<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1919858758278392&amp;ev=PageView&amp;noscript=1">

Session Name: A Different Kind of S3: First Line Security of the Supply Chain

This past year we learned the hard way that your software supply chain is only as secure as its weakest link - from Solarwinds to CodeCov and Log4j. Your third-party and open source packages and imports are only one zero-day exploit away from compromising your entire production operation. In this talk we’ll focus on three core areas to securing the supply chain, through an easy mnemonic we call the three S’s - Software Bill of Materials (SBOM), Signing, and Slimming. By first identifying your inventory and knowing what you need to secure, you can then verify your packages and build an immutable identity, and ultimately by slimming you minimize the attack surface. We’ll walk through the practical ways to apply these methods to your software supply chain as first-line security controls.

Speaker Bio:

John Amaral is the Founder and CEO of Slim.AI. John has more than 25 years of experience as a technologist and product development leader in information security and networking. Before Slim.AI, John was Head of Product at Cisco Cloud Security. John previously held product and engineering leadership roles at CloudLock (acquired by Cisco), Trustwave (acquired by Singtel), and Vericept, among others. In 2007, John was selected as a top 40 under 40 business leader by American Venture Magazine. John holds an Executive MBA from MIT Sloan School of Management and a bachelor’s degree in Electrical Engineering from the University of Massachusetts.