3rd Party Risk Management , Application Security , Business Continuity Management / Disaster Recovery
CISO Playbook: Dawn Cappelli on Mitigating Log4j Zero-DayRockwell Automation CISO Shares Lessons Learned from Triage, Response
Like CISOs everywhere, Dawn Cappelli of Rockwell Automation awoke last Friday to news about the Log4j vulnerability and the risk it posed to her company, customers and partners. Here is how she approached triage, response and capturing insights to be shared with other security leaders.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
In this video interview with Information Security Media Group, Cappelli, VP and CISO at Rockwell Automation, discusses:
- How she approached the first 24 hours of Log4j mitigation;
- Strategies for communicating with customers and partners;
- The "unknown unknown" that still concerns her about adversaries looking to exploit this vulnerability.
Cappelli is vice president and chief information security officer at Rockwell Automation. She joined Rockwell from Carnegie Mellon University, where she was founder and director of the CERT Insider Threat Center. She is recognized as one of the world's leaders in insider threat mitigation and has worked with government and industry leaders on national strategy issues.