3rd Party Risk Management , Governance & Risk Management , Standards, Regulations & Compliance

Proof of Concept: Managing Software Supply Chain Woes

Also: Lessons Learned From the MOVEit Breaches; Tools for Managing SBOMs
Clockwise, from top left: Anna Delaney, Mike Baker, Chris Hughes and Tom Field

In the latest "Proof of Concept," Mike Baker, vice president and IT CISO at DXC Technology and a CyberEdBoard member, and Chris Hughes, co-founder and CISO at Aquia, explore the state of the software supply chain, the MOVEit breaches and the role of SBOMs and transparency in software development.

See Also: Cyber Insurance Assessment Readiness Checklist

Baker and Hughes joined Anna Delaney, director, productions, ISMG, and Tom Field, senior vice president, editorial, ISMG, to discuss:

  • The state of software supply chain security and the steps organizations should take to build SBOMs into their pipelines;
  • The challenges security leaders face in adopting secure software development frameworks or validating products to adhere to those frameworks;
  • The top software transparency predictions for the next 12 to 18 months.

Baker manages a team of professionals across internal cyber operations, network defense, policy, awareness, incident response, threat intelligence, secure architecture and reputational protection. He has over 20 years of experience in leadership, talent development, risk management, audit and compliance serving as CISO in the aerospace and defense industry and consulting with a variety of other clients. Baker also serves as a member of the Cybersecurity Maturity Model Certification Accreditation Body Industry Advisory Group.

Hughes has nearly 20 years of IT and cybersecurity experience and is the author of "Software Transparency: Supply Chain Security in an Era of a Software-Driven Society." He served on active duty with the U.S. Air Force and as a civil servant with the U.S. Navy and General Services Administration/FedRAMP. He also spent time as a consultant in the private sector. Hughes serves as an adjunct professor for cybersecurity programs at Capitol Technology University and University of Maryland Global Campus and co-hosts the "Resilient Cyber" podcast.

Don't miss our previous installments of "Proof of Concept", including the Oct. 17, 2022 edition on California's first consumer privacy fine and the March 15, 2023 edition on whether the new U.S. cyber strategy is really viable.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.