Harini Ramprasad
I'm a Product Security Engineer at Salesforce, where I have led several security reviews for new products and features in Tableau. Aside from acting as a security liaison during incidents, I have also been working on Generative AI security, as well as using GenAI to build security tooling :) Lately, I have been leading a project in the supply chain security space to identify vulnerabilities in third party packages and remediate them efficiently.
I completed my Master's in Electrical and Computer Engineering at Carnegie Mellon University, and have completed coursework in the areas of network security, reverse engineering, and security analysis of software systems. Being part of various organizations, I have experience in carrying out research and development of security products and features for users. I also worked with the National University of Singapore on an acoustic side-channel attack and co-authored papers at international conferences. Aside from professional activities, I have largely been associated with international cybersecurity communities for women in voluntary positions. I'm currently on the Advisory Board of a non-profit, Breaking Barriers for Women in Cybersecurity, to lead initiatives in the academic and research space for women.
Session
In today’s rapidly changing digital landscape, the need for strengthening cybersecurity defenses has never been more critical. The recent years have seen major supply chain attacks such as Log4j and Solarwinds which have urged governments and industries to rethink their defenses and incorporate strong security measures. One key strategy which has gained significant attention is SBOM - “Software Bill of Materials”. The Cybersecurity & Infrastructure Security Agency (CISA) defines SBOMs as a “nested inventory, a list of ingredients that make up software components” and further calls it “a key building block in software security and software supply chain risk management”. An SBOM lists all of components and software dependencies used right from developing an application to its delivery. It serves as a record to keep track of third-party component usage in an organization. Some may recognise this as similar to a traditional bill of materials (BOM) used in the supply chain and manufacturing industry. This presentation will cover:
-the growing relevance of SBOMs in the cybersecurity industry
-how SBOMs empower an organization to measure their cybersecurity risk
-using SBOMs to identify and remediate vulnerabilities in the organization’s applications
-guidance for organizations to use SBOMs and uplevel their defense strategy.