February TASK: Rethinking Vulnerability Management

Wednesday 23-February-2022 // 6:00 – 7:30 PM
Meeting Location: Virtual – Register


February TASK (Virtual)

Panelist Speakers: Stewart Cawthray, Jerry Gamblin, Bryan Whyte, Patrick McNeil
Topic: Rethinking vulnerability management: Expert panel offers new insight on building a better program

There are countless new vulnerabilities that sidetrack security, IT and developer teams. Microsoft alone kept teams busy all year – let alone Log4Shell and tens of thousands of new and existing CVEs. With rapidly expanding attack surface of devices, cloud services and network equipment, there are no shortage of vulnerabilities to chase. On top of this, the software supply chain continues to grow with more dependencies – it’s too easy to grab free packages off GitHub, NPM, Maven Central and so on. Software has eaten the world. Now we deal with the indigestion.

This session is designed to help you put together a program to more easily manage vulnerabilities at your organization.

We’ve invited four experts from different coverage areas to weigh in on this discussion and answer your questions:

Stewart Cawthray, Executive Security Architect, IBM Security Services

Stewart has over 20 years of experience in cybersecurity. Helping many of Canada’s biggest companies tackle cybersecurity issues from Securing their journey to Cloud to responding to incident and minimizing their impact. Stewart blends an understanding of business goals and motivation with architecture and technical skills to find innovative and efficient solutions to technology and cybersecurity challenges.

Jerry Gambin, Director Security Research, Kenna / Cisco

Jerry Gamblin is an influential security researcher and analyst focusing on enterprise network and application security with over 15 years of experience. His research has been presented on numerous blogs, podcasts, and security conferences. When not at work, his personal research focuses on IoT & embedded automotive systems. Check out his talk now available from SecTor 2021 online providing an intro to Risk-based Vulnerability Management: https://sector.ca/sessions/an-introduction-to-risk-based-vulnerability-management/

Patrick McNeil, Director of Solutions Architecture, Rumble.run

Patrick helps his customers discover all the unmanaged and unknown assets on their networks. Prior to Rumble, he developed first party and open source software application security testing programs for large Veracode customers. From his diverse background, Patrick understands the challenges and intersections of software development, networking, operations, and asset management. He has shared his knowledge at a number of conferences, including DEFCON, DerbyCon, BSidesLV, CarolinaCon, CackalackyCon, regional OWASP meetings, and various telecom industry and fraud prevention forums. Patrick enjoys growing his local security community by serving as an organizer, mentor, and speaker wrangler at local conferences. Patrick is also a physical security pentesting consultant and runs a local lockpicking club called Oak City Locksport.

(Patrick’s real bio: Old school full-stack COBOL programmer, original networking gangsta, physical security consultant, #telephreak to the core, Patrick has been slinging code, evaluating product security, finding hidden artifacts, and architecting people out of difficult jams “equalizer style” for over twenty-five years.)

Bryan Whyte, CISSP, Technical Presales Manager, Sonatype

After earning my Masters in Electrical Engineering, I spent over 20 years developing software applications to test hardware such as Torpedoes, Circuit Boards and Digital Subscriber Line (xDSL) modems. During that time I was also able to contribute to the product development for both Embedded and Distributed Enterprise Applications.

In 2015 I joined IBM Security as a Technical Pre-Sales Engineer focused on the AppScan tool suite for Static, Dynamic and Mobile Application Security Testing. After spending a few years in Application Security I decided to expand my Cybersecurity proficiency and became a Certified Information Systems Security Professional (CISSP).

I joined Sonatype in 2019 because the explosive growth of Open Source Software has made Software Composition Analysis a critical aspect of Application Security.

In my free time I enjoy spending time with my wife and two daughters, traveling, sampling craft beers and golfing (poorly).


Don’t forget to register for the webinar now (free) to ensure you get access on the night: https://us06web.zoom.us/webinar/register/4016424420104/WN_lvKIpWPSQrShlJqBmOAfRA

We look forward to see you all then,
The TASK Steering Committee

Posted in Events.