Topic: How to Identify and Mitigate Software Security Risks and Vulnerabilities.
Presenter: Joe Jarzombek, PMP, CSSLP
Date: May 15, 2018
As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the Internet of Things (IoT) supply chain must focus on the entire lifecycle. IoT is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors. With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses, vulnerabilities, and exploits.
Addressing supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploit targets; understanding how assets are attacked and providing more responsive mitigation. Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices.
Attendees will Learn:
- How external dependencies create risks throughout in IoT/software supply chain;
- How software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
- How testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT devices.
Please Note: Attendees receive PDUs or CPE’s to use for recertification credits at PMI, QAI, ASQ, ISC2, ISACA, IEEE or ISTQB, etc.
Speaker Biography: Joe Jarzombek is Director for Government, Aerospace & Defense Programs in Synopsys, Inc., the Silicon to Software™ partner for innovative organizations developing electronic products and software applications. He guides efforts to focus Synopsys’ global leadership in electronic design automation (EDA), semiconductor IP, and software security and quality solutions in addressing technology challenges of the public sector and aerospace and defense communities. He participates in relevant consortia, public-private collaboration groups, standards groups, and academic R&D projects to assist in accelerating technology adoption.
Previously, Joe served as Global Manager for Software Supply Chain Solutions in the Software Integrity Group at Synopsys. In that role he led efforts to enhance capabilities to mitigate software supply chain risks via testing technologies and services that integrate within acquisition and development processes; enabling detection, reporting, and remediation of defects and security vulnerabilities to gain assurance and visibility within the software supply chain. Jarzombek has more than 30 years focused on software security, safety and quality in embedded and networked systems. He has participated in industry consortia such as ITI, SAFECode and CISQ; test and certification organizations such as Underwriters Labs’ Cybersecurity Assurance Program, standards bodies, and government agencies to address software assurance and supply chain challenges.
Prior to joining Synopsys, Jarzombek served in the government public sector; collaborating with industry, federal agencies, and international allies in addressing cybersecurity challenges. He served in the US Department of Homeland Security Office of Cybersecurity and Communications as the Director for Software & Supply Chain Assurance, and he served in the US Department of Defense as the Deputy Director for Information Assurance (responsible for Software Assurance) in the Office of the CIO and the Director for Software Intensive Systems in the Office of Acquisition, Technology and Logistics.
Joe Jarzombek is a retired Lt Colonel in US Air Force and a Certified Secure Software Lifecycle Professional (CSSLP) a Project Management Professional (PMP) as well as a frequent key presenter at industry conferences. He received an MS in Computer Information Systems from the Air Force Institute of Technology, and a BA in Computer Science and BBA in Data Processing and Analysis from the University of Texas – Austin.
Registration and Networking: 8:00 a.m. to 9:00 a.m.
Opening Remarks: 9:00 a.m. to 9:05 a.m.
Speaker Presentation: 9:05 a.m. to 12 noon.
Lunch (Provided): Noon to 1:00 p.m. Q&A: 1:00 p.m. to 2:00 p.m.
Meeting Registration: If you would like to attend the May 15th, 2018 Quality Assurance Association of Maryland (QAAM) meeting, please register at www.qaam.org.
Once on the QAAM website:
- Click on QAAM meetings
- Then Click on Meeting Registration drop down next to QAAM Meetings
- Complete the Meeting Registration form to attend
- Click <send>.
If you have questions about the QAAM meeting or would like to register after May 11, 2018, please call the QAAM President at 571-232-0683. Fee for the attendance is $35.00 and includes lunch. Parking is free. QAAM does not accept credit cards. There is no fee if your company has a Corporate Membership in QAAM. If your company would like information about joining, or have any questions, please send us an email at firstname.lastname@example.org and we will respond promptly.
Directions: Homewood Suites by Hilton – Note the New Location
8320 Benson Drive
Columbia, MD 21045