Program Overview

Moderator: Katie Noble serves as a Director of PSIRT, Bug Bounty, and the Security Working Artifacts Team at Intel Corp. In her role, she leads the cybersecurity vulnerability Bug Bounty program, researcher outreach, and strategic planning efforts. Prior to joining Intel, Katie served as the Section Chief of Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA). Her team is credited with the coordination and public disclosure of 20,000+ cybersecurity vulnerabilities within a two-year period. During her government tenure, in roles spanning Intelligence Analyst for the National Intelligence Community to Senior Policy Advisor for White House led National Security Council Cyber programs, Katie’s work directly impacted decision making for government agencies in the United States, United Kingdom, Canada, and Australia.

Tonya Drummonds is the Director of the Security & Customer Trust at Dell Technologies. Her team is responsible for representing the corporate security rules, procedures, controls and compliance to industry standards to customers of Dell Technologies who require vendors to prove their sound security protocol before buying products or services.

Tonya previously managed Enterprise Information Security Governance after filling the role of strategist and leader of the Global Data Classification Program for over 8 years, ensuring that all structured and unstructured data is identified, classified for sensitivity and protected adequately. Her expertise covers security awareness programs, data owner accountability projects, data mapping and minimization which aligns to various global privacy regulation requirements. In her 25+ year career, she has contributed to the company’s focus on data security and has worked diligently to create a security culture, ensuring customer trust.

Lastly, Tonya served as the co-executive sponsor of Diversity & Inclusion for her security organization for the past 2.5 years. Her passion for creating a respectful and supportive workplace that is broadly representative of the customers and communities that Dell serves is contagious. She led several initiatives that showcase global cultures, diversity awareness campaigns, career development/retention programs and volunteer efforts. She enjoys mentoring/career coaching students and fellow professionals in technology and cybersecurity.

Manish Gaur (VMware) Manish Gaur is the Head of Product Security at VMware. He is responsible for the security of VMware's portfolio of software-defined, end-user, multi-cloud, and cloud-native infrastructure products and services. With an early focus on applied cryptography and network security, Manish's career spans from defensive to offensive security. He is passionate about building strong security teams that can combat current as well as future threats and adversaries.

Skip Mann is the driving force behind security advocacy efforts for Lenovo's global security enterprise. As the leader of this team, he is responsible for promoting and evolving Lenovo's commitment to security, with a particular focus on data privacy, infrastructure, product and service, supply chain, and physical security. His efforts ensure that Lenovo remains a trusted leader and enabler of intelligent transformation.

With more than 32 years of experience in the security profession, Skip has led risk management, cyber and physical security, business continuity, and critical infrastructure protection efforts at regional, national, and global levels. He has served in executive positions for 16 years, showcasing his transformational and collaborative leadership style, which has strengthened public and private organizations.

Skip is an organizational resilience thought leader, with a proven track record of building, mentoring, and energizing world-class teams. He is renowned for his ability to drive risk-focused convergence of security and continuity programs, making him a sought-after advisor and speaker on the topic.

Prior to joining Lenovo, Skip held executive positions at the US Department of Homeland Security's Transportation Security Administration, Catalysis Learning Alliance, and several US Department of Defense agencies, including United States European Command, the Central United States Registry, US Army Headquarters, and United States Africa Command.

Tania Ward is a Director within the Vulnerability Response, Community Enablement, and Customer Security Team at Dell Technologies. In this role, she oversees the Vulnerability Response Champions, Vulnerability Response Training, and Customer Security. Prior to this role, Tania has worked as a program manager within Dell Product Security Incident Response Team for just under 6 years. In that time, she revamped the vulnerability response program, instituted company-wide KPIs, and participated in a number of FIRST initiatives. She also participated in establishing the PSIRT and the Multi-Vendor Coordination frameworks from FIRST and participates in SAFECode. Tania is from Northern Ireland and graduated with a degree in Computer Science from the University of Aberystwyth, Wales. She moved to the United States in 1999 to join Microsoft where she spent just over 14 years working on a multitude of different products such as SQL Server, Windows Live, and Microsoft Office.

In this presentation, we discuss some of the practical challenges and considerations of the new CVSS v4 scoring standard. See v4 scores for the first time and hear guidance about best practices for analysts who may use the new metrics.

Dave Dugal oversees the design and development of CVSS as the FIRST CVSS SG Co-Chair and Principal Product Security Incident Manager with Juniper SIRT.

Nick Leali works as an Incident Manager with Cisco PSIRT and serves on the FIRST CVSS SIG, most recently working on the CVSS v4 Examples document.

Christopher Robinson (Intel, US) bio coming soon.

Ryan Love is a Technical Program Manager for Intel Corporation. Ryan has over twenty years of experience as an intelligence analyst and cybersecurity expert leading large information security programs focusing on cyber risk intelligence from across government, and commercial sectors. As a Technical Program Manager within Intel’s Product Security and Incident Response Team, Ryan leads a cross-functional team established to consume, analyze, coordinate, and proactively respond to relevant product security requirements through a structured approach across Intel.

Prior to Intel, Ryan had an extensive career in the US Government, working at the Departments of Defense and Homeland Security. Ryan then went on to work at Deloitte and FireEye-Mandiant, helping government and commercial clients navigate complex cyber risk and information security compliance environments.

Peter Allor (Red Hat, US) bio coming soon.

Dr. Allan Friedman is a Senior Advisor and Strategist at the U.S Cybersecurity and Infrastructure Security Agency (CISA). He is both a technologist and a policymaker with significant multi-stakeholder experience with topics like coordinated vulnerability disclosure and of course SBOM.

Art Manion is the Deputy Director of ANALYGENCE Labs where he and his team perform in-depth vulnerability analysis and coordinated vulnerability disclosure. He works closely with the (US) Cybersecurity and Infrastructure Security Agency (CISA).

Christine Gadsby is an accomplished Software Security Operations Executive highly regarded for strategically orchestrating product security programs, including SDLC capabilities, security communications, security research, automation and security tooling, risk mitigation strategies, and coordinated incident response. Her current primary focus at BlackBerry is secure software supply chain.

Dr. Lisa Bradley is the Senior Director of Product & Application Security at Dell Technologies focusing on Vulnerability Response, Customer Security and Community Enablement.

Juhi Ramani is a Consultant at Dell Technologies, Bangalore, India. Her specialization includes product and application security. She holds an MS in Software Engineering and has presented at various forums on a range of topics, including Proactive Security practices, Product and Application Security, Cyber awareness initiatives, Effective PSIRT and SDL Handshake.

Mini TT works with Dell Technologies, Bangalore, in the domain of embedded system security. She has experience in defence, semiconductors, consumer electronics, substation automation and industrial measurements. Her specialization is in cybersecurity, embedded systems, and system architecture. She holds an MTech in Embedded Systems from BITS Pilani, and a degree in Computer Science and Engineering from the University of Kerala. Currently, she is pursuing her PhD in embedded system security.

Peter Allor (Red Hat, US) bio coming soon.

Peter Allor is the Senior Director, Product Security for Red Hat. He is been instrumental in Red Hat’s secure development and incident response programs Red Hat and in upstream security groups such as CVE, CVSS, and PSIRTs. He focuses on developing solutions that integrate the full spectrum of security operations within an organizations domain in support of business.

Prior roles include Senior Director for security at Honeywell, Cybersecurity Strategist at BIM and managing vulnerability and incident coordination at IBM for the IBM X-Force. Prior to IBM acquiring Internet Security Systems (ISS), Peter was the Special Assistant to the CEO of ISS for working National Infrastructure Advisory Council (NIAC) problem sets and assisted in forming the Information Technology - Sector Coordinating Council (IT-SCC) where he recently returned to the Executive Committee and Treasurer. As the former Operations Center Director, he ran the Information Technology - Information Sharing & Analysis Center (IT-ISAC) operations and brought coordination across the sector ISACs.

Peter is a Member of the CVE Board, a former member Board of Director of the Forum of Incident Response and Security Teams (FIRST) and its Chief Financial Officer for FIRST. Peter was President to the Industry Consortium for Advancement of Security on the Internet (ICASI) and an Executive Committee Member of the IT Sector Coordinating Council (IT-SCC). A former Commissioner for the CSIS Cybersecurity Commission for the 44th Presidency, he assisted in developing recommendations for the Public and Private Sectors to work collaboratively on Cyber Security.

Peter is a retired Lieutenant Colonel from the US Army. He has Masters Degree from the University of Phoenix, a BS in Business Administration from Rollins College and is a Graduate of the US Army Command & General Staff College.