This is part three of our ongoing SANS ASM Virtual Conference blog series -if you’re new, check out part 1, and part 2. In each, we offer attendees an inside glimpse into an upcoming talk and the speakers presenting at this first-of-it’s kind event.
Exchanging Zero Days Panel – Where Do We Go From Here?
The SANS ASM Virtual Conference on April 14th will feature some of the industry’s foremost experts chatting about security’s newest tectonic shift – the explosion of today’s attack surface. In this series, we catch up with some of the speakers to give you a preview of what to expect at next month’s event. In this blog, we look at the panel Reuter’s reporter Joseph Menn will be moderating with SAP CISO Richard Puckett, Former Square CISO Window Sndyer, Former NSA General Counsel Stewart Baker, and Randori Co-Founder David “moose” Wolpoff.
The Rise of Zero Days:
The Microsoft Exchange email server breach wasn’t the first major cyber attack to make headlines, and it won’t be the last. As we advance into a world of remote working and cloud-based ops, the business world is becoming more exposed and attacking them is getting more lucrative. At some point, the industry must reach a tipping point where their goal is no longer to be secure, but rather to be resilient. Join Reuter’s Joseph Menn and a panel of cyber experts as they break down how they see security evolving in the wake of the Exchange breach, and how Attack Surface Management can help organizations reduce risk and workload in the face of the new bevy of threats. The panel will cover and answer hard-hitting questions for the audience, such as: what role policies/regulations can play in reducing cyber risk? How can we as a society work together to build more resilient systems? And what role active defense, or “Defending Forward,” has in preventing the next SolarWinds/Exchange breach?
Register here to attend the panel
About the Moderator:
Joseph Menn – Reuters (@josephmenn)
An investigative reporter for Reuters, Joseph Menn is the longest serving and most respected mainstream journalist on cyber security. He has won three Best in Business awards from the Society of American Business Editors & Writers and been a finalist for three Gerald Loeb Awards. He’s the author of Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World and The Hunt for the New Crime Lords who are Bringing Down the Internet. The latter exposed the Russian government’s collaboration with organized criminal hackers and was named one of the 10 best nonfiction books of 2010 by Hudson Booksellers. He previously worked for The Financial Times, Los Angeles Times and Bloomberg and has spoken at conferences including Def Con, Black Hat and RSA. He grew up near Boston and lives in San Francisco.
About the Panelists:
Richard Puckett, CISO – SAP
Richard Puckett is the Chief Information Security Officer and Global Head of Cyber Defense and Design at SAP, leading Security Operations, Cyber Intelligence and Incident Response across the company.Prior to joining SAP, he was the Vice President for Security Operations, Strategy & Architecture at Thomson Reuters, as well as the VP of Product & Commercial Security at General Electric, building up GE’s program for Industrial Cybersecurity & IoT. Richard has over 25 years of experience in Information Technology & Cybersecurity. He routinely participates in National and International exercises for Cybersecurity and the protection of Critical Infrastructure, focusing on improving the working relationships between Public and Private sector entities in the areas of Cyber Intelligence, Crisis Management and Cyber Policy. He is also the author of “Automated Deployment & Customization” by Macmillan Technical Publishing and Co and the author of “Managing Enterprise Active Directory Services” by Addison-Wesley.
Window Snyder, Former CSO – Square (@window)
Window Snyder is a security industry veteran and former Chief Security Officer at Square, Fastly and Mozilla. She previously spent five years at Apple responsible for security and privacy strategy and features for OS X and iOS. Other roles include Chief Software Security Officer at Intel, Chief Security Something-or-Other at Mozilla and a founder at Matasano, a security services and product company based in New York City, acquired by NCC Group in 2012.
As a senior security strategist at Microsoft in the Security Engineering and Communications organization, she managed the relationships between security consulting companies and the Microsoft product teams and the outreach strategy for security vendors and security researchers. Previously she was responsible for security sign-off for Windows XP SP2 and Windows Server 2003. Ms. Snyder was Director of Security Architecture at @stake. She developed application security analysis methodologies and led the Application Security Center of Excellence. She was a software engineer for 5 years focused primarily on security applications, most recently at Axent Technologies, now Symantec.Ms. Snyder is co-author of Threat Modeling, a manual for security architecture analysis in software.
Stewart Baker – Former General Counsel, NSA (@stewartbaker)
Stewart Baker is a partner in the law firm of Steptoe & Johnson in Washington, D.C. From 2005 to 2009, he was the first Assistant Secretary for Policy at the Department of Homeland Security. His law practice covers cybersecurity, data protection, homeland security, and travel and foreign investment regulation; he has been awarded one patent.Mr. Baker has been General Counsel of the National Security Agency and General Counsel of the commission that investigated WMD intelligence failures prior to the Iraq war. He is the author of Skating on Stilts, a book on terrorism, cybersecurity, and other technology issues; he also hosts the weekly Cyberlaw Podcast.
David “moose” Wolpoff, Co-Founder & CTO – Randori (@hexadecimoose)
David Wolpoff (moose) is co-founder and CTO of Randori. David is a recognized expert in digital forensics, vulnerability research and embedded electronic design. Prior to founding Randori, David held executive positions at Kyrus Tech, a leading defense contractor, and ManTech where he oversaw teams conducting vulnerability research, forensics and offensive security efforts on-behalf of government and commercial clients. David holds a Bachelor of Science and Master of Science degrees in Electrical Engineering from the University of Colorado.
Don’t miss the SANS Attack Surface Management Virtual Conference: Register Now