (Software Bill of Materials) in mitigating cyber threats
• Strategies for improving resilience across critical infrastructure

Panelists:

Cassie Crossley
VP Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.” She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, and data privacy.

Emma Stewart
Director, Center for Securing Digital Energy Technology, Idaho National Laboratory
With over 15 years in power systems and cybersecurity for critical infrastructure, Emma leads efforts in cyber-physical resilience for emerging energy technologies, ensuring responsible cloud usage and digital transformation.

Josh Corman
An Executive in Residence for Public Safety & Resilience at the Institute for Security and Technology (IST), where he leads a new initiative on the resilience of lifeline basic human needs: water and wastewater, emergency medical care and hospital services, food supply chains, and power. Josh founded I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, director of the Atlantic Council’s Cyber Statecraft Initiative, and in leadership roles at PTC, Sonatype, Akamai, IBM, and the 451 Group.

EdTALKS - Cybersecurity in Industrial IoT (IIoT) – Navigating the  Modernization Paradox

As organizations accelerate cloud adoption, cyber threats targeting cloud environments are evolving at an alarming pace. In Cloud Security Threats 2025, Security Innovation’s Cloud Center of Excellence Lead, Rohitanshu Singh, provides a deep dive into the latest threats, vulnerabilities, and defensive strategies that will define cloud security in the coming year.
This session begins by analyzing key cloud adoption trends, focusing on the shift toward multi-cloud and hybrid environments. We’ll examine real-world breaches—such as the Snowflake attack—to uncover how adversaries exploit misconfigurations, weak identity controls, and emerging attack techniques to compromise cloud assets.

Attendees will gain insights into the top cloud security threats of 2025, including:
- API security risks and supply chain vulnerabilities
- IAM misconfigurations and privilege escalation tactics
- Ransomware-as-a-Service and AI-driven attack methodologies
- Insider threats and mismanaged cloud workloads

Through interactive discussions and security simulations, participants will learn how to mitigate these threats using Zero Trust security models, AI-powered threat detection, and best practices for securing cloud workloads.
The webinar concludes with expert predictions on the future of cloud security, regulatory shifts, and a strategic roadmap to enhance cloud resilience.

Rohitanshu has been working in information security for over a decade, accumulating deep expertise in securing
multi-cloud environments across a plethora of industries and technology stacks. He leads our Cloud Center of
Excellence, which conducts ongoing research on emerging cloud threats, attacks, and deployment strategies.

Join us to stay ahead of emerging cloud threats and fortify your organization’s cloud security posture for 2025 and beyond.
Register now to secure your spot!

Cloud Security Threats 2025

The rapid rise of IoT devices has transformed industries but also exposed critical security vulnerabilities. To address these risks, the U.S. government introduced the US Trust Mark, a voluntary certification aimed at enhancing IoT security and building consumer trust.

Join this webinar to explore:
• The key security requirements of the US Trust Mark
• How certification helps IoT manufacturers stand out and gain consumer confidence
• The challenges and opportunities in implementing the Trust Mark

Meet the Experts:
Grace Burkard, Director of Operations, ioXt Alliance
Grace leads ioXt’s global efforts in establishing standardized security requirements for IoT devices. She collaborates with key stakeholders, regulatory bodies, and industry leaders to drive adoption of best security practices. With a passion for privacy and compliance, she plays a pivotal role in improving transparency and trust in the connected device ecosystem.

Michael Beine, Business Unit Manager, Bureau Veritas
With over 20 years in the Testing, Inspection, and Certification (TIC) industry, Michael specializes in cybersecurity for IoT and industrial automation. He has developed testing frameworks for connected devices and serves as a cybersecurity auditor under the IEC 62443 standard. His expertise spans wireless technologies, networked systems, and regulatory compliance in global markets. 

Geoffrey Vaughan, Director, Security Engineering, Security Innovation
Geoff leads Security Innovation’s IoT Center of Excellence, researching emerging threats in connected systems. His team develops tools and methodologies to assess vulnerabilities in embedded devices, web and mobile applications, and communication protocols. A frequent speaker at global conferences, he translates complex security risks into actionable strategies for businesses and developers.

The US Trust Mark: Using Cybersecurity to Differentiate your IoT products

On top of the usual threats inherent to IT networks, applications, and cloud services, the complexity of medical devices creates a massive and distributed attack surface. Compounding the challenge are long-life expectancy and third-party dependency.

Attend this panel to hear healthcare security experts discuss the anatomy of medical devices, how to design them with human safety in mind, and how to make a shared security responsibility model a reality.

Specific topics include:

• The Prescription - security measures the FDA and others are demanding
• The Skeleton - the rickety infrastructure healthcare runs on
• The Brains - is SaMD (Software as a Medical Device) the new world norm?
• The DNA - what Software Bill of Materials (SBOMs) tell us about risk
• The Immune System - why traditional IT defenses struggle to protect patients
• The X-Rays - the need for new surveillance techniques

Ed TALKS Modernizing Medical Device Security: A New Perspective on Old Practices

Join Mathieu Gorge, CEO of Vigitrust, and three esteemed co-authors for an Ed Talks to discuss the best-selling book "The Cyber Elephant in the Boardroom" - a real-world playbook for cybersecurity approaches and accountability. This dynamic panel will explore how businesses have adapted to an increasingly digital landscape, why cloud security is critical for application safety today, tips for incorporating robust protection into any coding process and delve into the implications of potential cyber risk at boardroom levels.

The Panelists:

Mathieu Gorge, an internationally acclaimed cybersecurity expert, is the founder and CEO of VigiTrust, a risk management company. With his prolific work in this field recognized by Forbes - authoring 'The Cyber Elephant In The Boardroom' - he's set to release his second book due out summer of 2023!

Cathy C. Smith is a leading authority in the DX space, pushing boundaries and driving innovation through her experience with major global organizations such as Deutsche Bank and Dell. She is the founder of Women in Tech NJ & NY. Her book "How to Become a Digital Leader" provides insights on leading organizations into emerging technologies that remain future-proofed for success.

Nick Vigier is a highly esteemed cybersecurity expert with extensive knowledge and experience in the field. He has been a CIO or CISO at many successful companies, including Talend, Sony, and Gemini. His vast knowledge makes him the go-to expert for media outlets looking to understand the ever-changing security landscape.

Ed Adams is a leading software quality and security authority, offering over two decades of expertise. As President & CEO of Security Innovation, creator & host of 'Ed TALKS' and board member for Cyversity – he's established himself as an industry thought leader with invaluable insights to share.

Ed TALKS: The Cyber Elephant in the Boardroom

Overwhelmed by this year's industry predictions? Take back your time and avoid forecast fatigue as our industry experts have combed through the top reports to uncover essential insights and shed light on the best, and the worst, Cloud Security predictions for 2023.

Join our three industry experts as they de-bunk some of the top predictions and offer their own. Featuring research from the Cloud Security Alliance, our diverse panel of published authors will provide a deeper understanding of what to focus on for this year – including bonus “dark horses”!

The ‘Can’t Miss’ Panel:

Shira Rubinoff: A top cybersecurity influencer with 20,000+ LinkedIn followers; an entrepreneur, executive, board member, and advocate for women in cyber.   

John Yeoh: The VP of Research at the world’s leading organization dedicated to defining best practices to help secure cloud computing environments.

Matthew Rosenquist: A trusted, respected CISO highly sought after as a conference keynote speaker, strategic advisor, and educator.

Ed TALKS: Keep Your Head in the Cloud | The Uncensored Security Forecast

In recent years the cybersecurity industry enjoyed high valuations, rapid growth, and the creation of many ‘unicorns.’ However, the industry has also had its fair share of overhyped expense/debt-laden companies. Cybersecurity investors have pumped the brakes with a global economic slowdown and generational inflation. Path-to-profitability has quickly become a paramount metric, once de-prioritized for growth, often despite massive losses.

This Ed TALKS will feature diverse perspectives from a cybersecurity investment banker, entrepreneur/executive, and venture capitalist.  Attend to hear how today’s technology and investment trends are changing the way we operate in cybersecurity and get expert advice on:

• Challenges of running a VC/PE-backed cybersecurity company
• Valuation calibration and investment appetite
• Metrics to watch closely, stress, or de-emphasize
• ‘Red herrings’ cyber leaders need to avoid chasing

Ed TALKS: Cybersecurity M&A – True Tales From All Sides

Modern application design and the continued adoption of DevOps expand the scope of automated security testing and push tools to the limit. Simultaneously, complex platforms like IoT and Blockchain require more specialized tools and skills.

With software applications being more assembled than coded, and cloud CI/CD accelerating release, it’s time to sunset some legacy tools and consider new ones.

Come hear how product and application security professionals plan to scale software securely in 2022.

• The traditionalists: SAST, DAST, IAST
• Replacement players: SCA, API & container security, etc.
• New Kids on the Block: IaC, cloud native, fuzz
• Limitations, pitfalls, and best practices

Ed TALKS: Scaling AppSec – Getting Tools to Perform

The modern enterprise is highly dependent on the cloud and software-driven systems. To protect them, teams need relatable training that reflects the technologies they work with. Otherwise, they’ll tune it out.  

Recent Ponemon Institute research shows that realistic simulation training tied to a specific job function is the most effective way to prepare teams for the battles they’ll face. By utilizing hands-on training in a familiar environment, teams can enumerate security risks in a native context. 

Come learn the strategies of three security & technology leaders to up level skills of various  audiences, create engagement, and drive lasting behavior change.

Ed TALKS: How to Train IT Teams for Security

Data security is always top-of-mind for cybersecurity executives; however, emerging technology and attack developments will pose new risk to the data we try to secure.

Come hear how 3 leaders approach dynamic threats of the 20's, including:

• Tech Temperature – Hot or cold? 
- Artificial Intelligence 
- 5G: too dense and fast for its own good? 
- Applied Crypto: Blockchain, NFTs, and de-centralized trust
- Quantum computing

• Intrinsic Dependencies
- Cloud: expansion or evaporation?
- Passwords, authentication, biometrics 

• Changing Attack Landscape

Ed TALKS: Keeping Secrets – The Future Threats to Data are Here

Got D&I on your mind? You should.

It’s a scientific fact that diverse teams make better decisions, operate more profitably, and are more innovative problem solvers. The cybersecurity talent shortage is a crisis, yet the diversity gap is stark with women and minorities, and we haven’t figured out how to cultivate this talented pool.

Find out how it’s done – from experts who have succeeded and have dedicated themselves to the cause.

Featuring fresh research from The Ponemon Institute, this panel will discuss the state of D&I in cybersecurity, including:

• Trends and other data that highlight disparity
• What roadblocks (still) exist and strategies to blast them out of the way
• Where and how to find untapped talent and how
• How globally recognized organizations have successfully built D&I programs

Hope you can join us as we band together to advance D&I in cybersecurity.

Ed TALKS: Diversity & Inclusion in Cybersecurity – Reaping the Rewards

2022 kicks off on the heels of Log4j and other soft spots of our technology underbelly. These warts on our security playbooks highlight the importance of supply chain and software diligence. Join 3 security experts as they discuss Ed’s thoughts on 2022 and what industry analysts predicted (right and wrong).

• Third-Party Breaches - increased attacks on both the vendors’ products and the enterprise ecosystem, driving the need for Software Bills of Materials (SBOMs).

• Cloud & API Risk - both will be used much more than they are understood from a security perspective, leading to a “dark cloud” of misconfigurations and data leaks.

• Evolving Responsibilities, Org Charts and Titles - knowledge continues to be pushed into technical teams, whilst security and risk-based decisions move closer towards the Board of Directors.

Security’s Three-Ring Circus: Cloud, Supply Chain, and Staff

Organizations are increasingly relying on microservices to modernize and scale in today’s distributed tech ecosystem. Microservices facilitate continuous delivery and deployment by offering loose coupling through modularity, fault isolation, and resiliency. However, the resulting distributed systems are often complex, with large attack surfaces, making traditional security assessments difficult.  

To maintain consistent security levels, teams need to standardize practices and recalibrate assessment techniques. Come learn how industry experts from product security, engineering, and product management integrate risk-based approaches to their software pipeline to release software more confidently.  

Topics include: 

- Security as a Service: Arming teams with pre-secured libraries, assessment templates, security guidance, and hardened frameworks
- Rapid Risk Assessments: Evolving beyond monolithic SAST/DAST scans towards rapid component analysis
- Modern Vulnerability Management: Optimizing classification systems based on component criticality, business impact potential, and mitigating controls

Ed TALKS: Securing Microservices in Today’s Fast, Feature-Driven SDLC

To meet the demand for feature-rich software, companies rely on emerging technologies and rapid release cycles.  However, they often lack confidence in their teams to build and deploy it securely.  Leaders need a playbook that goes beyond just training developers on secure coding and reflects how teams want to learn.   

Join this Ed TALKS to hear how three professionals have up-leveled skills at Intuit, Microsoft, and Atlassian and gain insight from benchmark data from Security Innovation’s own expansive user base.

Ed TALKS: Security Upskilling Software Teams

The enterprise of things (EoT) encompasses all the "things" that get pulled into an enterprise's infrastructure. Not just IoT but also operational technology, office endpoints, WFH devices, and more. The 2020 rush to work-from-home, the proliferation of 5G, and an increased dependency on personal devices are burdening  IT with a more diverse attack surface and devices that don't conform to corporate standards. 

Leaders need to adjust their cyber-risk-mitigation playbooks. Come listen to three industry experts discuss this hostile ecosystem and the defenses they've put in place to adapt.

Topics include: 
- Securing the software that runs the Enterprise of Things
- Managing risk in corporate networks where IP is no longer isolated
- Evolving techniques in attack surface management and threat modeling
- Practical tips for minimizing IoT data leaks and adopting zero trust
- Managing device decay and non-standard configurations

Are IoT & BYOD dead? Why today we live with the Enterprise of Things

Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend.  This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.    

Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach.  This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.

Steal the Attackers Playbook with Purple Teams

Attitudes toward privacy have an amazingly broad spectrum.  Laws like CCPA and GDPR are forcing organizations to build privacy programs, but their robustness varies significantly based on geography, industry, and consumer views. Counter forces of IT Security, Data Breaches, and IoT put privacy at risk every day.  Come listen to 3 industry experts discuss privacy in the context of today’s digital world. They will discuss the organizational impacts of privacy, compliance drivers, and the difference between data security and data privacy.  

Topics include: 
 • Impacts of emerging technologies (5G, Artificial Intelligence, etc.) on privacy programs
 • How the WFH movement has changed corporate privacy and security strategies
 • Findings from the recent study "Privacy and Security in a Digital World” by The Ponemon Institute
 • The battle between security and privacy (corporate, law enforcement, compliance, personal) 
 • Practical tips on how to protect both privacy and data security

Ed TALKS: Privacy in a Gossipy, Digital World

High-performing InfoSec programs are critical to protecting sensitive data, securing systems, and maintaining compliance. However, organizations continuously struggle with the “how are we doing?” question.

Attend our next Ed Talk to learn how to identify key metrics and implement measurement vehicles to understand your real security posture.

* Benchmarking: What do you measure? And against what?

* Analysis Paralysis: What to do with the results and avoiding misleading and distracting data

* Metric Traps: Red flags versus red herrings

Are we there, yet? Measuring effectiveness of InfoSec programs

Edna Conway (Microsoft) & Octavia Howell (Equifax) join us for an exclusive panel on avoiding supply chain burns. Supply chain risk is not going away, especially not software updates that fuels the IT-dependent enterprise. The SolarWinds hack has sowed doubts about the fidelity and security of 3rd-party tech.  Despite significant damage, some organizations successfully thwarted the attacks despite using the vulnerable SolarWinds Orion appliance – how did they do it and what can we learn from it.

This Ed TALK brings respected cybersecurity and supply chain experts together to discuss what companies that build and use technology can do to protect themselves in this increasingly partner dependent world.

Topics include:
Knowing your ingredients – SBOMs (software bill of materials)
I spy  – can we detect or prevent “tainted” software updates
Walking the walk –  let’s talk effective defense-in-depth, incidence response, network segmentation, and “zero-trust”
Avoiding the recency trap – risk rating threats to avoid knee-jerk reactions  
Robots to the rescue – can AI be the solution to real-time threat intelligence?

Ed TALKS: SolariGate – Avoiding Supply Chain Burns

Software teams regularly deal with rapid release cycles, dozens of technologies, and relentless threats. They generally want to incorporate security ways but are often unsure how (or why.) 

Regardless of the development process, there are common security activities and tools that need to be assimilated.  In this edition of Ed TALKS, a panel of three industry experts provide practical tips on improving maturity and making security a natural part of software development.   

Topics include:
- Practical automation throughout development and delivery
- How to motivate your team to care about security
- Assessing and benchmarking your SDLC maturity
- Not so fast: Activities to automate or skip at your own risk 

Our panelists include:
Sasha Rosenbaum: Product Manager, GitHub
Throughout her career, Sasha has worked in development, operations, consulting, and cloud architecture. Sasha is an organizer of DevOpsDays Chicago, a chair of DeliveryConf, and a published author.

Sebastien Deleersnyder: Founder, Toren
Sebastien is the project leader for the OWASP SAMM maturity framework. He is a well-known instructor and threat modeling advocate.  Earlier in his career, he served as a security architect for large telcos, banks, and logistics firms.
 
Dinis Cruz: CTO and CISO, Glasswall
Dinis is a well-known software security leader. He served on the OWASP board of directors for six years, has trained thousands of people globally, and has written books on cybersecurity and modern software development.

Ed TALKS: Fast-Tracking Software Assurance, Making Security Part of Software Dev

The payment ecosystem is a complex one that is exposed from multiple points: Data interception, identify theft, and other attacks primarily target insecure software, APIs, and communication protocols that are difficult to lock down. 

To secure data within the payment infrastructure retailers, software providers, financial institutions, and device manufacturers need to implement risk-based practices.  Come hear three industry experts - Kara Gunderson (CITGO) and Ira Winkler (author, "You Can Stop Stupid"), Phil Agcaoili (Ponemon Institute Fellows) - discuss how to do this in a practical manner.

Topics include:

• Biggest threats and common attack vectors
• Dealing with POS (point of sale) systems
• End to End encryption – is it even possible?
• Managing software updates
• Passing with A’s: Authentication, Authorization & Access

Ed TALKS: Paying it Forward – Securing Technology in the Payment Ecosystem

The use of cloud services and infrastructure continues to skyrocket. Meanwhile, the proliferation of turn-key SaaS solutions makes it compelling for enterprises to use cloud-based software.  Organizations are spinning up servers and databases in minutes, moving their applications to take advantage of CSP scalability, and mistakenly assuming they are immediately more secure. 

There’s no doubt the cloud can deliver on the promises of improved scalability, availability, and security; however, consumers need to do their part. Come listen to 3 experts debate data and software security in the cloud. Topics include:

• Key considerations - new skills, migration challenges, compliance implications
• Unwanted surprises - misconfigurations, application rewrites, open data buckets
• Attack vectors  - how they impact data flow and storage models
• Sunnier days -  must-do’s for securing cloud software

Ed TALKS: Cloudy at the Breach – Your Software, Your Data, Your Loss

Principle-based approaches have long been at the core of “traditional” engineering disciplines. However, when it comes to building software and IT systems, best practices around encryption, access control, and authorization are often lackluster. The ability to understand and apply security concepts is essential to protecting today’s digital business.

Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals whose collective experience spans Fortune 500 technology, financial services, and medical device industries. 

JOSHUA CORMAN
Founder of I Am the Cavalry (dot org). His approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. 

UMA CHANDRASHEKHAR
Leader of the Global Information Product Security function at Alcon. She holds several patents in information security, privacy, and reliability and was an invited council member of the U.S. Federal Communications Commission’s Security, Reliability, and Interoperability Council (CSRIC).

MARK MERKOW
CISSP, CISM, CSSLP. A prolific author and advocate for building security into the SDLC with software-quality and security activities, tools, processes, and education. 

Topics to be discussed:

* Why and for whom are security principles important? 
* Have principles become a lost art form, or did they never really take off?
* What is the most underutilized principle? Does it vary based on tech stack and deployment?

FREE GIVEAWAY
We'll also be raffling off three copies of Mark Merkow's latest book "Secure, Resilient, and Agile Software Development" during the webinar.

Ed TALKS: Back to Basics: The Imp. of Security Principles in Technical Roles

Ed TALKS

With the proliferation of COTS, Open Source Software, libraries, frameworks, APIs, and other components, modern software is increasingly assembled instead of coded from scratch. While this shift helps deliver feature-rich solutions and interoperability, it also introduces risk and data security challenges.

To manage 3rd-party risks, new assessment and mitigation techniques are needed. Fixing the code is often impossible, pen testing can be limiting, and patching still leaves you exposed.     

Join host Ed Adams, a Ponemon Institute research fellow, for a panel discussion with security professionals, including:

JOHN MASSERINI
Global CISO, Millicom (Tigo) Telecommunications
An industry-recognized leader, John has decades of experience providing Information Security services to multinational organizations in diverse verticals. He is a prolific author and speaker and previously served as CISO for MIAX Options Exchange and Dow Jones.  

CHARISSE CASTAGNOLI
General Counsel & Manager,  Instapay Flexible LLC
Charisse has over 30 years of experience in the IT industry.   She combines her technology expertise with security and legal skills to help organizations meet their security and compliance needs.  She is an adjunct Professor of Law at John Marshall Law School.    

FRED PINKETT
Product Director, Absorb Software
Fred is a technology expert with 20+ years of experience in the SaaS, Cloud, and cybersecurity fields.   Throughout his career, he has worked closely with engineering and marketing teams to bring high-quality and secure products to the market.

Join us the hear these experts debate the following topics:
- Conducting software composition analysis (SCA) 
- Assessing threats and impacts
- Risk-rating your inventory
- Selecting the right controls

Ed TALKS: It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb

COTS

Cloud

Cloud Security

Application Security

Threat Management

Supply Chain

Attack Vectors

SDLC

AppSec

Cloud Applications

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Ed TALKS: It’s Not Me, it’s You! Kicking 3rd-Party Software Risk to the Curb

Presented by

About this talk

Bureau Veritas Cybersecurity