April meetup

We're excited to announce our upcoming April meetup, which will be hosted by the wonderful team at Truffle Security. Get ready for insightful discussions, delicious refreshments, and the chance to network with some of the brightest minds in the industry.
Agenda:
5-5.45Pm :- Doors open, networking and food
5.45-6.30PM :- Do SBOMs Solve the Problem of Software Supply Chain Attacks?
6.30-7.15PM :- Pentests did not stop data breach(s). What's wrong and what needs to be changed?
7.15-8 PM :- Secrets from a bygone era
8PM Doors closed.

Talk#1 Do SBOMs Solve the Problem of Software Supply Chain Attacks?

Description:
As many may know, a Software Bill of Materials was mandated by Executive Order 14028: Improving the Nation’s Cybersecurity. The Executive Order was a direct consequence of the infamous Solar Winds Hack, the most famous example of a software supply chain attack. The perpetrators of this particular offense were not after money. They were after government and corporate secrets. They were after control on a world-wide scale. What is the best way to infiltrate multiple companies, governments and their branches? In this case, targeting a network management system called Orion. The CEO of SolarWinds estimated that 18,000 customers could have been affected by the hack. He knew that because about 18,000 customers had downloaded the malware disguised as a patch. What was supposed to be a routine update turned out to anything but routine. The attackers were believed to be Russian state affiliated. They had managed to gain control by infiltrating the build process. To this day, we do not know the extent of their infiltration.
To counter supply chain attacks, SBOMs were included in the executive order. Overnight, new and existing companies were touting their “solutions”. Do they work? Do SBOMs solve software supply chain problems? If not, what will?

Speaker: Robert Marion, Product Security Architect at Baxter Health Care. Formerly Lead Product Security Engineer at Citrix.

Talk#2: Pentests did not stop data breach(s). What's wrong and what needs to be changed? by Gopi Ramamoorthy
Session Overview: Cyber threats continue to evolve in different forms and grow at exponential speed. Majority of the businesses do conduct pentests periodically but still face multiple security incidents and data breaches. Adoption of new technologies including AI has added another dimension of threats to data security. In this presentation, the speaker will discuss short falls of pentests and how they can be aligned towards testing potential data security vulnerabilities and improving the overall data security posture of the organization you manage.
Speaker:
Gopi Ramamoorthy, with over 15 years in information security and compliance, has risen from engineering roles to leadership positions in sectors like Finance and Healthcare. At Fiserv, he managed security compliance for multiple units worth $350 billion in annual transactions, consistently maintaining an impeccable record of zero findings. Gopi’s contributions extend beyond his core work; he’s an active leader in infosec forums, served as ISC2 Silicon Valley President in 2013, and was on the ISACA Silicon Valley Board from 2014-2021. Certified with CISSP, CISA, CIPP/US, and CISM, Gopi is currently the Head of Security and GRC Engineering at Symmetry Systems. A dedicated professional and leader, Gopi’s expertise is widely recognized and respected in the industry. In 2023 alone, Gopi has spoken at multiple conferences on Cybersecurity and Privacy and continues to share his knowledge and experience through multiple forums!

Talk #3 - Secrets from a bygone era by Dylan Ayrey
GitHub is a platform that was designed for sharing, it wasn't designed for unsharing. So how difficult does it become to unshare? This talk will dig into all the different ways your secrets might get replicated, propagated, persisted, and shared, for decades following your mistake.