 
			 
		Art of the Impossible: Navigating the Broken CMDB
Relying on your configuration management database (CMDB) for a comprehensive view of assets leaves significant gaps in your security program. In this edition of the Cyber Risk Series, we'll go beyond broken CMDBs to consolidate asset inventory and ALL risk factors to one source of truth for Security and IT teams. Join us at the next Cyber Risk Series as we transform the CMDB into a resource for defending evolving attack surfaces.
 
								Wednesday, May 8, 2024
 
								Virtual
Featured Speakers
Sumedh Thakar 
President and CEO, Qualys
					Omar Santos 
Cybersecurity and AI Security Research, OASIS Open
					Shira Rubinoff 
President, Cybersphere
					 
						Bindu Sundaresan 
Director,   AT&T Cybersecurity
					 
						Beatrice Sirchis 
VP, Application Security Manager, IDBNY
					Mike Orosz 
VP, Global Information & Product Security, CISO, Vertiv
					Kunal Modasiya 
VP, Product Management, Attack Surface Management & AppSec, Qualys
					Pablo Quiroga 
Senior Director of Product Management CSAM and EASM, Qualys
					Learn what industry leaders are tracking on their cyber assets
The modern attack surface is dynamic, and a periodically updated list of assets won't secure your organization. CISOs and security teams need an actionable, risk-based approach to attack surface management to prioritize their riskiest assets amidst the sprawl.
Don't miss this unique opportunity to hear industry experts offer their best advice on what security leaders need to know to protect their entire attack surface from growing threats and navigate far beyond the limitations of the CMDB.
Tracks
Beware Your EoL/EoS Tech Debt
End-of-life (EoL) and end-of-support (EoS) hardware, software, and operating systems are often seen as an IT responsibility. The problem for security teams is that these instances of tech debt expose the organization to unpatchable vulnerabilities and other critical risks. While IT may control the budget and resources for upgrades, security bears the responsibility for associated risks. So, how can security teams measure the risk and align with IT proactively?
De-risking Your External Attack Surface
The modern enterprise has thousands of assets outside of its network, exposed to the internet—many of which are unknown. Not only does the cybersecurity team need to find these websites, applications, and legacy systems, but they must identify critical risk among the sprawl. Learn best practices for discovering external assets and providing IT and Security teams with the required intelligence to de-risk the external attack surface.
Bringing ITOps & Security Together
For IT teams, asset management implies procurement, change management, patching, and operational efficiency. For Security teams, asset management is the foundation for measuring and prioritizing risk. Every organization must find harmony between prioritizing risk and powering business operations through technology. Learn how to create a unified view of technology and risk to bridge the gap between Security and IT.
Asset Inventory Risk
Many asset management programs focus on building a comprehensive inventory—an important first step. But a list of assets is useless, unless you know the asset criticality along with associated vulnerabilities, misconfigurations, EoL/EoS data, and missing security controls. Learn the difference between visibility and inventory risk assessment.
Agenda
9:00 AM PT
9:05 AM PT
Turbocharging the CMDB to Address the Dynamic Challenges of the Evolving Attack Surface
 
											Sumedh Thakar 
President and CEO,
													Qualys
										Today’s rapidly evolving attack surface demands air-tight alignment between cybersecurity and IT teams. CISOs and security teams are working hard to assess risk across a dynamic technology environment. Still, that hard work falls apart if there’s no transparency with IT—the business unit responsible for patches, software upgrades, access controls, and other mitigation steps. 
 This session explores the critical imperative of turbocharging the CMDB with cyber risk context—allowing organizations to reduce cyber risk while limiting business disruption. 
9:20 AM PT
OpenEoX: Revolutionizing Product Lifecycle Transparency for Cybersecurity
 
											Omar Santos 
Cybersecurity and AI Security Research,
													OASIS Open
										Software and hardware product lifecycles are critical factors for operational security, the OASIS Open OpenEoX initiative emerges as a crucial standardization effort. It aims to revolutionize how End-of-Life (EOL) and End-of-Support (EOS) information is shared and managed across the software and hardware industries. This presentation introduces OpenEoX, a collaborative endeavor supported by leading entities such as Qualys, Cisco, Microsoft, Red Hat, Siemens, BSI, and CISA, alongside an expanding consortium of industry stakeholders. 
 Through a common framework for EOL and EOS data dissemination, OpenEoX facilitates a more secure IT environment and aids in vulnerability management. This presentation delves into OpenEoX mechanics, showcasing its potential for proactive vulnerability management. It also explores its broader implications for the cybersecurity ecosystem and highlights its compatibility with Software Bill of Materials (SBOM), the Common Security Advisory Framework (CSAF), and Vulnerability Exploitability Exchange (VEX). Join us to discover how OpenEoX is shaping cybersecurity standards and bolstering organizational resilience against cyber threats.
9:50 AM PT
A Fireside Chat: Unlocking the Power of CMDB – Strategies for Overcoming Challenges and Enhancing Cybersecurity Posture
 
											Shira Rubinoff 
President,
													Cybersphere
										 
												Bindu Sundaresan 
Director,
														AT&T Cybersecurity
											In the modern enterprise, the CMDB is vital yet fraught with challenges. This fireside chat explores the CMDB’s pivotal role in asset management and cybersecurity. It will cover key IT and Security challenges such as:
- Creating executive buy-in for addressing the impact of flawed CMDB on incident response and compliance.
- Strategies for immediate assessment, data cleansing, and proactive risk mitigation.
- The impact of disruptions caused by organizations neglecting CMDB data quality.
Join Shira Rubinoff, renowned cybersecurity advisor, global keynote speaker and influencer for a riveting discussion with Bindu Sundaresan, Director, AT&T Cybersecurity on the challenges of effectively managing the CMDB. Bindu brings extensive leadership and experience spanning over 20 years working with some of the world’s most innovative companies and industry frameworks, including NIST/ISO/HITRUST, regulatory requirements including PCI, NERC, and HIPAA 
 Attendees will gain practical insights for CMDB optimization, including integration with IT management systems. Practitioners will learn to chart a path for effective CMDB utilization, bolstering security and operational resilience in today’s digital landscape. 
10:25 AM PT
Fast Track SLAs when Cyber Risk Meets CMDB
 
											Beatrice Sirchis 
VP Application Security IT – Cybersecurity,
													IDBNY
										Remediation for critical security risks is arguably the most important SLA for your IT team. Reactive responses to security tickets expose the organization to cyber risk and create business disruption. 
 That’s why IDBNY takes a proactive approach to uniting IT and Security teams. Join this session to learn how Beatrice Sirchis, VP of Application Security at IDBNY connects her CMDB to her security program to achieve: 
- An always-up-to-date inventory in the CMDB
- Automated ticket assignment for critical remediation tickets
- Mapping EoL/EoS software to the CMDB up to 12 months in advance to prioritize upgrades
Most importantly, learn how her consolidated approach enables IDB Bank to stay agile and ahead of the curve—securely—when it comes to technology and innovation.
10:45 AM PT
The Ultimate Cyber Defense Partnership: Qualys and Your CMDB
 
											Kunal Modasiya 
VP, Product Mgmt, Attack Surface Mgmt & AppSec,
													Qualys
										The CISO might refer to the asset inventory within the security program while the CIO points to the CMDB. But why can’t they both be right? 
 In this session, you’ll learn how the Qualys Enterprise TruRisk Platform leverages bi-directional sync with the CMDB to create a unified source of truth between the two platforms, including: 
 
- Adding business context from the CMDB to your security program (such as asset criticality, ownership, and support group) to drive accurate TruRisk Scoring and prioritization.
- Eliminating blind spots in your CMDB by adding previously unknown assets from the external attack surface and rogue IoT assets connecting to the network in real time.
- Mapping remediation tickets to the CMDB with 96% accuracy using Qualys tagging, cutting MTTR in half for critical vulnerabilities.
Kunal will be joined in the last session by the CISO of Vertiv, Mike Orosz for a discussion on how he bridges the IT-security gap and the importance of a complete asset inventory.
11:05 AM PT
The Step-by-Step Guide to Turbocharging Your CMDB
 
											Pablo Quiroga 
Senior Director of Product Management CSAM and EASM,
													Qualys
										You know there are blind spots in the CMDB, and it keeps you awake at night. 
 Are you missing external assets? What about the IoT/OT devices or BYOD on our network at any given time? 
 Even if your SecOps team finds those assets and discovers critical risk, your IT team has no records in the CMDB. While your team wastes precious time aligning on where to focus, the window is open for attackers. 
 Join us to see exactly how to locate these missing cyber assets and add them to the CMDB with comprehensive, real time risk assessment. When security teams identify cyber risk, IT teams will work from the same asset inventory and set of data to take remediation action immediately. 
 Pablo Quiroga, Senior Director of Product Management at Qualys will demonstrate real-world scenarios of cyber risk response using a bi-directional sync between the Enterprise TruRisk Platform and the CMDB to measure, communicate, and eliminate risk across IT and Security workflows.
11:20 AM PT
Fireside Chat: Bridging the IT/Security Gap
 
											Kunal Modasiya 
VP, Product Mgmt, Attack Surface Mgmt & AppSec,
													Qualys
										 
												Mike Orosz 
VP, Global Information & Product Security, CISO ,
														Vertiv
											Kunal Modasiya and Mike Orosz, CISO of Vertiv, will close out the Cyber Risk Series with a discussion on how Vertiv bridges the IT-security gap and the importance of a complete asset inventory.
The opinions expressed by the guest speakers are their own and do not necessarily reflect the views of Qualys.
Tap into expert cyber risk insights every quarter!
 
		Shira Rubinoff
President, Cybersphere
Shira is President, Cybersphere, The Futurum Group’s cybersecurity practice. She is a recognized Cybersecurity executive, cybersecurity advisor, global keynote speaker, influencer and author, who has built two Cybersecurity product companies, and both incepted and led multiple Women-in-Technology initiatives.
Shira also serves as President of the NYC-based technology incubator, Prime Tech Partners and the social-media-security firm, SecureMySocial. In addition, she holds seats on the Boards of Pace University Cybersecurity Programme, The Executive Women’s Forum for Information Security, Leading Women in Technology, the Capri Ventures, Memcyco and many other leading technology and security companies.
Shira has published countless articles and lectures on topics related to the human factors of cybersecurity, blockchain, AI and related topics, and holds several patents/patents-pending in areas related to the application of psychology to improve information technology and Cybersecurity.Shira was awarded as “New Jersey’s Best 50 Women in Business”; “Woman of Influence” by CSO Magazine; “One to Watch” by CSO and the EWF; “Outstanding Woman in Infosec” by the CyberHub Summit; One to Watch in IT Security by SC Media and Top Female Cybersecurity Influencer on Social Media.
 
		Pablo Quiroga
Senior Director, Product Management, CSAM & EASM, Qualys
Pablo Quiroga is a Director of Product Management at Qualys, where he is in charge of the product definition, roadmap and strategy for the IT asset visibility & management initiatives. With over 10 years of experience in Enterprise Software and the IT industry, Pablo has helped numerous customers gain significantly better visibility to support data-powered decision that often led to multi-million-dollar savings and risk avoidance.
 
		Sumedh Thakar
President and CEO, Qualys
As President and CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. From 2014 to 2021, he served as Qualys’ Chief Product Officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.
 
		Omar Santos
Cybersecurity and AI Security Research - Security & Trust, OASIS Open
Omar is a board member of OASIS Open. Omar is the chair of the Common Security Advisory Framework (CSAF) developing new ways to automate security vulnerability disclosure and management. These efforts include the CSAF Vulnerability Exploitability eXchange (VEX). He is the founder and chair of OpenEoX. Omar is the co-chair of the Forum of Incident Response and Security Teams (FIRST) PSIRT SIG.
 
		Mike Orosz
Global Chief Information and Product Security Officer, Vertiv
Mike Orosz is Global Chief Information and Product Security Officer at Vertiv accountable for all aspects of global information and product security. He was previously Sr. Director Global Cyber and Physical Security at Citrix and Global compliance Officer for Citi. Mike also served in the US Army focusing on Intelligence, Security and Analytics. He holds a master’s degree in information sciences, cybersecurity from PennState University.
 
		Kunal Modasiya
Senior Vice President, Product Management, Qualys
Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.
 
											 
											 
											
										 
											 
										 
												 
										 
										 
										 
										 
										 
										 
										 
												 
										 
												 
										 
												 
										 
										 
										 
										 
										 
												 
										 
										 
										 
										