Discover efficient incident handling strategies for third-party supplier incidents. Learn the importance of a predefined process and collaboration between risk management and incident response teams. Gain insights into key decision-making considerations and elevate your IR capabilities.
UC Berkeley studied 68 San Francisco nonprofits to assess their cybersecurity needs, resources, and adoption of protective controls. Our findings include actionable recommendations for the City of San Francisco to improve support for nonprofits and boost resilience against growing cyber threats.
Sarah Powazek is the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads flagship policy and research work to help under-resourced public interest organizations improve their defenses. Sarah co-leads the Consortium... Read More →
Senior Fellow of Public Interest Cybersecurity, UC Berkeley Center for Long-Term Cybersecurity
Shannon Pierson is a senior fellow of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads research initiatives focused on strengthening the cybersecurity of organizations that often fall through the cracks of cyber defense—namely... Read More →
Sunday April 27, 2025 1:15pm - 2:00pm PDT AMC Theatre 06AMC at Metreon
Compliance often feels like the party crasher in the DevOps world- unwanted, and slowing everyone down. But what if compliance could be an insider, seamlessly fitting into your CI/CD pipeline without breaking a sweat? In this talk, we’ll tackle the age-old battle between engineers and compliance.
This session reveals how attackers exploit typosquatting, author impersonation, and innovative malware campaigns to infiltrate software supply chains. Learn practical threat hunting methodologies and gain step-by-step guides to detect, analyze, and defend against these software supply chain dragons.
Google Workspace enables enterprise productivity, but attackers exploit logging gaps to escalate privileges, exfiltrate data, and evade detection. This talk reveals real-world attacks that bypass monitoring and shares techniques to investigate these threats, even without sufficient logs.
