Recorded:    August 15th | 2024      Watch

Navigating the complex landscape of software supply chain compliance is more critical than ever. With evolving legislative mandates and stringent mandatory requirements, staying compliant can seem daunting. This session will help teams cut through the red-tape by providing valuable insights into key legislative requirements and mandatory standards to ensure your organization is well-prepared to meet these challenges head-on, and attendees will:

• Gain a comprehensive overview of Executive Order 14028 and OMB Memo 22-18, and learn how these directives impact software supply chain compliance.
• Explore the critical requirements of PCI-DSS 4.0 and other industry standards, ensuring your software supply chain adheres to the highest security protocols.
• Discover effective tools and techniques to streamline compliance processes, reduce risks, and maintain a robust security framework within your organization.
• Learn from case studies and practical examples of successful compliance management in various industries, gaining insights into overcoming common challenges and implementing effective solutions.

 Who Should Attend?
This webinar is ideal for compliance officers, IT managers, software developers, cybersecurity professionals, and anyone involved in the software supply chain who wants to stay ahead of regulatory requirements and ensure their organization remains compliant.

Moderator

Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.

Panel

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium and the founder of Security Weekly, a security podcast network (acquired by CyberRisk Alliance in 2020). Paul's previous roles have been spent “in the trenches” coding in Python, testing security products, and evaluating and implementing open-source software. Paul's career began by implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management.  

Charlie Jones, CISA,(ChCSP, CISSP, CISA), Director, Product Management at ReversingLabs. Charlie is currently a Director of Product Management and subject matter expert (SME) in supply chain security, digital trust, and product strategy. Formerly a consultant at PwC, Charlie has 10 years experience delivering strategic transformation initiatives, specializing in cyber security, third-party risk management, and IT audit programs for Fortune and FTSE 100 financial service institutions. An active member of the global cyber security community, Charlie regularly publishes thought leadership, speaks at high-profile conferences, participates in industry working groups, and helps shape international standards through his position on the Technical Advisory Panel for the UK Cyber Security Council. Recently honored with the prestigious CSO 30 Award, Charlie is recognized as a top security leader in the UK, demonstrating outstanding business value, innovation, and contributions to the wider community. LinkedIn: https://www.linkedin.com/in/charlie-jones3/

Brian Fox, Co-founder and CTO of Sonatype, Brian Fox is a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences. https://www.linkedin.com/in/brianefox/

Andrew Dorminey is currently a GRC Specialist Solutions Engineer at OneTrust, an industry leader in third-party risk management technology. Formally a consultant for EY, Andrew has spent the better portion of the past decade understanding client use cases and advising best practices utilizing technology in an everchanging regulatory landscape. Andrew is also a United States Army veteran.