Program Overview
2022 PSIRT SIG Technical Colloquium
Wednesday, September 28th
| PSIRT SIG TC - Day 1 |
|---|
| 08:30 – 09:00 | IE Welcome and Housekeeping Emer O'Neill (VMware, IE) |
| 09:00 – 09:45 | Dell’s Software Bill of Materials (SBOM) Journey (In-person) Patricia Tarro, Aditi Sharma TLP:RED |
| 09:45 – 10:45 | CSAF, VEX, and SBOMs a Today's Cybersecurity Acronym Soup (In-person) Omar Santos (Cisco) TLP:CLEAR |
| 10:45 – 11:00 | Break |
| 11:00 – 12:00 | US Vulnerability Exploitability and Security Updates Practices (Virtual) Bruce Lowenthal (Oracle); Chandan Nandakumaraiah (Palo Alto Networks, US); Christopher Robinson (Intel, US); Jean-Robert Hountomey (AfricaCERT); Peter Allor (Red Hat, US) TLP:CLEAR |
| 12:00 – 13:00 | Lunch |
| 13:00 – 14:00 | DHS CISA: Reducing the Significant Risk or Known Exploited Vulnerabilities (In-person) Branko Bokan TLP:GREEN |
| 14:00 – 14:45 | CA CVSS 4.0 (Virtual) Angela Lindberg (SAP Global Security, CA) TLP:GREEN |
| 14:45 – 15:15 | Opening your Organization to Neurodiversity (Virtual) Marianne Rimbark TLP:GREEN |
| 15:15 – 15:30 | Break |
| 15:30 – 16:00 | Cybersecurity Employee Emotional Health (Virtual) Cassi Rodano TLP:GREEN |
| 16:00 – 16:45 | US Building Security at the Speed of Light (Virtual) Amy Rose (NVIDIA, US) TLP:GREEN |
| 16:45 – 17:30 | US Build customer Trust by Strengthening your Security Practices (In-person) Lisa Bradley (Dell, US) TLP:GREEN |
| 17:30 – 17:45 | Closing Remarks Pete Allor, Josh Dembling |
| 17:45 – 18:45 | SAP Customer Success Center |
- USTLP:GREEN
Katie Trimble-NobleKatie Trimble-Noble (Intel, US)
Katie Noble serves as a Director of PSIRT, Bug Bounty, and the Security Working Artifacts Team at Intel Corp. In her role, she leads the cybersecurity vulnerability Bug Bounty program, researcher outreach, and strategic planning efforts. Prior to joining Intel, Katie served as the Section Chief of Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA). Her team is credited with the coordination and public disclosure of 20,000+ cybersecurity vulnerabilities within a two-year period. During her government tenure, in roles spanning Intelligence Analyst for the National Intelligence Community to Senior Policy Advisor for White House led National Security Council Cyber programs, Katie’s work directly impacted decision making for government agencies in the United States, United Kingdom, Canada, and Australia.
September 29, 2022 09:45-10:30
- USTLP:GREEN
Build customer Trust by Strengthening your Security Practices (In-person)
Lisa BradleyLisa Bradley (Dell, US)
Dr. Lisa Bradley is the Director of Product & Application Security at Dell Technologies. In this role, she oversees the Product Security Incident Response Team (PSIRT) where she defines and drives vulnerability management and builds customer trust into the core of product and application security practices. Lisa has 20 years of Enterprise-class engineering and leadership experience including 7+ years leading PSIRT programs for NVIDIA and IBM. Lisa is part of the FIRST PSIRT Sig and contributed to the FIRST PSIRT Services Framework, training, and PSIRT Maturity document. Lisa has spoken at many tech-related events including FIRST, BSIMM, DerbyCon, ISACA and Security Journey. Lisa enjoys spending time with her three kids, James (12), Jesse (8) and Anna (7), and teaching as an adjunct professor at local universities.
September 28, 2022 16:45-17:30
- USTLP:GREEN
Building Security at the Speed of Light (Virtual)
Amy Rose (NVIDIA, US)
Amy Rose is the PSIRT Manager at NVIDIA and is a leader in the design and implementation of the Minimum Viable Security Bar program. She has worked in Product Security Incident Response as well as various other security roles for multiple companies and has an interest in improving processes to make life easier. Amy lives in Chapel Hill, North Carolina with her family.
September 28, 2022 16:00-16:45
- USTLP:GREEN
CERT/CC State of the State (Virtual)
Laurie Tyzenhaus (SEI CERT, US)
September 29, 2022 10:45-11:30
- TLP:CLEAR
CSAF, VEX, and SBOMs a Today's Cybersecurity Acronym Soup (In-person)
Omar Santos (Cisco)
Omar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure.
Omar is the author of over 20 books and video courses; numerous white papers, articles, and security configuration guidelines and best practices. Omar is a Principal Engineer of Cisco’s Product Security Incident Response Team (PSIRT) where he mentors and lead engineers and incident managers during the investigation and resolution of security vulnerabilities.
September 28, 2022 09:45-10:45
- JPTLP:CLEAR
CVD Coordinator Rules (In-person)
Tomo ItoTomo Ito (JPCERT/CC, JP)
Tomo Ito has been working as a vulnerability information coordinator at JPCERT/CC for 4 years. His current focuses include international collaborations regarding vulnerability coordination topics with organizations around the globe.
September 29, 2022 12:30-13:30
- CATLP:GREEN
CVSS 4.0 (Virtual)
Angela LindbergAngela Lindberg (SAP Global Security, CA)
Angela Lindberg is a Security Response Analyst working for SAP, who joined the Product Security Response Team (PSRT) in February 2018. The PSRT manages the responsible disclosure of vulnerabilities reported by security researches and hackers. In addition, the team facilitates the release of quality security fixes, monthly, for SAP’s Security Patch Day. Angela’s main responsibility is to oversee the handling of the reported cloud vulnerabilities and to provide a leadership role to the team members in Vancouver and Bangalore. Prior to joining SAP, Angela worked for a Global Banking and Financial Institution in an IT Risk Management role overseeing information security, technology and operational risk.
September 28, 2022 14:00-14:45
- TLP:RED
Cyber Fusion Center: Are PSIRT's Welcome? (In-person)
Umair Bukhari
September 29, 2022 14:45-15:45
- TLP:GREEN
Cybersecurity Employee Emotional Health (Virtual)
Cassi Rodano
Cassi Rodano has recently become the manager of the PSIRT - Technical Program Management at Dell Technologies. In this role, she oversees the team that is responsible for coordinating the response to and disclosure of vulnerabilities impacting Dell products to provide customers with timely information, guidance, and mitigation options. Cassi is part of the FIRST PSIRT SIG and a mentor in the Women in Cybersecurity (WiCyS) mentor/mentee program.
September 28, 2022 15:30-16:00
- TLP:RED
Dell’s Software Bill of Materials (SBOM) Journey (In-person)
Patricia Tarro, Aditi Sharma
Patricia Tarro is the Product Manager for Dependency Management at Dell Technologies. In this role, she is responsible for defining the Dell enterprise-wide approach to managing risks from third-party components and internal dependencies. Tricia has over 30 years of Information Technology experience, spending the past 3 years with the Product and Applications Security team. In 2020, she earned a master’s degree in Administration of Justice and Homeland Security with a concentration in Cybersecurity and Intelligence. Currently she is pursuing a doctoral degree in Homeland Security at St. John’s University in Queens, NY.
Aditi Sharma is the Product Manager for SBOM within the Product and Application organization at Dell Technologies. In this role, she is responsible for driving the Dell enterprise-wide strategy for SBOM generation, management, compliance, business alliance and customer requests.
Over the past 15 years in technology , she has enjoyed working with customers and designing solutions in automotive, telecom and security space.
Aditi is an Electrical and Electronics Engineer and holds CSPO, GIAC and Data Analytics and Visualization certifications. She is an active member of SAFECode and aspires to contribute more in the open source community.
September 28, 2022 09:00-09:45
- TLP:GREEN
DHS CISA: Reducing the Significant Risk or Known Exploited Vulnerabilities (In-person)
Branko Bokan
September 28, 2022 13:00-14:00
- TLP:GREEN
Opening your Organization to Neurodiversity (Virtual)
Marianne Rimbark
September 28, 2022 14:45-15:15
- TLP:GREEN
Taking Control of your Bug Bounty Program (Virtual)
Justas Vilgalys
September 29, 2022 09:00-09:45
- JPTLP:CLEAR
The Current State of the CVE Program with an Eye Towards the Future (In-person)
Tomo ItoChris Levendis, Tomo Ito (JPCERT/CC, JP)
Tomo Ito has been working as a vulnerability information coordinator at JPCERT/CC for 4 years. His current focuses include international collaborations regarding vulnerability coordination topics with organizations around the globe.
September 29, 2022 13:30-14:30
- USTLP:CLEAR
Vulnerability Exploitability and Security Updates Practices (Virtual)
Christopher Robinson
Jean-Robert Hountomey
Peter AllorBruce Lowenthal (Oracle), Chandan Nandakumaraiah (Palo Alto Networks, US), Christopher Robinson (Intel, US), Jean-Robert Hountomey (AfricaCERT), Peter Allor (Red Hat, US)
Jean-Robert is Security Researcher at Broadcom. He leads Product Security and Privacy Engineering efforts as well as other InfoSec roles at Brocade.
September 28, 2022 11:00-12:00
- IE
Welcome and Housekeeping
Emer O'Neill (VMware, IE)
Emer O'Neill: Emer O’Neill is the Senior Manager of the VMware Security Response Center, a group which is part of Research & Development (R&D) at VMware. With more than 19 years of technical, program management and leadership experience in the high-tech industry, Emer has been with VMware for the past 12 years and worked in the customer facing Global Support Services (GSS) as both a technical support engineer and then manager and more recently in 2016 moved to R&D leading a global team whom are responsible for analysis and remediation of software security issues in VMware products. Emer holds a MBS in Business Practice from UCC & the Irish Management Institute.
September 28, 2022 08:30-09:00
