DevOps, Threat modeling

Supply Chain Management – Doug Barbin – ASW #147

April 19, 2021

Supply chain security isn’t new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others’ components.

Additional resources:
- National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month
- SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template
- CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Supply Chain Management

Guests

Doug Barbin

Doug Barbin - Managing Partner at Schellman & Company, LLC

@DougBarbin

Doug Barbin is managing principal and firm-wide cybersecurity and compliance services leader where he spends most of his time developing, launching, managing, and adapting Schellman's attestation, compliance, and certification offerings. As such, he is privileged to work with many of the world's leading cloud computing, federal, FinTech, healthcare, AI, and security provider clients. Doug has more than 23 years’ experience and maintains multiple CPA licenses, along with CISSP, CIPP, ISO 27001 Lead Auditor, and QSA certifications. He is very active in industry organizations and regularly speaks and teaches on cloud security, AI, FedRAMP, and other compliance frameworks.

Hosts

John Kinsella

John Kinsella - Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema - Product Security Lead at Square

@Codexatron

Mike Shema is the Product Security Lead of Square

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for & prevent modern ransomware attacks! Our next technical training will be on May 6th at 11am ET. This technical training webcast will explore common misconfigurations of NGINX, the damage they could do, and how to avoid them. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

prestitial ad