As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the Internet of Things (IoT) supply chain must focus on the entire lifecycle. IoT is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors. With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine 'fitness for use' and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses, vulnerabilities, and exploits.
Addressing supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploit targets; understanding how assets are attacked, and providing more responsive mitigations. Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices.
Attendees will learn:
How external dependencies create risks throughout the entire IoT/software supply chain;
How software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
How testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT devices.
Joe Jarzombek is Director for Government, Aerospace & Defense Programs in Synopsys, Inc., the Silicon to Software™ partner for innovative organizations developing electronic products and software applications.He guides efforts to focus Synopsys’ global leadership in electronic design automation (EDA), semiconductor IP, and software security and quality solutions in addressing technology challenges of the public sector and aerospace and defense communities.He participates in relevant consortia, public-private collaboration groups, standards groups, and academic R&D projects to assist in accelerating technology adoption.
Previously, Joe served as Global Manager for Software Supply Chain Solutions in the Software Integrity Group at Synopsys.In that role he led efforts to enhance capabilities to mitigate software supply chain risks via testing technologies and services that integrate within acquisition and development processes; enabling detection, reporting, and remediation of defects and security vulnerabilities to gain assurance and visibility within the software supply chain.
Jarzombek has more than 30 years focused on software security, safety and quality in embedded and networked systems.He has participated in industry consortia such as ITI, SAFECode and CISQ; test and certification organizations such as Underwriters Labs’ Cybersecurity Assurance Program, standards bodies, and government agencies to address software assurance and supply chain challenges.
Prior to joining Synopsys, Jarzombek served in the government public sector; collaborating with industry, federal agencies, and international allies in addressing cybersecurity challenges.He served in the US Department of Homeland Security Office of Cybersecurity and Communications as the Director for Software & Supply Chain Assurance, and he served in the US Department of Defense as the Deputy Director for Information Assurance (responsible for Software Assurance) in the Office of the CIO and the Director for Software Intensive Systems in the Office of Acquisition, Technology and Logistics.
Jarzombek is a retired Lt Colonel in US Air Force and a Certified Secure Software Lifecycle Professional (CSSLP) a Project Management Professional (PMP) as well as a frequent key presenter at industry conferences. He received an MS in Computer Information Systems from the Air Force Institute of Technology, and a BA in Computer Science and BBA in Data Processing and Analysis from the University of Texas - Austin.
Registration: 8:00 a.m. to 9:00 a.m. Opening Remarks: 9:00 a.m. to 9:05 a.m. Presentation: 9:05 a.m. to 12 noon. Lunch: Noon to 1:00 p.m. Q & A: 1:00 p.m. to 2:00 p.m.
If you would like to attend the May 15th, 2018 QAAM meeting, select “Meeting Registration” in the left hand navigation panel or “Register Now” under the title; complete the form, and press send.
The directions to the meeting are below.
If you would like to register after May 11th, call Susan Burgess at 571-232-0683 or email her at email@example.com.
Fee for the attendance is $35.00 and includes lunch. QAAM does not accept credit cards You may pay by check or cash. Parking is free.
There is no fee if your company has a Corporate Membership and has slots available. If your company would like information about joining, or have any questions, please send us an email at firstname.lastname@example.org and we will respond promptly.
Note: Attendees receive PDUs to use for recertification credits at PMI, QAI, ASQ, ISC2, ISACA, IEEE or ISTQB.
Homewood Suites by Hilton 8320 Benson Drive Columbia, MD 21045
Take I-95 West from airport to 95 South towards Washington D.C. Take 175 West towards Columbia exit 41B. At your first traffic light make a right onto 108. Make a left onto Lark Brown Rd. continue onto Benson Dr. Hotel is on the right.
Distance from Hotel: 11 miles
Drive Time: 15 min.
From Reagan National Airport -
I-95 South over the Woodrow Wilson Bridge, Route 1 North, take BWI airport exit
Distance from Hotel: 36 miles
Drive Time: 15 min.
From Dullas International AIrport -
I-95 South to exit 27 (I-495 West) to exit 45A. Follow signs to BWI airport, approximately 13 miles from exit 45A