3rd Party Risk Management , Governance & Risk Management , Video

Shedding New Light on Software Visibility in the Age of SBOM

Center for Internet Security CISO on 'Transitional' State of Software Supply Chain
Sean Atkinson, CISO, Center for Internet Security

It has been two years since President Joe Biden issued a cybersecurity executive order warning vendors that they will be required to submit a software bill of materials to do business with the federal government. But a number of organizations are still not ready for SBOM, warned Sean Atkinson, CISO of the Center for Internet Security.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

With the government set to send out the first SBOM attestation requests this year, the industry is in a "transitional state of supply chain management," he said. Some organizations want to make sure that if they provide the appropriate transparency - including open-source software components - adversaries won't be able to use it against them in cyberattacks (see: Zero Trust: Lessons Learned and Lessons Identified).

"It's very, very difficult because we have such a vast, expansive system, and not everybody thinks about vendor risk management in the same way. It's trying to get everybody to that same level of tolerance," he said.

In this video interview with Information Security Media Group, Atkinson discussed:

  • The state of third-party risk management;
  • Advice for effective inventory management;
  • Tools to monitor and manage vendors and partners.

Atkinson uses his broad cybersecurity expertise to direct strategy, operations and policy to protect the Center for Internet Security's enterprise of information assets. His responsibilities include risk management, communications, applications and infrastructure. Prior to CIS, he served as global information security compliance officer for GlobalFoundries. Prior to that, he led the security implementation for New York's statewide financial system.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.