Live from BlackHat 2025 in blazing-hot Las Vegas, Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity’s most pressing threats: the software supply chain.
In this exclusive interview, Theresa shares fresh insights from LevelBlue’s global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere.
What is the software supply chain? Why are empty packages flooding open-source repositories? What’s the real cost of depending on ChatGPT to write your code? Why visibility into your supply chain directly correlates with breach prevention?
This episode is a must-watch for developers, CISOs, and anyone building or securing modern software. Learn how to protect your organization with supply chain visibility, strong S-BOM practices, and a return to solid software engineering fundamentals.
Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research.
- 0:00 - Live from BlackHat 2025 in Las Vegas
- 0:40 - What is the software supply chain?
- 01:58 - Doug’s early fears and real-world coding experiences
- 03:21 - 3 drivers of the software supply chain crisis
- 05:17 - The rise of AI-generated code and dependency overload
- 06:25 - Human oversight vs. AI: The risks of unchecked modules
- 07:45 - Why visibility matters: Supply chain breaches by the numbers
- 09:25 - Understanding the importance of a Software Bill of Materials (S-BOM)
- 11:22 - Vibe coding: A growing threat to secure development
- 13:28 - The return of QA and software engineering fundamentals
- 15:27 - Final advice: How to secure your software supply chain
Theresa Lanowitz is a globally recognized cybersecurity leader, former Gartner analyst, and former Chief Cybersecurity Evangelist with AT&T Cybersecurity and LevelBlue.
She is the creator of Executive-led Growth, a strategy that emphasizes the importance of business understanding in the cybersecurity market.
With a distinguished career in the technology industry, Theresa has held influential roles at companies including Gartner, Borland, Taligent, and Sun Microsystems, significantly impacting application security and emerging technologies.
Theresa is a globally respected leader known for her deep and diverse experience in cybersecurity. She frequently speaks at major industry conferences, including RSA and Black Hat sharing her insights on market trends, AI integration, and the evolving threat landscape. She’s been published in Forbes, Dark Reading, SC Media, ISMG, InformationWeek, and more, with her contributions reflecting a deep commitment to advancing cybersecurity practices and fostering innovation within the industry.
Theresa holds a Bachelor of Science in Computer Science from the University of Pittsburgh, Pittsburgh, PA.
