When:    April 24th | 2025      Attend

Securing the software supply chain has become a mission-critical priority for organizations across industries. With increasing cyber threats targeting risks and threats in software development and delivery, businesses must adopt proactive strategies to safeguard their operations, ensure compliance, and maintain customer trust. Join us for an insightful webinar featuring Janet Worthington, a renowned Forrester analyst with extensive expertise in cybersecurity and software supply chain resilience.

This CPE accreddited session will provide actionable insights and best practices to help you build a secure, resilient, and future-proof software supply chain. Attendees will gain insights on:

• Proactive Risk Mitigation: Learn how to identify and assess malware and vulnerabilities across your software supply chain, from third-party components to internal development processes, and implement strategies to mitigate risks before they escalate15.
• Secure Development Practices: Discover the principles of secure coding, code review tools, and DevSecOps integration to ensure security is embedded throughout the software development lifecycle.
• Incident Response and Recovery: Gain insights into developing robust incident response plans to detect, respond to, and recover from supply chain disruptions effectively.
• Automation and Compliance: Explore how automation can enhance supply chain security by enabling continuous monitoring, vulnerability patching, and alignment with industry standards like NIST and FedRAMP113.
• Securing Third-Party Commercial Software - Discover how cybersecurity and TPCRM teams can identify risks in the commercial software they use before they purchase or deploy.

Moderator

Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.

Panel

Janet Worthington is a senior analyst at Forrester advising security and risk professionals. She covers product security, proactive security design, securing new development methods, security testing in the software delivery lifecycle, and collaboration between security, development, and product management. She has over 25 years of experience in software product development and services. As a security program manager, she helped Fortune 100 companies roll out application security programs across their organization. Janet has led software quality assurance, release engineering, and project teams at a number of startup technology companies.

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium and the founder of Security Weekly, a security podcast network (acquired by CyberRisk Alliance in 2020). Paul's previous roles have been spent “in the trenches” coding in Python, testing security products, and evaluating and implementing open-source software. Paul's career began by implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management.  

Charlie Jones, CISA,(ChCSP, CISSP, CISA), Director, Product Management at ReversingLabs. Charlie is currently a Director of Product Management and subject matter expert (SME) in supply chain security, digital trust, and product strategy. Formerly a consultant at PwC, Charlie has 10 years experience delivering strategic transformation initiatives, specializing in cyber security, third-party risk management, and IT audit programs for Fortune and FTSE 100 financial service institutions. An active member of the global cyber security community, Charlie regularly publishes thought leadership, speaks at high-profile conferences, participates in industry working groups, and helps shape international standards through his position on the Technical Advisory Panel for the UK Cyber Security Council. Recently honored with the prestigious CSO 30 Award, Charlie is recognized as a top security leader in the UK, demonstrating outstanding business value, innovation, and contributions to the wider community. LinkedIn: https://www.linkedin.com/in/charlie-jones3/

Tanner Boswell, Solutions Engineering Manager, OneTrust. Tanner manages a team of Solutions Engineers at OneTrust, unlocking every company’s value and potential to thrive by doing what’s good for people and the planet. OneTrust connects together privacy, security, IT and risk & compliance teams, so all companies can collaborate seamlessly and put trust at the center of their operations and culture. In his role, Tanner is a trusted risk technology consultant and advises companies on how to analyze risk, scale compliance, and reinforce governance to uphold trusted business operations. Tanner earned a Bachelor of Business Administration in Risk Management & Management Information Systems at the University of Georgia and holds his FIP (Fellow of Information Privacy), CRISC (Certified in Risk & Information Systems Control), GRC-P, CIPP/E and CIPM.