3rd Party Risk Management
,
Governance & Risk Management
,
Standards, Regulations & Compliance
Also: Lessons Learned From the MOVEit Breaches; Tools for Managing SBOMs
In the latest “Proof of Concept,” Mike Baker, vice president and IT CISO at DXC Technology and a CyberEdBoard member, and Chris Hughes, co-founder and CISO at Aquia, explore the state of the software supply chain, the MOVEit breaches and the role of SBOMs and transparency in software development.
See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense
Baker and Hughes joined Anna Delaney, director, productions, ISMG, and Tom Field, senior vice president, editorial, ISMG, to discuss:
- The state of software supply chain security and the steps organizations should take to build SBOMs into their pipelines;
- The challenges security leaders face in adopting secure software development frameworks or validating products to adhere to those frameworks;
- The top software transparency predictions for the next 12 to 18 months.
Baker manages a team of professionals across internal cyber operations, network defense, policy, awareness, incident response, threat intelligence, secure architecture and reputational protection. He has over 20 years of experience in leadership, talent development, risk management, audit and compliance serving as CISO in the aerospace and defense industry and consulting with a variety of other clients. Baker also serves as a member of the Cybersecurity Maturity Model Certification Accreditation Body Industry Advisory Group.
Hughes has nearly 20 years of IT and cybersecurity experience and is the author of “Software Transparency: Supply Chain Security in an Era of a Software-Driven Society.” He served on active duty with the U.S. Air Force and as a civil servant with the U.S. Navy and General Services Administration/FedRAMP. He also spent time as a consultant in the private sector. Hughes serves as an adjunct professor for cybersecurity programs at Capitol Technology University and University of Maryland Global Campus and co-hosts the “Resilient Cyber” podcast.
Don’t miss our previous installments of “Proof of Concept”, including the Oct. 17, 2022 edition on California’s first consumer privacy fine and the March 15, 2023 edition on whether the new U.S. cyber strategy is really viable.