SOC, Training, Security Research

SCW #74

May 25, 2021



What is SBOM?
Who needs to think about this?
Is this required today, and what might the future of compliance look like?
What is in the recent EO?

Segment Resources:

ntia.gov/SBOM Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

SBOM, Part 1

Guests

Allan Friedman

Allan Friedman – Director of Cybersecurity Initiatives at NTIA (National Telecommunication and Information Administration) US Dept of Commerce

@allanfriedman

Dr. Allan Friedman is Director of Cybersecurity at the National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA’s multi-stakeholder processes on cybersecurity, convening cross-sector working groups with a focus on resilience in a vulnerable ecosystem. This has included pioneering government engagement on coordinated vulnerability disclosure, IoT security, and software component transparency. Prior to joining the Federal government, Friedman spent over 15 years as a noted cybersecurity and tech policy scholar at Harvard’s Computer Science Department, the Brookings Institution and George Washington University’s Engineering School. He is the co-author of the popular text Cybersecurity and Cyberwar: What Everyone Needs to Know, has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University.

Hosts

Jeff Man

Jeff Man – #HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

@MrJeffMan

Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Josh Marpet

Josh Marpet – COO at Red Lion

@quadling

COO of Red Lion
IANS Faculty
Blockchain Patent Holder
MISTI Instructor
Entrepreneurship Curmudgeon
Board Member BSidesDE
Board Member BSidesDC
Ex-cop and Fireman

Liam Downward

Liam Downward – CEO at CYRISMA

Liam started his career in 1998 in Dublin, Ireland and each year brought new challenges and with this where my passion of Information Security grew. In 2018, he saw that Cyber Security was becoming more complex and organizations would rather ignore risks as their budgets could not afford solutions to protect their data and CYRISMA was born.

Scott Lyons

Scott Lyons – CEO at Red Lion

@Csp3r

CEO at Red Lion

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!



What is SBOM?
Who needs to think about this?
Is this required today, and what might the future of compliance look like?
What is in the recent EO?

Segment Resources:

ntia.gov/SBOM Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

SBOM, Part 2

Guests

Allan Friedman

Allan Friedman – Director of Cybersecurity Initiatives at NTIA (National Telecommunication and Information Administration) US Dept of Commerce

@allanfriedman

Dr. Allan Friedman is Director of Cybersecurity at the National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA’s multi-stakeholder processes on cybersecurity, convening cross-sector working groups with a focus on resilience in a vulnerable ecosystem. This has included pioneering government engagement on coordinated vulnerability disclosure, IoT security, and software component transparency. Prior to joining the Federal government, Friedman spent over 15 years as a noted cybersecurity and tech policy scholar at Harvard’s Computer Science Department, the Brookings Institution and George Washington University’s Engineering School. He is the co-author of the popular text Cybersecurity and Cyberwar: What Everyone Needs to Know, has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University.

Hosts

Jeff Man

Jeff Man – #HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

@MrJeffMan

Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Josh Marpet

Josh Marpet – COO at Red Lion

@quadling

COO of Red Lion
IANS Faculty
Blockchain Patent Holder
MISTI Instructor
Entrepreneurship Curmudgeon
Board Member BSidesDE
Board Member BSidesDC
Ex-cop and Fireman

Liam Downward

Liam Downward – CEO at CYRISMA

Liam started his career in 1998 in Dublin, Ireland and each year brought new challenges and with this where my passion of Information Security grew. In 2018, he saw that Cyber Security was becoming more complex and organizations would rather ignore risks as their budgets could not afford solutions to protect their data and CYRISMA was born.

Scott Lyons

Scott Lyons – CEO at Red Lion

@Csp3r

CEO at Red Lion

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • In our May 27th webcast at 11am ET, we’ll explore the latest attacks against DNS and the latest techniques that make it possible to discover and disrupt attacks. In our June 3 webcast at 11am ET, you will learn about pen testing tools and why every organization should be using them regularly. Then join us June 10 at 11am ET for our webcast on insider risk to learn how to quickly mitigate data exposure risks. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

prestitial ad