April 2022: Actions To Take Now Before The Next Vulnerability
Over the past several months, a series of notable vulnerability events including Heartbleed, Wannacry, Solarwinds, and most recently, Log4j, have significantly disrupted businesses. Join local cyber security leaders to discuss what we should be doing today to prepare for the next inevitable vulnerability.
What are the challenges of responding to a vulnerability that has widespread use, like Log4j?
What tools/approaches can be used within a cloud computing environment to make responding to these types of events easier?
What are best practices/tips for handling 3rd party products that may use the vulnerable software component?
Thank you to our moderator and panelists:
AVP of Information Security
The Hanover Insurance Group
Steve is AVP of Information Security at The Hanover Insurance Group, leading the Defensive Security Engineering and Third-Party Security Team. Steve has over 15 years of information security and software development experience across a variety of industries. Starting his career within software startups focusing on Cloud and the Internet of Things, Steve supported Cyber Security R&D at Homeland Security before landing in the Insurance industry. Steve's specialties include Application Security, DevSecOps and Third-Party Risk Management.
Head of Cyber Hygiene
Karolyn is currently the head of Cyber Hygiene for Wells Fargo Information Cyber Security. In her role, Karolyn is responsible for setting policy, identifying gaps, and overseeing remediation of all aspects of cyber hygiene, which includes vulnerability management, asset management, and configuration management. She has previously held roles in Identity and Access Management, Software Security, Data Protection, and Incident Response and has experience in the Healthcare and Retail industries. Karolyn is passionate about growing future leaders and mentors many early in career individuals.
Karolyn holds a B.S. in Information Systems Management from Quinnipiac University and a M.S. in Cybersecurity Management from Bay Path University. She currently serves as an adjunct professor for Bay Path University and is on the Board of Advisors for the Executive Women’s Form and Cloud Security Alliance Connecticut Chapter.
AVP of Cyber Security Operations and Threat Intel
Lori is currently the Assistant Vice President, Cybersecurity at Travelers Companies, Inc. in Hartford, Connecticut. The Travelers Companies, Inc. is a leading provider of property casualty insurance for auto, home and business. A component of the Dow Jones Industrial Average, Travelers has approximately 30,000 employees. In this capacity, she is responsible for continuous cybersecurity protection, detection and response to include oversight of the Travelers Cybersecurity Operations Center, the Incident Response Program, the Red Team Program, the Privileged Access Management Program, and the Threat Intelligence Program. Additionally, Lori oversees the Business Information Security Officers driving Cybersecurity initiatives and reducing Cybersecurity risk in the various Business Units across Travelers.
Lori holds degrees from Wayne State University, Michigan; the University of Maryland Global Campus, College Park, Maryland; Air University, Maxwell Air Force Base, Alabama; and National Defense University, Fort McNair, Washington DC.
Chris is a founding partner in Hybrid Pathways focused on innovating ways to match quality services with evolving client needs. With over 30 years of experience in infrastructure security, architecture, and engineering he brings a wealth of practical experience to solving hybrid IT challenges.
Chris’ applied experience includes: Amazon Web Services infrastructure and security architecture; Microsoft Azure infrastructure and security architecture; Experience with NIST, ISO, and related security standards; Microsoft Office 365 and Azure strategy; Microsoft Active Directory and Azure Active Directory engineering; Identity and access management strategy; Broad understanding of Microsoft Windows client and server technologies, authentication/authorization mechanisms, and network features; Experience integrating line of business applications (commercial off the shelf, company developed, and cloud hosted) with existing identity and access management solutions; Network trace analysis: Wireshark, Microsoft Network Monitor; Microsoft Windows client and server engineering; Log analysis via industry standard tools including Splunk and HP ArcSight.
Thank you to our sponsors: