Supply Chain Security Summit

Supply Chain Security Summit

Supply Chain Security Summit

March 10, 2021 – Now Available on Demand

In the wake of the SolarWinds mega-hack that continues to unravel, software supply chain security and fragility is again on the front-burner for enterprise security decision makers.  The complexity and opaqueness of the software supply chain has led to nation-state compromises and major worries that we’re only seeing the tip of the iceberg.

This virtual summit will examine the current state of supply chain attacks, the weakest links along the way, the biggest supply chain hacks in history, and best practices for managing this massive attack surface.

Watch on Demand


Platinum Sponsor

Recorded Future

Gold Sponsors




Immersive Labs


  • March 10, 2021 10:30 ET
    Experience Sunburst First-Hand: How Do You Prepare For The Worst?

    In a world built on software, the fallout from Sunburst is an example of the importance of a secure SDLC. With a few more checks and balances, nation-state actors might not have been able to weaponize the SolarWinds application and bend it to their will and compromise everything from Government entities to tech companies.

    Join Chris Pace, Tech Advocate for Immersive Labs as he walks through an actual Cyber Crisis Simulation, inspired by the real-life events of Sunburst. Gain insight into the actions that need to be taken when supply chain software is compromised and how the decisions made in a major cyberattack have a business-wide impact.

  • March 10, 2021 11:00 AM
    Executive Roundtable: Into the Spotlight: Is Supply Chain Ready for the Magnifying Glass?

    Listen in on a live conversation with Intel’s Jackie Sturm, Corporate Vice President of Global Supply Chain Operations, and Tom Garrison, Vice President and General Manager of Client Security Strategy & Initiatives. We’ll discuss the benefits of cybersecurity and transparency across the digital supply chain and hear their insights on what it means to be prepared in 2021.

  • March 10, 2021 11:45 AM
    Chain of Vulnerabilities: Managing Device Integrity in the Supply Chain and Beyond

    The recent Sunburst attack against SolarWinds and its customers highlights the severe downstream consequences when a technology vendor is compromised. While Sunburst is the most well-known example, supply chain attacks are increasingly common. In this presentation, John Loucaides, VP Federal Technology at Eclypsium, will describe how proliferating vulnerabilities at the firmware and hardware level have opened the door for nation-state and ransomware attackers in the supply chain and in update processes. You’ll learn how to gain visibility into these risks, and the steps you can take today to verify device integrity in the supply chain and in operational use.

  • March 10, 2021 12:15 PM
    Networking Break

    Please explore the virtual conference center and visit virtual booths to learn more and get technical information. Earn points and win great prizes for your virtual interaction!

  • March 10, 2021 12:30 PM
    CISO Panel: Supply Chain Defense Priorities

    Join this panel of distinguished Chief Information Security Officers (CISOs) and learn about the limitations of TRPM (Third Party Risk Management) solutions, the need for standards to measure risk in the supply chain, vendor assessment tools that can be used to improve assessments, and the design principles that can help establish effective control and oversight of your supply chain.

  • March 10, 2021 1:15 PM
    Using Intelligence to Manage Supply Chain Security

    The recent Solar Winds incident and the widespread effects that this supply chain attack continues to have on a large, diverse set of organizations worldwide truly demonstrates the impact a supply chain attack can have. The security of your organization relies not only on detecting and mitigating threats directly to your organization, but on identifying risks to products and services in your supply chain. In this talk, Recorded Future will discuss how to surface risks to your supply chain and what can be done to defend against them. We will demonstrate how organizations can use threat intelligence to prioritize security measures within the organization by understanding the threat of exploitation to entities in their supply chain.

  • March 10, 2021 1:40 PM
    Threat Hunter's Panel: Finding Needles in Haystacks

    The recent high-profile compromises of Solarwinds Orion and M.E.Doc by advanced threat actors have again put software supply chain security issues on the front burner. While those attacks capture headlines, malware hunters warn that software interdependencies and the tools and infrastructure are under constant attacks with weak links at every layer.

    Join this panel of malware hunters looking to understand the history of software supply chain compromises, the software building tools and infrastructure that are often targeted, the weakest links in the software interdependence chain, and the tricks defenders can use to spot signs of malicious activity.

  • March 10, 2021 2:15 PM
    Networking Break

    Be sure to explore the virtual conference center and visit the virtual expo hall to learn more and get technical information. Earn points and win great prizes for your virtual interaction!

  • March 10, 2021 2:30 PM
    Digital Supply Chains: Defending Your External Attack Surface

    Join us for a conversation with accomplished cybersecurity professionals hosted by Cyberpion’s Co-Founder and CBO Ran Nahmias. Panelists will share their views on the threats that stem from the IT infrastructures that your organization is connected to. These third-parties are in turn connected to additional infrastructures, which are connected to even more infrastructures, and so on and so on. Vulnerabilities in these “Nth-Party” infrastructures could be putting your organization at risk. This represents a new and significant attack vector that teams need to incorporate into their planning.

    Among the questions for our panelists: SolarWinds appears to be the canary in the coal mine with regards to the idea of securing the external attack surface – what can we learn from the SolarWinds hack? What approach(es)/mindset should security teams take to third-party vulnerabilities? How can you manage the risks from Nth-party infrastructures that you don’t own and don’t manage but are still responsible for?

  • March 10, 2021 3:00 PM
    From SunSpot to SunBurst: Preventing the Next Software Supply Chain Attack

    Supply chain attacks are not new, but the level of sophistication and capabilities for damage seen during the attacks on SolarWinds has evolved to a point where all organizations that develop and use third party software should take notice. Lessons learned from analyzing SunSpot, the build process compromise, have already put the industry on the track to envision a more secure release process. What do software developers need to change to gain back the end user trust?

    On the other side of that equation, SunBurst has left companies feel unprepared to answer the inventory governance questions. Do we even have SolarWinds Orion? Are we running the affected version? What kind of checks do we do before deploying third party software?

    Attend this session to learn about the origins of the SunBurst attack, see how to address security gaps that every developer and software management function must now prioritize, and get details on solutions required to mitigate these new risks.

  • March 10, 2021 3:30 PM
    Hands on Demo: Threat Intelligence Investigation

    In this Recorded Future demo, we'll walk through the tool from the perspective of an analyst looking to empower their threat intelligence investigation. We'll explore the concept of Threat Views, Intelligence Cards, and how additional context can not only improve our investigations but transform our CTI program from reactive to proactive response.

  • March 10, 2021 3:55 PM
    Virtual Fireside Chat With Chief Security Officer Andy Ellis

    In this special episode of the SecurityConversations podcast, outgoing Akamai Chief Security Officer Andy Ellis joins Ryan Naraine to discuss his 20-year career in cybersecurity, the ups-and-downs of building a modern security program, the monetization of security technologies, and some predictions for the future.

Brian Fielder Microsoft
General Manager, Information Security at Microsoft
Brian is a leader in the Information Security field with a focus on high volume secure business transactions, digital transformation with cloud and modern engineering, security policy, compliance, architecture, engineering, and strategy.
Alex Shulman-Peleg, Ph.D.
Cloud Cybersecurity Leader Americas at EY
Alex is a senior cyber security executive with expertise in Cloud and application security. Software and product engineering manager, consultant and architect, keynote speaker, university and security researcher.
Charles_Blauner, Partner & CISO in Residence at Team8 Group
Partner & CISO in Residence at Team8 Group
Charles is Operating Partner and CISO in Residence at Team8. He had a distinguished career working on Information Security for over 30 years, 25 years in Financial Services, including being the CISO at JP Morgan and Deutsche Bank, and most recently the Global Head of Information Security at Citi.
Ran Nahmias
Co-Founder & Chief Business Officer at Cyberpion
Ran Nahmias is Co-Founder & Chief Business Officer at Cyberpion. Formerly Global Head of Cloud Security at Check Point, he has also held positions at Microsoft as a Director of Business Development and Field Engagement and as a solutions architect.
Chris Pace - Immersive Labs
Technology Advocate for Immersive Labs
Chris Pace serves as Technology Advocate for Immersive Labs, working to engage organizations with the power of human cyber readiness.
Tomislav Peričin
Chief Software Architect & Co-Founder, ReversingLabs
Tomislav founded ReversingLabs in 2009 and serves as Chief Architect
John Loucaides, Eclypssium
VP Federal Technology at Eclypsium
John has extensive history in hardware and firmware threats from experience at Intel and the United States government.
Camille Morhardt
Director, Security Initiatives & Communications at Intel Corp.
Camille Morhardt is Director, Security Initiatives & Communications at Intel Corp.
Lena Smart, CISO at MongoDB
CISO at MongoDB
Lena Smart is CISO at MongoDB. Before joining MongoDB, she was the Global Chief Information Security Officer for the international fintech company, Tradeweb, where she was responsible for all aspects of cybersecurity. She also served as CIO and Chief Security Officer for the New York Power Authority, the largest state power organization in the country.
Jackie Sturm, Intel
Corporate VP and General Manager of Global Supply Chain Operations at Intel Corp.
Jacklyn (Jackie) Sturm is Corporate VP and General Manager of Global Supply Chain Operations at Intel Corp.
Andy Ellis
Chief Security Officer
Andy Ellis is a seasoned technology executive and leader with deep expertise in security. He is an Advisor at YL Ventures, and is an Advisor to several cybersecurity startups (Orca, Vulcan, Uptycs). Andy serves on Harvard University's Visiting Committee to IT, and is an Affiliate at the Berkman-Klein Center at Harvard.
Summer Fowler
CSO/CIO at Argo AI
Summer Craze Fowler is the CSO/CIO at Argo AI, a software company focused on changing the world by building self-driving technology.
Tom Garrison, Intel
VP and General Manager of Client Security Strategy & Initiatives, Intel Corp.
Tom Garrison is Vice President and General Manager of Client Security Strategy & Initiatives at Intel Corporation.
Lindsay Kaye, Recorded Future
Director of Operational Outcomes, Recorded Future
Here is Lindsday's bio and headshot: Lindsay Kaye is the Director of Operational Outcomes for Insikt Group at Recorded Future. Her primary focus is driving the creation of actionable technical intelligence - providing endpoint, network and other detections that can be used to detect technical threats to organizational systems.
Costin Raiu
Director, Global Research & Analysis Team at Kaspersky
Costin specializes in analyzing advanced persistent threats and high-level malware attacks.
David Tsao
VP Security Engineering at Marqeta
David Tsao is the VP Security Engineering at Marqeta, Inc.
Vicente Diaz, VirusTotal
Threat Intelligence Strategist on VirusTotal Team at Google
Vicente is a specialist in Threat Intelligence and Threat Hunting, and on the VirusTotal team in Google as Threat Intelligence Strategist.
Fredrick Lee, Gusto
Chief Security Officer at Gusto
Fredrick "Flee" Lee is the Chief Security Officer at Gusto, where he leads information and physical security strategies including consumer protection, compliance, governance and risk.
CISO-in-Residence, YL Ventures
Sounil Yu is CISO-in-Residence at YL Ventures and was previously the Chief Security Scientist at Bank of America.
Editor-at-Large at SecurityWeek
Ryan Naraine is Editor-at-Large at SecurityWeek

Platinum Sponsor

Recorded Future is the world’s largest provider of intelligence for enterprise security. By combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future delivers intelligence that is timely, accurate, and actionable. In a world of ever-increasing chaos and uncertainty, Recorded Future empowers organizations with the visibility they need to identify and detect threats faster; take proactive action to disrupt adversaries; and protect their people, systems, and assets, so business can be conducted with confidence.

Gold Sponsors

Founded on unprecedented industry experience and research, Eclypsium is delivering a new layer of security to defend the unguarded firmware and hardware infrastructure of the modern enterprise.

Cyberpion’s groundbreaking platform enables security teams to identify and neutralize the rising threats stemming from vulnerabilities within online assets throughout an enterprise’s far-reaching, hyperconnected ecosystem.

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.

ReversingLabs provides modern security teams with destructive object insight. That is to say, we provide visibility into every associated malware file, location and threat with the speed, accuracy and scale required for today’s digital enterprise. Our unique automated static analysis technology and authoritative file intelligence services power our innovative solutions that enable security teams to combat unknown malware.

Immersive Labs is empowering organizations to equip, exercise, and evidence human cyber capabilities. We provide metrics that give security leaders insight into human cyber skills and readiness levels across their organization and improve these through dynamic labs and crisis scenarios which track the threat landscape. Immersive Labs is backed by Goldman Sachs and Summit Partners and our customers include some of the largest companies in financial services, healthcare, and Government, amongst others.

Event Details
  • Start Date
    March 10, 2021 10:30 am


  • End Date
    March 10, 2021 4:00 pm