Reimagining a robust supply chain security architecture

Global supply chains are undergoing massive strains in 2024 due to geopolitical conflicts, rapid technological evolution and regulatory changes that pose challenges to organizations irrespective of the industries they operate in. The extended supply chain for hardware suppliers and service providers spans several countries and continents while the sprawl of software components and open-source projects further increase the sophisticated nature of supply chain attacks. Another internal challenge for organizations is the governance and ownership of supply chain security which is usually shared amongst security, procurement and legal teams. Securing the supply chain and ensuring uninterrupted business operations have become top of mind for business and security leaders in their day-to-day job responsibilities.

So how can global organizations protect their supply chains from cyber criminals targeting them, suppliers and third-party vendors with whom they have dependencies, counterfeit products from being introduced and software supply chain vulnerabilities from impacting downstream organizations. This talk will focus on a step-by-step approach to build a supply chain security architecture and focus on three key components: hardware supply chain, software supply chain and service provider supply chain. An evaluation of the current state of each of these layers and the components needed to make them more robust will be presented so audience members can apply it within their own organizations.

In this interactive session, we will discuss a real-life case study of a Canadian multinational financial services company where the challenge was to securely manage the organization’s supply chain across the 36 countries it was operating in. For this organization, we leveraged and applied architectural principles to build in traceability from the key business objectives of the executive stakeholders to the specific security services, mechanisms, and components that every security and procurement teams needed to incorporate to secure their supply chain. These security components were utilized to build a supply chain architecture that weaved in governance for the security and procurement teams involved. The result is an adaptable security architecture that is used by security teams as well as business objectives that matter to the CEO and Board.

Pradeep Sekar – Optiv Security Inc.

Pradeep Sekar is a seasoned cyber security leader who has worked closely with and guided Fortune 100 and Fortune 500 Chief Information Security Officers (CISO), Chief Information Officers (CIO) and their teams across various industries on developing and sustaining a secure, adaptive and robust cyber security program. His unique expertise includes the delivery of innovative cyber strategy solutions and benchmarking insights for global organizations as they look to transform their cyber programs.​

He is currently a Managing Director with Optiv Security Inc. where he leads the Strategy & Risk Management Services. He is also the leader for the ‘Security in Mergers & Acquisitions’ offering which advises and supports clients with conducting security due-diligence efforts and enhancing the security posture of the combined entity in the merger or acquisition transaction.

He is a member of the Economic Times India Leadership Council, which is an exclusive peer group forum of Heads of Businesses from Corporations representing all Indian industries and aims to work towards the end goal of transforming India’s business ecosystem through deliberations and candid exchange of ideas, setting macro agenda for scaling up businesses and driving change that would have a positive impact on business and the overall economy.

He has published thought leadership around security governance, threat profile and risk assessments in industry publications such as ISACA journal as well as on Optiv website (www.optiv.com). He has presented at the IIA/ISACA 9 th Annual Hacker conference in Chicago, US; ISACA Annual Karnataka conference in Bangalore, India; and ISC2 Bangalore chapter conference.