In this episode of CyberOXtales Podcast, host Neatsun Ziv, CEO of OX Security, interviews Amy Chaney, a financial services senior risk executive, about her experience handling the Log4j vulnerability event while working at JPMorgan Chase and Company. Amy provides insights into the environment she worked in at the time and explains the severity and impact of Log4j. She discusses the steps taken to handle the event, including inventorying systems, creating a centralized war room, and disseminating information to various teams. Amy emphasizes the importance of modernization, automation, and agility in preparing for and responding to such events. She also highlights the need for a strong security posture and collaboration across teams to effectively manage and mitigate risks.
About Our Guest:
Amy Chaney is a financial services senior risk executive with over 25 years of experience in the industry. She has served in leadership roles across multiple domains and has worked at JPMorgan Chase and Company, a large and complex financial services firm. Amy has a strong background in risk management and has expertise in navigating complex environments and managing critical vulnerabilities.
Key Takeaways:
- The Log4j vulnerability, also known as Log4Shell, was a critical vulnerability discovered in the logging mechanism from Apache. It had widespread use and was easy to exploit, requiring no authentication. The severity of the vulnerability prompted immediate action from organizations globally.
- Building a centralized war room and establishing a drumbeat of communication and coordination is crucial in managing and responding to a large-scale event like the Log4j vulnerability. This ensures that the right information is disseminated, actions are prioritized, and progress is tracked.
- Having an accurate inventory of systems and applications is essential for understanding the scope of the vulnerability and prioritizing remediation efforts. This includes not only internal systems but also third-party and vendor networks.
- Modernization and automation play a significant role in effectively responding to vulnerabilities. By automating upgrades and patches, organizations can reduce the reliance on manual processes and minimize the risk of human error.
- Collaboration and teamwork are key in managing and mitigating risks. By bringing together different teams, including security, risk, legal, and business units, organizations can leverage diverse expertise and ensure a coordinated response.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!