Disclaimer
• The plan and presentation reflects the intended security posture
• This talk is based on the experience, lessons learned
Supply Chain Attack
• Attack vectors
• Supply Chain Attacks - Widely known breaches/exploits
o Equifax
o SolarWinds
o Linksys/Cisco - GPL license
Demystify the Application Security Domain
• SCA
o Open Source
• Code Security
o SAST, DAST, IAST, RASP
• Containers
o Image, Runtime, Registry Scanning
Teams
• Build bonds between teams
• Involve teams
• Buildup support
• Sell security to tech

Bringing teams together
• Legal
• Risk and Control
• IT Security
• IT Management
• Learning
Lessons Learned
• Practical approach towards steps to address vulnerabilities that you in your organization
• Prioritization is key
• Why big bang approach is not be the right approach
• Pros and Cons of grandfathering vulns
o Practical approach towards grandfathering and tracking the tech debt
Policy Management
• Creating root level policies is an art
• No size fit all