3rd Party Risk Management , Application Security , Business Continuity Management / Disaster Recovery
CISO Playbook: Log4j Response - Hard Work, Lasting Lessons
Pooja Shimpi and Deepayan Chanda on Detection, Collaboration and Open-Source RiskThe Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders, and it left them with a mitigation project that carries them well into the New Year. Security leaders Pooja Shimpi and Deepayan Chanda discuss how they have tackled Log4j - and significant lessons learned about incident response and information sharing.
See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities
In this video interview with Information Security Media Group, Shimpi and Chanda - both executive members of the CyberEdBoard - discuss:
- Initial response to Log4j vulnerability;
- Lessons learned from mitigation efforts;
- Advice to other security leaders overseeing their own mitigation efforts.
Shimpi has over 14 years of experience in cybersecurity with reputed international banks. She has expertise in driving various initiatives across multiple domains of information security. She was featured in the Epic Women in Cyber 2021 Medium.com blog, her interview on cybersecurity has been published in Cyber Security Observatory - APAC series and she has participated as a guest speaker in various events. She is also actively involved in global inclusion and diversity programs, mentoring initiatives.
Chanda, an enterprise security architect with a large financial institution, has over 25 years of industry experience. He is a security strategist and adviser who solves enterprise cybersecurity problems with a strong focus on balancing security and business goals. Chanda has worked with many enterprise cybersecurity and large financial organizations, been a mentor and adviser to cybersecurity startups and written many books on cybersecurity. He served in the Indian Air Force. Chanda's latest book is "Penetration Testing With Kali Linux."
CyberEdBoard is ISMG’s premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.