Supply Chain Management – Doug Barbin – ASW #147
Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components.
Additional resources: - National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month - SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template - CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Doug Barbin is managing principal and firm-wide cybersecurity and compliance services leader where he spends most of his time developing, launching, managing, and adapting Schellman’s attestation, compliance, and certification offerings. As such, he is privileged to work with many of the world’s leading cloud computing, federal, FinTech, healthcare, AI, and security provider clients. Doug has more than 23 years’ experience and maintains multiple CPA licenses, along with CISSP, CIPP, ISO 27001 Lead Auditor, and QSA certifications. He is very active in industry organizations and regularly speaks and teaches on cloud security, AI, FedRAMP, and other compliance frameworks.