Below the Surface: The Supply Chain Security Podcast

Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things".

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

In this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Alan Alford. Specifically, we discuss:

• The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework.
• The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security.
• Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs.
• The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities.
• International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures.
• Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently.

• Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management.

• (00:00) - Digital Supply Chain Governance Compliance

• (14:08) - EU Regulations on Data Security

• (21:38) - Responsibility of Vendors in Open Source

• (27:49) - Supply Chain Risk Management Program Advice

• (39:01) - Automating Software Inventory and Security

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more!

Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how best to deal with them.

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Short of ripping everything apart (hardware and software) and inspecting the components, which is very time-consuming, how do we solve the visibility gap in various supply chains? Dr. Olga Livingston from CISA joins us to discuss!

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

We sit down with the father of the SBOM, Allan Friedman, to discuss examples of where we really need SBOMs, how to operationalize SBOMs, and how to identify and deal with bad things that may be in your SBOM! CISA's resources on SBOM are at cisa.gov/SBOM and anyone can find out more or ask for a meeting at [email protected]

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

We talk about Supply Chain Risk Management in the context of the cloud and US federal government with David Vaughn.

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

In this episode, we have the privilege of sitting down with renowned security expert Joe Hall to discuss three critical facets of modern cybersecurity: network device security, supply chain threats, and lateral movement. Join us as Joe Hall shares his wealth of knowledge and experience, unraveling the complexities of network device security, the invisible gatekeepers of our digital lives. Discover the vulnerabilities that hackers exploit and the strategies to fortify your network defenses.

In this episode, we delve into the dynamic world of supply chain security, recapping the significant developments of the past year. Join us as we explore the evolution of offensive security, defensive landscapes, and the key actors shaping the cybersecurity landscape. Our featured guest, Tyler Robinson, Founder and CEO of Dark Element, brings a wealth of expertise to the discussion. With a deep understanding of cybersecurity and a track record of innovation, Tyler provides valuable insights into what these trends mean for companies, supply chains, governments, and geopolitics.

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply chain security, and more!

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researcher at Intel Corporation. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk. Since then Eclypsium has been on a mission to protect devices from supply chain risks.

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!