Speaker:
Jason Ortiz
Finite State

Abstract: To secure connected products, developers and manufacturers must use tools and processes that are purpose built to analyze the complex binaries found within connected devices and embedded systems. Beyond the capabilities of traditional security tooling, dedicated product security (software supply chain security) tools must run in the specialized languages, systems, and deployment cycles for these connected devices. In this talk hosted by Finite State's Jason Ortiz, we will examine where traditional security falls short in analyzing the composition of a device, detecting its vulnerabilities, assessing the severity of those vulnerabilities, prioritizing and conducting response actions. In this session, you will learn how traditional tools can’t always see the opaque threats that live inside connected devices, explore Software Bill of Materials (SBOMs) and how to generate them, and discover how to build a product security strategy that leads to more secure products and software supply chains.

About: Jason Ortiz is Engineering Manager at Finite State and has over 10 years of experience in the US Intel Community and more than five years in commercial cyber security services. In his role, Jason leads the team that develops necessary interfaces between the Finite State Platform and data for use by customers and partners in their business context. Jason is also President of the Indiana InfraGard Members Alliance, a partnership between the FBI and the private sector that facilitates public-private collaboration and information sharing, and a proud Boiler alum!

The weekly security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics. More info