ISSA-LA January 19 2022 Virtual Meeting – InfoSec Leaders Panel

The Software Supply Chain is in Distress– What Can We Do?

Until now, software and data (or services) supply chains have focused on systems network security. However, recent events, most notably Log4J, Solar Winds, and Microsoft On-Premise Exchange, besides ruining the nights and weekends of security practitioners worldwide, have brought attention to even more issues. In addition to the headlines and board level questions these events bring, a bright light is now being shone on security issues in source code security, intellectual property, and even massive liability.

What could your company have done to prevent a Solar Winds and log4j type attack? Can we trust other people’s code? What are the predictions for the next types of attacks? Whether your company makes solutions that deploy into the enterprises of your customers, acquires other companies that make software solutions, or integrates these tools into your business, this panel discussion will answer these important questions and provide an overview of the challenges and ideas you can take away to support your Information Security Program.

Richard Greenberg, CISSP, Moderator
Richard, a well-known Cyber Security leader, evangelist, advisor, and speaker, brings over 30 years of management experience, including being a CISO for 15 years. He is an ISSA International Distinguished Fellow, is on their Honor Roll, and is president of the ISSA Los Angeles Chapter. He has been on the OWASP Global Bd, and led the OWASP LA Chapter for many years.
You may have heard Richard’s interview as a Cyber Security expert on Will Ferrell’s Ron Burgundy podcast:

Richard is the Founder and CEO of Security Advisors LLC, which offers security risk assessments and network and application penetration testing, allowing organizations to continuously assess their internal and external cyber risk posture and meet compliance requirements.

John D. Johnson, Ph.D., CISSP, CRISC
John Johnson has more than 25 years of information security leadership experience across federal and various industry segments. John is currently Cybersecurity Leader for a large consumer manufacturing company. He was previously Senior Manager at Deloitte, focused on IoT and industrial cybersecurity. Prior to that was CTO at a technology startup, Security Architect at John Deere for 18 years, and developed and taught graduate cybersecurity for 16 years. John has been active with the Chicago CISO community for many years, he organizes industry conferences and is a founding board member and advisor for several non-profits and technology companies.

Bryan Hurd, VP, Stroz Friedberg
Bryan Hurd is a cybercrime, computer security, terrorism and homeland security executive with over 25 years of creating programs that have national and international impact. A U.S. Naval Academy graduate and veteran, Bryan founded the U.S. Navy’s first cyber counterintelligence program at NCIS, and built the global computer forensics program for EDS (now HP). He led innovation for the entire US watch listing system at the National Counterterrorism Center (NCTC).
MORE: https://www.linkedin.com/in/bryanhurd/
@Bryan_E_Hurd

Richard Rushing, CISO, Motorola Mobility
Richard Rushing is the Chief Information Security Officer for Motorola Mobility LLC. Richard participates in corporate, community, private, and government security councils and working groups, setting standards, policies, and solutions for current and emerging security issues. As Chief Information Security Officer for Motorola Mobility, he has led the organization’s security effort by developing an international team to tackle targeted attacks, cyber-crime, and emerging threats to mobile devices. He has organized, developed, and deployed practices, tools, and techniques to protect the enterprise’s intellectual property worldwide. A much-in-demand international speaker on information security, Richard has spoken at many of the leading security conferences and seminars around the world.
MORE: https://www.linkedin.com/in/richardrushing/