Silicon Valley Cybersecurity Meetup

Agenda:

6:00 - 6:15pm: Introduction
6:15 - 7:00pm: John Craft - Beyond the Scanner: What It Really Takes to Secure Containers
7:15 - 8:00pm: Networking

Summary of the talk:
Container security isn’t just about running a scanner and fixing CVEs. With SBOMs, VEX statements, and evolving supply chain risks, the real challenge is knowing when a container is truly secure. This talk explores the limits of today’s scanners, how to use SBOMs and VEX effectively, and practical steps for building and deploying secure images. Attendees will leave with a clear framework for moving beyond “passing scans” to genuine container security.

Speaker bio:
John is a Solutions Engineer at Docker, where he helps organizations streamline and secure their software delivery pipelines. Prior to Docker, he co-founded Privacy Dynamics, a Seattle-based startup focused on simplifying data privacy and compliance. With a career rooted in building SaaS products, John has extensive experience scaling engineering teams and bringing complex technologies to market.

Agenda:
6:00 - 6:15pm: Introduction
6:15 - 7:00pm: Hasan Palaz - Securing the Patient: Secure AI and Cybersecurity in Medical Devices
7:15 - 8:00pm: Networking

Summary of the talk:
Join us for an insightful session where we will explores the intersection of cybersecurity, artificial intelligence, and medical technology. This talk will cover:

• An Introduction to Cyber Security of Medical Devices and the evolving FDA regulatory landscape
• A deep dive into FDA Cybersecurity Requirements for medical technologies
• The Security Development Life Cycle (SDLC) in both premarket and postmarket phases
• Emerging challenges and strategies for securing AI-powered medical devices

Whether you're in healthcare, cybersecurity, or AI development, this session will provide valuable perspectives on protecting patients in an increasingly connected world.

Speaker bio:
Hasan Palaz is a Principal Product Security Architect at GE HealthCare, with over 30 years of experience in technology and product development. He is passionate about embedded security, cryptography, secure and mobile communications, data protection, and IoT security.
Throughout his career, Hasan has contributed to numerous R&D projects, taking ideas from concept to minimum viable product and deployable technologies. He has held key roles as an architect, project leader, FW engineer and engineering manager, driving innovation across complex systems in critical industries.
Hasan specializes in the intersection of cybersecurity, regulatory compliance, and emerging technologies such as AI. His current focus is on enhancing the security posture of medical devices, ensuring alignment with FDA regulations and addressing the challenges of today’s evolving threat landscape.
LinkedIn profile: https://www.linkedin.com/in/hasan-palaz-1bb84029/

Agenda:

6:00 - 6:15pm: Introduction
6:15 - 7:00pm: Gopi Ramamoorthy - Are you worried about data breaches? Let's change the Pentest Strategy!
7:15 - 8:00pm: Networking

Summary of the talk:
Cyber threats continue to evolve in different forms and grow at exponential speed. Majority of the companies conduct pentests periodically to identify the risk and proactively take measures to protect the systems. The companies also conduct multiple cybersecurity pentests using internal security testing teams and through bug bounty programs. But a large number of companies still face multiple security incidents including data breaches each year. Speakers with his experience of managing security for highly regulated industries such as finance and healthcare for over 15 years will deep dive into what are the critical tests that are not included in pentests. This session will list top 10 things that should be included in pentests but not included. First half of the session, the speakers will discuss why these top 10 are not included by providing details on technology limitations, process boundaries, and methodologies of current pentests. Second half of the session will be on how to overcome the technology and process barriers to eliminate above shortfalls to improve the benefits of pentests and secure the organizations. Pentesters most of the time focus on breach attack surface (BAS) while they should prioritize the protect surface. Pentesters also heavily rely on OWASP top 10 threats, and vulnerabilities that have assigned CVEs but many vulnerabilities in some of the new threat categories do not have assigned CVEs. Those categories are Zero Trust vulnerabilities (vulnerabilities in access control for not following ZT), Identity management, SSO integration and configuration vulnerabilities, data exposure or leak vulnerabilities, AI system vulnerabilities, and supply chain integration vulnerabilities. Speakers will provide related examples/case studies. As mentioned above, the second half of the session will focus on what needs to be changed in strategy, process and technology to overcome the above limitations. The speakers will go deep dive on technical details to build a risk register and align the timing, strategy, goals of the pentests with the risk register. Ransomware attacks and data breaches have become very common and it has become a real nightmare to many CISOs. The speakers will address how to reduce the risk of these two using pentests. Finally, speakers will highlight how GenAI can be used to improve the pentests and can become a core part of the cybersecurity professionals’ toolbox!

Speaker bio:
Gopi Ramamoorthy, with over 15 years in information security and compliance, has risen from engineering roles to leadership positions in sectors like Finance and Healthcare. He has built security monitoring infrastructure for startup and large enterprises including the systems that
processes $350 billions in financial transactions. He managed security compliance for multiple units, had been part of 300+ audits and consistently maintained an impeccable record of zero findings. Gopi's contributions extend beyond his core work; he's an active leader in infosec
forums and served at ISC2, ISACA, CSA in leadership roles since 2013. Gopi is an advisor for multiple Cybersecurity and AI companies. Certified with CISSP, CISA, CIPP/US, and CISM, Gopi is currently the Head of Security and GRC Engineering at Symmetry Systems. Gopi has
spoken at multiple conferences on Cybersecurity, AI, and Privacy including at RSA San Francisco, ISACA, ISC2, OWASP, CSA, IIA, BSides, and multiple regional conferences.