“Hacking the Software Supply Chain” – Super Cyber Friday

Please join us on Friday, May 19th, 2023 for Super Cyber Friday.

Our topic of discussion will be “Hacking the Software Supply Chain: An hour of critical discussion of catching intruders to your SDLC pipeline.”

>> Register for the 5-19-23 episode of Super Cyber Friday <<

Joining me, David Spark (@dspark), producer of CISO Series, for this discussion will be:

In preparation for our discussion, think about the following:

  • How are hackers getting into your supply chain? 
  • What stages (development, testing, production, maintenance) are they getting in? Is one stage weaker than the other? Or an element of each stage weak?
  • What power do they have once they get in? How can they move laterally around your environment?
  • How can the use of honey tokens be used to catch and track those who try to infiltrate our CI/CD pipeline?
  • How are they taking advantage of secrets (e.g. authentication information)?
  • Honey tokens shouldn’t just be used for defense, but to understand behavior. Can we get information about what they’re doing? Can we monitor behavior as well and see how they escalate an attack?
  • How do we stop watering hole attacks? Is it enough to just use a trustworthy library? And how do we know if a library is trustworthy?

It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we’ll switch gears to our meetup where everyone will get a chance to chat face to face.

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor GitGuardian.

ALSO…

  • Best bad ideas get first responses in “Department of YES” or “Beat the Bad Idea”.
  • The BEST bad idea wins an award and a really awesome CISO Series jacket. Also, if you register early by the Tuesday (5pm PT) of that week’s video chat, you will be entered into a raffle where one lucky register will win a jacket (Winners must be US residents. Repeat winners get a $25 Amazon gift card).

Super Cyber Fridays are open discussions where all viewers and listeners are welcome to become participants. Before the scheduled event, connect your webcam and microphone (avoid Bluetooth) and test your equipment here. During the discussion, if you have a question or comment, let it be known in the chat room and our producer will do his best to get as many of you into the conversation. We look forward to you joining us.

David Spark
David Spark is the founder of CISO Series where he produces and co-hosts many of the shows. Spark is a veteran tech journalist having appeared in dozens of media outlets for almost three decades.