Application security, Compliance, Data security

Third-Party Risk / Supply Chain Risk – Alla Valente – RSA21 #3

May 19, 2021

Why is third-party risk still such a challenge? Are companies using recent risk events (pandemic, solar winds, Colonial pipeline) as an opportunity to get better at risk management? How can firms better prepare for attacks to their third-party ecosystem?

Segment Resources:

https://go.forrester.com/blogs/make-covid-19-the-supply-chains-final-cautionary-tale/

Full episode and show notes

Guest

Alla Valente

Senior Analyst at Forrester Research

http://forrester.com/

Alla is a senior analyst at Forrester serving security and risk professionals. She covers governance, risk, and compliance (GRC), third-party risk management (TPRM), contract lifecycle management (CLM), and supply chain risk with a special focus on risk management frameworks. In this role, Alla helps Forrester clients establish strategy, adopt best practices, define a governance framework, and select technology to manage risk, improve business resilience, and strategic value-add. Her research also includes ethics and trust in digital transformation, enterprise risk management (ERM), and protecting the organization’s brand.

Hosts

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Matt Alderman

VP, Product at Living Security

DevOps

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl’s Anniversary – ASW #233

March 20, 2023

Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl.

DevOps

Automating Security With Static Analysis – Josh Goldberg – ASW #233

March 20, 2023

Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting ...

DevOps

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309

March 16, 2023

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of ...

Third-Party Risk / Supply Chain Risk – Alla Valente – RSA21 #3

Guest

Hosts

Related

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl’s Anniversary – ASW #233

Automating Security With Static Analysis – Josh Goldberg – ASW #233

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309