Description
Join us on March 20th, 6:00 pm for this talk about Protecting Your Organization from Third-Party and Software Supply Chain Threats
Supply chain attacks are one of the fastest-growing cybersecurity threats, impacting thousands of organizations through third-party vendors, software dependencies, and AI systems. This presentation explores real-world supply chain breaches like MOVEit, SolarWinds, and Log4j, breaking down how attackers exploit both vendor relationships and software supply chains.
You’ll learn how to identify and mitigate third-party risks, secure your software supply chain, and address emerging AI security concerns. Walk away with actionable strategies to protect your organization before the next major breach happens.
Audience Takeaways
✅ Understand why supply chain attacks are increasing and how they impact organizations
✅ Learn from real-world incidents like Log4j, MOVEit, and SolarWinds
✅ Identify the two sides of supply chain risk: third-party/vendor risk and software supply chain vulnerabilities
✅ Implement best practices for Third-Party Risk Management (TPRM), including vendor security controls
✅ Use Software Composition Analysis (SCA) and SBOMs to track and secure software dependencies
✅ Recognize AI as a new supply chain risk and apply security measures to mitigate it
✅ Walk away with actionable steps to secure vendors, software dependencies, and AI systems
Marc Menninger is a seasoned cybersecurity leader, speaker, and educator with over 20 years of experience building and managing enterprise security programs. As the Information Security Officer at AstrumU, Marc led the company’s first-ever ISO 27001 certification and successfully managed multiple SOC 2 Type 2 audits, strengthening security posture and compliance.
Marc has built security programs from the ground up, developing and implementing risk management frameworks, security policies, and governance models aligned with ISO 27001, SOC 2, HIPAA, and other standards. He has led incident response teams, deployed cloud security and vulnerability management solutions, and fostered security awareness cultures within organizations.
A trusted industry expert, Marc serves as President of the ISACA Puget Sound Chapter, leading a community of cybersecurity and audit professionals. He is also a LinkedIn Learning instructor, sharing his expertise through online courses that help security leaders and practitioners navigate complex cybersecurity challenges.
Marc holds the CISSP and CRISC certifications and has contributed to the cybersecurity field through thought leadership, public speaking, and mentorship. His expertise spans risk management, governance, security operations, cloud security, and secure development practices.
Passionate about making cybersecurity practical and accessible, Marc helps organizations build security resilience, improve compliance, and drive business value through security excellence.
Date Time: March 20th 2024 at 6:00 PM
Location: Mercer Island Community & Event Center – 8236 SE 24th St, Mercer Island, WA 98040
Consent for Photos, Audio and Video Recordings Taken at Events or for Marketing Purposes: By attending this event I agree irrevocably and free of charge that ISSA or any third party who is acting on ISSA’s behalf may create images, videos and/or sound recordings of me (“works”) at the event for marketing and/or educational purposes. For these purposes, the granting of rights in the works also includes the rights to adapt, reproduce, distribute, perform, making available to the public, broadcast, retransmit or sublicense the works to ISSA’s affiliates. The granting of rights in the works also includes all current and future media, goes beyond the repetition of an event and is not restricted to time or territory. View ISSA’s Privacy Policy >> https://www.issa.org/privacy-policy/. We strive to host inclusive, accessible events that enable all individuals, including individuals with disabilities to engage fully. If you require special accommodations, please email us at Board@ISSA-PS.org