Below the Surface (Audio) - The Supply Chain Security Podcast
Eclypsium
A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential solutions.
Get the Supply Chain Security Toolkit from Eclypsium here: https://eclypsium.com/go
Get the Supply Chain Security Toolkit from Eclypsium here: https://eclypsium.com/go
Episodes
Mentioned books
Jul 31, 2024 • 56min
The Known Exploited Vulnerability catalogue, aka the KEV - Tod Beardsley - BTS #35
Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley. Learn how KEV was created, where the data comes from, and how you should use it in your environment. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Resource: https://cisa.gov/kev Show Notes: https://securityweekly.com/bts-35
Jul 17, 2024 • 60min
EPSS - The Exploit Prediction Scoring System - Jay Jacobs, Wade Baker - BTS #34
Jay Jacobs Co-Founder and Data Scientist and Wade Baker Co-Founder; Data Storyteller from The Cyentia Institute come on the show to talk about The Exploit Prediction Scoring System (EPSS). This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-34
Jul 3, 2024 • 53min
Securing OT Environments - Dr. Ed Harris - BTS #33
Ed Harris joins us to discuss how to secure OT environments, implement effective air gaps, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-33
Jun 19, 2024 • 53min
Mitre ATT&CK - Adam Pennington - BTS #32
We discuss the various aspects of Mitre Att&ck, including tools, techniques, supply chain aspects, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-32
Jun 5, 2024 • 1h 3min
Managing Complex Digital Supply Chains - Cassie Crossley - BTS #31
Cassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product company. We will tackle topics such as software supply chain management, SBOMs, third-party supply chain challenges, asset management, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-31
May 22, 2024 • 55min
Systems Of Trust - Robert Martin - BTS #30
Bob Martin comes on the show to discuss systems of trust, supply chain security and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-30
May 8, 2024 • 1h 6min
Supply Chains, Firmware, And Patching - Jason Kikta - BTS #29
Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-29
Apr 24, 2024 • 56min
5G Hackathons - Casey Ellis - BTS #28
Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-28
Apr 10, 2024 • 50min
Governance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27
In this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Alan Alford. Specifically, we discuss: The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework. The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security. Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs. The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities. International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures. Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently. Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management. (00:00) - Digital Supply Chain Governance Compliance (14:08) - EU Regulations on Data Security (21:38) - Responsibility of Vendors in Open Source (27:49) - Supply Chain Risk Management Program Advice (39:01) - Automating Software Inventory and Security This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more! Show Notes: https://securityweekly.com/bts-27
Mar 27, 2024 • 54min
What We Don't Know Will Hurt Us - Cheryl Biswas - BTS #26
Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the attack surface and working to fix the wide variety of digital supply chain issues we have today. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-26
