Talk: Secure by Design

8 views

Skip to first unread message

Alan Karp

unread,

Feb 6, 2024, 4:19:26 PMFeb 6

to <friam@googlegroups.com>, cap-...@googlegroups.com

Do you think he'll mention capabilities?

“Secure by Design: CISA's Plan to Foster Tech Ecosystem Security”

Please come to Gates 415 as usual. Lunch will be provided.

If you cannot attend in person, please join remotely using the usual Zoom room: https://stanford.zoom.us/j/99145577374?pwd=LzJaUzRtMTBRMWhrZHJCVGFLcEEzZz09

———————

Abstract: Organizations across the globe continue to be plagued by increasingly damaging cyberattacks. Despite what the software industry might claim, the reality is that the vast majority of these attacks are preventable through secure by design approaches that have been known about for decades. In this talk, hear about the U.S. Cybersecurity and Infrastructure Security Agency (CISA)'s approach to driving the development of more secure software by placing the focus on software manufacturers. By building security into products from the design stage and ensuring that products are secure out of the box, software manufacturers can ensure better security outcomes for their customers. The talk will describe CISA's work on Secure by Design in line with the White House's National Cybersecurity Strategy, CISA's efforts to strengthen open source software security, and outline research areas that can help accelerate the Secure by Design transformation.

Bio: Jack Cable is a Senior Technical Advisor at CISA, where he helps lead the agency's work on Secure by Design and open source software security. Prior to that, Jack worked as a TechCongress Fellow for the Senate Homeland Security and Governmental Affairs Committee, advising Chairman Gary Peters on cybersecurity policy, including election security and open source software security. He previously worked as a Security Architect at Krebs Stamos Group. Jack also served as an Election Security Technical Advisor at CISA, where he created Crossfeed, a pilot to scan election assets nationwide. Jack is a top bug bounty hacker, having identified over 350 vulnerabilities in hundreds of companies. After placing first in the Hack the Air Force bug bounty challenge, he began working at the Pentagon’s Defense Digital Service. Jack holds a bachelor’s degree in Computer Science from Stanford University and has published academic research on election security, ransomware, and cloud security.