Cybersecurity and Supply Chain Risk Management: Best Practices for Procurement
This talk will explore the cybersecurity concerns connected to third-party suppliers and supply chain management, and it will offer advice on how to put successful procurement plans that put security first into practice. Participants will learn about the best methods for reducing the risk of cybersecurity breaches brought on by outside vendors and controlling supply chain risk.
Touhid Shaikh is a cybersecurity professional with over 6 years of experience in managing security risks for organizations. He has a strong background in security auditing, vulnerability assessments, and penetration testing. Touhid has also contributed to the exploits development of the Metasploit Framework, and is the author of PFSense on CIS benchmark.
Touhid has extensive experience in bug bounty programs, having successfully identified vulnerabilities in major companies such as Apple, OnePlus, Netgear, TP-Link, Arlo, and Synology. His expertise in identifying and exploiting vulnerabilities has helped organizations to strengthen their cybersecurity defenses and protect against potential threats.
Touhid is also an accomplished author and has contributed to the development of security benchmarks such as the PFSense on CIS benchmark. He is passionate about sharing his knowledge and expertise in cybersecurity with others and has conducted several training sessions and workshops on various topics, including web application security and network security.
Touhid holds a Bachelor's degree in Information Technology from Mumbai University. He has also earned several industry certifications, including the Certified OffSec Certified Expert (OSCE), CREST Registered Penetration Tester, and Offensive Security Certified Professional (OSCP).
In his free time, Touhid enjoys staying up-to-date with the latest cybersecurity trends and emerging technologies, and is committed to continuing his professional development in the field.
Supply chain risk management has become a critical aspect of cybersecurity, as more organizations rely on third-party vendors for products and services. In this talk, we will explore the risks associated with third-party vendors and supply chain management, and provide guidance on how to implement effective procurement strategies that prioritize security.
We will go through the significance of evaluating the cybersecurity risks connected to third-party vendors and the crucial elements to take into account when considering possible providers. We will also look at the various frameworks and methods available for controlling supply chain risk, such as the ISO 27001 standard and the NIST Cybersecurity Framework.